28th February 2013

OpenWRT on TL-WR841N

The OpenWRT documentation for this device is not bad: the most important point is to detect the hardware version of the device (8.2 in my case), and find the associated information -which at the moment does not exist-. But by checking the documentation on other existing versions, is easy to follow some hints and download and install the correct version.

First naive install

I discovered that my version was 8.2 and after some wandering I downloaded the most updated version: http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin, and installed it via the basic firmware upgrade in the original web interface from TP-Link.

On reboot, I was unable to access the original web interface in 192.168.1.1, but a telnet 192.168.1.1 quickly allowed entering the console terminal. As soon as a password in provided, telnet is disabled and ssh got enabled.

LUCI is the package required to include a web interface, which is installed in pseudo debian style:

opkg update
opkg install luci
/etc/init.d/uhttpd enable
/etc/init.d/uhttpd start

Once the uhttpd daemon is running, accessing http://192.168.1.1 on the web browser renders already some useful web pages to reconfigure the router. Time to install now openvpn:

opkg install openvpn

But this fails. No such package available; the alternative is to install openvpn-nossl (or the ssl variant), but it is just too much for this router: it only has 4 Mb flash memory, and that is barely enough for openWrt.

Uninstalling LUCI is still insufficient. But there is an alternative: to compile openpnv support directly into the image (installing packages afterwards take much more memory, as the image is kept compressed on memory). Fortunately, the OpenWRT people has done a great job at simplifying the compilation and creation of new images (and the documentation is in fact very good).

Build own OpenWRT image

To compile the image, it is needed a case sensitive file system, so I did the compilation in Linux, following mostly the information found on the OpenWrt wiki and on this blog entry.

#get the source code
svn co svn://svn.openwrt.org/openwrt/branches/attitude_adjustment

cd attitude_adjustment

#update feeds (information on available source code)
./scripts/feeds update -a

#include openpnv
./scripts/feeds install openvpn

#select packages to include on the image
make menuconfig
    #Target system: Atheros AR7xxx/AR9xxx
    #Subtarget: generic
    #Target profile: TP-LINK TL-WR841ND/N
    #Network: choose VPN, then openvpn AND openvpn-easy-rsa (both *, not just M)
    #ensure that in kernel modulkes, chriptography, kmdo-crypto-manager is selected

#produce now the configuration file
make defconfig

#compile it
make -j 5 #on a N ore machine, use N+1

Done, the image is created; it is possible -and recommendable- to list the differences with the default configuration, by doing:

./scripts/diffconfig.sh > customConfig

My customConfig file looks like:

CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_TLWR841=y
CONFIG_OPENVPN_DISABLE_EUREPHIA=y
CONFIG_OPENVPN_DISABLE_MANAGEMENT=y
CONFIG_PACKAGE_kmod-crypto-hash=y
CONFIG_PACKAGE_kmod-crypto-manager=y
CONFIG_PACKAGE_kmod-ledtrig-usbdev=y
CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-tun=y
CONFIG_PACKAGE_kmod-usb-core=y
CONFIG_PACKAGE_kmod-usb-ohci=y
CONFIG_PACKAGE_kmod-usb2=y
CONFIG_PACKAGE_liblzo=y
CONFIG_PACKAGE_libopenssl=y
CONFIG_PACKAGE_openssl-util=y
CONFIG_PACKAGE_openvpn=y
CONFIG_PACKAGE_openvpn-easy-rsa=y
CONFIG_PACKAGE_uboot-ar71xx-nbg460n_550n_550nh=y
CONFIG_PACKAGE_zlib=y

As this blog entry explains: to update later the image, get the new defconfig, append the customConfig file to .config and run make oldconfig.

The process above creates the images in bin/ar71xx. I needed to load fully the image, so I required the file openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin. Note: as you can see, this image takes already almost the full 4 Mb available in this device!

Time to update again the router's firmware, now from the command line. The first point is to upload the image to the router (I did it running a web server using node.js on my images directory, then using wget), and afterwards enter:

mtd -r write /tmp/new_image.bin firmware

Done! Router ready to go purely barebones with just openvpn built in; no web access at all. Before setting up openvpn, I changed the configuration to have multiple vlans.