I recently decided to upgrade my network. With the proliferation of the internet of things IoT, I’ve become concerned about the security (or lack thereof) of these devices. In a recent Security Now podcast Steve Gibson mentioned the idea of using multiple Wifi routers to segregate your network. I quickly dismissed this approach due to the nightmare of having to manage multiple wifi routers and for a lack of robust options this would give. I decided to instead move from an unmanaged network infrastructure to a managed switch environment with VLANs. At the time Amazon was offering the TP-LINK 8 port easy smart routers at dirt cheap prices so I bought several for my home network. The routers have been a great addition, however the one thing I was less than happy about was the management software was a) not web based and b) Windows only. My first stab at running this software on my Mac was to use wineskin to install the software. The software installs and ran but my problem was I couldn’t see any text, unless I specifically clicked on an entry and then the text would appear but it was very faded and hard to read. Google turned up a great blog entry on running the software natively on linux with the need to do some firewall port forwarding to see the switches. Come to find out, the exe on windows is actually a java jar file in disguise. The blog post has instructions on using ipchains, which of course Mac OS X does not have, instead one must use the PF firewall. After some man page reading I came up with a solution to use the TP-Link software natively on my mac.
This guide is for connecting to v1 of the router. Several people have said that v2 of the router contains a built-in web interface for making these changes. You can tell what version you have by looking at the sticker on the router (usually on the bottom it will say either v1 or v2)
- First if you don’t already have Java installed…install it from the Java site. (If you don’t already have Java installed, and don’t need it I would highly recommend that you remove the web plugin and just keep the rest of the Java install intact. The plugin can be found at /Library/Internet Plug-ins/JavaAppletPlugin.plugin. Removing it will make your computer safer but still give you the ability to run Java applications locally on your computer.)
- Next create a file that contains the PF firewall forwarding rules (I just did this on my desktop) called
- Type in the following string:
rdr pass on interface inet proto udp from any to 255.255.255.255 port 29809 -> computer's ip port 29809
- The interface is the network connection your are using ( this is found by opening up /Applications/Utilities/Terminal.app and typing in ifconfig -a) and looking for the active interface. On *most* systems it will be something like
- The ip is the address that that interface has assigned usually something like 192.168.x.x
- Next create a new file called pf.conf (again on your desktop) and add the following text:
rdr-anchor "forwarding" load anchor "forwarding" from "/Users/your_user_name/Desktop/tplink"
- Now back in Terminal type in sudo pfctl -f /Users/your_user_name/Desktop/pf.conf -e
- If you did everything correctly you’ll see some text on screen with the last line saying pf enabled.
- Again from the terminal type in java -jar /path to the Easy Smart Configuration Utility.exe file if you don’t have a Windows box to get the executable here: Easy Smart Configuration Utility.jar
- The TP-Link app should open. Usually it finds nothing on the first try. Just click Refresh and you should now see your switch(es) on the network.
- You can now follow along with the manual TP-Link provides to modify the switches. A couple things to note, by default you have to be on the same subnet with the switches to modify them (You can get around this with some VLAN magic). Second my connection seems to time out to the switches after 30 seconds or so. You’ll get a Timeout, no response from agent error. Just click ok and try your action again and you’ll reconnect and be able to make changes.
Update 2016-05-12 – Both files have to have a carriage return at the end of each line otherwise the commands will fail
Here are the two sample files (replace the appropriate placeholders with your info)
tplink (SHA512 – b8b85d6a547eb97b3392521714f7dbff17a87caef0606ab958da79920cae4a1711ee703ee843679e2ad1c6b522cb7de946cd77e32d024b6bb9c64c741d38027b)