Tag Archives: WRT54GL

OpenWrt 15.05 on Legacy Devices (16Mb RAM)

There are 86 devices on the OpenWrt homepage listed as supported, but with only 16Mb of RAM. Those devices work just fine with OpenWrt Backfire 10.03.1, but not with more recent OpenWrt releases.

I myself own a Linksys WRT54GL and I used Barrier Breaker 14.07 with some success.

With 15.05 there is a new feature available: zram-swap. A bit simplified, it means the system can compress its memory, effectively making better use of it.

I decided to try out 15.05 RC3 on my WRT54GL.

The standard image
The standard image is 3936256 and the device page for WRT54GL says: As the WRT54GL has only 4Mb flash, any image sent to the device must be 3866624 bytes or smaller. So the standard image is out of the question. Instead I downloaded the Image Builder from the same folder.

The Image Builder
The Image Builder is very easy to use and requires an x64 linux computer.

make image PROFILE=Broadcom-b43 PACKAGES="zram-swap -kmod-ppp -kmod-pppox -kmod-pppoe -ppp -ppp-mod-pppoe -kmod-b43 -kmod-b43legacy -kmod-mac80211 -kmod-cfg80211"

After a little while this has produced custom images, minus ppp-stuff, minus wireless stuff (more on that later), plus zram-swap. Also, LuCi is not there. The image is found in bin/brcm47xx, it is 3012kb and is installed the normal way on your WRT54GL.

Trying 15.05
Logging in via ssh (dropbear) is fine:

BusyBox v1.23.2 (2015-06-18 17:05:04 CEST) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 CHAOS CALMER (15.05-rc3, r46163)
 -----------------------------------------------------
  * 1 1/2 oz Gin            Shake with a glassful
  * 1/4 oz Triple Sec       of broken ice and pour
  * 3/4 oz Lime Juice       unstrained into a goblet.
  * 1 1/2 oz Orange Juice
  * 1 tsp. Grenadine Syrup
 -----------------------------------------------------
root@OpenWrt:~# 

Top looks tight but not alarming (as usual):

Mem: 11568K used, 1056K free, 44K shrd, 1208K buff, 3228K cached
CPU:   8% usr   8% sys   0% nic  83% idle   0% io   0% irq   0% sirq
Load average: 0.13 0.23 0.11 1/31 1061
  PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
 1061  1056 root     R     1488  12%  17% top
  631     1 root     S     1656  13%   0% /sbin/netifd
  848     1 root     S     1492  12%   0% /usr/sbin/ntpd -n -S /usr/sbin/ntpd-h
 1056  1055 root     S     1492  12%   0% -ash
  735   631 root     S     1488  12%   0% udhcpc -p /var/run/udhcpc-eth0.2.pid
    1     0 root     S     1444  11%   0% /sbin/procd
 1055   757 root     S     1224  10%   0% /usr/sbin/dropbear -F -P /var/run/dro
  650     1 root     S     1196   9%   0% /usr/sbin/odhcpd
  757     1 root     S     1156   9%   0% /usr/sbin/dropbear -F -P /var/run/dro
  580     1 root     S     1060   8%   0% /sbin/logd -S 16
  868     1 nobody   S      996   8%   0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq
  308     1 root     S      916   7%   0% /sbin/ubusd
  737   631 root     S      812   6%   0% odhcp6c -s /lib/netifd/dhcpv6.script
  337     1 root     S      772   6%   0% /sbin/askfirst /bin/ash --login
    4     2 root     SW       0   0%   0% [kworker/0:0]
    8     2 root     SW       0   0%   0% [kworker/u2:1]
    3     2 root     SW       0   0%   0% [ksoftirqd/0]
   14     2 root     SW       0   0%   0% [kswapd0]
    6     2 root     SW       0   0%   0% [kworker/u2:0]
  237     2 root     SWN      0   0%   0% [jffs2_gcd_mtd5]

The swap seems to work, at least in theory:

root@OpenWrt:~# free
             total         used         free       shared      buffers
Mem:         12624        11552         1072           44         1208
-/+ buffers:              10344         2280
Swap:         6140           72         6068

But that is the end of the good news.

opkg runs out of memory
Trying to install a package fails (in a new way):

# opkg install kmod-b43
Installing kmod-b43 (3.18.17+2015-03-09-3) to root...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05-rc3/brcm47xx/legacy/packages/base/kmod-b43_3.18.17+2015-03-09-3_brcm47xx.ipk.
Collected errors:
 * gz_open: fork: Cannot allocate memory.
 * opkg_install_pkg: Failed to unpack control files from /tmp/opkg-lE7SIf/kmod-b43_3.18.17+2015-03-09-3_brcm47xx.ipk.
 * opkg_install_cmd: Cannot install package kmod-b43.

