Why OpenWRT

[harrkev]

OK. Here is the deal. I have been looking at OpenWRT. I do not actually have anything that can run it right now, but I like having cool toys to play with.

So, the basic "white russian" distro looks kind of neat from a geeky point-of-view. However, if I get a WRT and put OpenWRT on it, what does that buy my?

I even saw the list of packages on the OpenWRT web site. Just about all of those look rather uninteresting. I have read about running Asterisk, but I see no need for this in my own setup.

So, my question is simple. If you run OpenWRT (or any non-manufacturer firmware), what features do you find useful that the factory firmware can't do?

 

[JackMDS]

I would look at this table, if what you need can be done by HyperWRT + Thibor, it would be my first choice.

Otherwise DDWRT

http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=31

:sun:

 

[skyking]

DdWRT here, I use:
select antenna
select output power
WPA over WDS
Client mode WPA
Cleint bridge mode
site survey
reboot button
reboot scheduler

On 8 different units in the field.

 

[c3p0]

DDWRT here as well. Thanks for that comparison link Jack....good to have info.

c3p0
:beer:

 

[cmetz]

harrkev, with any of the other firmwares, a WRT is a SOHO router/firewall. They add features, but they don't fundamentally change what it is.

With OpenWRT, a WRT is a general purpose computer running Linux. Any client or server program you want to run, that can fit in the memory/flash constraints, you can run. Your imagination is the limit.

In quite practical terms, I still use WRTs running OpenWRT as a router/firewall, but doing a lot more and different things than other firmware would allow me. I write my own iptables rules, I run real routing protocols, and run some server daemons. There's no reason this couldn't all be packed up into other firmwares, but eventually you get to the point where you just want a very flexible platform to do what YOU want on.

Also, I'm an old geezer. I can't stand web based user interfaces. I really just want to SSH in, edit files in vi and run CLI commands. No other firmware lets me do that.

OpenWRT isn't for everyone, and for most folks here it would just cause you grief. But the option of having it available is a huge win, and what makes the WRT platform so attractive.

 

[spidey07]

I use one as a BGP route generator in my lab.

 

[Goosemaster]

Originally posted by: spidey07
I use one as a BGP route generator in my lab.

Cool. Never thought of that

 

[Goosemaster]

Originally posted by: cmetz
harrkev, with any of the other firmwares, a WRT is a SOHO router/firewall. They add features, but they don't fundamentally change what it is.

With OpenWRT, a WRT is a general purpose computer running Linux. Any client or server program you want to run, that can fit in the memory/flash constraints, you can run. Your imagination is the limit.

In quite practical terms, I still use WRTs running OpenWRT as a router/firewall, but doing a lot more and different things than other firmware would allow me. I write my own iptables rules, I run real routing protocols, and run some server daemons. There's no reason this couldn't all be packed up into other firmwares, but eventually you get to the point where you just want a very flexible platform to do what YOU want on.

Also, I'm an old geezer. I can't stand web based user interfaces. I really just want to SSH in, edit files in vi and run CLI commands. No other firmware lets me do that.

OpenWRT isn't for everyone, and for most folks here it would just cause you grief. But the option of having it available is a huge win, and what makes the WRT platform so attractive.

Interesting...how much flash does the wrt series have (never bothered to check) ?

 

[cmetz]

Goosemaster, the WRT54GS used to have 8MB of RAM and 32MB of flash, which is enough to do a lot of interesting things. The new WRT54GSL (?) has less on board but has USB ports and can handle USB flash drives, so you can get real amounts of filesystem on it. The WRT54G had 4MB/16MB which was tighter, but still usable. The new ones they cut down to 2MB flash, which is why the Linux-based firmwares don't run on them anymore, only the VxWorks-based Linksys firmware.

 

[cmetz]

spidey07, I have a WRT in a production data center as a back-up BGP router, helping to make sure my route never gets withdrawn. It's surprisingly effective as a back-up router. Set up and forget.

 

[spidey07]

ever get penalized or dampened? Or is that the purpose of that router - to always generate one.

 

[JackMDS]

Originally posted by: GoosemasterInteresting...how much flash does the wrt series have (never bothered to check) ?

http://en.wikipedia.org/wiki/WRT54G

:sun:

 

[Goosemaster]

Originally posted by: cmetz
spidey07, I have a WRT in a production data center as a back-up BGP router, helping to make sure my route never gets withdrawn. It's surprisingly effective as a back-up router. Set up and forget.

