26 February 2019

Everyone has a home router, whether they know it or not.

For most of us, our router is the DSL / Cable / Fiber “box” given to us by our ISP.

You can, of course, add your own home router in between your home network and your ISP’s box. This provides an extra level of safety – among other things.

Those of us who are a bit more techie (and crazy) like to roll our own router. There are many reasons for this, not the least of which is security.

Unfortunately, not all routers are created equal, even when they’re “created” by you!

OpenWrt

OpenWrt is an open source project that provides linux-based router firmware that you can flash on a whole variety of easily available home routers.

The idea is that you flash your home router with their firmware, configure the living bejeebies out of it, and BOOYAH!  There is even a nice web interface with all sorts of packages available.

Want your router to be a print server, or NAS, or a media streaming server, or a seriously powerful firewall, or… whatever? No problem! There’s a package for that.

You’ve got a pretty sweet router that does everything you want – usually far better than the stock firmware.

One of the primary reasons to use OpenWrt is that home routers very rarely get firmware updates. You may have read news stories about security holes in home routers (both WiFi and wired). These things generally are about as leak-proof as a colander.

With OpenWrt, you’re basically guaranteed updates several times a year.

Having said that…

Installing OpenWrt and configuring it is NOT for the faint of heart. You need to be ready to read a lot, play a lot, and you will have to SSH in to the router and play Linux Command Line Commando.

So, if you don’t know how to do any of that, get ready to learn – like, A LOT – or just stick with your home router.

The other problem is that while the OpenWrt docs are filled with info, I have never found an easy guide to installing and configuring it – mostly because the process is simply not easy or quick.

The most thorough how-to guide still won’t tell you everything you need to know. You’re gonna have to get your hands dirty, I’m afraid.

Why I use OpenWrt

Well, that’s easy: because I have 4 internet connections and I need to load-balance them. That’s what happens when you live in the boonies.

Also, added security is nice.

Thing is, there are a handful of multi-WAN load-balancing home / small office routers out there, but even fewer that support 4 WAN (internet) connections. The TP-Link TL-480T+ is one of them:

Since that particular router is not very good at load balancing, I needed something with a bit more power. OpenWRT fit the bill quite nicely because of it’s mwan3 and sqm packages.

These packages are the Load Balancing and the Smart Queue Management (aka traffic shaping) that route packets very intelligently (if properly configured) so that 4 slower internet connections feel like 1 fast one.

In other words, you can take a powerful home router that does not have multi-WAN capability and turn it into a customized, multi-WAN, nice and secure custom router!

Even if you don’t have multiple WAN connections, a custom router can still save the day if you have, say, crazy children downloading god-knows-what 24 hours a day via file sharing methods that are saturating your router.

With OpenWrt, you can monitor traffic, see what puters on your LAN are using what ports/protocols, and create rules to throttle that pesky traffic so that others get a chance to play with the internet, too.

I actually suspect that many of the problems people have with their ISP boxes “not working” are quite simply those simplistic boxes/routers being overwhelmed by too many download connections of the ‘wrong’ kind.

For example, Mega downloads can quickly saturate a router with UDP packets as the service tries to open as many download streams as possible. One person is VERY happy with the their fast download speed, while everyone else in the house is crying and whining that Instagram won’t load. Ah, the internet…

Which router to pick for OpenWrt?

That’s easy.

Just buy the Linksys WRT1900ACS:

Why? Well, it’s not cheap at $159, but it’s one of the fastest routers out there that has plenty of processing power, more than enough RAM for most tasks, and I’ve had one for years without a single problem.

It’s also fully supported by OpenWrt, which is nice.

It also happens to have a “double firmware” so that if you have a problem, you can perform a Secret Reset Trick that will revert back to the previous firmware version + configuration. Very handy when monkeying with OpenWRT and you happen to brick the device… Ahem.

Did I mention that this kind of thing isn’t for beginners? 😉

By the way, remove the antennas on the Linksys and deactivate WiFi in OpenWrt, and you’ve got a nice wired, RF-free router! That’s what I did.

