Slashdot Mirror
Linksys Adds Linux WRT54G Model Back
Glenn Fleishman writes "Last month, Slashdot and others wrote about how the Linksys WRT54G, a popular embedded Linux-based Wi-Fi gateway, had switched to VxWorks's OS for its v5 release. Because the WRT54G has become the standard as a cheap commodity device for building your own platform (like Sveasoft, Fon, and many others), this seemed like a big blow to hackers and developers. If you could still manage to flash the device--not sure if that was possible--it had half the RAM and flash of the v4 model. It turns out Linksys wasn't killing the Linux model. They've released it as the WRT54GL with v4.30.0(US) firmware and will sell it under that name for about $70 retail. It's already in stock and the new firmware is on their GPL software download page. Linux sales represent a few percentage points of their overall volume, based on the Linksys product director's remarks. The lesser quantity of RAM puts money back in their pockets on the mainstream model."
The v4.0 (which I have) uses a SoC that combines two chips from the v3.3. It's pretty much exactly the same software wise, just cheaper for Linksys to make.
I spent a lot of time working with SveaSoft's images. In general, if you have a old linksys floating around, it's a pretty good way to go. The time requirements for setting things up is non-trivial. This is especially true if you want to do anything sophisticated, ie, bridging, WDS or strange NAT tricks.
I am surprised CISCO doesn't do their own Linux adaptation for these boxes. I had no idea they were so popular that they actually would consider a different model for them.
Strangly QoS does not work very well with the latest versions from SveaSoft, as well as SveaSoft now locking downloads to a particular MAC address. I also had trouble getting the newer firmware (Talisman) to work cleanly with my box. I ended up buying a D-Link Gamer Wireless router and things just worked well. Having built in 1GBPS ethernet, QoS without the configuration headaches of OpenWRT and Linksys was cool. As with all opensource, it's only free if your time is worthless.
I have a WRT54G and I originally purchased it because I heard it was so hackable. However, I haven't dared to touch the firmware, mostly because the thing likes to explode every few hours. This thing will lockup and refuse all traffic going in or out unless I hard reset it. If many people are connected (10 or 12) it drops connections every 2 to 3 minutes. I understand its a remarkable piece of hardware...if it would just do its job. I'm ashamed to say the D-LINK I had worked much better.
It's a good deal that Linksys is releasing the WRG54GL... I'm glad to hear it.
Do be careful to not get a WRT54Gv5 though without doing research as to it's current state..as it is, it is NOT just like a WRT54Gv1-4 with stock firmware. It looks the same both physically and in the web page config as the older WRT54G, but it sure doesn't act like it.. Maybe Linksys'll get VXworks running on it properly, but as it is the unit I got had 1.00.0 firmware (never a great sign..) It was unusably buggy.. like, certain config screens randomly "forget" settings, only like 2 out of the 4 wireless cards I have around would even associate with the AP, and the SES (an autoconfig thing to set the channel to a clear one, set a unique SSID, and set a secure WEP or WPA key for you) would just kick in when it feels like, wiping out the SSID and WEP settings already entered into the unit. The "disable SES" checkbox unchecks when going through the config menus and then it's easy to trigger SES by mistake, by either bumping the front button, or hitting the very large "SES" button on the one config page where "Apply" usually is..
I updated to 1.00.2 (current firmware) and it's got the same issues.. it allowed 1 non-working card to associate, but 1 that did work with 1.00.0 didn't connect with 1.00.2.. I returned it after waiting a bit for a 1.00.3 firmware and have a Netgear access point now.
I bought the WRT54G ver 1.1 because of its hackability, at the time I was using a Microsoft router (I got it for $10, so I used that) but I bought the Linksys because of the neato factor. Then, I ended up ditching the MS router, because the Linksys with updated firmware is just the bomb. I told all my friends, one, a consultant, began buying WRT54G's for his customers because he could remote SSH into them and open ports etc to maintain their systems. It gave all kinds of flexibility.
.22
:p
I reccomended this model to everyone I knew - we use them at work now, and employees at work have bought them now on my reccomendation. I sent linksys an email thanking them for the GPLed version, and letting Linksys know I was reccomending this model to people.
