This article shows how to update the DynDNS information with the IP supplies by your Internet provider from a router with OpenWrt, so every time your provider shanges the router’s IP, your DynDns doman will point to the new IP. Below are the stpes to follow with your OpenWrt

1. Update the package list
   

   root@fluffy:~# opkg update
   
   Downloading http://downloads.openwrt.org/backfire/10.03.1/ar71xx/packages/Packages.gz.
   Inflating http://downloads.openwrt.org/backfire/10.03.1/ar71xx/packages/Packages.gz.
   Updated list of available packages in /var/opkg-lists/packages.

2. Install the last version of  ddns-scripts:
   

   Downloading http://downloads.openwrt.org/backfire/10.03.1/ar71xx/packages/ddns-scripts_1.0.0-17_all.ipk.
   Configuring ddns-scripts.
   Collected errors:
    * resolve_conffiles: Existing conffile /etc/config/ddns is different from the conffile in the new package. The new conffile will be placed at /etc/config/ddns-opkg.

3. Edit the configuration file  /etc/config/ddns with your DynDNS account information:
   

   config 'service' 'myddns'
   option 'enabled' '1'
   option 'service_name' 'dyndns.org'
   option 'ip_source' 'network'
   option 'ip_network' 'wan'
   option 'force_interval' '72'
   option 'force_unit' 'hours'
   option 'check_interval' '10'
   option 'check_unit' 'minutes'
   option 'domain' 'mydomain.dyndns.org'
   option 'username' 'myusername'
   option 'password' 'mypassword'

Update and debug

In order to updte the IP addrewaa the first time you can use the following script:

root@fluffy:~# /usr/lib/ddns/dynamic_dns_updater.sh myddns

update_url=http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]
force seconds = 259200
check seconds = 600
time_since_update = 144 hours
Running IP check...
current system ip = 173.194.37.14
registered domain ip = 173.194.37.14
update necessary, performing update ...
updating with url="http://myusername:mypassword%[email protected]/nic/update?hostname=mydomain.dyndns.org&myip=173.194.37.14
Connecting to members.dyndns.org (204.13.248.111:80)
- 100% |*****************************************************************************************************| 19 --:--:-- ETA
Update Output:
good 173.194.37.14
update complete, time is: Sat Sep 24 00:01:14 VET 2011

In this example myddns is the name of the service I configured in file /etc/config/ddns.

Reference: OpenWrt DDNS Client

At work we are testing Alix.6f2 board and one thing to test id the ability to run OpenWrt, and in fact it runs it. I leave here how to install this distribution on Alix.6f2 boards.

Installing

1. Download the combined image of OpenWrt for x86 which includes a MBR.
2. Extract the image:
   

   gunzip openwrt-x86-generic-combined-ext2.img.gz

3. Connect the CompactFlash ton a memory reader and according to how the device is was mapped (in my case/dev/sdb) copy the image to that partition:
   

   dd if=openwrt-x86-generic-combined-ext2.img of=/dev/sdb
   107439+0 records in
   107439+0 records out
   55008768 bytes (55 MB) copied, 25.5215 s, 2.2 MB/s

4. Connect the CompactFlash to Alix.6f2 board and boot the system.

Repartitiong the image

OpenWrt image sizes 55 MB, so is a godd idea to resize the partition to use the remain space.

Reference: Installing OpenWRT on the Alix board

Due to my home router is connected 24×7 it makes it the ideal place to install a VPN server. In my case I had installed OpenWrt on my router TP-LINK TL-WR1043ND (to install OpenWrt on this router you can read the article about Installing OpenWrt on router TP-LINK TL-WR1043ND). This post it’s general enough and explains how to install OpenVP on OpenWrt, no matter what model router with OpenWrt you have.

Installing OpenVPN on OpenWrt

On the router just install OpenVPN package:

opkg install openvpn

Certificates (PC)

Client and server certificates will be done on a PC with Linux, on Debian to be exact. The idea is to avoid installing software in the limited router’s rom.To get what will need install the following package:

aptitude install openvpn

• Make the woring directory and the base files to use:

mkdir /etc/openvpn/easy-rsa/
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

• Edit file  /etc/openvpn/easy-rsa/vars, which lets you make a unique certificate using the values provided:

export KEY_COUNTRY="VE" 
export KEY_PROVINCE="DC" 
export KEY_CITY="Caracas" 
export KEY_ORG="Mi organización" 
export KEY_EMAIL="[email protected]"

• Go to the working directory and load the file you just edited:

cd /etc/openvpn/easy-rsa/
source vars

Now lets create the certificates for the server and clients.