A word about the Turris line of routers

Ah yes, the Turris Omnia… Created by the wizards at CZ.NIC, the Omnia is an open source router that you used to be able to pick up on Amazon for the low price of $250-300.

Apparently, it’s no longer for sale, and that’s a good thing. It appears it will soon be replaced by the Turris MOX.

I grabbed one of these (the 1GB non-WiFi version) from Amazon.fr just under one year ago for 229€ because it looked truly awesome.

CZ.NIC is the originator of the Knot DNS server, which is a big thing. These are some smart people. So, when I saw they had created a router that was open source, complete with a custom version of OpenWrt that they provided regular automatic updates to, I was sold!

OpenWrt doesn’t have auto-updates. When a new version is released, you have to flash your router again and generally reconfig everything. It’s not easy.

For 8 months, the Turris Omnia was great. Then, on December 18, 2018, disaster struck.

Long story short, Turris OS 3.11 was released around December 10th. My Omnia grabbed the update roughly 1 week later… and it totally stopped working. As of 2+ months later, the problem has still not been resolved by further updates. I won’t go into painful detail, but it involves the mwan3 package for multi-WAN load balancing.

Worse yet, the auto-update feature turns itself back on even when you tell it not to – which is the reason I got the Disastrous Update in the first place. It wasn’t supposed to auto-update, because I told it not to. Two strikes in 1 day!

I realize these projects are open source, but I also paid 229€ for the device, so I expect things to be tested adequately. I do NOT expect to be told by the support people that I should contribute to their open source project and make it better when I make a very valid complaint.

That was Strike #3, because this was an expensive device sold on Amazon.fr as, “The open-source center of your home.” This was NOT a crowd-funded beta device – except, well, it seems it was

There is a fix for my mwan3 problem, but I can’t wait 5 days for another customer to figure it out and post it on the Turris forum (perhaps the good employees of CZ.NIC were already on Christmas Holiday). I also couldn’t figure it out myself, because the Omnia’s “reset to previous configuration” feature didn’t work at all, either. And no, I absolutely did not accidentally do a full “factory reset”.

I wasn’t about to start from my Omnia’s now “fresh out of the box” state, reinstall everything, restore my config (I had backups), and debug. I needed a functioning router 5 hours earlier when it died. That was Strike #4, and you only get 3 strikes.

So, do not be tempted to go with any of their routers. The Turris MOX may look cool, but fuhgeddaboudit. Even my old TP-Link TL-480T+ was more reliable (for years) than the Turris Omnia!!

Get a Linksys, stick OpenWrt on it, and do the hard work yourself. Start with the OpenWrt Quick Start Guide.

It’s worth it in the end!

Get Scottie Stuff!
Roll your own Router with OpenWrt – but not with a Turris
Tagged on:                     

16 thoughts on “Roll your own Router with OpenWrt – but not with a Turris

  • 27 February 2019 at 19:19
    Permalink

    Interesting, thanks. I have just “upgraded” my broadband connection to “Fibre”. I use quotes because I’m not sure it is actually much better and doesn’t seem like the whizz bang access I was expecting. It uses a different rooter which is fairly nondescript and just slightly wider than the previous one. I did look online for a new rooter thinking that would be a good idea and found: UBIQUITI Networks ERLITE ERLite-3 Edge Router https://www.amazon.co.uk/dp/B00HXT8EKE/?coliid=IG9Z7EAGF5HVP&colid=961XPRRGUZCL&psc=0&ref_=lv_ov_lig_dp_it I just wonder if you would have any thoughts on that item or whether, as you write, the Linksys WRT1900ACS: would be the best bet?

    Reply
    • 28 March 2019 at 17:47
      Permalink

      Gigabit fiber is really disruptive. For many years, routers were fast enough for the pathetic Internet connections available in the UK. Then gigabit came along, and I had to get all-new routers. The core problem is that most router CPUs are too slow to process gigabit routing.

      Ubiquiti truly despises the GPL, so their solution uses fellow-GPL-disrespector Cavium’s proprietary CPU-offload tech to achieve gigabit routing on a dual-core 500 MHz MIPS64r2. You may be able to install OpenWRT on the ERLite-3, but you can’t get anything more than about 200 Mbps.

