OpenWrt Whiterussian 0.9: wireless client setup

OpenWrt Whiterussian 0.9 client setup

Setup for WRT54GL machines: step to step configuration

Upgrade the default firmware to openwrt

Download the latest openwrt release from openwrt.org: by the time we write this document, the latest stable release for WRT54GL machines is WhiteRussian 0.9, click here to download the file!
NOTE: if the machine you want to install on is anything else than a Linksys WRT54GL, check the openwrt table of hardware and download the openwrt version supporting your machine's hardware.

Connect the WRT machine to your computer. The default WRT firmware runs a DHCP server: on your computer run a dhcp request as following
```
root@yourcomputer:# dhclient
```
You'll have a response similar to this
```
(...)
DHCPOFFER from 192.168.1.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.101 -- renewal in 86400 seconds.
```
So, that means that now your computer is 192.168.1.101 and the WRT machine is 192.168.1.1

With you favourite browser, go to the WRT's web page at http://192.168.1.1

You will be asked for a username ad a password: type "admin" as username and again "admin" as password.

Now that you are in the WRT's configuration page, go to "system - > administration - > firmware upgrade", and upload there the "openwrt-wrt54g-squashfs.bin" file you previously downloaded!

Log in - change password - disable telnet

connect via telnet to your newly installed WRT machine:

root@yourcomputer:/# telnet 192.168.1.1

You are now logged in the WRT, you will see something like that:

Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------

BusyBox v1.00 (2006.03.27-00:00+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

 _______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
         |__| W I R E L E S S   F R E E D O M
WHITE RUSSIAN (RC5) -------------------------------
* 2 oz Vodka   Mix the Vodka and Kahlua together
* 1 oz Kahlua  over ice, then float the cream or
* 1/2oz cream  milk on the top.
---------------------------------------------------
root@OpenWrt:/#

Change the password to one of your choice:

root@OpenWrt:/# passwd
Changing password for root
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:
Re-enter new password:
Password changed.
root@OpenWrt:/#

Now exit the telnet client and log in again, this time with ssh

root@OpenWrt:/# exit
Connection closed by foreign host.

root@yourcomputer:# ssh root@192.168.1.1

You will be warned about the autenticity of "host 192.168.1.1": type "yes", and after it you will be asked to type your newly changed password for the WRT machine:

The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password:

NOTE: if you receive a warning "(...) Host key verification failed", just delete the offending key, or, more simply and roughly, remove the following file: " ~/.ssh/known_hosts "!!!

Now that you are logged in, remove the command that loads telnet by default (we need to do so, because telnet do not asks any password or username, and we do not want anybody to access our WRT and lan !!!)

BusyBox v1.00 (2006.03.27-00:00+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

 _______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
         |__| W I R E L E S S   F R E E D O M
WHITE RUSSIAN (RC5) -------------------------------
* 2 oz Vodka   Mix the Vodka and Kahlua together
* 1 oz Kahlua  over ice, then float the cream or
* 1/2oz cream  milk on the top.
---------------------------------------------------
root@OpenWrt:~#
root@OpenWrt:~# cd /etc/init.d
root@OpenWrt:/etc/init.d# ls
S05nvram     S40network   S50dnsmasq   S50httpd     S60cron      rcS
S10boot      S45firewall  S50dropbear  S50telnet    S99done
root@OpenWrt:/etc/init.d# rm  S50telnet
root@OpenWrt:/etc/init.d# cd /

Change NVRAM variables

The NVRAM variables are global settings that our WRT will load at boot time: here we will change some default variables in order to split the wireless interface from the ethetnet (wired) interfaces. In a default openwrt firmware, the wireless and the ethernet interfaces are bridged toghether (br0), while the DSL interface is configured to be the WAN port, the gate to the Internet. By splitting the br0 bridge, we are able to use the wireless interface (eth1) as the gate to the internet: we simply set eth1 to be the WAN interface.

