By Thomas Leichternstern
The OpenWrt project calls itself "a Linux distribution for embedded devices." Beyond this simple introduction, OpenWrt [1] is a framework for creating custom firmware to install on devices such as home routers and firewalls.
Versions of OpenWrt are available for a variety of devices, including the trusty Linksys WRT54GL residential firewall/router [2], a low-budget SOHO router you probably recognize from browsing the aisles of computer shops (Figure 1).
The pre-installed firmware that comes with a device such as the WRT54GL is intended for easy configuration in a one-size-fits-all environment. This prepackaged solution is good for many basic uses, but it doesn't begin to exploit the device's true potential.
OpenWrt lets you adapt the router to your own needs. To monitor traffic, you can build in security tools, such as Snort and tcpdump. Also, you can configure custom logging, scripts, or alerts. OpenWrt can also save you money by letting you adapt an inexpensive router, such as the WRT54GL, to perform the functions of a more expensive tool.
Of course, hacking the home router is not exactly an activity for the novice. OpenWrt provides a variety of powerful and interesting features, but you need to be ready to experiment.
Although OpenWrt implements various security mechanisms to help you restore the system, use of the OpenWrt software can alter the device in a way that could make it impossible to return to the original configuration.
Installing third-party software on a device such as a home router also usually voids your warranty.
OpenWrt is available for several router models, including devices by Linksys, Netgear, Allnet, or Asus. The OpenWrt system was originally designed to operate from the command line, but the recent X-Wrt [3] front end provides a GUI environment for router configuration. Because X-Wrt does not fully support the current OpenWrt release (code name "Kamikaze"), it makes more sense to use the previous version ("White Russian") if you plan to use the X-Wrt front end. X-Wrt is available for download either as an operating system/GUI bundle or as a web GUI standalone for various router models [4].
To replace the original WRT54GL router software with OpenWrt and X-Wrt, open the web interface (the address defaults to http://192.168.1.1), type admin as the username and password, and then click Administration | Firmware Upgrade (Figure 2). Then click the folder icon next to the input box and select the image file in the file browser. To launch the process, click the Upgrade button.
Note that the network connection must be up while you are installing the image. To avoid irreparable damage to the device, do not attempt this step via WLAN. After about a minute, the X-Wrt GUI appears without any further intervention. The new operating system assimilates the original configuration files.
| Alternatives |
|
Other open source projects, such as FreeWRT [5] and DD-WRT [6], also offer third-party firmware alternatives for embedded devices. |
To prepare the system for use, you first need to set up the network. OpenWrt is simply a core installation. Localizations, add-on modules, or updates are downloaded off the Internet. Watch out for the following quirk whenever you change the router's settings: To apply changes, first click the Save Changes button, and then click on the Apply text link - only then will the system actually store the changes.
Clicking Network in the top menu bar takes you to a submenu where you can select the first entry, WAN-LAN, to go to the basic setup.
To use the router to connect to the Internet via a DSL or conventional modem, select PPPoE as your Connection Type (Figure 3). In the Redial Policy, specify whether the router will dial up the Internet connection when it receives a request (Connect on Demand) or keep the connection alive (Keep Alive). Add the access data for your dial-up account in the Username and Password fields. Note that the router does not support POTS or ISDN.
To update the router software to the latest version, select Info in the menu, and then click the Check For Webif Update button. If you check the box next to Include daily builds when checking for update to webif, the updater will check for the daily builds, which could be buggy. To install the update, click Install Webif.
As mentioned previously, OpenWrt is simply a core installation that you customize by installing add-on programs. This approach lets developers keep the basic system small, which is a good idea because a device such as the WRT54GL has only 2,112KB of flash memory, which restricts the number of tools you can install. To query the memory status, click Status. The value queried is the free space in /dev/mtdblock/4.
For some menu items, such as UPnP or SNMP, the underlying programs are not installed by default.
To download the programs, click Install in the appropriate online repository section then continue to install. X-Wrt has a configuration dialog for any programs that install in this way, and the dialog is automatically enabled after you complete the installation.
The System | Packages section (Figure 4) features a list of hundreds of Available packages, which you can install by clicking the Install item next to the package description.
