.:MK-STUFF.DE:.

Navigation
Zufallsbilder
Epson Printhead Repair
Brandenburger Linux-Infotag 2005
Berlinux 2004
Berlinux 2005
Chemnitzer Linux-Tage 2006

OpenWrt RC4 on an ASUS WL-500g Deluxe

Last updated: Tue, 25 Dec 2007 12:46

This article is not yet finished and will be updated every now and then.

This document describes, how to install OpenWrt RC4 on an ASUS WL-500g Deluxe router.
This report will probably be faulty. If you find any mistakes or if you have any questions, feel free to e-mail me at mk(at)mk-stuff(dot)de.

Table of contents

Disclaimer

 Reflashing your router is dangerous. You could potentionally destroy it and you WILL lose your warranty. Everything you do will be on your own risk. I am not responsible for any damage you make.

About the ASUS WL-500g Deluxe

Hardware

CPUBroadcom 5365 @ 200MHz
RAM32 MB
ROM (Flash)4 MB
Ports
  • 4 x LAN 100 MBit
  • 1 x WAN 100 MBit
  • 2 x USB 2.0
    • WLAN54 MBit / 125 MBit with ASUS Afterburner Technology

    Software

    Asus installed its own Linux on the router. It is pretty crappy. Some of the promised features did not work as they should.

    Why OpenWrt?

     With OpenWrt you have a "real" Linux on your router, which means you can basically do what you can do with every other Linux distribution. You can install software packages, configure it the way you like and do things other people cannot do with their router.
    You can find a lot of great ideas here.

    Getting OpenWrt

    The ASUS WL-500g Deluxe is based on a Broadcom chipset, so you need to download the "openwrt-brcm-2.4-squashfs.trx"-image from http://downloads.openwrt.org/whiterussian/rc4/bin/.

    Installing OpenWrt

    Pull the plug, press and hold the reset button, plug the device and wait until the PWR LED starts flashing slowly (almost immediately). Now release the reset button and upload the firmware by TFTP using the following commands:

    tftp 192.168.0.254
tftp> binary
tftp> trace
tftp> put openwrt-brcm-2.4-squashfs.trx
tftp> quit

    See here for detailed output.

    After this, wait about one minute until the AIR LED goes on and the procedure should be done.
    Now you can use telnet to login into your router (the IP address is the one it had before):

    mk@ThinkPad:~/openwrt$ telnet 192.168.0.254
Trying 192.168.0.254...
Connected to 192.168.0.254.
Escape character is '^]'.
 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------


BusyBox v1.00 (2005.11.23-21:46+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 WHITE RUSSIAN (RC4) -------------------------------
  * 2 oz Vodka   Mix the Vodka and Kahlua together
  * 1 oz Kahlua  over ice, then float the cream or
  * 1/2oz cream  milk on the top.
 ---------------------------------------------------

    The dangerous part is over now. At first we change our password, like it is suggested by OpenWrt:

    root@OpenWrt:/# passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:
Re-enter new password:
Password changed.
root@OpenWrt:/# exit
Connection closed by foreign host.

    After changing the password it is not possible to connect via telnet any more, but via SSH:

    mk@ThinkPad:~/openwrt$ telnet 192.168.0.254
Trying 192.168.0.254...
Connected to 192.168.0.254.
Escape character is '^]'.
Login failed.
Connection closed by foreign host.
mk@ThinkPad:~/openwrt$ ssh root@192.168.0.254
root@192.168.0.254's password:


BusyBox v1.00 (2005.11.23-21:46+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 WHITE RUSSIAN (RC4) -------------------------------
  * 2 oz Vodka   Mix the Vodka and Kahlua together
  * 1 oz Kahlua  over ice, then float the cream or
  * 1/2oz cream  milk on the top.
 ---------------------------------------------------

    Some basics

    NVRAM

    Some of the most important things are stored in a kind of flash memory, the so called NVRAM. The NVRAM does not get deleted while flashing the OpenWrt on your router, so a lot of configuration is not necessary when done in the ASUS firmware. Here are the most improtant commands to work with NVRAM:

    CommandDescription
    nvram get fooread the value of foo from NVRAM
    nvram set foo=bargive foo the value bar
    nvram commitwrite the data changed with 'nvram set ...' into the NVRAM

    Editing files

     Files in OpenWrt are usually symbolic links to /rom/.... The /rom/... directory is not writeable, so if you want to modify a file you have got to delete the symbolic link, copy it from /rom/... to the location the link was before and then you can modify something within the file.

    ipkg

     OpenWrt has a package manager called ipkg. It has some similarities to apt. Do a 'ipkg update' before you use it the first time. When you start it without any commands or options you get a helpful info page.

    Configuration

    Network Configuration

    Network devices
    Device NameDescription
    loLoopback device - necessary but not interesting
    eth0The whole switch (LAN + WAN).
    eth1Wireless LAN
    vlan0LAN
    vlan1WAN
    br0LAN and Wireless LAN bridged together.

    See here.

