Note: This web page was automatically created from a PalmOS "pedit32" memo.

Linksys WRT54G notes


https://192.168.1.1/SysInfo.htm is useful I have a version 2.0 at home
What I want from a WRT54G Linux distribution: 1) WEP 2) Mac auth 3) PPTP server (or at least PPTP passthrough) 4) ssh server 5) xauth ability, or xhopper or something 6) Bridge functionality 7) A friendly user interface over https 8) boot_wait on by default 9) Flexible DHCP, so I could PXE boot a diskless box from it 10) OpenVPN might be nice as well
Get and compile atftp client 0.7 from [WWW] ftp://ftp.mamalinux.com/pub/atftp/atftp-0.7.tar.gz. It's supposed to be a known-good version of a tftp client for flashing WRT54GS's
Distributions: 1) Batbox. Appears to be strictly for playing around, not something to flash onto your router. Might be a good way of setting boot_wait? Setting power output? 2) E-WRT is forked from Sveasoft Samahdi, tracks linksys official closely 3) FreiFunk: http://www.freifunk.net/wiki/FreifunkFirmwareEnglish . They appear to be OpenWRT with a completely from-scratch web interface. However, they have a very poor attitude toward security, and it's not my mission in life to make them see the error of their ways. I'll point out, however, that RMS once believed his account didn't need decent protection from a password, until someone logged in and removed all of his files. 4) HyperWRT: Tries to stay close to the linksys official firmware, but adds some features like increased power, 2 additional bands, and so on. My Tungsten C is not going to grok the extra bands though. Also, when I set my power output to 100% with HyperWRT, the change continued to be in effect when I switched to FreiFunk for a while. This too might be something one could set using Batbox, without actually switching firmware distributions 5) OpenWRT. This is what FreiFunk is based on. There is a web interface available as part of the OpenWRT project, however it does not appear to be heavily used by the OpenWRT community. OpenWRT is mostly a command-line system. It takes the approach of providing a minimal distribution, and the ability to add a large variety of different optional addons. It seems to have some critical mass in terms of developers and users. 6) Sveasoft. I'm not sure these guys know what the GPL is, really. Anyway, they want to charge you $20/yr for their changes to the Linksys baseline, without giving away their sources as required by the GPL. Also: http://wrt54g.thermoman.de/Sveasoft_Alchemy-pre5.1.jpg IOW, buzz off if you aren't going to give us money. 7) Tanguy. Aside from being the name of a great artist, this is a WRT54G linux distribution. There doesn't seem to be much doc. The project is apparently also known as "Wifi-box".
2005-02-12 OpenWRT is probably what I'll go with now (next?), after giving up on FreiFunk. 1) WEP Their FAQ talks about how to enable it 2) Mac auth Off iptables? 3) PPTP server (or at least PPTP passthrough) Yeah, it has one 4) ssh server Has two :) 5) xauth ability, or xhopper or something Haven't tried yet http://openwrt.alphacore.net has various proxies, including a vnc proxy. Er, that's only what the OpenWRT.org website says - it actually has a huge list of very useful stuff precompiled as mipsel ipkg's. 6) Bridge functionality It appears to be a bridge out of the box. The FAQ has instructions for turning off bridging and going to routing 7) A friendly user interface over https ipkg install interface-wrt Not sure if it's http, https, or both Also: src sam http://davidoffdotnet.net/openwrt/ipkg 8) boot_wait on by default It probably won't go away just because I install OpenWRT 9) Flexible DHCP, so I could PXE boot a diskless box from it 10) OpenVPN might be nice as well 11) dyndns! src phil http://www.syslinx.org/wrt54g/openwrt Package "inadyn". 12) screen src evilJazz http://www.katastrophos.net/wrt54g/packages
WRT54G has no builtin clock, but you can run ntp on each reboot. The FAQ describes how to set it up. OpenVPN will require a reasonably-accurate clock.
nvram show nvram get variable nvram set variable=value nvram commit (to save the changes)
WPA appears to require a binary-only program from the official linksys firmware. My T|C appears to only do WEP anyway.
My DSL modem is an Efficient Networks Speedstream 5260
30. The internet connection is unstable when used with CISCO 575 VDSL modem, any workaround? Try to force the port0 to run at 10Mbps (with admcfg package). It works on me. admcfg port0 10Mbps
