Note: This web page was automatically created from a PalmOS "pedit32" memo.
Linksys WRT54G notes
https://192.168.1.1/SysInfo.htm
is useful
I have a version 2.0 at home
What I want from a WRT54G Linux distribution:
1) WEP
2) Mac auth
3) PPTP server (or at least PPTP passthrough)
4) ssh server
5) xauth ability, or xhopper or something
6) Bridge functionality
7) A friendly user interface over https
8) boot_wait on by default
9) Flexible DHCP, so I could PXE boot a diskless box from it
10) OpenVPN might be nice as well
Get and compile atftp client 0.7 from [WWW]
ftp://ftp.mamalinux.com/pub/atftp/atftp-0.7.tar.gz.
It's supposed to be a known-good version of a tftp client for flashing
WRT54GS's
Distributions:
1) Batbox. Appears to be strictly for playing around, not something
to flash onto your router. Might be a good way of setting boot_wait?
Setting power output?
2) E-WRT is forked from Sveasoft Samahdi, tracks linksys official closely
3) FreiFunk: http://www.freifunk.net/wiki/FreifunkFirmwareEnglish
. They appear to be OpenWRT with a completely from-scratch web interface.
However, they have a very poor attitude toward security, and it's not my
mission in life to make them see the error of their ways. I'll point out,
however, that RMS once believed his account didn't need decent protection
from a password, until someone logged in and removed all of his files.
4) HyperWRT: Tries to stay close to the linksys official firmware, but
adds some features like increased power, 2 additional bands, and so on.
My Tungsten C is not going to grok the extra bands though. Also, when
I set my power output to 100% with HyperWRT, the change continued to
be in effect when I switched to FreiFunk for a while. This too might
be something one could set using Batbox, without actually switching
firmware distributions
5) OpenWRT. This is what FreiFunk is based on. There is a web interface
available as part of the OpenWRT project, however it does not appear to be
heavily used by the OpenWRT community. OpenWRT is mostly a command-line
system. It takes the approach of providing a minimal distribution,
and the ability to add a large variety of different optional addons.
It seems to have some critical mass in terms of developers and users.
6) Sveasoft. I'm not sure these guys know what the GPL
is, really. Anyway, they want to charge you $20/yr for
their changes to the Linksys baseline, without giving
away their sources as required by the GPL. Also: http://wrt54g.thermoman.de/Sveasoft_Alchemy-pre5.1.jpg
IOW, buzz off if you aren't going to give us money.
7) Tanguy. Aside from being the name of a great artist, this is a WRT54G
linux distribution. There doesn't seem to be much doc. The project is
apparently also known as "Wifi-box".
2005-02-12
OpenWRT is probably what I'll go with now (next?), after giving up on FreiFunk.
1) WEP
Their FAQ talks about how to enable it
2) Mac auth
Off iptables?
3) PPTP server (or at least PPTP passthrough)
Yeah, it has one
4) ssh server
Has two :)
5) xauth ability, or xhopper or something
Haven't tried yet
http://openwrt.alphacore.net
has various proxies, including a vnc proxy. Er, that's only what the
OpenWRT.org website says - it actually has a huge list of very useful
stuff precompiled as mipsel ipkg's.
6) Bridge functionality
It appears to be a bridge out of the box. The FAQ has instructions for
turning off bridging and going to routing
7) A friendly user interface over https
ipkg install interface-wrt
Not sure if it's http, https, or both
Also:
src sam http://davidoffdotnet.net/openwrt/ipkg
8) boot_wait on by default
It probably won't go away just because I install OpenWRT
9) Flexible DHCP, so I could PXE boot a diskless box from it
10) OpenVPN might be nice as well
11) dyndns!
src phil http://www.syslinx.org/wrt54g/openwrt
Package "inadyn".
12) screen
src evilJazz http://www.katastrophos.net/wrt54g/packages
WRT54G has no builtin clock, but you can run ntp on each reboot. The FAQ
describes how to set it up. OpenVPN will require a reasonably-accurate
clock.
nvram show
nvram get variable
nvram set variable=value
nvram commit (to save the changes)
WPA appears to require a binary-only program from the official linksys
firmware. My T|C appears to only do WEP anyway.
My DSL modem is an Efficient Networks Speedstream 5260
30. The internet connection is unstable when used with CISCO 575 VDSL
modem, any workaround?
Try to force the port0 to run at 10Mbps (with admcfg package). It works on me.
admcfg port0 10Mbps
31. How do I create a DHCP server?
The dnsmasq utility is a DNS and DHCP server, see /etc/dnsmasq.conf.
