The following lines were added (+) and removed (-):
''update note 8/9/2010: This guide is for the Asus WL-500g Premium version 1 which has the Broadcom 4704 (Broadcom 4318). Asus rereleased the WL-500gP with a slower chip that is not yet supported.''<big>'''1.''' </big> Configure interfaces and vlans<big>'''2.''' </big> Checking to see if all my RAM is enabled: free total used free shared buffers Mem: 30516 8768 21748 0 872 Swap: 0 0 0 Total: 30516 8768 21748It is.<big>'''3.''' </big> Configure the wireless interface nvram set wl0_ssid="myhotspot" nvram set wl0_mode="ap" (skip, default) nvram wl0_closed=0 (set to 1 to hide ssid) nvram set wl0_radio=0 (disabled radio if you run 'wifi' afterwards)defaults: wl_radio_x=1 wl0_radio_x=1 wl0_radio_power_x=17 size: 11539 bytes (21229 left) wl0_radioids=BCM2050 wl0_radio_time_x=00002359 wl0_radio_date_x=1111111 wl_radio_time_x=00002359 wl_radioids= wl0_radio=0 wl_radio=1 wl_radio_date_x=1111111 wl_radio_power_x=17 wifi (command to apply changes) nvram show (see the configuration)<big>'''4.''' </big> Build a current package list, this step requires an Internet connection. <nowiki>nvram set wan_ipaddr=10.21.204.250 (just until I am done configuring)</nowiki> <nowiki>nvram set lan_ipaddr=192.168.XX.3 just until I am done configuring)</nowiki> <nowiki>nvram set lan_gateway=192.168.XX.1 (just until I am done configuring)</nowiki> <nowiki>vi /etc/resolv.conf nameserver 64.21.192.5</nowiki> <nowiki>/etc/init.d/S40network restart </nowiki> <nowiki></nowiki> <nowiki>ipkg update (update package database)</nowiki> <nowiki>ipkg list (view list of available packages)</nowiki> <nowiki>ipkg status (view packages you have installed)</nowiki> <nowiki></nowiki> <nowiki>ipkg install kmod-usb2</nowiki> <nowiki>insmod ehci-hcd</nowiki> <nowiki>ipkg install kmod-usb-storage</nowiki> <nowiki>insmod scsi_mod</nowiki> <nowiki>insmod sd_mod</nowiki> <nowiki>insmod usb-storage</nowiki> <nowiki></nowiki> <nowiki>reboot</nowiki> <nowiki></nowiki> <nowiki>dmesg|grep -i usb</nowiki> <nowiki></nowiki> <nowiki>ipkg install kmod-vfat</nowiki> <nowiki>ipkg install kmod-ext2</nowiki> <nowiki>ipkg install kmod-ext3</nowiki>Using the insmod is not necessary if you reboot. insmod fat insmod vfat insmod ext2 insmod ext3 insmod jbd ipkg install http://downloads.openwrt.org/backports/rc5/fdisk_2.12r-1_mipsel.ipk mkdir -p /mnt fdisk -l mount /dev/scsi/host0/bus0/target0/lun0/part1 /mntThese settings should be retained after a reboot. I have noticed that sometimes after a reboot the USB device does not show up. Installing and using IPKG packages in mount point other than root*(I did not complete this procedure) echo dest usb /mnt/disc0_1 >> /etc/ipkg.confBooting from the USB drive, with failover to the Flash umount /dev/scsi/host0/bus0/target0/lun0/part1 fdisk /dev/scsi/host0/bus0/target0/lun0/part1*Press 'd' to delete 1, 2, 3, and 4*Press 'n' for new*Press 'w' for write ipkg install http://downloads.openwrt.org/backports/rc5/e2fsprogs_1.38-1_mipsel.ipk ln -s /proc/mounts /etc/mtab mke2fs -j /dev/scsi/host0/bus0/target0/lun0/part1 mount -t ext3 /dev/scsi/host0/bus0/target0/lun0/part1 /mnt mkdir /tmp/root mount -o bind /rom /tmp/root mount -o bind / /tmp/root cp /tmp/root/* /mnt -a umount /tmp/root umount /mnt rm /sbin/initAnd replace it with this script: <nowiki>#!/bin/sh</nowiki> <nowiki># change this to your boot partition</nowiki> <nowiki>boot_dev="/dev/scsi/host0/bus0/target0/lun0/part1"</nowiki> <nowiki></nowiki> <nowiki>for module in usbcore ehci-hcd scsi_mod sd_mod usb-storage jbd ext3; do {</nowiki> <nowiki> insmod $module</nowiki> <nowiki>}; done</nowiki> <nowiki># this may need to be higher if your disk is slow to initialize</nowiki> <nowiki>sleep 4s</nowiki> <nowiki># mount the usb stick</nowiki> <nowiki>mount "$boot_dev" /mnt</nowiki> <nowiki># if everything looks ok, do the pivot root</nowiki> <nowiki>[ -x /mnt/sbin/init ] && {</nowiki> <nowiki> mount -o move /proc /mnt/proc && \</nowiki> <nowiki> pivot_root /mnt /mnt/mnt && {</nowiki> <nowiki> mount -o move /mnt/dev /dev</nowiki> <nowiki> mount -o move /mnt/tmp /tmp</nowiki> <nowiki> mount -o move /mnt/jffs2 /jffs2 2>&-</nowiki> <nowiki> mount -o move /mnt/sys /sys 2>&-</nowiki> <nowiki> }</nowiki> <nowiki>}</nowiki> <nowiki># finally, run the real init (from USB hopefully).</nowiki> <nowiki>exec /bin/busybox init</nowiki>Make sure your new /sbin/init is executable: chmod a+x /sbin/initIf it mounts correctly it will look like this: <nowiki>root@OpenWrt:~# mount</nowiki> <nowiki>/dev/root on /mnt/rom type squashfs (ro)</nowiki> <nowiki>none on /dev type devfs (rw)</nowiki> <nowiki>none on /proc type proc (rw)</nowiki> <nowiki>none on /tmp type tmpfs (rw,nosuid,nodev)</nowiki> <nowiki>/dev/mtdblock/4 on /mnt/jffs type jffs2 (rw)</nowiki> <nowiki>/jffs on /mnt type mini_fo (rw)</nowiki> <nowiki>none on /dev/pts type devpts (rw)</nowiki> <nowiki>none on /proc/bus/usb type usbfs (rw)</nowiki> <nowiki>/dev/scsi/host0/bus0/target0/lun0/part1 on /mnt/mnt/disc0_1 type ext3 (rw)</nowiki> <nowiki>/dev/scsi/host0/bus0/target0/lun0/part1 on / type ext3 (rw)</nowiki>* Actually the disc0_1 line may not be correct. Unconfirmed if this is the result of a previous attempt to mount that is "stuck" in mtab.* If booted from the USB flash drive, then packages installed by ipkg will go on the usb drive anyway. If the system boots failover to the internal flash, that package will be absent.If everything went alright, you will not have to change your root password, and when you execute a 'ipkg list' you will see all of the packages from the database, which would otherwise have been absent. Use 'ipkg status' to show installed packages.== DNS and DHCP ==The Asus WL-500gP has internal DHCP capabilities. Using the nvram option the Asus router own DHCP server can be enabled, however, to make the router respond to dns queries as a caching names server you should use dnsmasq instead.Disable the router dhcp server and enable dhcp assignment via dnsmasq. To use dnsmasq simply edit the following file: /etc/dnsmasq.conf I used dnsmasq.conf instead of nvram. I wiped the S60dnsmasq file and created my own. My init script for dnsmasq contains only the fillowing line: killall -9 dnsmasq ; dnsmasq -K -I vlan1My /etc/dnsmasq.conf contains the following: <nowiki># filter what we send upstream</nowiki> <nowiki>domain-needed</nowiki> <nowiki>bogus-priv</nowiki> <nowiki>filterwin2k</nowiki> <nowiki>localise-queries</nowiki> <nowiki></nowiki> <nowiki># allow /etc/hosts and dhcp lookups via *.lan</nowiki> <nowiki>local=/lan/</nowiki> <nowiki>domain=lan</nowiki> <nowiki>expand-hosts</nowiki> <nowiki>no-negcache</nowiki> <nowiki>resolv-file=/etc/resolv.conf</nowiki> <nowiki></nowiki> <nowiki># enable dhcp (start,end,netmask,leasetime)</nowiki> <nowiki>dhcp-authoritative</nowiki> <nowiki></nowiki> <nowiki># dhcp-range=[network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]</nowiki> <nowiki>dhcp-range=lan,192.168.XX.100,192.168.XX.150,255.255.255.0,24h</nowiki> <nowiki>dhcp-range=wifi,192.168.XY.100,192.168.XY.105,255.255.255.0,2h</nowiki> <nowiki></nowiki> <nowiki>dhcp-leasefile=/var/dhcp.leases</nowiki> <nowiki></nowiki> <nowiki># use /etc/ethers for static hosts; same format as --dhcp-host</nowiki> <nowiki># <hwaddr> <ipaddr></nowiki> <nowiki>read-ethers</nowiki> <nowiki></nowiki> <nowiki># other useful options:</nowiki> <nowiki># default route(s): dhcp-option=3,192.168.1.1,192.168.1.2</nowiki> <nowiki># dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2</nowiki> <nowiki>dhcp-option=6,64.21.192.5,64.21.192.6</nowiki>== Configuring dnsmasq to use different IP ranges for wired and wireless ==Firewall initialization by running a startup script in /etc/init.d Next it calls the user configuration file /etc/firewall.user To better understand the firewall rules I will document notes about them in this section.Starting with /etc/init.d/S35firewall== OpenVPN Installation and Configuration ==First, install the package and then generate a static key file /etc/static.key ipkg install openvpn mkdir /etc/openvpn openvpn --genkey --secret /etc/openvpn/wlan.keyOther