1. make sure you have the supported version of OpenWRT – get it here:
   • Linksys WRT54G (up to and including v4) & WRT54GL: http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-wrt54g-squashfs.bin
   • Motorola WR850G: http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-wr850g-squashfs.bin
   • Linksys WRT54GS (up to and including v3): http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-wrt54gs-squashfs.bin
   • Linksys WRT54GS (v4): http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-wrt54gs_v4-squashfs.bin
   • Linksys WRT54G3G: http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-wrt54g3g-squashfs.bin
   • Linksys WRTSL54GS: http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-wrtsl54gs-squashfs.bin
2. plug an ethernet cable from your computer to the LAN1 port on the router
3. plug an ethernet cable from the router's WAN port to a DHCP-enabled Internet connection
4. turn off your computer's wifi connection (to ensure that it only has 'net access through the new router)
5. In a browser on your computer go to address 192.168.1.1 (this is the router's address)
6. Login leaving username blank and using password admin
7. Go to Wireless → Basic Wireless Settings and change the Wireless Network Name to wirelesstoronto. Change the channel as necessary – 1 is a good choice. Save settings.
8. Go to Administration → Firmware Upgrade
9. Upgrade the firmware using the openwrt image – DON'T INTERRUPT IT!
10. Watch the DMZ light – it'll come on, then go off. when it goes off, connect to the router: http://192.168.1.1
11. Click any link and you should be asked to set a password for the root account; use the standard WT router root password.
12. Connect to 192.168.1.1 using an SSH client (Linux and Mas OS have built in SSH, on Windows try “Putty”:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html): ssh root@192.168.1.1
13. Update and download standard packages, then edit wifidog.conf:

    ipkg update
    ipkg install iptables-extra  kmod-iptables-extra libpthread libgcc
    ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.5-1_mipsel_whiterussian.ipk
    vi /etc/wifidog.conf

14. Specify the GatewayID, as appropriate (this needs to be set on the auth server!).
15. Uncomment the ExternalInterface line, and change the value to vlan1
16. Change the value of the GatewayInterface line to br0
17. Paste the appropriate chunk into the AuthServer section:
    1. for wifidog versions prior to 1.1.3:

       AuthServer {
       Hostname auth.wirelesstoronto.ca
       SSLAvailable yes
       Path /
       }

    2. for wifidog versions 1.1.3 and later:

       AuthServer {
       Hostname auth.wirelesstoronto.ca
       SSLPort 443
       Path /
       }

18. Save the changes to wifidog.conf file (esc :wq)
19. Set up ntpclient & timezone, then replace S99done:

    ipkg install ntpclient
    cd /etc/init.d
    wget http://wirelesstoronto.ca/dist/S55ntpclient
    chmod +x /etc/init.d/S55ntpclient
    /etc/init.d/S55ntpclient
    
    echo EST5EDT,M3.2.0/02:00,M11.1.0/02:00 > /etc/TZ
    
    cd /etc/init.d
    cp S99done S99done.real
    rm S99done
    mv S99done.real S99done
    vi /etc/init.d/S99done

20. add this to /etc/init.d/S99done:

    # start crond
    /usr/sbin/crond -c /etc/crontabs

21. set up the crontab and run cron:

    mkdir /etc/crontabs
    touch /etc/crontabs/root
    ln -sf /etc/crontabs/root /etc/crontab
    /usr/sbin/crond -c /etc/crontabs
    vi /etc/crontab

22. add this to the end of /etc/crontab:

    0 * * * * /usr/sbin/ntpclient -l -h pool.ntp.org -i 5 -s

23. restart crond, then install openvpn client:

    killall crond
    /usr/sbin/crond -c /etc/crontabs
    
    ipkg install openvpn
    mkdir /etc/openvpn
    cd /etc/openvpn
    wget http://wirelesstoronto.ca/dist/client.conf
    vi /etc/openvpn/client.conf

24. replace NODEID with the real gateway id
25. download CA cert:

    cd /etc/openvpn
    wget http://wirelesstoronto.ca/dist/ca.crt

26. copy cert stuff from server (it'll prompt you for the password):

    scp wireless@openvpn.wirelesstoronto.ca:easy-rsa/keys/client(NODEID).* .

27. make the key private, then install auto-run script:

    chmod 600 client*.key
    
    cd /etc/init.d
    wget http://wirelesstoronto.ca/dist/S90openvpn
    chmod +x S90openvpn
    reboot

28. Congratulations, you're done!

All instructions are the same, but use the correct OpenWRT package, of course.

By default, the router comes configured with the LAN IP address 192.168.10.1. Either change this to 192.168.1.1 before installing OpenWRT, or after installing OpenWRT, issue the additional commands:

nvram unset dhcp_start
nvram unset dhcp_end
nvram unset dhcp_dns
nvram commit

These variables confuse dnsmasq, and aren't required.

