NOTE: Please do not contact me if you turn your brand new wlan router into a fancy looking brick!
I have been running OpenWRT White Russian release on my Internet Gateway for a few years; now I wanted to try something new and set up a “secure” Wireless AP.
For a start I downloaded the Kamikaze release with a 2.4 kernel of OpenWRT from http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/ (openwrt-wrt54g-2.4-squashfs.bin – The Broadcomm wireless is not working with the current 2.6 kernel in 7.09)
My router was running the operating system shipped from Linksys so I just installed using the original Linksys web interface. Worked just great!
The router performed a reboot and I connected to the router using telnet (telnet 192.168.1.1) and created a password for the root account:
Changing password for root
Password for root changed by root
Setting the password semi disables the telnet daemon, the router accepts connections on port 23 (telnet) but hangs up immidately; I wanted to disable the telnet service totaly, and after verifying I was able to login using ssh I ran:
root@OpenWrt:/# /etc/init.d/telnet stop
root@OpenWrt:~# /etc/init.d/telnet disable
The default installation installs and runs a httpd server as which I didn’t need as well:
root@OpenWrt:/# /etc/init.d/httpd stop
root@OpenWrt:~# /etc/init.d/httpd disable
Because the RFC 1918 network 192.168.1.0/24, which the OpenWRT defaults to use as lan network, was already in use in my home network I decided to use 192.168.192.0/24. To change this I simply fired up vi (busybox version installed by default) and edited /etc/config/network:
config interface lan
option ipaddr 192.168.192.1
I really like the scratching of nvram storage and introduction of uci in the Kamikaze release; instead of editing /etc/config/network I could have used uci:
root@OpenWrt:~# uci get network.lan.ipaddr
root@OpenWrt:~# uci set network.lan.ipaddr=192.168.192.1
root@OpenWrt:~# uci get network.lan.ipaddr
root@OpenWrt:~# uci commit network
Great; I still love plain and simple configuration files, though.
The default IP address, 192.168.1.1, seems to be hardcoded in some files in /etc – grep -r ‘192.168.1.1’ /etc* showed me a few files I had to change, /etc/resolv.conf was probably the important one, and has to be hardcoded.
Now, after making sure there was no IP conflicts, I was ready to plug the new router into my home network. I will not go into detail on the network layout here, but there is a DHCP server available on the net which I plugged the wan port of the router into. The default configuration enables DHCP (as a client) on the wan port; nothing to do – my new OpenWRT box was connected to the internet, and I checked if there were any updates available:
root@OpenWrt:/etc# ipkg update
Updated list of available packages in /usr/lib/ipkg/lists/release
Updated list of available packages in /usr/lib/ipkg/lists/packages
root@OpenWrt:/etc# ipkg upgrade
Nothing to be done
Nothing?! How boring!
How about some clean up then; I will never (last famous words) use PPP on my router:
root@OpenWrt:/# ipkg -recursive remove *ppp*
Removing package ppp-mod-pppoe from root...
Removing package kmod-pppoe from root...
Removing package ppp from root...
Removing package kmod-ppp from root...
Running ipkg list_installed did not show me any more packages to remove but I will add a few packages with ipkg install to support my IPv6 setup, probably more about that later.
First I wanted to get the wireless up and running, after all it is a wlan router I have bought, not a toy (but hey it *is* a toy too!). And not to forget; with wlan up and running the router could stay in my ‘office’ and I could do the rest of the configuration from the sofa together with my lazy cat, which prefers wired networking (to play with).
Enabling wireless is as simple as removing one line in /etc/config/wireless:
config wifi-device wl0
# REMOVE THIS LINE TO ENABLE WIFI:
# option disabled 1
I changed the ssid and encryption settings as well:
option ssid obk
option hidden 1
option encryption psk2
option key mysecretkey
And after a network restart (/etc/init.d/network restart) I was then able to connect to my brand new OpenWRT router from my Thinkpad running Ubuntu 7.10 with WPA2 encryption – probably quite crackable, but a bit safer than wep at least.
NOTE: I tried using ‘encryption wpa2’ first, which is supported, but should only be used in combination with a radius server. I might dive into OpenRADIUS some other day, or I may not – there will probably not be a lot of users and a shared key works fine I think …
You may find some more information about hardware and specially the install procedures here:
OpenWRT really rocks; and I already prefer Kamikaze over White Russian.