DD-WRT
dd-wrt is an alternative firmware for a variety of routers. The most popular (and one of the first) that can be used with dd-wrt is the Linksys-Cisco WRT54GL Wireless-G Broadband Router
So, why would you want alternative firmware on your router? The stability can be improved for one, but there are also a large number of features that you can enable and configure through alternative firmware. The device that was originally just a wireless router can become a repeater, a client bridge, can serve separate subnets from each port, can broadcast multiple SSID (and BSSID’s) with different encryption levels, can act as a captive portal/hotspot system. This is… just a few of the really interesting features that you can get from v24 of dd-wrt.
Here’s another take on why you should consider an option like dd-wrt:
I’ve been buying and installing consumer grade routers from Linksys, Dlink, netgear and others for about 10 years. Every new purchase usually means a new model number, a new version of proprietary firmware, and a new package deal of features, bugs and limitations.
Every couple of years, the hardware gets more capable. In the consumer market, the hardware features and not the software differentiate one product from another. Within a feature set, these products are commodities. If Linksys is out of stock at officemax, then dlink or netgear is in. One is not preferred over another because of its software. Every manufacture has bugs. If you read the product reviews, -every- manufacturer has reviews that read: “worked on the first try” – followed by “couldn’t make it work.” The criteria is not “who is best”. It is – “can I make this model work, FOR ME?” and, which manufacturer’s software has been the most annoying…lately?
Here is the problem. EVERY manufacturer has bugs in their firmware, which are gradually reduced over time with upgrades and workarounds. Those firmware bugs ALWAYS RETURN in the next –hardware- generation. It is as though each hardware design commissions a blank slate rewrite of the proprietary operating system software. The user interface may have cosmetic consistency across the product family – but features that worked in the last generation of hardware have been seen to fail in the version -1- software of the replacement equipment.
This is why I am ready to make the jump to Linux based open source routers for the next and forseeable future generations. I will standardize on a router –software- platform. The platform will continue to mature over time, regardless of the hardware that it runs on. New features wil be integrated into the stable code base as hardware becomes more powerful, and the configuration and management of these routers will (at last) be something that can be simplified.
Ron Parker
Operation Improvement Inc.
Are you looking to use the Linksys WRT54GL with a dual lan connection? This page in the dd-wrt wiki explains how to setup dual wan with failover. This may well be my next dd-wrt and wrt54gl project!
So far I have configured a number of linksys wrt54gl boxes with dd-wrt.
1) Router/captive portal for a large wireless installation. Modified with scripts to monitor the devices status and send daily email reports. (Used v23sp2) (NOT serving wireless directly – just captive portal via the LAN ports. Other devices deal with the wireless. As many as 20-30 users/day maximum. (NOT WIRELESS – JUST ROUTER))
2) Simple Encrypted (WPA) router with QOS bandwidth limitation on one port of the LAN switch (to cascade to a second open access point.) (Additional firewalling rules on selected LAN port as well to prevent access from 2nd open ap into protected wpa network.) (v23sp2) (3-5 users/day)
3) Open captive portal for public use (nocatsplash) light use public hotspot (averages a couple visitors a day.) (v23sp2)
4) Dual SSID broadcast (one WEP for legacy support/one WPA2(TKIP)). (V24)
5) Repeater/client bridge for one WPA encrypted network (V24)
6) Test bed duplicate of #1 above
7) Spare on hand replacement of #1 above
Openvpn server box to be placed directly a network and serve up openvpn for the outside world. (So remote clients can vpn into the internal LAN.)
One issue I’ve run into with dd-wrt running on the linksys wrt54gl is with the nocatsplash process. It seems that the two boxes I have will occasionally find a way that the splash process dies and it leaves the box up and running but not able to handle new clients. (The splash process is a way of authenticating users in our situation, getting people to click on a terms/agreements acceptance.) So, we get sporadic reports of the internet being down when the splash process (splashd) has simply been overwhelmed. (Our best guess at this point is that this can happen when one machine opens up a gazillion internet connection attempts at once, but I don’t have any proof of that yet.)
So, I scripted a way to monitor the nocatsplash manager once a minute and if it’s no longer running restart the splash process. That’s taken care of the biggest stability problem I’ve seen in the field with a dd-wrt box. (Both implementations I have in the field with nocatsplash are using dd-wrt v. 23-sp2 because at the time of the solution build nocatsplash was not working in newer releases (v. 24 was still in the RC process.))
Anyway- here are some of the scripts I’ve used. One system I use I have enough space on the jffs that I’ve been able to put the scripts there permanently with the requisite path changes in the script below. In another installation I didn’t have /jffs space free so I had to save it as a startup script. For what I’ve detailed here you can copy and paste into the web interface on the command page and then click save startup or you can login via telnet/ssh and paste these after typing nvram set rc_startup=”
after pasting the text, type another ” to close the quotes and press enter. Then you can type nvram get rc_startup to verify that everything copied as desired and if so, type nvram commit. I have added several backwards leaning slashes to “escape” out certain things that I found I could not get to paste otherwise via ssh. Instead of pasting directly they substituted. So, when you verify what is pasted you should NOT see those backwards leaning slashes \ …
What the following does is create a /tmp/myscripts directory, then it echos a bunch of text into a file we call monitor_splash that checks to see if there are 1 or more instances of splashd running. If there are 0 instances of the splashd process running then it restarts it. After writing the script, we need to make it executable. Then, we echo a line into our crontab to tell the scheduler to run this script every minute to check the presence of splashd. Finally, we tidy things up with a restart of the cron service. It’s not much, but it’s saved us several service calls and several reboots of the box over the course of a few months.
mkdir /tmp/myscripts
/bin/echo ‘#!/bin/sh
status=`/bin/ps | /bin/grep splashd | /bin/grep -v grep | /bin/wc -l`
#echo $statusif [ $status = 0 ];
then
/usr/sbin/splashd >> /tmp/nocat.log 2>&1 &
else
exit
fi’ >> /tmp/myscripts/monitor_splash
/bin/chmod +x /tmp/myscripts/monitor_splash/bin/echo ‘ * * * * * root /tmp/myscripts/monitor_splash’ >> /tmp/crontab
# restart cron daemon
stopservice cron && startservice cron
Here’s another of my dd-wrt recipes: I have found much of the setup for this from the dd-wrt wiki which is a MUST read if you’re setting up dd-wrt on a router. This formula…. is a startup script to allow the router to act as an internal openvpn server. Basically you need to create all your keys on another machine (client and server and ca keys as well as your secret and your dh key.) If all of this is making your eyes glaze over you need to read about setting up openvpn with full blown certificate based encryption.
Anyway, the box is given an ip address on the local network and a port is forwarded from the firewall. Clients can then connect in and browse the internet through the tunnel. So… to the internet they look as though they are on the network that the vpn box is on. (They also have an ip address in the local net.) Make sure you change addressing to your local subnet for this.
192.168.100.9 is the address that the box is configured on and I’ve used the vpn version of dd-wrt v. 24. The settings below could be changed to allow connections on port 53 UDP (default is 1194) as that could be more likely to pass by more draconian firewalls when you’re out in the world. Another good idea is to change it to tcp-server and use port 443. you’ll need to make sure to forward the appropriate port on the firewall. I actually prefer using tcp port 443 because most firewalls would expect encrypted data to be going to port 443 (https). This is the setup I use when I have my laptop out at a hotspot. It puts me on my home network and allows me to browse the internet through my HOME connection while I’m out in the world.
cd /tmp
openvpn –mktun –dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc upecho ”
# Tunnel options
mode server # Set OpenVPN major mode
ifconfig-pool 192.168.100.190 192.168.100.199 255.255.255.0
push \”route-gateway 192.168.100.9\”
push \”dhcp-option DNS 192.168.100.1\”
proto udp # Setup the protocol (server)
port 1194 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of –ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression# OpenVPN server mode options
client-to-client # tells OpenVPN to internally route client-to-client traffic
duplicate-cn # Allow multiple clients with the same common name# TLS Mode Options
tls-server # Enable TLS and assume server role during TLS handshake
ca ca.crt # Certificate authority (CA) file
dh dh1024.pem # File containing Diffie Hellman parameters
cert server.crt # Local peer’s signed certificate
key server.key # Local peer’s private key
tls-auth statickey 0 #used for a bit of extra security during the handshake – clients substitute 0 for 1
” > openvpn.confecho ”
—–BEGIN CERTIFICATE—–
this space is where the CA certificate should go.
