OpenWRT with x-wrt install

Another OpenWRT installation - with WEB GUI this time. OpenWRT has become quite nice and useable. Still it's docs are not always up to date and sometimes cumbersome to get around. Here's my install documentaion(it would probably be too much to name it a tutorial :) ) from the simple basic install I just did, including a web gui with ssl and Wifi config with WPA2 protection.

OpenWRT installation

Basic stuff

Procedure for completely overwriting the existing system:

  • get package *.bin from http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/openwrt-wrt54g-2.4-s...

  • ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0

  • echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-xxx-x.x-xxx.bin\n" | tftp 192.168.1.1
  • actually: echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-wrt54g-2.4-squashfs.bin\n" | tftp 192.168.1.1
  • boot linksys
  • wait ...
  • ifconfig eth0:1 down
  • login with "telnet 192.168.1.1" - no password set yet
  • change password
  • reboot - the system will now be accesible via ssh only
  • upload your ssh pubkey to 192.168.1.1:/etc/dropbear/authorized_keys

nice webinterface with x-wrt

echo  "src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/7.09/brcm-2.4/packages" >  /etc/ipkg.conf
ipkg update
ipkg install webif

And then we can already acces the web interface at http://192.168.1.1

add ssl access

ipkg install matrixtunnel openssl-util

export RANDFILE="/tmp/.rnd"
dd if=/dev/urandom of="$RANDFILE" count=1 bs=512 2>/dev/null
openssl genrsa -out /etc/ssl/matrixtunnel.key 2048; openssl req -new -batch -nodes -key /etc/ssl/matrixtunnel.key -out /etc/ssl   /matrixtunnel.csr; openssl x509 -req -days 365 -in /etc/ssl/matrixtunnel.csr -signkey /etc/ssl/matrixtunnel.key -out /etc/ssl/matrixtunnel.cert
rm -f "$RANDFILE" 2>/dev/null
unset RANDFILE
uci set webifssl.matrixtunnel.enable=1
uci commit

ln -s /etc/init.d/webifssl /etc/rc.d/S91webifssl

(maybe there is a more correct way to do the last, but I didn't really understand how the webif is making it?!)

/etc/init.d/webifssl start

OR reboot

then the webif is also at https://192.168.1.1

enable wifi

In the webif at https://192.168.1.1/cgi-bin/webif/network-wlan.sh

or:

uci set wireless.wl0.disabled=0
uci set wireless.cfg2.encryption=psk2
uci set wireless.cfg2.hidden=0
uci set wireless.cfg2.isolate=0
uci set wireless.cfg2.bgscan=0
uci set wireless.cfg2.wds=0
uci set wireless.cfg2.key=<WIFI-PASS>
uci commit

(also now sure, if that's all, I lost "temper" and clicked through the web GUI)

enable pppoe

http://192.168.1.1/cgi-bin/webif/network.sh

uci set network.wan.proto=pppoe
uci set network.wan.ppp_redial=persist
uci set network.wan.username=<PHONENUM>
uci set network.wan.password=<PASS>
uci set network.wan.defaultroute=1
uci commit

TODO

Some more advanced, not always necessary things: * enable ntp: http://192.168.1.1/cgi-bin/webif/system-settings.sh * Enable VPN: http://192.168.1.1/cgi-bin/webif/vpn-openvpn.sh * add a DMZ to be accessed publicly form wlan and another one from outside: http://192.168.1.1/cgi-bin/webif/network-interfaces.sh * web interface via https only?! -> http://192.168.1.1/cgi-bin/webif/system-settings.sh * maybe use a different than the root password for web access?!