Category Archives: Cambium

Cambium R195W cnPilot Routers Randomly Dropping

Posted on by
Reply

The Problem

We have been experiencing a problem with our Cambium routers where they randomly drop and are unresponsive till a reboot. They’ll also stop handing out addresses on the LAN side.

A reboot “fixes” the problem, until it does it again. You can trigger the behavior by running a port scan against the router. Wondering if the CPU/Memory get overloaded?

nmap -T4 -A -v 192.168.11.1

While running a scan on the LAN side, the web interface slows down, but doesn’t seem to take it down as fast as a scan on the WAN side.

goahead.sh is a script that may be maxing out the cpu, but could be completely unrelated.

Resolution

Configuring the “Allowed Remote IP(IP1;IP2;)” to limit WAN access effectively blocks port scans and resolves the issue. Setting is under Administration -> Management -> Web Settings. You can add multiple ranges with

10.0.0.0/8;172.16.0.0/12;192.168.0.0/16
Configure Allowed Remote IP cnPilot R195W

It looks like the public ip ranges are limited to /24’s so if you you have a block of public IP addresses larger than a /24, you’ll need to break it down into 24’s to work properly.

Template for cnMaestro

You can also create a template in the Cambium Cloud so you can apply the change to multiple routers fairly easily.

Go to Configuration -> Templates and add a new template.

WebRemoteLegalIP=10.0.0.0/8;192.168.0.0/16;172.16.0.0/12
WebRemoteLegalIP template for cnMaestro

And then you can go to your device -> Configuration and apply your new config.

Apply Allowed WAN IPs Template

Do note that if you run a scan from an allowed range, it still seems to cause problems. But at least setting the Allowed Remote IPs will keep others from scanning your network and causing problems on your R195’s.

Cambium Routers Command Line Info

Posted on by
Reply

Helpful commands. Maybe?

  1. nvram_set
  2. nvram_get
  3. nvram_get 2860 Password

Looks like most of the configuration scripts are in /sbin

Web from the /etc_ro/web/admin/managment.php

                                                                                                                                                                                     <fieldset>                                                                                                                                                                                                                                           <legend><script type="text/javascript">Capture(management.Web_Access)</script></legend>                                                                                                                                                      <table class="setting_block">                                                                                                                                                                                                                        <tr>                                                                                                                                                                                                                                                 <td class="head" id="remoteWebLogin"><script>Capture(management.Remote_Web_Login)</script></td>                                                                                                                                              <td>                                                                                                                                                                                                                                                 <select name="remote_web_login">                                                                                                                                                                                                             <option value="0" <% getCfgSelected("DBID_LAN_LOGIN_ONLY", "1"); %>><script>Capture(share.disable)</script></option>                                                                                                                         <option value="1" <% getCfgSelected("DBID_LAN_LOGIN_ONLY", "0"); %>><script>Capture(share.enable)</script></option>                                                                                                                          </select>                                                                                                                                                                                                                            </td>                                                                                                                                                                                                                                </tr>                                                                                                                                                                                                                                        <tr id="WirelessHostLogin_tr">                                                                                                                                                                                                                       <td class="head" id="WirelessHostLogin"><script>Capture(management.wireless_access_web)</script></td>                                                                                                                                        <td>                                                                                                                                                                                                                                                 <select name="wireless_access_web">                                                                                                                                                                                                          <option value="0" <% getCfgSelected("wireless_access_web", "0"); %>><script>Capture(share.disable)</script></option>                                                                                    <option value="1" <% getCfgSelected("wireless_access_web", "1"); %>><script>Capture(share.enable)</script></option>                                                                                                                          </select>                                                                                                                                                                                                                            </td>                                                                                                                                                                                                                                </tr>                                                                                                                                                                                                                                        <tr  id="web_login_access">                                                                            <td class="head" id="WebLoginWay"><script>Capture(management.way_access_web)</script></td>                                                                                                                                                   <td>                                                                                                                                                                                                                                                 <select name="way_access_web">                                                                                    <!--                                                                                    <option value="https" selected = "selected" <% getCfgSelected("way_access_web", "https"); %>><script>Capture(management.https)</script></option>                                                                                             -->                                                                                                                                                                                                                                          <option value="http" <% getCfgSelected("way_access_web", "http"); %>><script>Capture(management.http)</script></option>                                                                                                                      <option value="http&https" <% gethttphttpsSelected("way_access_web", "http&https"); %>><script>Capture(management.http_https)</script></option>                                                                                              </select>                                                                                                                                                                                                                            </td>                                                                                                                                                                                                                                </tr>                                                                                                                                                                                                                                        <tr id="localport_tr">                                                                                                                                                                                                                               <td class="head"><script>Capture(management.localWeb_Port)</script></td>      


nvram_
 nvram_get  nvram_set
 nvram_get
 Usage:
   nvram_get  [] []
 command:
   rt2860_nvram_show - display rt2860 values in nvram
   rtdev_nvram_show   - display 2nd ralink device values in nvram
   show    - display values in nvram for 
   gen     - generate config file from nvram for 
   renew   - replace nvram values for  with 
   clear   - clear all entries in nvram for 
 platform:
   2860    - rt2860
   rtdev    - 2nd ralink device
 file:
           - file name for renew command
 nvram_get show
 2860
 nvram_get show 2860

