Blogging about IT Stuff by ESSERIO

OpenWRT + OpenSwan IPSEC on Linksys WRT54GL v1.1

May18
2011 3 Comments Written by gkoo

First of all u need a linux pc in order to accomplish this so if u don’t have one try using a virtual machine running linux.

Ok here goes,
The challenge was to install openswan ipsec support on top of the openwrt custom firmware using a Linksys WRT54GL router. The usual way to do this would be using the package manager that comes with OpenWRT (opkg) but since this router has only a 4MB flash, if using the default firmare from openwrt, there’s not enough space to install openswan. The way to do it is to build a custom firmware using OpenWrt’s Image Builder.

The instructions on how to use the builder can be found here:
http://wiki.openwrt.org/doc/howto/obtain.firmware.generate

The issue i had is that it’s quiet confusing to understand which packages to use for a custom firmare. The article in the link above shows us how to get a list of the default packages coming with the official firmare:

After a few times trying i ended up with the following make command to generate a firmware that would fit in the 4mb flash card on the router. I had to drop some of the default packages (the ones with a – in front of their name in the below command) in order to keep the firmare + web gui + openswan configuration:

make image PACKAGES=”base-files busybox dnsmasq dropbear firewall hotplug2 libc libgcc nvram uci udevtrigger wireless-tools luci kmod-crypto-core kmod-crypto-aes kmod-crypto-arc4 kmod-ipt-core kmod-ipt-conntrack kmod-ipt-nat kmod-ipt-nathelper -kmod-ppp -kmod-pppoe kmod-crc-ccitt kmod-diag kmod-switch kmod-b43 kmod-b43legacy kmod-cfg80211 kmod-mac80211 libiptc liblua libnl-tiny libuci libuci-lua libxtables crda iptables iptables-mod-conntrack iptables-mod-nat iw -ppp -ppp-mod-pppoe uhttpd wpad-mini -lua openswan -nano mtd -opkg”

Note the openswan package at the end. When issuing this command the system will build the custom firmware which is under 4mb so it will fit your router’s flash. You can then upload the firmare onto the router using tftp as described here: http://wiki.openwrt.org/toh/linksys/wrt54g

Good luck

Posted in linux administration, System Administration - Tagged , ,
«
»

3 Comments
  1. Moon's Gravatar Moon
    August 13, 2011 at 10:24 am | Permalink

    I was seiurosly at DefCon 5 until I saw this post.

  2. Margaretta's Gravatar Margaretta
    January 6, 2012 at 3:23 pm | Permalink

    We could’ve done with that inishgt early on.

  3. gkoo's Gravatar gkoo
    January 6, 2012 at 4:57 pm | Permalink

    i’m glad it helped you

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Before you post, please prove you are sentient.

What is the outer covering of a tree?