= OpenWrt = '''OpenWrt''' is a Linux distribution for embedded devices. It is greatly suited to be employed in any wireless scenario provided that [[oww:toh/start|Hardware supported by OpenWrt]] is being deployed. The [[oww:toh/buyerguide|buyer guide]] can provide some help to find suitable devices and the [[oww:doc/howto/user.beginner|beginner guide]] should assist with the first steps. == OpenWrt Buildroot == '''OpenWrt Buildroot''' is being utilized to create highly customized and already configured firmware-files, that can be [[oww:doc/howto/generic.flashing|flashed]] to your embedded wireless routers: * [[oww:about/toolchain|OpenWrt Buildroot – About]] * [[oww:doc/howto/buildroot.exigence|OpenWrt Buildroot – Installation]] * [[oww:doc/howto/build|OpenWrt Buildroot – Usage]] === Build OpenWrt Kamikaze for the Buffalo WHR-G54S === The [[oww:toh/buffalo/whr-g54s|Buffalo WHR-G54S]] is an inexpensive wireless router (around $40 new, as of 2007-02). * make a directory {{{ TOPDIR=/src/openwrt-2.4 (or whatever) mkdir $TOPDIR }}} * checkout stuff {{{ cd $TOPDIR svn co https://svn.openwrt.org/openwrt/trunk/ svn co https://svn.openwrt.org/openwrt/packages }}} * my local hacks: * create a symlink to a download directory that may already be populated: {{{ TRUNK=${TOPDIR}/trunk cd $TRUNK ln -s /src_archive/openwrt/dl dl }}} * link packages in the packages tree into trunk/package {{{ cd ${TRUNK}/package for i in $(find ../../packages -type d | grep -v .svn | awk -F/ 'NF==5') ; do echo $i ; ln -s $i $(echo $i | awk -F/ '{ print $5 }') ; done }}} * configure {{{ cd $TRUNK make menuconfig }}} * For the Buffalo: * Target System (Broadcom BCM947xx/953xx [2.4]) * Target Profile (Generic Broadcom WiFi) * Select all packages by default (y) * build (this can take a few hours, and might fail in the middle) {{{ cd $TRUNK make }}} * if it does fail somewhere, get more information about why by restarting with: {{{ make V=99 }}} * either fix the problems, or just find the option in the menuconfig and disable the broken package. * when it finishes, you should have a bunch of .trx and .bin binaries in /src/openwrt-2.4/trunk/bin, as well as the .ipk files in /src/openwrt-2.4/trunk/bin/packages. Move them to some place useful: {{{ cd $TRUNK REV=$(echo r$(svn info | grep '^Revision: ' | cut -d' ' -f2)) cp ${TRUNK}/bin/openwrt-brcm-2.4-squashfs.trx /var/lib/tftpboot/whrg54s/openwrt-brcm-2.4-squashfs-${REV}.trx cp ${TRUNK}/openwrt-brcm-2.4-jffs2-64k.trx /var/lib/tftpboot/whrg54s/openwrt-brcm-2.4-jffs2-64k-${REV}.trx rsync -v -a -H ${TRUNK}/bin/packages/ russell@donk.personaltelco.net:public_html/openwrt/2.4-${REV}/ }}} == Installation of OpenWrt == * [[oww:doc/howto/generic.flashing|Installing OpenWrt]] should be consulted for generic instructions to flash the firmware to a device === Installing OpenWrt to the Buffalo WHR-G54S === * Install a tftp client. On debian I use tftp-hpa, which works fine. * Connect a cat5 cable to a LAN port (not the WAN port) on the AP. * Configure an interface on your flashing PC on the same network with 192.168.11.2/24 * Power on the WHRG54S and make sure you can ping it at 192.168.11.1 * Remove power * From the flashing PC, issue the following commands, except for the last one don't press enter: {{{ cd ${TRUNK}/bin tftp 192.168.11.1 tftp> binary tftp> trace tftp> rexmt 1 tftp> timeout 60 tftp> put openwrt-brcm-2.4-jffs2-64k.trx }}} * Hold the reset button on the WHRG54S * Start the tftp put * Apply power * Release the reset button * Watch while tftp transfer occurs, then reboots, be patient * If the flash fails, just retry the tftp * After the reboot, the LAN interface will be at 192.168.1.1, ping that * When pings succeed, try telnet'ing to 192.168.1.1 to get a shell == Configuration of OpenWrt == OpenWrt uses [[oww:doc/uci/start|UCI]] for [[oww:doc/howto/configuration|configuration]]. === Configuring OpenWrt for personaltelco scenario === * Configure [[oww:doc/techref/opkg|/etc/opkg.conf]] (in this case for r6348): {{{ src snapshots http://www.personaltelco.net/~russell/openwrt/2.4-r6348 dest root / dest ram /tmp }}} ==== Configuring a Wifidog AP ==== * Configure [[oww:doc/uci/wireless|/etc/config/wireless]] (adjust temporary SSID when installation is complete): {{{ config wifi-device wl0 option type broadcom option channel 1 config wifi-iface option device wl0 option mode ap option ssid www.personaltelco.net/notyet option hidden 0 option encryption none }}} * Configure [[oww:doc/uci/network|/etc/config/network]]: {{{ #### VLAN configuration config switch eth0 option vlan0 "1 2 3 4 5*" option vlan1 "0 5" #### Loopback configuration config interface loopback option ifname "lo" option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 #### LAN configuration config interface lan # option type bridge option ifname "eth0.0" option proto static option ipaddr 192.168.1.1 option netmask 255.255.255.0 #### WAN configuration config interface wan option ifname "eth0.1" option proto dhcp #### Wireless configuration config interface wireless option ifname "wl0" option proto static option ipaddr 10.11.x.y option netmask 255.255.255.z }}} * Configure [[oww:doc/uci/dhcp|/etc/config/dhcp]] and [[oww:doc/howto/notuci.config|other files]] as well, e.g. /etc/dnsmasq.conf: {{{ # filter what we send upstream domain-needed bogus-priv filterwin2k localise-queries # allow /etc/hosts and dhcp lookups via *.lan local=/lan/ domain=personaltelco.net expand-hosts resolv-file=/tmp/resolv.conf dhcp-range=eth0.0,192.168.1.100,192.168.1.250,255.255.255.0,10m dhcp-range=wl0,10.11.0.140,10.11.0.191,255.255.255.192,10m dhcp-authoritative dhcp-leasefile=/tmp/dhcp.leases except-interface=eth0.1 # use /etc/ethers for static hosts; same format as --dhcp-host # read-ethers # other useful options: # default route(s): dhcp-option=3,192.168.1.1,192.168.1.2 # dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2 # change the following to use the upstream dns servers, 4.2.2.2 will work, but closer is better dhcp-option=6,4.2.2.2 }}} * Configure /etc/init.d/dnsmasq, removing some odd garbage that overwrites whatever it gets from dhcp. This probably relates to dnsmasq's dns not actually working (and I haven't figured out why). The odd garbage would be okay if local dns was working. The end of the start() function could/should look like this: {{{ [...] cat /etc/dnsmasq.conf ) | awk -f /lib/config/template.awk | dnsmasq -C /proc/self/fd/0 } }}} * Disable firewall by deleting /etc/rc.d/S45firewall {{{ rm /etc/rc.d/S45firewall }}} * Enable masquerading in /etc/init.d/network: {{{ #!