31. How do I create a DHCP server? The dnsmasq utility is a DNS and DHCP server, see /etc/dnsmasq.conf.
Getting started with OpenWRT 1) Download a few snapshots of OpenWRT 2) Extract one 3) Set up a -local- apache server 4) Create a symlink from the packages directory to /var/www/html or whatever apache wants to use 5) Install the appropriate .bin file for your hardware 6) Patiently wait for the firmware to be written :) 7) telnet to 192.168.1.1 - you won't need a password 8) cd /etc; mv ipkg.conf ipkg.conf.orig; cp ipkg.conf.orig ipkg.conf 9) vi ipkg.conf, and add the URL of your apache server. There's an example in there, but with no PPPOE yet, we can't get to that one :) 10) ipkg update; ipkg list 11) Look for useful-sounding packages. I installed - ipkg install kmod-ppp-async (probably for PPP) - ipkg install kmod-ppp-mppe-mppc (probably for PPTP) - ipkg install ntpclient (fix the clock) - ipkg install oidentd (keep things from taking forever to connect) - ipkg install ppp (PPPOE generally needs a real PPP) - ipkg install pptp-client (I probably don't really require this) - ipkg install pppoecd (for DSL) - ipkg install pptp-server (for my PalmOne Tungsten C) - ipkg install strace (fantastic debugging tool) - ipkg install dropbear (ssh client and server) 12) Start up dropbear from within /etc/init.d. Enter a suitable password 13) Reboot and be sure you get a usable sshd. If yes, then disable /etc/init.d/S50telnetd and reboot again 14) Note that you have to wait a while after the sshd comes up, for the PPPOE to get fired up. If you've configured it previously on another WRT54G Linux distribution, it'll probably "just work" with OpenWRT. 15) -But-, the firewall is overly restrictive initially. 16) See below: root@OpenWrt:/etc/init.d# nvram show | grep ifname wl0_ifname=eth1 lan_ifnames=vlan0 eth1 eth2 eth3 pppoe_ifname= size: 15043 bytes (17725 left) wan_ifnames=vlan1 lan_ifname=br0 pppoe_ifname0=ppp0 wl_ifname= wan_ifname=vlan1 root@OpenWrt:/etc/init.d# nvram set wan_ifname ppp0 root@OpenWrt:/etc/init.d# 17) I mistakenly installed a French version of interface-wrt. I then installed an English version. Then using the English version, I removed the French version, and all hell broke lose. Suddenly, the web interface woudn't work, so I rebooted from an existing ssh session, and then the darn thing didn't come back up :-S. So I waited about 5 minutes, and rebooted again, and this time, it became pingable almost immediately, however all of my PPPOE stuff had gone missing. 18) I'm re-ipkg'ing the packages I listed above, using a simple shell script... ...and rebooting... And the same thing happened - no ssh came back. I'm pulling the power plug again - beginning to think that the "reboot" command is no longer working, but power cycling is working fine. 19) I'm hoping that "nvram set wan_ifname=ppp0; nvram commit" has given me functional PPPOE again... Note that the equals sign is important... Otherwise your variable gets the null string as a value! 20) I bet this is what's really needed: root@OpenWrt:/sbin# nvram set wan_proto=pppoe root@OpenWrt:/sbin# nvram commit ...also reverting the previous change: root@OpenWrt:/sbin# nvram set wan_ifname=vlan1 root@OpenWrt:/sbin# nvram commit 21) OK, PPPOE is working again, but I'm still not getting packets forwarded. If I tcpdump on ppp0, then I can see unrouted source addresses going out. Currently "lan_ifname=br0"; going to change it to vlan0, as that's what the OpenWRT doc says it should be. 22) Masquerading as follows appears to have helped get packets forwarding: $IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE $IPT -t nat -A POSTROUTING -o ppp0 -j MASQUERADE $IPT -t nat -A POSTROUTING -o $LAN -j MASQUERADE $IPT -t nat -A POSTROUTING -o br0 -j MASQUERADE
Here's the note I sent to OCLUG on the topic: I have a Linksys WRT54G at home, which seemed to work just about flawlessly, until we got a new 2.4GHz phone... Then my wireless from my Tungsten C to our WRT54G became exceptionally unreliable. I tried a few different Linux distributions for the WRT54G to try to get around the problem. Specifically: 1) I upgraded to the latest (at the time) linksys firmware. No dice. 2) I switched to HyperWRT, which claims to be able to increase the power output of the WRT54G, as well as provide access to an extra couple of frequency bands. However, the power increase didn't seem to make much of a difference, and my T|C, being very consumer-oriented hardware, of course had no facility for using the other bands. 3) I then switched to FreiFunk, which is basically OpenWRT with a user- friendly Web interface tacked on. However, while OpenWRT is extremely powerful, the FreiFunk project sees their lack of decent security "as a feature" (translated, the mailing lists are in German, but the web interface is available in multiple languages, including English). 4) So then I went for OpenWRT itself. It's amazing the breadth of precompiled mipsel+uClibc binaries that are available e for this distribution, accessible conveniently via ipkg. There's also a user- friendly web interface that's in a loose sense affiliated with OpenWRT itself, however when I installed it, it toasted my PPPOE setup, so I eventually ditched the web interface and just went with ssh (dropbear). Anyway, through digging around in man pages on an FC3 system, I eventually got OpenWRT configured in a way that seems to work pretty well. I believe the main thing that finally got it working was: iwconfig eth1 \ essid "`nvram get wl0_ssid`" \ key restricted "`nvram get wl0_key1`" \ mode Master \ nickname "Linksys WRT54G with OpenWRT" \ rate auto \ rts 100 \ frag 300 \ channel "`nvram get wl0_channel`" ...where "nvram get" pulls variables like my ESSID, my WEP key, and the channel I want, from non volatile memory on the WRT54G. Not sure, but I suspect it was probably the "rts 100" and "frag 300" options that made the difference in reliability, despite my spread spectrum 2.4GHz phone. Is there anyone out there who's familiar with these options, that could put this (why it helped) into perspective? Incidentally, while HyperWRT claims to be able to boost power output, OpenWRT gives an error when attempting that. But fortunately, I no longer seem to need it. Oh, on another note, OpenWRT is so powerful that I'm discovering that I will likely no longer require a dedicated PopTop server on a duron system running Devil Linux, instead being able to do a PPTP server right off the little Linksys. :) IOW, I'll likely soon have an extra PC to fiddle with, without loss of encrypted traffic from my Tungsten C. :) Thanks!
