We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Making opensource routers

00:00

Formal Metadata

Title
Making opensource routers
Subtitle
What, how and why...
Alternative Title
Turris: secure open source router: Who is the root on your router?
Title of Series
Number of Parts
94
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
At CZ.NIC we are making open source Turris routers. What's the point? How are those special? Why should you care? Well on this event you probably do care a lot about stuff like security and privacy. But building on top of open source and being part of open source brings many benefits even for end users. So what cool open source projects did we integrated and how? The talk with describe how do we do stuff, what challenges do we face in regards to having self-updating router that people can and thinker with and then we go into details of some really nice security features that we integrated and made really easy for people to use.
14
Thumbnail
08:55
28
30
36
Thumbnail
57:37
39
Thumbnail
58:46
48
Thumbnail
1:00:10
57
Thumbnail
15:55
91
Router (computing)Open sourceFreewareOpen setRouter (computing)Open sourceXMLUMLLecture/ConferenceComputer animation
Time domainSession Initiation ProtocolAssociative propertyInternetworkingDemonDirect numerical simulationServer (computing)KnotOffice suiteTranslation (relic)Series (mathematics)Open sourceDomain nameDemonInternetworkingRouter (computing)SoftwareServer (computing)Resolvent formalismWindows RegistryDirect numerical simulationAssociative propertyLevel (video gaming)Computer animation
Session Initiation ProtocolTime domainAssociative propertyInternetworkingDemonDirect numerical simulationServer (computing)KnotTranslation (relic)Office suiteSeries (mathematics)Computer networkThread (computing)Direct numerical simulationSimilarity (geometry)In-System-ProgrammierungAuthorizationGeneric programmingRouter (computing)YouTubeInformation securitySoftwareAverageInternetworkingSeries (mathematics)MereologyComputer animation
Computer networkThread (computing)Router (computing)Computer hardwareInformation securityComputer wormRootCore dumpPowerPCComputer hardwareService (economics)SoftwareTelnetFirewall (computing)Connected spaceInformation securityInternetworkingCondition numberRouter (computing)Point (geometry)Projective planeSinc functionPropagatorAverageDomain nameServer (computing)Open sourceComputer wormMulti-core processorPowerPCData storage devicePresentation of a groupMultiplication signResultantLoginComputer animation
Open sourceFreewareRouter (computing)Computer hardwareNetwork topologyInformation securityComputer wormRootPowerPCCore dumpControl flowProcess capability indexFirmwareRootRouter (computing)Domain nameComputer animation
Open sourceControl flowDomain nameWritingData storage deviceRouter (computing)Process capability indexPoint (geometry)Fiber (mathematics)Computer animation
Open sourceControl flowProcess capability indexFeedbackServer (computing)Open sourceSoftwareExpressionCuboidNetwork topologyRootInternetworkingFeedbackDistribution (mathematics)Fiber (mathematics)Goodness of fitNormal (geometry)Meeting/InterviewComputer animation
FreewareOpen setFeedbackServer (computing)Modul <Datentyp>Open sourceService (economics)Information securityRootRepository (publishing)SoftwareRouter (computing)Physical systemOverlay-NetzComputer-generated imageryFunction (mathematics)Data storage deviceRevision controlSoftwareDistribution (mathematics)Computer hardwareOpen sourceLimit (category theory)Multiplication signPatch (Unix)AverageModule (mathematics)Information managementRadon transformUser interfaceRouter (computing)Repository (publishing)Data compressionProjective planeService (economics)Software developerComputer configurationCASE <Informatik>Information securityRootData storage deviceFirewall (computing)Functional (mathematics)Configuration spaceRoutingMaxima and minimaCore dumpAdditionQuicksortInstallation artComputer animation
DisintegrationInterface (computing)Function (mathematics)Server (computing)Computer networkRouter (computing)ForestCalculusUser interfaceAverageOpen setMereologyConfiguration spacePublic key certificateServer (computing)SoftwareFlow separationFunctional (mathematics)InternetworkingComputer fileComputer configurationAuthorizationVirtuelles privates NetzwerkComputer animation
DisintegrationInterface (computing)Function (mathematics)Server (computing)Computer networkOpen setFreewareMultiplication signRouter (computing)Information securityComputer animationLecture/Conference
Physical systemAxiom of choiceRollback (data management)Common Language InfrastructureData storage deviceOverlay-NetzFile systemMedical imagingServer (computing)Real numberDenial-of-service attackLecture/ConferenceComputer animation
Physical systemAxiom of choiceRollback (data management)Common Language InfrastructureMultiplication signComputer animation
Physical systemAxiom of choiceCommon Language InfrastructureRollback (data management)SoftwareLattice (order)Uniform boundedness principleOcean currentState of matterComputer animationLecture/Conference
Physical systemAxiom of choiceRollback (data management)Common Language InfrastructureDefault (computer science)Bridging (networking)Distribution (mathematics)Interface (computing)Router (computing)Service (economics)Computer hardwareFunctional (mathematics)Distribution (mathematics)Moving averageState of matterComputer animation
Open setDistribution (mathematics)Installation artCommon Language InfrastructureInterface (computing)Default (computer science)Bridging (networking)Service (economics)Proxy serverConfiguration spaceServer (computing)EmailDistribution (mathematics)Web 2.0Router (computing)Direct numerical simulationWebsiteBitService (economics)Multiplication signFunctional (mathematics)InternetworkingProjective planeFunction (mathematics)InformationMetropolitan area networkMereologyAverageSoftwareVideo gameStatisticsEscape characterBridging (networking)Configuration spaceInterface (computing)Information securityRadon transformInstallation artTraffic reportingOpen setVirtualizationComputer animation
Service (economics)Distribution (mathematics)Proxy serverInstallation artConfiguration spaceUniform resource locatorTunisPort scannerGroup actionPlanar graphLie groupIP addressRouter (computing)PasswordComputer animation
PasswordAddress spaceTotal S.A.Proxy serverStatisticsLoginMultiplication signRouter (computing)NumberLevel (video gaming)Information securityStatisticsMetropolitan area networkWebsiteComputer animation
Port scannerWeb pageTotal S.A.Proxy serverStatisticsConvex hullTorusHill differential equationTime domainService (economics)Installation artDistribution (mathematics)Configuration spaceFirewall (computing)Physical systemComputer networkInformationBlock (periodic table)SoftwareProjective planeAdditionService (economics)Connected spaceRule of inferenceFirewall (computing)Communications protocolInformationPhysical systemDataflowOnline helpOpen sourceIntrusion detection systemBlock (periodic table)Computer animation
TelecommunicationOpen sourceQuery languageDirect numerical simulationContent (media)Software bugRule of inferenceDirect numerical simulationAddress spaceRule of inferenceInformationComputer wormServer (computing)LengthQuery languageConnected spaceWeb 2.0Figurate numberOpen sourcePublic key certificateEvent horizonMetadataForm (programming)Computer animation
InformationTransport Layer SecurityServer (computing)Extension (kinesiology)Serial portFingerprintRevision controlPoint (geometry)Rule of inferenceTelecommunicationInformationPublic key certificateEmailConnected spaceLecture/ConferenceComputer animation
FacebookContent (media)DisintegrationInformationCommon Language InfrastructureInterface (computing)ComputerComputer networkDigital electronicsProjective planeEmailSoftwareFigurate numberDressing (medical)Flow separationOpen sourceUser interfaceInformationLocal area networkCommon Language InfrastructureComputer animation
DisintegrationInformationCommon Language InfrastructureInterface (computing)ComputerComputer networkDemo (music)Maxima and minimaGamma functionPoint cloudFormal languageClient (computing)Router (computing)Address spaceConfiguration spaceServer (computing)Web pageLocal area networkWide area networkStandard deviationMoment of inertiaDirect numerical simulationCommunications protocolDirectory serviceElectric currentWeb pageDemo (music)User interfaceFluid staticsConfiguration spaceMereologyOpen setComputer configurationClient (computing)AuthorizationPublic key certificateBitComputer animation
StatisticsMaizeBitSimulationPoint cloudGoogolClient (computing)Multiplication signWebsiteFacebookSoftwareComputer animation
DisintegrationInformationInterface (computing)ComputerComputer networkRouter (computing)Point cloudRootInformation securityFunction (mathematics)Revision controlControl flowVirtual machineSoftwarePower (physics)Point cloudInformationRevision controlInstance (computer science)Information privacyNatural numberFitness functionInformation securityClosed setControl flowRouter (computing)State of matterComputer animation
Point cloudConfiguration spaceRAIDFile formatCommon Language InfrastructureDatabaseData storage deviceInstance (computer science)Module (mathematics)RoutingRevision controlCommon Language InfrastructurePoint cloudHard disk driveRouter (computing)Computer configurationWeb 2.0Computer animation
Point cloudRAIDConfiguration spaceFile formatCommon Language InfrastructureDatabaseData storage deviceSoftwareBit rateRouter (computing)Computer hardwareRight angleComputer animation
Open setFreewarePoint cloudFormal grammarRAIDACIDSample (statistics)Common Language InfrastructureDatabaseData storage devicePartition (number theory)Link (knot theory)Classical physicsBit rate
Digital video recorderRouter (computing)Heat transferStreaming mediaSoftware protection dongleRouter (computing)Software protection dongleDisk read-and-write headSoftwareBitPlastikkartePointer (computer programming)Hard disk driveCore dumpLocal area networkStreaming mediaDigital video recorderComputer animation
Pointer (computer programming)BitRadon transformKernel (computing)XMLComputer animation
Pointer (computer programming)Human migrationNumeral (linguistics)Radon transformSmoothingProcess (computing)NeuroinformatikFormal languageWeb 2.0Gastropod shellOpen setBootingEmailBinary codeFunctional (mathematics)Revision controlComputer architectureBookmark (World Wide Web)Cartesian coordinate systemBitMereologyPatch (Unix)TDMAKernel (computing)Electronic mailing listRouter (computing)Scripting languageRadical (chemistry)Network topologyControl flowComputer animation
CurvatureOpen setPointer (computer programming)Virtual machineWindowPhysical systemNetwork topologyState transition systemRadon transformOpen set
Pointer (computer programming)FreewareOpen sourceAreaBootingRouter (computing)Computer animationXML
Transcript: English(auto-generated)
Hi everybody, thank you for coming and listening to my talk and My name is Mihai Hushetsky and I will be talking about routers that we make and
Why we are making routers, how did we started making them and How open source makes our routers great and How open source is actually powering up our routers and what it allows us to do
So Who we are I'm from a Company, it's called CZNIC and we are actually check top-level domain registry and How did we get to making routers We are actually doing much more than just a registry
Legally, we are some association of companies That actually compete with you with each other. So the only common goal is to make working internet and Yeah, make the internet as best as possible
so we are run as a nonprofit because that's the only thing that they agree on and We are making some open source contributions and we are making some open source software especially when it is connected to internet and
Making internet a better place so We are developing Bert routing daemon That you might know We are developing not DNS resolver and not DNS server But we are also Helping to educate generic public in Czech Republic we are
Producing some books and for example, we translated ProGet We have a trick author that is writing really great book about IPv6 and updating it Every few years
Depending on how IPv6 adoption proceeds. We even made a TV series that explained people how to handle internet and That they shouldn't trust everything how they should buy online and on that scam and stuff like that
so we are trying to Do a lot of good in general and at the end we are making Wi-Fi out this As part of that so Apart from that we also run a Czech national C-certs team, which is a
team of people that are monitoring security threats and coordinating with ISPs and Other similar teams around the world about security threats and yeah security on the internet That's going to get important as we go again as we go along
So how it all started how did we get to making routers We had this big question that we wanted to have answered How safe are the home users from network attacks? Is somebody attacking network?
Is somebody attacking home users? This average Joe that is just browsing YouTube. Is he safe? How often is he attacks? What are the attackers trying to do and Yeah, we had no clue
We know all what what is happening on our servers, but our servers are Usually they serve some purpose so they have wire services and these attacks can be targeted at them and Attackers probably learned about our servers from the services that they are offering
So what happens with average people at home? so we wanted to know that and So we started a project to actually assess what's going on on the
On the devices that you have at home and that are facing the internet so we created the first tourist router and Goal wasn't to create a hardware router. The goal was to create some
probe that we could give to people and Actually monitor the threats that are coming in so We were researching how to do that and in the end we found out that No device actually meets our requirements. So we had to create one and
We created our first tourist router We gave it for free in Czech Republic because it was financed from the money that we get for Czech domains so We thought that we should give it back to people who were buying the domains and
And since we were making router we decided to make it As we thought that the rotors should be made so we created a way to propagate Security updates to the users make it so that those updates will be automatically installed
but and we gave obviously people root account on their routers because it's Device that is running in their network. So they should be able to control it somehow and
we had just one condition on those people who were given the router and that was that they will allow us to monitor some stuff and run some security research on top of those devices and One point was that we were collecting firewall locks to figure out who's attacking them and
Optionally we allowed them to run some kind of honey pots for some services We have we call it mini pot. Basically. It's a service that opens up a port for example telnet port and When attacker tries to connect it asks for credentials and
When attacker provides the credentials it closes the connection So it just collects the credentials that attackers are using to connect to telnet HTTP and stuff like that and We also allowed people to run some kind of honeypot. I will get to that later and
Hardware wise we had dual core power PC 2 gigs of RAM and 250 megs of storage so That was something that we couldn't find in any router on the market
That easily at the time so The result was that we gave it to people we run some security research on top of it and Our CSET team guys were happy they had plenty of data they could do
quite some research they found some Ways of attack some new attacks they found some worms that were going through the internet and Yeah, it was great source of data They were doing presentations around the world about what they found and by the way they were mentioning the
project that we created and And plenty of people were actually interested Not only in the results, but also in the router because they were saying that they would like to have such a router for themself router that is quite powerful can be made into doing quite a lot of things and
With root account not having to figure out the way how to flash unoriginal firmware and losing warranty and stuff like that So We were interested whether it's just our impression or whether people actually want such a device and
We ended up with Turis Omnia which was a our answer to that question We created a router that We wanted people to be able to actually buy because the first one was made from
Money for check domain, so we didn't want to Sell it or give it to people abroad who never ever buys check domain so we created a Turis Omnia and we run Indiegogo campaign to basically figure out whether people are really interested and
We found out that they are interested. So we made it happen and nowadays you can buy it in normal shops we made it even more powerful than the old router and We tried to put everything interesting inside
so We have our v7 2 gigs of RAM 8 gigs of storage Both Wi-Fi's 2.4 and 5 yards AC We put in SFP port so you can use fiber directly We have some mini PCI Express slots mSATA USB 3 everything and
It ships with open source software and Again users get root account and they can modify it They can even refresh it. We have plenty of users that are not using our software, but their favorite distribution and
We have normal screws reality people open up the box we are not voiding the warranty and Yeah, we are trying to be a Good We are trying to be good
So as we put everything in We get get a feedback for Omnia and the feedback was that price tag between two and three 300 euros is quite high That who needs SFP. I don't have a fiber at home who needs Ethernet ports. I'm using just Wi-Fi
Who needs Wi-Fi I'm using only internet internet port and Why just five internet ports I I have 20 devices I need more And Why only two USB trees I have plenty of stuff that I need to attach
so Yeah, as you can see those requests kind of conflict which with each other so We try to address all of those and we came up with something new and the new thing is called tourist mocks and We tried to make everybody happy
Again and we made it modular so You have a base module that you can start with it has RV 8 to course some rim and USB 3 and nothing more and then you have a optional modules that you can buy and put it together like legal and
Make the router that perfectly fits your needs. So that's how we got to producing the hardware and That's our latest Step in producing hardware and trying to address people's needs
Currently, it's still on Indiegogo and should be available in retail probably beginning of the next year So we were talking about the hardware Now what makes our after special the I would say that the most important stuff is
That We are using free and open source software on those You get access to our repositories. You can take a look at the software. You can contribute back some patches
We also have quite enough resources so you can run various services that you would like There is plenty of open source software available in our repositories so you can install Additional software and yeah, you are running your average well You are running clean distribution on your router. So you get all the advantages of that
Main one being security updates And Yeah, because it's your device you bought it you deserve to have a root account on it which is something that
nowadays vendors are trying to make as hard as possible and Since it started as a security research project. We still have some security features and we are pretty open regarding everything you get full schematics online and
Yeah, when we were running the campaign it happened to us a few times that somebody asked some hardware question and It was late in the night and Before our hardware guys woke up and were ready to actually answer it. Somebody figured out from the schematics and
answered so yeah, that's great and So I would like to speak more about the software and Show you a few examples of what is really great and cool and what you can do with the
Open-source software on your router if you get some of the software is actually Kind of limited that it needs powerful hardware as well so Yeah I will start from the Linux distribution that we are using
We are based on Distribution called open wrt if you ever heard about it. It's distribution. That's targeting Embedded devices, but most common use case is using it on routers
Thanks to it. It's optimized for small devices Packages are small doesn't eat all much RAM They have quite some quite some packages already prepared and They have some extra functionality for routers, that's why we basically choose it
they have They are doing a lot of Wi-Fi development and testing some firewall development as well and they have a Nice web user interface that you can use to configure almost anything although
Sometimes it's it can be quite confusing for end-user because sometimes there is just too many options and You don't know what what to do and their way of doing stuff because they are their average target is
Router that has something like 8 megs of storage 8 megs of RAM so they have to Compress everything usually you get a highly compressed root FS and You will get something like 1 meg of storage
Extra that you will try to use for extra packages and configuration We don't have to be that restricted so Our OS that is running in our routers is based on open wrt and
For our users we created a much simpler web interface named forest It's trying to provide basic and even some advanced functions in a simple way so Even average Joe can understand them and set it up
from the advanced functionality one thing that Even I as a experienced user will appreciate is Open VPN server setup if you ever tried to set up Open VPN
It's actually not that hard Just few configuration options, but then the hard part is you actually have to create certification authority and create a certificate and Somehow take care of that part and
Yeah, that's something that's hard to explain to beginners So we integrate it into our web Interface and with few clicks you can create certification authority create certificates for individual devices enable open VPN server and Let Your devices in you just download the configuration file that has everything embedded put it on your device and you connect
Another example what we try to make the simple is Create separate SSID for Wi-Fi so people can get kind of guest network for devices that they don't trust and
Give them internet access like IOT and Yeah, because we wanted to make it as simple as possible for people to use we
spend some time Making sure that we can update and that those updates are It is that it is possible to install those updates automatically so our users can enable automatic updates set up the router and
That router will stay in the corner work Sometimes get update updates itself and then just send you email. Hey, I just updated few packages There were some security issues. They are no longer there. You are protected
Apart from that because we have much more Resources at our disposal what we are also doing differently is File system we are not using heavily compressed Images with some overlay on top we have 8 gigs of storage on Omnia so
We can use real file systems for Grown servers and desktops, so we picked butter FS because it's the coolest file system out there for Linux and
It has some nice features that we are using The most important one is snapshots It's really handy and We are doing snapshots all the time
Just to make sure that You have something to get back to if something goes wrong We are making snapshots automatically before each update we are also making snapshots automatically once a week and we also wrote a simple tool that will that can be controlled from CLI and
It will allow you to actually create Snapshots manually when you need to for example if you are Going to try to Reconfigure your whole home network you have you have been to some community meeting with
You bring to some conference Then you went with your friends to some pop and when you get back from pop you have this great idea how to Reconfigure everything so
you can do you can create snapshot before you start and Then when you finally figure out that the idea wasn't really great, and you no longer can connect to your device from any port You can just press the reset button for long enough, and it will roll back to the last
Snapshot before the current state So it's really handy And you can repeat that if your last state was broken already You can revert even more you can compare the snapshots take a look what what was there and
Try to figure out what went wrong So we think that this functionality is really handy if you are doing stuff with your router and It's really important that you have it accessible with just one hardware button And you are able to river roll back to the previous snapshot even if you cannot connect to the router
Another thing that we can do thanks to having plenty of resources at our disposal is Linux containers containers are also quite popular nowadays and
What we are using them for is that some of our users Really like the way their distribution work, and they are really accustomed to their favorite distribution
So they prefer to run services The way their distribution offers them So if they want to set up some tour or web server or IRC server or mail server or DNS server on their router