This happens also without zram-swap installed. I tried different packages but none of those I tried installed successfully. Effectively opkg is broken. One way to deal with this is to build an image with exactly the packages I need, and rebuild the image every time I want a new package. Which leads me to the next problem.

sysupgrade runs out of memory
I have found that flashing my 15.05 image to my WRT54GL (from 10.03.1 or 14.07) is fine. But flashing from 15.05 is tricky because it seems there is not enough RAM for sysupgrade. And it is quite scary when sysupgrade stalls, because you dont know if it is in the middle of flashing but failing to let you know.

One way to get around this is to flash a smaller image that use less space on /tmp. I tried 8.09.1 for the first time ever for this reason. Another (not recommended way) is to pipe from nc to mtd directly.

I found out (the hard way) about system recovery mode: start your WRT54GL, press the reset button on the back side (more is better), and it starts in recovery mode where you can telnet to it and sysupgrade runs just fine.

Not even in recovery mode everything is fine: for example, when trying the firstboot command it did not finish properly and I had to reset the WRT54GL.

A few times I forgot to use the -n option with sysupgrade: that is not such a good thing when you run it in recovery mode and perhaps flash a different firmware version.

testing wifi
I built a new image with WiFi installed and flashed it from failsafe mode:

make image PROFILE=Broadcom-b43 PACKAGES="zram-swap -kmod-ppp -kmod-pppox -kmod-pppoe -ppp -ppp-mod-pppoe"

Well, I tried different things… on one occation I had WiFi without encryption working. However, most of the time, activating WiFi just makes the WRT54GL not responding or very slow.

Conclusion
zram-swap is not the silver bullet that makes OpenWrt run on 16Mb devices. As with 14.07, you can probably use Image Builder to build a useful minimal image: get rid of the firewall, the WiFi, LuCl of course, and use it for something else – fine! But as a WiFi router: use Tomato or 10.03.1 instead.

For now, my WRT54GL is flashed with 10.03.1, completely unconfigured, and stored away for future adventures. At least it is not bricked, and I never needed to connect a TTL-cable to it.

Using WRT54GL with OpenWRT 14.07 in 2014

The Linksys WRT54GL was a very successul product for its time, not the least because sources were available and people could make their own firmwares for it. There are today firmwares like Tomato, DD-WRT and OpenWRT that runs on WRT54GL. My interest is with OpenWRT (as it gives me a full Linux system, not just a firmware, a web gui and parameters to set). The last OpenWRT version that was good and fully supported on the WRT54GL was 10.03.1. But that firmware is four years old, and not so fresh in 2014. I like to keep my Linux systems updated.

I tried to build (from scratch/sources, using buildroot) a very minimal version of Barrier Breaker (OpenWRT 14.07) Release Candidate 1 for WRT54GL. I removed everything that I could possibly live without, and ended up with an image that used less than 3MB of flash. Still, it was impossible to get WiFi running for more than a few minutes, and the router got very slow. Most likely the 16MB of RAM is just not enough (that is the generally accepted explanation).

Update: Someone seems to have been successful running BB with WLAN.

However, without WiFi, the WRT54GL runs Barrier Breaker just fine. That rules out using it as a WiFi router, but it leaves other options open. It is still a functional switch, that is also a Linux-machine with dropbear (ssh) and it can run software (opkg-packages) like nginx, openvpn, stunnel, uhttpd (cgi capable web server), iptables, and many more.

Image Builder
I have used the Image Builder (also called Image Generator) from BB RC2 to generate my own OpenWRT firmware for my WRT54GL. The process can seem scary at first, but it is quite simple. You can choose exactly the packages you want and build an image with just those packages, making the most of your hardware.
Update 2014-10-09: BB 14.07 final works fine, just as RC2.

