Netgear wndr3800 прошивка openwrt

pedrohdz.com

Overview

Even though this guide is geared towards the Netgear WNDR3800, it is still a good starting point for getting familiar with installing, configuring and securing OpenWRT. At the beginning of each section, I will call out whether or not it is WNDR3800 specific. The Securing the Router section down below should be of particular interest to all, irrespective of hardware. All the subsequent titles in this series apply to all OpenWRT installations in general.

For those with other routers, the OpenWRT Newcomer’s Guide is a great place to start.

If you haven’t done so already, you might want to take a quick look at OpenWRT Home Server — Introduction.

This document was originally intended to be notes to myself. Reminders on what I did, why I did them, and how. With that in mind, note that this guide is command line heavy. It is a personal preference. OpenWRT does come with LuCI installed, a configuration/administration web site, for virtually all supported devices. For an introduction to LuCI take a look at the OpenWRT Newcomer’s Guide

WARNING: There is always a chance of bricking your router. Make sure to read up and educate yourself on what you are doing before proceeding.

Goals

  • Installing OpenWRT on a WNDR3800 router.
  • Securing OpenWRT routers.
  • Basic network configuration.

Non-Goals

We will not be installing any secondary services such as FTP, Samba, SFTP, or similar. Those will be left for future titles in this series.

Details

Installing OpenWRT

This section is WNDR3800 specific. Jump to Securing the Router if you would like.

This section is based on the WNDR3800 installation wiki page.

Two methods of installing OpenWRT on the WNDR3800 are covered below:

  1. Through the original firmware administrative web page.
  2. Failsafe mode. This is my personal favorite when I don’t care about wiping out the previous configuration. Comes in handy when you brick your WNDR3800. I haven’t tried it, but it might be possible to flash a stock WNDR3800 this way.

Before you proceed to either of the following sections, locate and download the squashfs-factory version from the latest ar71xx generic flash images page. At the time of this writing, it is openwrt-15.05.1-ar71xx-generic-wndr3800-squashfs-factory.img.

The difference between the factory and sysupgrade is that the latter will not overwrite the OpenWRT configuration information on the flash. The factory image contains a baseline OpenWRT configuration required for first time boot.

Through the original firmware administrative web page

So it’s been a long time since I have had to do install on a stock WNDR3800, so just use this section as a general reference, Best thing to do is read the OEM easy installation section of OpenWRT WNDR3800 wiki page.

After acquiring the flash image:

  1. Connect to the administrative web site on the device, typically http://192.168.1.1/.
  2. Log in. (Hope you saved the admin password somewhere)
  3. Navigate to the Administration page.
  4. Proceed with selecting the image file you downloaded, and continue with flashing the device.
  5. Do not unplug the device once the process has started.
  6. Sit back and wait a while and keep waiting until you can telnet 192.168.1.1 .

Proceed to the Securing the Router section down below.

Failsafe mode installation

This sections is based on the recovery flash in failsafe mode section of the OpenWRT WNDR3800 wiki page.

It is likely a good idea to use the factory image if you are using failsafe mode to perform the installation. Use sysupgrade if you are feeling adventurous.

READ  Touch memory programmator прошивка

Before you begin, set up two terminal session on your workstation:

  1. First terminal to run ping 192.168.1.1 , after rebooting the router. Just have this ready to go, do not starting pinging until after the router has rebooted.
  2. Second with tftp configured and ready to go.

Pining in the first terminal session is used to determine when the router has finished booting into failsafe mode and is ready to have the image uploaded.

In the second terminal session, setup tftp as follows:

Leave it open and fetch the WNDR3800 router. Next:

  1. Configure your system with a static IP address, setting it at 192.168.1.2 and a subnet mask 255.255.255.0.
  2. Make sure that the power button on the back of the WNDR3800 is in the upper, off possition. The plug it into its power supply. Keep the WNDR3800 powered off.
  3. Use an Ethernet cable to connect the workstation to one of the WNDR3800 orange LAN ports, not the yellow port labeled Internet.
  4. Press down the Restore Factory Settings button on the bottom of the WNDR3800 using a tooth pick, paper clip, or something similar and continue pressing it while turning on the router using the power button.
  5. Start the ping 192.168.1.1 command on the first terminal session. You should see Request timeout repeating. Continue holding down the reset button.
  6. Wait about 60 seconds.
  7. Once the pings start returning, release the reset button.

