Skip to content

Instantly share code, notes, and snippets.

@nachtmaar

nachtmaar/ openwrt-network-setup.md

Last active January 30, 2022 18:14
Show Gist options
  • Save nachtmaar/55f4e6bd13051cb6ddeb03c964c29f71 to your computer and use it in GitHub Desktop.
Save nachtmaar/55f4e6bd13051cb6ddeb03c964c29f71 to your computer and use it in GitHub Desktop.
Download ZIP
My OpenWRT home router setup
Raw
openwrt-network-setup.md

My OpenWRT home router setup

This is a very quick tutorial on how I setup my TP Link Archer C7 v2 using OpenWRT. The document is mostly for myself to remember how to do it, but feel free to add your comments and improvements 😃

See Also: For installation/upgrade instructions see this

Requirements

  • I don't want my private devices to be in the same network as my internet router
  • WiFi should support 5GHz to improve the network speed then using my NAS over WiFi
  • I want SSH access to my router and log in using an SSH key
  • It should have a custom hostname set
  • Use latest WiFi Encryption

My Network

I do have two network zones at home.

Network zone 1 is the network provided by the main internet router. This one provides access to the internet and is not used otherwise.

name: internet router OpenWRT zone name: wan IPv4 range: 192.168.2.0/24

Network zone 2 is my private LAN/WiFi there all devices are living in.

name: private LAN OpenWRT zone name: lan IPv4 range: 192.168.1.0/24

Howto

The following section describes how I configure my OpenWRT router (the one for network zone 2).

Administrative stuff

Visit the web UI using the following URL: https://192.168.1.1

  • change router password in System->Administration
  • change hostname in System->System (my hostname is corvus)

Network

LAN

  • Connect cable from main internet router to uplink port
  • By using the uplink port named WAN inside OpenWRT, the two networks (lan and wan) will be separated automatically.
    • Under Network->Firewall you will see that zone lan is able to talk to wan (required for internet) but not vice versa

firewall-setup.png

WiFi

  • Go to Network->Wireless and edit both SSID: OpenWrt | Mode: Master entries (one is 2,4 GHz and the other is 5 GHz)
    • Go to Genereal Setup tab
      • Set ESSID
    • Go to Wireless Security tab
      • Set Encryption to WPA3-SAE (strong security)
      • Set WiFi Key
      • Enable 802.11r Fast Transition and set Mobility Domain to 0001
  • Enable both devices
  • Press Save & Apply

WiFi should work now.

Access

  • Go to System->Administration

  • Go to tab SSH Keys

  • Create an SSH Key (e.g. using ssh-keygen -f key)

  • Paste content of key.pub

  • Configure your SSH config in ~/.ssh/config

Host corvus
  Hostname corvus
  IdentityFile <path to key file>
  IdentitiesOnly yes
  User root
  • Test ssh access with ssh corvus

Links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment