OpenWrt
OpenWrt is a Linux distribution for embedded devices. It is greatly suited to be employed in any wireless scenario provided that Hardware supported by OpenWrt is being deployed. The buyer guide can provide some help to find suitable devices and the beginner guide should assist with the first steps.
OpenWrt Buildroot
OpenWrt Buildroot is being utilized to create highly customized and already configured firmware-files, that can be flashed to your embedded wireless routers:
Build OpenWrt Kamikaze for the Buffalo WHR-G54S
The Buffalo WHR-G54S is an inexpensive wireless router (around $40 new, as of 2007-02).
- make a directory
TOPDIR=/src/openwrt-2.4 (or whatever) mkdir $TOPDIR
- checkout stuff
cd $TOPDIR svn co https://svn.openwrt.org/openwrt/trunk/ svn co https://svn.openwrt.org/openwrt/packages
- my local hacks:
- create a symlink to a download directory that may already be populated:
TRUNK=${TOPDIR}/trunk cd $TRUNK ln -s /src_archive/openwrt/dl dl
- link packages in the packages tree into trunk/package
cd ${TRUNK}/package for i in $(find ../../packages -type d | grep -v .svn | awk -F/ 'NF==5') ; do echo $i ; ln -s $i $(echo $i | awk -F/ '{ print $5 }') ; done
- create a symlink to a download directory that may already be populated:
- configure
cd $TRUNK make menuconfig
- For the Buffalo:
- Target System (Broadcom BCM947xx/953xx [2.4])
Target Profile (Generic Broadcom WiFi)
- Select all packages by default (y)
- For the Buffalo:
- build (this can take a few hours, and might fail in the middle)
cd $TRUNK make
- if it does fail somewhere, get more information about why by restarting with:
make V=99
- either fix the problems, or just find the option in the menuconfig and disable the broken package.
- if it does fail somewhere, get more information about why by restarting with:
- when it finishes, you should have a bunch of .trx and .bin binaries in /src/openwrt-2.4/trunk/bin, as well as the .ipk files in /src/openwrt-2.4/trunk/bin/packages. Move them to some place useful:
cd $TRUNK REV=$(echo r$(svn info | grep '^Revision: ' | cut -d' ' -f2)) cp ${TRUNK}/bin/openwrt-brcm-2.4-squashfs.trx /var/lib/tftpboot/whrg54s/openwrt-brcm-2.4-squashfs-${REV}.trx cp ${TRUNK}/openwrt-brcm-2.4-jffs2-64k.trx /var/lib/tftpboot/whrg54s/openwrt-brcm-2.4-jffs2-64k-${REV}.trx rsync -v -a -H ${TRUNK}/bin/packages/ russell@donk.personaltelco.net:public_html/openwrt/2.4-${REV}/
Installation of OpenWrt
Installing OpenWrt should be consulted for generic instructions to flash the firmware to a device
Installing OpenWrt to the Buffalo WHR-G54S
- Install a tftp client. On debian I use tftp-hpa, which works fine.
- Connect a cat5 cable to a LAN port (not the WAN port) on the AP.
- Configure an interface on your flashing PC on the same network with 192.168.11.2/24
- Power on the WHRG54S and make sure you can ping it at 192.168.11.1
- Remove power
- From the flashing PC, issue the following commands, except for the last one don't press enter:
cd ${TRUNK}/bin tftp 192.168.11.1 tftp> binary tftp> trace tftp> rexmt 1 tftp> timeout 60 tftp> put openwrt-brcm-2.4-jffs2-64k.trx
- Hold the reset button on the WHRG54S
- Start the tftp put
- Apply power
- Release the reset button
- Watch while tftp transfer occurs, then reboots, be patient
- If the flash fails, just retry the tftp
- After the reboot, the LAN interface will be at 192.168.1.1, ping that
- When pings succeed, try telnet'ing to 192.168.1.1 to get a shell
Configuration of OpenWrt
OpenWrt uses UCI for configuration.
