Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature
OpenWrt nears prime-time
Share
Print
CommentsThe biggest change is probably the addition of webif, the Web-based Admin Console that lets you install and remove packages with a click or two. There are more applications available for OpenWrt almost every day, and RC4 -- based on the official 2.4.30 kernel sources -- now runs on routers from 23 different manufacturers.
Getting started
I've been running a D-Link DI-524 wireless router in my home office for the past couple of years. Unfortunately, it is not one of OpenWrt's supported routers, so in order to test OpenWrt I needed to purchase a router that is supported. I settled on a lightly used Linksys WRT54GS from an online auction site that I got for $44 plus shipping.
CAUTION! READ THE BIG FAT WARNING!
I had a backup router available so that no matter how badly I bricked the Linksys, I could still restore my Internet access by swapping it for the D-Link. I mention this because it's not an unusual event. This is not software for the faint of heart. It's close to bleeding edge. You should always leave yourself with an alternate way back to connectivity as you explore OpenWrt. Read the BIG FAT WARNING in the installation documentation before proceeding. That said, I've been using the Linksys with OpenWrt installed full time for almost a month, and I have not bricked it nor lost my connectivity. Yet.
Part of the instructions for installation are router-specific. Keep in mind that I was installing it on a Linksys WRT54GS, and what I did may or may not work for you. Be sure to read the documentation.
White Russian RC4 is available for the WRT54GS in two different versions, depending on the filesystem you prefer: SquashFS or JFFS2. The SquashFS version uses a combination of read-only and writable filesystems. The JFFS2 version has no read-only component. According to the docs, the SquashFS version is more secure, and the JFFS2 version for more experienced users, so I chose SquashFS.
Give me two seconds, please
You can install OpenWrt using the router's existing firmware administration tool, but that's not the recommended procedure. A safer path -- especially on the first install -- is to set a parameter in the router's NVRAM to wait two seconds at power-on time before booting the firmware. This gives you a brief window you can use to install firmware using tftp, whether it's a new version of OpenWrt or a version of the stock firmware that originally came with the router.
Once that parameter is set, you power down the router and start a tftp client running on your PC so that it is constantly trying to connect with the router, then power the router back on. If you've been successful setting the two-second delay, the router will accept the new firmware rather than boot the existing code.
The problem is that in order to reset that parameter on the WRT54GS, you have to crack the router using an old exploit, and the newer versions of the firmware are no longer vulnerable to the exploit. I tried the "ping.asp exploit" described in the OpenWrt online documentation, as well as several variations I found in the OpenWrt forum, but I couldn't get in -- although others using the same version of hardware and firmware apparently did.
Finally, I bit the bullet and simply installed OpenWrt using the Linksys install firmware tool. It worked perfectly. The DMZ light on the front of the router came on and stayed on for a minute while OpenWrt was booting. When it went out, I was connected to the Internet and a basic iptables firewall was in place.
We know telnet is insecure
The OpenWrt documentation explains that the developers know telnet is insecure, but they use it as the default means of access anyway. Their thinking, as explained in the documentation, is: "Telnet is an insecure protocol with no encryption, we try to make a point of this insecurity by not enabling a password. If you're in an environment that requires password protection we suggest setting a password with the passwd command, which will disable the telnet server and enable the Dropbear SSH server."
Here's what the login screen looks like in White Russian:
BusyBox v1.00 (2005.11.23-21:46+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
WHITE RUSSIAN (RC4) -------------------------------
* 2 oz Vodka Mix the Vodka and Kahlua together
* 1 oz Kahlua over ice, then float the cream or
* 1/2oz cream milk on the top.
---------------------------------------------------
root@OpenWrt:~#
I expected to have to do OpenWrt configuration, package installation, and so on, at the CLI. Of course you can do it that way if you like -- but you don't have to. A Web administration program called webif is installed by default in White Russian RC4. To access it, just point your browser at the router's IP address.
