The first time I tried to install openwrt was on the Dlink DSL-502T
. This router is reasonably well supported on openwrt, but in the process of juggling between instructions on two different wiki pages, I managed to convert that into a paper weight. The problem was partly my fault, since I took the standard AR7 firmware on the download page, modified the headers and pushed it out via tftp without reading more on the nuances between 502 and 620-t. Nevertheless, the experience stayed with me, and was a good reminder on how not to do things. The good thing from the experience was that Airtel broadband replaces routers no questions asked. The bad thing? I now have to make do with a Zyxel modem that doesn't have enough horsepower to do PPPoA standalone. It's bridged with the wifi router, that PPPoEs out thankfully.
In recent times, I've been frustrated with the inability of the linksys default firmware on the WRT150N
to do basic things and decided on giving openwrt another go. This time, things were smoother, and the router came back up after a reboot, with no quirks. I quickly restored the functionality I already had. Stuff like adding static leases in dnsmasq for my home gear (and there are a ton of them), dyndns updates using ddns-scripts
, blacklisting ip addresses into a blackhole vlan. The blacklisting part works great, the sad part is that I never got to see their faces when they see that can now connect and don't have access to any place at all. The next phase is to goatse
(warning: nauseating link) them by having all requests do an HTTP redirect.
I run an open ap, and I don't mind my neighbours leeching as long as they maintain a basic civility about it. Asking Indians to uphold manners is a tough deal, and I am happy that traffic shaping works great in linux. This was my primary objective of moving to openwrt. The stock firmware uses HTB/tc to do shaping, but does not give me control other than the stock idiot-proof options. Installing qos-scripts was a snap, and thankfully it had all the options that I wanted. The more I think of it, I can't understand why all router manufacturers don't enable QoS by default. It's extremely advantageous, and John Doe will be thankful for the percieved improvement in speeds.
Now, why do I like openwrt so much within the first two days? First ssh access. I can now sanely backup my configs via sshfs/rsnapshot and go back and forth in time if I need to look up something. It also theoretically makes upgrades a snap, and configuration is more easier when I can vi and sed.
Two, dnsmasq and and the ability to edit the hosts file. Sounds silly, but now I don't have to rely on multicast and zerotouch to do dns, an approach which doesn't work on the company windows laptop.
Three, QoS. Traffic shaping makes the network look more responsive to others, while I don't have to worry about throttling down bandwidth hogs. I can finally leave all of these tasks running full day long, without having to think much about it.
Four, vlans. Well, vlans are part of the standard firmware too, but that's where it ends. The stock firmware does not allow me to edit them, or prioritize traffic on it in any way. All this despite the fact that it has to do vlan based magic (?) whenever it changes most network settings. Having direct access to them in a joy, and it allows me to do funky stuff like isolating the network gear from the rest of the lan/wlan.
Five: Direct access to iptables, and the init scripts. The hardware that connects to the ap/lan from my home are all assigned static leases in a 192.168.1.0/24 network. All external clients will now get assigned a lease from the 192.168.2.0/24 pool. I've also set iptables rules to prevent external users from accessing the internal network (Note to self: Punch a hole for the dude who connects to the DAAP server). Also, I've classified all traffic from this network as neighbour, and throttled it all the way down, lesser than the priority of the bulk classification. Now, the bandwidth will be prioritized for all hosts in the internal zone, and the neighbours get the leftovers. All this work, because some morons do not understand the meaning of "openap; torrents -> blacklist" while connecting. This brings me back to the goatse idea, I love it the more I think about it.
This is not to say there aren't annoyances. The config format took some time to get used to. There's still no support for draft-N (this isn't that much of a deal breaker for me, because the only hardware that runs it is now turned off for most of the time), and the firmware doesn't have access to all the leds. I haven't had the need to upgrade yet, but I won't be surprised if it's a PITA.
All in all, I am very satisfied with openwrt. And the WRT150N is a very powerful machine. It's got a 266 Mhz CPU that's good enough for all the heavylifting needed for iptables, and it has 8Mb of RAM (something which you don't find so easily in most hardware available today). If you're looking to buy one, be careful to look for the V1 routers - the V2 doesn't run openwrt AFAIK.