Setting up SSH and OpenVPN on Netgear WNDR4300

Introduction
Unknown to many, the official Netgear WNDR4300 firmware is based on OpenWrt. The procedure described here involves making use of the OpenWrt repos to have openvpn up and running. It also involves recompiling the official firmware. So, this is certainly not for the faint hearted and expects you to have a good knowledge of Linux.

Stock Firmware Info
From the file /etc/banner on the router (I will tell later how you can telnet to the router), it is clear that stock firmware is based on OpenWrt kamikaze (bleeding edge, r18571). Based on http://wiki.openwrt.org/about/history, the closest available stable release is Kamikaze 8.09.2 r18801, released in 2010 January. Also, as there is a file /lib/ar71xx.sh in the stock firmware, it indicates that the arch is ar71xx.

Stock Firmware Compilation And Installation

For stock firmware source compilation, it is recommended to use Ubuntu 10.04 (server edition) as the official firmware binary has been compiled on Ubuntu 10.04.1 (Server) with gcc 4.1.3. So, download and install Ubuntu 10.04 (you can use a VM as it is more convenient).

After installing Ubuntu 10.04 for building the firmware, install build dependencies.

$ sudo apt-get install gcc-4.1 g++-4.1 libncurses-dev zlib1g-dev gawk flex
$ cd /usr/bin
$ sudo ln -s gcc-4.1 gcc
$ sudo ln -s g++-4.1 g++
$ sudo ln -s gcc cc

Netgear stock firmwares can be downloaded from http://kb.netgear.com/app/answers/detail/a_id/2649. Download and extract WNDR4300-V1.0.1.42_gpl_src.zip. You will also need WNDR4300-V1.0.1.30_gpl_src.zip for the toolchain.

$ unzip /path/to/WNDR4300-V1.0.1.42_gpl_src.zip
$ bunzip2 WNDR4300-V1.0.1.42_gpl_src.tar.bz2
$ tar -xvf WNDR4300-V1.0.1.42_gpl_src.tar
$ ls
README.build  wndr4300-GPL.git  wndr4300_gpl_source_list.txt  WNDR4300-V1.0.1.42_gpl_src.tar

Add init script wndr4300-GPL.git/target/linux/wndr4300/base-files/etc/init.d/startup with below content:
```
#!/bin/sh /etc/rc.common
START=99
start() {
  if [ -x /jffs/startup.sh ]; then
    /jffs/startup.sh
  fi
}
```
Also make the init script executable
```
$ chmod +x wndr4300-GPL.git/target/linux/wndr4300/base-files/etc/init.d/startup
```
Now, you can write any commands in /jffs/startup.sh and they will be executed whenever the router boots up.
Follow remaining instructions in README.build to finish the build.
The final image is "bin/WNDR4300-V1.0.1.42.img". Go to the Router Upgrade Page and upgrade to this newly built firmware.

Logging in to the router (using Telnet)
You can use the software at https://code.google.com/p/netgear-telnetenable/ to telnet to the router. The instructions for doing this are pretty straight forward.

OpenWrt wiki page http://wiki.openwrt.org/toh/netgear/telnet.console also mentions other ways of accessing the telnet console but I haven't tried them as netgear-telnetenable worked like a charm.

Setting up ipkg

wget, which is used by ipkg for downloading packages, is broken in the stock firmware. So, we need to download wget and dependent packages from http://downloads.openwrt.org/kamikaze/8.09.2/ar71xx/packages and install them. However, as wget is broken, I didn't know how to download the packages directly to the router. So, I downloaded them to my laptop, started a tftp server on my laptop, logged into the router, and using the tftp client transferred and installed the packages.
Setting up tftp server is out of the scope of this tutorial, but it is quite easy and you will find many tutorials on-line on how to do it.

$ python telnetenable.py <IP> <MAC> <Username> <Password>
BusyBox v1.4.2 (2013-12-26 18:08:07 UTC) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 KAMIKAZE (bleeding edge, unknown) ------------------
  * 10 oz Vodka       Shake well with ice and strain
  * 10 oz Triple sec  mixture into 10 shot glasses.
  * 10 oz lime juice  Salute!
 ---------------------------------------------------
root@WNDR4300:~# tftp -g -r libopenssl_0.9.8i-3.2_mips.ipk 
root@WNDR4300:~# ipkg install libopenssl_0.9.8i-3.2_mips.ipk
root@WNDR4300:~# tftp -g -r libopenssl_0.9.8i-3.2_mips.ipk 
root@WNDR4300:~# ipkg install wget_1.11.4-1_mips.ipk

