5. OpenWrt configuration.

The most of the configuration in OpenWrt is done by setting variables in the NVRAM, even if you are a experienced linux user, this modell of configuration will be quit new to you and you will have to get used to it.

You should alwayes be aware of what you are doing when you change your NVRAM variables. But even when you have bricked your router and can't gain access anymore, there is allwayes the failsafe mode (look in troubleshooting).

There is still no real webinterface for OpenWrt ( if you are searching for a openwrt with build in webinterface have a look at ff-firmware.sourceforge.net ). You can find a couple of other open firmwares for the WRT54G and WRT54GS, which come with a build in webinterface if OpenWrt is not what you where looking for. But still i belive OpenWrt is the most powerfull distro if you want a full working linux operating system.

5.1. NVRAM

NVRAM stands for Non-Volatile RAM, in this case the last 64K of the flash chip used to store various configuration information in a name=value format.

Table 5. nvram command

nvram show | lessDisplay everything in nvram
nvram get boot_wait Get a specific variable ( in this case boot_wait )
nvram set boot_wait=on Set a value
nvram set lan_ifnames="vlan0 vlan1 vlan2"set multiple values to one param
nvram unset fooDelete a variable
nvram commitWrite changes to the flash chip (otherwise only stored in RAM)

A complete list of nvram variables can be found here.

5.2. Network configuration.

The names of the network interfaces will depend largely on what hardware OpenWrt is run on.

WRT54G V1.x

WRT54G V2.x/WRT54GS V1.x

ASUS WL-500g
(LAN and WIFI are bridged together in br0 by default)


The basic (802.3) network configuration is handled by a series of NVRAM variables:

Table 6. NVRAM variables

[name]_ifnameThe firmware image you're uploading was intended for a different model.
[name]_ifnamesDevices to be added to the bridge (only if the above is a bridge)
[name]_protoThe protocol which will be used to configure an IP
 static: Manual configuration (see below)
 dhcp: Perform a DHCP request
 pppoe: Create a ppp tunnel (requires pppoecd package)
[name]_ipaddrip address (x.x.x.x)
[name]_netmasknetmask (x.x.x.x)
[name]_gatewayDefault Gateway (x.x.x.x)
[name]_dnsDNS server (x.x.x.x)

The command ifup [name] will configure the interface defined by [name]_ifname according to the above variables. As an example, the /etc/init.d/S40network script will automatically run the following commands at boot:

$ ifup lan
$ ifup wan
$ ifup wifi

The ifup lan command will bring up the interface specified by lan_ifname. Normally the lan_ifname is set to br0 which will cause it to create the bridge br0 and add the the interfaces from lan_ifnames to the bridge; lan_proto is usually static which means that br0 will have the ip address from lan_ipaddr, and so on for the rest of the variables listed above.

It's important to remember that it's the [name]_ifname that specifies the interfaces, the [name] compontent itself has almost no value. This means that if you changed lan_ifname to be the internet port, vlan1, then ifup lan would bring up the internet port, not the lan ports (despite using the command ifup lan and using the lan_ variables). Also, it means that you can create any [name] variables you want, foo_ifname, foo_proto .... and they would be used by ifup foo.

The only [name] with any signfigance is wan, used by the /etc/S45firewall script. The firewall script will NAT traffic through the wan_ifname, blocking connections to wan_ifname.

Further information about the variables used can be found at OpenWrtNVRAM

5.3. Wireless Configuration

Although the wifi_* variables can be used to configure the network settings of the wireless interface, the default setting is to include the wireless interface in lan_ifnames and leave the wifi_* variables unset. If you remove the wireless interface from the lan bridge you can use the following settings:

Table 7.

wifi_ifnameThe wireless interface (eth1 or eth2 depending on hardware revision)
wifi_protostatic or dhcp, method used to configure the interface
wifi_ipaddrIP address to use if wifi_proto is static
wifi_netmasknetmask to use if wifi_proto is static (X.X.X.X notation)


Note: There are wl_* and wl0_* variables; the wl_* variables are obsoleted and were replaced by wl0_*.

Table 8.