From the main screen of webif's OpenWrt Admin Console you can go to one of four areas: Info, Status, System, or Network. If you've set a password for OpenWrt -- and you should -- you'll need to use that password with webif, too.
| Meet the Admin Console developer |
|---|
|
I ran into Felix Fietkau -- the OpenWrt developer who is developing the Admin Console -- on IRC and later asked him by email to fill us in on how he got involved with the project. Here's what he had to say:
We also asked why he wrote the Web interface. He said, "We have had so many people on the Forums and in the IRC channel asking for a Web interface for OpenWrt. In all that time we've had quite a lot of attempts at creating one, but all of them were unsuccessful, mostly because the software was abandoned by its developer, often before it became usable. My main reason for writing the Web interface was that I wanted to see if I could come up with something that fits into the modular software architecture of OpenWrt, looks nice, and is small enough to not create a noticeable flash space loss in the default image." Finally, we asked if anything would be added to the Admin Console in the future. Fietkau said, "Yes. I plan on adding configuration front ends for at least firewalling/port-forwarding and traffic shaping before we release 1.0. The back ends for both are already finished and will be added to the Subversion repository soon." |
But it's the Wireless page that really shows off webif at its best. From that screen you can enable or disable the router's wireless capabilities, set the ESSID, choose the operating mode (Access Point, Bridge, Client, or Ad Hoc), and the type of encryption (WEP, WPA-preshared key, or WPA-RADIUS), if any. You can also add WDS connections. The current version of OpenWrt comes with a default ESSID setting of "bears2973" using channel 6, and includes four default 128-bit WEP keys.
From the System page you can assign a host name for the router and turn the critical two-second boot_wait NVRAM parameter on and off. You can also install and remove software packages and update the lists of available packages from your repositories -- very cool.
This is probably a good time to explain OpenWrt's package management. It's another key in making OpenWrt human-usable.
OpenWrt uses ipkg for package management. It's similar in concept to apt-get, so if you're familiar with the concept of repositories such as those for Debian-based distributions, you'll find ipkg easy to use.
To install a package from the CLI, enter ipkg install package-name and ipkg will fetch it and any prerequisites from the repositories listed in the /etc/ipkg.conf configuration file. To install an available package from the Admin Console, click Install from the list of available packages. Be sure to click "update the package lists" before installing packages, as coders are constantly adding new packages or updating existing ones.
If you don't want to always be adding new repositories to ipkg.conf, and you notice an interesting new package on the OpenWrt Package Tracker, you can download it to your PC. Use scp to copy it to /tmp or /etc on the router, and then use ipkg to install it from that directory. Just remember that anything the package depends upon has to either be available through your current repositories or downloaded as well.
Before I forget, if you've installed the SquashFS version of White Russian, you'll need to rm the ipkg.conf file in /etc, then copy it from /rom/etc/ipkg.conf to /etc/ipkg.conf before you can modify the default list of repositories. That's because -- in a space-saving move -- it is simply a link to the /rom version to begin with.
All in all, the OpenWrt Admin Console (webif) is a nice tool that makes OpenWrt a little more accessible to non-guru users like me. I've heard unofficial chatter on the #openwrt channel on the FreeNode IRC network that iptables management will be included in a future version.
One final tip
There is a lot of good documentation for OpenWrt, but with the frantic level of activity going on in all areas of the project, it goes out of date quickly. Use the most recent posts in the forums or ask on the IRC channel to resolve difficulties not covered by the docs.
Now you have OpenWrt on your router - so what?
|
|
| Click to enlarge |
If you like, you can do fun-but-pointless things like chat on IRC, using one of several IRC client packages available. But you can do things that matter, too, like run any of a wide range of network and wireless security tools that are available for OpenWrt. The list includes such well-known programs as Snort, Nmap, aircrack, fwmon, OpenSSH, GnuPG, Portsentry, Kismet, Tor, Shorewall, and many more.
