Customizing your home router with OpenWrt
If you need to manage OpenWrt in an untrusted LAN environment, it makes sense to install the SSL extension, which you can access via System. To install, click the Install Matrix Tunnel button. Because of the restricted memory space, you should carefully consider which packages you need before installing. If not, you might run out of space for critical extensions at a later stage.
The comprehensive WLAN configuration options, which by far outclass the original firmware, are some of the most interesting aspects for many users. To access the basic settings, press Network | Wireless, where you can specify the operating mode for the wireless network. Options include Client, Ad Hoc, and Access Point. The latter is the default, which is typically the right choice for most application scenarios.
When you boot a WLAN client, it first broadcasts a message to discover reachable access points. Setting ESSID Broadcast to Hide makes your router invisible to the rest of the world.
OpenWrt also gives you various encryption options for protection against unauthorized use; you are strongly advised to enable them. Your options include 48- and 128-bit WEP encryption and WPA, version 1 or 2, which is far more secure. To use WPA, you must install add-on software via the Install NAS Package option.
The advanced WLAN configuration is accessible via Advanced Wireless. The Restrict access (MAC address) filter lets you restrict access to the router to specific MAC addresses. If the router and client are further apart, you can modify the transmitter output below Transmit Power (in mw).
OpenWrt offers far more statistical options than the original software, and it will help you analyze various events on the device. The Graphs link in the top menu bar takes you to the graphical processor and network load display (Figure 5); the software updates this every second, giving you a real-time view of the device's health state.
Clicking the Status link opens up a submenu in which you can query various system parameters, starting with the loaded modules, the connected clients, and the current network status. This screen gives you a comprehensive overview of almost any critical system status metric. The Processes entry takes you to a list of all active processes, which is refreshed at 20-second intervals. Clicking Stop Refreshing stops the refresh and displays a pull-down menu next to the process names.
From the pull-down menu, you can kill individual processes by sending the SIGHUP, SIGKILL, or SIGTERM signals. Status | Wireless displays the connected WLAN clients and also acts as a WLAN scanner to discover other WLAN devices. Currently, the device lacks a function for disconnecting connected clients.
Clicking on Log opens a system log configuration window that lets you write logfiles to an external machine (log server). The submenu also lets you access the system and kernel logs and the firewall protocol. Filtering options are restricted to searching for keywords.
Buy this article as PDF
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.