This article describes how I set up a wireless access point at my summer house. It uses a 3G/UMTS card to connect to the Internet. The hardware is the Linksys WRT54G3G v1.1 router and a Huawei E600 3G-card. The Linksys original software doesn’t support the Huawei E600 card. The software I chose is OpenWRT Kamikaze 7.09. The 3G/UMTS provider is the Swedish Tele2/Comviq.
If you don’t care about the 3G setup, and care more about WDS or PSK2 encryption, you may find my home wireless network writeup more relevant. If you have a more modern USB 3G dongle, you may find my wireless router with 3G dongle writeup more relevant.
If you want to comment on this, please go to the blog entry.
Created by Simon Josefsson on 2007-07-21 for Kamikaze 7.06. Updated for Kamikaze 7.07 on 2007-07-27, again for 7.09 on 2007-10-04. As of 2009-12-16 the system is still running in production use with great results.
Installing OpenWRT
I chose the brcm-2.4 variant of OpenWRT for this device. The plain brcm variant will work, and uses the newer 2.6 kernel, but wireless will not work. For more information, see the Kamikaze 7.09 release notes and the Installation section in the manual.
I downloaded from http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/ the following image.
d5171f9699534ac9cc0321122158ba37e24b6d37 openwrt-wrt54g3g-2.4-squashfs.bin
You flash the file using Linksys' web interface, under "Firmware upgrade".
If you ever want to re-start from scratch from within OpenWRT (which I did when writing this page) you’ll have to use the mtd tool and download the TRX file. There is only one TRX file for all models. (Actually, the BIN files just contain the TRX file plus a header to make the Linksys web interface happy.)
root@OpenWrt:~# wget http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/openwrt-brcm-2.4-squashfs.trx Connecting to downloads.openwrt.org [195.56.146.238:80] openwrt-brcm-2.4-squ 100% |*****************************| 1796 KB 00:00:00 ETA root@OpenWrt:~# mtd -r write openwrt-brcm-2.4-squashfs.trx linux Unlocking linux ... Writing from openwrt-brcm-2.4-squashfs.trx to linux ... [w] Rebooting ...
You’ll have to use a ethernet cable at this point. Connect it to LAN1-LAN4, not WAN. Use DHCP to get an IP address, or use 192.168.1.42. The router will use 192.168.1.1. Telnet to the host and add a SSH key to be able to login as root using SSH. Naturally, you’ll have to use your own SSH key (~/.ssh/id*.pub).
jas@mocca:~$ telnet 192.168.1.1
Trying 192.168.1.1...
Automatic decryption of input is enabled
Automatic encryption of output is enabled
Will send login name and/or authentication information.
Connected to 192.168.1.1.
Escape character is '^]'.
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
BusyBox v1.4.2 (2007-09-29 09:01:24 CEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (7.09) -----------------------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
---------------------------------------------------
root@OpenWrt:/# echo 'ssh-rsa AAAA... foo@bar' > /etc/dropbear/authorized_keys
root@OpenWrt:/# cat /etc/config/dropbear | sed -e "s/'on'/'off'/" > /etc/config/dropbear
root@OpenWrt:~# rm /etc/rc.d/S50telnet /etc/rc.d/S50httpd
root@OpenWrt:~# dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key
Public key portion is:
ssh-rsa AAAA... root@OpenWrt
Fingerprint: md5 ae:c5:ab:58:bf:d5:09:47:63:e6:a0:5f:3a:49:af:a4
root@OpenWrt:~#
Telnet should now be disabled, and you should be able to login as root using SSH with your SSH key will be available. Try it from your machine. The SSH key should match what was printed by dropbearkey. Reboot the machine once you have confirmed that SSH works, to disable telnet.
jas@mocca:~$ ssh -l root 192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is ae:c5:ab:58:bf:d5:09:47:63:e6:a0:5f:3a:49:af:a4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
BusyBox v1.4.2 (2007-09-29 09:01:24 CEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (7.09) -----------------------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
---------------------------------------------------
root@OpenWrt:~# reboot
root@OpenWrt:~# Connection closed by foreign host.
For reference, there is a dropbear public key authentication howto for OpenWRT wiki page.
Enabling Wireless
Wireless is disabled by default, you’ll have to modify “/etc/config/wireless” and comment out the “disabled” option. The line containing the “disabled” option should look like:
# option disabled 1
If you want to change the name of the wireless network (the ESSID) from “OpenWRT”, you can do so in the same file.
I’m running an Open AP. If you want higher security, you should set that up now. See the Kamkikaze Configuration manual.
After you have made your changes, try the new configuration by rebooting the device.
root@OpenWrt:/etc/config# reboot
Enabling 3G/UMTS
The PCMCIA drivers are not loaded by default, and not even installed. You’ll have to copy some packages onto the device somehow.
I needed the following packages: kmod-pcmcia-core, pcmcia-cs. Install the PCMCIA drivers and test that it works:
root@OpenWrt:~# ipkg install pcmcia-cs_3.2.8-1_mipsel.ipk Installing pcmcia-cs (3.2.8-1) to root... Configuring pcmcia-cs Done. root@OpenWrt:~# ipkg install kmod-pcmcia-core_2.4.34-brcm-1_mipsel.ipk Installing kmod-pcmcia-core (2.4.34-brcm-1) to root... Configuring kmod-pcmcia-core Done. root@OpenWrt:~# cardctl status Socket 0: 3.3V CardBus card function 0: [ready] function 1: [ready] root@OpenWrt:~#
The Huawei E600 is actually a USB OHCI controller, with three serial ports behind it. So we’ll need to install USB support as well. I needed the following packages: kmod-usb-core, kmod-usb-serial, kmod-usb-ohci.
root@OpenWrt:~# ipkg install kmod-usb-core_2.4.34-brcm-1_mipsel.ipk Installing kmod-usb-core (2.4.34-brcm-1) to root... Configuring kmod-usb-core Done. root@OpenWrt:~# ipkg install kmod-usb-serial_2.4.34-brcm-1_mipsel.ipk Installing kmod-usb-serial (2.4.34-brcm-1) to root... Configuring kmod-usb-serial Done. root@OpenWrt:~# ipkg install kmod-usb-ohci_2.4.34-brcm-1_mipsel.ipk Installing kmod-usb-ohci (2.4.34-brcm-1) to root... Configuring kmod-usb-ohci Done. root@OpenWrt:~#
With Kamikaze 7.06, you may get an error in the kernel log since the Huawei USB ID is not recognized. Note that this has been fixed in both 7.07 and 7.09.
usb.c: USB device 2 (vend/prod 0x12d1/0x1001) is not claimed by any active driver.
To fix this in 7.06 (although I suggest upgrading to 7.07 or 7.09 instead), you’ll need to load the ‘`usbserial'' kernel module with the ``vendor=0x12d1 product=0x1001'' parameters. To make this be loaded automatically every time the box starts, modify ``/etc/modules.d/60-usb-serial’' into:
usbserial vendor=0x12d1 product=0x1001 # Huawei E600
Reboot the box, and you’ll see something like this in the kernel log:
Linux Kernel Card Services 3.1.22 options: [pci] [cardbus] PCI: Enabling device 01:01.0 (0000 -> 0002) Yenta ISA IRQ mask 0x06f8, PCI irq 2 Socket status: 30000820 cs: cb_alloc(bus 2): vendor 0x1033, device 0x0035 PCI: Enabling device 02:00.0 (0000 -> 0002) PCI: Enabling device 02:00.1 (0000 -> 0002) PCI: Setting latency timer of device 00:04.0 to 64 usb-ohci.c: USB OHCI at membase 0xb8004000, IRQ 2 usb-ohci.c: usb-00:04.0, PCI device 14e4:4716 usb.c: new USB bus registered, assigned bus number 1 hub.c: USB hub found hub.c: 2 ports detected PCI: Setting latency timer of device 02:00.0 to 64 usb-ohci.c: USB OHCI at membase 0xc01b5000, IRQ 2 usb-ohci.c: usb-02:00.0, PCI device 1033:0035 usb.c: new USB bus registered, assigned bus number 2 hub.c: USB hub found hub.c: 1 port detected PCI: Setting latency timer of device 02:00.1 to 64 usb-ohci.c: USB OHCI at membase 0xc01b7000, IRQ 2 usb-ohci.c: usb-02:00.1, PCI device 1033:0035 usb.c: new USB bus registered, assigned bus number 3 hub.c: USB hub found hub.c: 1 port detected usb.c: registered new driver serial usbserial.c: USB Serial support registered for Generic usbserial.c: USB Serial Driver core v1.4 hub.c: Cannot enable port 1 of hub 1, disabling port. hub.c: Maybe the USB cable is bad? hub.c: new USB device 02:00.0-1, assigned address 2 usbserial.c: Generic converter detected usbserial.c: Generic converter now attached to ttyUSB0 (or usb/tts/0 for devfs) usbserial.c: Generic converter detected usbserial.c: Generic converter now attached to ttyUSB1 (or usb/tts/1 for devfs) usbserial.c: Generic converter detected usbserial.c: Generic converter now attached to ttyUSB2 (or usb/tts/2 for devfs)
The next step is to get dial-up PPP working. The “comgt” package contains several 3G/UMTS scripts that appear to be intended for the WRT54G3G or similar devices. I needed the following packages: chat, comgt.
root@OpenWrt:~# ipkg install chat_2.4.3-8_mipsel.ipk Installing chat (2.4.3-8) to root... Configuring chat Done. root@OpenWrt:~# ipkg install comgt_0.32-1_mipsel.ipk Installing comgt (0.32-1) to root... Configuring comgt Done. root@OpenWrt:~#
Configure OpenWRT to enable the 3G/UMTS connection was the step that took the most time to figure out how to do. There doesn’t seem to be much documentation related to the Kamikazu network configuration files. To figure out how it worked, I had to read several scripts on the box. I learned a lot from that process, but I’d prefer if I hadn’t needed to.