    ADSL Configuration

    The ADSL (pppoe) configuration is supposed to be easy, but I had difficulties to get it to work.
    First thing to do is to change some entries in NVRAM:

    nvram set wan_ifname=ppp0
nvram set wan_proto=pppoe
nvram set ppp_idletime=10
nvram set ppp_mtu=1492 
nvram set ppp_passwd=---my_isp_password---
nvram set ppp_redialperiod=15
nvram set ppp_username=---my_isp_login---
nvram set pppoe_ifname=vlan1
nvram commit
reboot

    Then you can try to get your connection up:

    ifup wan

    At first it did not work at all, but after several tries and restarts, this command got me some pages of error messages, but finally after about two minutes I had a connection to the Internet. Some restarts later it worked totally fine. The router even started the connection automatically. The routing itself did not work from the beginning, but again, after some reboots it suddenly worked. Strange!

    Wireless LAN configuration

     Wireless LAN itself works, you only have to make the following configurations: 
    nvram set wl0_mode=ap
nvram set wl0_ssid=---your ssid---
nvram set wl0_infra=1
nvram set wl0_closed=0
nvram set wl0_channel=5
nvram set wl0_macmode=disabled
nvram set wl0_wep=disabled
    Making your Wireless LAN more secure
    Hide your essid
    To hide your essid you just have to set the NVRAM variable "wl0_closed" to "1":
    nvram set wl0_closed=1
    Set up a MAC filter
    To enable the MAC filter you have to set the NVRAM variable "wl0_macmode" to "allow" and store all allowed MAC addresses to the NVRAM variable "wl0_maclist":
    nvram set wl0_macmode=allow
    nvram set wl0_maclist="00:11:22:33:44:55 66:77:88:99:00:11"
    Set up WEP encryption
    Enabling the WEP encryption is pretty easy. You just need to store your WEP key in the NVRAM variable "wl0_key1", set "wl0_key" to "1" and enable "wl0_wep":
    nvram set wl0_key1=---your_wep_key---
    nvram set wl0_key=1
    nvram set wl0_wep=enabled

    DHCP Server

     The DHCP server works out-of-the-box, too. You only have to configure the IP range. If your router has e.g. the IP number 192.168.0.254 and you want the DHCP server to start at 192.168.0.100, then you type
    nvram set dhcp_start=100
    You can also set the maximum number of DHCP clients with
    nvram set dhcp_num=100
nvram commit
    Reboot your router or type
    /etc/init.d/S50dnsmasq
    to start the DHCP server.

    Printserver Configuration

    OpenWrt Configuration

     Configuring a USB printer is actually pretty easy. You just need to install the following packets:
    • http://downloads.openwrt.org/people/nico/testing/mipsel/packages/p910nd_0.7-2_mipsel.ipk
    • kmod-usb-core
    • kmod-usb-uhci
    • kmod-usb-printer
    The p910n-daemon basically passes packages to the printer, so it is no real print server with its own spool, which means you cannot print from various hosts simultaneously. As I am just in my own little network this is no problem at all. If you cannot live with it you got to install CUPS, but compared to p910nd it is rather big and slow.
    In my case, p910nd did not need to be configured. Everything worked at once. If you want to change something, p910nd's configuration file is /etc/default/p910nd.

    TIP: If your printer does not work, and neither CUPS nor Windows show any errors, take a look at 'dmesg' on the router. If it shows something like this
    printer.c: usblp0: on fire
    your printer has a problem, like e.g. no paper or empty ink cartridges.

    If you have any problems you might want to take a look at the following website: http://wiki.openwrt.org/PrinterSharingHowto

    Linux Client Configuration with CUPS

     As a device for your printer you need to select "AppSocket/HP JetDirect". The Device URI is "socket://192.168.0.254:9100". Port 9100 stands for the first printer on your router. If you configured more than one, the corresponding port is 9101, 9102, ... .

    Windows 2000/XP Client Configuration

     Content follows.

    File Server Configuration

     Though the WL-500g has 2 USB 2.0 ports you can connect a USB stick, USB HDD, etc. to it and access it from your whole network. In my case I bought a cheap USB 2.0 hard disk case and put a 160 GB HDD in it.
    To get it working I had to install the following packages:
    • kmod-usb-core
    • kmod-usb-ehci
    • kmod-usb2
    • kmod-usb-storage
    • kmod-ext3
    Reboot your router and attach your hard disk. dmesg shows something like this:
    hub.c: new USB device 01:02.2-1, assigned address 2
scsi0 : SCSI emulation for USB Mass Storage devices
Vendor: SAMSUNG   Model: SV1604N           Rev: TR10
Type:   Direct-Access                      ANSI SCSI revision: 02
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB)
Partition check:
/dev/scsi/host0/bus0/target0/lun0: p1
WARNING: USB Mass Storage data integrity not assured
USB Mass Storage device found at 2
jffs2: attempt to mount non-MTD device 08:01
SQUASHFS error: Can't find a SQUASHFS superblock on sd(8,1)
kjournald starting.  Commit interval 5 seconds
EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
EXT3 FS 2.4-0.9.19, 19 August 2002 on sd(8,1), internal journal
EXT3-fs: recovery complete.
EXT3-fs: mounted filesystem with ordered data mode.
    The device is mounted automatically in /tmp/mnt/disc0_1.
    If you have any problems, take a look at http://wiki.openwrt.org/UsbStorageHowto.

