router_setup_instructions
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
router_setup_instructions [2007/05/10 11:50] 66.207.222.14 changed nvram-clean.sh URL |
router_setup_instructions [2013/09/28 16:06] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Linksys WRT54G setup with WiFi Dog instructions ====== | + | ====== Linksys WRT54G setup with WiFi Dog instructions ====== |
| - make sure you have the supported version of OpenWRT -- get it here: | - make sure you have the supported version of OpenWRT -- get it here: | ||
| Line 22: | Line 22: | ||
| ipkg update | ipkg update | ||
| ipkg install iptables-extra kmod-iptables-extra libpthread libgcc | ipkg install iptables-extra kmod-iptables-extra libpthread libgcc | ||
| - | ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.3_beta6-1_mipsel_whiterussianRC6.ipk | + | ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.5-1_mipsel_whiterussian.ipk |
| vi /etc/wifidog.conf | vi /etc/wifidog.conf | ||
| </code> | </code> | ||
| Line 28: | Line 28: | ||
| - Uncomment the ExternalInterface line, and change the value to vlan1 | - Uncomment the ExternalInterface line, and change the value to vlan1 | ||
| - Change the value of the GatewayInterface line to br0 | - Change the value of the GatewayInterface line to br0 | ||
| - | - Paste this into the AuthServer section:<code> | + | - Paste the appropriate chunk into the AuthServer section: |
| + | - for wifidog versions prior to 1.1.3:<code> | ||
| AuthServer { | AuthServer { | ||
| Hostname auth.wirelesstoronto.ca | Hostname auth.wirelesstoronto.ca | ||
| SSLAvailable yes | SSLAvailable yes | ||
| + | Path / | ||
| + | } | ||
| + | </code> | ||
| + | - for wifidog versions 1.1.3 and later:<code> | ||
| + | AuthServer { | ||
| + | Hostname auth.wirelesstoronto.ca | ||
| + | SSLPort 443 | ||
| Path / | Path / | ||
| } | } | ||
| Line 81: | Line 89: | ||
| </code> | </code> | ||
| - copy cert stuff from server (it'll prompt you for the password):<code> | - copy cert stuff from server (it'll prompt you for the password):<code> | ||
| - | scp wireless@openvpn.wirelesstoronto.ca:easy-rsa/keys/client**NODEID**.* | + | scp wireless@openvpn.wirelesstoronto.ca:easy-rsa/keys/client(NODEID).* . |
| </code> | </code> | ||
| - make the key private, then install auto-run script:<code> | - make the key private, then install auto-run script:<code> | ||
| Line 119: | Line 127: | ||
| - http://wrt54g.free.fr/openwrt/b4/ipkg/openvpn_2.0test19_mipsel.ipk | - http://wrt54g.free.fr/openwrt/b4/ipkg/openvpn_2.0test19_mipsel.ipk | ||
| - | ===== Upgrading OpenWRT to latest version (might be out of date) ===== | ||
| - | Cobbled together from instructions: | + | ===== Upgrading OpenWRT to latest version ===== |
| + | |||
| + | Perhaps refer to (newer?) instructions at: | ||
| * http://wiki.openwrt.org/OpenWrtDocs/Installing#head-4f88301b6db87e0ff6c54cb4e65102e7aae8f6d9 | * http://wiki.openwrt.org/OpenWrtDocs/Installing#head-4f88301b6db87e0ff6c54cb4e65102e7aae8f6d9 | ||
| * http://wiki.openwrt.org/OpenWrtDocs/Deinstalling | * http://wiki.openwrt.org/OpenWrtDocs/Deinstalling | ||
| - | - Wget new firmware | + | - cd /tmp |
| - | - wget mtd.static | + | - wget http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-brcm-2.4-squashfs.trx |
| - | - Upgrade using mtd | + | - mtd -r write firmware.trx linux |
