TR069/CWMP packages?


#1

Hi all,

I'm going to try TR069/CWMP on OpenWRT. Right now I'm building my first image with easycwmp. And I guess I will try genieacs for acs server. But I'd like to know:

a) if there are any completely free implementations, i.e; not a commercial offering striped down
I have heard about freeacs, what you think of it and possibly other alternatives?

b) if there are other alternatives, some pointers to download code and get any doc about compiling it on openwrt would be helpful

c) are those things safe? Or is it a security hell like IoT seems to be?

TIA


#2

TR069 typically runs over the carrier's infrastructure, not over the open Internet. Not something I personally trust, but more based on my lack of trust on someone like Comcast having control over my devices. See https://en.wikipedia.org/wiki/TR-069#Security for some opinions and references for further research.

What are you trying to accomplish that can't be done with, for example, SSH with a pre-shared, potentially command-restricted key?


#3

Well, we are a small, grassroots, not-for-profit organization sharing FTTH via WiFi links, between some 50 partners, mostly rural dwellers owning quite isolated farms about ten kilometers away from urban zone.

Our partners don't want to have any tech struggles, just to have it working, period, so it's up to the (trusted) staff to configure partner's router. Staff actually works over SHH, but sometimes, routers get back to factory defaults; then some of us has to go to that farm, driving off-road, to get it working again. And being a not-for-profit, making all as cheap as possible is paramount.

So, if cwnp works fine and can save us that driving, would be useful.

Thanks for the link. However, it does seem that not so many openwrt people is working with that.
I hoped somebody could say something like "freeacs is safer" or so.

Well, thank you again anyway


#4

If you build and provide images, you could "burn in" the appropriate bootstrap setting and keys into the image. This would be the case for either an SSH-based approach or use of TR069 or the like.


#5

https://openwrt.org/docs/techref/ucwmp

You also participated in a thread about it: TR-069 client for LEDE: EasyCwmp (CPE WAN Management Protocol daemon)

You could also flash the routers with the defaults.


#6

I understand your point. We could burn an image for each partner, but we hoped to find something
easier. We could burn a "factory image" for each subnet so we could look if router has reverted to,
say, 10.0.1.254/24, that will be easier and would escalate better... however, we are just exploring the landscape and cwmp looks as a possible solution... so we will do some test and then decide about it.

Best wishes


#7

@lleachii

Yeah, but that thread looks like really really dead :slight_smile:

Time to say it builds by adding
PKG_HASH:=skip
to both easycwmp and libmicroxml Makefiles

and that libmicroxml has to be not only downloaded but untarrgzipped and Makefile- edited

Ciao