OpenWRT makes routers on steroids
OpenWrt is a linux distribution that lacks most of the desktop software and programs that require such functionality. This is normal because it mainly targets devices without video output which are used for networking. Such devices can be dedicated computers for routing or these plastic covered routers everybody should know or have by 2019. As with any other linux distribution OpenWrt has a release history, different versions, constant development etc. The fact it can power up your own home router is amazing at its own. There are like 3 obvious ways to get OpenWrt: their download section by either selecting 1 stable release or 2 development snapshot, the third option is a bit more coplex but I believe its benefits far outweigh the trouble – building is from source with the added educational experience bonus.
Let’s say we’ve downloaded a stable release for the model of our router (it’s important to match the model – things won’t work smoothly otherwise). Going to the router web interface (e.g. tp-link green and white admin page) upgrading the firmware and selecting the openwrt file should be the entire process of converting a device to openwrt. Now what – you can configure it to your liking – hostname, timezone, led configuration, scheduled tasks, wired and wireless devices config, firewall, port forwarding and even option to provide custom iptables rules to the firewall – just to name a few 🙂 This is the standard pack – when you buy a card the lowest price of the model is the standard. Flashing openwrt on a device just gets you “standard”. Unlike buying vehicles OpenWrt is free and so is extending it to a routing powerhouse. The only real limitation would be the router hardware itself.
Functionality in this “standard” OpenWrt setup could be extended with the help of simply adding additional software. It’s not like you’ll have to search for it on the moon – most of it is conveniently packaged and waiting patiently to be downloaded and (ab)used. For example if we want to block ads early on the “router” segment and the having “adfree lan” networking experience then we install the “abblock” package and in case of a really low powered router (slow cpu, tiny amout of ram, pathetic flash memory) we could consider the “simple adblock” package – that’s what grateful people call flexibility. Another example is the vpn wide selection of packages – provided the routing device is powerful enough to handle encryption of traffic then running a vpn server on it is a piece of cake when using OpenWrt. The web interface is called LuCi and it supports https just in case someone in the local network is smart enough to sniff for credentials – that’s a neat extra on a budget device. Adblock and vpn are maybe half a percent of the packages in the OpenWrt distro – other striking examples are wpad-mesh – this is a wifi management package with supports “sae” wpa3 way of encryption. Various download manages, samba file server, nfs file server, dnscrypt proxy or dns over https – for using more secure dns functionality. Wifi schedule – turn the wifi unhealthy radiation off in the hours when it’s not needed. Various dns options, dns servers, web servers, sql server and php interpreter, these combinations are often called LAMP or LEMP stack. TOR as a great piece of software has also found its well deserved place in OpenWRT packages.
If your router has some usb ports and you have some cool usb devices that would like to attach to it for 24/7 online availability there’s 99% chance there will be a kernel module (driver) for the specific device. Sadly, this cannot be said for most of the “stock” router firmwares.
Exploring the huge and wonderful OpenWrt package collection is a joy I won’t steal from you. So in conclusion I’d like to very honorably mention one package I miss in OpenWrt. It is dnscrypt proxy V2. OpenWrt has the old dnscrypt proxy and “dns-over-https” packages which I’ve used and they “just work”. Once I tried the dnscrypt proxy 2 I simply refused to go back to “packaged alternatives”. Installing dnscrypt proxy V2 on OpenWrt for the best encrypted dns experience to day is not hard but involves couple of steps (could be irritating if you flash OpenWrt often). The smart linux admin would bash script locally the manual installation steps in a more automatic procedure. Another good tip when using any dns encryption technique on a router is to “hijack/intercept/force” no matter the naming the dns traffic from lan devices through the router “safe” dns servers. This is done with by activating an extra firewall rule.