BEFN$?FN Tuning WLAN Routers :ljkfd`q`e^pfli_fd\iflk\in`k_Fg\eNik ><KK@E>@EJ@;< Ai^Mfccd\i#=fkfc`X Learn how to take control of your home routing device with OpenWrt. BY THOMAS LEICHTERNSTERN he OpenWrt project calls itself “a many basic uses, but it doesn’t begin to custom logging, scripts, or alerts. Open- Linux distribution for embedded exploit the device’s true potential. Wrt can also save you money by letting Kdevices.” Beyond this simple in- OpenWrt lets you adapt the router to you adapt an inexpensive router, such as troduction, OpenWrt [1] is a framework your own needs. To monitor traffic, you the WRT54GL, to perform the functions for creating custom firmware to install can build in security tools, such as Snort of a more expensive tool. on devices such as home routers and and tcpdump. Also, you can configure Of course, hacking the home router is firewalls. not exactly an activity for the Versions of OpenWrt are novice. OpenWrt provides a available for a variety of de- variety of powerful and inter- vices, including the trusty esting features, but you need Linksys WRT54GL residential to be ready to experiment. firewall/ router [2], a low- Although OpenWrt imple- budget SOHO router you ments various security mech- probably recognize from anisms to help you restore the browsing the aisles of com- system, use of the OpenWrt puter shops (Figure 1). software can alter the device in a way that could make it N_p:ljkfd`q\6 impossible to return to the The pre-installed firmware original configuration. that comes with a device Installing third-party soft- such as the WRT54GL is ware on a device such as a intended for easy configura- home router also usually tion in a one-size-fits-all voids your warranty. environment. This prepack- OpenWrt is available for aged solution is good for =`^li\(1K_\C`ebjpjNIK,+>C`jXgfglcXiJF?F]`i\nXccXe[iflk\i% several router models, includ- 52 ISSUE 93 AUGUST 2008 Tuning WLAN Routers BEFN$?FN Alternatives Other open source projects, such as FreeWRT [5] and DD-WRT [6], also offer third-party firmware alternatives for embedded devices. ing devices by Linksys, Netgear, Allnet, or Asus. The OpenWrt system was origi- nally designed to operate from the com- mand line, but the recent X-Wrt [3] front end provides a GUI environment for router configuration. Because X-Wrt does not fully support the current Open- Wrt release (code name “Kamikaze”), it makes more sense to use the previous version (“White Russian”) if you plan to use the X-Wrt front end. X-Wrt is avail- able for download either as an operating system/ GUI bundle or as a web GUI standalone for various router models [4]. To replace the original WRT54GL router software with OpenWrt and X-Wrt, open the web interface (the ad- =`^li\)1=ifdk_\=`idnXi\Lg^iX[\Zfe]`^liXk`fe[`Xcf^`ek_\fi`^`eXcjf]knXi\#pflZXe dress defaults to http:// 192. 168. 1. 1), lgcfX[k_\Fg\eNik`dX^\kfpfliiflk\iXe[`ejkXcck_\lg^iX[\% type admin as the username and pass- word, and then click Administration | Firmware Upgrade (Figure 2). Then click the folder icon next to the input box and select the image file in the file browser. To launch the process, click the Upgrade button. Note that the network connection must be up while you are installing the image. To avoid irreparable damage to the device, do not attempt this step via WLAN. After about a minute, the X-Wrt GUI appears without any further inter- vention. The new operating system as- similates the original configuration files. >\kk`e^JkXik\[ To prepare the system for use, you first need to set up the network. OpenWrt is simply a core installation. Localizations, add-on modules, or updates are down- loaded off the Internet. Watch out for the following quirk whenever you change the router’s settings: To apply changes, first click the Save Changes button, and then click on the Apply text link – only then will the system actually store the changes. Clicking Network in the top menu bar takes you to a submenu where you can select the first entry, WAN-LAN, to go to the basic setup. To use the router to connect to the In- =`^li\*1KfZfee\Zkkfk_\@ek\ie\k#Fg\eNike\\[jX;JCdf[\c%:fe]`^li\k_\ZfekXZk ternet via a DSL or conventional modem, [\kX`cj]fik_`j`eN8E$C8Ej\kk`e^j% AUGUST 2008 ISSUE 93 53 BEFN$?FN Tuning WLAN Routers Command Line dialog is automatically enabled after you packages you need before installing. If complete the installation. not, you might run out of space for criti- OpenWrt supports comprehensive The System | Packages section (Figure cal extensions at a later stage. configuration via the console, which you 4) features a list of hundreds of Avail- can access via SSH. Use root