We have all noticed in recent years while working remotely how
important a stable and reliable Internet connection is.
When video conferencing, remote access to the company server and
streaming are running in parallel, the connection can sometimes
come to its limits. Between the bandwidth of the connection
provided by the ISP and the transmission of the Wifi, the router
is the interface that regulates everything.
I'm not a plug and play guy (which usually doesn't work anyway), but want to know what my devices are doing and like to configure myself. Mainly related to privacy and blocking of tracking and advertising, but also to use exactly the features I want to have.
After many different routers I finally got stuck with OpenWrt. Unify has a very nice UI, but can't be configured sufficiently and intuitively in some cases, and occasionally spams telemetry data home. Setting up a VPN easily was not possible and port forwarding to the adblocker also caused problems. OPNSense is open source and offers a lot of configuration options, but it is too much for me and requires more powerful hardware.
OpenWrt as an alternative can be installed on many routers. It ran stable for a long time on my router, but the overall package was not performing well enough. A VPN connection almost halved the speed and the Wifi was not fast enough with the provided open source drivers.
I finally chose a Raspberry Pi as an alternative, but you have to set it up yourself.
Raspberry Pi 4 as OpenWrt Router
I use a Raspberry Pi 4 with 2GByte RAM as router. That is perfectly sufficient and this is currently even still available. The version 4 is preferred over the the 3B+ version, since the version 4 has a USB3 connection and a 1Gbit Ethernet port.
First of all download the image of the corresponding Raspberry Pi from the OpenWrt installation page and flash it to the SD card. It is easy with Balena Etcher The size of the SD card is 16GB.
Installation of the USB-Ethernet adapter
Since the Raspberry has only one Ethernet port, the software
must first be installed to control a USB-Ethernet adapter as a
second Ethernet port. To do this, the Raspberry has to be
connected to the current home network as a client in order to
download the necessary software via the current router. The
adjustments are reverted after the software is installed and the
Raspberry will be changed from client to router again.
Configure Raspberry as client
Insert the SD card into the Raspberry, power it up and connect the computer via Ethernet cable. Once you get an IP address you have to connect to the Raspberry via the [Terminal](https://openwrt.org/docs/guide-quick-start/sshadministration) to turn it from a router to a client. By default, the RaspiRouter can be reached via IP 192.168.1.1:
ssh root@192.168.1.1
A password does not need to be entered for a fresh installation.
Two files must be modified. Type:
vi /etc/config/dhcp
The lan interface must be adapted so that it does not hand out IP addresses. The line option ignore '1' must be added.
To edit the file press i (instert).
This is how it should look afterwards:
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv4 'server'
option leasetime '24h'
list ra_flags 'none'
option ignore '1'
Press Esc to save, then :wq (write; quit).
Next, change the Lan configuration so that it can be found on the network as a client and can access the Internet:
vi /etc/config/network
Adjust the option ipaddr '192.168.1.1' so that it uses a free IP address on the current network. Maybe 192.168.1.10? For internet access you still need to add the information for the gateway and a DNS server. Mostly the gateway is 192.168.1.1. As DNS I use here Quad9 9.9.9.9
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.10'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
option gateway '192.168.1.1'
option dns '9.9.9.9'
After saving the changes, restart the Raspberry with:
reboot
and connect it to the current home network via Ethernet cable. Connect the computer to the network and access the Raspberry under the just changed IP address in the browser via Luci.
Log in without password.
Change this now or later via:
System --> Administration --> Router Password
Note: Adding the gateway and also the DNS is mandatory, otherwise the Raspberry will not be able to access the internet. I have experienced that if the DNS is omitted, the names cannot be resolved, even if the primary router has a DNS configured.
Installation of required drivers
After you can access the Raspberry via Luci you have to update
the software list first:
System --> Software --> Update lists....
Now find out the appropriate driver of the USB Ethernet adapter and install it. I found the information in the manufacturer's specifications on the Internet. My adapter has a Realtek 8153 chip. The following driver works with it:
kmod-usb-net-rtl8152
Install
Creating and configuring the second LAN port (Internet)
The driver is installed and now the USB Ethernet adapter can be installed and configured as the second Ethernet port. I have configured this adapter as WAN connection.
Network --> Interfaces --> Add new Interface
Apply the shown settings here.
Create the interface with Create Interface.
Then set the firewall zone to wan:
Save
Do not forget to save the changes to take effect:
Save and Apply
Use as Router
The Raspberry now has two RJ45 Ethernet ports. The USB adapter is connected to the internet (WAN) and the other one leads to the internal network (LAN).
However, the Raspberry is still a client, which you have to undo via the terminal again. Everything that was configured above under Configure Raspberry as Client must now be deleted again.
ssh root@192.168.1.10 (enter the IP address of the LAN here)
Possibly enter the changed password.
vi /etc/config/dhcp
Delete the line option ignore '1' again and then save it
vi /etc/config/network
Change the IP address again to 192.168.1.1 and delete the lines
for gateway and DNS.
It needs to look like this:
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
Note: You can also make the changes under Luci. However, if you change the IP address of the LAN port under Luci, you must access this new IP address quickly after the change, otherwise the old IP address will be adopted after some time. Therefore it is easier to undo the changes via the terminal.
Now the RaspiRouter is ready for use
Connect the WAN port to the modem. This is ideally in bridge
mode.
Connect the LAN port to the computer and access the router via
192.168.1.1.
If everything worked, the router should now receive an IP address of the modem via the WAN port. For me it looks like this:
As it is, the Raspberry doesn't need much configuration. It runs pretty secure, fast and stable. Of course it is worth to configure and install some additional software for such a powerfull router.
Wifi? Really....?
I didn't even turn on the Wifi of the RaspiRouter. It's not
really suitable to provide multiple devices in parallel with
enough bandwidth and there is only one interface, which is
either in the 2.4 or 5Ghz band.
I bought another access point from my trusted electronics
retailer. There are quite many with multiple antennas and Wifi
6. So you are best set up for the near future and a large IoT
network with separate VLANs.
Speedtest
Here are a few examples of how fast the RaspiRouter can be.
Measured on a Vodafone cable connection with 1Gbit/50Mbit
With Kabel with Wireguard VPN
Wifi
Wifi with Wireguard VPN