Grandstream GWN Manager and GWN APs

For five years, I have been using Ubiquiti Unifi access points. I got tired of issues with upgrading the APs, and random disconnects. Also, the controller is now showing some promotions. I thought of switching to Omada by TP-Link, but their WiFi6 is huge and ugly. After looking around, I found the Grandstream brand which I believe is based in the USA.

The content of this post is:

  • Installing the Manager on CentOS 7 VM
  • Access point adoption

This post’s assumption is that you already have an CentOS 7 VM deployed. The packages that need to be installed before installing the Grandstream RPM packages according to the GWN manual; I didn’t use LXC because Proxmox VE 7 does not support legacy systemd. see Proxmox CGroup Version Compatibility.

Grandstream AP Manager install

# Install the needed packages
yum install -y \
epel-release \
tar \
wget \
openssl \
iproute \
openssh-server \
jemalloc \
libaio \
glibc-devel \
fontconfig \
xorg-x11-font-utils \
freetype

Download the RPM packages. You can get the latest RPM and release notes here: https://www.grandstream.com/support/tools

wget https://firmware.grandstream.com/GWN_Manager-1.0.21.17.tar.gz
  1. Unpack the .tar.gz file
  2. Change the permission of the .rpm files
  3. Install the .rpm files.
# Extract the contents
tar -xzvf *.tar.gz

# Change the permission of the .rpm files
chmod 744 *.rpm

# Install the .rpm files
rpm -Uvh *.rpm

Once all the rpm files are installed, the gwn need to be started manually via the following command.

/gwn/gwn start

At this point, the Manager is up and can be accessed via the https://<ip>:8443. The problem now is if the Manager gets rebooted, the Manager needs to be started manually. To get around this, we will use the cron. Create a file /etc/cron.d/gwn with the following contents.

cat > /etc/cron.d/gwn << EOF
SHELL=/bin/bash

@reboot root sleep 15 && /gwn/gwn start
EOF

AP Adoption

Now that we have a working AP Manager. If your APs are in the same network as the Manager then you are done and the AP should be able to find the Manager since they are in the same broadcast domain. However, if your network is segmented by a firewall, we need to allow the traffic from the AP’s network to the Manager. Therefore, we need to create a uni-directional firewall rule. The flow will be from the AP subnet going to the IP of the Manager. The destination ports needed to accomplish this are the following:

# These are the ports needed 
# This is the adoption port
10014/tcp

# This is needed for upgrading the access points
8443/tcp

There are two ways to adopt the access points. The manual way where you would need to access the AP’s slave web UI and adopt it that way see Figure 1 or the automatic way which will be done using DHCP and option 224 encapsulated in option 43. In this post I will be using DHCP since it is the easiest way and work for mass deployment.

There are three pieces that need to assemble to get the option 43 working properly. The first part is option 224. The second part is the length of the IP address and the port. The third part is the IP address of the controller and the port used for adoption. This whole string needs to be converted into hex format. For this post, I am going to use the IP address of 192.168.7.8 as the Manager’s IP address.

Let’s tackle the first part. Let’s convert the value 224 into hex. 224 in hex is E0. You can use any decimal to hex converter tool.

The second part is the length of the manager’s IP address and port. The Manager’s IP address is 192.168.7.8 and the port is 10014. The format of the IP and port together is 192.168.7.8:10014 and there are 17 characters total; therefore, the length is 17. We need to convert this decimal 17 to hex. 17 in hex is 11. If you get a single hex value, add 0 before the value. e.g. 0A.

Now, for the last part, we need to convert the 192.168.7.8:10014 into hex, but this time use an ASCII to Hex converter tool. The output is 3139322E3136382E372E383A3130303134. Now we need to assemble this hex strings together. It will be E0113139322E3136382E372E383A3130303134. In OPNsense, every 2 digit must have a colon, so the final format will be E0:11:31:39:32:2E:31:36:38:2E:37:2E:38:3A:31:30:30:31:34

I am using OPNsense as my firewall and it is probably the same thing with pfSense. Under the Services / DHCPv4 / interface / Additional Options

  • Enter 43 under the Number
  • Select String under the Type
  • Enter E0:11:31:39:32:2E:31:36:38:2E:37:2E:38:3A:31:30:30:31:34 under the Value. Make sure there is no quotation mark.
  • Save

Once the AP asked for IP address, the first thing it will do is to contact the Manager. On the Manager web UI :

  1. Navigate to Access Points > Configuration
  2. Click on Adopt
  3. Select the access point

This is it. Hope you’ll find this useful. Cheers!

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
WordPress Appliance - Powered by TurnKey Linux