Menu
Project
Sponsored links
The first thing to do is flash the router with new firmware. OpenWrt started as a Linux distribution for the Linksys WRT54G, but at the moment there is much more supported hardware, check also
.
There are two releases: White Russian (previous) and Kamikaze (current). If you are on modest/old hardware like me, I would advise to choose White Russian as this release is considerably lighter on resources. Even then we will be using shell to program all our utilities, do not even think about perl!
The next step is choosing the variation. The default version is recommended because it provides pppoe. In this way we can configer our modem as a pure gateway. And then comes the method for flashing. Although you probably can install the firmware through your current webinterface, TFTP is a better idea in case anything went wrong. You will need a TFTP client for this, chances are that your OS comes shipped with this utility.
Done? Congratulations! You can telnet into your linux router. Please make sure that the boot_wait flag is on. This delays the boot process for a few seconds, allowing a new firmware to be installed through the bootloader in case of problems. Here is how:
#nvram get boot_wait // if on that's ok, if not do the next steps
#nvram set boot_wait=on
#nvram commit
If your modem was not configured for pppoe, log out from telnet and plug your computer ethernet cable into the modem. Perhaps you have to reboot your PC to have access to the modem configuration web page, select pppoe and refit the ethernet cables.
Back in the telnet session, set your ISP credentials in nvram: ppp_username and ppp_passwd. Don't forget to commit and reboot. You should have internet :-) Again telnet into the router and check it out with a ping. Time to start business:
#ipkg update
#ipkg install dropbear
#passwd
#reboot
You should now have ssh access to your router, login with ssh root@router-ip and your password. OK? Than we want to delete telnet because it is insecure, and remove some other packages to make room:
#rm /etc/init.d/Sxxtelnet
#rm /etc/init.d/Sxxhttpd
#rm -r /www/*
#ipkg remove webif haserl
We are done! Surely, you will want to do also some network and wpa configuration...
The next step is choosing the variation. The default version is recommended because it provides pppoe. In this way we can configer our modem as a pure gateway. And then comes the method for flashing. Although you probably can install the firmware through your current webinterface, TFTP is a better idea in case anything went wrong. You will need a TFTP client for this, chances are that your OS comes shipped with this utility.
Done? Congratulations! You can telnet into your linux router. Please make sure that the boot_wait flag is on. This delays the boot process for a few seconds, allowing a new firmware to be installed through the bootloader in case of problems. Here is how:
#nvram get boot_wait // if on that's ok, if not do the next steps
#nvram set boot_wait=on
#nvram commit
If your modem was not configured for pppoe, log out from telnet and plug your computer ethernet cable into the modem. Perhaps you have to reboot your PC to have access to the modem configuration web page, select pppoe and refit the ethernet cables.
Back in the telnet session, set your ISP credentials in nvram: ppp_username and ppp_passwd. Don't forget to commit and reboot. You should have internet :-) Again telnet into the router and check it out with a ping. Time to start business:
#ipkg update
#ipkg install dropbear
#passwd
#reboot
You should now have ssh access to your router, login with ssh root@router-ip and your password. OK? Than we want to delete telnet because it is insecure, and remove some other packages to make room:
#rm /etc/init.d/Sxxtelnet
#rm /etc/init.d/Sxxhttpd
#rm -r /www/*
#ipkg remove webif haserl
We are done! Surely, you will want to do also some network and wpa configuration...
Most routers have no clock hardware. The date must set be set at boot and needs to be synchronised at regular intervals. Per 24 hours it can go 30 seconds wrong.
We will use the built in function rdate for setting the clock so we can avoid installing the ntp client. Have look at S55rdate in the downloads area. As simple as that! Save the script in /etc/init.d/, make it executable and set a cron entry to repeat it every day. Please adapt the TZ file in /etc to define your timezone
We will use the built in function rdate for setting the clock so we can avoid installing the ntp client. Have look at S55rdate in the downloads area. As simple as that! Save the script in /etc/init.d/, make it executable and set a cron entry to repeat it every day. Please adapt the TZ file in /etc to define your timezone
If you have no static public IP address, then it is a good idea to set up a DYNDNS account. You will need it on the road to find your home.