Return to the tftp terminal session and enter:

tftp> connect 192.168.1.1 tftp> put openwrt-15.05.1-ar71xx-generic-wndr3800-squashfs-factory.img tftp> quit

The upload should take a few seconds then the WNDR3800 will reboot itself.

  • Look back at the ping output and wait until the router starts bouncing back responces.
  • You can stop pinging.
  • Proceed to the Securing the Router section down below.

    Securing the Router

    This section applies to all OpenWRT installations, not just WNDR3800.

    The root user has no password set on initial boot. telnet will just drop a user straight into a shell prompt with root access.

    In this section we will:

    1. Upload an SSH public key for accessing the system once the SSH server is started.
    2. Configure and start the SSH server, Dropbear.
    3. Shutdown telnet, permanently for security reasons.
    4. Set the root password.

    Upload the public SSH key

    First upload the SSH public key that will be used for accessing the router. Taking advantage of the fact that telnet starts up a root shell on the router, use the following command to upload

    /.ssh/id_rsa.pub to /etc/dropbear/authorized_keys on the OpenWRT system. Give the command about 10 seconds to complete on its own. Do not interact with the telnet session at all. It acts like a minimal expect script. It will terminate the telnet session when it is done.:

    /.ssh/id_rsa.pub with the preferred SSH public key.

    Make sure to telnet onto the router and confirm that /etc/dropbear/authorized_keys was copied correctly.

    Configure and start the SSH server

    Disable telnet

    The last command should have terminated your telnet session and logged you out.

    Set the root password

    Use a long and complicated password:

    That passwd command will prompt you to enter your new password.

    Basic Configuration

    This section applies to all OpenWRT installations, not just WNDR3800.

    UCI overview

    If you are not already familiar with the uci command that we have been using so far, it stands for Unified Configuration Interface. Per the documentation:

    It is a small utility written in C (a shell script-wrapper is available as well) and is intended to centralize the whole configuration of a device running OpenWrt.

    uci interacts with the UCI configuration files located in /etc/config .

    As an example take a look at the Dropbear UCI configuration documentation, then at /etc/config/dropbear on the OpenWRT system.

    READ  Wr1042nd v1 00000000 прошивка

    It is worth taking a few minutes and looking over the documentation really quick to get a general idea of what is going on.

    Baseline network configuration

    Next we want to configure the router with an IP address of our choosing, not 192.168.1.1 , as well as a new hostname.

    For this example we are using homesrv as the hostname, and 192.168.3.1 as the IP address. Change it as needed.

    Wireless access to the WNDR3800

    Things will likely vary from router model to router model so this section is intended for the WNDR3800. It is still worth reviewing to get familiar with how to configure the network settings from the command line.

    If you are using something other than a WNDR3800 best thing to do is to use the web interface LuCI. At this point it should be accessible via http://192.168.3.1/ using the root credentials. Once logged in, go to Network -> Wifi then press the Edit button next to the wireless radio you wish to configure. Make sure to press the Save & Apply button once you are done.

    On a WNDR3800, the same can be done from the command line. Make sure to CHANGE_THE_PASSWORD , and rename the network if you would like, it is named homesrv here.

    First ssh onto the router:

    Next we want to get rid of the anonymous wifi-iface sections of the wireless configuration to make it easier to manage from the command line.

    OpenWRT usually come preconfigured with a WiFi interface entry per radio. The WNDR3800 has two radios, so two WiFi interface entries. You can see these entries in the /etc/config/wireless file on the router, or by executing uci show wireless . If you execute the previous command you will find the following two entries:

    These are called anonymous sections per the File syntax section of the UCI documentation. They appear as arrays when querying through uci and can be a nuisance to manage. We will delete the two anonymous sections and replace them with named versions. First we delete:

    Next create a new named wifi-iface section called homesrv . This will contain the configuration for the new access point we are creating, with the SSID of homesrv . Remember to change the password from CHANGE_THE_PASSWORD to something else:

    Configure the radio we are using, radio0 in this case, and enable it:

    Commit the changes and reload the network configuration:

    The new access point should be available.

    Connecting to the Internet

    As with the previous section, this one is WNDR3800 centric, but with information that may be useful to all.

    For now, I am bouncing off of an existing wireless access point. The following is specific to my configuration, but should help in starting to get an understanding of what is going on if you are not already familiar.

    The easiest thing to do for new comers is to use the LuCI web interface via http://192.168.3.1/ using the root credentials. Once logged in go to Network -> Wifi and press the Scan button to find the wireless access point to connect to.

