How to install OpenWRT to TP-Link WR841ND

Goal:

To install content filtering, Open VPN client, firewall and statistics
services to router.

TP-Link WR841ND holds only 4Mb of flash memory (but 32mb of ram) so only option to install
firewall, DansGuardian, bandwith monitoring & sharing, Snort etc. software is to somehow
add more space to a router that doesn’t have USB ports. So how can we do that? We mount
NFS share from NAS e.g. After that we have enought room to install basicly anything. Well
why to do this than? To create a good firewall, content filtering & bandwith sharing system
among other thins.

Purpose of this document is to serve as a tutorial for people who are trying to achieve something
similar to this. This ‘article’ hopefully helps someone to set / tweak their system. The OpenWRT
I used when installing this is bleeding edge, r26936, binary installation packages and installation
how-to’s can easily be found with google. But in short, connect to original user web GUI and login in and
go to firmware update page and use openwrt-ar71xx-generic-tl-wr841nd-v7-squashfs-factory.bin image. That
should to it, but better check the installation procedure via google.

Firstboot:

• Default IP-address for OpenWRT is 192.168.1.1 so change your network adapter IP-address to 192.168.1.2 e.g
  and change mask to 255.255.255.0 before booting fresh OpenWRT box. No need to change gateway. Keep in mind that
  if your network is 192.168.1.0/24, you may have IP-conflicts.
• Now power up your OpenWRT box and after system light (symbol above it looks like a gear) blinks for the first
  time, press QSS button on the WR841ND and follow system light. After system light starts to blink faster,
  you can let go from the QSS-button. This mode is called ‘recovery mode’.
• Open telnet client (e.g. putty) and check telnet as a protocol and type 192.168.1.1 in the host name field and
  connect.
• Now you can change default password to something else. First you have to mount root system and after that, you
  can change the password. Issue folowing commands:

mount_root

passwd

• After password is changed, you can reboot the device. After that you can login to system via SSH.
• You can always reset your router back to original state (as it was when openwrt was just installed) by going
  to recovery mode (see above) and login via telnet and issuing a ‘firstboot‘ command. That cleans the system.

Installing programs:

• Fresh install probably isn’t configured for your network, so you need to edit /etc/config/network – file to suit
  your needs. Here is lan interface part of the config file for example:

config interface lan
option ifname eth0
option type bridge
option proto static
option ipaddr 10.0.0.101
option netmask 255.255.255.0
option gateway 10.0.0.1
option dns 81.209.27.12

What you need to change / add in /etc/config/network – file is ipaddr, netmask, gateway and probably add dns so your
OpenWRT box can connect to internet and you can install new software via opkg. Of course you can also enable Wifi via this
config file, but also from the web GUI (luci) if you decide to install that later on.

After editing network setup, reboot your (OpenWRT) router and plug it into your existing router and change your computer IP-address
so you can connect to your OpenWRT box again.

Now connect to OpenWRT box again and try to ping www.google.com for example, if it responds, you are ready to go. Otherwise check your
network settings again.

If previous step succeeded, you can issue folowing command which updates opkg package list:

opkg update

Now package list is updated in /tmp/opkg-lists/snapshots – file and it is possible to install all the necessary stuff to mount NFS
shares from other devices. These are needed for succesfull NFS-share mount:

portmap
 nfs-utils
 nfs-kernel-server
 kmod-fs-nfs
 kmod-fs-nfs-common
 kmod-fs-nfsd

I didn’t get NFS-share to mount without statd (-o nolock didn’t work), so I went with the easy way and installed portmap & nfs-kernel-server
which included the needed statd. I also thought that maybe later on I need that NFS server, dunno, but now it is installed anyway. After
all of the above are installed, mounting of NFS share is possible with following command:

mount -t nfs 10.0.0.50:/nfsshare /mnt/nfsshare -v

 

“-t nfs” tells that it is a NFS system.
“10.0.0.50:/nfsshare” IP-address of NFS-server and ‘/nfsshare’ is a mountpoint on server.
“/mnt/nfsshare” mount point on OpenWRT box.
“-v” verbose mode, mount command tells more if something goes awry.

