WRTU54G » History » Revision 4
Revision 3 (laforge, 02/19/2016 10:47 PM) → Revision 4/11 (laforge, 02/19/2016 10:47 PM)
[[PageOutline]] = Information on the WRTU54G UMA TA = == Getting shell / console access == The easiest part is to flash a modified firmware image that removes the root password from the /etc/passwd file in the squashfs. You can then access the serial console and log in as root without password. == Changing the SEGW / GANC address == On the shell of the device, change to the /nv directory and edit the two lines in rc.conf for UMA_SGW and UMA_UNC to: {{{ UMA_SGW="my.segw.host.name" UMA_UNC="my.unc.host.name" }}} Then, use the {{{raaccess -a rc.conf}}} command to store the changes to flash and reboot the system. == Adding a new CA Certificate == While modifying the firmware, add your new CA root certificate in DER format to /ramdisk_copy/etc/kineto/ and then add the filename and path into a new line in /ramdisk_copy/etc/kineto/init_ike.cfg, like this: {{{ ike ca /etc/kineto/my_new_ca.der }}} == Enabling telnet == Using the toolchain included in the Linksys WRTU54G GPL release, you can cross-compile utelnetd for a compatible uclibc: {{{ ./utelnetd-0.1.11 $ make CC=mipsel-linux-gcc mipsel-linux-gcc -I. -pipe -DSHELLPATH=\"/bin/login\" -Wall -fomit-frame-pointer -c -o utelnetd.o utelnetd.c mipsel-linux-gcc -I. -pipe -DSHELLPATH=\"/bin/login\" -Wall -fomit-frame-pointer utelnetd.o -o utelnetd strip --remove-section=.comment --remove-section=.note utelnetd ./utelnetd-0.1.11 $ }}} You can then include this utelnted binary into the squashfs image to /usr/sbin/utelnted. Furthermore, you have to edit /etc/rc.d/rc.proprietary and change the line {{{ [ "`uname -ar | grep diag`" ] && /usr/sbin/utelnetd& }}} into {{{ usr/sbin/utelnetd& }}} to unconditionally start the telnet daemon at every boot. = Setting up a SEGW = == make sure your private key is not PKCS8 == The default CA.pl script of opensl generates private keys in PKCS#8 format, which is not supported by charon of OpenSWAN. you have to convert the PKCS#8 into raw RSA files like this: {{{ openssl pkcs8 -nocrypt < my_privatekey.pem > my_privatekey_raw.pem }}}