OpenWrt is an open-source operating system based on Linux, primarily targeting embedded network devices.
If you are reading this article at home, you are likely connected via an LTE/5G/DSL/WIFI router. Such devices are typically responsible for routing packets between your local devices (smartphones, PCs, TVs, etc.) and providing access to the WWW through a built-in modem. Your home router likely has a web-based interface for configuring the device. This interface is often too simplistic as it is designed for the average user.
If you want more configuration options but don’t want to spend money on a professional device, you should check out alternative firmware like OpenWrt.
Features of OpenWrt
OpenWrt is an open-source operating system based on Linux, targeting embedded network devices. It is primarily used to replace the original firmware on various home routers. OpenWrt has all the useful features that a good router should have, such as a DNS server (dnsmasq), WiFi access point (AP) and client functionalities for modem capabilities using the PPP protocol, and unlike standard firmware, all of this is fully configurable.
LuCI Web Interface
OpenWrt can be configured remotely via the command line (SSH) or using the GUI configuration interface (LuCI). LuCI is a lightweight, extensible web GUI written in Lua that allows you to configure your device precisely. In addition to configuration, LuCI provides a lot of additional information, such as real-time graphs, system logs, and network diagnostics.
LuCI Web Interface
LuCI has some optional extensions to add more configuration options.
Writable File System
Another highlight is the writable file system. Original firmware is usually read-only, while OpenWrt comes with a writable file system, thanks to a clever solution that combines OverlayFS with SquashFS/JFFS2 file systems, allowing software packages to be installed to enhance functionality. More information about the file system architecture can be found in the OpenWrt documentation.
Extensions
OpenWrt has a related package manager, opkg, which allows the installation of additional services, such as FTP servers, DLNA media servers, OpenVPN servers, Samba servers for file sharing, Asterisk for controlling phones, etc. Of course, some extensions require appropriate underlying hardware resources.
Motivation
You might wonder why you would risk causing irreparable damage to your device and losing your warranty by trying to replace the router manufacturer’s firmware. If your device works the way you want it to, then you probably shouldn’t. Never touch a running system! However, if you want to enhance functionality, or your device lacks configuration options, then you should see if OpenWrt can be a remedy.
In my case, I wanted a travel router that I could place in a suitable location while camping, so that other devices could maintain a good connection with this local WiFi access point (AP). The router would connect to the internet as a regular client and broadcast its WiFi access point for my other devices to connect to it. This way, I could configure all my devices to connect to this router’s access point, and when I am elsewhere, I just need to change the router’s client connection. Additionally, at some campsites, you can only get a single device access code, which I can strengthen through this setup.
As my travel router, I chose the TP-Link TL-WR902AC for the following reasons:
To understand its size, here it is next to a Raspberry Pi 4:
TP-Link TL-WR902AC next to Raspberry Pi
Although this router has all the hardware features I need, I quickly found that the default firmware did not allow me to configure it the way I wanted. The router is primarily set up as a WiFi access point, which can replicate an existing WiFi network or connect to the network via the onboard Ethernet interface. The default firmware is very limited for these use cases.
(LCTT translation note: This model is not sold domestically, one of its features is the ability to connect to the internet via a 3G/4G USB modem, but since it is not sold domestically, there are no instructions on which domestic 3G/4G USB modem is supported. I found out that Huawei’s E3372h-320 seems to be available. Those with relevant experience can share their experiences.
Other similar models sold domestically can only connect to the internet via Ethernet or WiFi, in which case, if the internet can only be accessed via 3G/4G, another portable WiFi/mobile router needs to be purchased.)
Fortunately, this router is capable of running OpenWrt, so I decided to replace the original firmware with it.
Installation
When your LTE/5G/DSL/WiFi router meets the minimum requirements, it is very likely to run OpenWrt. Next, you need to check the hardware table to see if your device is listed as compatible and which firmware package you should choose. The page for OpenWrt’s TP-Link TL-WR902AC also includes installation instructions, which describe how to flash it into internal storage.
