This page describes my experiences with the Linksys E3000 dual-band wireless router. I'm experimenting to discover how to make an embedded device like this work for various useful purposes.
Why an E3000?
The affordable E3000 provides a solid platform than can accomplish a wide variety of tasks. There are recent, stable versions of both Tomato and DD-WRT firmware for it.
Here are some feature highlights:
- 480MHz Broadcom CPU
- 8MB ROM
- 64MB RAM
- 60K NVRAM
- two radios
- 300mbps WLAN
- gigabit Ethernet
- a USB (2.0) port
One attractive feature of the E3K is that they're all the same version, so the one you find will automatically be the right version.
The E3000 was a fully-developed design when it was released. It's the same hardware as its predecessor, the WRT610N v2, except the E3000 has more usable NVRAM, 60K instead of 32K. So essentially it's a "WRT610N v2.1".
The E3000 is discontinued, but Cisco made a lot of them so you can typically find a reasonably-priced used one.
Third-Party Firmware: DD-WRT
For security and other reasons, I want to use a relatively recent firmware build. Based on the wiki page a certain recent "Kong build"
is was recommended for the E3000. The source of that information appears to be this discussion thread. The Kong-customized build has been updated in April of 2014, and again in June. The April update is covered in (this discussion thread).
Safely moving from the stock firmware to our desired build means we will flash firmware into the router three times.
- E3000 Trailed Initial Flash Build
- A more-recent E3000-specific "Mini" build (stepping-stone flash)
- The desired Kong VPN build
Flashing the Trailed Initial Flash Build
The Trailed Initial Flash Build is a basic copy of DD-WRT that's considered safe and stable for the E3000 router.
Flashing the Interim Router-Specific Build
The safe and proper way to switch to a specific SVN build of DD-WRT is to flash the device-specific "Mini" build first. Paraphrasing from the wiki page,
A mini build that works appears to be dd-wrt.v24-21676_NEWD-2_K2.6_mini-e3000.bin.
Yes, it takes a while to RESET/FLASH/RESET/CONFIGURE. This stuff requires a bit of patience.
Flashing the Kong VPN build
The final flash is the r22000++ Kong build, usb-ftp-samba3-vpn-nv60k-broadcom.bin. This (Kong-modified) build of dd-wrt has a stellar reputation for speed and reliability. It's updated to fix the Heartbleed SSL vulnerability and a some other fixes.
Now it's time to experiment with DD-WRT firmware on a real router rather than the online dd-wrt demo version. :-)
DD-WRT Setup From Factory Defaults
<Full "30/30/30 reset"> <Wired connection on LAN port, WAN port empty> <DHCP assigns your computer an IP address> <Browse to '''http://192.168.1.1/''' default dd-wrt login page> Set router admin name: e3kadmin (importantly not: admin or root) Set Router admin password: somegoodpassword Enable wireless encryption. Wireless - Wireless Security - wl0 Security Mode: WPA2 Personal WPA Algorithms: AES WPA Shared Key: This is more than twenty characters. Wireless - Wireless Security - wl1 Security Mode: WPA2 Personal WPA Algorithms: AES WPA Shared Key: This is more than twenty characters. <Apply Settings> Set the router name and time zone. Setup - Basic Setup Router Name:e3k-nnnn (unique, where nnnn is last four #'s in SN) Time Zone UTC - 7:00, No DST (Arizona settings) Would use "2nd Sun March - First Sun Nov" if AZ had DST Time Server Name: north-america.pool.ntp.org <Apply Settings> Set the wireless settings for both radios. Wireless - Basic Settings - wl0 [2.4 GHz] Wireless Network Mode: NG Mixed Change SSID to: unknown Change Wireless Channel: auto (the best channel choice will vary) Wireless - Basic Settings - wl1 [5 GHz] Wireless Network Mode: N-Only Change SSID to: unknown5 Change Wireless Channel: auto (the best channel choice will vary) <Apply Settings> Set transmit power for the wireless radios. Wireless - WL0-Advanced Set TX Power to 56 (specific for e3000) <Apply Settings> Wireless - WL1-Advanced Set TX Power to 56 (specific for e3000) <Apply Settings> Set the router to reboot itself weekly (helps extra-long-term reliability) Administration - Keep Alive - Schedule Reboot Check Enable Set the day and time (e.g. 3:45 Sunday) <Apply Settings>
These settings are adequate for for a typical home network. There are a few simple security enhancements you may wish to apply.
If you want more security you can reduce information disclosure and switch to encrypted router administration with these settings.
Switch from telnet to SSH for command-line access. Services - Services Enable SSHd Disable Telnet <Apply Settings> Switch from HTTP to HTTPS for web administration. Turn off the default viewable router information. Administration - Management - Web Access Disable HTTP and enable HTTPS Check: Info Site Password Protection <Apply Settings>
After you make these changes you'll need to remember to use HTTPS protocol when you request the web interface. The address you need to type into your browser's location bar (address bar) will change.
You'll also need to use an SSH (Secure SHell) client program - such as PuTTY for Windows - rather than a telnet client for command-line access.
Third-Party Firmware: Tomato
Tomato firmware has always been a favorite of mine. I've deployed lots of Tomato-driven routers that are all just silently doing their job day in and day out.
Tomato's emphasis seems to bee different from that of DD-WRT. DD-WRT sports a huge number of available features and runs on a wide variety of supported devices. Tomato, on the other hand, runs on far fewer devices and does fewer things, but the things Tomato does are done very well.
Tomato is also well-documented. http://en.wikibooks.org/wiki/Tomato_Firmware/Menu_Reference
An online Tomato demo: Virtual Tomato RAF
Tomato by Shibby is outstanding. Must try on e3k. http://tomato.groov.pl/download/K26/build5x-121-EN/ My Tomato Setup Guide
[to be continued...]
OptWare is packaged software for embedded Linux devices. Hundreds of OptWare packages are available.
[to be continued...]