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org START=40 start() { setup_switch() { return 0; } include /lib/network setup_switch [ -e /etc/config/wireless ] || \ /sbin/wifi detect > /etc/config/wireless /sbin/wifi up iptables -t nat -I POSTROUTING -o eth0.1 -j MASQUERADE } }}} * Install packages using [[oww:doc/techref/opkg|opkg]]: {{{ opkg install ip opkg install wifidog opkg install libpthread opkg install snmpd }}} * Install and configure [[oww:doc/howto/wireless.hotspot.wifidog|WifiDog]]: AuthServer { Hostname wifidog.personaltelco.net SSLAvailable yes Path / } AuthServer { Hostname wifidog.smallwhitecube.com SSLAvailable yes Path / } }}} * After configuring the auth server to know about the new node, add a symlink in /etc/rc.d to start wifidog during init: {{{ cd /etc/rc.d ln -s /etc/init.d/wifidog S75wifidog }}} * Configure /etc/snmp/snmpd.conf: {{{ rocommunity sPecial0ps rocommunity public 127.0.0.1 # Use exec to pull up the association count exec assoc_count /usr/local/bin/assoc_count # OID = 1.3.6.1.4.1.2021.8.1.101.1 # Or, alternately, you can use 'extend' instead of 'exec' # extend assoc-count /usr/local/bin/assoc_count # OID = .1.3.6.1.4.1.8072.1.3.2.4.1.2.11.97.115.115.111.99.45.99.111.117.110.116.1 }}} * Make the directory and install the /usr/local/bin/assoc_count script: {{{ mkdir -p /usr/local/bin }}} {{{ #!/bin/ash echo $((`iptables -L WiFiDog_Outgoing -v -t mangle | grep 'MARK set 0x2' | wc -l`)) }}} {{{ chmod 755 /usr/local/bin/assoc_count }}} ==== Configuring as a client device ==== * Edit /etc/config/wireless: {{{ config wifi-device wifi0 option type atheros # option channel 5 config wifi-iface option device wifi0 # option network lan option mode sta option ssid www.personaltelco.net option hidden 0 option encryption none }}} * Edit /etc/config/network {{{ #### VLAN configuration config switch eth0 option vlan0 "1 2 3 4 5*" option vlan1 "0 5" #### Loopback configuration config interface loopback option ifname "lo" option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 #### LAN configuration config interface lan option type bridge option ifname "eth0.0 eth0.1" option proto static option ipaddr 192.168.1.1 option netmask 255.255.255.0 #### WAN configuration config interface wan option ifname "wl0" option proto dhcp }}} * reboot and then ssh to root at 192.168.1.1 * modify /etc/opkg.conf: {{{ src snapshots http://www.personaltelco.net/~russell/openwrt/2.4-r6348 dest root / dest ram /tmp }}} * update packages list: {{{ opkg update }}} * install iproute tools: {{{ opkg install ip }}} * fix firewall: * move firewall script: {{{ mv /etc/init.d/firewall /etc/init.d/firewall_ }}} * replace with a masquerade rule: {{{ cat > /etc/init.d/firewall #!/bin/sh iptables -t nat -I POSTROUTING -o wl0 -j MASQUERADE }}} * make it executable: {{{ chmod 755 /etc/init.d/firewall }}} * to isolate the wired lan from the public wireless, this is one solution: create a file /etc/init.d/filter: {{{ #!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org START=96 STOP=96 PUBLIC=ath0 PRIVATE=eth0.0 boot() { iptables -I FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } start() { iptables -I FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } restart() { iptables -I FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } stop() { iptables -D FORWARD -o ${PRIVATE} -i ${PUBLIC} -j DROP } }}} then: {{{ chmod 755 /etc/init.d/filter /etc/init.d/filter enable }}} * to get signal levels on broadcom wireless chipsets: {{{ opkg install wl wl rssi }}} == FAQ == * Please see [[oww:doc/faq|OpenWrt FAQ (Frequently Asked Questions)]] == Links == * [[https://openwrt.org|OpenWrt website]] * [[http://wiki.openwrt.org|OpenWrt Wiki]] * [[https://forum.openwrt.org/|OpenWrt Forum]]