If this were a live FonBar, you would log in to the hotspot through the form above.
 

Why have so many Foneros abandoned Fon?

April 4, 2008

Fon President Martin Varsavsky has posted an adorable leetle survey on his blog today. Either he has no idea why Fon is failing under his leadership, or else he knows, and won’t list those reasons because he has no intention of fixing them.

The reason most Foneros have quit Fon is due to anemic equipment and firmware imposed upon them, and the culture of dishonesty in Fon’s press releases and business practices.

After promising to give us firmware which supported dual-SSIDs, Fon switches the bait and presents us with their proprietary, locked-down 1-port router with this feature. No dual-SSID for us Linksys and Buffalo Foneros. It’s just as well, because it turns out that many wifi adapters can’t cope with the little transmission trick that produces two SSIDs.

People with pre-existing home networks discover that they can’t access their LAN resources, even when using the private WLAN. There is no “bridge to WAN” feature. This device *looks* like an AP, but is instead a NAT router. This is one of the main reasons people abandoned Fon. They didn’t want to *start* a network. They needed to *expand* one (and on a budget).

This little overheating brick had WDS meshing built-in at first, but this was undocumented. Hackers learned to use it to aquire an Internet connection without paying or logging in. Fon quickly took WDS out, and has still never admitted it existed. Pres. V pontificates in his blog that the range-extending Fontenna (he sells) is superior to connection-relaying meshing, despite the poor performance of said Fontenna. He should have instead sold us a kit to mount the router outside, with an embedded booster antenna and PoE adapter.

Nearly two years later, La Fonera still doesn’t support MAC cloning, which is such a trivial feature to add. It is necessary for modems/ISPs which lock your service to your WAN MAC. This is another big reason people abandoned Fon- they never got it connected to the Internet. This feature wouldn’t even threaten the sales of additional Fon hardware. :(

Instead of improving the La Fonera firmware (except to rush out patches to keep people from aquiring better access to their device and developing new features), Fon spends R&D on further routers: Want one precious LAN jack? Buy the new router, at twice the price of the old one! This is surely why they don’t give us WAN bridge in the original La Fonera for free.

What would Foneros really prefer that Fon focus their attention on? Bringing the feature set of the router at least up to the point of every other cheap router on the market, nurturing and empowering the creative community that has built up around Fon, and showing some real progress for a change. Instead, here is “La Fonera Orwellian Name”, for $100, which lets you download free bittorrents of Fearless Leader’s video clips. Ugh.

“Buy thees Skype phone and make calls for free at any Fon hotspot in the world!” they said. Well, sure- if you had the encryption key for all of those Fonero’s private networks. The darn thing wasn’t able to log in through Fon’s public hotspot, until many months later, when a firmware patch was provided. Calls were then free if they were Skype-to-Skype, or you were spending the included “free” 20 trial Skypeout minutes. Skype pulled the ads down. Ugh.

“We split the profits 50-50!”. An outright lie. First, Fon takes unspecified “fees and taxes” out, then splits what is left. Fon refuses to itemize this amount, which varies from country to country and depends on the ISP, so there is no way to tell if they are paying you fairly. Fon only pays Bills if their hotspot is the Point Of Sale for day passes, not for bandwidth, length of wifi sessions, or number of customers. If paid-up customers wander over to his hotspot, Bills get nothing for the service he provides.

Fon’s price per day is quite reasonable when compared to other for-pay mobile Internet services. However, wifi is free in virtually every coffee shop in the USA, many restaurants and libraries, and provided by many municipalities throughout the city centers. Fon won’t budge on the price, or add something to make their service more desireable than free wifi, like VPN encryption.

Fon’s system mimics other “instant hotspot in-a-box” offerings, but these competitors are offering more flexible terms in setting prices and managing equipment. The competitors let you have control of your Internet connection, your router, and the appearance of your hotspot to the public. Fon pretends that they do too, but in reality, you have almost no control over what they clearly consider to be *their* router, and *their* hotspot.

It’s been obvious in recent months that Fon is fading away. Varsavsky spends his time supporting side projects, which have nothing to do with wifi (Mexican Wave, Fon URL Sortener, and several ways to abuse Gmail), and writing bizzare articles in his Fon Blog. Varsavsky recently dumped much of his Fon stock.

