I recently decided to upgrade my network. With the proliferation of the internet of things IoT, I’ve become concerned about the security (or lack thereof) of these devices. In a recent Security Now podcast Steve Gibson mentioned the idea of using multiple Wifi routers to segregate your network. I quickly dismissed this approach due to the nightmare of having to manage multiple wifi routers and for a lack of robust options this would give. I decided to instead move from an unmanaged network infrastructure to a managed switch environment with VLANs. At the time Amazon was offering the TP-LINK 8 port easy smart routers at dirt cheap prices so I bought several for my home network. The routers have been a great addition, however the one thing I was less than happy about was the management software was a) not web based and b) Windows only. My first stab at running this software on my Mac was to use wineskin to install the software. The software installs and ran but my problem was I couldn’t see any text, unless I specifically clicked on an entry and then the text would appear but it was very faded and hard to read. Google turned up a great blog entry on running the software natively on linux with the need to do some firewall port forwarding to see the switches. Come to find out, the exe on windows is actually a java jar file in disguise. The blog post has instructions on using ipchains, which of course Mac OS X does not have, instead one must use the PF firewall. After some man page reading I came up with a solution to use the TP-Link software natively on my mac.
This guide is for connecting to v1 of the router. Several people have said that v2 of the router contains a built-in web interface for making these changes. You can tell what version you have by looking at the sticker on the router (usually on the bottom it will say either v1 or v2)
- First if you don’t already have Java installed…install it from the Java site. (If you don’t already have Java installed, and don’t need it I would highly recommend that you remove the web plugin and just keep the rest of the Java install intact. The plugin can be found at /Library/Internet Plug-ins/JavaAppletPlugin.plugin. Removing it will make your computer safer but still give you the ability to run Java applications locally on your computer.)
- Next create a file that contains the PF firewall forwarding rules (I just did this on my desktop) called
tplink
. - Type in the following string:
rdr pass on interface inet proto udp from any to 255.255.255.255 port 29809 -> computer's ip port 29809
- The interface is the network connection your are using ( this is found by opening up /Applications/Utilities/Terminal.app and typing in ifconfig -a) and looking for the active interface. On *most* systems it will be something like
en1
oren0
. - The ip is the address that that interface has assigned usually something like 192.168.x.x
- Next create a new file called pf.conf (again on your desktop) and add the following text:
rdr-anchor "forwarding" load anchor "forwarding" from "/Users/your_user_name/Desktop/tplink"
- Now back in Terminal type in sudo pfctl -f /Users/your_user_name/Desktop/pf.conf -e
- If you did everything correctly you’ll see some text on screen with the last line saying pf enabled.
- Again from the terminal type in java -jar /path to the Easy Smart Configuration Utility.exe file if you don’t have a Windows box to get the executable here: Easy Smart Configuration Utility.jar
- The TP-Link app should open. Usually it finds nothing on the first try. Just click Refresh and you should now see your switch(es) on the network.
- You can now follow along with the manual TP-Link provides to modify the switches. A couple things to note, by default you have to be on the same subnet with the switches to modify them (You can get around this with some VLAN magic). Second my connection seems to time out to the switches after 30 seconds or so. You’ll get a Timeout, no response from agent error. Just click ok and try your action again and you’ll reconnect and be able to make changes.
Update 2016-05-12 – Both files have to have a carriage return at the end of each line otherwise the commands will fail
Here are the two sample files (replace the appropriate placeholders with your info)
tplink (SHA512 – b8b85d6a547eb97b3392521714f7dbff17a87caef0606ab958da79920cae4a1711ee703ee843679e2ad1c6b522cb7de946cd77e32d024b6bb9c64c741d38027b)
Marko
It does not work on 10.9.5 🙁 🙁
—
No ALTQ support in kernel
ALTQ related functions disabled
/Users/marko/Desktop/tplink/pf.conf:2: reached end of file while parsing quoted string
/Users/marko/Desktop/tplink/pf.conf:2: syntax error
pfctl: Syntax error in config file: pf rules not loaded
—
tplink file:
rdr pass on en0 inet proto udp from any to 255.255.255.255 port 29809 -> 192.168.0.13 port 29809
pf.config file:
rdr-anchor “forwarding”
load anchor “forwarding” from “/Users/marko/Desktop/tplink/tplink”
Any ideas? I double checked everything.
Would love to get this working.
carib.mendez
Thanks Marko…the files required a carriage return at the end of each line. I’ll update the article and include sample files
Matt
I can’t get it to work…10.11.15
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: “/Users/mattymatt/Desktop/pf.conf”: No such file or directory
pfctl: cannot open the main config file!: No such file or directory
pfctl: Syntax error in config file: pf rules not loaded
I used your files and just added my info but it can’t even find the files on my desktop.
Any ideas? I really don’t want to have to run boot camp…? ?
carib.mendez
Matt, did you move the files to your desktop? By default they will have been downloaded to /Users/mattymatt/Downloads. Make sure to move both pf.conf and tplink to your desktop.
Matt
Yes I did. Both files on the desk top. First I just used yours but with my info. then when that did not work I created both from scratch. Again both time they were on the desk top.
I am running El Capitan ver.10.11.5 and Java ver. 8 update 91 (build 1.8.0_91-b14)
If that makes any difference.
carib.mendez
hmmm…I really stumped. I verified that it does indeed work on El Cap 10.11.5 and JRE 8_91. Did you modify the line in the pf.conf to load the tplink configuration from your desktop /Users/mattymatt/Desktop/tplink and not /Users/mattymatt/Desktop/tplink/tplink ? Also verify that both files have a carriage return after the last line.
Aaron
Thanks for all of this. I have a few remarks
@Matt
I got the same error pfctl: “/Users/mattymatt/Desktop/pf.conf”: No such file or directory. All you need to do is to run the command in Terminal without double quotes
sudo pfctl -f /Users/mattymatt/Desktop/pf.conf -e
and it works.
But much more simple. Why not use the Web interface instead. Find out the IP address of your switch and point your browser to this address. By the way I have V2.0 of the switch. Maybe this is not available in earlier versions. I have set my switch to a static IP address. Make sure it does not conflict with your DHCP range. Alternatively you can do a reservation on your DHCP server to always get the same IP address when switch restarts. The Web Interface has exactly the same functionality as the Java application.
carib.mendez
Aaron, Thanks for the heads up didn’t realize they had released an update to gives web functionality. Previous to this there was no web configuration on this model of switches. It would appear that this new firmware is for rev 2 switches only…so people running rev 1 would still need to use the Easy Smart Configuration Utility.
carib.mendez
Also removed the quotes as they are not needed from the paths
Matt
Thanks so much for trying to help me with this.
Well you were correct I had tplink twice. I corrected it but still have the problem.
Below are my files exactly as they appear. Carriage return confirmed after each line.
pf:
rdr-anchor “forwarding”
load anchor “forwarding” from “/Users/mattymatt/Desktop/tplink”
tplink:
rdr pass on en4 inet proto udp from any to 255.255.255.255 port 29809 -> 192.168.1.132 29809
This is what I am typing in terminal to run the file:
sudo pfctl -f “/Users/mattymatt/Desktop/pf.conf” -e
This is the message I am getting now:
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: “/Users/mattymatt/Desktop/pf.conf”: No such file or directory
pfctl: cannot open the main config file!: No such file or directory
pfctl: Syntax error in config file: pf rules not loaded
carib.mendez
Try Aaron’s suggestions. Instead of the command
sudo pfctl -f “/Users/mattymatt/Desktop/pf.conf” -e
try instead
sudo pfctl -f /Users/mattymatt/Desktop/pf.conf -e
without the quotes (thought with the quotes should work just fine
If that doesn’t work try typing in sudo pfctl -f
then drag your pf.conf into the terminal window and it will put the full path, then add the -e at the end.
Matt
Thanks Carib,
I tried all versions suggested. below is result from last version. I guess its just not meant to be for me… : (
Last login: Fri Jul 8 11:18:20 on ttys000
Matthews-MacBook-Pro-Retina-15-Inch:~ mattymatt$ sudo pfctl – f/Users/mattymatt/Desktop/pf.conf.rtf -e
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
/Users/mattymatt/Desktop/pf.conf.rtf:1: syntax error
/Users/mattymatt/Desktop/pf.conf.rtf:7: syntax error
pfctl: Syntax error in config file: pf rules not loaded
Matthews-MacBook-Pro-Retina-15-Inch:~ mattymatt$
What is ALTQ support? Could that have something to do with it?
Don
I’m getting a message about needing to update to a newer version of the java runtime, but am using the latest and greatest. Any thoughts?
