This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
router_setup_instructions [2007/05/10 11:52] 66.207.222.14 Added note about manual commit after nvram clean |
router_setup_instructions [2013/09/28 16:06] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Linksys WRT54G setup with WiFi Dog instructions ====== | + | ====== Linksys WRT54G setup with WiFi Dog instructions ====== |
- make sure you have the supported version of OpenWRT -- get it here: | - make sure you have the supported version of OpenWRT -- get it here: | ||
Line 22: | Line 22: | ||
ipkg update | ipkg update | ||
ipkg install iptables-extra kmod-iptables-extra libpthread libgcc | ipkg install iptables-extra kmod-iptables-extra libpthread libgcc | ||
- | ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.3_beta6-1_mipsel_whiterussianRC6.ipk | + | ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.5-1_mipsel_whiterussian.ipk |
vi /etc/wifidog.conf | vi /etc/wifidog.conf | ||
</code> | </code> | ||
Line 28: | Line 28: | ||
- Uncomment the ExternalInterface line, and change the value to vlan1 | - Uncomment the ExternalInterface line, and change the value to vlan1 | ||
- Change the value of the GatewayInterface line to br0 | - Change the value of the GatewayInterface line to br0 | ||
- | - Paste this into the AuthServer section:<code> | + | - Paste the appropriate chunk into the AuthServer section: |
+ | - for wifidog versions prior to 1.1.3:<code> | ||
AuthServer { | AuthServer { | ||
Hostname auth.wirelesstoronto.ca | Hostname auth.wirelesstoronto.ca | ||
SSLAvailable yes | SSLAvailable yes | ||
+ | Path / | ||
+ | } | ||
+ | </code> | ||
+ | - for wifidog versions 1.1.3 and later:<code> | ||
+ | AuthServer { | ||
+ | Hostname auth.wirelesstoronto.ca | ||
+ | SSLPort 443 | ||
Path / | Path / | ||
} | } | ||
Line 81: | Line 89: | ||
</code> | </code> | ||
- copy cert stuff from server (it'll prompt you for the password):<code> | - copy cert stuff from server (it'll prompt you for the password):<code> | ||
- | scp wireless@openvpn.wirelesstoronto.ca:easy-rsa/keys/client**NODEID**.* | + | scp wireless@openvpn.wirelesstoronto.ca:easy-rsa/keys/client(NODEID).* . |
</code> | </code> | ||
- make the key private, then install auto-run script:<code> | - make the key private, then install auto-run script:<code> | ||
Line 119: | Line 127: | ||
- http://wrt54g.free.fr/openwrt/b4/ipkg/openvpn_2.0test19_mipsel.ipk | - http://wrt54g.free.fr/openwrt/b4/ipkg/openvpn_2.0test19_mipsel.ipk | ||
- | ===== Upgrading OpenWRT to latest version (might be out of date) ===== | ||
- | Cobbled together from instructions: | + | ===== Upgrading OpenWRT to latest version ===== |
+ | |||
+ | Perhaps refer to (newer?) instructions at: | ||
* http://wiki.openwrt.org/OpenWrtDocs/Installing#head-4f88301b6db87e0ff6c54cb4e65102e7aae8f6d9 | * http://wiki.openwrt.org/OpenWrtDocs/Installing#head-4f88301b6db87e0ff6c54cb4e65102e7aae8f6d9 | ||
* http://wiki.openwrt.org/OpenWrtDocs/Deinstalling | * http://wiki.openwrt.org/OpenWrtDocs/Deinstalling | ||
- | - Wget new firmware | + | - cd /tmp |
- | - wget mtd.static | + | - wget http://downloads.openwrt.org/whiterussian/rc6/bin/openwrt-brcm-2.4-squashfs.trx |
- | - Upgrade using mtd | + | - mtd -r write firmware.trx linux |
- telnet to 192.168.1.1 and set password using 'passwd'. Telnet will be disabled and SSH enabled. | - telnet to 192.168.1.1 and set password using 'passwd'. Telnet will be disabled and SSH enabled. | ||
Line 213: | Line 222: | ||
</code> | </code> | ||
+ | ===== preventing wifi users from accessing the local LAN ===== | ||
+ | |||
+ | add to the end of /etc/firewall.user: | ||
+ | |||
+ | <code> | ||
+ | ### secure the LAN | ||
+ | iptables -A forwarding_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP | ||
+ | iptables -A input_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP | ||
+ | </code> | ||
+ | |||
+ | where 192.168.17.0 is the wired LAN. you won't be able to ping 192.168.17.1, but traffic will still flow through it | ||
+ | |||
+ | ===== separating wifi & wired networks ("breaking the bridge") ===== | ||
+ | |||
+ | You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate. | ||
+ | |||
+ | The original config on the router is probably:<code> | ||
+ | lan_ifname="br0" | ||
+ | lan_proto=static | ||
+ | lan_ipaddr=192.168.1.1 | ||
+ | lan_netmask=255.255.255.0 | ||
+ | wifi_ifname="" | ||
+ | wifi_proto="" | ||
+ | wifi_ipaddr="" | ||
+ | wifi_netmask="" | ||
+ | lan_ifnames="vlan0 eth1 eth2" | ||
+ | </code> | ||
+ | |||
+ | Run these commands:<code> | ||
+ | nvram set lan_ifname=vlan0 | ||
+ | nvram set lan_proto=static | ||
+ | nvram set lan_ipaddr=192.168.2.1 | ||
+ | nvram set lan_netmask=255.255.255.0 | ||
+ | nvram set wifi_ifname=eth1 | ||
+ | nvram set wifi_proto=static | ||
+ | nvram set wifi_ipaddr=192.168.1.1 | ||
+ | nvram set wifi_netmask=255.255.255.0 | ||
+ | nvram set lan_ifnames=vlan0 | ||
+ | nvram commit | ||
+ | </code> | ||
+ | |||
+ | Edit /etc/dnsmasq.conf, adding these lines:<code> | ||
+ | dhcp-range=eth1,192.168.1.100,192.168.1.250,255.255.255.0,12h | ||
+ | dhcp-range=vlan0,192.168.2.100,192.168.2.250,255.255.255.0,12h | ||
+ | </code> | ||
+ | |||
+ | Edit /etc/wifidog.conf, and change "GatewayInterface" to eth1 | ||
+ | |||
+ | Reboot | ||
+ | |||
+ | (Done!) |