<p>
OpenWrt is an operating system for network routers.
</p>
<p>
I use OpenWrt because <strong>my network</strong> at home <strong>is my privacy</strong>.
</p>
<h3>Contents</h3>
<ul>
<li><a href="#prerequisites">Prerequisites</a></li>
<li><a href="#install">Installation</a></li>
<li><a href="#config">Configuration</a>
<ul>
<li><a href="#config_internet">Internet Access</a></li>
<li><a href="#config_system">System Properties</a></li>
<li><a href="#config_wireless">Wireless Access Point</a></li>
</ul>
</li>
<li><a href="#pkgmgmt">Package Management</a></li>
<li><a href="#ddns">Dynamic DNS</a>
<ul>
<li><a href="#ddns_pkgs">Packages</a></li>
<li><a href="#ddns_config">Configuration</a></li>
</ul>
</li>
<li><a href="#firewall">Firewall</a>
<ul>
<li><a href="#firewall_pkgs">Packages</a></li>
<li><a href="#firewall_config">Configuration</a></li>
</ul>
</li>
<li><a href="#wol">Wake on LAN</a>
<ul>
<li><a href="#wol_pkgs">Packages</a></li>
</ul>
</li>
<li><a href="#mon">Network Monitoring</a>
<ul>
<li><a href="#mon_pkgs">Packages</a></li>
</ul>
</li>
<li><a href="#hardware">Hardware</a></li>
<li><a href="#links">External Links</a></li>
</ul>
<h3 id="prerequisites">Prerequisites</h3>
<ul>
<li>Modem in single-user (SU) mode or bridge mode</li>
<li>Router that is supported by OpenWrt</li>
</ul>
<h3 id="install">Installation</h3>
<ol>
<li>Download the OpenWrt firmware for your router:<br />
<a href="https://openwrt.org/toh/views/toh_fwdownload" target="_blank">
https://openwrt.org/toh/views/toh_fwdownload</a><br />
If the firmware of the original vendor is installed on the router,<br />
the column "Firmware OpenWrt Install URL" shows the required firmware.</li>
<li>Flash the firmware:<br />
Open the web interface of your router (usually <a href="http://192.168.1.1/" target="_blank">http://192.168.1.1/</a>)<br />
and select the previously downloaded firmware for installation.<br />
The installation takes a few minutes.</li>
<li>Set a password:<br />
Open the web interface of your newly installed firmware (<a href="http://192.168.1.1/" target="_blank">http://192.168.1.1/</a>).<br />
The option <em>Administration</em> under <em>System</em> allows you to set a router password.<br />
If a password is set, login via SSH is possible.</li>
</ol>
<h3 id="config">Configuration</h3>
<p>
The web interface <em>LuCI</em> is used to configure OpenWrt.<br />
Configuration files are stored in the directory <code class="filename">/etc/config/</code>.<br />
These files can also be edited with an editor over SSH.
</p>
<h4 id="config_internet">Internet Access</h4>
<p>
Select <em>Interfaces</em> under <em>Network</em> to edit the <em>WAN</em> interface.
</p>
<p>
Protocols like <em>PPPoE</em> (for VDSL) or <em>DHCP</em> work out of the box.<br />
Support for other protocols can be added by installing additional packages.
</p>
<p>
To use a <strong>custom DNS server</strong> (like Google Public DNS) for name resolution,<br />
edit the following file:
</p>
<dl class="file">
<dt><code class="filename">/etc/config/network</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">config interface 'wan'
#...
option peerdns '0'
option dns '8.8.8.8'
</code></pre>
</dd>
</dl>
<h4 id="config_system">System Properties</h4>
<p>
Select <em>System</em> to set the local time and the timezone of the system.
</p>
<h4 id="config_wireless">Wireless Access Point</h4>
<p>
On a fresh installation of OpenWrt, the wireless access point is disabled.
</p>
<p>
Select <em>Wireless</em> under <em>Network</em> to setup the SSID,<br />
configure the encryption and enable the access point.
</p>
<h3 id="pkgmgmt">Package Management</h3>
<p>
Additional software can be installed using the web interface or<br />
using the command line via SSH.
</p>
<p>
The web interface <em>LuCI</em> provides a convenient way of managing software packages.<br />
Select <em>Software</em> under <em>System</em> to install additional packages.<br />
Click <em>Update lists...</em> to update the list of available packages.