Trying to read data

nvram_get gen file tmp.txt
 Usage:
         nvram_get 2860 lan_ipaddr
 nvram_get 2860 lan_ipaddr
 192.168.11.1
 nvram_get 2860 http_wanport
 nvram_get 2860 http
 nvram_get 2860 httpd
 nvram_get 2860 remote_mgt_https
 nvram_get 2860 remote_mgt
 nvram_get 2860 telnet
 nvram_get 2860 remote_mgt
 nvram_get 2860 remote_ip
 nvram_get 2860 wan_ip

grep “nvram_get 2860” * | grep -i web

grep "nvram_get 2860" * | grep -i web
 check_goahead.sh:DBID_WEB_PORT=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webport=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webhttpsport=nvram_get 2860 DBID_WEB_SSL_PORT
 common_lib.sh:  local web_remote_ip=nvram_get 2860 WebRemoteLegalIP
 common_lib.sh:  wireless_access_web=nvram_get 2860 wireless_access_web
 common_lib.sh:  wanwebport=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webhttpsport=nvram_get 2860 DBID_WEB_SSL_PORT
 common_lib.sh:  lanwebport=nvram_get 2860 lan_webport
 common_lib.sh:  local webport=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webhttpsport=nvram_get 2860 DBID_WEB_SSL_PORT
 common_lib.sh:  local web_remote_ip=nvram_get 2860 WebRemoteLegalIP
 common_lib.sh:            local teluserpwd=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 global.sh:webinit=nvram_get 2860 WebInit
 internet.sh:    pass=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 lan.sh:lan_gw=nvram_get 2860 lan_gateway #for debug, so remote host can access web route from another device in lan port
 nat.sh:webport=nvram_get 2860 DBID_WEB_PORT
 set_ping_rule.sh:       local pinglegaip=nvram_get 2860 WebAclList
 storage.sh:     admPW=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 storage.sh:     admPW=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 storage.sh:     admPW=nvram_get 2860 DBID_NORMAL_WEB_PASSWORD
 storage.sh:             admPW=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 storage.sh:             admPW=nvram_get 2860 DBID_NORMAL_WEB_PASSWORD
 updown_make.sh:         url=nvram_get 2860 websURLFilters
 updown_make.sh:         host=nvram_get 2860 websHostFilters

SSH

Not exactly sure if this does work, but seems like it should.

nvram_get SSH_SERVER_REMOTE_ENABLE

Default status

Enable 

nvram_set SSH_SERVER_REMOTE_ENABLE 1

After running above command

Commit changes

nvram_get commit

Reboot

reboot

Change password

Seems like I am missing a step. Seems to change the password in the nvram, but does not actually change it permanently

Get current password

nvram_get 2860 Password
admin

Set Password

nvram_set Password newpassword

Commit Changes and reboot

nvram_set commit
reboot

Helpful links

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=29181

Uses some of the commands (i.e. nvram_get 2860 HostName )
https://github.com/jameshilliard/hlk-rm04-squashfs-root-1.78/blob/master/sbin/lan.sh

no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Posted on by
Reply

Work around is to use the -o option and specify KexAlgorithms with the correcct option.

ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.11.1

https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0#340853

cnMaestro template for setting Username and Passwords for PMP gear

Posted on by
Reply

The following template can be used to set the user name and passwords for cambium pmp gear. Create a new template in cnMaestro, past in the following, change the passwordEncrypted to the hash of your password and run the config.

You can get the hashed password by pulling it out of a current radio config.

{
"userParameters": {
  "authenticationConfig": {
    "accounts": [ 
      { 
        "userName": "admin", 
        "level": 3, 
        "readOnly": false, 
        "passwordEncrypted": "188a934e0246ae248da19400fed83107a" 
      }, 
      { 
        "userName": "root", 
        "level": 3, 
        "readOnly": false, 
        "passwordEncrypted": "188a934e0246ae248da19400fed83107a" 
      } 
    ]
  }
 }
}