After downloading and extracting the Image Builder (on my x64 Ubuntu machine), I ran the following command:

make image PROFILE=Broadcom-None
           PACKAGES="-dnsmasq -ppp -ppp-mod-pppoe -libip6tc -kmod-ipv6
           -odhcp6c -ip6tables -odhcpd uhttpd netcat openvpn-easy-rsa
           openvpn-openssl openssl-util stunnel libwrap"

Note, there should be no line breaks when you run this command.

  • Available profiles are found in target/linux/brcm47xx, and gives a starting point for selecting packages
  • Packages can be added using the PACKAGE option to make (ex stunnel)
  • Packages can be removed by using – in front of their name (ex odhcp6c)

I read the massive output which indicated that some packages (netcat, stunnel) failed to install. Also, if there are missing dependencies (libwrap) you will see it in the output.

Not all packages that are available are also included in the Image Builder download, but just download the packages you want and put them in the package folder in the image builder.

Rerun make image until you see no dependency errors, failed packages or other problems.

When make image has finished, have a look in your bin/brcm47xx folder, and you will find your new firmware. The firmware I generated above was less than 3.5Mb, leaving several 100kb for configuration and more packages. Flashing the router the normal way and logging in to the system I find that memory usage is about 10Mb and available disk is about 500kb (the openssl-util alone is 477kb on the filesystem and its opkg is 182kb).

As a benchmark I decided to use the easy-rsa package and build certificates. Particularly the build-dh takes very long time: on this machine 30min. However, on my new TP-Link WDR4900 it took 60 minutes, so obviously this was a silly unpredictable benchmark.

Conclusion
With some fantasy, curiosity and enthusiasm, you can turn your old WRT54GL into a useful component of your home or work network. It can provide some, or a few, useful services. Often it is wise to separate different functions to different hardware, because it makes your network more stable. And not the least, this is a good way to experiment with OpenWRT, without risk of breaking your production WiFi and broadband router.

OpenWRT, IPv6, VPN and Replacing WRT54GL

After having relied on the router my Internet provider has supplied me with for years, I decided to take back control over my LAN. There were a few factors that inspired me to put some effort into this:

  1. The announcement of the WRT1900AC could open up the door for a new generation of routers
  2. IPv6 is getting somewhere and I want to be able to play with it to learn – so I want IPv6 at home
  3. I want a VPN solution at home, for different reasons, but one of them is to be able to access the Internet more safely when using public Wifis, and another is to access services when I am abroad
  4. My Wifi at home (supplied by my router from my Internet provider) was not 100% stable

Summary
I ended up keeping my WRT54GL, Installing OpenWRT 10.03.1 on it, and configuring it to provide VPN using PPTP and IPv6 using 6to4. I mostly followed documentation on the OpenWRT web page, but there were and are some issues.
Update 2014-04-12: Details about IPv4 using 6to4.

OpenWRT and WRT54GL
The WRT54GL is not supported by the most recent versions of OpenWRT, and the final release with good WRT54GL support was 10.03.1. Everything I write in this article applies to 10.03.1 (the brcm-2.4 edition).

OpenWRT
OpenWRT is very nice. It used to be more hardcore compared to other router firmware. With that I mean that Tomato (and DD-WRT) are 100% Web-GUI-configurable, while OpenWRT was more dependent on the command line. Most things can now be handled using the Web-GUI. But dont attempt to get advanced things (like VPN/PPTP and IPv6) working without using the command line. If you dont feel comfortable with that, just stay with Tomato (which is very nice). This is for OpenWRT 10.03.1 – perhaps more recent version are more configurable without the command line.

IPv6
For end user needs in 2014, IPv6 is not needed. However, if you anyway decide to play with it, IPv6 is in some ways a more simple protocol than IPv4: not needing a NAT (all your clients get to have real IPs) takes away a lot of things that just happens to be complicated with IPv4. However, although NAT was never meant to provide security it did as a side effect – with IPv6 you need to think about really firewalling incoming traffic to your network. Things like port forwarding and VPN (to access internal resources) suddenly are not needed.

There is also no need for DHCP (as the clients can autoconfigure themselves, and there are so many available addresses on each network, that a conflict is very unlikely). But your IPv6 router must advertise the network so the clients know it exist.

