Setting up a Linux router based on the WRAP

If you would like to know how to build a small and energy efficient yet flexible router I’ll present one possible solution. We’ll install a Debian based Linux on a PC Engines Wireless Router Application Platform (WRAP) and configure it to our needs. We’ll not use special accessories (e.g. USB or a pimped out enclosure) or use it for some particular purpose (e.g. Wardriving): it’ll be a general purpose router which connects your network to the internet.

Background

When I first thought about a new router, I already had a very powerful router running, which had two CPUs, two HDDs in a RAID1 and it was connected to a 1000VA SmartUPS from APC. This real man’s machine was consuming a lot of power, i.e. about 110W that summed up to about 1000 kW/h per year. Of course the router was running 24/7, i.e. also at times when nobody needed it. Once I realized that there might be other solutions which are almost as flexible as my current router but much more energy efficient, the old router was unjustifiable.

I wanted a thing that:

  • is flexible, i.e. is running a Debian based Linux
  • consumes a minimum of power
  • hasn’t got any fans, i.e. completely noiseless
  • non-technical people should be able to use it

It should be running Debian Linux because I wanted to install the packages that were installed on the old router, so I could simply copy the config files over. I just didn’t want to configure everything from scratch again and by no means in a proprietary format. Furthermore it should consume a bare minimum of power, because the 1000 kW/h per year I mentioned earlier were making up about 40% of our total household power consumption per year, which was a big chunk. Switching the router on and off mustn’t be an issue for non-technical people, because everybody should be able to use it, even when I’m not at home. And finally it should be small and noiseless so I could set it up in our flat instead of the basement.

The first thing that came to my mind where the ten old computers that were piling up in my basement. After testing the power consumption of them all, it turned out that it wouldn’t get much lower than circa 30W. It would probably be possible to lower it to 20W, but that would be it. This wasn’t very satisfying. The next thing I though of, were those tiny VIA EPIA mainboards. They consume between 12 and 20W, which was quiet acceptable. But then a friend told me about the WRAP which only needs 3 to 5W. Now that I’ve bought it I can tell you that it lives up to its promise and consumes about 5,5W if it’s idle. It would probably be a little better if I wouldn’t have bought the most cheapest power supply.

The WRAP with a switch and a DSL modem consume about 10 to 15W which is astonishing compared to the 110W of the old router. And the router doesn’t run 24/7 but only if somebody needs it: this means further savings. But why bother using energy efficient devices at all? I’m sorry that I don’t know how to convince you about that, so I suggest reading about it elsewhere.

Prerequisites

We’ll need this:

I want to add that I got a power supply with +5V/+12V, 1.5A DC. I haven’t tested it, but a power supply with just 1A might be sufficient too. The CompactFlash card can be smaller too, but you won’t be able to install some additional software packages. I would therefor recommend using a card with 128MB. That’ll be enough for the things we would like to install.

At last one note to the CompactFlash card: generally speaking we don’t want to write to the card too often, at least if it isn’t absolutely necessary. Due to this we’ll build a Linux which loses all it’s computed data once it’s rebooted, e.g. the logs (/var/log) will only reside in memory (a RAM disk). You can change that behavior at any time, but be aware that sooner or later the CF card might go kaput and you’ll have to buy a new one; don’t forget to make backups though.

You might want to know how much you’ll have to pay for all this stuff:

  • WRAP 120 EUR plus 13,50 EUR for enclosure
  • Power supply 2,95 EUR
  • CompactFlash (512 MB) 12 EUR
  • CompactFlash card reader 10 EUR
  • Null modem cable less than 5 EUR

So this sums up to approximately 160 EUR. This is quite expensive because the WRAP board is too niche. Except for the costly board you can buy everything else at eBay to save some money.

Linux distribution

Choosing a Linux distribution isn’t very difficult: either you want a turn-key distribution, i.e. install it and use it, or you start from scratch, e.g. by bootstrapping Debian and configuring everything yourself. I opted for Voyage Linux, because it seemed to be a good compromise between a Linux from scratch and a highly customized Linux with a web configuration frontend.

I want to add one note to the file system structure of the Voyage Linux distribution. Albeit it looks like every other Linux it has got two additional directories: /ro and /rw. At startup /rw is mounted as tmpfs (see fstab) and everything from /ro is copied to /rw. In the real file system there are a lot of symlinks to files and directories in /rw because they need to be writable at runtime. This way you can setup defaults in /ro which will be used after every reboot. It’s important to keep this in mind because changes to things in /rw will be lost after a reboot. If you change something in /rw and want to persist it across reboots, copy it over to /ro before a reboot.

Installation

Let’s start the straight forward installation:

  • First of all we need to prepare the flash card. Put it in your card reader and create one big partition and no swap. Further create a ext2 file system and disable the automatic checking after a given amount of mounts.
    fdisk /dev/sda
    mkfs.ext2 /dev/sda1
    tune2fs -c 0 /dev/sda1
  • Download a stable version of Voyage Linux, a Debian based Linux which is optimized for small (read: few disk space) systems. Extract the directory from the compressed tar, change into it and run voyage.update. After some obvious questions Voyage Linux will be installed on the flash card. Put the flash card into the WRAP.
  • There are two ways to proceed from here: use minicom to configure the WRAP over a serial console or if you have a DHCP server running, connect the WRAP to your network and use ssh to configure it.
    1. If you’d like to use minicom, connect the WRAP to the serial port of your computer. Then start minicom and configure it to use these 9600 N 8 1 console settings. After setting the options for minicom turn on the power for the WRAP. It’s likely that you will not be able to see the BIOS in minicom because the WRAP is configured to use a default baud rate of 38400; just wait a moment and you’ll see Linux booting.
    2. If you can make use of a DHCP server, connect the WRAP to your network, wait until it retrieves an IP and connect with ssh. Of course this will only work if there aren’t any errors during the boot process.

