Installation
Installing EarthLink R&D modified firmware on a WRT54G:
1) Download the firmware
------------------------
https://www.research.earthlink.net/ipv6/download/
Both a gzip'ed tarball and a ZIP archive are available.
This tarball/archive contains:
client - A bare-bones telnet replacement for accessing the
WRT54G via command line. Versions built for Linux, FreeBSD,
Mac OSX, Solaris, and Windows XP (using the Cygwin environment)
are included.
Source to the client program (Makefile, client.c, md5.c, md5.h).
code.bin - The actual firmware image.
2) Download a known good image from Linksys
-------------------------------------------
To provide an avenue for backing out in the event something goes
wrong, it is recommended that known, good firmware image be
downloaded from Linksys. Firmware images may be downloaded from:
ftp://ftp.linksys.com/pub/network
As of 4/19/2005 the most current version is WRT54GV3.0_3.03.6_US_code.zip
3) Unpack the archive
---------------------
Windows users should use WINZIP (or some similar utility) to unpack
the ZIP archive. Linux / Unix users should use gunzip and tar or
gnutar. The command would look something like this:
gzip -dc wrt54g-eln-latest.tar.gz | tar -xf -
If your 'tar' program is gnutar, this may be used:
tar -xzf wrt54g-eln-latest.tar.gz
4) Flash your WRT54G with the new firmware image
------------------------------------------------
- Bring up a browser and connect to http://192.168.1.1/
Default password on a brand new WRT54G is 'admin'.
- Click on 'Administration'
- Click on 'Firmware Upgrade'
- Enter the full pathname to the 'code.bin' file extracted
from the tarball. NOTE: The web interface seems to require
that the file be named code.bin. Or at least it requires
that the filename have the '.bin' extension.
- Click 'Upgrade'
- BE PATIENT! See all those warnings in red? They mean it!
But don't worry: Even if you *do* manage to turn it into an
'electric rock', it is recoverable. Consult the FAQ
for more information.
5) Enter IPSEC username / password
----------------------------------
- Click on Setup
- Click on Advanced Routing
- Down at the bottom of the page enter the following values:
IPSec username: (email address goes here)
IPSec password: (password goes here)
IPSec tunnel endpoint: 209.179.5.34
NTP Server: 207.69.131.205
(This may be any valid NTP server)
- Click 'Save Settings'.
6) Reboot the WRT54G
--------------------
At this point it is recommended that the box be rebooted.
The box may be unplugged briefly and plugged back in;
the reset button on the back may be pressed; or click on
'Status' then click on the 'Reboot' button.
7) Seeing if it's working
-------------------------
Use the 'client' program to login via commandline. Windows XP
users may need to install Cygwin first (see Post Installation
Issues below).
client 192.168.1.1
(the password is the same as via the web interface)
Type this command: ip -6 addr show dev br0
Two IPv6 addresses should be displayed: one that starts with
'fe80:' and one that starts with '2001:'.
Type this command: ip -6 route show
There are two important lines to look for: a line that starts
with '2001:' and the 'default' route down at the bottom.
At startup time, a file named /tmp/config.out is generated
when the IPv6 / IPSEC functionality is initialized. Normal
output looks like this:
Running config.sh check at Thu Feb 17 11:24:48 UTC 2005
Default interface: vlan1
Default route: 4.8.224.1
My IP: 4.8.227.79
Mask : 255.255.240.0
002 added connection description "cisco"
002 listening for IKE messages
002 adding interface ipsec0/vlan1 4.8.227.79
002 loading secrets from "/etc/ipsec.secrets"
002 "cisco" #1: initiating Aggressive Mode #1, connection "cisco"
112 "cisco" #1: STATE_AGGR_I1: initiate
003 "cisco" #1: ignoring Vendor ID payload [Cisco-Unity]
003 "cisco" #1: ignoring Vendor ID payload [Dead Peer Detection]
003 "cisco" #1: ignoring Vendor ID payload [9d7a678fe4d96ba2...]
003 "cisco" #1: ignoring Vendor ID payload [XAUTH]
003 "cisco" #1: WARNING: protocol/port in Phase 1 ID Payload should be 0/0 or 17/500 but are 17/0
002 "cisco" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '209.179.5.34'
003 "cisco" #1: WARNING: protocol/port in Phase 1 ID Payload should be 0/0 or 17/500 but are 17/0
002 "cisco" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '209.179.5.34'
002 "cisco" #1: sent AI2, ISAKMP SA established
004 "cisco" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established
002 "cisco" #2: initiating Quick Mode PSK+AUTHENTICATE+PFS+DISABLEARRIVALCHECK+AGGRESSIVE
117 "cisco" #2: STATE_QUICK_I1: initiate
003 "cisco" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
002 "cisco" #2: sent QI2, IPsec SA established
004 "cisco" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
No IPv6 prefix delegated yet. Sleeping 10 seconds...
2001:470:115:f000:20f:66ff:fe47:48d0/64
IPv6 startup complete.
8) Enable "boot_wait"
---------------------
This step makes it MUCH easier to recover a WRT54G to a known good
state in case something should ever go horribly awry during a
firmware upgrade.
Log into the WRT54G command line via the 'client' program as in step
6 above. Enter these commands:
nvram set boot_wait=on
nvram commit
This setting provides a roughly 10-15 second window of opportunity
to download a firmware image via TFTP during power-on. Details
on how to make use of this feature are provided in the FAQ.
Post Installation Issues
------------------------
Windows XP users will need to install the Cygwin subsystem to use
the 'client' utility for accessing the WRT54G commandline. Details
may be found at
http://www.cygwin.com/
Further, we use a special 'patch' of Cygwin which adds IPv6
support. Details may be found at:
http://win6.jp/Cygwin/