Create /etc/ipkg.conf and update ipkg list.

root@WNDR4300:~# echo -e "dest root /jffs\nsrc openwrt http://downloads.openwrt.org/kamikaze/8.09.2/ar71xx/packages" > /etc/ipkg
root@WNDR4300:~# export PATH=/jffs/bin:/jffs/sbin:/jffs/usr/bin:/jffs/usr/sbin:$PATH
root@WNDR4300:~# ipkg update

Installing SSH

Now, you can install SSH from OpenWrt Kamikaze repos.
```
root@WNDR4300:~# ipkg install openssh-server
```
As a matter of fact, you can install any of the packages in http://downloads.openwrt.org/kamikaze/8.09.2/ar71xx/packages/ and they should most probably work.

Kindly note that the binaries and libraries are installed to /jffs partition and not /, as we we have configured the same in /etc/ipkg.conf (dest root /jffs). We did this so that the files persist when we reboot the router. So, to accommodate this, you will have to modify /jffs/etc/init.d/sshd accordingly. Here is the modified script.

#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
START=50

start() {
        for type in rsa dsa; do {
                # check for keys
                key=/jffs/etc/ssh/ssh_host_${type}_key
                [ ! -f $key ] && {
                        # generate missing keys
                        [ -x /jffs/usr/bin/ssh-keygen ] && {
                                /jffs/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&- && exec /etc/rc.common "$initscript" start
                        } &
                        exit 0
                }
        }; done
        mkdir -p /var/empty
        chmod 0700 /var/empty
        /jffs/usr/sbin/sshd -f /jffs/etc/ssh/sshd_config
}

stop() {
        killall sshd
}

To start OpenSSH server:

root@WNDR4300:~# /jffs/etc/init.d/sshd start

Installing OpenVPN

Install OpenVPN using ipkg
```
root@WNDR4300:~# ipkg install openvpn
```
Dump your config file (ex. amaram.vpn.conf) in /jffs/etc/openvpn/ directory.

For OpenVPN, I preferred to start it directly and avoid calling the openvpn init.d script.

root@WNDR4300:~# LD_LIBRARY_PATH=/jffs/usr/lib /jffs/usr/sbin/openvpn --daemon --cd /jffs/etc/openvpn --config amaram.vpn.conf --log /tmp/openvpn.log

You might need to modify iptables rules whenever openvpn starts. This can be achieved by passing the --route-up option to the openvpn binary with argument as path to the script containing the firewall rules to be executed whenever a tunnel is established.

Configuring the launch script
We finally have to write the /jffs/startup.sh script to automate setting up of ipkg and starting ssh and openvpn servers whenever the router reboots. Here is the content of /jffs/startup.sh script that I am using:

# Set PATH
echo "export PATH=/jffs/bin:/jffs/sbin:/jffs/usr/bin:/jffs/usr/sbin:\$PATH" >> /etc/profile

# Set LD_LIBRARY_PATH
echo "export LD_LIBRARY_PATH=/jffs/usr/lib" >> /etc/profile

# Setup ipkg
echo -e "dest root /jffs\nsrc openwrt http://downloads.openwrt.org/kamikaze/8.09.2/ar71xx/packages" > /etc/ipkg.conf

# SSH authorized_keys
mkdir -p /tmp/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6emYnBS1NLG1j1HsuMb3X6nI0+jWrpRvjhBSuB9q4lOO4NpxNdgCiDd7+qoYGLd4fE7hy/GYN1TvXXuDtDZPnuIOg8XaRxZg5wSDZV0nRsDNKGH8NikGzvxGEI9KeqBNrl+iRLS/ipl0QRmLpNScwXWOW6h9eP+S7GaL6Y56YyL+uwuUg14ow2nA2YFYQKLRXM20EiEm4C419XknYHsIG16ix2AamrH1CGJrQCo0m6f1Kf5OUjX8gSQvaToaD2J5NFbdGfaykW/RvmQH+37PlVnfE24SVrZ0ylRHvnqMTgSE1ZQ54U/zAbRpwB3vpEQCdW/kNz/gLwzbUHW0yzEw+w== rahul@rahul-laptop" > /tmp/.ssh/authorized_keys

# Start SSH
/jffs/etc/init.d/sshd start

# Start openvpn
LD_LIBRARY_PATH=/jffs/usr/lib /jffs/usr/sbin/openvpn --daemon --cd /jffs/etc/openvpn --config amaram.vpn.conf --log /tmp/openvpn.log