Posted: Sun Jul 27, 2008 17:25 Post subject: Break on through to the other side
darthboy wrote:
validcustomer wrote:
Anybody want to report back how the generic vpn version released on 27-07-08 works on a Buffalo WHR-HP-G54?
see my sig
Of course, all it took was the word of somebody/anybody saying it worked to get me to risk all again, and then... SUCCESS! Seems a little perkier too. I haven't tried undoing my hacks used to get the virtual wireless adapter connecting using encryption, or tried the supposedly fixed traffic shaping, but I feel like confident the rebooting problem is fixed.
The same curiosity in me that made me risk upgrading just to see what the new version is like, also wonders what was wrong with the first attempt at sp1.1 for the vpn version. Nevertheless, the quick response of the developer to the bug was outstanding.
Posted: Mon Jul 28, 2008 14:16 Post subject: Re: no more crazy rebooting on WHR-G125
MeLeIQ wrote:
I risked it again with v24 sp1 (vpn build 10011) on WHR-G125. No more crazy rebooting, though now my isolated SSID doesn't seem to be working.
If by "isolated SSID" you mean a separate subnet, I've found that dd-wrt keeps wanting to put the virtual adapter on br0. Bridge 0 (br0) is the default bridge containing eth1 (the real wireless adapter) and vlan0 (the wired ports on the back of the router & port 5, a trunk port that is shared with vlan1, which is the WAN, otherwise known as the internet). If you can telnet into your router, run ps and look at the two lines with the nas process. In particular look to see that what comes after "-l" Here is a link that explains how the nas command works http://wiki.openwrt.org/OpenWrtDocs/nas . I'll add don't be tempted to use the WPA choices unless you are using Enterprise. The lines below use PSK/PSK2 (-m 132) and AES+TKIP (-w 6), which is referred in the dd-wrt gui as WPA Personal AES+TKIP.
So, in order to get a truly separate network on my virtual wireless adapter, I did the steps below:
1) go ahead and create a virtual adapter and set security for it in the GUI on the wireless tab under "basic settings" and "wireless security".
2) place the following below in your startup. The script grabs the information in your nvram variables that were put there by the step #1. The first line creates br1. The second line removes the virtual adapter from br0. The third line adds the virtual adapter to br1. The 4th line gives the bridge an ip address and defines what addresses are part of its network. The 5th and 6th line can be removed if you don't want to have a physical port on your router that will connected to the new separate network. (If you do want a physical port to connect to, leave the lines in the script and go to the VLANs tab under the setup tab and place at least one of the checkboxes from 1-4 on the vlan2 line). The 7th line brings the bridge up for use.
Under "FIX NAS" are 3 lines that are broken up for readability by using "\" which tells the script the line coninues on the next line. Nas is the program that dd-wrt uses to set up the encryption of traffic used by wireless adapters. The first line kills the nas process that runs by default with the wrong settings. The second line starts the wireless adapter (eth0) connected to br0 as it was before. The 3rd line starts the virtual adapter (wl0.1) but this time connected to the br1 lan:
##MOVES VIRTUAL WIRELESS TO OWN BRIDGE
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
ifconfig br1 192.168.2.1 netmask 255.255.255.0
ifconfig vlan2 up
brctl addif br1 vlan2
ifconfig br1 up
##FIX NAS
killall nas
nas -P /tmp/nas.wl0lan.pid -H 34954 -l br0 -i eth1 -A -m 132 \
-k "`nvram get wl0_wpa_psk`" -s "`nvram get wl0_ssid`" -w 6 \
-g `nvram get wl0_wpa_gtk_rekey`
nas -P /tmp/nas.wl0.1lan.pid -H 34954 -l br1 -i wl0.1 -A -m 132 \
-k "`nvram get wl0.1_wpa_psk`" -s "`nvram get wl0.1_ssid`" -w 6 \
-g `nvram get wl0.1_wpa_gtk_rekey`
3)Place below in your firewall script to let traffic from br1 go to vlan1, which is the WAN (internet):
##BRI1
iptables -I INPUT -i br1 -m state --state NEW -j logaccept
iptables -I FORWARD -i br1 -o vlan1 -m state --state NEW -j ACCEPT
#below keeps the two networks from talking
iptables -I FORWARD -i br0 -o br1 -j logdrop
4)Copy the lines below into the box labeled
"Additional DNSMasq Options" on the "Services" tab to get your dd-wrt to dish out ip addresses to devices connecting to br1:
Posted: Mon Jul 28, 2008 14:41 Post subject: Re: ok
csmall wrote:
Is there any hope of unbricking my router now?