They prefer to do it in their own distribution So we are offering we have a LXC tools integrated that's something that Done on OpenWrt site already somehow we just
Polished it a little bit and integrated it better and You can with few clicks in web UI you can install some Linux distribution Into container it will automatically get its virtual
Interface assigns to one bridge and Yeah, you can start using it. As I was saying that we started from a
security research project one part of the security research project that was really interesting and People asked us how for a long time. We actually split up from the router project and created a separate project for it This functionality is called Haas
Honeypot as a service and Basically the reasoning and how this works is honeypots are cool and you want to see and learn those attackers to some honeypot and see what they are trying to do and
Yeah, make life a little bit harder for them, right? but There's still some small risk that they might actually escape from the honeypot depending on how well you manage it and Even if they don't escape they might try to do something nasty in there
and Yeah, the average Joe wouldn't try to install honeypot on his router He would be scared so there is a easy solution let somebody else run the honeypot and We would gladly do that for you
so With this project You can register on our website You get a special token and then you download Just proxy software it is Easily doable on our routers because we have it integrated very well
Now some distributions already have this software packaged So it might be available in your distribution and you can install it on your server as well and after a little configuration When somebody tries to access your device over SSH
this software will actually do man in the middle on name and send him to our servers and He will end up in our honeypot while thinking that he successfully got into your Device and You get all the output
You get to see what was going on. You get see some statistics you are completely safe and I think can happen to you and All those information actually go to our C search team that also Does some research on top of it and if they found something interesting they let other
C search teams around the world to know so you are having fun and you are contributing to the general safety on the internet at the same time I will show you how it looks
This is uh, yeah, it's it's big is it big enough Cool so this is um my honeypot So When I logged in I have various devices had here and
I Picked my home router and you can see who was trying to get in whether they succeeded and What username password they used? Their IP addresses where they were from and at the end you see from which country I learned their most attackers
It looks like somebody in France has something against me and if you You can also click at individual sessions and see what they were looking for
So this guy was looking for Some bitcoins The other guy was just looking around and wanted to see what's what's in there and Even if you don't participate actively and
Don't send us your logs so you can view it like this on the website We have some statistics that are available publicly. You can see how many people is participating Number of sessions and stuff like that you can also download
The data that we collected only mice so you don't know Who was the guy that was attacked, but you know everything about the attackers so if you are security researchers, you might want to take a look and
We also have The same map just from that data from everybody so you see That People from France attacking my router is not that common and Most of the time it's people from China and US
It's just specialty of my router that is hated by French guys Yeah so yeah, that's one of the software that we developed we started and
Now we forked it and now is a separate project Apart from that we are using some software that other people developed and we are integrating it To make sure that it provides our users with some additional features and additional services that they may like
One of the projects that we are integrating is called Suricata and That's helpful if you are if you need more than average firewall It's a intrusion detection or intrusion prevention system. Oh, it works somehow with network flows
It looks much deeper into The traffic than your average firewall it looks even into data and is able to understand how how protocols work and Extract the data that are interested in some structured way
It can either lock the information or it can even in some setups So block the connections it can alert you somehow and there is plenty of open source rules that you can download and try to integrate and You can write your own rules
Just a few examples what it can do Nowadays everything is encrypted that would be nice, but it's not so Plenty of traffic is encrypted, but what is usually unencrypted is DNS queries which contains quite some interesting informations like
What server were you trying to address when you went to this public web hosting that contains thousands of servers or Even if you are establishing encrypted connection During the initial
Connection you exchange some information Which usually contains the server certificate which usually contains the name that you were trying to access And you also get some IP make address Length of connection how much data was transferred and stuff like that
So you can collect plenty of metadata about the traffic even though if you even if you can't Get the actual traffic so What you can do that what can you use it for you can monitor devices you don't trust figure out
What's your fridge doing when you are not home? What's your TV doing when you are not watching it? Where is it connecting? and There is plenty of open source rules that are trying to detect some of the
Suspicious activity like there are rules that are trying to match some known worms There are rules that are trying to make some common This allowed behavior like If you are working in company It's in some evil companies. It's disallowed to use IRC
This allowed to connect to Jabber This allowed to use Dropbox which I would maybe even agree with And stuff like that. So there are rules for quite some events and you can try to integrate them
