Supercharging Your Cheap Router with Enterprise Features
By Eric Geier (NoWiresSecurity Founder & Owner) - originally published on InformIT.com
You don't have to spend hundreds or thousands to get the enterprise features for your router. You can turn your cheap wireless G or N router into a Swiss Army networking tool: Use it as a repeater, mesh node, or a regular wireless access point (AP).
Plus you can use additional features to provide secure remote access, link your offices together, offer hotspot access, and much more.
You get this type of functionality by replacing the factory firmware of your router with third-party firmware. You don't replace or modify the hardware; you are just giving it a new brain—teaching it new tricks. Firmware consists simply of a few-megabyte file that you upload via the router's Web-based configuration screen or by using a transfer method like TFTP.
Once you've flashed the router with the new firmware, the router will have new Web-based configuration screens. The screens should be organized in a somewhat similar fashion to the factory GUI.
You should be able to easily change the general wireless and network settings. Then configuring some of the advanced features may require reviewing the FAQs, a Wiki, or any tutorials.
In the next few sections, you'll discover a few different replacement firmware projects.
DD-WRT seems to be the most popular, feature-rich, and updated replacement firmware out there. Its first versions were based on the Alchemy firmware from Sveasoft, another firmware developer I'll discuss.
Like similar projects, DD-WRT adds features that surpass what the hardware vendors offer in consumer-grade routers. However, DD-WRT also has a few features that other firmware projects don't offer, such as support for X86-based systems (PCs).
DD-WRT can operate in modes other than just a regular wireless access point (AP). These modes already give you much more flexibility over the hardware or routers and can be a money saver.
In Client mode, for example, it can connect to another Wi-Fi network to get an Internet connection and then share it (in a different subnet/network) to computers plugged into the router's Ethernet ports.
The Bridge mode is similar, but the DD-WRT router doesn't provide a segregated network; computers connected to its LAN ports will act just as if they were connected directly to the originating router or network router.
In Repeater mode, DD-WRT can take a Wi-Fi signal from another network or router and retransmit it. Plus it forwards any incoming traffic coming onto the source network or router. For example, if the signal on your network needs to go a little farther, you can put a DD-WRT router into Repeater mode. You'd position it somewhere between the source wireless router or access point (AP) and the client needing a betters signal. Then the client can connect to the repeater and DD-WRT can act as a middle man or repeater, wirelessly transmitting traffic to and from the client and network.
Other enterprise-type features in the open source firmware include the support of VLANs and virtual SSIDs. You can segregate traffic between different groups and offer varying types of wireless security. Quality of service (QoS) controls are included so you can better manage the network and Internet traffic, especially useful if you are hosting public access or have sensitive applications, such as VoIP or gaming.
This firmware replacement can also serve as a client or server for VPN connections via the OpenVPN or PPTP protocols. This gives remote users secure access to the network for file access or to simply encrypt Wi-Fi hotspot connections from local eavesdroppers. Plus if you have multiple locations or users working remotely at a certain spot, you can set up LAN-to-LAN or site-to-site VPN tunnels. That way, all the network locations can be tied together securely via the Internet.
This firmware project doesn't stop at the private network; it provides hotspot features as well. It can be turned into a simple hotspot with NoCatSplash, a more advanced system with Chillispot, or use the Sputnik management system. It's also possible to set up a router to offer both a public and private network.
DD-WRT also offers more remote administration features. It has an integrated server and client for both SSH and Telnet, ntop for remote statistics, and a site survey feature that shows details of nearby APs. They've added storage features as well, such as support for JFFS2, MMC/SD cards, USB, and Samba.
Using DD-WRT also gives you more freedom over the router. You can customize the startup, firewall, and shutdown scripts. See some examples here. You can also adjust the transmit power. (0-251mW, default is 28mW, 100mW is safe).
Sveasoft has created a few different firmware projects: Satori, Alchemy, and now Talisman. The newest firmware replacement offers a feature-set very similar to DD-WRT. There has been controversy over this organization for charging for access to their "open source" projects.
Right now Sveasoft is giving free access to people who register on its site for the basic firmware file. However, it still requires a $25-per-year subscription to download iyd other firmware files.
In addition to the free basic firmware, Sveasoft offers other premium firmware files specifically designed for hosting a hotspot, VPN (with IPSec support), mesh networking, and VoIP.
The replacement firmware called Tomato offers many of the same features that DD-WRT does, but it's a bit smaller, leaner, and simpler. It also has the different wireless modes.
This firmware includes the quality of service (QoS) controls and the site survey feature to show the signals and details of nearby APs. Plus it has a bandwidth usage monitor customization abilities.
Remember, flashing your devices with non-manufacturer firmware voids your factory warranty. So be careful when uploading the firmware and when making other sensitive changes. If you do brick your router (it becomes unresponsive), there might be a chance to relieve it.