NVRAM SettingDescription
wl0_ifnameSet by wlconf to the name of the ethernet interface (eth1, eth2)
wl0_hwaddrSet by wlconf, use il0macaddr to change the mac
wl0_modeEither ap, sta or wet for Access Point mode, station mode or wireless ethernet bridge
wl0_infraSelect operation mode for sta and wet (0=ad-hoc, 1=infrastructure)
wl0_closed(0/1) 0: broadcast ssid 1: hide ssid
wl0_country_codeAU = Worldwide, TH = Thailand, IL = Israel, JO = Jordan, CN = China, JP = Japan, US = USA/Canada/New Zealand, DE = Europe, All = All channels
wl0_macmode(disabled/allow/deny) used to (allow/deny) mac addresses listed in wl0_maclist
wl0_maclistList of space separated mac addresses to allow/deny according to wl0_macmode. Addresses should be entered with colons, e.g.: 00:02:2D:08:E2:1D
wl0_radioEnable / disable the radio (1=enable)
wl0_phytypesSupported 802.11 modes, automatically set by wlconf
wl0_phytypeAttempt these 802.11 modes
wl0_corerevSet by wlconf to the wireless revision, (4:v1.0 hardware, 7:v2,gs)
wl0_channelThe channel to use (1-13 worldwide, 1-11 USA/Canada, default 6, 0=auto channel)
wl0_gmodeSet 54g modes (0=Legacy B, 1=auto, 2=G only, 3=B deferred, 4=performance, 5=LRS, 6=afterburner)
wl0_plcphdrpreamble. long: use long or short preamble, *: use short preamble
wl0_rateSet rate in 500 Kbps units (0=auto)
wl0_fragSet fragmentation threshold (default 2346)
wl0_rtsSet RTS threshold (default 2347)
wl0_dtimSet DTIM period (default 1)
wl0_bcnSet beacon period (default 100)
wl0_frameburst(on/off) enable/disable frameburst
wl0_antdivSelect antenna (-1=auto, 0=main[near power jack], 1=aux[near reset button], 3=diversity)
wl0_ssidSet the SSID of the Wrt54g

For WEP:

Table 9.

wl0_wepon/off (In experimental, use enabled/disabled instead)
wl0_key1 ... wl0_key4WEP keys (example: wl0_key1=DEADBEEF12)
wl0_keyprimary key index: the wl0_key[1234] used (values: 1,2,3,4)


64bit/128bit wep is autodetected by wlconf based on key length. For 64bit use 5/10 chars and for 128bit 13/26 chars len keys

For WDS:

Table 10.

wl0_lazywdsSet lazywds mode - dynamically grant WDS to anyone(1=enable / 0=disable)
wl0_wdsSpace separated list of WDS member MAC addresses (xx:xx:xx:xx:xx:xx notation)


NOTE: if you want to use a wrt54gs as a WDS client with wl0_wds set, the wl0_gmode setting must not be in afterburner (6) mode (apparently no linksys speedboost is available for WDS clients). Also, wl0_mode should be set to ap.

5.4. Static Routes

Static routes are a bit uglier to maintain, but they are still maintainable. There is only one NVRAM setting for them: static_route. This contains all the static routes to be added upon boot-up.

The syntax of the static_route NVRAM variable is as follows:


So, for example, to set a static route to via vlan1, use:

$ nvram set static_route=

This will make directly connected. To route via a router, use:

$ nvram set static_route=

This will use vlan1 to send packets to via router


As of the most recent CVS build, all values must be present. The networking script doesn't detect missing values, and will thererfore not create the route if the syntax is incorrect (things missing, etc.).

5.5. Sample network configurations.

5.5.1. AP mode.


(note these examples use wrt54g v2.x/wrt54gs v1.x interface names)

The default network configuration: (lan+wireless bridged as, wan as dhcp)

lan_ifnames="vlan0 eth1"


If you just want to use OpenWrt as an access point you can avoid the WAN interface completely: (lan+wireless bridged as, routed through, wan ignored)

lan_ifnames="vlan0 eth1"


To separate the LAN from the WIFI: (lan as, wireless as, wan as dhcp)




5.5.2. Client mode.

If you want to use your WRT to connect to another AP or computer rather than to use it as an AP, here are the steps to follow:

First reverse the firewall. Optionally, if you just want to disable it, you can delete the file /etc/init.d/S45firewall. To reverse it, here is the content you should put in /etc/init.d/S45firewall:

. /etc/functions.sh

WAN=$(nvram get wan_ifname)
WIFI=$(nvram get wifi_ifname)


for T in filter nat mangle ; do
  $IPT -t $T -F
  $IPT -t $T -X

$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -i $WIFI -j DROP

$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -i $WIFI -j DROP
$IPT -t filter -A FORWARD -o $WIFI -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu			

Optionally, if you want the source IP address of the outgoing traffic to be modified to the ip of the wifi interface, you should also add the following line:


This is also known as doing NAT (Network Address Translation), and it's likely your case if you use the WRT to connect to the internet. If you want your outgoing traffic to keep the source IP address unchanged, don't add that line.