And we need an update utility. You can find these programs on the internet both for PC and routers. We will write our own client for the router because that is where it belongs and we want it small.
Have a look at S80ipcheck in the downloads area, notice that it is in shell and much smaller than available "full" clients, but this only works for DYNDNS.com! Set your dyndns credentials in the first lines, save it to /etc/init.d/ and make ik executable. You need to make also a cron entry to repeat itself every 5 minutes or so.
Done! After the first run, you will see in /etc/ a file IP with the current IP address. In /var/log/ you will see a file dyndns with the last answer from DYNDNS.
Have a look at S80ipcheck in the downloads area, notice that it is in shell and much smaller than available "full" clients, but this only works for DYNDNS.com! Set your dyndns credentials in the first lines, save it to /etc/init.d/ and make ik executable. You need to make also a cron entry to repeat itself every 5 minutes or so.
Done! After the first run, you will see in /etc/ a file IP with the current IP address. In /var/log/ you will see a file dyndns with the last answer from DYNDNS.
Installing a PBX package on OpenWrt is as easy as this:
#ipkg install asterisk-mini
This will get you Asterisk v1.0.10-1, quite old and minimal but it does the job. Forget about a compiling a newer version, testimonials on the internet forget to say that they have nothing else on the router. One thing you can do is to download the more recent Kamikaze Asterisk to your PC, and copy the modules of your interest to the modules directory on the router. That works :-) Support for an Asterisk that old is very limited on the internet. Fortunately, the first edition of the Asterisk book is still free available on line.
One quirk I did not found documented: the title of the configuration section needs to be the same as the name of the voip server. Take a look at this section from sip.conf for Gizmo:
register => 17123456789:my_password@proxy01.sipphone.com
[proxy01.sipphone.com]
type=friend
host=proxy01.sipphone.com
secret=my_password
context=incoming
dtmfmode=rfc2833
insecure=very
The start up script in /etc/init.d/ is rather complicated as it wants to recover problems. I can confirm that Asterisk never crashes, just replace it with S60asterisk from the downloads area. While you're at it, do not forget to update your firewall settings.
Be persistent if it is your first time out with Asterisk. You will need to work your way through the book to implement a nice dial plan and you will have to consult voip-info.org for provider configuration. The result is rewarding.
#ipkg install asterisk-mini
This will get you Asterisk v1.0.10-1, quite old and minimal but it does the job. Forget about a compiling a newer version, testimonials on the internet forget to say that they have nothing else on the router. One thing you can do is to download the more recent Kamikaze Asterisk to your PC, and copy the modules of your interest to the modules directory on the router. That works :-) Support for an Asterisk that old is very limited on the internet. Fortunately, the first edition of the Asterisk book is still free available on line.
One quirk I did not found documented: the title of the configuration section needs to be the same as the name of the voip server. Take a look at this section from sip.conf for Gizmo:
register => 17123456789:my_password@proxy01.sipphone.com
[proxy01.sipphone.com]
type=friend
host=proxy01.sipphone.com
secret=my_password
context=incoming
dtmfmode=rfc2833
insecure=very
The start up script in /etc/init.d/ is rather complicated as it wants to recover problems. I can confirm that Asterisk never crashes, just replace it with S60asterisk from the downloads area. While you're at it, do not forget to update your firewall settings.
Be persistent if it is your first time out with Asterisk. You will need to work your way through the book to implement a nice dial plan and you will have to consult voip-info.org for provider configuration. The result is rewarding.
