OpenWRT, WDS, and What I Do On the Toilet

I finally found a fix to a longstanding problem I’ve had with OpenWRT. While the solution was a simple one that seems obvious in retrospect, I’ll record it here in case it helps someone Googling for a fix to the same problem.

If you have read this far, I’ll assume that you know what OpenWRT is. Having found it to be blazingly fast and rock steady on my main router, a WRT54GL, when I came across a good deal on a second WRT54GL I decided to use it to extend the wireless range in my home. I’d set it up in the living room, have it wirelessly connect to my main router in the office, and give me a strong Internet connnection from even the remote reaches of my home.

It seemed like an obvious usage for a second router, so I didn’t expect to have any difficultly finding instructions on how to do this on OpenWRT’s excellent but sprawling wiki or one of the many other sites that cover the software. Unfortunately, what I found was too much information — there are umpteen different ways to connect two routers, and OpenWRT supported pretty much all of them. I found myself switching from site to site, poring through descriptions of repeaters, wireless bridges, bridged clients, split bridges on different subnets. But, but, all I wanted to do is be able to read my e-mail on the toilet!

I opted for what seemed like the most straightforward solution, a Wireless Distribution System (WDS) configuration. It’s not the fastest or most secure way of extending a WAN, but the instructions for configuring it in OpenWRT were short and simple. One major downside to WDS in its relatively limited encryption support, as mentioned on the OpenWRT Wiki and somewhat less cryptically (ha!) in the Wikipedia entry on WDS. The vanilla standard for WDS doesn’t support rotating keys, and is therefore limited to WEP encryption rather than the far more robust WPA. However, the Wiki said that the OpenWRT implementation supported WPA1 with pre-shared keys (PSK), a fact that was confirmed on various blogs. Since I was already using WPA-PSK on my main router, this seemed to be the way to go.

And it did go, most of the time. But the connection between the routers would occasionally drop, leaving the client with “limited connectivity” as Windows diplomatically put it. The problem could be easily fixed by just rebooting the 2nd router, so it was more of a nuisance than a stumbling block. However, since I already felt a little guilty about taking the easy way out with WDS, I took a crack at figuring out what was wrong. Googling “WDS” and “OpenWRT” merely confirmed that this combination worked well for most people. One page mentioned that you need to be sure that all the wireless settings exactly matched on the two routers (SSID, channel, wireless mode, key, ec.). OpenWRT actually has a lot of wireless LAN settings, some of which are little known and little used, but I checked all of the things that seemed to be important. I found a few minor discrepancies (like the time zone) and one major one (the wireless mode was mixed on one router and G on the other), but fixing these settings didn’t fix the problem.

After putting up with this arrangement for a few months, and after the connection had a particularly shaky Saturday, I decided to try switching back to WEP instead of WPA for encryption. WEP has long been considered crackable so I hadn’t used it in years, but it was one obvious and important setting that I hadn’t tried changing. Sure enough, it is now 2 weeks later and my WDS configuration has been steady as a rock.

So, having publicly confessed to using WEP, I have to decide whether to let roving bands of wardrivers snoop on my online washroom activities, switch back to WPA and reacquaint myself with the router’s power cord, or figure out what the heck a split bridge is and whether I want one.

While I’m writing about OpenWRT and the WRT54G, I should mention an excellent but apparently overlooked resource, “Linksys WRT54G Ultimate Hacking”, written by Paul Asadoorain and Larry Pesce and published by Syngress. While there are hundreds of web sites that cover pretty much every facet of the WRT54G hardware and OpenWRT software, it can be hard to know where to start. WRT45G Ultimate Hacking does a great job of documenting the hardware design of the router, various step-by-step procedures for installing OpenWRT (and its cousin DD-WRT) and doing the initial configuration. This is a book written by geeks for geeks, so it describes in loving detail the process of configuring OpenWRT from the command line as a DHCP server, a DNS server, even a Samba server. Then it (grudglingly, I think) mentions that there’s also a web interface for doing these things before launching into a chapter of “Fun Projects” like wardriving and running Asterisk on your WRT54G for VOIP. Later chapters get you into even more fun (and perhaps deep trouble) by giving step-by-step instructions on how you can install software on OpenWRT for password sniffing (feel free to use my wimpy WEP-protected for practice), or open up your WRT54G and solder in an SD card reader.

My only complaint about the book is that it doesn’t cover some of the more common usages of the router, such as configuring your router’s Internet connection, setting up a firewall, or (ahem) using a second router to extend your home WAN. Perhaps the authors figured that, having shown us the web interface, us geeks could figure the hum-drum stuff out for ourselves.