Fortunately, there is a thriving community of hackers who still develop improvements for La Fonera wifi routers. If a Fonero is willing to void his router’s warranty, he can have his MAC cloning, WAN bridge and much more. While they can do nothing about Fon’s awful profit-sharing, the routers themselves can even be flashed with entirely different firmware, and be used with other wifi networks, or even liberated entirely, including features usually found only in very expensive equipment.

There are so many other points, I could write volumes. Please visit Varsavsky’s blog, and instead of taking his survey, leave him comments which surely will fall outside his carefully selected choices.

UPDATE: Y’all will find this very interesting. Martin approved another round of comments to that post in his blog. While he approved a comment I made under a fake name, he did not approve a more coherent comment I made, as myself, discussing the exact same points, somewhat earlier that day. This is not proper management of his blog, this is censorship of those whom he dislikes. What a skunk!


Flashing La Fonera over Serial Port

February 8, 2008

Here are instructions for restoring your FON firmware entirely through the serial connector. Most instructions which i’ve seen on the web assume that you have telnet over Ethernet access to Redboot, which is a chicken and egg problem!

EDIT: ChrisPHL points out that I can enable telnet over Ethernet before I even init or flash any firmware by using the RedBoot FCONFIG command: FreeWLAN.info. So why follow this tutorial? While serial console may be slower than uploading via Ethernet, you’ll save time because you won’t need to set up TFTP server, manually configure TCP/IP, rearrange cords, change cords back, reconfigure DHCP, etc.

This tutorial worked just fine for my La Fonera 1.0 (FON2100). If you have the La Fonera 1.1 (FON2200), 1.5 (FON2201), or 2.0 (FON2202), you may find that telnet over Ethernet is allready enabled! One reader has informed me that his newer FON2200 seems to have an *older* version of RedBoot (V1.00 – built 10:37:27, Dec 12 2006) installed on it than mine (V1.3.0), and that the memory range begins at a different address. If this tutorial doesn’t seem to do the trick, try k0k0′s German tutorial, which uses different addresses starting with the second ‘load’ command. FON2201 and FON2202 use different firmware and are based on yet another circuit board. They will certainly require different load addresses.

It is possible to transfer the files using XMODEM or YMODEM if you use a terminal emulator like HyperTerminal. ZMODEM would be even faster and more accurate, but I was unable to get that to work. When I used HyperTerminal, I am pretty sure I used hardware handshaking, but k0k0, administrator of FreeWLAN’s forums recommends setting this to NO handshaking. This may be necessary if you can receive text from the serial port, but cannot get it to respond to keystrokes.

The two firmware files, rootfs.squashfs and kernel.lzma were aquired from this archive, and are stored on my local hard drive. I did not set up a TFTP or web server, as that would require a network connection, and is again, a chicken and the egg problem. :wink:

To start with, I have built a working serial voltage adapter, as seen in my previous post, interrupted the bootup with CTL-C, and executed the following commands in Redboot:

1) RedBoot> baudrate 115200 (much faster connection, but I needed to close and restart HyperTerminal using the new speed)

2) RedBoot> fis init -f (this deletes all of the onboard firmware!)

typical response from RedBoot:
About to initialize [format] FLASH image system – continue (y/n)? y
*** Initialize FLASH Image System
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0x80ff0000-0×81000000 at 0xa87e0000: .

The following commands and memory addresses are taken directly from the DD-WRT tutorial on “Reflashing LaFonera original firmware“, except that i’ve gotten the files I need by other means, and i’ve adjusted the commands for using YMODEM over the serial console instead of TFTP server at a fixed IP. You may use XMODEM if you choose instead, but it is a bit slower. If you must use XMODEM, and it will not start, try switching your terminal emulator from hardware handshaking to XON/XOFF – or vice-versa.

3) RedBoot> load -r -m ymodem rootfs.squashfs -b 0×80040450

typical response from RedBoot:
CCCCRaw file loaded 0×80040450-0x801c044f, assumed entry at 0×80040450
xyzModem – CRC mode, 2(SOH)/1536(STX)/0(CAN) packets, 6 retries

Whew! That was fun! I haven’t used YMODEM since the early 1980′s! As you see “xyzModem” implies that ZMODEM is supported, but the command “-m ZMODEM” is rejected by RedBoot. YMODEM and XMODEM may sit idle for a while before they start transferring. Be patient. :lol:

4) RedBoot> fis create -b 0×80040450 -f 0xA8030000 -l 0×00700000 -e 0×00000000 rootfs

typical response from RedBoot: (THIS CAN TAKE A LONG TIME!)
… Erase from 0xa8030000-0xa8730000: ……………………………………
…………………………………………………………….
… Program from 0×80040450-0×80740450 at 0xa8030000: ……………………..
……………………………………………………………………..
……
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0x80ff0000-0×81000000 at 0xa87e0000: .