Unfortunately, most of these packages lack a graphical user interface, and configuration requires a detour to the console (see the box titled "Command Line"). Besides displaying installed and installable packages, the website also offers a nearly complete package management system that is reminiscent of DPKG and supports repository management. On top of this, the Install Package from URL also supports the installation of selected online packages.
| Command Line |
|
OpenWrt supports comprehensive configuration via the console, which you can access via SSH. Use root as the username with the admin password that you have set. Thanks to BusyBox, you can access almost any system tools that you are familiar with from Linux. The lightweight ipkg package manager, based on Debian's dpkg, is available for installing and uninstalling packages. The command ipkg install package_name installs the specified package and automatically resolves any dependencies. ipkg update and ipkg upgrade upgrade your system to the latest version. |
If you need to manage OpenWrt in an untrusted LAN environment, it makes sense to install the SSL extension, which you can access via System. To install, click the Install Matrix Tunnel button. Because of the restricted memory space, you should carefully consider which packages you need before installing. If not, you might run out of space for critical extensions at a later stage.
The comprehensive WLAN configuration options, which by far outclass the original firmware, are some of the most interesting aspects for many users. To access the basic settings, press Network | Wireless, where you can specify the operating mode for the wireless network. Options include Client, Ad Hoc, and Access Point. The latter is the default, which is typically the right choice for most application scenarios.
When you boot a WLAN client, it first broadcasts a message to discover reachable access points. Setting ESSID Broadcast to Hide makes your router invisible to the rest of the world.
OpenWrt also gives you various encryption options for protection against unauthorized use; you are strongly advised to enable them. Your options include 48- and 128-bit WEP encryption and WPA, version 1 or 2, which is far more secure. To use WPA, you must install add-on software via the Install NAS Package option.
The advanced WLAN configuration is accessible via Advanced Wireless. The Restrict access (MAC address) filter lets you restrict access to the router to specific MAC addresses. If the router and client are further apart, you can modify the transmitter output below Transmit Power (in mw).
OpenWrt offers far more statistical options than the original software, and it will help you analyze various events on the device. The Graphs link in the top menu bar takes you to the graphical processor and network load display (Figure 5); the software updates this every second, giving you a real-time view of the device's health state.
Clicking the Status link opens up a submenu in which you can query various system parameters, starting with the loaded modules, the connected clients, and the current network status. This screen gives you a comprehensive overview of almost any critical system status metric. The Processes entry takes you to a list of all active processes, which is refreshed at 20-second intervals. Clicking Stop Refreshing stops the refresh and displays a pull-down menu next to the process names.
From the pull-down menu, you can kill individual processes by sending the SIGHUP, SIGKILL, or SIGTERM signals. Status | Wireless displays the connected WLAN clients and also acts as a WLAN scanner to discover other WLAN devices. Currently, the device lacks a function for disconnecting connected clients.
Clicking on Log opens a system log configuration window that lets you write logfiles to an external machine (log server). The submenu also lets you access the system and kernel logs and the firewall protocol. Filtering options are restricted to searching for keywords.
OpenWrt is a system that really invites users to experiment. To make sure you can restore a working system if disaster does strike, various methods of backing up the configuration files and partitions are available below System | Backup & Restore.
If you can't get the machine to talk to you in the normal way, pressing the reset button might be your only option. Hold down the reset button at the rear of the device for 30 seconds, then continue holding down the button while you unplug the power connection and for another 20 seconds after unplugging. When you reconnect the power supply, the DMZ LED lights up to indicate that the router is now in maintenance mode and that your settings have been reset.
To restore the original software, first download the manufacturer's image file [7]. Then go to System | Upgrade in the GUI and click on Find... next to Firmware file:. In the file browser, select the image you downloaded and then click Open. Finally, click Upgrade to reinstall the original firmware.
OpenWrt considerably extends the WRT54GL's capabilities compared with the original software. The basic system comes with an enormous feature set, which also is extensible by installing modules - for example, for UPnP or QoS (Quality of Service).
If you are not an experienced user, you should avoid installing the software. Because of the enormous number of options, the risk of a broken configuration is considerable.
On top of this, the web-based management interface is not exactly intuitive at times. Various functions hide behind confusing links or are only accessible by taking convoluted detours.
| INFO |
|
[1] OpenWrt: http://openwrt.org
[2] Linksys: http://www.linksys.com [3] X-Wrt: http://x-wrt.org [4] X-Wrt firmware download: http://x-wrt.org/install.html [5] FreeWRT: http://freewrt.org [6] DD-WRT: http://www.dd-wrt.com [7] Linksys WRT firmware: http://tinyurl.com/4utmuy |