|
Supercharging Your Cheap Router with Enterprise Features
By Eric Geier (NoWiresSecurity Founder
& CEO) - originally published on
InformIT.com
You don't have to spend hundreds or
thousands to get the enterprise features for your router. You can
turn your cheap wireless G or N router into a Swiss Army networking
tool: Use it as a repeater, mesh node, or a regular wireless access
point (AP).
Plus you can use additional features to provide secure remote
access, link your offices together, offer hotspot access, and much
more.
You get this type of functionality by replacing the factory firmware
of your router with third-party firmware. You don't replace or
modify the hardware; you are just giving it a new brain—teaching it
new tricks. Firmware consists simply of a few-megabyte file that you
upload via the router's Web-based configuration screen or by using a
transfer method like TFTP.
Once you've flashed the router with the new firmware, the router
will have new Web-based configuration screens. The screens should be
organized in a somewhat similar fashion to the factory GUI.
You should be able to easily change the general wireless and network
settings. Then configuring some of the advanced features may require
reviewing the FAQs, a Wiki, or any tutorials.
In the next few sections, you'll discover a few different
replacement firmware projects.
DD-WRT
DD-WRT seems to be the most popular,
feature-rich, and updated replacement firmware out there. Its first
versions were based on the Alchemy firmware from Sveasoft, another
firmware developer I'll discuss.
Like similar projects, DD-WRT adds features that surpass what the
hardware vendors offer in consumer-grade routers. However, DD-WRT
also has a few features that other firmware projects don't offer,
such as support for X86-based systems (PCs).
DD-WRT can operate in modes other than just a regular wireless
access point (AP). These modes already give you much more
flexibility over the hardware or routers and can be a money saver.
In Client mode, for example, it can connect to another Wi-Fi network
to get an Internet connection and then share it (in a different
subnet/network) to computers plugged into the router's Ethernet
ports.
The Bridge mode is similar, but the DD-WRT router doesn't provide a
segregated network; computers connected to its LAN ports will act
just as if they were connected directly to the originating router or
network router.
In Repeater mode, DD-WRT can take a Wi-Fi signal from another
network or router and retransmit it. Plus it forwards any incoming
traffic coming onto the source network or router. For example, if
the signal on your network needs to go a little farther, you can put
a DD-WRT router into Repeater mode. You'd position it somewhere
between the source wireless router or access point (AP) and the
client needing a betters signal. Then the client can connect to the
repeater and DD-WRT can act as a middle man or repeater, wirelessly
transmitting traffic to and from the client and network.
Other enterprise-type features in the open source firmware include
the support of VLANs and virtual SSIDs. You can segregate traffic
between different groups and offer varying types of wireless
security. Quality of service (QoS) controls are included so you can
better manage the network and Internet traffic, especially useful if
you are hosting public access or have sensitive applications, such
as VoIP or gaming.
This firmware replacement can also serve as a client or server for
VPN connections via the OpenVPN or PPTP protocols. This gives remote
users secure access to the network for file access or to simply
encrypt Wi-Fi hotspot connections from local eavesdroppers. Plus if
you have multiple locations or users working remotely at a certain
spot, you can set up LAN-to-LAN or site-to-site VPN tunnels. That
way, all the network locations can be tied together securely via the
Internet.
This firmware project doesn't stop at the private network; it
provides hotspot features as well. It can be turned into a simple
hotspot with NoCatSplash, a more advanced system with Chillispot, or
use the Sputnik management system. It's also possible to set up a
router to offer both a public and private network.
DD-WRT also offers more remote administration features. It has an
integrated server and client for both SSH and Telnet, ntop for
remote statistics, and a site survey feature that shows details of
nearby APs. They've added storage features as well, such as support
for JFFS2, MMC/SD cards, USB, and Samba.
Using DD-WRT also gives you more freedom over the router. You can
customize the startup, firewall, and shutdown scripts. See some
examples here. You can also adjust the transmit power. (0-251mW,
default is 28mW, 100mW is safe).
Sveasoft
Sveasoft has created a few different
firmware projects: Satori, Alchemy, and now Talisman. The newest
firmware replacement offers a feature-set very similar to DD-WRT.
There has been controversy over this organization for charging for
access to their "open source" projects.
Right now Sveasoft is giving free access to people who register on
its site for the basic firmware file. However, it still requires a
$25-per-year subscription to download iyd other firmware files.
In addition to the free basic firmware, Sveasoft offers other
premium firmware files specifically designed for hosting a hotspot,
VPN (with IPSec support), mesh networking, and VoIP.
Tomato
The replacement firmware called Tomato
offers many of the same features that DD-WRT does, but it's a bit
smaller, leaner, and simpler. It also has the different wireless
modes.
This firmware includes the quality of service (QoS) controls and the
site survey feature to show the signals and details of nearby APs.
Plus it has a bandwidth usage monitor customization abilities.
Be Careful!
Remember, flashing your devices with
non-manufacturer firmware voids your factory warranty. So be careful
when uploading the firmware and when making other sensitive changes.
If you do brick your router (it becomes unresponsive), there might
be a chance to relieve it. |