I was dissapointed with the recent story of the non-linux version, however, with the release of the GL version, I am very impressed by Linksys indeed. Yes, it will probably cost a little more due to the better ram, but hey, I WANT the better ram! (Still seriously considering the flashcard hack...)
For those who care, my router runs:
dd-wrt version
WRTBlog
Uses SMB to save information to one of my network machines
Uses SNMP and MRTG (on network machine) to monitor bandwith (on top of bwlog)
These are worthy additions to your WRT. I am considering purchasing another and running kismet on it for wardrivng.
-- So, thank you Linksys, for releasing the source, and maintaining the WRT line.
Try to hack my 31337 firewall!
I have had three Linksys wireless routers and had pretty good luck. However, the v5 I bought a month ago died in less than two days. Fortunately CompUSA exchanged it and the replacement has been working fine.
One nice feature (which unfortunatly didn't work with mine) is the 'Management Mode' It allows you to put the router in a special mode to re-flash, even if the existing firmware is corrupt. Has a bare-bones web interface to upload the file. Handy.
Too bad mainstream appears to also mean 'cheap, unreliable parts' too...
- Carpe diem, quam minimum credula postero.
I used to run sveasoft on my linksys, but after reading more and more about their business practises, I let my account expire, and have now permanently dropped them in favor of the DD-WRT firmware (http://www.dd-wrt.com/).
DD-WRT is just as feature-rich (if not more) than sveasoft, and doesn't play sveasoft's silly games with their firmware source code, the GPL, and banning people on their forums. Sadly I can no longer recommend sveasoft to any of my friends with linksys routers.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
It was with clients using Intel's 2915ABG wireless cards. Installing custom firmware and updating the Intel drivers fixed the problem for me. I am currently running Firmware Version : v4.20.9 - HyperWRT 2.1b1+tofu7 on my version 3 WRT54G. I have uptimes of months now without any problems.
The link I meant to post for dd-wrt (IMO the best firmware for the WRT, mostly because of Sevasofts treatment of customers)
http://www.dd-wrt.com/
dd-wrt
Try to hack my 31337 firewall!
I just did the exact same thing, then stepped in. If you can solder worth a darn, even if you screw it up the first time you can still fix it. Read up on JTAG if you're curious as to how.
Actually using this method, you can reload a Microsoft MN-700 game router with OpenWRT, and it turns into quite a good wireless router.
Just my $0.02.
Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
I wish I had the chutzpah to do it. I'm staring at that unit right now. My big concern with it is if it fails for whatever reason it's probably fried, and I honestly can't afford another one right now. Any cheerful words concerning how easy it was or something like that might convince me to push the red button, but I haven't done it yet...
Just do a little reasearch on your specific model, so you know exactly which version you have. Then, install dd-wrt for your model of router. In fact, if you post your exact model of router here I am fairly certain a kindly slashdotter will give you the specific version required. (As long as they are not trolling, heck, if you reply to this I will even tell you what specific version of dd-wrt binary you need) I have flashed a number of WRT's, each with dd-wrt and the directions here are the best:
dd-wrt flashing guide
If you are paranoid make certain to wait the two min suggested after clicking the upload, and then ok buttons. That is it, you are good to go.
Try to hack my 31337 firewall!
I have always wondered why people who buy the WRT54G to run customized firmwares don't show as much interest as in similar embedded platforms, which are in the same price range ($70 to $130), have a similar or superior hardware config [1], and allow a similar level of customization. So why the WRT54G interest you, but not those embedded platforms ?
[1] Actually those platforms even seem more attractive (faster CPU, more RAM, bluetooth, MMC, etc), the only downside is that, of course, they don't provide 5 ethernet ports, but only 1 or 2.Hate to break it to ya chief, but the box I described is actually in production and works like a champ. Using the Intel Express Pro gigabit cards means even at 80-85% capacity, the box only has a load of .5.
I bought 4 of them (WRT54GS v2.0) and loaded sveasoft alchemy public version on them in order to create a very extended bridged network using wds. The outer two are connected to separate physical networks, and the inner two only have power (no physical network connection) and are situated in weatherproof boxes in the treetops. I am posting this note over them now!
:)
On hindsight, OpenWRT would have been a better choice, but for the minimally-enhanced functionality I was looking for (wds and a shell), sveasoft is dead easy. Yes, you run a risk and void your warranty. But you only go around once, eh?
