Configuration Options

In adition to the standard NVRAM configuration options, my firmware modifications add a few more options which can be set using the nvram utility on the WRT54G command line (but don't forget to invoke "nvram commit" before rebooting)

dnsmasq_enable: enable/disable dns masquerading proxy
httpd_enable: enable plaintext HTTP
httpsd_enable: enable SSL-encrypted HTTP
syslogd_enable: enable syslogd
telnetd_enable: enable telnet daemon

dr_lan_rx: listen to RIP on the LAN interface
dr_lan_tx: send RIP on the LAN interface
dr_wan_rx: listen to RIP on the WAN interface
dr_wan_tx: send RIP on the WAN interface

filter=vpn: only allow VPN traffic to pass between LAN and WAN interfaces

Network Interfaces

By default WRT54G v1.x use the 4702.et driver which handles VLAN tags internally and exposes the LAN switch as eth0 and the WAN interface as eth1.

WRT54G v2 exposes the 5-port Ethernet switch as eth0 using VLANs (id 0 for the internal LAN and id 1 for the WAN interface).

WRT54G v1.x devices can also be switched to VLAN mode, but it uses VLAN id 2 for the internal LAN. The following settings can be used to switch the WRT54G v1.x to VLAN mode:

vlan1hwname=et0
vlan2hwname=et0
lan_ifnames=vlan2 eth2 eth3 eth4
wan_ifnames=vlan1
wan_ifname=vlan1
use_vlan_et=1

OpenVPN Configuration

List of NVRAM settings to customise the OpenVPN configuration. Up to 10 OpenVPN processes can be configured using the following NVRAM setting (the first OpenVPN process uses the prefix openvpn_, the second OpenVPN process uses openvpn2_ as its configuration prefix and so on). You can either choose to store the whole OpenVPN config in NVRAM (using openvpn_config), or you can use the individual options to configure OpenVPN. In any case, certificates or keys must be stored in the respective NVRAM settings.

openvpn_enable: enable OpenVPN (1 to enable)</li>
openvpn_config: OpenVPN configuration file (in this case, the lport, push, ifconfig, pool and route options will be ignored)
openvpn_lport: OpenVPN lport option (local UDP port, e.g. 5000)
openvpn_push: OpenVPN push options, separated by newlines (e.g. "route 0.0.0.0 0.0.0.0"
openvpn_ifconfig: OpenVPN ifconfig option (e.g. "10.20.30.1 10.20.30.2"
openvpn_pool: OpenVPN ifconfig-pool option (e.g. "10.20.30.4 10.20.30.255")
openvpn_route: OpenVPN route option (e.g. "10.20.30.0 255.255.255.0")
openvpn_ca: OpenVPN ca option (certificate authority file)
openvpn_cert: OpenVPN cert option (certificate file)
openvpn_key: OpenVPN key option (private key file)
openvpn_secret: OpenVPN secret option (pre-shared key file)
openvpn_secret_dir: additional parameter for the "secret" option (direction flag)

Before OpenVPN is started, the contents of openvpn_ca, openvpn_cert, openvpn_key and openvpn_secret will be written to the files /tmp/openvpn/ca.pem, /tmp/openvpn/cert.pem, /tmp/openvpn/key.pem and /tmp/openvpn/secret.key. BTW, the recommended way of setting these options is to use "nvram set openvpn_ca" (note, that there is no '=' after the NVRAM key name which will tell the nvram utility to read the value from stdin) then copy-and-paste the file and finish by pressing Ctrl-"D".

All other NVRAM settings for OpenVPN will be passed on the command line to OpenVPN.

Please note that OpenVPN's certificate validation requires that the system clock is set to the correct time.

The following OpenVPN configuration file is built into the firmware and used by OpenVPN. Commented out options can be set using the NVRAM setting shown above.


mode server

dev tun
#lport [openvpn_lport]
#ifconfig [openvpn_ifconfig]
#ifconfig-pool [openvpn_pool]
#route [openvpn_route]
#push "[openvpn_push]"
link-mtu 1460
mssfix 0

tls-server
dh /etc/dh1024.pem

persist-key

#comp-lzo
no-replay

ping-exit 600

verb 1
daemon

The following configuration can be used on a client to connect to the OpenVPN server on the WRT54G:


dev tun
remote [remote-ip-addr] [remote-port]
nobind
pull
link-mtu 1460
mssfix 0

tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/cert.crt
key /etc/openvpn/key.crt

persist-key

ping 60
ping-restart 150

no-replay

verb 1
daemon