Hey! Listen! There are a few posts about installing OpenWrt on these travel routers. Make sure you’re reading the latest version, below.
|2015-08-26||OpenWrt with OpenVPN server on TP-Link Archer C7|
|2015-02-15||OpenWrt with OpenVPN client on TP-Link TL-MR3020|
|2015-01-24||OpenWrt with OpenVPN client on TP-Link TL-MR3020|
|2014-10-19||OpenWrt with OpenVPN client on TP-Link TL-MR3020|
|2014-06-28||OpenWrt with PPTP VPN on TP-Link TL-MR3020|
The other day, I gave up trying to put OpenWrt on a TP-Link TL-WR703n. The stock firmware seems to check for valid hashes, and OpenWrt doesn’t pass the test. Until someone comes up with a hack, I’ve moved on to the TL-MR3020. From what I’ve read only, the only difference is that the MR3020 has a few status LEDs, and the stock interface is in English instead of Chinese.
Again, my plan for this router is to use it when I travel. I plan on plugging it into the ethernet port in a hotel and having it broadcast a wireless network. Any devices that join that wireless network will be VPNed in back to a PPTP VPN server at my house. This encrypts my connection, as well as gives me access to resources at home. Eventually, I’ll be upgrading the VPN server at home to OpenVPN. If you don’t know the difference between PPTP, IPSec, and OpenVPN, you should get started with this.
First, disconnect your PC from all wired and wireless networks. Then, plug the MR3020 into your PC with a wired connection. Do not do any of this over wireless. I started off by checking my IP in Windows.
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.254
I opened Chrome and navigated to 192.168.0.254. At the prompts, enter “admin” for the username and password.
English this time.
Next, you’ll want to check out the OpenWrt wiki page for the MR3020 and download the latest version of OpenWrt, located here. From the status screen, select System Tools, then Firmware upgrade. Upload the firmware like you would a regular firmware upgrade.
You’ll need to wait for the progress bar to cycle through twice. Once for the installation, and once for the reboot.
Check your IP again, as mine had changed.
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.1.229 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1
From here, the OpenWrt wiki page recommends going through the basic configuration for any OpenWrt installation. I’m going to be combining some of the basic configuration with my configuration for the VPN client.
Navigate to 192.168.1.1 and you’ll be greeted by LuCI, the web interface for OpenWrt. OpenWrt recently switched to the Unified Configuration Interface, also known as UCI. The UCI is basically a collection of easy-to-read configuration files that are all centrally located, making it much simpler to configure. What’s nice about LuCI is that it reads/writes from/to the UCI files. Any changes you make in LuCI are reflected in the UCI files, and vice versa, meaning you can program the MR3020 from the web interface, or from the command line.
Anyway, moving on. Leave the username as “root” and the password field empty. Press Login to continue.
Set a password
From the main status screen, we’re going to set a root password by using the link in the red box at the top of the page.
Here, you can set a root password as well as setup SSH access. Press Save & Apply to continue.
Look for Password successfully changed! at the top of the screen.
Verify SSH access by using PuTTY or another SSH client.
The MR3020 doesn’t have a real-time clock or CMOS battery. Because of this, every time it loses power, the clock resets to September 8th, 2011. To circumvent this, we’re going to use NTP to get our time from the internet. You don’t have to setup NTP, but it makes troubleshooting easier when you’re looking at timestamped log files. Keep in mind, since the MR3020 is connected directly to your PC (not the internet), this won’t take effect until after we get it online.
Go to the System tab, then the System tab. Under System Properties, you can set a hostname, as well as select a timezone. Then, under Time Synchronization, make sure the box is checked for Enable NTP client and provide a few NTP servers in the boxes below. I’m using US servers from the NTP Pool Project. Press Save & Apply to continue.
Set default IP
Next, we’re going to change the default IP of the router from 192.168.1.1 to 10.80.1.1 (or whatever scheme you want). Most devices ship with 192.168.1.1 as the default, and since we’re going to be double NATed, we can’t have two identical IPs on the same network.
Go to the Network tab, then the Interfaces tab. Select Edit on the LAN interface (which is actually a bridge of the wired and wireless interfaces). Under Common Configuration, change the IPv4 address field from 192.168.1.1 to 10.80.1.1 (or whatever scheme you want). You can also limit the number of addresses available in the DHCP pool if you prefer. Press Save & Apply to continue.
You’ll have to reboot your MR3020, and then check your IP settings again to verify the change.
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 10.80.1.19 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.80.1.1
Log back into the web interface at the new address using your new password.
Create wireless network
We need to create a wireless network for the MR3020 to broadcast. Eventually, we’re going to turn off LAN access on the ethernet port, and we’ll need a way to connect to the router locally.
Go to the Network tab, then the Wifi tab. Select Enable on the wireless network. Once enabled, select Edit. Setup your network as needed, preferably choosing WPA2-PSK and a strong password from the Wireless Security tab, under Interface configuration. Remember, this device is going to be a direct link back to your home network. Even if you have a strong VPN password, a weak WiFi password could compromise your network. Press Save & Apply to continue.
