OpenWRT - my setup
For my home network I use a router with OpenWRT. My requirements for the router are basically the following tasks:
- The access via Ethernet and WLAN to the Internet
- A possibility to display the required data volume of the individual devices currently and historically.
- The access from the road to my home network: VPN
As hardware I use a Linksys WRT3200ACM and as additional access point a NETGEAR WAC104 in a shared mobility domain: see: Set up home network: Extend LAN and WLAN | improve. See also: Uninterrupted WLAN: Roaming (Fast Transition). If you are looking for a suitable hardware, you might find it here: OpenWRT hardware recommendation - available devices 2023.
Current OpenWRT version: 22.03.3 (found: 2023-01-10)
Software packages
Since the software packages have to be activated again when upgrading, I put together a few lines of code to bring the router back up to date:
opkg update && opkg install openvpn-openssl luci-app-openvpn block-mount e2fsprogs kmod-fs-ext4 kmod-usb3 kmod-usb2 kmod-usb-storage bandwidthd-pgsql luci-app-sqm luci-app-advanced-reboot luci-app-attendedsysupgrade
block detect > /etc/config/fstab
uci set fstab.@mount[0].enabled='1' && uci set fstab.@global[0].check_fs='1' && uci commit
/sbin/block mount
For details on the upgrade process, see: OpenWrt Upgrade - the easy way
OpenVPN - Setup
The quickest way to set up OpenVPN is to use the following commands:
opkg update
opkg install openvpn-openssl openvpn-easy-rsa
build-ca
build-dh
build-key-server libe
cp /etc/easy-rsa/keys/ca.crt /etc/easy-rsa/keys/libe.* /etc/easy-rsa/keys/dh2048.pem /etc/openvpn
uci set network.vpn0=interface
uci set network.vpn0.ifname=tun0
uci set network.vpn0.proto=none
uci set network.vpn0.auto=1
uci set firewall.Allow_OpenVPN_Inbound=rule
uci set firewall.Allow_OpenVPN_Inbound.target=ACCEPT
uci set firewall.Allow_OpenVPN_Inbound.src=*
uci set firewall.Allow_OpenVPN_Inbound.proto=udp
uci set firewall.Allow_OpenVPN_Inbound.dest_port=1194
uci set firewall.vpn=zone
uci set firewall.vpn.name=vpn
uci set firewall.vpn.network=vpn0
uci set firewall.vpn.input=ACCEPT
uci set firewall.vpn.forward=REJECT
uci set firewall.vpn.output=ACCEPT
uci set firewall.vpn.masq=1
uci set firewall.vpn_forwarding_lan_in=forwarding
uci set firewall.vpn_forwarding_lan_in.src=vpn
uci set firewall.vpn_forwarding_lan_in.dest=lan
uci set firewall.vpn_forwarding_wan=forwarding
uci set firewall.vpn_forwarding_wan.src=vpn
uci set firewall.vpn_forwarding_wan.dest=wan
uci commit network
/etc/init.d/network reload
uci commit firewall
/etc/init.d/firewall reload
echo > /etc/config/openvpn # clear the openvpn uci config
uci set openvpn.myvpn=openvpn
uci set openvpn.myvpn.enabled=1
uci set openvpn.myvpn.verb=3
uci set openvpn.myvpn.port=1194
uci set openvpn.myvpn.proto=udp
uci set openvpn.myvpn.dev=tun
uci set openvpn.myvpn.server='10.8.0.0 255.255.255.0'
uci set openvpn.myvpn.keepalive='10 120'
uci set openvpn.myvpn.ca=/etc/openvpn/ca.crt
uci set openvpn.myvpn.cert=/etc/openvpn/libe.crt
uci set openvpn.myvpn.key=/etc/openvpn/libe.key
uci set openvpn.myvpn.dh=/etc/openvpn/dh2048.pem
uci commit openvpn
To allow clients access via VPN, the build-key-pkcs12 command can be used to create the necessary files:
Client
I executed the build-key-pkcs12 command on my Ubuntu machine and copied the keys to the router using scp:
build-key-pkcs12 myclient
scp root@192.168.0.2:/etc/easy-rsa/keys/myclient.* /media/temp/vpn
scp root@192.168.0.2:/etc/easy-rsa/keys/ca.crt /media/temp/vpn
Client DNS settings
To make the DHCP server use a different DNS server for the clients, alternative DNS servers can be specified in the DHCP options:
As an example: option 6 the Google DNS servers 8.8.8.8 and 8.8.4.4:
6,8.8.8.8,8.8.4.4
OpenWrt vs. DDWRT
see also: Alternative Router Firmware: OpenWrt and no longer DD-WRT

{{percentage}} % positive

THANK YOU for your review!
Top articles in this section
OpenWRT provides a uniform and up-to-date software for different network devices like routers or access points and delivers countless additional setting options, software packages and functions. This makes it possible to combine new and old devices from different manufacturers and, among other things, to use low-cost hardware in a common WiFi, see: Setting up a home network: Extending LAN and WLAN | Improving.
Most routers show an overview of all connected devices, some show a snapshot of the bandwidth used, but hardly any give an overview of the amount of data consumed over a certain period of time and certainly not by which device it was consumed. To make the consumed bandwidth a bit more transparent, I was looking for a way to historically record the bandwidth per device. The firmware of normal routers hardly offer a possibility here, differently when using an open source firmware, for example Open...
The marketing term "mesh WiFi" often refers to the desire for a WiFi that simply works everywhere in the house. But what actually is a mesh WiFi? And what is really needed for WiFi to work everywhere and even when switching from one receiving station to another? My setup consists of two access points, which as a unit provide a single WiFi SSID. As access points I use devices from different manufacturers and OpenWrt as firmware. The access points provide uninterrupted reception when I move from o...