—–END CERTIFICATE—–
” > ca.crt
echo ”
—–BEGIN RSA PRIVATE KEY—–
your private key for the server
—–END RSA PRIVATE KEY—–
” > server.key
chmod 600 server.key
echo ”
—–BEGIN CERTIFICATE—–
here’s where your server cert goes.
—–END CERTIFICATE—–
” > server.crt
echo ”
—–BEGIN DH PARAMETERS—–
insert the contents of your DH here…
—–END DH PARAMETERS—–
” > dh1024.pem
echo “—–BEGIN OpenVPN Static key V1—–
Insert your key here
—–END OpenVPN Static key V1—–
” > statickey
sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn –config openvpn.conf
The firewall requires a small change to make this work as well. Make sure to change this to reflect the correct destination port and protocol.
/usr/sbin/iptables -I INPUT -p udp –dport 1194 -j ACCEPT
You can see that there is some overlap in these items. I haven’t used anything but the wrt54gl for this, but there are some devices with host usb support which allows for much more interesting things (network storage/print serving/etc.) This page will be updated as time permits.
Update 7-24-09 —-
There is a remote exploitable root access vulnerability with dd-wrt – see here for details and workarounds/fixes.
“dd-wrt” – Google News
|
Buffalo and DD-WRT Collaborate to Create the Most Comprehensive Consumer and …
PR Newswire (press release) DD-WRT, long a mainstay in the open source community, delivers an easy-to-use, versatile and extensive feature-set to a broader wireless networking audience … |
DD-WRT to power Buffalo Wi-Fi routers – The H
|
DD-WRT to power Buffalo Wi-Fi routers
The H Source: Buffalo Buffalo Technology has announced that it will be using the free DD-WRT Linux-based alternative open source firmware in several of its … |
Ask the Wi-Fi Guru, Episode XXV – Wi-Fi Planet
|
Ask the Wi-Fi Guru, Episode XXV
Wi-Fi Planet This month our guru helps troubleshoot a WDS setup, pick the best dd-wrt firmware for a Linksys router and turns to his loyal readers for help with a public … |
Buffalo Partners with NovaStor on Data Storage – eWeek
|
Buffalo Partners with NovaStor on Data Storage
eWeek Earlier this month Buffalo announced a partnership with NewMedia-NET to deliver DD-WRT based software as a standard configuration across Buffalo's array of … |
Versiera Enables Cloud and Enterprise Network Visualization – DABCC.com
|
Versiera Enables Cloud and Enterprise Network Visualization
DABCC.com Cross-platform support includes management and monitoring of Windows, OS X, Linux, FreeBSD, OpenBSD, NetBSD, Solaris, OpenWRT and DD-WRT. … |
Five Best VPN Tools – Lifehacker
|
Five Best VPN Tools
Lifehacker OpenVPN is also integrated into several router firmware packages including popular DD-WRT, OpenWRT, and Tomato. The OpenVPN system isn't compatible with … |
open source router targets developers – ITWeb
|
open source router targets developers
ITWeb In addition, open source firmware, including DD-WRT, OpenWRT and Tomato, is available for download at this site. Aside from being a high performance open … |
DD-WRT ab Werk auf schnellen WLAN-Routern – Heise Newsticker
|
DD-WRT ab Werk auf schnellen WLAN-Routern
Heise Newsticker Für das Funknetz setzt der WZR-HP-G300NH auf den WLAN-Chipsatz ar7240 von Atheros, sodass sich im Zusammenspiel mit der Linux-Firmware DD-WRT viele … DD-WRT-Firmware für neue Buffalo-WLAN-Router DD-WRT-Firmware erhält Einzug auf neuen Buffalo-Geräten Buffalo und DD-WRT setzen mit Kooperation neue Standards bei leistungsfähigen … |
DD-WRT pihentetése indÃtás elÅtt – Hungarian Unix Portal
|
DD-WRT pihentetése indÃtás elÅtt
Hungarian Unix Portal Van egy DD-WRT-t futtató kütyüm (routernek gyártották, de a kevés RAM miatt lefokoztam, Ãgy wifi ap + switch szerepet lát el) egy Cisco router mögött. … |
Buffalo pensa opensource e si affida a DD-WRT – Tux Journal
 Tux Journal |
Buffalo pensa opensource e si affida a DD-WRT
Tux Journal Buffalo annuncia che, in virtù della partnership con NewMedia-NET, la piattaforma DD-WRT verrà adottata su tutta la propria gamma di router e access point … |
Popularity: 1% [?]