Getting started with OpenWRT
1) Download a few snapshots of OpenWRT
2) Extract one
3) Set up a -local- apache server
4) Create a symlink from the packages directory to /var/www/html or
whatever apache wants to use
5) Install the appropriate .bin file for your hardware
6) Patiently wait for the firmware to be written :)
7) telnet to 192.168.1.1 - you won't need a password
8) cd /etc; mv ipkg.conf ipkg.conf.orig; cp ipkg.conf.orig ipkg.conf
9) vi ipkg.conf, and add the URL of your apache server. There's an
example in there, but with no PPPOE yet, we can't get to that one :)
10) ipkg update; ipkg list
11) Look for useful-sounding packages. I installed
- ipkg install kmod-ppp-async (probably for PPP)
- ipkg install kmod-ppp-mppe-mppc (probably for PPTP)
- ipkg install ntpclient (fix the clock)
- ipkg install oidentd (keep things from taking forever to connect)
- ipkg install ppp (PPPOE generally needs a real PPP)
- ipkg install pptp-client (I probably don't really require this)
- ipkg install pppoecd (for DSL)
- ipkg install pptp-server (for my PalmOne Tungsten C)
- ipkg install strace (fantastic debugging tool)
- ipkg install dropbear (ssh client and server)
12) Start up dropbear from within /etc/init.d. Enter a suitable password
13) Reboot and be sure you get a usable sshd. If yes, then disable
/etc/init.d/S50telnetd and reboot again
14) Note that you have to wait a while after the sshd comes up, for the
PPPOE to get fired up. If you've configured it previously on another
WRT54G Linux distribution, it'll probably "just work" with OpenWRT.
15) -But-, the firewall is overly restrictive initially.
16) See below:
root@OpenWrt:/etc/init.d# nvram show | grep ifname
wl0_ifname=eth1
lan_ifnames=vlan0 eth1 eth2 eth3
pppoe_ifname=
size: 15043 bytes (17725 left)
wan_ifnames=vlan1
lan_ifname=br0
pppoe_ifname0=ppp0
wl_ifname=
wan_ifname=vlan1
root@OpenWrt:/etc/init.d# nvram set wan_ifname ppp0
root@OpenWrt:/etc/init.d#
17) I mistakenly installed a French version of interface-wrt. I then
installed an English version. Then using the English version, I removed
the French version, and all hell broke lose. Suddenly, the web interface
woudn't work, so I rebooted from an existing ssh session, and then the
darn thing didn't come back up :-S. So I waited about 5 minutes, and
rebooted again, and this time, it became pingable almost immediately,
however all of my PPPOE stuff had gone missing.
18) I'm re-ipkg'ing the packages I listed above, using a simple shell
script... ...and rebooting... And the same thing happened - no ssh came
back. I'm pulling the power plug again - beginning to think that the
"reboot" command is no longer working, but power cycling is working fine.
19) I'm hoping that "nvram set wan_ifname=ppp0; nvram commit" has given
me functional PPPOE again... Note that the equals sign is important...
Otherwise your variable gets the null string as a value!
20) I bet this is what's really needed:
root@OpenWrt:/sbin# nvram set wan_proto=pppoe
root@OpenWrt:/sbin# nvram commit
...also reverting the previous change:
root@OpenWrt:/sbin# nvram set wan_ifname=vlan1
root@OpenWrt:/sbin# nvram commit
21) OK, PPPOE is working again, but I'm still not getting packets
forwarded. If I tcpdump on ppp0, then I can see unrouted source addresses
going out. Currently "lan_ifname=br0"; going to change it to vlan0,
as that's what the OpenWRT doc says it should be.
22) Masquerading as follows appears to have helped get packets forwarding:
$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
$IPT -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $LAN -j MASQUERADE
$IPT -t nat -A POSTROUTING -o br0 -j MASQUERADE
Here's the note I sent to OCLUG on the topic:
I have a Linksys WRT54G at home, which seemed to work just about
flawlessly, until we got a new 2.4GHz phone...
Then my wireless from my Tungsten C to our WRT54G became exceptionally
unreliable.
I tried a few different Linux distributions for the WRT54G to try to get
around the problem. Specifically:
1) I upgraded to the latest (at the time) linksys firmware. No dice.
2) I switched to HyperWRT, which claims to be able to increase the power
output of the WRT54G, as well as provide access to an extra couple of
frequency bands. However, the power increase didn't seem to make much
of a difference, and my T|C, being very consumer-oriented hardware, of
course had no facility for using the other bands.
3) I then switched to FreiFunk, which is basically OpenWRT with a user-
friendly Web interface tacked on. However, while OpenWRT is extremely
powerful, the FreiFunk project sees their lack of decent security "as a
feature" (translated, the mailing lists are in German, but the web
interface is available in multiple languages, including English).
4) So then I went for OpenWRT itself. It's amazing the breadth of
precompiled mipsel+uClibc binaries that are available e for this
distribution, accessible conveniently via ipkg. There's also a user-
friendly web interface that's in a loose sense affiliated with OpenWRT
itself, however when I installed it, it toasted my PPPOE setup, so I
eventually ditched the web interface and just went with ssh (dropbear).
Anyway, through digging around in man pages on an FC3 system, I
eventually got OpenWRT configured in a way that seems to work pretty
well. I believe the main thing that finally got it working was:
iwconfig eth1 \
essid "`nvram get wl0_ssid`" \
key restricted "`nvram get wl0_key1`" \
mode Master \
nickname "Linksys WRT54G with OpenWRT" \
rate auto \
rts 100 \
frag 300 \
channel "`nvram get wl0_channel`"
...where "nvram get" pulls variables like my ESSID, my WEP key, and the
channel I want, from non volatile memory on the WRT54G.
Not sure, but I suspect it was probably the "rts 100" and "frag 300"
options that made the difference in reliability, despite my spread
spectrum 2.4GHz phone.
Is there anyone out there who's familiar with these options, that could
put this (why it helped) into perspective?
Incidentally, while HyperWRT claims to be able to boost power output,
OpenWRT gives an error when attempting that. But fortunately, I no
longer seem to need it.
Oh, on another note, OpenWRT is so powerful that I'm discovering that I
will likely no longer require a dedicated PopTop server on a duron
system running Devil Linux, instead being able to do a PPTP server right
off the little Linksys. :) IOW, I'll likely soon have an extra PC to
fiddle with, without loss of encrypted traffic from my Tungsten C. :)
Thanks!
I had network flakiness until I turned on proxy arp on my WRT54G -
usually from linux to linux, but sometimes from linux to solaris as well.
Linksys WRT54G version 3.0 (which is the version of my 2nd WRT54G)
and 2.2 require the "experimental" version of OpenWRT. They have a
pretty nice system for building the build system, and then building the
firmware. My first impression is that it just pops up a linux-kernel-like
configuration screen, then you type "make" again, and it goes off and
builds everything. Nice.
The new one:
Vendor:LINKSYS
ModelName:WRT54G
Firmware Version:v3.03.6 , Jan 6 2005
#:002
Boot Version:v3.4.2
CodePattern:W54G
Country:US
RF Status:enabled
RF Firmware Version:v3.03.6
RF Domain:US (channel 1~11)
RF Channel:6
RF SSID:linksys
-----Dynamic Information
RF Mac Address:00:13:10:2D:3A:9B
LAN Mac Address:00:13:10:2D:3A:99
WAN Mac Address:00:13:10:2D:3A:9A
Hardware Version:2.0
Attempting to upgrade to OpenWRT, and I get "upgrade are failed". Same
thing happens with I try to use EWRT, though it takes a little longer. :)
It did, however, accept an official linksys downgrade:
Vendor:LINKSYS
ModelName:WRT54G
Firmware Version:v3.01.3 , Sep 22 2004
#:000
Boot Version:v3.4.2
CodePattern:W54G
Country:US
RF Status:enabled
RF Firmware Version:v3.01.3
RF Domain:US (channel 1~11)
RF Channel:6
RF SSID:linksys
-----Dynamic Information
RF Mac Address:00:13:10:2D:3A:9B
LAN Mac Address:00:13:10:2D:3A:99
WAN Mac Address:00:13:10:2D:3A:9A
Hardware Version:2.0
In addition to linksys-official firmware upgrades, I can also install
hyperwrt, which is very close to linksys-official.
From there, it's possible to start up a telnet daemon using the web GUI.
From there, it's possible to:
# nvram set boot_wait on
# nvram commit
Installing tftp-hpa on ubuntu 5.04 using synaptic...
And:
strombrg@ubuntu:~/linksys/openwrt/buildroot/src$ tftp 192.168.1.1
tftp> mode octet
tftp> verbose
Verbose mode on.
tftp> timeout 600
tftp> put openwrt-g-code.bin
putting openwrt-g-code.bin to 192.168.1.1:openwrt-g-code.bin [octet]
Error code 4: Cann't downgrade to this old firmware version (2)
tftp>
strombrg@ubuntu:~/linksys/openwrt/buildroot/src$ tftp 192.168.1.1
tftp> mode octet
tftp> verbose
Verbose mode on.
tftp> trace
Packet tracing on.
tftp> timeout 600
tftp> put openwrt-g-code.bin
putting openwrt-g-code.bin to 192.168.1.1:openwrt-g-code.bin [octet]
sent WRQ <file=openwrt-g-code.bin, mode=octet>
sent WRQ <file=openwrt-g-code.bin, mode=octet>
sent WRQ <file=openwrt-g-code.bin, mode=octet>
sent WRQ <file=openwrt-g-code.bin, mode=octet>
received ERROR <code=100, msg=Invalid Password !!>
Error code 100: Invalid Password !!
tftp>
Attempted to clear router password to nothing using firefox - but it
didn't work.
Recalling a rumor that this works from konqueror, I'm install that on
my ubuntu system...
Still getting "invalid password"
Trying again in binary mode instead of octet, but still "invalid password".
2005-04-24
Built a new "experimental" openwrt firmware. tftp method continued to
error out with "Bad password", but upgrading the firmware through the
HyperWRT web interface is finally working!
2005-05-16
No matter how many times I rebooted the experimental firmware on the
my new linksys (which of course is getting older now, since I keep not
finding time for this project), the system files remained readonly.
However, upon running "firstboot", I got something I could actually
-modify- :).