OpenWRT with x-wrt install

Another OpenWRT installation - with WEB GUI this time. OpenWRT has become quite nice and useable. Still it's docs are not always up to date and sometimes cumbersome to get around. Here's my install documentaion(it would probably be too much to name it a tutorial :) ) from the simple basic install I just did, including a web gui with ssl and Wifi config with WPA2 protection.

OpenWRT installation

Basic stuff

Procedure for completely overwriting the existing system:

  • get package *.bin from

  • ifconfig eth0:1 netmask

  • echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-xxx-x.x-xxx.bin\n" | tftp
  • actually: echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-wrt54g-2.4-squashfs.bin\n" | tftp
  • boot linksys
  • wait ...
  • ifconfig eth0:1 down
  • login with "telnet" - no password set yet
  • change password
  • reboot - the system will now be accesible via ssh only
  • upload your ssh pubkey to

nice webinterface with x-wrt

echo  "src X-Wrt" >  /etc/ipkg.conf
ipkg update
ipkg install webif

And then we can already acces the web interface at

add ssl access

ipkg install matrixtunnel openssl-util

export RANDFILE="/tmp/.rnd"
dd if=/dev/urandom of="$RANDFILE" count=1 bs=512 2>/dev/null
openssl genrsa -out /etc/ssl/matrixtunnel.key 2048; openssl req -new -batch -nodes -key /etc/ssl/matrixtunnel.key -out /etc/ssl   /matrixtunnel.csr; openssl x509 -req -days 365 -in /etc/ssl/matrixtunnel.csr -signkey /etc/ssl/matrixtunnel.key -out /etc/ssl/matrixtunnel.cert
rm -f "$RANDFILE" 2>/dev/null
uci set webifssl.matrixtunnel.enable=1
uci commit

ln -s /etc/init.d/webifssl /etc/rc.d/S91webifssl

(maybe there is a more correct way to do the last, but I didn't really understand how the webif is making it?!)

/etc/init.d/webifssl start

OR reboot

then the webif is also at

enable wifi

In the webif at


uci set wireless.wl0.disabled=0
uci set wireless.cfg2.encryption=psk2
uci set wireless.cfg2.hidden=0
uci set wireless.cfg2.isolate=0
uci set wireless.cfg2.bgscan=0
uci set wireless.cfg2.wds=0
uci set wireless.cfg2.key=<WIFI-PASS>
uci commit

(also now sure, if that's all, I lost "temper" and clicked through the web GUI)

enable pppoe

uci set network.wan.proto=pppoe
uci set network.wan.ppp_redial=persist
uci set network.wan.username=<PHONENUM>
uci set network.wan.password=<PASS>
uci set network.wan.defaultroute=1
uci commit


Some more advanced, not always necessary things: * enable ntp: * Enable VPN: * add a DMZ to be accessed publicly form wlan and another one from outside: * web interface via https only?! -> * maybe use a different than the root password for web access?!