At this point, you should disconnect the ethernet cable from the MR3020 and connect to the WiFi network we just setup. Normally, it’s not recommended to configure routers over wireless, but since we’re not going to be transferring files or upgrading firmware, we should be ok.
Setup WAN interface
We need the MR3020 to request an IP address from another router when it is plugged in. For this, we’ll need to make a new interface that will act as a DHCP client.
Go to the Network tab, then the Interfaces tab. Here, you can see the default interface, br-lan, which is a bridge of the wired and wireless interfaces. We’re going to create the WAN interface by pressing Add new interface at the bottom of the screen. Name the interface something like WAN, with the protocol being set to DHCP client, covering the eth0 interface. Press Submit to continue.
On the next screen, under Common Configuration, go to the Firewall Settings tab and select WAN. Press Save & Apply to continue.
Unbridge LAN interfaces
By default, the wired and wireless interfaces are bridged. I want them to be separate, so that I can plug the MR3020 into another router and use the wireless interface of the MR3020 to broadcast a SSID. Essentially, I making it so that only another router can use the ethernet port, and only clients can use the wireless network. If you don’t unbridge the interfaces, you’ve basically just created a wireless AP for the other router.
Go to the Network tab, then the Interfaces tab. Select Edit on the LAN interface. Under the Physical Settings, uncheck the box for Bridge interfaces. Then, check the radio button next to the OpenWrt (or whatever you named your) wireless network. Press Save & Apply to continue, then reboot your MR3020.
Verify internet access
At this point, plug your MR3020 into a LAN port on your other router, and connect your PC to the MR3020’s wireless network. It doesn’t matter what IP your MR3020 gets from the other router, as your PC should see the MR3020 as 10.80.1.1. You should be able to access the internet, as well as ping websites through SSH.
In addition, go to the Status tab to make sure your Local Time field is updated with the correct time, now that we’re on the internet.
My plan for this router is to have it run a VPN client and any clients that then connect to the wireless network will be automatically VPNed in. I already have a PPTP VPN server at home, which I’ll soon to be upgrading to OpenVPN. You should read OpenWrt’s VPN overview, as well the PPTP guide, and the PPTP NAT guide.
First, we’ll need to install two VPN packages. This is easiest done by connecting to the MR3020 through SSH and running the commands below.
opkg update opkg install ppp-mod-pptp luci-proto-ppp
Keep in mind, after installing OpenWrt, there is only about 1MB of flash memory left for us, so don’t go crazy installing packages.
root@OpenWrt:~# df -h Filesystem Size Used Available Use% Mounted on rootfs 1.1M 212.0K 876.0K 19% / /dev/root 2.0M 2.0M 0 100% /rom tmpfs 14.3M 752.0K 13.5M 5% /tmp tmpfs 512.0K 0 512.0K 0% /dev /dev/mtdblock3 1.1M 212.0K 876.0K 19% /overlay overlayfs:/overlay 1.1M 212.0K 876.0K 19% /
root@OpenWrt:~# df -h Filesystem Size Used Available Use% Mounted on rootfs 1.1M 444.0K 644.0K 41% / /dev/root 2.0M 2.0M 0 100% /rom tmpfs 14.3M 752.0K 13.5M 5% /tmp tmpfs 512.0K 0 512.0K 0% /dev /dev/mtdblock3 1.1M 444.0K 644.0K 41% /overlay overlayfs:/overlay 1.1M 444.0K 644.0K 41% /
Next, we need to create a new interface.
Go to the Network tab, then the Interfaces tab and press Add new interface at the bottom of the screen. Name the interface something descriptive (e.g., PPTP), with the protocol being set to PPtP. Press Submit to continue.
On the next screen, under the General Setup tab, fill in your VPN server address (if you’re running your own server, it helps if you have dynamic DNS setup), as well as a username and password. For this example, I’ll be using PIA’s PPTP servers, since I’m writing this article at my house, from behind my router. When I travel, I’ll change this server address, username, and password to connect back to my house.
Go to the Firewall Settings tab and select WAN. Press Save & Apply to continue, then reboot your MR3020.
Reconnect to the OpenWrt network, go to the Status tab and look at the IPv4 WAN Status section. You should see something similar to this, showing you are online.
Check your IP with an external tool, like WhatIsMyIP, both on your local wireless network, as well as the OpenWrt network. You should see the difference, meaning you are successfully connected!
Before (on my local network)
After (VPNed in)
A note about PPTP
Again, for this demo, I’m not connecting to my home PPTP server, since I’m at home. Instead, I’m using PIA’s PPTP servers. However, my router here is setup to allow PPTP traffic to pass through. When I tried to use this router outside my house, to connect to my PPTP VPN server, I couldn’t get connected because the remote router had PPTP traffic blocked. Since I didn’t have admin access to that router, I couldn’t open those ports. This is where OpenVPN would be useful 🙂
Backup your config
You did all this work, don’t lose it. Go to the System tab, then the Backup/Flash Firmware tab and press Generate Archive to download a backup of all your configuration files.
That’s it! I’ll be tweaking this guide as I go, but let me know if anything is incorrect or missing.