    Setting up an NFS Server

     You need to install "kmod-nfs" and "nfs-server". Afterwards you need to edit your /etc/exports. It has to include
    • the directory you want to open
    • the names or IP addresses of the clients, which are supposed to get access
    • additional options, like rw to grand read and write access or sync, which means that an upload is not confirmed until the files actually written
    My /etc/exports looks like this:
    /tmp/mnt/disc0_1        192.168.0.0/255.255.255.0(rw,sync)

    Setting up NFS Linux clients

     If the necessary packages are installed, you can mount your NFS share with
    mount 192.168.0.254:/tmp/mnt/disc0_1 /mountpoint
    Update: After I did an 'apt-get dist-upgrade' on one of my clients, it did not connect any more, printing the error message
    mount to NFS server '192.168.0.254' failed: server is down.
    Appending the option "nfsvers=2" solved the problem:
    mount 192.168.0.254:/tmp/mnt/disc0_1 /mountpoint -o nfsvers=2

    Setting up NFS Windows clients

     Content follows.

    Setting up a TOR Server

    Installing ntpclient

     It is necessary/recommended that the machine a TOR Server is running on has the right time. As the router does not have an internal clock it has to get its time from the Internet. To realize this I use ntpclient. Install it via ipkg.
    Next thing to do is tell the router its timezone. You can easily do that with
    echo GMT-1 > /etc/TZ
    This sets the timezone to GMT+1 (for Germany).
    Now you can give it a try with
    ntpclient -s -h 2.de.pool.ntp.org
    Check your time with `date`.
    Making it start at boot time: After the power is disconnected the time is gone again, so it is best to get the time while booting. A init-Script did not work for me, because, as it takes a few seconds for the router to connect to the Internet, the script would be started before the router is online. So you have to use the hotplug-daemon. Just copy my ntpclient-file into /etc/hotplug.d/iface/.

    Setting up dyndns

     As most of us probably do not have a static IP, you have to set up dyndns to use TOR. First thing to do is to get a dyndns account at http://www.dyndns.com/. Then you have to install ez-ipupdate and customize your /etc/dyndns.conf that it looks something like this:
    service-type=dyndns
user=your_username:your_password
interface=ppp0
host=your_username.dyndns.org

# Do not change the lines below
cache-file=/tmp/ez-ipup
pid-file=/var/run/ez-ipupdate.pid
    Now you can test it with
    /usr/sbin/ez-ipupdate -c /etc/dyndns.conf
    Making it start at boot time: It is pretty much the same as with the ntpclient. Just copy my ez-ipupdate into your /etc/hotplug.d/iface/-folder.
    If you have any questions take a look at this page.

    Setting up the TOR Server

     First thing to do is to install tor via ipkg. Then you have to do some changes in your /etc/tor/torrc:
    • change the Nickname
    • uncomment the ORPort 9001-line
    • uncomment the DirPort 9030-line
    • fill in your dyndns-address in the Address-line
    • for testing purposes change the RunAsDaemon variable to 0
    • change User and Group to root
    Next thing to do is to open port 9001 and 9030 of your firewall. Just add the following two lines to your /etc/firewall.user and reboot your router.
    iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 9001 -j ACCEPT
iptables        -A input_rule      -i $WAN -p tcp --dport 9001 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 9030 -j ACCEPT
iptables        -A input_rule      -i $WAN -p tcp --dport 9030 -j ACCEPT
    Now can start 'tor'. Look for error messages. After a few hours take a look at http://serifos.eecs.harvard.edu/cgi-bin/exit.pl if you find your Nickname. This site also tells you the speed of your connection. It will probably be very low at the beginning, but after a few hours or so the speed will be where it is supposed to be.
    Making it permanent: If everything works like it is supposed to, you should make TOR start at boot time. I somehow did not manage to do this. I tried it the same way as descibed with ntpclient and dyndns, but it did not work. I also wrote a script which starts TOR as soon as there is a connection to the Internet. The script itself worked, but it did not work when it was executed at boot time as an init-script. If you succeed in starting TOR on boot time, please let me know.

    For further questions take a look at http://tor.eff.org/cvs/tor/doc/tor-doc-server.html.

    Some output
    • dmesg (content follows)
    • ipkg list_installed (content follows)
    • logread (content follows)
    • nvram show (content follows)

    My configuration files

     
    /
`-- etc
    |-- default
    |   `-- p910nd
    |-- dyndns.conf
    |-- exports
    |-- firewall.user
    |-- hotplug.d
    |   `-- iface
    |       |-- ez-ipupdate
    |       `-- ntpclient
    |-- tor
    |   `-- torrc
    `-- TZ

    To do
    • DHCP: static IP addresses

    Related documents and links

    This article is listed at...

    Thanks to
    E-Mail: mk(at)mk-stuff(dot)de
    Impressum

    Letzte Änderung: 25.12.2007 12:46
    © Michael Kupsch