    Another option is to connect via the WAN Ethernet port. Use the Network -> Interfaces menu item, find the WAN interface and press the Edit button next to it. There are a variety of options including: PPPoE, DHCP client, among others. Which to use completely depends on how you connect to the Internet and it is out of scope for this document.

    In my particular case, I will be connecting through an existing wireless access point. This should work through the rest of this series, allowing me to experiment without accidentally taking out my Internet access.

    First configure the wwan interface to use DHCP:

    A single radio can have more than one wifi-iface configuration associated with it. In this case we will be using radio0 to both server our access point, and as a client to another existing access point to gain access to the internet.

    READ  Throws exception system error

    Commit the changes and reload the network configuration:

    Final notes on configuration

    For more information on the UCI configuration options modified above, refer to:

    • UCI configuration files — Full listing of all the configuration files.
    • Network configuration — «This configuration file is responsible for defining switch VLANs, interface configurations and network routes».
    • Wireless configuration — «The wireless UCI configuration is located in /etc/config/wireless «
    • System configuration — «The system configuration contains basic settings for the whole router. Larger subsystems such as the network configuration, the DHCP and DNS server, and similar, have their own configuration file.»

    Revisiting security

    This section applies to all OpenWRT installations, not just WNDR3800.

    Sending the root password in the clear without SSL/TLS just seems like a bad idea. Here we add SSL/TLS to LuCI administrative web interface.

    In this section we introduce the OPKG Package Manager. As described in the documentation:

    The opkg utility (an ipkg fork) is a lightweight package manager used to download and install OpenWrt packages from local package repositories or ones located in the Internet.

    Install the necessary packages, configure with redirecting port 80 traffic to 443 , and restart:

    The px5g package is responsible for generating a self signed certificate.

    If you want to take extra precaution, setup the uhttpd to only accept connections on localhost, then use SSH port forwarding to connect to LuCI. This would help make it more difficult for someone to brute force the root password via the web interface.

    Wrap up

    At this point you should have a router with OpenWRT installed, and ready to set up a small home server.

    Источник

    Netgear wndr3800 прошивка openwrt

    Netgear WNDR3800 + OpenWRT [OpenWRT] – обсуждение »
    wifirouter wifirouter, firmware, other: 2.4GHz(54Mbit\s) — 5GHz(70Mbit\s) | 4•100Mbit\s + 4•1Gbit\s | USB:all

    • В теме действуют все Правила форума или 10 заповедей новичка, кому тяжело осилить Правила Форума
    • Обсуждение устройств, не относящихся к данной теме, запрещено. Если нужной вам темы по конкретной модели не существует — создайте её.
    • Вместо слов «Спасибо!» используйте + Если у вас меньше 15 постов — нажмите на кнопку Жалоба под тем сообщением, где вам помогли, и напишите благодарность.
    • Полезные темы на заметку: FAQ по форуму, Как искать на форуме?, Как убирать изображения под спойлер.

    WNDR3800 — Premium Edition N600 Wireless Dual Band Gigabit Router

    В теме нет куратора. По вопросам наполнения шапки обращайтесь к автору в QMS или к модераторам раздела через кнопку Жалоба под сообщениями. Как это сделать правильно, что бы вас поняли с первого раза, хорошо описано здесь .

    Прошил роутер на OpenWRT прошивку. и хочу использовать его как «удлиннитель» моей текущей сети т.к. от провайдера получен новый кабельный модем-роутер с файфаем и теперь этот (WNDR3800) лжит без дела а во дворе инета нет ))

    прошу помощи с прошивкой OpenWRT т.к. в доках я нашел несколько вариантов создания соединения типа мост , но ни в одном из них не написано как сохранив все подключенные устройства в одном адресном пространстве используя DHCP сервер основного роутера , сделать чтоб адреса раздавались вторым роутером если он подключен к первому без проводов а вайфаем.

    Провайдер —> Modem/router #1 клиенты и WNDR3800+OpenWRT 14.06.18, 16:01 | #3

    в выходные тоже поставил себе openwrt на Netgear 3800.
    а какая проблема на «лишнем» роутере отключить dhcp?

    к стати, идея, использовать 5GHz канал между двумя роутерами — так себе, если они только не в соседних комнатах. У меня уже через одну бетонную стену 5GHz сливает по скорости 2.4 каналу.

    Сообщение отредактировал safari2 — 14.06.18, 16:14

    Источник

    Smartadm.ru