IPv6 – How to get it
How can you get IPv6 if your internet provider only provides IPv4? There are different transition mechanisms that you can use (that are designed just to give you IPv6 when you only have IPv4):

  • Teredo needs to be configured on each client computer seperately, but requires nothing of the network (except that the firewall does not block the traffic). Teredo is the easiest way to access IPv6, but it gives you no IPv6 network. In Debain you just #apt-get install miredo, that is all.
  • Tunnel Brokers provide you IPv6 in a VPN-fashion, much like there are VPN-providers who give you an IP-address in another country, or for anonymization purposes. You can set up the tunnel on a single client, or even better on your router. Your IPv4 router does not have to be your IPv6 router, so it is possible to configure for example a Raspberry Pi as an internal IPv6 router behind a (IPv4) NAT. A Tunner Broker is probably the best and most reliable solution if you have real IPv6 needs. I havn’t tried this, but I suggest start looking at SixXS (who provides free tunnels)
  • 6to4 is a very elegant idea. However, in practice it seems to be a not very popular transition mechanism (supposed to be fading). 6to4 requires that you have a real public IPv4 address (it may be dynamic). This is what I tried, and it works well for me.

Note, when you have IPv6 via a transition mechanism, your cliens may still prefer to use IPv4 when accessing services that are available on IPv4 (which might be all the services you can possibly want to use). There are services to test IPv6.

IPv6 – 6to4 – OpenWRT 10.03.1 on WRT54GL
I followed these instructions (the 6to4 part). I ended up with Firewall problems: the internal IPv6 worked, but I had problems accessing the rest of the world. I have not really stabilized my firewall scripts yet (they give some errors), but if you are not too paranoid, you can try to ACCEPT IPv6 FORWARD on lan (allowing IPv6 traffic from Internet to your local network) and ACCEPT IPv4 INPUT on lan (allowing all IPv4 traffic from Internet to get to your router).
Update 2014-04-12: Details about IPv4 using 6to4.

VPN/PPTP – OpenWRT 10.03.1 on WRT54GL
First, before you set up a PPTP server and use it, consider the security problems with MS-CHAP-v2! If you are aware of the risk and the threat, the advantages with VPN/PPTP are:

  • No need for certificates
  • Good client support

I followed these instructions. Again, I ended up with firewall problems, but found a solution. Try:

iptables -A input_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -o ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT

Now, the confusing part is the IP-addresses of your VPN. Each VPN-connection will get both a local and a remote IP-address. And none of these will probably be on your LAN. And this is ok! There is a “localip” option for pptpd which is no longer supported, and I wasted some time trying to assign IP-numbers. But the above firewall rules fixed everything if I just didnt think about about IP-numbers at all.

Best router for OpenWRT
So, what happened to my WRT1900AC plans? Well, the WRT1900AC is not available yet, and I decided to play with my old WRT54GL to see how far I could get with it, and it turned out that for now it does everything I want it to.

OpenWRT has a long list of supported routers (they even have a buyers guide). I did some research (only reading on the Internet) and it seems that TP-link provides fine routers for OpenWRT, for example WDR3600, WDR4300 (N750) or WR1043ND. TP-link also seems to have a good Open Source policy. The N750 is probably what I would buy today, if I were to replace that WRT54GL.

So, what about that WRT1900AC? With Dual core CPU, 256MB of RAM, ESata and USB 3.0 port it is clearly a very capable router. And with 128Mb of storage, much more potent firmwares (or OpenWRT versions) are possible. But is it a good idea? Perhaps the router should only be a router, and other services (fileserver, print server, backup, sql, webserver) are better handled by something else (why not a Raspberry Pi), to not ever disturb the critical router function? I like OpenWRT for having a normal editable filesystem (compared to Tomato or DD-WRT) and packages instead of everything in one image. But 128Mb? Perhaps it would make more sense to just use an SD-card and run Debian?

The WRT1900AC is expensive for being a router, and if it ends up providing no more value/function than the TP N750 mentioned above, what is the point? On the other hand it is not very much money – just expensive for a router. For now I will keep my WRT54GL, but the WRT1900AC is still tempting.

Flashing Tomato over OpenWRT on WRT54GL

On Linksys Wrt54GL, flashing Tomato over OpenWRT 10.03 using the web gui works fine. You need to use the tomato.trx image rather than any bin file. When the router is rebooted, it has IP 192.168.1.1, username=root, password=admin.

Update 2015-07-25: I did this from OpenWrt rescue mode, using command line:

# sysupgrade -v -n tomato.trx

After that, I needed to make a hardware reset: start the router up with the reset button (on the back side) pressed. Keep it pressed for about 15-30 seconds (depending on what source you reead), and then restart (unplug and plug).