Make sure your chosen firmware version is known to work on your particular linksys hardware. Here is a good page outlining the differences in Linksys versions. Sveasoft Alchemy doesn't specifically support my version but I found a reference of someone doing it, and it does work for me.
Good luck / happy hacking, and if you mess up, you want to search for the work "debricking"
The deals are out there. You just have to know what you're looking for.
I can't say I disagree with you, but as I work for a semiconductor manufacturer, I would like to expand on what 'unreliable' means in this case.
Actually, most consumer electronics devices are 'unreliable' in the sense that they experience relatively high failure rates (compared to, say, telecommunications infrastructure devices). This is a result of the (lack of) burn in done before the parts are deployed. Simply stated, it is cheaper to have consumer electronics fail in the field than to burn in all of the parts before-hand. This is not unique to Linksys.
Consumer devices are generally 250 FIT or higher for early failure rate [first year]. A FIT (failure in time) is the ratio of failed devices (in parts per million) to running time (in thousands of power on hours [kpoh])... so 250 FITS translates into 2500 parts per million (ppm) failing after 10 kpoh. That's really reasonable for consumer devices (0.25% failure in the first year). The average failure rate over the life of the consumer semiconductor (probably rated for 100K or 200K poh) is around 100 FITS.
As a side note, telecommunications devices are generally a higher standard, with early failure rate below 65 FIT and average failure rate below 25 FIT. The burn-in required to reduce the failure rate (since most of the failures occur early in the lifecycle, stress testing a part early on can trigger many of the early failures) costs a bundle of money, and can add enough expense to a part to eliminate the entire profit margin on a consumer device. Of course, for more important applications (telecom, brake systems in vehicles, medical equipment), higher reliability parts are used.
So yes, 'mainstream' (actually 'low margin and low risk in case of failure') does mean lower quality, but please don't bash the manufacturers too hard for it. Economics forces their hand, and the result is the system that is set up to take the returns, as you experienced.
On buy.com, the WRT54GS is actually cheaper than the WRT54GL, and has more RAM and more flash (4mb and 32 mb respectively). Seems kind of lame that they take the same device that used to sell for $45 and jack the price to $70, just to take advantage of the "linux" thing.
So to anyone looking to buy this router, consider the WRT54GS. With more ram and storage, you can do more things with it. All for about the same price.
Also, avoid Sveasoft at all costs. They are slimy. I still haven't been refunded my money after I canceled my automatically-renewing annual protect, I mean firmware access, fee. They promised they would, but a month later and several unanswered e-mails and I'm still out my $20 bucks. Next week I'll lodge a complaint with paypal.
For the best capabilities, use openwrt. it rocks! I've done so much more with it than I did with sveasoft, thanks to having a small writable partition to place scripts and so forth, instead of just having to use the nvram.
The price on these things has dropped as they halved the RAM and Flash. Basically, they now have two models where they had one: a cheaper version and the one we all know and love, they just gave the name to the cheaper one and added an "L" to make the fancier one sound better than last years model.
I have a WRT54GS v3.0, got it on rebate for $30 off. I made sure that I had the right version by using serial number ranges from http://www.linksysinfo.org/modules.php?name=Conten t&pa=showpage&pid=6
The latest GS version v4.0 has half the ram (4 & 16 instead of 8 and 32), but the store had mine and even a few 2.0 models mixed in for those who bothered to check the serial on the outside of the box.
I am running dd-rt v.23 right now, because it is free AND very easy to use, as well as modular (uses ipkg capabilities from openwrt). OpenWRT probably does more but needs more setup. I have been playing with the extra features, checking out all the software people like to use, and enjoying connecting via command line to check and change stuff in addition to browser access.
The G model was also on rebate, for a little less, but again the latest version isnt as good, in fact G version 5.0 doesnt use Linux, and getting a lower model revision required reading a lot of boxes (*or letting the store employees help-- I chased off 3 before I decided to let them help read serials after all)
William
If you are going to go on a rant like that, at least get your details right, otherwise you look like a blathering fool. The WRT54GS prior to version 4 (what you get now thru retail channels) had 8 meg of flash, 32 meg of ram. The G models had 4 meg flash, and 16 meg of ram. I always wondered why linksys did this, because the GS never did use the extra ram or flash, but I certainly use it on a lot of my installations. The GS models now come with 4 meg of flash, and 16 meg of ram, same as the G always had. I'm not surprised, thier firmware doesn't need the extra hardware, why put it on the boards to begin with ?