Now, to save diskspace we must add a new installation destination to /etc/opkg-conf – file. Here is an example where ‘dest nas /mnt/nfsshare’
is added.:

src/gz snapshots http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages
dest root /
dest nas /mnt/nfsshare/
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay

After new destination is added to opkg.conf – file, we can install new software to that directory with for example ‘opkg -dest nas install luci’
command which would install web GUI to OpenWRT box. Makes configuring easier and there are some statistics modules to web GUI also. Of course
installing packages to a different destination than root brings a few problems. Some installation scripts are hardcoded in a way that they try to
check installed files from /etc/uci-defaults/ for example and some programs try to search for libraries from /usr/lib – directory when they are
installed in (this case) /mnt/nfsshare/usr/lib/ – directory. What we need to do in those cases is to make symbolic links to files. For example
‘ln -s /mnt/nfsshare/usr/bin/diff /usr/bin/diff’. I suggest installing diffutils (opkg -dest nas install diffutils ,e.g.) and to check folder
differences. Some programs may tell you right away what files are missing, some don’t. Those that don’t, well, you just have to play Sherlock
Holmes and try to see from the script or figure out the needed files by what is related to that program and/or missing from root.

Some locations to check for differences agains NFS-share mountpoint (the place you installed software):

/usr/
/usr/bin/
/usr/lib/
/etc/
/etc/config/

Mount NFS share on boot:

• Enable portmap & nfsd via luci (web GUI) or command line or add them to [i]/etc/rc.local[/i] which is run at every boot. After the start of those
  services, mount NFS-share
• After start of those

After installing luci, issue following commands and web GUI should then be available:

ln -s /mnt/nfs_nasuwrt/www /www
ln -s /mnt/nfs_nasuwrt/usr/lib/lua /usr/lib/lua
ln -s /mnt/nfs_nasuwrt/etc/config/luci /etc/config/luci

Disk usage:

root@OpenWrt:/etc# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 1.4M 1.4M 0 100% /rom
tmpfs 14.4M 1.4M 13.0M 10% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
/dev/mtdblock3 1.2M 1.1M 128.0K 89% /overlay
overlayfs:/overlay 1.2M 1.1M 128.0K 89% /
10.0.0.50:/nfsshare 1.9G 1.7G 253.3M 87% /mnt/nfsshare

As you can see, NFS share is “only” ~1.9Gb and that is a root folder from NAS. Why?
Because my Netgeard ReadyNas DUO has crashed three times and synced / checked harddisks
several hours in both cases. And when that happens, HD access is not availabe which
leads to NFS share to not being available, but internal disk space is. Of course,
backups from this share is made to RAID on NAS.

And finaly a list of installed packages (opkg list-installed):

base-files – 70-r26936
busybox – 1.18.4-1
bzip2 – 1.0.6-1
collectd – 4.10.2-2
collectd-mod-interface – 4.10.2-2
collectd-mod-load – 4.10.2-2
collectd-mod-openvpn – 4.10.2-2
collectd-mod-rrdtool – 4.10.2-2
collectd-mod-wireless – 4.10.2-2
crda – 1.1.1-1
dansguardian – 2.10.1.1-1
diffutils – 3.0-1
dnsmasq – 2.57-1
dropbear – 0.53.1-3
firewall – 2-25
freifunk-p2pblock – 1
hotplug2 – 1.0-beta-4
iptables – 1.4.10-2
iptables-mod-conntrack – 1.4.10-2
iptables-mod-conntrack-extra – 1.4.10-2
iptables-mod-filter – 1.4.10-2
iptables-mod-nat – 1.4.10-2
iw – 0.9.22-1
kernel – 2.6.37.6-1
kmod-ath – 2.6.37.6+2011-05-13-1
kmod-ath9k – 2.6.37.6+2011-05-13-1
kmod-ath9k-common – 2.6.37.6+2011-05-13-1
kmod-button-hotplug – 2.6.37.6-3
kmod-cfg80211 – 2.6.37.6+2011-05-13-1
kmod-crc-ccitt – 2.6.37.6-1
kmod-crypto-aes – 2.6.37.6-1
kmod-crypto-arc4 – 2.6.37.6-1
kmod-crypto-core – 2.6.37.6-1
kmod-fs-exportfs – 2.6.37.6-1
kmod-fs-nfs – 2.6.37.6-1
kmod-fs-nfs-common – 2.6.37.6-1
kmod-fs-nfsd – 2.6.37.6-1
kmod-input-core – 2.6.37.6-1
kmod-input-gpio-keys-polled – 2.6.37.6-1
kmod-input-polldev – 2.6.37.6-1
kmod-ipt-compat-xtables – 2.6.37.6+1.31-1
kmod-ipt-conntrack – 2.6.37.6-1
kmod-ipt-conntrack-extra – 2.6.37.6-1
kmod-ipt-core – 2.6.37.6-1
kmod-ipt-filter – 2.6.37.6-1
kmod-ipt-ipp2p – 2.6.37.6+1.31-1
kmod-ipt-nat – 2.6.37.6-1
kmod-ipt-nathelper – 2.6.37.6-1
kmod-leds-gpio – 2.6.37.6-1
kmod-ledtrig-usbdev – 2.6.37.6-1
kmod-mac80211 – 2.6.37.6+2011-05-13-1
kmod-nls-base – 2.6.37.6-1
kmod-ppp – 2.6.37.6-1
kmod-pppoe – 2.6.37.6-1
kmod-textsearch – 2.6.37.6-1
kmod-tun – 2.6.37.6-1
kmod-usb-core – 2.6.37.6-1
kmod-usb-ohci – 2.6.37.6-1
kmod-usb2 – 2.6.37.6-1
l7-protocols – 2009-05-28-1
libart – 2.3.21-1
libblkid – 1.41.12-1
libc – 0.9.32-70
libevent – 1.4.14b-1
libfreetype – 2.3.12-1
libgcc – linaro-70
libip4tc – 1.4.10-2
libiwinfo – 15
libltdl – 2.4-1
liblua – 5.1.4-8
liblzo – 2.04-1
libnl-tiny – 0.1-2
libopenssl – 1.0.0d-1
libpng – 1.2.44-1
libpthread – 0.9.32-71
librpc – 0.9.32-rc2-0a2179bbc0844928f2a0ec01dba93d9b5d6d41a7
librrd – 1.2.30-1
librrd1 – 1.0.50-1
libuci – 2011-03-27.2-1
libuci-lua – 2011-03-27.2-1
libuuid – 1.41.12-1
libwrap – 7.6-1
libxtables – 1.4.10-2
lua – 5.1.4-8
luci – 0.10+svn7109-1
luci-app-firewall – 0.10+svn7109-1
luci-app-openvpn – 0.10+svn7109-1
luci-app-p2pblock – 0.10+svn7109-1
luci-app-statistics – 0.10+svn7109-1
luci-i18n-english – 0.10+svn7109-1
luci-lib-core – 0.10+svn7109-1
luci-lib-ipkg – 0.10+svn7109-1
luci-lib-lmo – 0.10+svn7109-1
luci-lib-nixio – 0.10+svn7109-1
luci-lib-sys – 0.10+svn7109-1
luci-lib-web – 0.10+svn7109-1
luci-mod-admin-core – 0.10+svn7109-1
luci-mod-admin-full – 0.10+svn7109-1
luci-sgi-cgi – 0.10+svn7109-1
luci-theme-base – 0.10+svn7109-1
luci-theme-openwrt – 0.10+svn7109-1
mtd – 15
nfs-kernel-server – 1.1.6-1
nfs-utils – 1.1.6-1
openssl-util – 1.0.0d-1
openvpn – 2.1.4-3
openvpn-easy-rsa – 2.1.4-3
opkg – 618-1
portmap – 6.0-2
ppp – 2.4.4-17
rrdcgi1 – 1.0.50-1
rrdtool1 – 1.0.50-1
swconfig – 7
uci – 2011-03-27.2-1
uclibcxx – 0.2.2-3
uhttpd – 22
wireless-tools – 29-4
wpad-mini – 20110421-1
zlib – 1.2.5-1