Configuring OpenWrt for personaltelco scenario
Configure /etc/opkg.conf (in this case for r6348):
src snapshots http://www.personaltelco.net/~russell/openwrt/2.4-r6348 dest root / dest ram /tmp
Configuring a Wifidog AP
Configure /etc/config/wireless (adjust temporary SSID when installation is complete):
config wifi-device wl0 option type broadcom option channel 1 config wifi-iface option device wl0 option mode ap option ssid www.personaltelco.net/notyet option hidden 0 option encryption none
Configure /etc/config/network:
#### VLAN configuration config switch eth0 option vlan0 "1 2 3 4 5*" option vlan1 "0 5" #### Loopback configuration config interface loopback option ifname "lo" option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 #### LAN configuration config interface lan # option type bridge option ifname "eth0.0" option proto static option ipaddr 192.168.1.1 option netmask 255.255.255.0 #### WAN configuration config interface wan option ifname "eth0.1" option proto dhcp #### Wireless configuration config interface wireless option ifname "wl0" option proto static option ipaddr 10.11.x.y option netmask 255.255.255.z
Configure /etc/config/dhcp and other files as well, e.g. /etc/dnsmasq.conf:
# filter what we send upstream domain-needed bogus-priv filterwin2k localise-queries # allow /etc/hosts and dhcp lookups via *.lan local=/lan/ domain=personaltelco.net expand-hosts resolv-file=/tmp/resolv.conf dhcp-range=eth0.0,192.168.1.100,192.168.1.250,255.255.255.0,10m dhcp-range=wl0,10.11.0.140,10.11.0.191,255.255.255.192,10m dhcp-authoritative dhcp-leasefile=/tmp/dhcp.leases except-interface=eth0.1 # use /etc/ethers for static hosts; same format as --dhcp-host # <hwaddr> <ipaddr> read-ethers # other useful options: # default route(s): dhcp-option=3,192.168.1.1,192.168.1.2 # dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2 # change the following to use the upstream dns servers, 4.2.2.2 will work, but closer is better dhcp-option=6,4.2.2.2
- Configure /etc/init.d/dnsmasq, removing some odd garbage that overwrites whatever it gets from dhcp. This probably relates to dnsmasq's dns not actually working (and I haven't figured out why). The odd garbage would be okay if local dns was working. The end of the start() function could/should look like this:
[...] cat /etc/dnsmasq.conf ) | awk -f /lib/config/template.awk | dnsmasq -C /proc/self/fd/0 }
- Disable firewall by deleting /etc/rc.d/S45firewall
rm /etc/rc.d/S45firewall
- Enable masquerading in /etc/init.d/network:
# Copyright (C) 2006 OpenWrt.org START=40 start() { setup_switch() { return 0; } include /lib/network setup_switch [ -e /etc/config/wireless ] || \ /sbin/wifi detect > /etc/config/wireless /sbin/wifi up iptables -t nat -I POSTROUTING -o eth0.1 -j MASQUERADE }
Install packages using opkg:
opkg install ip opkg install wifidog opkg install libpthread opkg install snmpd
Install and configure WifiDog:
- Hostname wifidog.personaltelco.net SSLAvailable yes Path /
}
- Hostname wifidog.smallwhitecube.com SSLAvailable yes Path /
} }}}
- After configuring the auth server to know about the new node, add a symlink in /etc/rc.d to start wifidog during init:
cd /etc/rc.d ln -s /etc/init.d/wifidog S75wifidog
- Configure /etc/snmp/snmpd.conf:
rocommunity sPecial0ps rocommunity public 127.0.0.1 # Use exec to pull up the association count exec assoc_count /usr/local/bin/assoc_count # OID = 1.3.6.1.4.1.2021.8.1.101.1 # Or, alternately, you can use 'extend' instead of 'exec' # extend assoc-count /usr/local/bin/assoc_count # OID = .1.3.6.1.4.1.8072.1.3.2.4.1.2.11.97.115.115.111.99.45.99.111.117.110.116.1
- Make the directory and install the /usr/local/bin/assoc_count script:
mkdir -p /usr/local/bin
echo $((`iptables -L WiFiDog_Outgoing -v -t mangle | grep 'MARK set 0x2' | wc -l`))
chmod 755 /usr/local/bin/assoc_count
Configuring as a client device
- Edit /etc/config/wireless:
config wifi-device wifi0 option type atheros # option channel 5 config wifi-iface option device wifi0 # option network lan option mode sta option ssid www.personaltelco.net option hidden 0 option encryption none
- Edit /etc/config/network
#### VLAN configuration config switch eth0 option vlan0 "1 2 3 4 5*" option vlan1 "0 5" #### Loopback configuration config interface loopback option ifname "lo" option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 #### LAN configuration config interface lan option type bridge option ifname "eth0.0 eth0.1" option proto static option ipaddr 192.168.1.1 option netmask 255.255.255.0 #### WAN configuration config interface wan option ifname "wl0" option proto dhcp
- reboot and then ssh to root at 192.168.1.1
- modify /etc/opkg.conf:
src snapshots http://www.personaltelco.net/~russell/openwrt/2.4-r6348 dest root / dest ram /tmp
- update packages list:
opkg update
- install iproute tools:
opkg install ip
- fix firewall:
- move firewall script:
mv /etc/init.d/firewall /etc/init.d/firewall_
- replace with a masquerade rule:
cat > /etc/init.d/firewall #!/bin/sh iptables -t nat -I POSTROUTING -o wl0 -j MASQUERADE
- make it executable:
chmod 755 /etc/init.d/firewall
- move firewall script:
- to isolate the wired lan from the public wireless, this is one solution: create a file /etc/init.d/filter:
# Copyright (C) 2006 OpenWrt.org START=96 STOP=96 PUBLIC=ath0 PRIVATE=eth0.0 boot() { iptables -I FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } start() { iptables -I FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } restart() { iptables -I FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } stop() { iptables -D FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP }
chmod 755 /etc/init.d/filter /etc/init.d/filter enable
- to get signal levels on broadcom wireless chipsets:
opkg install wl wl rssi
FAQ
Please see OpenWrt FAQ (Frequently Asked Questions)