Currently we don't have anything That advanced to make it easy But we plan to extend it at some point So Just an example what you can get from the encrypted communication you have
No clue what's going on afterwards, but at the beginning you know who issued the certificate What was it issued for and stuff like that? So Even if the collection is encrypted and you don't see actually HTTP Headers, you see the certificate which also tells you quite some information
and just some example how rules look like and Yeah, I said that Suikata is something that we don't develop. It's a Separate open source project, but we like them
and we try to integrate it and We integrated it and we created the software we call Pakoni It uses Suikata currently just to collect the information about your traffic and figure out what was going on and
it can collect those information Aggregate it and then you can watch it in either CLI or in simple web interface And it can also alert you when new device shows up on your local network
So that can be handy if you get an email if something new is on your network and You have to figure out then by yourself whether it is the new fridge that you bought or whether it is your neighbor so
just more example We actually created a demo web page demo.tourist.cz That is actually showcasing our simplified web interface It's just static web pages so
You don't get to configure that much but part of it is The open VPN configuration that I was talking about It also has few options but Mostly you just enable it create certification authority and then you just name the client
click create and then get config for the client and that's how you manage your certification authority a little bit easier than open SSL and The stuff that I was going to show you right now is the Pakoni
You can see what device Was trying to connect you can see where it was trying to connect and Yeah, how much data it sent received how long it was there and you can filter it by
Client or you can filter it by the destination so you can see who was using Facebook on your local network and For how long and How much data did they transferred or you can just select your TV and see?
Where your TV is going? What website is your TV using? I found out that my TV really likes Baidu. I don't know why But it's spending quite some time there
So yeah, it gives you more insight into what's going on in your home network and You might find Some devices that you might not want to trust anymore so that's one of the examples of software that
There is a really great and big and powerful software that somebody else is doing and we just integrated and give our users Plenty of advanced features other software that kind of makes sense is for example next cloud
Some people or some of our users were asking for it and When you take a look at it it kind of makes sense If you are thinking about next cloud you want to have your data secure and
And So you want to run the latest Released version with all the fixes and all the security updates. That's what we are doing for our software and You want to make sure that your data states private? so you want to host your next instance on infrastructure you trust and
And Yeah, we are kinda ultimate self-hosting for that because it will be hosted in your flat Behind your closed doors, and if somebody breaks up into your apartment Then probably he can get much more valuable information than your next cloud
Already so yeah, it's kind of natural fit so we are working on that as I was speaking about our modular router. We created one that has four USB ports
Now one module with four USB ports, so you can attach multiple hard drives and use it for for example next cloud What we already have in place is easy VPN, so you can connect from anywhere
To your next cloud instance we have automatic updates, so you are always on the latest secure version we even have next cloud packages ready, and we have a CLI wizard that will guide you through setting up your next cloud instance we still need to
Put it into simplified web UI and Recently we also got us in our Web UI option how to format and mount our hard drives It's the first version of this plug-in We need to extend it to support rate because if you are storing important data on your
Router you want to have a rate on your router, right? So that's something that we are working towards too. Yep The question was whether it will be hardware or software rate
We will be using software rate because we are using USB drives mostly and What we are thinking about is We really like butter FS and butter FS supports rate as well
So we are thinking about using butter FS rate one of the Cool features of using butter FS over classic links arrayed is that you don't have to have our drives with the same size and It will distribute data, and you don't have to think that much about how you are doing it
With not the same size drives you can do it even with links rates, but you have to think about it and Make the partitions and mirrors and stuff But with butter FS it will do everything for you
So that's what we are looking for that's what we are planning to use and One more Example of what people are actually doing with their routers that is a little bit on the
Not that obvious side Is there's this software called TV head end That you can install on our routers and people are doing it Then you get a DV BT dongle put it into your router
you get a External hard drive attach it to your router, and then you just turn your router into DVR So you can record the shows on TV You can stream your TV into your local network and Another software that we have available is mini DLNA so you can even
Make the shows that you record it available on your local network in a way that even your dump smart TV understands
so that's just One example for crazy stuff that you can do There is much more software that is available and Yeah, it's up to your imagination, but you turn your relative into
It's just another device that is powerful. It's running 24-7 and can run any software you can imagine so Thank you for your attention I have a few more pointers if you want to look some some stuff up and
Now I would like to open for questions Thank you Okay, so how much of your work goes upstream and what's the experience trying to upstream?
