Build for Sitecom Wireless Router N300 X2 (WLR-2100 v2)

Community Builds, Projects & Packages
1

LEDE firmware for Sitecom Wireless Router N300 X2 (WLR-2100 v2)

Proceed with caution

Using and flashing a custom firmware is a very delicate process. You might damage your device, so proceed with care! Use this guide and firmware at your own risk. Neither LEDE nor I can be held responsible for causing damage to your router.

Software and hardware prerequisites

Listed are the required software and hardware with examples.

  • Serial terminal. Use minicom (Linux), PuTTY (Windows), or other preferred software.
  • SSH client. Use ssh (Linux), PuTTY (Windows), or other preferred software.
  • SCP client. Use scp (Linux), WinSCP (Windows), or other preferred software.
  • TFTP server. Use tftpd (Linux), Tftpd32 (Windows), or other preferred software.
  • Hex editor. Use dhex (Linux), or HxD (Windows), or other preferred software.
  • USB TTL converter. FTDI FT232RL based boards are good and cheap USB TTL converters (€1.50 on your favorite China webshop).
  • Soldering iron and supplies. Basic set of supplies such as soldering wire, jumper wires, flux, litze and pin headers.

Flashing instructions

This manual assumes you have basic knowledge on how to use the basic software and hardware prerequisites. It is written using the listed Linux software on a Ubuntu desktop. Windows users are able to do the same, albeit using another procedure.

Serial communication with the router is required in order to flash the firmware. You will need some soldering skills in order to access the serial interface. With the serial interface available, we can start modifying the routers software.

If you're running this firmware for the first time, you'll need to create a back up of the routers flash memory. Subsequently, a copy of the back up will be used to modify the ART partition to store the routers WAN MAC address. The ART partition is then flashed back to the router.

When the back ups are created and the MAC address set, download the firmware of your choice and we can start flashing the firmware.

Serial interface

Open the case by removing the five screws. There are four screws located in each corner at the bottom of the device. A fifth screw is located under the sticker.

A serial interface is available at the J4 mark on the PCB. No pin header is available, so you might want to solder pin headers on the PCB. Remove the solder from the holes using litze wire or other desoldering techniques. If not possible, use a 0.8 mm drill.

  • Pin 1: Vcc (NC, marked with arrow)
  • Pin 2: GND
  • Pin 3: TxD
  • Pin 4: RxD

Connect the pins to your USB TTL converter. Do not connect Vcc. Only connect GND, TxD and TxR.
Note that the router's TxD and TxR are connected to TxR and TxD of your USB TTL converter respectively.

Now connect the USB TTL to your computer and find out on which COM port the USB TTL converter is available. Use your serial terminal software to connect to this COM port using following settings for serial communication with the router:

  • Baud Rate: 115200
  • Data Bits: 8
  • Stop Bits: 1
  • Parity: None
  • Handshake: None

Download the firmware

Visit my OneDrive to download precompiled binaries (tip: use listview to navigate). Use initramfs binaries to run LEDE from the RAM. This comes in handy for making a backup when the router is running stock firmware. Use sysupgrade binaries to flash LEDE.

Additional builds are also available:

  • sysupgrade-luci: Default LEDE build for the WLR-2100 v2 with LuCI (web GUI) precompiled.
  • sysupgrade-strongswan: Custom LEDE build for the WLR-2100 v2 with StrongSwan (IPsec VPN server) precompiled.

Back up flash memory

This manual is written using the listed Linux software on a Ubuntu desktop. Windows users are able to do the same, albeit using another procedure.

The flash memory contains essential data necessary for the router to work. This includes the firmware, but also the bootloader, the bootloader settings, and the router's calibration data (ART). These are not included in the (OEM) firmware images. You should back up this data in case you want to restore the original firmware, or when flashing went wrong.