5) RedBoot> load -r -m ymodem -b %{FREEMEMLO} kernel.lzma

typical response from RedBoot:
CCRaw file loaded 0×80040800-0x800c07ff, assumed entry at 0×80040800
xyzModem – CRC mode, 2(SOH)/512(STX)/0(CAN) packets, 4 retries

6) RedBoot> fis create -r 0×80041000 -e 0×80041000 vmlinux.bin.l7

typical response from RedBoot:
… Erase from 0xa8730000-0xa87b0000: ……..
… Program from 0×80040800-0x800c0800 at 0xa8730000: ……..
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0x80ff0000-0×81000000 at 0xa87e0000: .

7) RedBoot> fis load -l vmlinux.bin.l7

typical response from RedBoot (after a really long pause):
Image loaded from 0×80041000-0x801ba000

8) RedBoot> exec

typical response from RedBoot:
Now booting linux kernel:
Base address 0×80030000 Entry 0×80041000
Cmdline

At this point the serial connection froze. I powercycled La Fonera and observed Redboot come up, and then the serial connection froze again shortly after stating that it was booting the linux kernel… but Wireless Connection Manager showed that MyPlace had been created and I was able to access the onboard web admin. The router is now factory-fresh, circa firmware version 0.7.1 r1! 8)

Next, i’ll leave the Ethernet disconnected, and configure the fonware over a wifi connection to load FreeWLAN. Once that is working, then i’ll install the CAMICIA modified bootloader over SSH *before* I begin experimenting with configuration changes again. ;)

EDIT: The following page of RedBoot Command Line Options helped me a lot in making this tutorial: AdvancedRelay


Building a Cable to Debrick La Fonera WIFI Router

February 8, 2008

Well, all great minds screw up once in a while. I was thrilling away with my La Fonera 1.0, freshly hot-rodded with FreeWLAN v0.9.2, when the Fon came to a screeching halt! I was trying to do something Really Cool, and set it up as a Transparent Ethernet bridge. In this mode, the La Fonera would work as a wifi client device. The WAN Ethernet port would be repurposed as a LAN port, which would be bridged to the upstream LAN and DHCP server. This way, I could turn my tiny USB-Ethernet print server into a wireless one.

Well, it turns out that FreeWLAN’s QRM implementation isn’t quite working perfectly. To make matters worse, I can’t just hold down the ‘ole reset button because that button is ignored until the firmware finishes booting and polls it! This La Fonera isn’t finding the WLAN I configured it to join, so it isn’t setting up it’s virtual interfaces. I’m told that it’s stuck in this incompletely booted state forever. All I can do is ping it under very particular circumstances. No SSH, and no web admin exist any more.

Proponents of FreeWLAN advise flashing the kernel ASAP with one which allows reflashing the firmware over the Ethernet cable. I have done this before, when I was using DD-WRT for the La Fonera, but had not yet done it with this particular router. This leaves only flashing by serial connector. This is often referred to as a “JTAG” connector, but technically the La Fonera just has a serial connector that is simply at a lower voltage (TTL) than the serial port (RS232) you may have on the back of your PC. This requires a voltage-level adjustor. The folks at FreeWLAN were very helpful in providing me a list of options, and I decided that I would build the serial adaptor myself.

CLICK ANY PICTURE BELOW FOR LARGER IMAGE

La Fonera 1.0 (FON2100) (left), (right) La Fonera 1.1 (FON2200)

The popular design utilizes a Maxim 232 or 3232 integrated circuit. Maxim will provide free samples of this part, with free shipping from their website. I ordered two, which arrived about a week later.

I went to Radio Shack, our local overpriced electronics parts store, for 5 polarized tantalum capacitors, a small breadboard, and a 9-pin female serial connector. The bill came to $12.91 with tax.

I used sections of an old floppy cable for wire and for the connector to the La Fonera, as the holes were exactly right.

As luck would have it, the first one I built didn’t work properly. On my first trip to Radio Shack, I had bought slightly cheaper nonpolarized electrolytic capacitors. The MAX3232 datasheet said that nonpolarized would work, but perhaps that is not so for this particular project. I’m happier with the way the much smaller tantalum capacitors look, anyway.

We have RedBoot!

