WRTU54G » History » Version 5
laforge, 02/19/2016 10:47 PM
1 | 1 | laforge | [[PageOutline]] |
---|---|---|---|
2 | = Information on the WRTU54G UMA TA = |
||
3 | |||
4 | == Getting shell / console access == |
||
5 | |||
6 | The easiest part is to flash a modified firmware image that removes the root password from the /etc/passwd file in the squashfs. |
||
7 | |||
8 | You can then access the serial console and log in as root without password. |
||
9 | |||
10 | == Changing the SEGW / GANC address == |
||
11 | |||
12 | On the shell of the device, change to the /nv directory and edit the two lines in rc.conf for UMA_SGW and UMA_UNC to: |
||
13 | {{{ |
||
14 | UMA_SGW="my.segw.host.name" |
||
15 | UMA_UNC="my.unc.host.name" |
||
16 | }}} |
||
17 | |||
18 | 3 | laforge | Then, use the {{{raaccess -a rc.conf}}} command to store the changes to flash and reboot the system. |
19 | 2 | laforge | |
20 | |||
21 | == Adding a new CA Certificate == |
||
22 | |||
23 | While modifying the firmware, add your new CA root certificate in DER format to /ramdisk_copy/etc/kineto/ and then add the filename |
||
24 | and path into a new line in /ramdisk_copy/etc/kineto/init_ike.cfg, like this: |
||
25 | {{{ |
||
26 | ike ca /etc/kineto/my_new_ca.der |
||
27 | 1 | laforge | }}} |
28 | 3 | laforge | |
29 | 5 | laforge | Furthermore, edit /etc/rc.d/init.d/umaset and /etc/rc.d/init.d/RJ11_recovery to each include a line like this: |
30 | {{{ |
||
31 | echo "ike ca /etc/kineto/my_new_ca.der" >> $IKE_CONF |
||
32 | }}} |
||
33 | 3 | laforge | |
34 | == Enabling telnet == |
||
35 | |||
36 | Using the toolchain included in the Linksys WRTU54G GPL release, you can cross-compile utelnetd for a compatible uclibc: |
||
37 | {{{ |
||
38 | ./utelnetd-0.1.11 $ make CC=mipsel-linux-gcc |
||
39 | mipsel-linux-gcc -I. -pipe -DSHELLPATH=\"/bin/login\" -Wall -fomit-frame-pointer -c -o utelnetd.o utelnetd.c |
||
40 | mipsel-linux-gcc -I. -pipe -DSHELLPATH=\"/bin/login\" -Wall -fomit-frame-pointer utelnetd.o -o utelnetd |
||
41 | strip --remove-section=.comment --remove-section=.note utelnetd |
||
42 | ./utelnetd-0.1.11 $ |
||
43 | }}} |
||
44 | |||
45 | You can then include this utelnted binary into the squashfs image to /usr/sbin/utelnted. |
||
46 | |||
47 | Furthermore, you have to edit /etc/rc.d/rc.proprietary and change the line |
||
48 | {{{ |
||
49 | [ "`uname -ar | grep diag`" ] && /usr/sbin/utelnetd& |
||
50 | }}} |
||
51 | into |
||
52 | {{{ |
||
53 | usr/sbin/utelnetd& |
||
54 | }}} |
||
55 | to unconditionally start the telnet daemon at every boot. |
||
56 | 4 | laforge | |
57 | = Setting up a SEGW = |
||
58 | |||
59 | == make sure your private key is not PKCS8 == |
||
60 | |||
61 | The default CA.pl script of opensl generates private keys in PKCS#8 format, which is not supported |
||
62 | by charon of OpenSWAN. you have to convert the PKCS#8 into raw RSA files like this: |
||
63 | {{{ |
||
64 | openssl pkcs8 -nocrypt < my_privatekey.pem > my_privatekey_raw.pem |
||
65 | }}} |