  1. Set up a TFTP server with static IP address 192.168.1.101. Make sure the router can communicate with the TFTP server.
  2. Download a initramfs firmware, rename the firmware to ap.bin and make sure the TFTP server can serve ap.bin to your router.
  3. Set up a serial connection with the router, ready to send and receive serial data.
  4. Power on your router, and load system code to the SDRAM via TFTP by tapping 1 while booting.
	Please choose the operation: 
	   1: Load system code to SDRAM via TFTP. 
	   3: Boot system code via Flash (default).
	   4: Entr boot command line interface.

	You choosed 1
  1. The router should automatically trying to download ap.bin from the TFTP server. If everything is set up correctly, LEDE should now boot.
  2. Use SSH to access the router's console. Use username root and IP address 192.168.1.1.
	foo@bar:~$ ssh root@192.168.1.1
  1. List all partitions with cat.
	root@lede:~# cat /proc/partitions 
	major minor  #blocks  name

	  31        0        192 mtdblock0
	  31        1         64 mtdblock1
	  31        2       3776 mtdblock2
	  31        3       1344 mtdblock3
	  31        4       2432 mtdblock4
	  31        5        576 mtdblock5
	  31        6         64 mtdblock6
  1. Create a backup of mtdblock0 (bootloader), mtdblock1 (bootloader configuration), mtdblock2 (firmware), and mtdblock6 (ART) by redirecting the output of cat. Transfer them to your computer with scp. Replace <n> with the block number, and replace <local path> with a writable local directory of your choosing (e.g. ~/Desktop for your desktop on Ubuntu). Note that the scp command is executed within a desktop terminal, and not in the router's console.
	root@lede:~# cat /dev/mtdblock<n> > /tmp/mtdblock<n>_backup

	foo@bar:~$ scp root@192.168.1.1:/tmp/mtdblock<n>_backup <local path>

	root@lede:~# rm /tmp/mtdblock<n>_backup
  1. When done correctly, you now have a copy of mtdblock0, mtdblock1, mtdblock2, and mtdblock6 on your computer. Save these files to restore your router when needed.

Set MAC address in flash memory

Before we can use LEDE, we need to write some MAC addresses to the flash memory. Many Atheros based routers store their MAC address on the ART partition. However, the WLR-2100 v2 stores its MAC addresses in the bootloader configuration and passes the MAC addresses as kernel boot argument. This section describes modifying the ART partition to store the MAC addresses.

  1. Set up a TFTP server with static IP address 192.168.1.101. Make sure the router can communicate with the TFTP server.
  2. Power on your router, and enter the boot command line interface by tapping 4 while booting.
	Please choose the operation: 
	   1: Load system code to SDRAM via TFTP. 
	   3: Boot system code via Flash (default).
	   4: Entr boot command line interface.

	You choosed 4
  1. Press any key to prevent auto booting the currently flashed firmware.
	4: System Enter Boot Command Line Interface.

	U-Boot 1.0.1 (Mar 14 2012 - 16:09:18)
	Hit any key to stop autoboot:  0 
	ar7240>
  1. Skip to step 6 if you already have a MAC address. Use md to read a piece of bootloader configuration stored in the flash memory.
	ar7240> md.b 0x9f030000 0x400
  1. Write down your MAC address. It is defined by ethaddr in the output of the md command. The MAC address is A0:12:34:56:78:9B in the following example:
	9f0300d0: 32 30 30 00 65 74 68 61 64 64 72 3d 22 41 30 3a    200.ethaddr="A0:
	9f0300e0: 31 32 3a 33 34 3a 35 36 3a 37 38 3a 39 42 22 00    12:34:56:78:9B".
  1. Now switch over to your desktop computer. Use a hex editor to modify a copy of your ART backup (mtdblock6). Offset 0x0 to 0xFFF should be padded with ff (empty) when doing this for the first time. Add your MAC address twice written in hex at the beginning (at offset 0x0). Add or subtract 0x1 for the second MAC address, whatever is appropriate. Do not use the colon character. In our example with A0:12:34:56:78:9B you should write down a0 12 34 56 78 9b and a0 12 34 56 78 9c (9b becomes 9c when by adding 0x1) as hex:
	       0: a0 12 34 56 78 9b a0 12 34 56 78 9c ff ff ff ff    ..4Vx...4Vx.....
	      10: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff    ................
  1. Save your modified ART image, and make sure the TFTP server can serve this modified ART image to your router. Now switch back to your router.
  2. Verify the flash memory sector addresses with flinfo. The first sector should have address 9F000000 and the last sector should have address 9F3F0000. Sectors 9F000000, 9F010000, 9F020000 and 9F030000 contains the bootloader and bootloader configuration. Sectors from 9F040000 to 9F3E0000 can be used to store the firmware. Sector 9F3F0000 contains the router's calibration data (ART). Do not proceed when your addresses differ! 
	ar7240> flinfo