NOTE: we will be always able to read the NVRAM variables typing " nvram show ". Please be careul not to make any mistake by typing NVRAM variables... results could be very nasty!. Please refer to the openwrt wiki for further informations about the NVRAM (deleting invalid arguments, ...). Also remember that any changes made to the NVRAM will vanish if we do ot run " nvram commit " before rebooting the machine!!!
First of all: enable boot_wait. Waiting some more seconds to boot will be very useful to us in case we have to re-install or upgrade our machine!
```
root@OpenWrt:/# nvram set boot_wait=on
```
Now let's set the WRT to be a wireless client instead of an access point (station), as the default setting does.
```
root@OpenWrt:/#  nvram set wl0_mode=sta
```
Let's split the wireless/wired bridge: we quit eth1 (wireless) from the lan devices (br0), and we set it to be used as the WAN device:
```
root@OpenWrt:/# nvram set lan_ifnames='vlan0 eth2 eth3'
root@OpenWrt:/# nvram set wan_ifname=eth1
```

Automatic connection on boot:

use only if you know which channel to connect by default !!!

We can set our WRT machine to automatically access a pre-defined wireless network: before doing this, we assume that we know the following informations about the network we want to join:
- SSID - the name of the wireless connection
- CHANNEL - the channel our connection is transmitting on
- PROTOCOL - if we connect dinamically (a DHCP server is working where we want to connect to), or we prefer a stable address to be assigned to our WRT, and in this case we need to know:
  - GATEWAY IP address - the IP address of the remote machine we connect to
  - NETMASK - the netmask of the network we connect to (usually 255.255.255.0)
  - our WRT's IP address - the IP addresswe assign to our wrt machine we are working on
- LAN IP ADDRESS for our WRT - that is the network address that we will assign to our WRT, all the machines connecting via the wired interfaces will be a part of this network and will use our WRT as a gateway
In our case, we want our WRT to connect automatically to a standard connection: SSID Wireless, channel 1, not using DHCP but connecting manually to the access point located at 192.168.1.1 (though we could use wl0_proto=DHCP and omit IP, NETMASK and GATEWAY SETTINGS). That's how we set the NVRAM to connect directly on system boot to this network:
```
root@OpenWrt:/# nvram set wl0_ssid='Wireless'
root@OpenWrt:/# nvram set wl0_channel=1
root@OpenWrt:/# nvram set wan_gateway=192.168.1.1
root@OpenWrt:/# nvram set wan_proto=static
root@OpenWrt:/# nvram set wan_netmask=255.255.255.0
root@OpenWrt:/# nvram set wan_ipaddr=192.168.1.99
root@OpenWrt:/# nvram set lan_ipaddr=192.168.50.1
```
As you can see, we assign our WRT the IP 192.168.1.99 for the Wireless network we connect to, while we assign the IP 192.168.50.1 for the LAN network, that means this will be the GATEWAY for all the machines connecting to uor WRT's ethernet ports!
Sometimes the WRT fails to set the ROUTE rules on boot up. We can assign a static route setting a NVRAM variable, or through an init script. In this case we prefer writing an init script with the routing rule that our WRT will follow to supply internet access for the lan
```
root@OpenWrt:/# echo "route add default gw 192.168.1.1 eth1" > /etc/init.d/S98route
root@OpenWrt:/# chmod 755 /etc/init.d/S98route
```

Every time we change some NVRAM variables, we have to store it into the flash memory of the WRT, otherwise they will be deleted by the next reboot. So we run "nvram commit" once every session where we changed something in the NVRAM settings!
```
root@OpenWrt:/# nvram commit
```
As a last configuration step, we add an alias to our /etc/profile, that we will use later (we still haven't installed the requesting package), but that will spare us a lot of tipping while we are looking for an Access Point to connect to! We will only have to tip "scan", instead of "wl scan ; sleep 1 ; wl scanresults".
```
root@OpenWrt:/# rm /etc/profile 
root@OpenWrt:/# cp /rom/etc/profile /etc/ 
root@OpenWrt:/# echo "alias scan=\"wl scan ; sleep 1 ; wl scanresults\"" >> /etc/profile
```

Download and install additional programs

Ok, done with the configuration, the last step is to install some very useful utilities for our WRT. This is a little tricky, because we will need to connect our WRT to a working internet connection: that means that we will go to some friend with a working connection, connect our WRT to the local network, download the packages (OpenWRT uses the IPKG system, that is very similar to Debian APT package management), unplug the router and then start looking for connections!