Don
Realized I have a v2, found the IP and have connected to it that way…
Richard Remington
So I ran an nmap scan against the 192.168.0.1 IP address listed on the label on my switch (having changing my Mac laptop to a manual IP of 192.168.0.2) and it showed port 80 open, so I went to port 80 and the full Web UI is there. I logged in with admin:admin and changed the IP to one inside my regular network, reverted my laptop back to the regular network and I’m happy. I’ve two of these switches and now they’re both on my regular network and I can use the Web UI to manage them. It’s working well.
carib.mendez
You are lucky that you have a revision 2 of the product that supports web access. Alas, v1 products do not and have not seen an firmware update yet from TP-Link that adds that support.
Mike
Great post! – Those steps also work with the 5 port version which doesn’t come with a web GUI option at all. I’ve scripted up your steps so I can easily call up the GUI on my Mac regardless of my IP (as I’m on DHCP), without having to modify the settings each time. Here it is below…
#!/bin/bash
# Where is the tplink smart utility located
TPutil=”~/scripts/tplink/Easy-Smart-Configuration-Utility.jar”
# Which java version do we want to use (ie specify location)
TPjava=”/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java”
# Be sure to specify which network interface you want to use here
MYINTERFACE=”en0″
# You shouldn’t need to change anything from here on…
# Which temp files will we create (and then remove)
TMPFILE=”/tmp/tplink.acl.tmp”
TMPFILE2=”/tmp/tplink.pf.conf.tmp”
# Extract IP address of my laptop and put into packet filter acl
MYIP=`ifconfig $MYINTERFACE | egrep “inet [0-9\.]+ netmask” | awk ‘{print $2}’`
echo “rdr pass on $MYINTERFACE inet proto udp from any to 255.255.255.255 port 29809 -> $MYIP port 29809” > $TMPFILE
# Create packet filter config file
echo ‘rdr-anchor “forwarding”‘ > $TMPFILE2
echo ‘load anchor “forwarding” from “‘$TMPFILE'”‘ >> $TMPFILE2
# Load in new packet filter config
sudo pfctl -f $TMPFILE2 -e
# Remove temp files
rm -f $TMPFILE $TMPFILE2
# Start up the tplink smart config utility
$TPJava -jar $TPutil
fred
Hi just spent too much time on this…
I just bought a second unit and it’s V2, so after struggling to get the configuration utility to work I read the comments and realized that I had a V2 unit and that a web server was finally available (it just took them a few years). However… After struggling to find the IP of my device on the router’s web page I looked again at the bottom of the device and it turns out some genius set a static IP by default… and that address turns out to be… 192.168.0.1 It’s a shame there’s no Nobel prize for networking he/she would surely deserve it!
So in order to get this thing working you need to set your Mac to some static address in the range 192.168.0.[2-254] and connect the switch directly to your Mac, then you can go to 192.168.0.1 in your browser and configure the device (login and password are ‘admin’).
carib.mendez
Fred, sorry that you had so much trouble connecting. I’ve updated the article to reflect that this is for version 1 only. Luckily you have version two and can use the web interface.
Marc
Thank you so much. It worked on my Mac! Now I can use my switches the way I want.
Thanks again.
Regards
Marc
Jan
Hello,
I followed the instructions without success. I think it depends on my network configuration?
Here is what I tried:
echo “rdr pass on en0 inet proto udp from any to 255.255.255.255 port 29809 -> 192.168.178.15 port 29809” > /tmp/tplink.acl.tmp
echo ‘rdr-anchor “forwarding”‘ > /tmp/tplink.pf.conf.tmp
echo ‘load anchor “forwarding” from “‘/tmp/tplink.acl.tmp'”‘ >> /tmp/tplink.pf.conf.tmp
pfctl -f /tmp/tplink.pf.conf.tmp -e
But the configuration tool end up with a message “No switch exists in the local area network!”.
My en0 ip is 192.168.178.15 and the TP-Link ip is 192.168.178.3.
On my Windows VM the utility (EXE file) works correctly.
Can you give me an advice for that problem?
carib.mendez
That all looks correct. Two questions, are you running the pfctl command as sudo? Second try running sudo pfctl -f /tmp/tplink.pf.conf.tmp -e -v this will give more verbose output
Verify that the last two lines say:
rdr pass on en0 inet proto udp from any to 255.255.255.255 port 29809 -> 192.168.178.15 port 29809
pf enabled