The most of the configuration in OpenWrt is done by setting variables in the NVRAM, even if you are a experienced linux user, this modell of configuration will be quit new to you and you will have to get used to it.
You should alwayes be aware of what you are doing when you change your NVRAM variables. But even when you have bricked your router and can't gain access anymore, there is allwayes the failsafe mode (look in troubleshooting).
There is still no real webinterface for OpenWrt ( if you are searching for a openwrt with build in webinterface have a look at ff-firmware.sourceforge.net ). You can find a couple of other open firmwares for the WRT54G and WRT54GS, which come with a build in webinterface if OpenWrt is not what you where looking for. But still i belive OpenWrt is the most powerfull distro if you want a full working linux operating system.
NVRAM stands for Non-Volatile RAM, in this case the last 64K of the flash chip used to store various configuration information in a name=value format.
Table 5. nvram command
|nvram show | less||Display everything in nvram|
|nvram get boot_wait|| Get a specific variable ( in this case |
|nvram set boot_wait=on||Set a value|
|nvram set lan_ifnames="vlan0 vlan1 vlan2"||set multiple values to one param|
|nvram unset foo||Delete a variable|
|nvram commit||Write changes to the flash chip (otherwise only stored in RAM)|
A complete list of nvram variables can be found here.
The names of the network interfaces will depend largely on what hardware OpenWrt is run on.
WRT54G V1.x LAN=vlan2 WAN=vlan1 WIFI=eth2 WRT54G V2.x/WRT54GS V1.x LAN=vlan0 WAN=vlan1 WIFI=eth1 ASUS WL-500g WAN=eth0 LAN=eth1 WIFI=eth2 (LAN and WIFI are bridged together in br0 by default)
The basic (802.3) network configuration is handled by a series of NVRAM variables:
Table 6. NVRAM variables
|The firmware image you're uploading was intended for a different model.|
|Devices to be added to the bridge (only if the above is a bridge)|
|The protocol which will be used to configure an IP|
|static: Manual configuration (see below)|
|dhcp: Perform a DHCP request|
|pppoe: Create a ppp tunnel (requires pppoecd package)|
|ip address (x.x.x.x)|
|Default Gateway (x.x.x.x)|
|DNS server (x.x.x.x)|
The command ifup [name] will configure the interface defined by [name]_ifname according to the above variables. As an example, the /etc/init.d/S40network script will automatically run the following commands at boot:
$ ifup lan $ ifup wan $ ifup wifi
The ifup lan command will bring up the interface specified by
lan_ifname is set to br0 which will cause it to create the bridge br0 and add the
the interfaces from
lan_ifnames to the bridge;
lan_proto is usually static
which means that br0 will have the ip address from
lan_ipaddr, and so on for the rest of the
variables listed above.
It's important to remember that it's the
[name]_ifname that specifies the interfaces,
the [name] compontent itself has almost no value. This means that if you changed
be the internet port, vlan1, then ifup lan would bring up the internet port, not the lan ports (despite using the
command ifup lan and using the
lan_ variables). Also, it means that you can create any
[name] variables you want,
foo_proto .... and they would be used
by ifup foo.