Certificates for the server

In order to make the certificates for the server you must do the following steps:

./clean-all./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key

Certificates for the clients

In order to generate the certificate for the client just do this:

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

Here hostname is the name of the host where the certificate will be installed (random part).

Settings the VPN

Now let’s see how to set the VPN, both in the server and client side.

Setting the server (router)

• Copy the generated certificates for the server to router:

scp server.crt server.key ca.crt dh1024.pem ta.key [email protected]:/etc/openvpn/

Here 192.168.1.1 is the router’s IP address for this example.

• Although you can be tempted to use a config file borrow form other OpenVPN server, it’s better to use the one provided by OpenWrt and just adapt it to your needs. So, edit file /etc/config/openvpn with the followin values (I just put the not commented lines to save space).

config openvpn sample_server
    option enable 1
    option port 1194
    option proto udp
    option dev tun
    option ca /etc/openvpn/ca.crt
    option cert /etc/openvpn/server.crt
    option key /etc/openvpn/server.key
    option dh /etc/openvpn/dh1024.pem
    option server "10.8.0.0 255.255.255.0"
    option ifconfig_pool_persist /tmp/ipp.txt
    option client_to_client 1
    option keepalive "10 120"
    option comp_lzo 1
    option persist_key 1
    option persist_tun 1
    option status /tmp/openvpn-status.log
    option verb 3

Setting the clients (PCs)

• Copy the certificates and keys generated for each client, for example for the PC hostname, as explained next:

/etc/openvpn/ca.crt
/etc/openvpn/easy-rsa/keys/hostname.crt
/etc/openvpn/easy-rsa/keys/hostname.key
/etc/openvpn/ta.key

• If you haven’t install OpenVPN on the clients, you can do it::

aptitude install openvpn

• Copy the example file for the client’ s configuration:

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/

• Edit the file with the following values:

client 
dev tun 
proto udp 
remote 192.168.1.30 1194
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
ca /mnt/datos/OpenVpn/easy-rsa/keys/ca.crt 
cert /mnt/datos/OpenVpn/easy-rsa/keys/hostname.crt 
key /mnt/datos/OpenVpn/easy-rsa/keys/hostname.key 
ns-cert-type server 
tls-auth /mnt/datos/OpenVpn/easy-rsa/keys/ta.key 1 
comp-lzo 
verb 3

Here the remote directive has a fixed IP, but you can set a dynamic domain name on dyndns or no-ip instead of a private address.

Enabling the service

Now you must enable the service in both sides, in the server (OpenWrt) and in the clients (PCs). For each of them:

Enable the service in the server (router)

Run the following in OpenWrt:

/etc/init.d/openvpn enable
/etc/init.d/openvpn start

Enabling the service in the clients (PCs)

Now you must enable the OpenVPN service in every client. In general terms it will depen on the distro you will be using. In Debian you can enable the service as follow:

update-rc.d openvpn defaults
/etc/init.d/openvpn start

After all this your server will have a tun interface with the address 10.8.0,1 and clients will have an interface with a IP address like 10.8.0.x.

References

• Ubuntu’s OpenVPN documentation
• OpenWrt’s Easy OpenVPN server setup guide

I had to buy another router so I decided to get the TP-LINK TL-WR1043ND model, which comes with a USB port to be able to share a 3G modem. I bought it also because I knew I could install OpenWrt on it, so immediately after it was connected I proceeded to install it.

Why to install OpenWrt?

The TP-LINK TL-WR841N comes with a lot of functions with its original firmware, which can be controlled from the web interface, but you can’t extend it beyond that functions. With OpenWrt you will count with the same functions your router had and you will be able to install extra software that extends those functions. As an example you can install a web proxy like Squid on the router, or set up a VPN.