| - telnet to 192.168.1.1 and set password using 'passwd'. Telnet will be disabled and SSH enabled. | - telnet to 192.168.1.1 and set password using 'passwd'. Telnet will be disabled and SSH enabled. | ||
| Line 176: | Line 185: | ||
| mtd -r erase nvram | mtd -r erase nvram | ||
| </code> | </code> | ||
| + | |||
| + | |||
| Line 184: | Line 195: | ||
| <code> | <code> | ||
| cd /tmp | cd /tmp | ||
| - | wget http://downloads.openwrt.org/people/kaloz/nvram-clean.sh (having access issues with the original URL http://wirelesstoronto.ca/dist/nvram-clean.sh PD, May 10, 2007) | + | wget http://downloads.openwrt.org/people/kaloz/nvram-clean.sh |
| + | (having access issues with the original URL http://wirelesstoronto.ca/dist/nvram-clean.sh PD, May 10, 2007) | ||
| chmod a+x /tmp/nvram-clean.sh | chmod a+x /tmp/nvram-clean.sh | ||
| /tmp/nvram-clean.sh | /tmp/nvram-clean.sh | ||
| </code> | </code> | ||
| + | The before and after sizes will show you how much space was recovered. | ||
| + | |||
| + | The nvram-clean.sh script does not commit the changes to NVRAM so you will have to do this manually with: | ||
| + | |||
| + | <code>nvram commit</code> | ||
| ===== setting up a router as a plain-ol' bridge ===== | ===== setting up a router as a plain-ol' bridge ===== | ||
| Line 205: | Line 222: | ||
| </code> | </code> | ||
| + | ===== preventing wifi users from accessing the local LAN ===== | ||
| + | |||
| + | add to the end of /etc/firewall.user: | ||
| + | |||
| + | <code> | ||
| + | ### secure the LAN | ||
| + | iptables -A forwarding_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP | ||
| + | iptables -A input_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP | ||
| + | </code> | ||
| + | |||
| + | where 192.168.17.0 is the wired LAN. you won't be able to ping 192.168.17.1, but traffic will still flow through it | ||
| + | |||
| + | ===== separating wifi & wired networks ("breaking the bridge") ===== | ||
| + | |||
| + | You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate. | ||
| + | |||
| + | The original config on the router is probably:<code> | ||
| + | lan_ifname="br0" | ||
| + | lan_proto=static | ||
| + | lan_ipaddr=192.168.1.1 | ||
| + | lan_netmask=255.255.255.0 | ||
| + | wifi_ifname="" | ||
| + | wifi_proto="" | ||
| + | wifi_ipaddr="" | ||
| + | wifi_netmask="" | ||
| + | lan_ifnames="vlan0 eth1 eth2" | ||
| + | </code> | ||
| + | |||
| + | Run these commands:<code> | ||
| + | nvram set lan_ifname=vlan0 | ||
| + | nvram set lan_proto=static | ||
| + | nvram set lan_ipaddr=192.168.2.1 | ||
| + | nvram set lan_netmask=255.255.255.0 | ||
| + | nvram set wifi_ifname=eth1 | ||
| + | nvram set wifi_proto=static | ||
| + | nvram set wifi_ipaddr=192.168.1.1 | ||
| + | nvram set wifi_netmask=255.255.255.0 | ||
| + | nvram set lan_ifnames=vlan0 | ||
| + | nvram commit | ||
| + | </code> | ||
| + | |||
| + | Edit /etc/dnsmasq.conf, adding these lines:<code> | ||
| + | dhcp-range=eth1,192.168.1.100,192.168.1.250,255.255.255.0,12h | ||
| + | dhcp-range=vlan0,192.168.2.100,192.168.2.250,255.255.255.0,12h | ||
| + | </code> | ||
| + | |||
| + | Edit /etc/wifidog.conf, and change "GatewayInterface" to eth1 | ||
| + | |||
| + | Reboot | ||
| + | |||
| + | (Done!) | ||
router_setup_instructions.1178815805.txt.gz · Last modified: 2013/09/28 16:06 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