	Bank # 1:   Size: 4 MB in 64 Sectors
	  Sector Start Addresses:
		9F000000      9F010000      9F020000      9F030000      9F040000     
		9F050000      9F060000      9F070000      9F080000      9F090000     
		9F0A0000      9F0B0000      9F0C0000      9F0D0000      9F0E0000     
		9F0F0000      9F100000      9F110000      9F120000      9F130000     
		9F140000      9F150000      9F160000      9F170000      9F180000     
		9F190000      9F1A0000      9F1B0000      9F1C0000      9F1D0000     
		9F1E0000      9F1F0000      9F200000      9F210000      9F220000     
		9F230000      9F240000      9F250000      9F260000      9F270000     
		9F280000      9F290000      9F2A0000      9F2B0000      9F2C0000     
		9F2D0000      9F2E0000      9F2F0000      9F300000      9F310000     
		9F320000      9F330000      9F340000      9F350000      9F360000     
		9F370000      9F380000      9F390000      9F3A0000      9F3B0000     
		9F3C0000      9F3D0000      9F3E0000      9F3F0000
  1. Load the ART image into the RAM of the router with tftpboot. Replace <filename> with the filename of the ART image.
	ar7240> tftpboot 0x80800000 <filename>
  1. Erase all data in sector9F3F0000 with erase.
	ar7240> erase 0x9f3f0000 +0x10000
  1. Write the loaded ART image to the flash memory with cp.
	ar7240> cp.b 0x80800000 0x9f3f0000 0x10000
  1. Your ART partition is now set up. Reboot your device now.

Flashing the LEDE firmware

Proceed with caution. This section describes actions that might damage your device or firmware!

  1. Set up a TFTP server with static IP address 192.168.1.101. Make sure the router can communicate with the TFTP server.
  2. Download a sysupgrade firmware, and make sure the TFTP server can serve firmware to your router.
  3. Set up a serial connection with the router, ready to send and receive serial data.
  4. Power on your router, and enter the boot command line interface by tapping 4 while booting.
	Please choose the operation: 
	   1: Load system code to SDRAM via TFTP. 
	   3: Boot system code via Flash (default).
	   4: Entr boot command line interface.

	You choosed 4
  1. Press any key to prevent auto booting the currently flashed firmware.
	4: System Enter Boot Command Line Interface.

	U-Boot 1.0.1 (Mar 14 2012 - 16:09:18)
	Hit any key to stop autoboot:  0 
	ar7240>
  1. Verify the flash memory sector addresses with flinfo. Do not proceed when your addresses differ!
  2. Load the firmware into the RAM of the router with tftpboot. Replace <filename> with the filename of the firmware (e.g. lede-ar71xx-generic-wlr2100v2-squashfs-<version>.bin).
	ar7240> tftpboot 0x80800000 <filename>
  1. Write down the hex value of the number of bytes transferred. This number might differ, depending on the firmware version. It may never exceed 0x3B0000 (3866624). The hex value is equal to 0x360004 in the following example:
	Bytes transferred = 3538948 (360004 hex)
  1. Erase all data in sectors 9F040000 to 9F3E0000 with erase.
	ar7240> erase 0x9f040000 +0x3b0000
  1. Write the loaded firmware to the flash memory with cp. Replace <bytes transferred> with the hex value that you have written down. Do not forget hex strings always starts with 0x.
	ar7240> cp.b 0x80800000 0x9f040000 0x<bytes transferred>
  1. Flashing is now complete. Reboot your device now.