I've got about 200 WRT54G and 800 WRT54GS in the field. Have I been screwed by linksys ? Well, if you call putting out a thousand edge devices for well under $100 each being 'screwed', well, then I got screwed, and, please, do it again. this is the kind of screwing we really enjoy. But, before this deployment started, we did have questions about product availability and lifespan, questions we asked directly of linksys. The answers were as expected, the basic non answer one expected. Comparing our options, we chose to accept this risk, and started the deployment about 18 months ago, averaging a little over 50 a month since then, and still going strong. the point is, we did the risk analysis before starting deployment, and accepted the product change cycle risk as a possible point in the future that would break our plan. so far, it's not been a problem, we've been able to keep pace with the product change cycle.
The WRT54G product has allowed me to leverage the manufacturing might of linksys, onto a highly customized platform with our own in house firmware, and deploy a LOT of very capable routers, and a previously unheard of price point, buying for under $100 each. If I had used cisco equipment, and contracted 'cisco experts', the total cost would be well over a million dollars spent today, and, in all honesty, it would never have happened, our budget didn't have that kind of money to spend. I didn't use cisco 'experts' to design the network, I designed it myself. I started with OpenWRT, set up my own package repository on a server in our data center, and built up a custom package set that meets our needs. I've got a thousand routers spread across north america, every one of them religiously checking for firmware updates on a centralized server twice a day. They all have full time vpn connections running, and, the net result is a wide area network that gives all my small locations a full time connection to the corporate network, using a cheap dsl or cable connection from local sources. It's transparent to the offices, nobody at the offices has to fuss with vpn on thier pc's, and, we get wifi thrown in as a bonus. Sales staff LOVE it, they show up at any office, and voila, instant connection over wifi. The hardware cost to date, is just under $100K, and, within the company, I'm a hero for even coming up with the idea, never mind having it implemented and deployed.
The upcoming WRT54GL is good news for me, because it shows that linksys is validating the model we are using. I would have been much happier if the GL had the 8/32 form factor, could care less about the SpeedBooster tho. My supplier has quoted me the GL platform at about $10 less than what my last batch of GS V4.0 cost, so, the price break is gonna be noticed/appreciated here. If the GL was 10 dollars more instead of 10 dollars cheaper, I'd still be happy.
I dont have a lot of patience for folks that bitch about how linksys handles the WRT54 product line. They produce and put into the retail chain a router that's an ideal hardware platform for numerous edge device roles. They leverage thier manufacturing and distribution ability to get that thing to us at a sub $100 price point, even paying full retail. I dont believe for a minute that I'm the only one deploying these things at a tremendous rate to get 'real work' done, at a ver
When a firmware flash goes bad, the sure way to resurect is a JTAG cable and software ( i.e. the debricking kit).
The only dead routers I have seen were not killed by the bad flash attempt, but during the resurrection attempts by shorting the wrong pins and frying the flash chip or worse.
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
When Linksys started shipping v5, we switched to Asus WL-500G Deluxe. It has 32MB RAM, 2xUSB and (almost) ready-to-use COM-port. The only problem is small flash memory. I had to build a very custom OpenWRT image. Asus WL-500G Deluxe is more engineer-friendly than Linksys.
Failing ... yes ... bricking no ... there are many ways to debrick your router including a few cool ways through software and hardware to debrick it. Reading the linked website below has some ideas to fix a briked router. Making it almost impossible to "break" your current router. I have a WRT54Gs v4 and pressing the Cisco button caused it to open up a TFTP mode.
:) but yeah any other little questions just ask and im sure I can help
I prefer the dd-wrt firmware because it has the nice web based frontend plus the ablitity like OpenWRT to install extra software and do intresting things.
Here is an Install Page for the router and once you get it going you can really see what it does. It's awsome. You can use the routers web based frontend without even really having to see the backend but it's still there for those who like to tinker.