      The WRT1900ACS and Turris Omnia both have dual-core 1.6 GHz ARM Cortex-A9 with Marvell’s bountiful I/O. That’s fast enough for gigabit, for now.

      I value the Omnia for its auto-update functionality, but I’m conscious that being able to auto-update means not straying too far from what its default configuration can do, and sometimes having to intervene when an update breaks something. Such as recently when they changed the DNS-over-TLS configuration in a backwards-incompatible way.

      Reply
      • 29 March 2019 at 11:23
        Permalink

        Great to hear your thoughts. I do now have this Linksys rooter but I’ll be honest and say I haven’t got a clue how to use it. So I’ve reverted back to the piece of plastic provided by PlusNet 🙁 I don’t think I could work out how to install any software onto it, thinking i needed to update it.

        Reply
    • 29 April 2019 at 21:18
      Permalink

      Pleased to report that I now am using the Lynksis router.
      I asked the local telecoms engineer who was trying to fix my phone line and he suggested that to make the rooter work I could plug it straight “on top of” the rooter from PlusNet. I didn’t think of that at the time but now I have plugged it on top it works fine.
      Today I was pleased to access the admin panel and disable the wifi.
      I haven’t yet tried to install the OpenWrt. I think I’ll need to read your article again and think of a good reason why I actually need to use it. At the moment I am really only using a laptop and Grandstream Voip phone. So pretty low traffic but enjoying the process. 🙂

      Reply
  • 28 March 2019 at 18:16
    Permalink

    I was using OpenWRT for a long time before and it’s a great piece of software. But couple of years time ago I needed Ethernet-only router and bought Mikrotik 750GL. It was a real beast for mere 60 bucks. It runs so powerful software that you can do almost everything you ever want from a router, even virtual routers/machines https://wiki.mikrotik.com/wiki/Manual:Metarouter . It’s not open source though, but you still can flash OpenWRT into it.

    Right now I have an upgraded version called hEX https://mikrotik.com/product/RB750Gr3, and it’s even more powerful. Check out specks. OpenWRT support is there too, but it didn’t make it into latest release https://openwrt.org/toh/mikrotik/mikrotik_rb750gr3

    I hope you find this information useful. Cheers!

    Reply
  • 6 April 2019 at 08:45
    Permalink

    I’m sure you’re right, except I want to support open source even if it’s less polished then proprietary counterparts. Without our money the open source hardware will never be as good and you’ll be paying premiun for flashy looking routers. My recommendation: if you can afford it and you don’t run mission critical stuff on it – buy it. I just got turris omnia and the first impression is very good.

    Reply
  • 7 April 2019 at 16:41
    Permalink

    I am a little confused… do you not use Goldenorb Openwrt for Turris omnia? I have a Turris Omnia with the firmware downloaded from Of ModemsandMen.com … I have Mwan3 running on 2 LTE Modems . The latest FW was 3/10/19… It does not auto update. You are 100% correct that this is a steep learning curve… but I am getting better at it… While I have no issues with auto updates or a bad FW version. I am still having the challenge of getting my Wan connection right. I think really this issue is how I have thing physically set up. As mentioned, I have 2 LTE modems, but on the WAN port, I have ATT Uverse dls/ethernet I wan to add… when I assign a static IP to the WAN port which is the ATT router gateway and activate it. It does all kinds of strange things… Sometimes it works, sometime it make my internet intermittent, sometimes it kills it.. I can load balance or not and it doesn’t seem to matter… I did, once however, get all 3 working and had almost triple speed of what each can provide, but then it went wonky again. Funny thing is, I have to assign static, it does not get a DHCP even though the ATT has it set up…. Sorry to hijack, just thinking out loud… but I think you should try the Goldenorb… if you still have issues, maybe something hardware wrong.

    Reply
    • 23 May 2019 at 06:42
      Permalink

      Hi, also using a turris with broken mwan3 and interested in using Golden orb. The only question is. How did you flash it, there’s no fw upload in luci or foris afaik. Are there any instructions somewhere?