I had network flakiness until I turned on proxy arp on my WRT54G - usually from linux to linux, but sometimes from linux to solaris as well.
Linksys WRT54G version 3.0 (which is the version of my 2nd WRT54G) and 2.2 require the "experimental" version of OpenWRT. They have a pretty nice system for building the build system, and then building the firmware. My first impression is that it just pops up a linux-kernel-like configuration screen, then you type "make" again, and it goes off and builds everything. Nice.
The new one: Vendor:LINKSYS ModelName:WRT54G Firmware Version:v3.03.6 , Jan 6 2005 #:002 Boot Version:v3.4.2 CodePattern:W54G Country:US RF Status:enabled RF Firmware Version:v3.03.6 RF Domain:US (channel 1~11) RF Channel:6 RF SSID:linksys -----Dynamic Information RF Mac Address:00:13:10:2D:3A:9B LAN Mac Address:00:13:10:2D:3A:99 WAN Mac Address:00:13:10:2D:3A:9A Hardware Version:2.0
Attempting to upgrade to OpenWRT, and I get "upgrade are failed". Same thing happens with I try to use EWRT, though it takes a little longer. :)
It did, however, accept an official linksys downgrade: Vendor:LINKSYS ModelName:WRT54G Firmware Version:v3.01.3 , Sep 22 2004 #:000 Boot Version:v3.4.2 CodePattern:W54G Country:US RF Status:enabled RF Firmware Version:v3.01.3 RF Domain:US (channel 1~11) RF Channel:6 RF SSID:linksys -----Dynamic Information RF Mac Address:00:13:10:2D:3A:9B LAN Mac Address:00:13:10:2D:3A:99 WAN Mac Address:00:13:10:2D:3A:9A Hardware Version:2.0
In addition to linksys-official firmware upgrades, I can also install hyperwrt, which is very close to linksys-official. From there, it's possible to start up a telnet daemon using the web GUI. From there, it's possible to: # nvram set boot_wait on # nvram commit Installing tftp-hpa on ubuntu 5.04 using synaptic... And: strombrg@ubuntu:~/linksys/openwrt/buildroot/src$ tftp 192.168.1.1 tftp> mode octet tftp> verbose Verbose mode on. tftp> timeout 600 tftp> put openwrt-g-code.bin putting openwrt-g-code.bin to 192.168.1.1:openwrt-g-code.bin [octet] Error code 4: Cann't downgrade to this old firmware version (2) tftp> strombrg@ubuntu:~/linksys/openwrt/buildroot/src$ tftp 192.168.1.1 tftp> mode octet tftp> verbose Verbose mode on. tftp> trace Packet tracing on. tftp> timeout 600 tftp> put openwrt-g-code.bin putting openwrt-g-code.bin to 192.168.1.1:openwrt-g-code.bin [octet] sent WRQ <file=openwrt-g-code.bin, mode=octet> sent WRQ <file=openwrt-g-code.bin, mode=octet> sent WRQ <file=openwrt-g-code.bin, mode=octet> sent WRQ <file=openwrt-g-code.bin, mode=octet> received ERROR <code=100, msg=Invalid Password !!> Error code 100: Invalid Password !! tftp> Attempted to clear router password to nothing using firefox - but it didn't work. Recalling a rumor that this works from konqueror, I'm install that on my ubuntu system... Still getting "invalid password" Trying again in binary mode instead of octet, but still "invalid password".
2005-04-24 Built a new "experimental" openwrt firmware. tftp method continued to error out with "Bad password", but upgrading the firmware through the HyperWRT web interface is finally working!
2005-05-16 No matter how many times I rebooted the experimental firmware on the my new linksys (which of course is getting older now, since I keep not finding time for this project), the system files remained readonly. However, upon running "firstboot", I got something I could actually -modify- :).


Back to Dan's palm memos