Install the v23 beta then Head over here to get ipv6 working this is cool cause it works with a popular free ipv6 tunneling provider. It's so easy to get running and once it's up on the router the clients are easy as pie to setup. "modprobe ipv6" (linux) or "ipv6 install" (windows XP) to get it fired up. He.net gives you 18 quintillion IP's so that should be satisfactory for your small to big LAN.
Solosoft
Solosoft.org - Your Online Resource to Nothing
If memory serves, most of these home routers are running on MIPS based hardware. There is no port of OpenBSD to the sbmips platform (yes there is an SGI MIPS port but I doubt it is similar enough for an easy transition). I believe NetBSD has been ported to this platform but I am unsure of whether the supported chipset is the same as that in a home router. There's also the possiblity that there won't be wifi card or ethernet drivers on NetBSD so you would have to reverse engineer those... Personally I'd just stick with Linux but porting a *BSD for full support would be an interesting exercise.
As another poster said, if you want to run OpenBSD on embedded hardware you are better off going for the soekris stuff but you'll pay a LOT more (prices for just the board without case, wifi card or power cable start at $128) than for the shelf consumer stuff (Amazon has a WRT54 for $54.99).
Bricking your router by doing something non-warranty safe and getting a replacement is unfair to Linksys - big faceless corporation or not
Yea, just like bricking your PC by uninstalling the warranty-safe Windows and installing some open source junk like Linux, right?
Those who actually have experience with OpenWRT understand the OS loads in a manner interchangeable with the Linksys OS, and in fact, is possible because Linksys's own OS was based on Linux. That we would prefer to run a more flexible build and be reducing, not increasing tech support calls (as we're certainly not going to get support from OpenWRT) is a gain to Linksys. When we buy 500 units to put around the corporate campus in remote kismet drone mode, that's a sale that benefits Linksys, and when we have well trained and certified techs maintaining them, we're not about to be a support issue. Those that don't know how to responsibly brick the OS stay with the default OS and bother Linksys a hell of a lot more.
The real issue here is that Linksys, under Cisco management, has been consistently dumbing down products and replacing reliable components with junk. Consider their WET-11 which became a staple in home wifi LANs. When Cisco got ahold of Linksys, they replaced the 40 mw wifi radio with a 30 mw unit, allegedly to resolve flash-death issues (the units would suffer very rapid declines in stability due to poor circuitry protection of the flash memory, requiring frequent power cycling and eventually going DOA in less than a year - typically more than 70% we dealt with suffered this fate). So they fixed the wrong thing without telling or updating the product literature to advise it was no longer 40 mw.
Imagine sending in a few hundred for RMA only to get a unit back that goes into an office and no longer connects at all (due to a lower powered radio that suffered high levels of variability on the output). 30 mw was the top end... 15-25 mw more likely.
So they went to the dumpster. Our corporate put in a Linksys ban (actually a Cisco ban until IT told the CFO that Cisco and Linksys were somewhat different, though we're seeing issues with Cisco reliability now too).
My question for those that might know: who is the cheapskate at Cisco who's making these decisions and killing their reliability?
but anyway you can have a no incoming connections unless i specify otherwise policy perfectly easilly without having nat.
You can but you (or the manufacturor) has to specify the policy, while NAT does this by it's very nature.
Also worth a mention however, that IPv6 has address space defined for LANs/non-routable nets, so NAT is not IPv4 specific.
and besides if someone really wants to get into any nontrivial sized network its probablly not that hard to get a box on the inside.
strawman, this may be true but it doesn't affect putting layers of security onto the rest of the network and it doesn't have much to do with protocols/routing in use.
1st- sometimes when a firmware flash goes bad, the hardware is DEAD. not repairable. trash.
Not true, most of the time. You can open the box up and short a couple of wires, causing the bootstrap to decide the FLASH is corrupt, and TFTP a new firmware in.
I bricked my 54G last month, and got it back via this method. From reading the forums, at least 90% of failed flash upgrades can be recovered from. There's a reason there are people out on eBay and other places buying bricked routers. They're de-bricking them and reselling them.
Madwifi for Atheros chipsets. My tablet (Fujitsu 3500 Stylistic, For Sale!) runs Gentoo Linux and has been using my cheap-as-dirt Blitzz 802.11g card to connect to the router. Works with everything, wpa_supplicant and all. The only thing it won't do is Airsnort which I find highly dissapointing. I've also used the ndis wrappers with a Belkin 54g card. They weren't that hard to install and provided at least the functionality to connect to the wireless network I wanted it to.
