Bridge Install

From DD-WRT Wiki

Jump to: navigation, search

Contents

[edit] Bridge Mode Install (Client Bridge)

I was having trouble getting OpenWRT to do any sort of bridging with my Belkin A/G ap, so I'm trying out bridge mode using DD-WRT.

Hardware: Linksys WRT54G V2 / Belkin A+G Dual Mode AP Router F6D3230-4 firmware 1.01.05

[edit] Flashing from OpenWRT and getting to the GUI

I figured I'd give it a go to just use the 'upgrade firmware' link in OpenWRT to flash DD-WRT2.3-voip. It worked, using a laptop and my Belkin A mode WLAN connection. Once the flash was rolling, I did an

ifconfig eth0 192.168.1.100

to bring up the laptop ethernet connection to the Linksys. Then http://192.168.1.1 brought up the GUI. Now to figure out the default username and password. Ok, default username is blank. Default password is admin.

[edit] Configuration

My local network is 10.6.6.0/24, my Belkin is at 10.6.6.1, ssid examplessid, channel 1, WPA-PSK, with a 63 character passphrase. (The Belkin does not allow a 64 hex key to be entered, only a passphrase.)

[edit] Setup

[edit] Basic Setup

First page, Internet is disabled (I use another PC as a gateway connected to my cable modem). DHCP server is also disabled, I use static IPs in my LAN.

  • Assign WAN port to Switch - enabled
[edit] Advanced Routing
  • Advanced Routing
    • Operating Mode - Gateway

[edit] Wireless

[edit] Basic Settings
  • Wireless Mode - Client Bridge
  • Wireless Network Mode - Mixed
  • Wireless Network Name (SSID) - examplessid
[edit] Wireless Security
  • Security Mode - WPA2 Pre-Shared Key (The Belkin calls it WPA but allows me to use AES, so from what I understand that would be WPA2
  • WPA Algorithms - TKIP+AES (I used AES on the Belkin but I'm unsure about the Group Key, so this can't hurt.

There is a problem here. The Belkin only allows a 63 character passphrase. The DD-WRT requires the actual hex key. I've tried to figure out how to deal with this but I got nowhere. I think this is the root of the problem of getting WPA mode to work for me... see below.

I had to change security mode to 128 WEP, on both routers. It should have worked, if WPA works at all in these routers, but as I don't have all week to sit here and figure it out, I fell back to WEP. My suggestion for the DD-WRT interface is that it allows entry of either a passphrase or key, and handles the conversion itself. This would allow use of routers like the Belkin that only allow passphrases.

[edit] Security

[edit] Firewall
  • Firewall Protection - Disabled

[edit] Administration

[edit] Management
  • DNS Masq - Disable
  • Local DNS - Disable
  • 802.1X - Disable
  • NTP Client - Disable
  • Loopback - Disable
[edit] Services
  • SSHD - Enable (This probably should be the default)
  • Telnet - Disable (This probably should be the default)

[edit] Conclusion

I got nowhere further with this than I got with OpenWRT. It was a waste of time. Both OpenWRT and DD-WRT still, as of version 2.3, cannot do a client mode connection to an AP using WPA security, where the AP being connected to is using a passphrase, and the client is using a key. This is my assumption, because others have gotten it to work with other routers, which must have been using a hex key and not a passphrase. Pleas enlighten me if this is not the real problem here.

Note: I am a CQT specialist for a high-security wireless hardware company, as well as a system administrator for Linux systems. If someone either corrects me or confirms my findings, I will be happy to do something to contribute to the effort and fix this problem.