OpenWRT
OpenWRT is a free and open source Linux based operating system for embedded devices such as routers. It is mainly used to increase the router's performance and security as compared to the default firmware that comes pre-installed with the router.
OpenWRT currently supports about 2000 router models. The complete list of routers that support OpenWRT can be found here. Alternatively, with OpenWRT you can also build your own router on an old PC, Raspberry Pi, VM or any hardware that is based on x86 architecture.
Benefits of using OpenWRT
Reduce latency and increase network throughput. OpenWRT reduces Bufferbloat (high latency caused due to excess buffering of packets) using Smart Queue Management(SQM), resulting in consistent latency even under high load.
Increased security. There are no hidden backdoors left by hardware vendors. When security vulnerabilities are found, firmware updates are soon released to fix them. While many commercial vendors only provide updates to the newest hardware models, OpenWRT keeps supporting updates to all routers unless the RAM/Flash storage cannot accommodate the size of the new release.
Less attack vector. The default OpenWRT configuration provides full internet connectivity without exposing the router or any connected devices to attacks.
AdBlock directly on the router. Ads/abuse domains can be blocked directly on the router, thus preventing all connected devices from connecting to those servers. AdBlock need not be installed on individual devices.
Setup a VPN client or VPN server on the router. Setting up a VPN client on the router allows all connected devices to access the internet through a VPN, thus preventing your ISP from snooping on your internet activity. Setting up a VPN server allows you to connect to your home router from a different network when you're away and access resources on the home network, such as shared storage, Network Attached Storage (NAS), Plex server, printer etc.
Secure DNS. OpenWRT supports DNS over HTTPS and allows you to select any DNS server, preventing your ISP from snooping on your DNS requests by using their own DNS server. By using public DNS providers, you can escape DNS-based content filters and internet censorship from your ISP. Encrypted DNS over HTTPS prevents DNS leaks and DNS hijacking. You can force connected devices with hard-coded DNS servers to use your router's DNS to protect DNS traffic.
Create a guest network. You can create a separate wireless network for guests to use. This allows them to access the internet via your router, but blocks them from accessing the devices on your network. Also, you need not share your router's main password with guests.
Prioritize traffic with QOS. OpenWRT allows you to prioritize certain type of traffic or prioritize traffic going to specific devices and deprioritize going to other devices. For instance, you could give the highest priority to video streaming or gaming over web surfing, or give the highest priority to a work computer over mobile devices.
Monitor your network in real time. It allows real time access to all connected devices, and you can log all packets travelling through your router and analyze them using Wireshark.
Time restriction and parental controls. With time restrictions, you can block internet access for certain devices on week days during specific time intervals. Parental control allows you to restrict access to certain web pages.
This is by far not a complete list of all the benefits of OpenWRT. OpenWrt provides more than 3000 packages ready to be installed, unlike vendor firmware that ships with a limited set of capabilities.
Installing OpenWRT
Here is an example for installing OpenWRT on a TP-Link Archer A9 AC 1900 v6 router.
TP-Link Archer A9 AC 1900 v6
Before installing OpenWRT, it is recommended to download the original firmware of your router. For TP-Link users: https://www.tp-link.com/us/support/download/.
Next, download the OpenWRT firmware for the corresponding router and the right version from Table of Hardware by navigating to the corresponding tech data page and downloading files corresponding to "Firmware OpenWrt Install URL" and "Firmware OpenWrt Upgrade URL".
Connect your laptop to the router using an ethernet cable and make sure that the Wi-Fi is turned off on the laptop.
Login to your router's portal. Normally: http://192.168.1.1. Select firmware upgrade option and upload the recently downloaded '...factory.bin' file.
TP-Link portal
Wait for the firmware to be installed.
Once the firmware installation is complete, the browser should be automatically redirected to http://192.168.1.1 OpenWRT portal.
OpenWRT GUI login screenLogin using username:root and Password:(empty).
OpenWRT is now installed.
OpenWRT GUI dashboard
Terminal vs GUI
You can access OpenWRT portal by using the GUI by connecting to http://192.168.1.1
. Luci
is the graphical user interface for OpenWRT. Alternatively, you can configure OpenWRT from the terminal using ssh.
ssh [email protected]
OpenWRT in Terminal
Post install
Set password
Set a strong password for OpenWRT portal. Password can be set by navigating to System->Administration.
Set new password
Update OpenWRT firmware
Navigate to System->Flash Firmware and upload the "...sysupgrade.bin" file on the 'Flash new image' field. The router firmware should update to the latest version and reboot.
Update OpenWRT firmware
Enable Wi-Fi
By default, Wi-Fi is disabled on OpenWRT due to security reasons. You can enable it by navigating to Network->Wireless. Dual band routers can have two radios, one for each band that needs to be configured individually.
Enable Wi-Fi on router
Click on edit. Enter the desired Wi-Fi name on ESSID field. Navigate to Wireless Security tab. Choose desired encryption type, cipher, and enter a new password in the 'key' field.
Wi-Fi configuration
Click save and apply.
Wi-Fi should now be available and can be connected using the entered Wi-Fi name and password.
Plugins and add-ons
- Adblock: Adblock using plugins
adblock
andluci-app-adblock
.
Adblock in OpenWRT
- Encrypted DNS: DNS over HTTPS with plugins
dnsmasq
andhttps-dns-proxy
. Or DNS over TLS with pluginunbound
.
DNS over HTTPS
- VPN: OpenVPN client using plugins
openvpn-openssl
andluci-app-openvpn
.
NordVPN on OpenWRT
- VPN-Split-tunneling: Enable split tunneling with VPN with plugins
vpn-policy-routing
andluci-app-vpn-ploicy-routing
.
VPN split tunneling, policy-based routing
- Statistics: View real time statistics using plugin
luci-app-statistics
.
Statistics of router
Happy hacking!