The only [name] with any signfigance is wan, used by the /etc/S45firewall script. The firewall
script will NAT traffic through the
wan_ifname, blocking connections to
Further information about the variables used can be found at OpenWrtNVRAM
wifi_* variables can be used to configure the network settings of the wireless
interface, the default setting is to include the wireless interface in
lan_ifnames and leave the
wifi_* variables unset. If you remove the wireless interface from the lan bridge you can use the
|The wireless interface (eth1 or eth2 depending on hardware revision)|
|static or dhcp, method used to configure the interface|
|IP address to use if |
|netmask to use if |
Note: There are
|Set by wlconf to the name of the ethernet interface (eth1, eth2)|
|Set by wlconf, use il0macaddr to change the mac|
|Either ap, sta or wet for Access Point mode, station mode or wireless ethernet bridge|
|Select operation mode for sta and wet (0=ad-hoc, 1=infrastructure)|
|(0/1) 0: broadcast ssid 1: hide ssid|
|AU = Worldwide, TH = Thailand, IL = Israel, JO = Jordan, CN = China, JP = Japan, US = USA/Canada/New Zealand, DE = Europe, All = All channels|
|(disabled/allow/deny) used to (allow/deny) mac addresses listed in wl0_maclist|
|List of space separated mac addresses to allow/deny according to wl0_macmode. Addresses should be entered with colons, e.g.: 00:02:2D:08:E2:1D|
|Enable / disable the radio (1=enable)|
|Supported 802.11 modes, automatically set by wlconf|
|Attempt these 802.11 modes|
|Set by wlconf to the wireless revision, (4:v1.0 hardware, 7:v2,gs)|
|The channel to use (1-13 worldwide, 1-11 USA/Canada, default 6, 0=auto channel)|
|Set 54g modes (0=Legacy B, 1=auto, 2=G only, 3=B deferred, 4=performance, 5=LRS, 6=afterburner)|
|preamble. long: use long or short preamble, *: use short preamble|
|Set rate in 500 Kbps units (0=auto)|
|Set fragmentation threshold (default 2346)|
|Set RTS threshold (default 2347)|
|Set DTIM period (default 1)|
|Set beacon period (default 100)|
|(on/off) enable/disable frameburst|
|Select antenna (-1=auto, 0=main[near power jack], 1=aux[near reset button], 3=diversity)|
|Set the SSID of the Wrt54g|
|on/off (In experimental, use enabled/disabled instead)|
|WEP keys (example: wl0_key1=DEADBEEF12)|
|primary key index: the wl0_key used (values: 1,2,3,4)|
64bit/128bit wep is autodetected by wlconf based on key length. For 64bit use 5/10 chars and for 128bit 13/26 chars len keys
|Set lazywds mode - dynamically grant WDS to anyone(1=enable / 0=disable)|
|Space separated list of WDS member MAC addresses (xx:xx:xx:xx:xx:xx notation)|
NOTE: if you want to use a wrt54gs as a WDS client with
Static routes are a bit uglier to maintain, but they are still maintainable. There is only one NVRAM setting for
static_route. This contains all the static routes to be added upon boot-up.
The syntax of the
static_route NVRAM variable is as follows:
So, for example, to set a static route to 10.1.2.0½188.8.131.52 via vlan1, use:
$ nvram set static_route=10.1.2.0:255.255.255.0:0.0.0.0:1:vlan1
This will make 10.1.2.0 directly connected. To route via a router, use:
$ nvram set static_route=10.1.2.0:255.255.255.0:192.168.1.1:1:vlan1
This will use vlan1 to send packets to 10.1.2.0 via router 192.168.1.1
As of the most recent CVS build, all values must be present. The networking script doesn't detect missing values, and will thererfore not create the route if the syntax is incorrect (things missing, etc.).
(note these examples use wrt54g v2.x/wrt54gs v1.x interface names)
The default network configuration: (lan+wireless bridged as 192.168.1.1/24, wan as dhcp)
lan_ifname=br0 lan_ifnames="vlan0 eth1" lan_proto=static lan_ipaddr=192.168.1.1 lan_netmask=255.255.255.0 wan_ifname=vlan1 wan_proto=dhcp
If you just want to use OpenWrt as an access point you can avoid the WAN interface completely: (lan+wireless bridged as 192.168.1.25/24, routed through 192.168.1.1, wan ignored)
lan_ifname=br0 lan_ifnames="vlan0 eth1" lan_proto=static lan_ipaddr=192.168.1.25 lan_netmask=255.255.255.0 lan_gateway=192.168.1.1 lan_dns=192.168.1.1 wan_proto=none
To separate the LAN from the WIFI: (lan as 192.168.1.25/24, wireless as 192.168.2.25/24, wan as dhcp)
lan_ifname=vlan0 lan_proto=static lan_ipaddr=192.168.1.25 lan_netmask=255.255.255.0 wifi_ifname=eth1 wifi_proto=static wifi_ipaddr=192.168.2.25 wifi_netmask=255.255.255.0 wan_ifname=vlan1 wan_proto=dhcp
If you want to use your WRT to connect to another AP or computer rather than to use it as an AP, here are the steps to follow:
First reverse the firewall. Optionally, if you just want to disable it, you can delete the file /etc/init.d/S45firewall. To reverse it, here is the content you should put in /etc/init.d/S45firewall:
#!/bin/sh . /etc/functions.sh WAN=$(nvram get wan_ifname) WIFI=$(nvram get wifi_ifname) IPT=/usr/sbin/iptables for T in filter nat mangle ; do $IPT -t $T -F $IPT -t $T -X done $IPT -t filter -A INPUT -m state --state INVALID -j DROP $IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A INPUT -i $WIFI -j DROP $IPT -t filter -A FORWARD -m state --state INVALID -j DROP $IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A FORWARD -i $WIFI -j DROP $IPT -t filter -A FORWARD -o $WIFI -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Optionally, if you want the source IP address of the outgoing traffic to be modified to the ip of the wifi interface, you should also add the following line:
$IPT -t nat -A POSTROUTING -o $WIFI -j MASQUERADE
This is also known as doing NAT (Network Address Translation), and it's likely your case if you use the WRT to connect to the internet. If you want your outgoing traffic to keep the source IP address unchanged, don't add that line.
