TL-WA901ND, vpnc and fritzbox

I bought a TL-WA901ND v3 as an access point in a remote location. The first thing was to install openwrt on it. This was easy, as the wiki describes it fairly straight forward.

Download the current trunk firmware. Then go to the configuration page of your TL-WA901ND and flash it over the current one. Rebooting will cause the device to fall back to and only telnet as a connection method. Log in via telnet and do a simple “passwrd” command to change it to something good. After that you have to log out and log in again using ssh.

This was the point I realised that the current version of openwrt as provided by trunk does not contain vpnc. This tool is needed to connect to my fritzbox, it does not have a standard openvpn. Even if it had, the openvpn packages and dependencies eat up all the available space on the TL-WA901ND making it unusable.

I then found out I could add and remove packages to the trunk firmware using the ImageBuilder tool. A detailed guide on how to install it can be found here.

Flashing the WA901ND over ssh is quiet easy. Go to the /tmp directory and wget the new file you want to flash. Then run

sysupgrade -v /tmp/yourfile.bin

and wait for the device to reboot.

I tried adding the latest available vpnc package to my custom firmware, but I could not get it to connect to the fritzbox, as the vpnc package is missing this patch.

As I now needed to compile my own vpnc I followed this wiki to get the toolchain installed. Make sure you get a the git sources of a the latest version of openwrt that contain vpnc.

I did a “make package/feeds/packages/libgcrypt/compile” and then later a “make package/feeds/oldpackages/vpnc/compile”.

After hat a

make package/feeds/packages/libgcrypt/install

and then later a

make package/feeds/oldpackages/vpnc/install

You will find the new packages in the “bin” directory.

All files I compiled for my use can be found here:








Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.