I have the same router, flashed with the same bad firmware, had the same rebooting problem, but was able to re-flash using tftp using the handy script below. Make sure the right firmware name is listed after "set firmware=". If using Windows, copy and save below as a text file with an extension of either .bat or .cmd, place in the same folder as the firmware, then double click:
@echo off
set firmware=dd-wrt.v24_vpn_generic.bin
echo ===========================================================================
echo This batch file will upload firmware in the current directory to
echo 192.168.1.1 during the router's bootup.
echo.
echo * Set your ethernet card's settings to:
echo IP: 192.168.1.2
echo Mask: 255.255.255.0
echo Gateway: 192.168.1.1.
echo * Unplug the router's power cable.
echo.
echo Press Ctrl+C to abort or any other key to continue...
pause > nul
echo.
echo * Re-plug the router's power cable.
echo.
echo ===============================================================================
echo Waiting for the router... Press Ctrl+C to abort.
echo.
:PING
ping -n 1 -w 50 192.168.1.1 > nul
if errorlevel 1 goto PING
echo.
@echo tftp -i 192.168.1.1 put %FIRMWARE%
tftp -i 192.168.1.1 put "%FIRMWARE%"
pause
if errorlevel 1 goto PING
echo.
echo ===============================================================================
echo * WAIT for about 2 minutes while the firmware is being flashed.
echo * Reset your ethernet card's settings back to DHCP.
echo * The default router address will be at 192.168.1.1.
echo.
pause
Posted: Tue Aug 05, 2008 5:27 Post subject: New Build Released
Does anyone know if the latest build (10086) release yesterday resolves this issue so that the wifiplanet tutorial works again?
The process detailed above works pretty well and I'm grateful for it, but I have had issues where the virtual SSID will sometimes drop a connection where the previous method did not.
Posted: Wed Oct 08, 2008 7:15 Post subject: I would like to open up a port from one bridge to the other
I have configured my router for a VLAN using the instructions from above. My main or public subnet is 192.168.100.XXX. My private subnet is 10.10.10.XXX on Vlan2 . Both of my Vlans seem to be working great with DHCP, thanks for the help. I have only one problem. I have a network printer on the Private subnet sitting at 10.10.10.240 on port 9100. I would like to open up this port to this printer so Public users can print to my private printer and still block all other traffic. I have tried a couple of different commands and as yet, I have had no luck. I am wondering of anyone knows the iptables command I need to add that will allow this traffic. Any help would be greatly appreciated. Following is how I have configured my router based on the above examples.
Quote:
Place the following below in your startup:
##MOVES VIRTUAL WIRELESS TO OWN BRIDGE
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
ifconfig br1 10.10.10.1 netmask 255.255.255.0
ifconfig vlan2 up
brctl addif br1 vlan2
ifconfig br1 up
Place below in your firewall script to let traffic from br1 go to vlan1, which is the WAN (internet):
##BRI1
iptables -I INPUT -i br1 -m state --state NEW -j logaccept
iptables -I FORWARD -i br1 -o vlan1 -m state --state NEW -j ACCEPT
#below keeps the two networks from talking
iptables -I FORWARD -i br0 -o br1 -j logdrop
Copy the lines below into the box labeled
"Additional DNSMasq Options" on the "Services" tab to get your dd-wrt to dish out ip addresses to devices connecting to br1:
After reading this page I ended up modifying the above fix nas code. The above fix nas might be written for WPA2-PSK where I am looking for WPA-PSK TKIP. The following modifications are specifically for WPA-PSK TKIP. This new setup has worked much better for me.
##Fix Nas
killall nas
nas -P /tmp/nas.wl0lan.pid -l br0 -H 34954 -i eth1 -A -m 4 \
-k "`nvram get wl0_wpa_psk`" -s "`nvram get wl0_ssid`" -w 6 \
-g "`nvram get wl0_wpa_gtk_rekey`"
nas -P /tmp/nas.wl0.1lan.pid -l br1 -H 34954 -i wl0.1 -A -m 4 \
-k "`nvram get wl0.1_wpa_psk`" -s "`nvram get wl0.1_ssid`" -w 6 \
-g "`nvram get wl0.1_wpa_gtk_rekey`"
