Recently, I've been having some issues with dd-wrt on my Linksys wrt-1200ac router. I'm not certain if there is a bug with the firmware or if there is something wrong with the router itself. After flashing the router, it would work great anywhere between a day to a week before not being able to access the internet or becomes unresponsive. The only way that I was able to fix it was by doing a factory restore, which means I had to reconfigure my router. The first time wasn't so bad, but it got old pretty quick.
While I was aware of the ability to connect to the router using ssh, I usually had that turned off because the less services running, the better. Getting sick of going through each page and remembering what I had set prior, I figured it would be easier and quicker to write a script that does it for me.
nvram Command
When you access the router using the web interface, each form element on the page corresponds to a variable stored in nvram. There are a few exceptions to that, one of them being the Local IP Address that is found under Network Setup -> Setup -> Basic Setup. The Local IP Address has one input field for each of the four octets. They are lan_ipaddr_0, lan_ipaddr_1, lan_ipaddr_2, and lan_ipaddr_3. The values from those four input fields are stored in nvram as lan_ipaddr. Radio buttons, checkboxes, and select fields may be stored as either a number or string. To find out where and how the value is being stored, inspect the element using any browsers' development tools. With that said, you can now change those values using the nvram.
After flashing or doing a factory reset, log into the router and go to the Services tab and look for SSHd. Click the radio button that says Enable. If possible, leave the ability to log in using a password disabled, and paste your public key into the Authorized Keys text area. Click Apply Settings and wait. Once the page is finished reloading, you can log in using ssh.
Info: You can also run commands from the web interface under Administration -> Commands
Note: When logging in via ssh, use the user name "root" with the admin password.
The nvram command is very basic, only offering you to see everything in NVRAM, setting, unsetting, erasing, and committing variables.
nvram show
nvram show | grep 192.168.1.1
nvram get lan_ipaddr
nvram set lan_ipaddr="192.168.101.1"
nvram unset static_leases
nvram commit
erase nvram
nvram erase
Configuring the Router
The following script configures the basics, e.g., connection type, router name, lan IP, DNS, etc.
#!/bin/ash # The name of your router. nvram set router_name="dd-wrt" nvram set wan_hostname="hostname-assigned.by.your-isp.tld" nvram set wan_domain="your-isp.tld" # IP address that you want your router to have. nvram set lan_ipaddr="192.168.1.100" # Netmask of your network nvram set lan_netmask="255.255.255.0" # Typically, this is going to be '0.0.0.0' but you may need to configure a different gateway depending on your setup. nvram set lan_gateway="0.0.0.0" # If you're running a DNS server elsewhere on the network. Normally this is left as is. nvram set sv_localdns="0.0.0.0" # DHCP forwarding nvram set dhcpfwd_enable=0 # How computers get their IP address, either 'dhcp' or 'static' nvram set lan_proto=dhcp # What address should the DHCP server start at when assigning them to clients. nvram set dhcp_start=100 # How long the DHCP lease is good for. nvram set dhcp_lease=1440 # Typically this is set as "0.0.0.0 0.0.0.0 0.0.0.0", which means it gets assigned by your ISP. # "1.1.1.1 1.0.0.1 10.0.0.0" is only using CloudFlare's DNS. Since CloudFlare only has two DNS servers, the last is set to an invalid address # to prevent the ISP's from being assigned as a third. nvram set wan_dns="1.1.1.1 1.0.0.1 10.0.0.0" # Network Time. nvram set ntp_enable=1 # Set your timezone here. nvram set time_zone="America/Chicago" # Time server to use. nvram set ntp_server="time.nist.gov" # Wireless # Sets the mode of the first wireless interface card. nvram set ath0_mode="ap" # Sets which mode the interface should use, such as A Only, NA Only, N Only, etc. nvram set ath0_net_mode="mixed" # Wireless channel width nvram set ath0_channelbw=20 # Specify which channel you want the interface card to use. nvram set ath0_channel=0 # Name of the wireless network nvram set ath0_ssid="wireless-2.4" # Whether or not to broadcast the network's presence. nvram set ath0_closed=0 # Whether or not the wireless network should be separated from the wired network. nvram set ath0_ap_isolate=0 # Security method (WEP, WPA, WPA2, WPA2 Personal, WPA2 Enterprise, etc) nvram set ath0_security_mode="psk wpa2" # Encryption to use nvram set ath0_crypto=aes nvram set ath0_wpa_psk="supersecretpassword" # Sets the mode of the second wireless interface card. nvram set ath1_mode="ap" # Sets which mode the interface should use, such as A Only, NA Only, N Only, etc. nvram set ath1_net_mode="mixed" # Wireless channel width nvram set ath1_channelbw=20 # Specify which channel you want the interface card to use. nvram set ath1_channel=0 # Name of the wireless network nvram set ath1_ssid="wireless-2.4" # Whether or not to broadcast the network's presence. nvram set ath1_closed=0 # Whether or not the wireless network should be separated from wired clients. nvram set ath1_ap_isolate=1 # Security method (WEP, WPA, WPA2, WPA2 Personal, WPA2 Enterprise, etc) nvram set ath1_security_mode="psk wpa2" # Encryption to use nvram set ath1_crypto=aes nvram set ath1_wpa_psk="supersecretpassword"
Caution: I have never personally seen a router have anything different than athX. If the router names the radios differently then adjust accordingly.
There are four ways to run the script.
- Copy and paste it into the web interface.
- SSH into the router, and pate it into the terminal.
Warning: Depending on the program being used to access the router, there may be a limit on the length of characters. Also, make sure there are no carriage returns or line feeds sneaking when copying the command.
- Upload the script and run it.
scp router-setup.sh root@192.168.1.100:/tmp/root ssh root@192.168.1.100 ash router-setup.sh
- Run the script remotely.
ssh root@192.168.1.100 "ash" < router-setup.sh
Resources