Customizing your home router with OpenWrt
If you need to manage OpenWrt in an untrusted LAN environment, it makes sense to install the SSL extension, which you can access via System. To install, click the Install Matrix Tunnel button. Because of the restricted memory space, you should carefully consider which packages you need before installing. If not, you might run out of space for critical extensions at a later stage.
The comprehensive WLAN configuration options, which by far outclass the original firmware, are some of the most interesting aspects for many users. To access the basic settings, press Network | Wireless, where you can specify the operating mode for the wireless network. Options include Client, Ad Hoc, and Access Point. The latter is the default, which is typically the right choice for most application scenarios.
When you boot a WLAN client, it first broadcasts a message to discover reachable access points. Setting ESSID Broadcast to Hide makes your router invisible to the rest of the world.
OpenWrt also gives you various encryption options for protection against unauthorized use; you are strongly advised to enable them. Your options include 48- and 128-bit WEP encryption and WPA, version 1 or 2, which is far more secure. To use WPA, you must install add-on software via the Install NAS Package option.
The advanced WLAN configuration is accessible via Advanced Wireless. The Restrict access (MAC address) filter lets you restrict access to the router to specific MAC addresses. If the router and client are further apart, you can modify the transmitter output below Transmit Power (in mw).
OpenWrt offers far more statistical options than the original software, and it will help you analyze various events on the device. The Graphs link in the top menu bar takes you to the graphical processor and network load display (Figure 5); the software updates this every second, giving you a real-time view of the device's health state.
Clicking the Status link opens up a submenu in which you can query various system parameters, starting with the loaded modules, the connected clients, and the current network status. This screen gives you a comprehensive overview of almost any critical system status metric. The Processes entry takes you to a list of all active processes, which is refreshed at 20-second intervals. Clicking Stop Refreshing stops the refresh and displays a pull-down menu next to the process names.
From the pull-down menu, you can kill individual processes by sending the SIGHUP, SIGKILL, or SIGTERM signals. Status | Wireless displays the connected WLAN clients and also acts as a WLAN scanner to discover other WLAN devices. Currently, the device lacks a function for disconnecting connected clients.
Clicking on Log opens a system log configuration window that lets you write logfiles to an external machine (log server). The submenu also lets you access the system and kernel logs and the firewall protocol. Filtering options are restricted to searching for keywords.
Buy this article as PDF
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.