I ended up modifying the WAN section of “/etc/config/network” to read as follows:
#### WAN configuration
config interface wan
option ifname 'ppp0'
option proto '3g'
option device '/dev/usb/tts/0'
option apn 'internet.tele2.se'
If you for some reason wish to keep the WAN port on the box as the "real" Internet connection (maybe to use the 3G part only as a backup Internet connection in case the other one goes down?), instead of replacing the existing WAN section in the file, add a new section:
#### 3G/UMTS configuration
config interface ppp0
option ifname 'ppp0'
option proto '3g'
option device '/dev/usb/tts/0'
option apn 'internet.tele2.se'
After adding that, pressing the 3G button on the box (or invoking ifup wan or ifup ppp0 respectively) does the right thing for me.
You may have noticed that I didn’t set the PIN-code anywhere. That’s right, I disabled PIN-code question on the SIM card using either the Huawei Windows software or my cell phone (cannot recall which, either will work). If you do not want to do this, add the following to the network stanza:
option pincode '1234'
You may also have noticed that I didn’t provide a PPP username or password. My provider, the Swedish GSM/3G operator Comviq/Tele2, doesn’t seem to require one. Should you need one, I believe you could add something like the following to “/etc/ppp/chap-secrets”:
#USERNAME PROVIDER PASSWORD IPADDRESS 46708123456 * 46708123456
But I haven’t tested this. Naturally, replace the username/password with the appropriate values.
Remote logins
I want to be able to access the router remotely and it doesn’t have a static IP address. The first step is to make sure I can find the IP address of the router remotely. Installing and using ez-ipupdate is easy. Now that we have an Internet connection on the router, start by running ipkg update.
root@grisslan:~# ipkg update Downloading http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/packages/Packages Updated list of available packages in /usr/lib/ipkg/lists/release Downloading http://downloads.openwrt.org/kamikaze/packages/mipsel/Packages Updated list of available packages in /usr/lib/ipkg/lists/packages Done. root@grisslan:~#
I’m using DynDNS which doesn’t cost anything and have been working without problems for me so far. My “/etc/ez-ipupdate.conf” looks like:
service-type=dyndns user=USERNAME:PASSWORD host=YOURHOSTNAME interface=ppp0 #quiet # Do not change the lines below cache-file=/tmp/ez-ipupdate.cache pid-file=/var/run/ez-ipupdate.pid
Replace USERNAME and PASSWORD with your DynDNS account information. Replace YOURHOSTNAME with the hostname you’ve registered.
You also need to open up the firewall to allow incoming connections on port 22 (the ssh port), add the following line to “/etc/config/firewall”:
accept:proto=tcp dport=22
Reboot the router, press the button to connect to the Internet, and then try to login to the router remotely: ssh -l root YOURHOSTNAME.
Various stuff
It can be useful to make pppd output debug information. To do that, change #debug to debug in /etc/ppp/options.
You can change the hostname of the router in /etc/config/system. This can be useful if you have several OpenWRT boxes, since otherwise the bash prompts all look the same on them.
Optimization
There is one final thing to comment. The Huawei E600 doesn’t follow standard AT commands for 3G/UMTS. Thus, here is what happens if I try to get online. Notice the delay!
root@OpenWrt:~# time ifup ppp0 ifconfig: SIOCGIFFLAGS: No such device SIM ready PIN set successfully Trying to set mode Timeout setting WWAN mode! real 0m 20.52s user 0m 0.75s sys 0m 1.16s root@OpenWrt:~#
The connection will work anyway, but timeing out setting the 3G/UMTS mode takes about 15 seconds. The OpenWRT scripts try the AT$NWRAT and the AT_OPSYS command, but neither works with the Huawei E600. The code is in “/lib/network/3g.sh”. The steps to check whether the SIM is ready and setting the PIN code (which I don’t need) also take time. In total, it is about 20 seconds when the 3G led is blinking green.
I haven’t found any way to disable this stuff through some configuration file. However, I modified “/lib/network/3g.sh” and commented out the relevant part:
# if gcom -d "$device" -s /etc/gcom/getcardinfo.gcom | grep Novatel 2>/dev/null >/dev/null; then
# case "$service" in
# umts_only) CODE=2;;
# gprs_only) CODE=1;;
# *) CODE=0;;
# esac
# mode="AT\$NWRAT=${CODE},2"
# else
# case "$service" in
# umts_only) CODE=1;;
# gprs_only) CODE=0;;
# *) CODE=3;;
# esac
# mode="AT_OPSYS=${CODE}"
# fi
#
# PINCODE="$pincode" gcom -d "$device" -s /etc/gcom/setpin.gcom || {
# echo "$cfg(3g): Failed to set the PIN code."
# set_3g_led 0 0 0
# return 1
# }
# MODE="$mode" gcom -d "$device" -s /etc/gcom/setmode.gcom
Now running ifup ppp0 is fast:
root@grisslan:~# time ifup ppp0 ifconfig: SIOCGIFFLAGS: No such device real 0m 1.37s user 0m 0.76s sys 0m 0.59s root@grisslan:~#
The End
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.