The next step is breaking down the default bridge between the wifi interface and the LAN ports. This is done as follows:
$ nvram set lan_ifname=vlan0 $ nvram set wifi_ifname=eth1
This is for version 1, if you have a version with different interfaces change vlan0 and eth1 to the right values
This is the main command. It changes the WRT's behavior from AP to client, or station ("sta" for short):
$ nvram set wl0_mode=sta
Then configure the interaces normally. For example, assuming the wifi interface uses DHCP and the LAN interface has the static IP address 192.168.1.1:
$ nvram set lan_proto=static $ nvram set lan_ipaddr=192.168.1.1 $ nvram set wifi_proto=dhcp
You can configure other options if you need to, like wifi_dns or wifi_gateway. We are done with NVRAM, so we commit and reboot the WRT:
$ nvram commit $ reboot
If you have internet access from the WRT, it's time to install the wl package, that we'll need now.
$ ipkg install http://nthill.free.fr/openwrt/ipkg/stable/20041003/wl_0.1-2_mipsel.ipk
You can now scan for nearby access points.
$ wl scan ; sleep 1 ; wl scanresults
f you get an eth error, try
$ wl ap 0
This will put it into client mode
You should get somethink like
SSID: "Wireless" <-----THIS IS THE SSID Mode: Managed RSSI: -93 dBm noise: -93 dBm Channel: 1 <-----HERE WE GOT THE LINK QUALITY, NOISE AND THE CHANNEL BSSID: 00:A0:C5:83:0B:40 Capability: ESS <-----THIS MEAN THE NODE IS IN AP MODE Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) ] SSID: "2958738608" Mode: Managed RSSI: -94 dBm noise: -94 dBm Channel: 5 BSSID: 00:A0:C5:98:98:B1 Capability: ESS Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) ] SSID: "3Com" Mode: Managed RSSI: -88 dBm noise: -91 dBm Channel: 6 BSSID: 00:0F:CB:9F:1C:85 Capability: ESS ShortPre ShortSlot Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 9 12 18 24 36 48 54 ] SSID: "gamehenge" Mode: Managed RSSI: -94 dBm noise: -90 dBm Channel: 6 BSSID: 00:0C:41:CA:65:0B Capability: ESS Pollable WEP <-----THE "WEP" INDICATES THAT THIS NETWORK IS ENCRYPTED Supported Rates: [ 1(b) 2(b) 5.5 11 ]
To join a non-encrypted access point you type:
$ wl join [ssid]
You can tell WRT to join the same SSID each time it boots by setting
$ nvram set wl0_ssid=MyNetwork
When you set an interface to DHCP, OpenWRT runs the DHCP client on that interface automatically at boot time. If you
want to re-run the client, for example because you joined another ssid, you can reboot
(assuming you also set
wl0_ssid nvram variable), or you can run the udhcpc command:
$ udhcpc -i eth1 -b
This will ask the network for an IP address over the interface eth1 (wifi in v2), and fork to the background if it gets no replies.
The command wl manages the radio, and it's pretty powerful. Among many options (see them here: http://wifi-portal.elevate.nl/docs/wl.txt.). There are some particulary interesting:
wl txpwr: change the transmit power. Accepts a value between 0-255, which I've heard it's in mW, but don't know for sure. It's said that setting a high value here (above 84) will shorten the live of your radio to the point that setting it to 250 will make it last some months. Use this setting at your own risk.
wl txant / wl antdiv: this commands will let you choose which antenna will be used to send and receive respectively. This is usually useful if you have replaced an antenna. 0 means main antenna (the one near the power plug) and 1 means the other antenna.
wl status: prints the current ssid, signal quality, channel... etc.
wl dissasoc: dissasociates from the current ssid
wl rate: sets/gets the speed rate. To set it to auto, use -1.