We want some server functionality on the router to communicate with the control network and to dispatch html for the user interface. Using a superserver for this helps in limiting CPU resources. I chose xinetd for security, install it:
#ipkg install xinetd
Ther are some issues with the start up script in /etc/init.d/, replace it the modified S50xinetd from the downloads area. Do copy also the xinetd configuration file to /etc/default/. Stop and start S50xinetd (restart does not work), you can examine the log in /var/log/xinetd.
#ipkg install xinetd
Ther are some issues with the start up script in /etc/init.d/, replace it the modified S50xinetd from the downloads area. Do copy also the xinetd configuration file to /etc/default/. Stop and start S50xinetd (restart does not work), you can examine the log in /var/log/xinetd.
We have deleted the httpd deamon to save space and CPU resources. Let's program our own service so we can test xinetd and provide browsers with a gui. Do not raise any ambitions, it will be a very very simple webserver.
To test it, create a 'Hello World!' file in /www/ and name it test.htm. Put services and xinetd.conf from the download area in /etc/, wwwd in /usr/sbin/. Now stop-start xinetd and have a look at the log. Have a service running, good, point your browser at the router IP and you should see 'Hello World!'.
When you examine the wwwd script, you will see that it only serves one hard coded file. That is exactly what it is meant for: delivering a user interface. You could change this to deliver any file that is asked for, but be aware of safety! Any file means ANY file, when doing this, you should limit access tot the www directory...
Surely, we want to control our system from the world wide web. I see no prolem opening port 80 on the firewall, that gives only the naked GUI. The real control however should be tunneled over ssh.
To test it, create a 'Hello World!' file in /www/ and name it test.htm. Put services and xinetd.conf from the download area in /etc/, wwwd in /usr/sbin/. Now stop-start xinetd and have a look at the log. Have a service running, good, point your browser at the router IP and you should see 'Hello World!'.
When you examine the wwwd script, you will see that it only serves one hard coded file. That is exactly what it is meant for: delivering a user interface. You could change this to deliver any file that is asked for, but be aware of safety! Any file means ANY file, when doing this, you should limit access tot the www directory...
Surely, we want to control our system from the world wide web. I see no prolem opening port 80 on the firewall, that gives only the naked GUI. The real control however should be tunneled over ssh.
The main script is kept in /etc/init.d/S35firewall. Have a look at it, mine had a bug in the statement for searching the public IP. Not that it really matters thoug because that varaiable is never used further.
Still a good idea to fix it while you are at it, make sure the public IP is found in the WAN interface:
WAN="$(nvram get wan_ifname)"
EXTIP=$(ifconfig $WAN | grep 'inet addr' | cut -f 2 -d\: | cut -f 1 -d' ')
The firewall user settings go in /etc/firewall.user. At the moment we will just open up for asterisk:
### SIP
iptables -A input_rule -p udp -m udp --dport 5060 -j ACCEPT
### IAX2
#iptables -A input_rule -p udp -m udp --dport 4569 -j ACCEPT
### RTP media stream
iptables -A input_rule -p udp --dport 10000:20000 -j ACCEPT
### GIZMO
iptables -A input_rule -p udp --dport 5004 -j ACCEPT
### STUN
iptables -A input_rule -p udp --dport 3478 -j ACCEPT
WAN="$(nvram get wan_ifname)"
EXTIP=$(ifconfig $WAN | grep 'inet addr' | cut -f 2 -d\: | cut -f 1 -d' ')
The firewall user settings go in /etc/firewall.user. At the moment we will just open up for asterisk:
### SIP
iptables -A input_rule -p udp -m udp --dport 5060 -j ACCEPT
### IAX2
#iptables -A input_rule -p udp -m udp --dport 4569 -j ACCEPT
### RTP media stream
iptables -A input_rule -p udp --dport 10000:20000 -j ACCEPT
### GIZMO
iptables -A input_rule -p udp --dport 5004 -j ACCEPT
### STUN
iptables -A input_rule -p udp --dport 3478 -j ACCEPT
Advertisements