To have an automatic connection at boot up, maybe the easiest way is to write a little script, to be executed at the end of the init process (remember to tune it to your network's needs!):
```
root@OpenWrt:/# echo "ifconfig br0 192.168.1.199 up ;" > /etc/init.d/S99lanconnect
root@OpenWrt:/# echo "route add default gw 192.168.1.1 br0 ;" >> /etc/init.d/S99lanconnect
root@OpenWrt:/# echo "route del default gw 192.168.1.1 eth1 ;" >> /etc/init.d/S99lanconnect
root@Openwrt:/# echo "echo \"nameserver 192.168.1.1\" > /etc/resolv.conf ;" >> /etc/init.d/S99lanconnect 
root@OpenWrt:/# echo "echo \"nameserver 80.58.32.97\" >> /etc/resolv.conf" >> /etc/init.d/S99lanconnect
```
Now we have a small script,/etc/init.d/S99lanconnect, telling the WRT that it's lan IP is 192.168.1.199, the lan gateway and main DNS is 192.168.1.1, and telling the WRT not to use the default wireless gateway. remember to tune this settings to the LAN connection you are going to use! Maybe your lan gateway isn't 192.168.1.1!
Change permissions for this script and restart the WRT, with an ethernet cable plugged to the LAN with internet connection
```
root@OpenWrt:/# chmod 755 /etc/init.d/S99lanconnect
root@Openwrt:/# reboot
```
Now, from a computer connected in the LAN with a working internet connection, ssh into the WRT (this time responding at 192.168.1.199:
```
user@yourcomputer:# ssh 192.168.1.199
```
There you are back in your WRT. Now we will update the list of packages and install some interesting and helpful programs! There are hundreds of installable packages in OpenWRT, but don't forget that the disk space is very reduced on your machine!
```
 
root@OpenWrt:/# ipkg update 

Downloading http://downloads.openwrt.org/whiterussian/packages/Packages
Updated list of available packages in /usr/lib/ipkg/lists/whiterussian
Downloading http://downloads.openwrt.org/whiterussian/packages/non-free/Packages
Updated list of available packages in /usr/lib/ipkg/lists/non-free
Successfully terminated.

root@OpenWrt:/# ipkg install wl kismet
```
There we are... from now on, typing "scan", we will get a list of the wireless connections running in the air around our WRT. Last step is to make the S99lanconnect script unexecutable, so that it will not be executed by default:
```
root@OpenWrt:/# chmod 444 /etc/init.d/S99lanconnect
```

Connect to a wireless network

Please read our legal warning before following these instructions !!!

with "iwconfig" we can survey the actual status of the wireless interface of the WRT:

root@OpenWrt:/# iwconfig

lo        no wireless extensions.

eth0      no wireless extensions.
			
eth1      IEEE 802.11-DS  ESSID:""
          Mode:Managed  Frequency:2.462 GHz  Tx-Power:19 dBm
	  RTS thr=2347 B   Fragment thr=2346 B
	  Encryption key:off

vlan0     no wireless extensions.

vlan1     no wireless extensions.

While with "scan" you can scan your neighborhood for existing wifi connections: ("scan" is an alias of "wl scan ; sleep 1 ; wl scanresults"):

root@OpenWrt:/# scan

If your WRT gives no scan results, than move to another place or to the roof of your house. If the scanning has been succesfull you will see something like this ( Remember: press the MAIUSC key and PAGE UP to see the upper results):

SSID: "linksys"
Mode: Managed   RSSI: -95 dBm   noise: -88 dBm  Channel: 11
BSSID: 00:0F:66:D9:D6:1F        Capability: ESS ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ]
			
			
SSID: "Ajunta-miento"
Mode: Managed   RSSI: -98 dBm   noise: -88 dBm  Channel: 1
BSSID: 00:0F:21:6F:19:1A        Capability: ESS WEP
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ]
			
			
SSID: "default"
Mode: Managed   RSSI: -94 dBm   noise: -88 dBm  Channel: 1
BSSID: 00:01:36:0A:B2:1D        Capability: ESS ShortPre ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 9 12 18 24 36 48 54 ]
			
			
SSID: "Wireless"
Mode: Managed   RSSI: -83 dBm   noise: -88 dBm  Channel: 1
BSSID: 00:A0:C5:83:C7:3E        Capability: ESS
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) ]
			
			
SSID: "Ipay4ya"
Mode: Managed   RSSI: -92 dBm   noise: -89 dBm  Channel: 6
BSSID: 00:C0:49:E0:68:7A        Capability: ESS ShortPre PBCC ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 22 6 9 12 18 24 36 48 54 ]

here we received a lot of informations we need about wireless networks on air:

SSID - the name of the connection
Channel - the channel the connections is broadcasting on
BSSID - the MAC adress of your neighbour's router
RSSI - the quality of the signal your WRT is receveing form this connection
Capability - tells you if a network is open (ESS, ESS Short...) or crypted (ESS WEP)

First of all, look at the capability: if it says WEP or WPA or some oscure settings, than we will not be able to connect (search on the internet for "aircrack-ng", you can download it on a Openwrt); the rest of the channels are open, these are the channels we will try to connect to. Now look at the RSSI: if it's lower than 90 (89 is also good!), it means the signal we are receveing is enough strong, otherwise we are too far away or something is obstaculizing the connection (plastic do not stops the waves, wall and metals do!). Let's try to connect: (just type: "wl join", and the SSID of where you whant to connect)

root@OpenWrt:/# wl join Wireless

If jou joined the connection, than your iwconfig has changed. If it was not succesful, than your iwconfig has not changed: scan and try to join again a channel. Let's have a look at "iwconfig":

root@OpenWrt:/# iwconfig
		
lo        no wireless extensions.
			
eth0      no wireless extensions.
			
eth1      IEEE 802.11-DSF  ESSID:"Wireless"
	  Mode:Managed  Channel:10  Access Point: 00:A0:C5:98:F2:95
	  Bit Rate:5.5Mb/s   Tx-Power=15 dBm
	  Retry limit:0   RTS thr:off   Fragment thr:off
	  Encryption key:off
	  Link Quality:1/5  Signal level:-89 dBm  Noise level:-256 dBm
	  Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
	  Tx excessive retries:0  Invalid misc:0   Missed beacon:0
			
vlan0     no wireless extensions.
			
vlan1     no wireless extensions

As you can see, we succesfully connected: the ESSID has changed to the one we wanted to join, and we do have a link quality (from 0/5 to 5/5).

Now that we joined the wireless connection, we still have to join the LAN network. We can try to connect via DHCP or by manual IP configuration.
- The DHCP way: your WRT sends a DHCP request to the other wireless router. This is done trough the "udhcp" command: you can combine "udhcp" with an interface ("-i eth1" means to look for a DHCP server in the wireless interface, "-i br0" in a cable connected LAN), or with "-b", working in the background.
- Manual configuration: this is done with IP numbers, which are the addresses of the computers. Usually the number of your neighbour's router is a standard one: 192.168.1.1, but it could be different: 192.168.0.1, 192.168.2.1, 10.0.0.1. That means different network broadcasts: if your neighbour's router is 192.168.1.1 than we must be 192.168.1.something to reach it (ex. 192.168.1.77, 192.168.1.178, ...); if the IP is 192.168.2.1 than we must be 192.168.2.something. Let's try: give your computer an ip number for the wifi interface (use number between 51 and 99 or between 151 and 199)
```
root@OpenWrt:/# ifconfig eth1 192.168.1.77 up
```
  Now let's try to contact your neighbour's router (stop pinging with "control-C"):
```
root@OpenWrt:/# ping 192.168.1.1
```
  If the answer was "network not reacheable", than change with "ifconfig" your ip number to 192.168.0.77 or to 192.168.2.77, or to 10.0.0.77 or to 10.0.1.77 and ping the number 1 in the same network broadcast: 192.168.0.1, 192.168.2.1, 10.0.0.1, 10.0.1.1). If nothing is working, than change your wifi connection...
  
