How I learned to appreciate OpenWRT
For years, I had been using a router that had a custom ROM on it. I had used DD-WRT, which had a convenient set of web-based menus that allowed for me to customize how my router functioned and what features it could use. But DD-WRT was limited. There just were some things that were outside of what it could do. So after bricking yet another old router, I decided to change it up and try OpenWRT.
This tends to function quite differently than DD-WRT. It does have a set of web-based menus. It also has a package manager for installing new software. And…. it has Command Line access, which gives me access to more than what I have with just the web interface. It is a full Linux distro with everything that entails.
One of the first things I felt I needed to add was the ability to update DynDNS with the latest IP for my router. That took installing a plugin, where it was built-in with DD-WRT. Simple enough to get working, and it is functioning quite fine.
Next was to rig up SQM QoS, with the cake discipline. Where I used to have to specifically control the QoS myself, this tool allows for it to be managed automatically. No more needing to fiddle with what kinds of apps get what priority. Just installed the plug-in, enabled it, and it does it all for me.
I set up 2 main wifi SSIDs for my LAN — the first is the fastest, and primary network for devices on it. The second is a slower/legacy network for those devices that just plain need something older. I also set a “guest” SSID, which isolates the clients to prevent them from ever seeing the main LAN or devices on it.
A big change I did was I got Nginx (with SSL) up and running on the router, and have its main web interface running through it. I also installed the acme.sh script manually (not through normal package management), and started making Let’s Encrypt certificates. And built a component that automatically upgrades HTTP to HTTPS requests to the router. Everything gets to be secured. My router now also serves as my reverse proxy — essentially handling the routing of web traffic to the correct systems as needed.
I restructured the command-line, using my favorite tools (vim, fish, htop, neofetch, tmux) to customize the appearance/functionality of my CLI to my personal preferences.
Another huge change is I put in an external USB drive, and added AdGuard Home directly to the router, to handle DNS requests, with several standard ad/tracking/malware/adult/etc. blocklists, making network usage at home as safe as possible. So the router is also managing the DNS component, with full blocking when necessary. Some fun firewall rules also force ALL DNS queries through the AdGuard Home, no DNS leaks for our network.
All-in-all, the router is self-sustaining, not relying at all on any external devices for main functionality, and it is the gatekeeper for external and internal traffic.