Personal experience with the LEDE firmware

I acquired this router when replacing some network components with some fine Ubiquiti hardware. In terms of stability, the WLR-2100 v2 was utterly shit running on stock firmware. The router needed multiple reboots per month (WiFi issues and stability problems at high load). Using the LEDE firmware gave this router a second life, getting the maximum performance with good reliability. I had no stability or WiFI issues, or the need to reboot the router the past 6 months using my 0.4 build of the LEDE firmware.

2

Changelog

Version 0.6

  • Updated to LEDE 17.01.4
  • Includes fixes for recent KRACK attack

Version 0.5

  • Updated to LEDE 17.01.2

Version 0.4

  • Stable release
  • Based on LEDE Reboot 17.01.0

Version 0.3

  • Fixed random MAC address issue.
  • Users will need to write MAC address to ART partition.
  • Improved machine profile.

Version 0.2

  • Changed from OpenWRT to LEDE.
  • Based on LEDE trunk (reboot-2445-gee5a6c1).
  • Flashable release.

Version 0.1

  • First experimental build for OpenWRT on WLR-2100 V2.
  • Based on OpenWRT trunk (9d64efa1a23f31847f4a9bef9f3474a9cf3fadb3).
  • The white OPS led serves as status led.
  • OPS button needs configuration, does not work out of the box.
  • Not intended for flashing.
3

Special build: LuCI

For all the lazy people who wants to get instantly started with the web GUI. This is the default LEDE build with LuCI included.

Special build: IKEv2 VPN with EAP-MSCHAPv2

Minimal strongSwan build for IKEv2 with MSCHAPv2 authentication (username / password) only.

In order to fit strongSwan on a 4 MB device, a few adjustments were made to save space. Opkg is not available so you can't install additional packages.

  • Kernel debugging options disabled
  • No IPv6 support
  • Removed opkg, sed and archiving related packages

Configuration for IKEv2 VPN Tunnel with EAP-MSCHAPv2

This configuration adds a road-warrior to the local LAN of the responder. No separate VPN subnets are made.

Packages

For information purposes only. These are already compiled into the provided firmware image.

strongswan-minimal strongswan-mod-constraints strongswan-mod-dhcp strongswan-mod-eap-identity strongswan-mod-eap-mschapv2 strongswan-mod-farp strongswan-mod-md5 strongswan-mod-pem strongswan-mod-pkcs1 strongswan-mod-revocation

Firewall configuration

Add the following rules to your firewall configuration. Not sure if the AH traffic rule is required. The ESP and ISAKMP rule may already be set. Remove and replace, or modify these two rules accordingly.

/etc/config/firewall

# allow IPsec/ESP and ISAKMP passthrough
config rule
	option name		'Allow-IPsec-ESP'
	option src		wan
	option proto		esp
	option target		ACCEPT

config rule
	option name		'Allow-IPsec-AH'
	option src		wan
	option proto		ah
	option target		ACCEPT

config rule
	option name		'Allow-IPsec-NAT-T'
	option src		wan
	option dest_port	4500
	option proto		udp
	option target		ACCEPT
    
config rule
	option name 		'Allow-ISAKMP'
	option src		wan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

Add the following iptables rules to your firewall configuration. The leftfirewall=yes option wasn't enough to allow ipsec traffic pass through the network.

/etc/firewall.user

iptables -I INPUT  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
iptables -I FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
iptables -I FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT
iptables -I OUTPUT   -m policy --dir out --pol ipsec --proto esp -j ACCEPT

Certificates

Use a SSL library of choice to generate a certificate authority and a certificate for the VPN connection to use.

OR:

Issue the following commands on a Linux box with a strongSwan installation that supports generating x509 certificates (e.g. strongSwan configured with --enable-openssl flag and libssl-dev installed on Debian system).

Generate private keys.

ipsec pki --gen --type rsa --size 4096 --outform pem > ca.key.pem
ipsec pki --gen --type rsa --size 2048 --outform pem > vpn.key.pem

Create root CA. Replace <country>, <organization>, and <common-name> with your own values.

ipsec pki --self --ca --lifetime 3650 --in ca.key.pem --type rsa --dn "C=<country>, O=<organization>, CN=<common-name>" --outform pem > ca.cert.pem

Generate VPN certificate. Replace <gateway> with the IP address or host address that clients are going to use to access the VPN server. Adjust <country> and <organization> to your own values.

ipsec pki --pub --in vpn.key.pem --type rsa | ipsec pki --issue --lifetime 3650 --cacert ca.cert.pem --cakey ca.key.pem --dn "C=<country>, O=<organization>, CN=<gateway>" --san <gateway> --flag serverAuth --flag ikeIntermediate --outform pem > vpn.cert.pem

Move the private keys to /etc/ipsec.d/private. Chmod the keys with chmod 0600 /etc/ipsec.d/private/*.

Move your root CA certificate to /etc/ipsec.d/cacerts.

Move your VPN certificate to /etc/ipsec.d/certs.

IPsec configuration

Provided is an example configuration for /etc/ipsec.conf. Replace <dns> with the IP address of the DNS server in the local LAN of the responder. Replace <gateway> with the IP address or host address that clients are going to use to access the VPN server.

# ipsec.conf - strongSwan IPsec configuration file

config setup


conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn shibe-external
	left=%defaultroute
	leftsubnet=0.0.0.0/0
	leftauth=pubkey
	leftcert=<gateway>
	leftid=@<gateway>
	leftfirewall=yes
	right=%any
	rightsourceip=%dhcp
	rightauth=eap-mschapv2
	rightsendcert=never
	rightdns=<dns>
	eap_identity=%any
	auto=add

Add users by altering the /etc/ipsec.secrets file. Replace <vpn.key.pem> with the filename of the private key for the VPN server.

# /etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA <vpn.key.pem>

username1 : EAP "password1"
username2 : EAP "password2"

strongSwan configuration

Edit /etc/strongswan.d/charon/dhcp.conf. Set force_server_address = yes and server = <broadcast-address> to your DHCP servers broadcast of unicast IP address.

Adjust the MTU value in /etc/strongswan.d/charon/kernel-netlink.conf if necessary.

Connect to the VPN server

Install the public CA and VPN certificates on your clients devices. After that, you should be able to connect to the VPN server, make use of its (internet) gateway, and access local LAN devices

4

Great work!
I was able to make this work for IO-DATA WN-G300R2 WiFi router as well.
Both have identical (if not same) PCB/hardware configuration, and following the exact same procedure worked.

6

So you're having connectivity / stability issues with your current WLR-2100 v2 on the default stock factory firmware? The most reliable solution is to replace the stock firmware with OpenWRT. It solved all my connectivity issues with this model.

Got this router from my parents place after swapping it out for a better router. They were complaining a lot about this model. I thought to just throw it away afterwards, but decided to modify OpenWRT to run on this router. Just for fun in my free time, and was very surprised with the result and the stability running OpenWRT compared to the stock firmware.

But I do recommend you to just buy a new router. If that isn't possible - flashing to OpenWRT is your most viable option. How to do this is described in the opening post of this thread, but requires some basic knowledge about soldering and flashing firmwares. You might permanently damage your router permanently when doing wrong, having no working router at all in the end. Then it's just better to unplug and reconnect your router every day.

I'm happy to supply new update firmware images if anyone is interested. Just leave a message here. Also, feel free to ask any questions about the procedure flashing OpenWRT on this router, I'm glad to help.