Configuration

After we’ve successfully installed Linux on the WRAP we can move on to install some additional software packages and to remove those we don’t need. First I purged the following packages:

  • dnsmasq
  • elvis-tiny
  • hostap-utils
  • hostapd
  • ifenslave-2.6
  • madwifi-ng-modules-2.6.15-486-voyage
  • madwifi-ng-tools
  • parprouted
  • pptpd
  • wireless-tools
  • wpasupplicant

Keep in mind that I used version 0.2 of Voyage Linux and the package names might be different in new releases.

Second, I installed aptitude and then added a DNS and DHCP server, OpenVPN, a decent editor and some tiny tools:

  • bind9
  • bind9-host
  • bwm
  • dhcp3-server
  • lsof
  • nmap
  • openvpn
  • rsync
  • tcpdump
  • vim
  • w3m
  • whois

Now we can start configuring the system. We’ll set a password, use ntpdate to set time and date and configure bind, Squid and the DHCP server.

  • First and foremost we’ll copy over our SSH key and set a secure password.
    remountrw
    mkdir /ro/root/.ssh
    touch /ro/root/.ssh/authorized_keys2
    chmod 600 /ro/root/.ssh/authorized_keys2
    
    cp -a /ro/root/.ssh/ /root
    remountro

    Paste your SSH key into the authorized_keys2 file an log back in again to check whether the setup works. If you want to make sure that it still works after a reboot, reboot the WRAP and log in again. If it works, generate a password, e.g. with pwgen, and set it with passwd.

  • Due to the fact that the WRAP hasn’t got a RTC with a battery we’ll need to set the time and date with ntpdate after every reboot, i.e. after PPP is started. So put the following into /etc/ppp/ip-up.d/ntpdate:
    #!/bin/sh
    /etc/init.d/ntpdate start &>/dev/null

    Don’t forget to do a chmod 700 on this file.

  • Putting the bind configuration into /etc/bind won’t work because /etc isn’t writable. So do the following to make the directories used by bind writable:
    remountrw
    mkdir -p /ro/etc/bind
    chmod 775 /ro/etc/bind
    chown root:bind /ro/etc/bind
    cp -a /ro/etc/bind /rw/etc
    ln -s /rw/etc/bind/ /etc/bind
    
    mkdir -p /ro/var/cache/bind
    chmod 775 /ro/var/cache/bind
    chown root:bind /ro/var/cache/bind
    cp -a /ro/var/cache /rw/var
    ln -s /rw/var/cache/bind/ /var/cache/bind
    remountro

    Further you’ll need to change the resolv.conf, which is located under /ro/etc/resolv.conf. Add at least this to use your own bind and not the preconfigured name servers:

    nameserver 127.0.0.1

    Finally you can delete the configuration for dnsmasq, because we purged it earlier:

    remountrw
    rm /etc/dnsmasq.more.conf
    remountro
  • PPPoE wasn’t working after running pppoeconf. It turned out that it added a plugin rp-pppoe.so eth0 line to my /etc/ppp/peers/dsl-provider file. After issuing a pon I could see bad things happening (with tcpdump):
    [...] PPPoE  [...] IP truncated-ip - 1280 bytes missing! [...]

    This error seemed to repeat endlessly and very little data could be transferred. After deleting the obnoxious line from the dls-provider file, everything worked just great.

  • If you want to install Squid, you should do the following:
    remountrw
    mkdir /var/log/squid
    touch /var/log/squid/{access,cache,store}.log
    chown -R proxy: /var/log/squid
    chmod 755 /var/log/squid
    chmod 664 /var/log/squid/*
    
    cp -a /var/log/squid /ro/var/log
    remountro

    Now you’re ready to start Squid. You’re probably interested in turning off logging completely and using it just for debugging during the setup phase: so I suggest reading this post.

  • Configuring the DHCP server should be easy: just copy over your old configuration to /etc/dhcp3 and that’s it.

Extras

There are some neat things you can do, e.g. checking the current temperature and switching the leds on and off. I suggest that you put the following pieces of shell code into separate scripts in the /usr/local/sbin directory and add that directory to the PATH environment variable. After following the hints continue reading.

  • Use this to check the temperature in Celsius:
    expr `cat /sys/bus/i2c/devices/0-0048/temp1_input` / 1000
  • After compiling the C code you’ll be able to switch the leds on and off individually. The following script is called at the end of a shutdown to indicate that I can turn the WRAP off.
    #!/bin/sh
    case $1 in
      start)  ;;
      stop)   for i in 1 2 3; do
                /usr/local/sbin/wrap_led_ctl $i off
              done
              ;;
      *)      echo "Usage: $0 {start|stop}"
              ;;
    esac

Conclusion

If you’d like to have a very small and energy efficient but flexible router that’s running a Debian based Linux and you’re ready to spend some extra bucks, the WRAP might be the very right choice. Once you’ve set it up you don’t have to look at the box again, it’ll just do its duty. I’m using the WRAP and haven’t run into real problems yet.

There are two things you should be aware of. First the CPU isn’t very fast so you’ll not be able to run complex computations, e.g. having a lot of filters turned on in Privoxy (read how to turn these off).

Second, it’s very easy to lock yourself out of the WRAP, e.g. your new hilarious script goes foobar during the boot process and you can’t log in with ssh. Although this hasn’t happened very often it’s another thing that’s a little bit annoying. But the pros of the WRAP definitely outweigh this.