OpenWrt Router Setup
A Guide to How to Securely Remote Work From Home with OpenWrt
In this quick guide, we will discuss a few recommended services that you can run and manage through OpenWrt LuCI Web Interface that are worth installing on your device, which will bring value and extra security-related features.
OpenWrt is a completely free popular Linux operating system that offers plenty of packages containing services that can be used in your router or loaded through your NanoPi R2S SBC when setting up a home or office network.
In addition to OpenWrt’s advanced firewall settings, you can also find a few packages that can help prevent malware and spam on your network. So let’s start with our top list recommendations.
Recommended Luci Apps
Adblock service
OpenWrt offers a simple AdBlock service you can install in your router or SBC (Single board computer). with this service, you can block malicious content, and add specific domains to a Whitelist and Blocklist.
To install the relevant packages you can go to System-> software and install the following packages:
- adblock
- luci-app-simple-adblock
- luci-app-adblock
or install the packages in CLI (Command Line) Mode:
opkg update opkg install adblock luci-app-adblock luci-app-adblock
After installing the above packages you will find it under:
Services-> Simple AdBlock
Tools for network diagnosis like traceroute and ping
To install the relevant package you can go to System-> software and install the following package:
luci-app-freifunk-diagnostics
or install the package in CLI (Command Line) Mode:
opkg update opkg install luci-app-freifunk-diagnostics
After installing the above packages you will find it under:
Network-> Diagnostics
E2Guardian
E2guardian is a web content filter that can work in proxy, transparent, or icap server modes.
To install the relevant package you can go to System-> software and install the following package:
- e2guardian
- luci-app-e2guardian
or install the packages in CLI (Command Line) Mode:
opkg update opkg install e2guardian luci-app-e2guardian
After installing the above packages you will find it under:
Services-> E2Guardian
CloudShark Network Analysis
Capturing packets from an OpenWrt appliance.
This service can be used to configure the router to sniff packets to/from monitored devices on the device running the Wireshark app.
To install the relevant package you can go to System-> software and install the following package:
- tcpdump
- luci-app-cshark
- cshark
or install the packages in CLI (Command Line) Mode:
opkg update opkg install cshark luci-app-cshark
After installing the above packages you will find it under:
Networks-> CloudShark
VnStat Traffic Analyzer
vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as an information source.
To install the relevant package you can go to System-> software and install the following package:
- vnstat
- luci-app-vnstat
- luci-app-cshark
or install the packages in CLI (Command Line) Mode:
opkg update opkg install vnstat luci-app-vnstat luci-app-cshark
After installing the above packages you will find them under:
Status-> VnSat Traffic Monitor
Quality of Service
It stands for Quality of Service, simply how efficiently the bandwidth could be used to improve network quality and minimize network latency. It also ensures a fair portion of bandwidth is always available for critical applications.
To install the relevant package you can go to System-> software and install the following package:
luci-app-qos
or install the packages in CLI (Command Line) Mode:
opkg update opkg install clamav luci-app-clamav calmsmtp
After installing the above packages you will find it under:
Network-> SQM QoS
ClamAV Antivirus
CalmVB is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
To install the relevant package you can go to System-> software and install the following package:
- clamav
- luci-app-clamav
- freshclam
- clamsmtp
or install the packages in CLI (Command Line) Mode:
opkg update opkg install clamav luci-app-clamav calmsmtp
After installing the above packages you will find it under:
Services-> CalmAV
Samba
Samba is an open-source software suite that runs on Unix/Linux-based platforms but is able to communicate with Windows clients like a native application. So Samba is able to provide this service by employing the Common Internet File System (CIFS).
To install the relevant package you can go to System-> software and install the following package:
- kmod-usb-storage
- block-mount
- samba36-server
- luci-app-samba
or install the packages in CLI (Command Line) Mode:
opkg update opkg install luci-app-samba samba36-server block-mount kmod-usb-storage
TOR – Surf Anonymous Online
In this example, Privoxy is used as a proxy server.
TOR (The Onion Router) is software that allows users to browse the Web anonymously. Developed by the Tor Project, a nonprofit organization.
Privoxy (Privacy Enhancing Proxy) is a popular web proxy with advanced filtering options to protect privacy. Privoxy is of course also under the GPL license and is included in the package lists of many Linux distributions.
To install all relevant packages you can go to System-> software and install the following package:
- libpcre
- privoxy
- luci-app-privoxy
or install the packages in CLI (Command Line) Mode:
opkg update opkg install libpcre privoxy luci-app-privoxy
Privoxy configuration
The remaining settings are made in the OpenWRT web interface, in which Privoxy was automatically integrated during the installation.
In the “Access Control” tab, the IP address of the proxy server is now defined (more normally the IP address of the router) and the port used (Privoxy standard port = 8118). Furthermore, the network must be specified, which may later use the proxy.
| Listen to addresses | 192.168.0.1:8118 |
| Permit access | 192.168.0.0/24 |
| Toggle status | A |
| Enable remote toggle | A |
| Enable remote toggle via HTTP | Out |
| Enable action file editor | A |
| Enforce page blocking | Out |
It continues in the “Forwarding” tab. Here the SOCKS5 forwarding to the TOR service is set up with the standard port 9050. Slash and dot are relevant and must be adopted.
| Forward SOCKS 5 | / 127.0.0.1:9050. |
Now go to the “Miscellaneous” tab.
| Accept intercepted requests | A |
| Allow CGI request crunching | Out |
| Split large forms | Out |
| Tolerate pipelining | Out |
| Connection sharing | Out |
| Handle as empty doc returns ok | Out |
| Enable compression | Out |
Finally, the configuration is saved and applied with “Save & Apply”.
Finished. Now you can enter the OpenWRT router as a proxy on your clients in the LAN and surf anonymously via the TOR network.
| Proxy address in this example | 192.168.0.1:8118 |