Okay upstreaming Yeah, obvious question and kind of difficult one Because nobody wants to speak about what we didn't manage
Upstreaming regarding Omnia we managed together with some community guys to get basic support in vanilla Linux kernel so apart from SFP and LEDs
You can get your Omnia running latest vanilla kernel So regarding OpenWrt the situation is little bit trickier Back then when we started they were still using SVN and there were some discussions about
That they don't like how they are doing releases back then we forked them and then they forked themselves and Then they reworked how they are doing releases and they worked their version control system and
Nowadays, they are doing it in a really great way in the same way so But in the meantime, we actually released our devices so we still have to maintain what we released and We are now in process of rebasing on top of newer
OpenWrt release The tricky part is that we promised our users automatic updates that wouldn't break anything So we need to make sure that there is a smooth migration path from the old release to the new release That's something that the OpenWrt doesn't have to
So yeah, we are trying to rebase on top of the new release and as part of that We are trying to clean up our patches and send as much as possible upstream There's stuff that never will be upstreamed
like Some Customizations that we are doing because we don't have to care about size That much we care about functionality more so Sometimes OpenWrt people are a little bit radical in cutting down the size
and We are trying to take a more conservative approach on that side but we are trying to upstream as much as possible with a Yeah, but we are starting right kinda now and We are also we also have to do
support for The devices that we have out and we are making a new device But with the new device Situation is actually much better because we learned and If you take a look at U-boot and Linux mailing list, you will already see the patches going in for Turismox and
We are building on top of latest U-boot upstream and with the kernel we are trying to stick with 4.14 that is a TS that went to 18.06 OpenWrt
but my colleague is sending patches to the latest Vanilla Linux as well and trying to get upstream support for it as well For customizations about OpenWrt There is still quite some stuff that we have to go through and clean up and send upstream
But we are trying to work on it Yep, is it possible to deploy our own applications on the router? The deploy your own applications on the router. Yeah, sure With a few
Yeah, you have to be aware of few things first is it's Rmv7 or Rmv8 so different architecture than your desktop. So Depends on your favorite language. What's your favorite language? I like Python if you like Python then you are fine
Because you don't have to compile binaries and we actually have Python and In our team we have plenty of people that love Python as well. So For example the web UI that you saw is written in in Python and
Our back on is written I believe in Python as well, so Scripted languages like Python or shell are really fine and you can install it easily When you get into more troubles is when you try to compile something
then you need to cross compile it and You either need to statically link it on your computer and copy the binary or you have to use SDK from OpenWRT and try to integrate it with that and Then it gets a little bit tricky
Because not sometimes well for the current releases that we have in 1505 or SDK doesn't work always and especially as it is all trees
It doesn't build well on the new systems so We are actually Using some old LTS on our build machine To be able to actually build for these old device for for the old tree that we have So it gets a little bit tricky
If you are looking for the long-term window The easiest way is to get your package into OpenWRT Into packages feed and then we will compile it automatically when we migrate to 1806
Okay another question No more okay, so Thank you again
And if you will think about another question later on we have a booth in Mensa area and you can drop by see our rotors for ourself play Tetris on them and Ask us anything about them. Thank you