guides advise the installation of openssl, lzo, and kmod-tun, however, I found them to already be installed. Allow OpenVPN connections from the Wifi to the LAN - rules need to be added to firewall.user. iptables -t nat -A prerouting_rule -i br0 -p udp --dport 1194 -j ACCEPT iptables -A input_rule -i br0 -p udp --dport 1194 -j ACCEPTThe tunneling module insmod tun echo "tun" >> /etc/modulesNow /etc/modules should look like this: wl tunCreate /etc/openvpn/wlan.conf dev tap0 proto udp port 1194 keepalive 10 120 ;comp-lzo status openvpn-status.log secret /etc/openvpn/wlan.key persist-key persist-tun verb 6 max-clients 10''note: I have tried "proto tcp-server" using tcp protocol. It is much slower than using udp. For some people udp won't work and therefore they have to use tcp.''Create /etc/openvpn/makebridge <nowiki>#!/bin/sh</nowiki> <nowiki>br="br0"</nowiki> <nowiki>tap="tap0"</nowiki> <nowiki>case "$1" in</nowiki> <nowiki> up)</nowiki> <nowiki> insmod tun</nowiki> <nowiki> for t in $tap; do</nowiki> <nowiki> openvpn --mktun --dev $t</nowiki> <nowiki> done</nowiki> <nowiki> for t in $tap; do</nowiki> <nowiki> brctl addif $br $t</nowiki> <nowiki> done</nowiki> <nowiki> for t in $tap; do</nowiki> <nowiki> ifconfig $t 0.0.0.0 promisc up</nowiki> <nowiki> done</nowiki> <nowiki> ;;</nowiki> <nowiki> down)</nowiki> <nowiki> for t in $tap; do</nowiki> <nowiki> ifconfig $t 0.0.0.0 down</nowiki> <nowiki> done</nowiki> <nowiki> for t in $tap; do</nowiki> <nowiki> brctl delif $br $t</nowiki> <nowiki> done</nowiki> <nowiki> for t in $tap; do</nowiki> <nowiki> openvpn --rmtun --dev $t</nowiki> <nowiki> done</nowiki> <nowiki> rmmod tun</nowiki> <nowiki> ;;</nowiki> <nowiki> *)</nowiki> <nowiki> echo "$0 {up|down}"</nowiki> <nowiki> ;;</nowiki> <nowiki>esac</nowiki>Create /etc/init.d/S65openvpn <nowiki>#!/bin/sh</nowiki> <nowiki>case "$1" in</nowiki> <nowiki> start)</nowiki> <nowiki> /etc/openvpn/makebridge up</nowiki> <nowiki> openvpn --daemon --config /etc/openvpn/wlan_roachnet.conf</nowiki> <nowiki> ;;</nowiki> <nowiki> restart)</nowiki> <nowiki> $0 stop</nowiki> <nowiki> sleep 3</nowiki> <nowiki> $0 start</nowiki> <nowiki> ;;</nowiki> <nowiki> reload)</nowiki> <nowiki> killall -SIGHUP openvpn</nowiki> <nowiki> ;;</nowiki> <nowiki> stop)</nowiki> <nowiki> killall openvpn</nowiki> <nowiki> /etc/openvpn/makebridge down</nowiki> <nowiki> ;;</nowiki> <nowiki>esac</nowiki>Execute permissions on file chmod a+x /etc/init.d/S65openvpnStart the OpenVPN and check out interfacesSome modifications to the iptables firewall /etc/firewall.user iptables -t nat -A prerouting_rule -i br1 -p udp --dport 1194 -j ACCEPT iptables -A input_rule -i br1 -p udp --dport 1194 -j ACCEPT== WPA Wireless Security ==Enable WPA Wireless Security (as opposed to WEP)# WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium.# nas is the proprietary binary tool that sets up dynamic encryption (WEP/WPA) on the wireless device.To use WPA the NAS package must be installed. ipkg install nas nvram set wl0_auth_mode="" was wl0_auth_mode=open nvram set wl0_akm=psk was wl0_akm=none nvram set wl0_crypto=aes+tkip was wl0_crypto=tkip nvram set wl0_auth=0 was wl0_auth=0 nvram set wl0_wpa_psk=yoursecretp was wl0_wpa_psk=""''(replace yoursecretp with a password of your choice, I used something with letters, numbers, and symbols)'' nvram commitNote: I chose to use PSK instead of PSK2 because PSK2 is not supported on my WinXP laptop OOB without updating something (probably wifi related driver).The startup script for NAS has to be modified for our interface configuration. It defaults to br0, but with our setup our wifi is on br1. vi /etc/init.d/S41wpaReplace all references to br0 with br1. There should be two references.Line 7: brctl show 2>&- | grep "${real_ifname}" >&- 2>&- && ifname=br1line 86: [ "$ifname" = "br1" ] && exitWhen the NAS service is running, doing a ps ax should show the process: /usr/sbin/nas -P /var/run/nas.lan.pid -l br1 -H 34954 -i eth2 -A -m 4 -k yoursecretp -s icarus -w 6 -g 360 [[Category:WiFi]][[Category:Hacking]]