Also, if I let it boot up uninterrupted, I can hit ENTER for a telnet session to the OpenWRT firmware which the fonware is based on:

Next up is flashing the CAMICIA edition of the linux kernel which permits access to Redboot over the Ethernet port. I may choose XMODEM to transfer files while connected to the serial port. Then i’ll switch to Ethernet to more quickly flash the 0.7.1 edition of fonware which works best with FreeWLAN. Switching to wifi, I’ll manually configure fonware to download FreeWLAN right away, before I ever connect the Ethernet to the Internet, preventing further fonware updates. Fonware updates get slipstreamed into future FreeWLAN editions, and thus the router really does stay up-to-date.


Incompatability Reports

March 26, 2007

This page is now divided into three sections: HARDWARE, for wired or wireless equipment that does not work with Fon hardware,SOFTWARE, for computer programs that do not work properly through a connection that involves Fon, and NETWORK, for sites that are not properly routed, including DNS server errors, when using a Fon hotspot.

If you have any problems like these, but don’t see your hardware, software, or web site listed here, please email information about it toincompatible@elfonblog.cjb.net, and I will maintain the list here.

HARDWARE

Most wifi adapters appear to be quite compatible with the La Fonera AP. When scanning for networks, they will find both the “FON_AP” and “MyPlace” SSID names, and be able to connect to either of them without trouble.

Some people are reporting that they have problems finding, connecting to, and remaining connected to the La Fonera AP. The symptoms are remarkably similar, and patterns are emerging that suggest certain Manufacturers and Models are especially vulnerable.

I’ve been compiling a list of hardware reported to display these symptoms. The first number is the number of reports i’ve observed. The end of each line may have several screen names of people making these reports, which I keep so that I don’t duplicate a report. If you feel I have listed you inaccurately, please let me know.

Reported Incompatible Hardware:

# of Reports =-=-= Model =-=-= Reported by

1 Acer InviLink 802.11b/g [shrikey]
1 AirPort Extreme [Lynoure]
1 ASUS WL-138G (PCI card) (Linux drivers) [lucamanu]
1 D-Link WDA-2320 [ice.skillz]
1 D-Link DWL-510
1 D-link DWL-650+
1 D-Link DWL-G520+ (PCI card) [SkyForce]
1 Intel PRO/Wireless 2100b [obsidian]
3 Intel PRO/Wireless 2200BG (802.11b/g) card [gyongyosim][Lynoure][1sy8]
1 Intel PRO/Wireless 2915a/b/g [Lynoure]
5 Intel PRO 3945 ABG (in Dell Inspiron E1505) [robr][fedcas][jrribeiro]
1 Lan-Express IEEE 802.11 PCI Adapter, on HP 2175CA [dave1945]
1 Linksys WUSB11 V2.5 Instant Wireless USB Network Adapter

1 Nokia E61 (phone)
1 SIS 163U [fedcas]
1 WL-388 mini-USB device (Gemtek?)
1 TC300 aka D910, L10, T-ONE (GSM/WiFi handset) WAP style browser incompatible with Fon public hotspot login page. [siiix]
1 A-Link RR44 (adsl modem/router)

Apparently Compatible Hardware:

1 Atheros AR5005G
1 Nokia N80 Phone
1 Proxim Orinoco Gold ABG PCMCIA [austintx]
1 Sprint 6700 PDA Phone [robert]

Suspected Source of Incompatabilities:

The La Fonera AP (with Atheros chipset) is able to generate two SSIDs by using a little trick: it broadcasts one SSID/BSSID pair, signals that it is going to sleep, then “wakes up” and broadcasts the other SSID/BSSID pair…. rinse, repeat.

-> Signal Wake -> Broadcast MyPlace -> Signal Sleep -> Signal Wake -> Broadcast FON_AP -> Signal Sleep ->

What we are guessing is that *some* wifi adapters will insist on following the AP into sleep mode themselves, for an indeterminate time period; or perhaps they immediately start scanning for *new* connections and miss the original one “waking up”…. in either case, they miss enough future SSID beacons that they think the AP has shut off for good, and the association is broken.

Intel and Atheros both reportedly agree that there is a problem, but they’re blaming each other:

http://support.intel.com/support/wireless/wlan/sb/cs-006205.htm
http://www.intel.com/support/wireless/wlan/sb/cs-010623.htm

Solutions:

One solution might be to simply disable the private SSID of the La Fonera AP (it is the “virtual” one, after all). Since the La Fonera has no LAN port, the “private network” is of extremely limited use anyway. Unfortunately, this is not an option Fon allows us. UPDATE: This is now possible using FreeWLAN‘s easy to install plugin, and other hacks.