      Reply
  • 7 April 2019 at 16:47
    Permalink

    I mis spoke.. I do not use the ATT Gateway IP, but an available IP address in the range… just to be clear

    Reply
  • 30 April 2019 at 19:03
    Permalink

    I agree; do not buy a Turris router. You’re going to be left high and dry if anything happens to the router, which warranty should cover. They’ll send it back claiming you did physical damage to it by drilling holes in the case. I kid you not and speak from experience. CZ.NIC is now on my do-not-ever-buy-from list.

    Reply
  • 6 May 2019 at 01:19
    Permalink

    ” flash your router again and generally reconfig everything. It’s not easy.”

    Oh, that’s more an OpenWRT thing. They *used* to support saving config parameters in space that wasn’t munged with updates. Then they stopped, claiming no one cared.

    Looks like we still care. Just, blame the people who did it.

    Reply
    • 6 May 2019 at 10:09
      Permalink

      That’s what I mean. With OpenWrt, it was more difficult. With the Turris Omnia, it was supposed to be easier – and it was, for a time. Then an update went kaflooey apparently because not enough people use mwan3, so it was not thoroughly tested.

      The Turris peeps generally would respond (based on their support forum’s past posts) with something like, “Oh, well, you should contribute. We’re open source!”

      To which I would reply: “I paid way too much money for a router that I have to fix myself.”

      Open Source is not an excuse to make shitty software and/or to not test it enough, especially when you’re charging people money for it.

      Reply
      • 1 December 2019 at 12:29
        Permalink

        Perfectly agree with you. Unfortunately it is a bad product. I purchased Omnia version 2019 with metal gray color and Turris OS 4 pre-installed. He immediately gave me problems. I have a fiber connection and the SFP port is not compatible (then I discovered that it is compatible with the old 3.11.x branch, but it will never be compatible again with 4 or later or maybe one day). The support is zero. The answers are always very slow and mainly tend to block any discussion, without aiming at the actual resolution of the problem. OpenWRT is banned from this router, because there is also an image on the OpenWRT website, but it does nothing more than brick the device. And it is also a widely anticipated possibility. Moreover on the forum dedicated Turris woe to ask to install OpenWRT, although the router is sponsored at large as open and based on OpenWRT. Which is true, but is only supported in their super modified version which is Turris OS. Thankfully I had a Linksys WRT3200ACM, which I still happily use. Even if the wifi card drivers (since they have a closed source firmware) will no longer be updated, but as long as it goes it’s great.

        Reply
  • 6 May 2019 at 10:12
    Permalink

    BTW, my solution to this OpenWrt updating / no downtime problem was quite simple: I got a 2nd Linksys WRT1900ACS router.

    When OpenWrt is updated, I flash the new version on Router #2, re-install all needed packages, and then import the config from Router #1.

    Works like a charm and I always have a functioning router… altho I wish the WRT1900ACS was a bit cheaper. Then again, I already wasted money on the Turris Omnia, so that’s nothing new. 😛

    Since the router is being used in a small business setting, I can’t afford downtime.

    Reply
  • 8 June 2019 at 12:24
    Permalink

    i’ve only had two problems with it :
    – my isp had to enable an individual config to make the sfp connection work, due to some incompatibility
    – at one time it stopped upgrading, so i had to ssh into it and force update. lots of wierd error messages, but it worked. and autoupdate has worked ever since.

    however it’s clear that the omnia isn’t for everyone.
    – i had to ssh into it. i guess this could have been resolved by factory resetting & re-configuring without any cli skills but that’s not great either.
    – sfp port may not work if the isp isn’t omnia friendly
    – it’s a custom version of openwrt, trailing it by 1-2 years, so it’s neither current (lxc 1.1.5 for instance) nor really compatible with the upstream openwrt.

    basically it’s for :
    – the linux gurus that could easily roll their own firmware images, finding and fixing bugs themselves
    – or those with common needs that want a very fast & secure router. and don’t mind waiting a year for things like openvpn, local dns resolution, working sfp port, … and be prepared that more exotic things like multi-wan may not work…

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.