12 KiB
OpenWrt, an open source alternative to firmware for home routers
OpenWrt is a Linux-based, open source operating system targeting embedded network devices.
If you're reading this article from home, you are probably connected with a LTE/5G/DSL/WIFI router. Such devices are usually responsible to route packets between your local devices (smartphone, PC, TV, and so on) and provide access to the world wide web through a built-in modem. Your router at home has most likely a web-based interface for configuration purposes. Such interfaces are often oversimplified as they are made for casual users.
If you want more configuration options, but don't want to spend for a professional device you should take a look at an alternative firmware such as OpenWrt.
OpenWrt features
OpenWrt is a Linux-based, open source operating system targeting embedded network devices. It is mainly used as a replacement for the original firmware on home routers of all kinds. OpenWrt comes with all the useful features a good router should have like a DNS server (dnsmasq), Wifi access point and client functionality, PPP protocol for modem functionality and, unlike with the standard firmware, everything is fully configurable.
LuCI Web Interface
OpenWrt can be configured remotely by command line (SSH) or using LuCI, a GUI configuration interface. LuCI is a lightweight, extensible web GUI written in Lua, which enables an exact configuration of your device. Besides configuration, LuCI provides a lot of additional information like real time graphs, system logs, and network diagnostics.
Image by: Stephan Avenwedde, CC BY-SA
There are some optional extensions available for LuCI to add even further configuration choices.
Writeable file system
Another highlight is the writeable filesystem. While the stock firmware is usually read-only, OpenWrt comes with a writeable filesystem thanks to a clever solution that combines OverlayFS with SquashFS and JFFS2 filesystems to allow installation of packages to enhance functionality. Find more information about the file system architecture in the OpenWrt documentation.
Extensions
OpenWrt has an associated package manager, opkg, which allows to install additional services. Some examples are an FTP server, a DLNA media server, an OpenVPN server, a Samba server to enable file sharing, or Asterisk (software to control telephone calls). Of course, some extensions require appropriate resources of the underlying hardware.
Motivation
You might wonder why you should try to replace a router manufacture's firmware, risking irreparable damage to your device and loss of warranty. If your device works the way you want, then you probably shouldn’t. Never touch a running system! But if you want to enhance functionality, or if your device is lacking configuration options, then you should check whether OpenWrt could be a remedy.
In my case, I wanted a travel router which I can place on an appropriate position when I’m on a campsite in order to get a good connection to the local Wifi access point. The router should connect itself as an ordinary client and broadcasts it’s own access point for my devices. This allows me to configure all my devices to connect with the routers access points and I only have to change the routers client connection when I’m somewhere else. Moreover, on some campsites you only get an access code for one single device, which I can enhance with this setup.
As my travel router, I choose the TP-Link TL-WR902AC for the following reasons:
- Small
- Two Wifi antennas
- 5V power supply (USB)
- Low power consumption
- Cost effective (you get it for around $30)
To get an idea of the size, here it is next to a Raspberry Pi4:
Image by: Stephan Avenwedde, [CC BY-SA 4.0][11]
Even though the router brings all hardware capabilities I demand, I relatively quickly found out that the default firmware don’t let me configure it the way I wanted. The router is mainly intended as an Wifi access point, which repeats an existing Wifi network or connects itself to the web over the onboard Ethernet interface. The default firmware is very limited for these use cases.
Fortunately, the router is capable of running OpenWrt, so I decided to replace the original firmware with it.
Installation
When your LTE/5G/DSL/WIFI router meets the minimum requirements, chances are high that it's possible to run OpenWrt on it. As the next step, you look in the hardware table and check whether your devices is listed as compatible, and which firmware package you have to choose. The page for the TP-Link TL-WR902AC also includes the installation instructions which describe how to flash the internal memory.
The process of flashing the firmware can vary between different devices, so I won’t go into detail on this. In a nutshell, I had to connect the device over a TFTP server on a network interface with a certain IP address, rename the OpenWrt firmware file and then boot up the device considering pressing the reset button.
Configuration
Once flashing was successfully, your device should now boot up with the new firmware. It may take a bit longer now to boot up as OpenWrt comes with much more features compared to the default firmware.
OpenWrt acts as a DHCP server, so in order to begin with configuration, make a direct Ethernet connection between your PC and the router, and configure your PC’s Ethernet adapter as a DHCP client.
On Fedora Linux, to activate the DHCP client mode for your network adapter, first you have to find out the connection UUID by running:
$ nmcli connection show
NAME UUID TYPE DEVICE
Wired Conn 1 7a96b...27a ethernet ens33
virbr0 360a0...673 bridge virbr0
testwifi 2e865...ee8 wifi --
virbr0 bd487...227 bridge --
Wired Conn 2 16b23...7ba ethernet --
Pick the UUID for the connection you want to modify and then run:
$ nmcli connection modify <UUID> ipv4.method auto
You can find more information about these commands in the Fedora Networking Wiki.
After you have a connection to your router, open a web browser and navigate to http://openwrt/. You should now see LuCI’s login manager:
Use root as the username, and leave the password field blank.
Configuring Wifi and routing
To configure your Wifi antennas, click on the Network menu and select Wireless.
On my device, the antenna radio0 on top operates in 2.4 GHz mode and is connected to the local access point called MOBILE-INTERNET. The antenna radio1 below operates at 5 GHz and has an associated access point with the SSID OpenWrt_AV. With a click of the Editbutton, you can open the device configuration to decide whether the device belongs to the LAN or WWAN network. In my case, the access point OpenWrt_AV belongs to the LAN network and the client connection MOBILE-INTERNET belongs to the WWAN network.
Configured networks are listed under Network, in the Interfaces panel.
In order to get the functionality I want, network traffic must be routed between the LAN and the WWAN network. The routing can be configured in the Firewall section of the Network panel. I didn’t change anything here because, by default, the traffic is routed between the networks, and incoming packets (from WWAN to LAN) have to pass the firewall.
So all you need to know is whether an interface belongs to LAN or (W)WAN. This concept makes it relatively easy to configure, especially for beginners. You can find more information in OpenWrt’s basic networking guide.
Captive portals
Public Wifi access points are often protected by a captive portal where you have to enter an access code or similar. Usually, such portals show up when you are first connected to the access point and try to open an arbitrary web page. This mechanism is realized by the access point's DNS server.
By default, OpenWrt has a security feature activated that prevents connected clients from a DNS rebinding attack. OpenWrt’s rebind protection also prevents captive portals from being forwarded to clients, so you must disable rebind protection so you can reach captive portals. This option is in the DHCP and DNS panel of the Network menu.
Try OpenWrt
Thanks to an upgrade to OpenWrt, I got a flexible travel router based on commodity hardware. OpenWrt makes your router fully configurable and extensible and, thanks to the well-made web GUI, it's also appropriate for beginners. There are even a few select routers that ship with OpenWrt already installed. You are also able to enhance your router's functionality with lots of available packages. For example, I’m using the vsftp FTP server to host some movies and TV series on a connected USB stick. Take a look at the projects homepage, where you can find many reasons to switch to OpenWrt.
Image by: Stephan Avenwedde, CC BY-SA 4.0
via: https://opensource.com/article/22/7/openwrt-open-source-firmware
作者:Stephan Avenwedde 选题:lkxed 译者:译者ID 校对:校对者ID