  If the ping succeded, than the result will be something like this:
```
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=254 time=3.2 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=254 time=2.9 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=254 time=2.8 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=254 time=2.9 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=254 time=7.4 ms
```
  Ok, we are exchanging informations with our neighbour's router. Now we will tell our WRT to use our neighbour's router as a gateway to the internet:
```
root@OpenWrt:/# route add default gw 192.168.1.1 eth1
root@OpenWrt:/# route
			
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.99.0    *               255.255.255.0   U     0      0        0 vlan0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
```
  - vlan0 is the ethernet interface of the WRT. Both your computer and the WRT are in the 192.168.99.something network, your computer will also use the WRT as a gateway.
  - eth1 is the wifi interface of the WRT, it uses a network number 192.168.1.something to communicate with your'neigbourgh's router AND it uses your neighbour's router (192.168.1.1) as a gateway.
  Let's try to ping an address in the internet:
```
root@OpenWrt:/# ping 141.20.1.3
```
  If you don't get any response, something is wrong or your neighbours are not connected to the internet, so, try with another wifi connection. If you had a response, than let's go to the last step: see if the domain names (www.google.com, www.squat.net, ...) are successfully translated in IP numbers:
```
root@OpenWrt:/# ping heise.de
```
  If you get a response, you're in, welcome to the OpenWrt wardriving team! If you don't get any response, then you need to change the "/etc/resolv.conf" file. This tells your machine which machine is doing the domain name resolution (DNS) for you. in the resolv.conf file there should be the IP number of your neighbour's router. just put it in. You can write typing the "i" key, to exit and save press "ESC", ":" and "x"
```
root@OpenWrt:/# vi /etc/resolv.conf
```
  If you cannot save the file, than it's because it's not a real file, but just a link: remove it and write a new one:
```
root@OpenWrt:/# rm /etc/resolv.conf
root@OpenWrt:/# vi /etc/resolv.conf
```
  Here there is an example of a working "resolv.conf" file for Barcelona:
```
nameserver 192.168.1.1

#commercial servers
nameserver 80.58.32.97
nameserver 194.224.52.37

#ORSN public servers
nameserver 217.146.139.5
nameserver 62.157.101.211
```
Now that you have an internet connection, remember that your WRT's is already running a DHCP service for your internal LAN (look in "/etc/dnsmasq.conf" on the WRT), or if you want to configure your computers manually, the WRT's IP number should be the GATEWAY AND DNS for your computer, so in linux you will have to cahnge the route of your computer adding the WRT IP number as gateway, and you should change the /etc/resolv.conf putting your WRT IP number as a nameserver (you can just add it); in windows, in the properties of the connections, there is TCP/IP, open it, put the WRT IP number as gateway and also as DNS (the submask should be 255.255.255.0)

PLEASE REMEMBER:

LEGAL WARNING - depending on your territory's national laws, the use of a connection without permission could be a delict !!! Please be sure to have an explicit authorization of the connection's owner when you follow the instructions contained in this document !!! This document is intended to be used for connections which you have been authorized to use, or in a country where national laws do not consider this practice as a delict. We (the authors of this document) decline every responsability if you are useing this instructions in a country where you are not allowed to connect to stranger's networks or if you connect without explicit authorization! You have been warned !!!

- you have a weak anonimity: everything you do on the internet will result in comeing from your neighbour's connection. Please remember that you always leave a trace of what you do, when and who you are, everywhere you go on the internet. Everybody scanning in your neighborhood will be able to read what you write (if you don't encrypt it), and which pages you are visiting.
- if you abuse of your neighbour's connection, they will notice it and protect against you... so if you are downloading 24 hours a day, you will soon be thrown out... that means: if you abuse of your neighbour's connection (like emule running 24/7 without any limits), soon you will have to find another internet connection...
Sharing a connections with the neighbourhood is a very nice and intelligent practice. Please be respectful with your neighbour's connections which are completely open, and share a connection yourself if you have one (on an OpenWrt router, the QOS - Quality of service - package will allow you the full decision about what, how much, and when share bandwidth to your wireless neghbours)

Reminder of useful OpenWrt shell commands

"udhcp -i eth1" - looks for a DHCP server in the wireless connection
"nvram get variable" - shows the actual configuration for that variable
"nvram set variable" - sets a new configuration for that variable
"nvram show | grep XXX" - shows all the variables containing XXX (that's very useful!)
"nvram commit" - stores nvram changes (do it once you have finished all your changes, if you don't run it, changes in the nvram vill be vanished by reboot!)
"iwconfig" - shows the actual wireless status
"ifconfig" - shows the actual IP status of your interfaces (eth1 and br0 will interest you)
"route" - shows the actual routing table
"cat /etc/resolv.conf" - shown actual DNS configuration
"passwd" - changes the password
"iwconfig eth1 mode master" - changes the client status of the WRT, converting it into an Access Point (useful because it has more scanning power, but you will not be able to connect to neworks... go back to normal state with "iwconfig eth1 mode managed")

---

References:

OpenWrt homepage

OpenWrt Wiki

-----------------------------
last update: inputs_marmalade 1/6/2007

###
contributions / feedback / questions


gpg public key
http://ram.squat.net/tech/inputs.marmalade.asc
###