NYC Wireless have a good “walkthrough”:http://www.nycwireless.net/tiki-pagehistory.php?page=WifiDog&preview=39

1. http://packages.milkfish.org/boozy/5.5.5/all_packages/libssl_0.9.7d-1_mipsel.ipk
2. http://212.222.128.68/sven-ola/ipkg/liblzo_1.08_mipsel.ipk
3. http://wrt54g.free.fr/openwrt/b4/ipkg/openvpn_2.0test19_mipsel.ipk

Perhaps refer to (newer?) instructions at:

• http://wiki.openwrt.org/OpenWrtDocs/Installing#head-4f88301b6db87e0ff6c54cb4e65102e7aae8f6d9
• http://wiki.openwrt.org/OpenWrtDocs/Deinstalling

1. cd /tmp
2. wget http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-brcm-2.4-squashfs.trx
3. mtd -r write firmware.trx linux
4. telnet to 192.168.1.1 and set password using 'passwd'. Telnet will be disabled and SSH enabled.

1. don't install wifidog on WDS “leaf” (as opposed to trunk/branch) routers
2. make sure channel & SSID are correct:

   nvram set wl_ssid=wirelesstoronto
   nvram set wl_channel=1

3. do:

   nvram set wl0_lazywds=0
   nvram set wl0_wds=00:13:10:44:3b:50 00:13:10:3d:65:59 00:13:10:2d:a9:98
   nvram commit

4. on the “client” router(s) only:

   rm /etc/init.d/S??dnsmasq

5. reboot

6. YOU MAY NEED TO ADD A STATIC ROUTE:

   nvram set static_route=0.0.0.0:0.0.0.0:192.168.1.1:1:br0
   nvram commit

1. ssh to pwd.ca, login as “wireless”

   cd easy-rsa
   . ./vars

2. (ignore the output)

   ./build-key client[NODEID]

3. use defaults except for Common Name: client[NODEID]
4. find the client<NODEID>.crt and client<NODEID>.key files in the ./keys folder – KEEP THESE PRIVATE
5. to copy them to the router, issue these commands on the router:

   scp wireless@pwd.ca:easy-rsa/keys/client<NODEID>.crt /etc/openvpn
   scp wireless@pwd.ca:easy-rsa/keys/client<NODEID>.key /etc/openvpn

(it'll prompt you for the wireless@pwd.ca password each time)

Might be especially bad on a WR850G.

mtd -r erase nvram

(From the OpenWRT FAQ.)

cd /tmp
wget http://downloads.openwrt.org/people/kaloz/nvram-clean.sh 
(having access issues with the original URL http://wirelesstoronto.ca/dist/nvram-clean.sh PD, May 10, 2007)
chmod a+x /tmp/nvram-clean.sh
/tmp/nvram-clean.sh

The before and after sizes will show you how much space was recovered.

The nvram-clean.sh script does not commit the changes to NVRAM so you will have to do this manually with:

nvram commit

telnet 192.168.1.1
nvram set lan_proto=static
nvram set lan_ipaddr=192.168.1.10 
nvram set lan_gateway=192.168.1.1
nvram set lan_dns=192.168.1.1
nvram set wl_ssid=wirelesstoronto
nvram set wl_channel=1
rm /etc/init.d/S50dnsmasq
nvram commit
reboot

add to the end of /etc/firewall.user:

### secure the LAN
iptables -A forwarding_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP
iptables -A input_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP

where 192.168.17.0 is the wired LAN. you won't be able to ping 192.168.17.1, but traffic will still flow through it

You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate.

The original config on the router is probably:

lan_ifname="br0"
lan_proto=static
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
wifi_ifname=""
wifi_proto=""
wifi_ipaddr=""
wifi_netmask=""
lan_ifnames="vlan0 eth1 eth2"

Run these commands:

nvram set lan_ifname=vlan0
nvram set lan_proto=static
nvram set lan_ipaddr=192.168.2.1
nvram set lan_netmask=255.255.255.0
nvram set wifi_ifname=eth1
nvram set wifi_proto=static
nvram set wifi_ipaddr=192.168.1.1
nvram set wifi_netmask=255.255.255.0
nvram set lan_ifnames=vlan0
nvram commit

Edit /etc/dnsmasq.conf, adding these lines:

dhcp-range=eth1,192.168.1.100,192.168.1.250,255.255.255.0,12h
dhcp-range=vlan0,192.168.2.100,192.168.2.250,255.255.255.0,12h

Edit /etc/wifidog.conf, and change “GatewayInterface” to eth1

Reboot

(Done!)