I leave here the needed steps for installing OpenWrt on TP-LINK TL-WR1043ND routers, just in case you are interested in:

1. Download TL-1043ND (Backfire 10.03.1-r6) router image. Note: I suggest to check out  what router model you have and download the OpenWrt image that suits it.
2. Got to the router’ s web interface and find System Tools > Firmware Upgrade section:

1. Choose the downloaded image and wait until the process finishes.

Once it had finished the router will reboot and start to work with the default settings. I mean, you can use the web interface from address http://192.168.1.1 or even use a terminal through ssh.

References

• OpenWRT homepage
• TP-Link TL-WR1043ND at OpenWrt

Checking the different versions of OpenWrt I realized there’s a testing version updated regularly. Due to I installed Kamikaze on my TP-Link TL-WR841N v7.1, and this is a older version than the current Backfire, I decide to try it because there’s a binary compiled for my router (v7.1)

Installing Testing

In order to upgrade to testing Attitude Adjustment you must do the following:

1. Download testing image for router TL-WR841 v7.1.
2. Go to System > Flash Firmware and upload the image.



3. It will show MD5 hash to check the integrity of the image to flash.



4. Once checked, proceed to flash the image.

There’s not web interface

After applying the image I tried to reach the web interface without success, but I could log in via ssh. From there I checked this image doesn’t come with web interface by default, so you have to install it by typing:

opkg update
opkg install luci
/etc/init.d/uhttpd restart

The web interface is the same one, and I haven’t noticed big changes. But I realized there are USB modules enabled. This can be of interest if you want to use the USB port as some people comment on the dd-wrt forum.

Extra screenshots

Here I leave a couple of screenshot of waht you can monitor from the web interface:

I have been working with OpeWrt on a project for the company I work and due to this I bought a router capable of installing Linux on it, at a relative chip price (about Bs. 350 / $45). OpenWrt is Linux distro for wireless routers, compounds of a kernel and selection of programs. To install those programs  it uses a package manager called opkg that is a sort of aptitude/dpk for this distro. You can do many thing from CLI (like a real linux user does) but you als count with a web interface called LuCI.

Why to install OpenWrt?

The TP-LINK TL-WR841N comes with a lot of functions with its original firmware, which can be controlled from the web interface, but you can’t extend it beyond that functions. With OpenWrt you will count with the same functions your router had and you will be able to install extra software that extends those functions. As an example you can install a web proxy like Squid on the router, or set up a VPN.

Installing

There are several versions for router TL-WR841: v3, v5, v5.2 y v7.1, and almost all of them has download binaries for the last OpenWrt (Backfire) except version 7.1, but you can install an image provided by a user based on the previous stable release called Kamikaze. Let’s see how to install OpenWrt on router TP-LINK TL-WR841N v7.1:

1. Download router TL-841N v7.1 image
2. Got to the router’ s web interface and find System Tools > Firmware Upgrade section:

1. Choose the downloaded image and wait until the process finishes.

Once it had finished the router will reboot and start to work with the default settings. I mean, you can use the web interface from address http://192.168.1.1 or even use a terminal through ssh.

Remember it has not password, so you must leave it blank and change it from the web interface o from a ssh sesion.

Setting the Wifi as AP

I wanted to have at least the same features the router had with the original firmware, so the first thing I tried to set was the wifi but it wasn’ t enabled. To activate it you can edit the /etc/config/network file with a content similar to this one:

config 'wifi-device' 'radio0'
 option 'type' 'mac80211'
 option 'macaddr' 'd8:5d:4c:ea:0b:e7'
 option 'hwmode' '11ng'
 option 'htmode' 'HT20'
 list 'ht_capab' 'SHORT-GI-20'
 list 'ht_capab' 'SHORT-GI-40'
 list 'ht_capab' 'TX-STBC'
 list 'ht_capab' 'RX-STBC1'
 list 'ht_capab' 'DSSS_CCK-40'
 option 'country' 'US'
 option 'channel' '11'
 option 'txpower' '0'
 #option 'disabled' '1'

The last option must be commented in order to enable the AP. You can also enable from the web interface, just go to Network > Wifi as shown below:

After that you will have rou wireless router set as AP and wired router…and  running Linux!!

References

• OpenWRT homepage
• Running OpenWrt on a TP-Link WR841N V7.1
• OpenWRT at Wikipedia