Not impressed yet? How about such well-known applications as Samba, SANE, Chillispot, CUPS, DansGuardian, gPhoto2, and Asterisk? Yes, Asterisk. No need to dedicate a PC to have your own personal open source PBX -- just run it on your router. All of these apps are available for OpenWrt today. Not bad for a new distribution of Linux that is still in the RC stage.
My experience with OpenWrt has been nothing but positive. It's fun and it's useful. Given the magic of open source and the level of activity around OpenWrt that I see on IRC, in the forums, and in the repositories, I believe there are a lot more good things to come.
Comments
on OpenWrt nears prime-timeNote: Comments are owned by the poster. We are not responsible for their content.
How big is this distro? how much does it take?
Put something useful instead, like MRTG.
MRTG is more cool and useful for a router. Who on earth is gonna connect a scanner or digital camera to a router anyways?
I did this myself a couple weeks ago with a WRT54GS as well. However I spent several days combing the various sources of information on using OpenWRT.
It's not recommended that you use the LinkSys utility to install OpenWRT and I would take that seriously.
The solution is listed in the OpenWRT Docs at:
<a href="http://wiki.openwrt.org/OpenWrtDocs/Installing#head-76921c79e7c7ed3b03d3bc9a40b1a2c792c215b0" title="openwrt.org">http://wiki.openwrt.org/OpenWrtDocs/Installing#he<nobr>a<wbr></nobr> d-76921c79e7c7ed3b03d3bc9a40b1a2c792c215b0</a openwrt.org>
Basically you use the LinkSys utility to downgrade to an earlier version of the LinkSys firmware that contains the ping.ASP bug.
For your 54GS, that would be version 3.37.2 which can be found on the LinkSys website at:
<a href="ftp://ftp.linksys.com/pub/network/WRT54GS_3.37.2_US_code.zip" title="linksys.com">ftp://ftp.linksys.com/pub/network/WRT54GS_3.37.2_<nobr>U<wbr></nobr> S_code.zip</a linksys.com>
Once you install this older firmware, you can use the ping.ASP trick to turn on boot-wait and then safely install OpenWRT.
Otherwise I you risk bricking your router.
Also be sure to check the docs for the right way to clear/reset the NVRAM . And check the default country setting as it my use channels that aren't legal/useful in your country.
Otherwise, this is a nice article and I think these routers are cheap, powerful, reliable little computers that can be used for an amazing variety of projects once they are running a full on mini-linux installation.
I think the WRT54GS V2.x or 3.x are the best bang for the buck as they have more built in memory than most routers that work with OpenWRT. Though for ultimate hacks the Asus WL-500G Deluxe is the bad boy of OpenWRT. It not only also has 32MB RAM, but it has USB 2.0 onboard. You could make it a full on file server or whatever else. USB cameras, keyboard, even USB video adapter.
<a href="http://www.usbgear.com/computer_cable_details.cfm?sku=USBG-SVGA2&cats=169&catid=125%2C106%2C169" title="usbgear.com">http://www.usbgear.com/computer_cable_details.cfm<nobr>?<wbr></nobr> sku=USBG-SVGA2&cats=169&catid=125%2C106%2C169</a usbgear.com>
Imagine that, a mini RISC Linux box.
I'm currently using my WRT54GS as a wireless LAN bridge to my non-WiFi enabled computers upstairs. This works great and doesn't require a special Access point. In fact I'm using a D-Link DI-624 as well (great router BTW)
If you do want to make a LAN bridge, take the time to research it, I had to combine sections of three different online tutorials to get a configuration that worked for me.
Now however it's fast, reliable, and invizable. It's as if my PC's are connected by Ethernet cable.
Anyway, have fun and be careful and RTFM very carefully before you attemp this hack. But if you are careful, it's worth it.
Later,
Tachyon
how well does it scale?
Posted by: Anonymous Coward on January 31, 2006 02:11 AM#