as the able packages, which you can install by NC8E username with the admin password that clicking the Install item next to the pack- The comprehensive WLAN configuration you have set. Thanks to BusyBox, you age description. options, which by far outclass the origi- can access almost any system tools that Unfortunately, most of these packages nal firmware, are some of the most inter- you are familiar with from Linux. lack a graphical user interface, and con- esting aspects for many users. To access The lightweight ipkg package manager, figuration requires a detour to the con- the basic settings, press Network | Wire- based on Debian’s dpkg, is available sole (see the box titled “Command less, where you can specify the operating for installing and uninstalling packages. Line”). Besides displaying installed and mode for the wireless network. Options The command ipkg install package_ installable packages, the website also of- include Client, Ad Hoc, and Access Point. name installs the specified package and fers a nearly complete package manage- The latter is the default, which is typi- automatically resolves any dependen- ment system that is reminiscent of DPKG cally the right choice for most applica- cies. ipkg update and ipkg upgrade up- and supports repository management. tion scenarios. grade your system to the latest version. On top of this, the Install Package from When you boot a WLAN client, it first URL also supports the installation of broadcasts a message to discover reach- select PPPoE as your Connection Type selected online packages. able access points. Setting ESSID Broad- (Figure 3). In the Redial Policy, specify cast to Hide makes your router invisible whether the router will dial up the Inter- JJC<ok\ej`fe to the rest of the world. net connection when it receives a re- If you need to manage OpenWrt in an OpenWrt also gives you various en- quest (Connect on Demand) or keep the untrusted LAN environment, it makes cryption options for protection against connection alive (Keep Alive). Add the sense to install the SSL extension, which unauthorized use; you are strongly ad- access data for your dial-up account in you can access via System. To install, vised to enable them. Your options in- the Username and Password fields. Note click the Install Matrix Tunnel button. clude 48- and 128-bit WEP encryption that the router does not support POTS or Because of the restricted memory space, and WPA, version 1 or 2, which is far ISDN. you should carefully consider which more secure. To use WPA, you must in- Lg[Xk\jXe[8[[$fe Df[lc\j To update the router software to the lat- est version, select Info in the menu, and then click the Check For Webif Update button. If you check the box next to Include daily builds when checking for update to webif, the updater will check for the daily builds, which could be buggy. To install the update, click Install Webif. As mentioned previously, OpenWrt is simply a core installation that you cus- tomize by installing add-on programs. This approach lets developers keep the basic system small, which is a good idea because a device such as the WRT54GL has only 2,112KB of flash memory, which restricts the number of tools you can install. To query the memory status, click Status. The value queried is the free space in /dev/ mtdblock/ 4. For some menu items, such as UPnP or SNMP, the underlying programs are not installed by default. To download the programs, click In- stall in the appropriate online repository section then continue to install. X-Wrt has a configuration dialog for any pro- =`^li\+1Fg\eNik_XjX[gb^$jkpc\gXZbX^\dXeX^\ik_XkXlkfdXk`ZXccpi\jfcm\j[\g\e[\e$ grams that install in this way, and the Z`\j]figif^iXdjpflZ_ffj\kf`ejkXcc% 54 ISSUE 93 AUGUST 2008 Tuning WLAN Routers BEFN$?FN stall add-on software via the Install NAS metric. The Processes entry takes you to up the configuration files and partitions Package option. a list of all active processes, which is re- are available below System | Backup & The advanced WLAN configuration is freshed at 20-second intervals. Clicking Restore. accessible via Advanced Wireless. The Stop Refreshing stops the refresh and dis- Restrict access (MAC address) filter lets plays a pull-down menu next to the pro- I\j\k you restrict access to the router to spe- cess names. If you can’t get the machine to talk to cific MAC addresses. If the router and From the pull-down menu, you can you in the normal way, pressing the client are further apart, you can modify kill individual processes by sending the reset button might be your only option. the transmitter output below Transmit SIGHUP, SIGKILL, or SIGTERM signals.