I wear the ring.
because the wrt54g had to compete with the rest of the cut throat wireless router market, which drove its price down. now that the 54GL is a specialty item, it does not need to compete (they have the cost-reduced 54G for that) so the price can remain high.
the magic of the WRT54G was not just that it was flashable to improved firmware. the real magic was that it was flashable, in combination with the fact that the hardware was easily available at numerous retail and online outlets, which also competed with each other.
does anybody really think that the 54GL model is gonna show up in Staples' Sunday newspaper ads with for $40 after rebate? and that we could take that to Circuit City and price match, etc? No way. We'll be lucky if these kind of places even stock it at the list price.
the WRT54G's price has held steady at around $40 after rebates for probably over a year now. Meanwhile, wireless routers from Dlink and Netgear (not to mention the lesser brands) have droped to the $20 range and even free after rebate. One could look at this two ways: either the hacker community was supporting sales of the 54G at the higher price point, justifying its higher price relative to the competition, or Linksys was unable to support lower prices due to the cost of the RAM/flash hardware and thus had to go to the new cost-reduced model to be competitive on the consumer front.
I'm quite certain that we'll be paying higher prices for the 54GL version that we're used to.
The original poster was premised on using ipv6 for peer to peer. That basically invalidates your discovery arguement, no random probes thru address space required. Just join the p2p network, and wait for the machine to tell you where it's located. Ip discovery problem solved.
As for the overall security, you misunderstood the whole concept. Nat is not the only layer involved, it's just one of the layers, providing 'yet another obstacle' to potential intruders.
Network security in general is a concept vastly misunderstood by a lot of people, especially some of the zealots here on /. . Network security is always a compromise between security, and useability, with some form of 'cost of deployment' normally being the factor that drives the level of compromise. I was once standing beside a server with a client, and he was adamant, this server must be ABSOLUTELY secure from penetrations by external attack, and, compromise from within the company as well. I asked him if there were any other qualifications to the statement, and he said no, just that it must be absolutely secure. The solution was trivial, I reached over, and pulled the power plug out of the ups. Voila, a server that's ABSOLUTELY secure from network attack, but, it kinda fails the useability test in that mode.
The other aspect you need to consider, is the value of the data being secured, as well as the 'ability to pay' for that level of security. If you have data with a value of $100K, there's no sense spending a million dollars developing a security plan/system to protect that data. This becomes totally nonsensical when the company holding the data doesn't have a million dollars to spend on securing it. At that point, you need to develop a plan/mechanism that's proportional to the value of the data being secured, and within the budget of the folks paying the cost. Pretty much every real world scenario ends up balancing trade-offs that ultimately become driven by cost, where useability translates into implied cost.
Its also pretty easy to toss around buzzwords when talking about this stuff, especially dealing with folks that have no clue what the buzzwords really mean. SPI is a good example, lots of low end routers these days advertise 'stateful firewall'. That's all fine and dandy, but, they are basically just out of the box implementations, and, there's no real ability to actually set up stateful conditions on them, and even if there was, the vast majority of folks deploying them, dont have a clue how to go about it. But, it hits the buzzword requirements, it says 'stateful' on the box.
When designing the edge connections for a network, useability normally says we must allow _some_ data thru the edge, otherwise it serves no purpose. That precludes aboslute security, which can be gained by simply unplugging the network connection. So, the key then is to build obstacles on the incoming penetration attempts, without creating systems to cumbersome for internal users. In a large installation, firewalls with large blacklists etc, and filtering proxies may well be appropriate, and, it's going to become a full time job just keeping all those things up to date. In a small office of 4 users, all of whom are computer illiterate, its far to cumbersome of a solution, so, compromise between useability and cost needs to happen. The first step is to deploy a solution that stops the _majority_ of outside penetration attempts, yet implies almost no additional steps/cost/learning for the folks on the inside. A nat router is the obvious first step. It keeps the script kiddies out, and lets the employees do thier work without much/any hassle. In a lot of small offices, that's 'good enough' because you look at the value of the data being secured, and, there's not a lot there to even be an appealing target to a black hat with sufficient skills to get thr