The process of flashing firmware may vary between different devices, so I will not go into detail. In short, I had to connect the device to a TFTP server on a network interface with a specific IP address, rename the OpenWrt firmware file, and then press the reset button to start the device.
Configuration
Once the flashing is successful, your device should now boot with the new firmware. The boot time may take longer now, as OpenWrt has more features compared to the default firmware.
To start configuring, you need to establish a direct Ethernet connection between your PC and the router, OpenWrt acts as a DHCP server and configures your PC’s Ethernet adapter as a DHCP client.
On Fedora Linux, to activate DHCP client mode on your network adapter, you first need to find out the UUID of the connection by running:
$ nmcli connection show
NAME UUID TYPE DEVICE
Wired Conn 1 7a96b...27a ethernet ens33
virbr0 360a0...673 bridge virbr0
testwifi 2e865...ee8 wifi --
virbr0 bd487...227 bridge --
Wired Conn 2 16b23...7ba ethernet --
Select the UUID of the connection you want to modify and then run:
$ nmcli connection modify <UUID> ipv4.method auto
You can find more information about these commands in the Fedora Networking Wiki.
After connecting to the router, open a web browser and navigate to http://openwrt/. Now you should see the LuCI login manager:
LuCI Login
Use root
as the username and leave the password blank.
Configuring WiFi and Routing
To configure your WiFi antennas, click on the “Network” menu and select “Wireless”.
LuCI Wireless Configuration
On my device, the upper antenna radio0
operates in 2.4GHz mode and connects to a local access point named MOBILE-INTERNET
. The lower antenna radio1
operates in 5GHz, with a related access point, SSID OpenWrt_AV
. By clicking the “Edit” button, you can open the device configuration to decide whether the device belongs to the LAN or WWAN network. In my case, the access point OpenWrt_AV
belongs to the LAN network, and the client connection MOBILE-INTERNET
belongs to the WWAN network.
LuCI Configuration Screen
The configured networks are listed under the “Interfaces” panel in the “Network” section.
Device List
To achieve the functionality I want, network traffic must be routed between the LAN and WWAN networks. Routing can be configured in the “Network” panel under the “Firewall” section. I did not make any changes here because, by default, traffic between networks is routed, and incoming packets (from WWAN to LAN) must pass through the firewall.
Firewall Settings
Therefore, you need to know whether an interface belongs to LAN or (W)WAN. This concept makes it relatively easy to configure, especially for beginners. You can find more information in the OpenWrt Networking Basics guide.
Captive Portal
Public WiFi access points are often protected by a captive portal, where you must enter an access code or similar code. Typically, this portal appears when you first connect to the access point and try to open any webpage. This mechanism is implemented by the access point’s DNS server.
By default, OpenWrt activates a security feature that prevents connected clients from being affected by DNS rebinding attacks. OpenWrt’s rebinding protection also prevents captive portals from being forwarded to clients, so you must disable rebinding protection in order to reach the captive portal. This option is found in the “Network” menu under the “DHCP and DNS” panel.
Try OpenWrt
Since upgrading to OpenWrt, I have a flexible travel router based on commodity hardware. OpenWrt gives your router complete configurability and extensibility, and due to its well-crafted web GUI, it is also beginner-friendly. Some selected routers even come with OpenWrt pre-installed from the factory. You can also enhance your router’s functionality with many available packages. For example, I am using the vsftp FTP server to host some movies and TV shows on a connected USB drive. Check out the project homepage, where you can find many reasons to switch to OpenWrt.
Images courtesy of: Stephan Avenwedde, CC BY-SA 4.0
via: https://opensource.com/article/22/7/openwrt-open-source-firmware
Author: Stephan Avenwedde Edited by: lkxed Translated by: wxy Proofread by: wxy
This article is originally compiled by LCTT and honored by Linux China
|