The next step is breaking down the default bridge between the wifi interface and the LAN ports. This is done as follows:

$ nvram set lan_ifname=vlan0
$ nvram set wifi_ifname=eth1


This is for version 1, if you have a version with different interfaces change vlan0 and eth1 to the right values

This is the main command. It changes the WRT's behavior from AP to client, or station ("sta" for short):

$ nvram set wl0_mode=sta

Then configure the interaces normally. For example, assuming the wifi interface uses DHCP and the LAN interface has the static IP address

$ nvram set lan_proto=static				
$ nvram set lan_ipaddr=				
$ nvram set wifi_proto=dhcp				

You can configure other options if you need to, like wifi_dns or wifi_gateway. We are done with NVRAM, so we commit and reboot the WRT:

$ nvram commit				
$ reboot				

5.6. Finding and joining networks


If you have internet access from the WRT, it's time to install the wl package, that we'll need now.

$ ipkg install http://nthill.free.fr/openwrt/ipkg/stable/20041003/wl_0.1-2_mipsel.ipk

You can now scan for nearby access points.

$ wl scan ; sleep 1 ; wl scanresults

f you get an eth error, try

$ wl ap 0

This will put it into client mode

You should get somethink like

SSID: "Wireless"                                            <-----THIS IS THE SSID
Mode: Managed   RSSI: -93 dBm   noise: -93 dBm  Channel: 1  <-----HERE WE GOT THE LINK QUALITY, NOISE AND THE CHANNEL
BSSID: 00:A0:C5:83:0B:40        Capability: ESS             <-----THIS MEAN THE NODE IS IN AP MODE 
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) ]

SSID: "2958738608"
Mode: Managed   RSSI: -94 dBm   noise: -94 dBm  Channel: 5
BSSID: 00:A0:C5:98:98:B1        Capability: ESS
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) ]

SSID: "3Com"
Mode: Managed   RSSI: -88 dBm   noise: -91 dBm  Channel: 6
BSSID: 00:0F:CB:9F:1C:85        Capability: ESS ShortPre ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 9 12 18 24 36 48 54 ]

SSID: "gamehenge"
Mode: Managed   RSSI: -94 dBm   noise: -90 dBm  Channel: 6
BSSID: 00:0C:41:CA:65:0B        Capability: ESS Pollable WEP <-----THE "WEP" INDICATES THAT THIS NETWORK IS ENCRYPTED
Supported Rates: [ 1(b) 2(b) 5.5 11 ]

To join a non-encrypted access point you type:

$ wl join [ssid]

You can tell WRT to join the same SSID each time it boots by setting wl0_ssid:

$ nvram set wl0_ssid=MyNetwork

When you set an interface to DHCP, OpenWRT runs the DHCP client on that interface automatically at boot time. If you want to re-run the client, for example because you joined another ssid, you can reboot (assuming you also set wl0_ssid nvram variable), or you can run the udhcpc command:

$ udhcpc -i eth1 -b

This will ask the network for an IP address over the interface eth1 (wifi in v2), and fork to the background if it gets no replies.

The command wl manages the radio, and it's pretty powerful. Among many options (see them here: http://wifi-portal.elevate.nl/docs/wl.txt.). There are some particulary interesting:

wl txpwr: change the transmit power. Accepts a value between 0-255, which I've heard it's in mW, but don't know for sure. It's said that setting a high value here (above 84) will shorten the live of your radio to the point that setting it to 250 will make it last some months. Use this setting at your own risk.

wl txant / wl antdiv: this commands will let you choose which antenna will be used to send and receive respectively. This is usually useful if you have replaced an antenna. 0 means main antenna (the one near the power plug) and 1 means the other antenna.

wl status: prints the current ssid, signal quality, channel... etc.

wl dissasoc: dissasociates from the current ssid

wl rate: sets/gets the speed rate. To set it to auto, use -1.