:Q

 

[cmetz]

spidey07, the purpose is to be a secondary router on a secondary BGP session, so that if the first one goes down, the route doesn't go away (as long as the pipe itself doesn't).. Thus preventing dampening (as well as preventing delays due to reconfiguration). Otherwise, every time I reboot the primary router, it's a globally visible routing event. In an ideal world, I'd have reundant real routers. In that same ideal world, I have a much bigger budget. Back in this world, I have a WRT. It's kinda cheezy, but it helps me make my network run better, and it means I'm not causing more announce/withdraw load on the default free zone when I do maintenance on the primary router.

(one thing I'm a bit religious on, doing what's good for the 'net. Of course, that justifies no $$ with management...)

 

[spidey07]

cmetz,

That's what I figured. Nice idea and thank you for being a good netizen. Now quit advertising /24s.

 

[h0mi]

I've bought 4 wrt54gs... 1 was a v3.1 that I tried to flash to openwrt but I think that I hozed the "bootsafe" option, so when I powered it on and the power light kept flashing forever & no response (hitting the linksys button probably exacerbated the problem) I had a $50 brick. So poof, it went bye bye.

Another wrt54g was a v1. so I snagged the mini pci card for my laptop. The other 2 are v4 models. I have 1 still in its box, waiting for my current router/bridge to fail so it can replace it. The other is flashed with ddwrt (after carefully reading the instructions this time, not wanting to have had bricked 2 wrt54g routers in a month) and now doing its thing. openwrt scares me from the moment I open their web site and fail to really understand the different builds maybe next year I'll consider it.

I suppose factory firmware would work with (most of) what I want to do... I want the router to port forward properly and not crash when I run bittorrent. But I also want to run identd on the router so I can irc from any machine on the network. I don't know nothing about radius, except it's apparantly a moar bettre way of securing wifi, so I'm intrigued and paranoid enough that I'd wanna do that if it doesn't require a degree. Beyond that, I'm satisfied with set it and forget it... it _should_ _just_work_ but I find networking doesn't always behave that way.

 

[Goosemaster]

Originally posted by: cmetz
spidey07, the purpose is to be a secondary router on a secondary BGP session, so that if the first one goes down, the route doesn't go away (as long as the pipe itself doesn't).. Thus preventing dampening (as well as preventing delays due to reconfiguration). Otherwise, every time I reboot the primary router, it's a globally visible routing event. In an ideal world, I'd have reundant real routers. In that same ideal world, I have a much bigger budget. Back in this world, I have a WRT. It's kinda cheezy, but it helps me make my network run better, and it means I'm not causing more announce/withdraw load on the default free zone when I do maintenance on the primary router.

(one thing I'm a bit religious on, doing what's good for the 'net. Of course, that justifies no $$ with management...)

Ingenious really. I am jsut shocked of the simplicity of it.

 

[cmetz]

spidey07, I'd be happy to stop advertising /24s... as soon as ARIN gives me some more /20s

h0mi, Google around, I believe that there is a hardware hack to debrick the WRT. The gist is that you find the data pins on the flash chip, and you short 'em, so the image fails CRC and throws the unit into tftp rescue mode. I would strongly urge you to first fire up Ethereal on a crossover cable, and check to see whether the WRT is doing anything on the network, and also to try to tftp up an image to it using the boot_wait method, again just to see (hint: run ethereal while trying to tftp, and see if it responds to your ARP request). You don't want to go hardware hacking if you can avoid it. But if you've really bricked it, you've got nothing to lose.

I've managed not to brick one yet, but I've definitely had some nervous moments where I thought I did. Maybe this is my experience only but I don't think it's easy to accidentally brick them, and I think it is easy to think you have. So maybe things aren't as bad as you think, but it will take a bit of playing with it to get things to a known state.

With OpenWRT, you want to run WhiteRussian. You want the image for the device you have, and you want the compressed one. That's really all there is to know. The older images are now very defunct, there have been lots of improvements since then.

I'm not sure RADIUS really buys you anything here. For SOHO use, I've been very happy with WPA-PSK and AES... just make sure to generate your pre-shared key using a good cryptographically strong random number generator - don't pick something vulnerable to a dictionary attack!

 

[spidey07]

cmetz,

arin is pretty good about handing them out. just prove your case and justify it.

Just mention that your customers are demanding dual-homing. That's what is driving the /22-24 advertisements.

And quite frankly, I don't blame the customers.

Know of any good BGP forums/resources out there? I know enough to be dangerous but would like to learn more about best practices.