You might have better luck if you update your wifi adapter drivers, and disable all “power save” and “sleep” features to your wifi adapter. If you have visited a lot of hotspots and they show in your Windows Wifi manager history, delete all of them except the La Fonera’s SSIDs.

SOFTWARE

This section will be expanded in the future, but there have been reports that certain VPN and PPTP applications do not work over the public SSID of a Fon hotspot.

Problem: Whenever Fon Wifi Connection Manager is launched, it closes by itself a couple of seconds later without perfoming login.
Discussion: Fon Wifi Connection Manager installs ok, and “FON WiFi” icon appears in application menu. The application is not observed running in the background. Powercycling the phone does not resolve issue. Reistalling the application does not resolve issue. Installing the app in phone memory or on SD card fails identially. Phone is Nokia E61, running Symbian operating system OS 9.1, Series 60, 3rd edition 3.0633.09.04. with 40MB free in phone memory and 1GB free on SD card.
Solution: Unresolved as of Apr 25, 2007

NETWORK

When connected to the public or private SSIDs of a Fon hotspot, any wired resources of the upstream LAN (PCs, networked printers) are unavailble. Fon has not designed their firewall so that a Fonero may use his new Fon router as a proper Access Point (AP) and thereby network with his preexisting computers and devices.

Public Network SSID “FON_AP” or “FON_FREE_INTERNET”:
Computers connected to the public network will only see an Internet connection, and not each other. These computers cannot network together. Computers at external Internet addresses should be available, but Fon imposes their own private DNS server upon the public network, and it has been demonstrated that it sometimes has the wrong IP for a number of popular domains (more on this below).

Private Network SSID “MyPlace” or custom:
Computers connected to the private network can see each other and network together. If your network printer is wireless and is compatible with the encryption and cipher of the private network, then you may be able to use it. If you have an existing LAN with other computers that are connected by cables, they will not be available. Essentially, a Fon hotspot is neither a proper AP nor router, since it’s internal routing capability is artificially limited, and it offers little more than an Internet-only AP to the outside world. Future models in the La Fonera line, which are simply rebranded Accton mini-routers, may have LAN and USB ports added on for specific purposes. Let us hope this solves the problem in the future.

Chained Routers:
Many people, who have existing LANs and routers, choose to chain the Fon AP through their existing wired router, or older class of wireless router. The Fon router/AP usually can obtain an Internet connection this way, but occasionally does not. It may be necessary to set the Fon AP on a fixed IP. Also, when chained through some routers, this may actually allow inadvertent access to the wired LAN by wireless clients on either or both the public and private networks. This is obviously a security problem, though there are rarely complaints from those who are happy to be able to use Microsoft Networking with their wired PCs and printers again. We suggest you test your network thougherally, from both public and private networks.

DNS Issues

Wireless clients using the public network (FON_AP SSID) are assigned Fon’s own private DNS servers via DHCP, instead of the DNS servers provided by the ISP supplying that Internet connection. This is a problem, because Fon’s own DNS servers are slower, are sometimes unavailable (resulting in Page Not Found errors), and do not always supply the correct IP address for a valid domain (blah.com) or subdomain (mail.blah.com). It is thought that Fon imposes their own DNS servers because they wish to collect marketing data, build their own “walled garden” where Fon-only services are available only from a Fon hotspot, or otherwise provide URL substitution for their own benefeit.

For instance, they could interfere with access to their competitor’s websites. They could reroute requests for “google.com” or “my.google.com” and send them to “fon.google.com” to rack up scores with Google and increase their importance. It is likely that they will also use their DNS servers to make “login.fon.com” a different destination when requested by an Alien’s browser while connected to a Fon hotspot, than it would be from any non-Fon Internet connection. It would route to an error message from outside a Fon hotspot. This latter possibility is an effort at improving security, but easily circumvented by pasting the valid “login.fon.com” IP along with the domain name right in a PC’s “hosts” file. Fon is deaf to complaints about poor performance from their servers, and it seems we may have to cope with this in other ways unless they relent.

I should have begun composing this list earlier, but will make an effort to catch up here now. The following is a list of Internet addresses, domains and/or subdomains, which do not work when using Fon’s DNS servers:

Web_Address___________Date_Reported

http://www.orkut.com

       April 24, 2007

 

    pop.gmail.com April 24, 2007