</p>
<p>
The command line tool <code>opkg</code> is used as package manager.
</p>
<p>
To update the list of available packages:
</p>
<pre><code class="language-bash">opkg update</code></pre>
<p>
To install a package:
</p>
<pre><code class="language-bash">opkg install <pkg></code></pre>
<h3 id="ddns">Dynamic DNS</h3>
<p>
Common internet service providers assign IP addresses dynamically.<br />
A dynamic DNS service updates the assigned IP address automatically<br />
on a name server.
</p>
<h4 id="ddns_pkgs">Packages</h4>
<ul>
<li><a href="https://openwrt.org/packages/pkgdata/ddns-scripts" target="_blank">ddns-scripts</a></li>
<li><a href="https://openwrt.org/packages/pkgdata/luci-app-ddns" target="_blank">luci-app-ddns</a></li>
</ul>
<h4 id="ddns_config">Configuration</h4>
<dl class="file">
<dt><code class="filename">/etc/config/ddns</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">config service 'myddns_ipv4'
#...
option use_https '1'
option cacert '/etc/ssl/certs/ca-certificates.crt'
</code></pre>
</dd>
</dl>
<h3 id="firewall">Firewall</h3>
<p>
To allow SSH access from the WAN interface, the firewall needs to be configured.
</p>
<h4 id="firewall_pkgs">Packages</h4>
<ul>
<li><a href="https://openwrt.org/packages/pkgdata/iptables-mod-conntrack-extra" target="_blank">iptables-mod-conntrack-extra</a></li>
</ul>
<h4 id="firewall_config">Configuration</h4>
<p>
Select <em>Firewall</em> under <em>Network</em> to add a custom rule.<br />
Custom firewall rules are stored in the following file:
</p>
<dl class="file">
<dt><code class="filename">/etc/firewall.user</code></dt>
<dd>
<pre class="file"><code class="language-bash">iptables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --set --name SSH
iptables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
iptables -A input_wan_rule -p tcp --dport 22 -j ACCEPT
ip6tables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --set --name SSH
ip6tables -A input_wan_rule -p tcp --dport 22 -m conntrack --ctstate NEW \
-m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
ip6tables -A input_wan_rule -p tcp --dport 22 -j ACCEPT
</code></pre>
</dd>
</dl>
<h3 id="wol">Wake on LAN</h3>
<h4 id="wol_pkgs">Packages</h4>
<ul>
<li><a href="https://openwrt.org/packages/pkgdata/etherwake" target="_blank">etherwake</a></li>
<li><a href="https://openwrt.org/packages/pkgdata/luci-app-wol" target="_blank">luci-app-wol</a></li>
</ul>
<h3 id="mon">Network Monitoring</h3>
<h4 id="mon_pkgs">Packages</h4>
<ul>
<li><a href="https://openwrt.org/packages/pkgdata/nlbwmon" target="_blank">nlbwmon</a></li>
<li><a href="https://openwrt.org/packages/pkgdata/luci-app-nlbwmon" target="_blank">luci-app-nlbwmon</a><br />
</li>
</ul>
<h3 id="hardware">Hardware</h3>
<dl>
<dt>Linksys WRT3200ACM<dt>
<dd><a href="https://www.linksys.com/at/p/P-WRT3200ACM/" target="_blank">
https://www.linksys.com/at/p/P-WRT3200ACM/</a></dd>
<dt>Linksys WRT54GL<dt>
<dd><a href="https://www.linksys.com/at/support-product?pid=01t80000003K7hCAAS" target="_blank">
https://www.linksys.com/at/support-product?pid=01t80000003K7hCAAS</a></dd>
</dl>
<h3 id="links">External Links</h3>
<ul>
<li><a href="https://openwrt.org/" target="_blank">
https://openwrt.org/</a></li>
<li><a href="https://openwrt.org/toh/views/toh_standard_all" target="_blank">
https://openwrt.org/toh/views/toh_standard_all</a></li>
<li><a href="https://openwrt.org/docs/guide-user/additional-software/imagebuilder" target="_blank">
https://openwrt.org/docs/guide-user/additional-software/imagebuilder</a></li>
</ul>