OpenWRT, a great alternative to DD-WRT

A short opinion on the 3rd party firmwares DD-WRT and OpenWRT, running on my TP-Link TL-WR1043ND router.

For many years now, I’ve been running DD-WRT on my Linksys WRT54GL & WRT54G2.2 routers. The two routers have lasted for over 6 years, but recently they started to develop certain issues such as wireless dropouts and slow ping times (including packet losses).

As a replacement, I decided to go the cheap route and get a TP-Link TL-WR1043ND router. To be honest, my home network requirements are pretty small. I didn’t care too much about wireless throughput as most of the network is wired gigabit. The only features I needed were:

  • Flexible port-based VLAN tagging
  • Full dnsmasq control, for assigning hostnames/domain to local machines
  • Dynamic DNS client (for dyndns.org)
  • Remote SSH management

To be honest, I have managed to achieve much of this via DD-WRT, but the whole interface is messy, with various settings being in seemingly random places. In particular, VLAN/port based tagging was so confusing via the Web UI, and CLI management (via SSH) felt disconnected and more of a “hack”, as many commands have to be saved as start-up scripts.

Enter OpenWRT, which may not have as “nice looking” a Web UI (though more than enough, in my opinion). What draws me is the neat layout of the OS. All configuration is done by editing config files directly in the file system. In addition, all the configuration options are nicely separated into different files such as ddns, network, wireless, dhcp, firewall, etc. The flexibility is nearly limitless, and because one is able to give names to interfaces and reference them in other configuration files, things are far less confusing. Configuring the switch was a breeze via the Web UI, and I was able to set up my Unifi internet connection easily to split up Internet and IPTV.

OpenWRT feels much more like a fully-fledged OS. For example, there is direct access to iptables. All I need to do is to change /etc/config/firewall, and when I’m done, just restart it with /etc/init.d/firewall restart, just like in any other Linux installation. Also, OpenWRT has built in package management, with the ability to install more packages (Yes, DD-WRT does have similar ability with optware). I quickly added WebUI Wake-On-LAN and OpenVPN.

To be honest, there are a ton of other things you can do with OpenWRT, and this messy post isn’t really a thorough comparison of the two. But having used both DD-WRT and OpenWRT, I have to say that when you need flexibility and getting the most out of your router, OpenWRT definitely trumps DD-WRT (which is still a good 3rd-party firmware, no doubt, but more useful for general/easy tasks, or for nice graphs). Once you have grasped the basics of how to manage an OpenWRT installation, you’ll be amazed how the configuration is so much easier to apply and how it works.

Home network setup

Recently, I made the change to fiber optic for internet, boosting my download/upload speeds to 5Mbps/5Mbps. At the same time, I decided that it was time to do some upgrades to the network in my house, in particular a gigabit network and having all computers on a domain. In terms of complexity, of course this is a very small network setup compared to those you get in large companies and campuses, but for a home network, it’s probably more than an average user may have.

Recently, I made the change to fiber optic for internet, boosting my download/upload speeds to 5Mbps/5Mbps. At the same time, I decided that it was time to do some upgrades to the network in my house, in particular a gigabit network and having all computers on a domain. In terms of complexity, of course this is a very small network setup compared to those you get in large companies and campuses, but for a home network, it’s probably more than an average user may have.

Unifi, the service I’m using, provides a combination of Internet, VOIP (Phone), and IPTV in one package. This is achieved through VLAN tagging, in which various services are assigned a VLAN Tag ID so that the packets coming in can be differentiated from one another.

The fiber modem is provided with the service. This is then connected to a provided D-Link DIR615 router. Initially, the router is setup to handle all routing and connections, but since I prefer DD-WRT, I decided to use it solely as a VLAN Bridge (i.e. it removes the VLAN tags from incoming packets, and sends internet packets to Port 3, and IPTV packets to Port 4). In addition, I changed its IP/Subnet to the same subnet as the rest of my network and disabled its DHCP server, so that I can manage it from any computers on my network.

All routing is handled by my main router (a WRT54GL 1.1 running DD-WRT, overclocked to 250MHz with a heatsink mod), and is setup on a 10.0.0.0/255.0.0.0 (Class A) subnet. I made this decision after my previous Class C (255.255.255.0) network became a mess. Now, all IP addresses are nicely organized into the following pools:

10.0.0.1-10.0.0.100: Routers and bridges
10.0.0.100-10.0.0.150: DHCP clients
10.1.0.1-10.1.0.255: Static LAN clients
10.1.1.1-10.1.1.255: Static WLAN clients
10.1.2.1-10.1.2.255: Static clients with Virtual/Other Interfaces
10.2.0.1-10.2.0.255: VPN clients

Thus, for a computer which has both LAN & WLAN, the last digit [octet] of the IP address is the same. It’s LAN address would be 10.1.0.34 while its WLAN address would be 10.1.1.34. If it had a 3rd interface, it would be 10.1.2.34, etc. This makes it much neater. Of course, not wanting to memorize all the IP addresses, I decided to use DNSMasq for DNS services, with the following settings:

strict-order
domain=lan
local=/lan/
expand-hosts
address=/router.lan/10.0.0.1
address=/vpn.lan/10.0.0.2
address=/vlan615.lan/10.0.0.3

This allows me to access other machines by simply adding their hostnames to DNSMasq. This helps a lot for my machines running Web interfaces, so I can just go to http://router.lan/, etc. Provided that all clients use the router for DNS queries, it all works. Also, strict-order was required because I use Google DNS for my other DNS queries but also keep an ISP DNS server as backup – and this ensures that it uses DNS servers in the order I specified, rather than randomly (?) selecting one or the other.

A 2nd WRT54g router (running DD-WRT) adds OpenVPN support in my network, allowing me to access my network from all over the world. Ideally, my main router would run this VPN service, but as the WRT54g is an old router, it doesn’t have enough RAM (only 16MB) and processing power to achieve all this. In the future, I hope to offload this to my NAS Server.

Finally, my wired ethernet devices are mostly plugged into the last device – an 8 port gigabit switch (HP Procurve 1410-8g). This required the most work, including climbing in the attic to lay Cat-5e cable to various parts of the house (upstairs), as well as plastic channels carrying Cat-5e downstairs. Originally, I was going to get a managed switch (HP Procurve 1810-8g) so that my NAS (File) server would use an aggregated link for 2Gbps of bandwidth, but due to the extra price, I decided to just go with the unmanaged switch.

Having gigabit makes a world of difference – transferring data between various computers is much faster, a feature especially useful when I built my NAS/File server.

Some may say that my routers (WRT54g) are fairly old, and yes, that’s very true. However, in all my internet usage, I haven’t encountered any issues with them, or any internet slowdowns. I was thinking of upgrading to wireless-N, but since most of my devices are already on the wired gigabit network and most clients are only G-capable, I decided that for now, it’s not worth it.

For those wanting to setup unifi, do check out rizvanrp’s Unifi handbook.

Here’s a basic network map of my setup: