Raspberry Pi 4 as a Home Router – OpenWRT + AdGuard Home
Author: Yaroslav Koisa
Created on 21 February 2021
Last edit commited on 2 May 2021
Table of Contents
1. Why use Raspberry Pi 4 as a home router?
Recently I had to move to another city, to carry out few long-term on-site projects (not only IT related), and found myself in a need of a good home router, that will be compatible with OPNSense or at least OpenWRT. More often than not your internet service provider, besides the Internet service, will usually provide you with a router too. It is “certified” for the ISP network and gives you wired and wireless connectivity for all devices in your home. In most cases, people don’t bother to replace this router, because it drives up the cost and network configuration complexity. But you are here, because you are not like “most people”, when it comes to your home network, right?
There are few things in particular I hate about “consumer grade” routers:
1. Security – unpatched vulnerabilities, UPnP enabled by default, inability to separate guest and LAN clients and so on.
2. Hardware configuration – I would much rather prefer to have a separate “dumb” AP behind a proper router firewall/router, than a all-in-one device, that can’t do one of these things right, leave alone all of them at once. And don’t even get me started on the CPU and RAM configuration inside of these boxes (SMH).
3. Crippled software – WireGuard? OpenVPN? Proper access to firewall rules? MultiWAN? No, we haven’t heard about these. Here is the ability to switch your DNS server and to tweak DHCP ranges, that should be enough kid, go play outside.
I bet you can think of a number of different reasons, but this intro already takes too long, let’s wrap this up here and let’s move on to get to the setup part.
And oh, did I mention that RPi4 can route at near gigabit speeds? Well yeah, it can.
2. What's to come
3. OpenWRT Installation
1. Go to OpenWRT website and download the latest firmware version for your Pi4. At the time this article was created, the only option was a snapshot version, so that’s what I am going to download here.
The link that will take you to a download:
2. Once downloaded, open Raspberry Pi Imager or balenaEtcher and flash the image to an SD-card. I don’t think this step needs any explanation, so let’s move on onto the next one.
4. Now insert the SD-card into our Pi4, and let’s start configuring the OpenWRT
4. OpenWRT initial configuration
2. Now, there is a little irony in this setup: in order to complete it, you’ll need an already working router, connected to the internet. We will need it in order to install Luci (WebUI for OpenWRT) and drivers for the external USB2Eth adapter. If you are wondering – snapshot versions of OpenWRT are not shipped with Luci installed by default.
passwd #Press enter #Type in your new password, enter, repeat, done :)
### Example of my LAN interface section config interface 'lan' option type 'bridge' option ifname 'eth0' option proto 'static' option ipaddr '192.168.1.99' option netmask '255.255.255.0' option gateway '192.168.1.254' option dns '184.108.40.206'
P.S. If you never used vi or vim, here’s a brief overview. When you open a file, you’re in a command mode. Use your arrow keys to move the cursor to the point you want to change. Then, press “i” to switch to the editing mode, in which you can write a text and delete an existing text using the Delete key. After you make your changes, press Escape to get back into the command mode, and store your file by typing :wq <Enter> (i.e., command: write and quit).
service network restart # or reboot # or shutdown
ping 220.127.116.11 # Wait for the response and then ping google.com
# Update the package repos opkg update # Install software that I'd like to have on evey one of my systems opkg install htop nano tmux iftop # Install LuCI webUI, for easier management opkg install luci-ssl-nginx # Now enable and start the nginx service nginx enable service nginx start
# I've got rtl8153, but drivers from 1852 will work just fine opkg install kmod-usb-net-rtl8152 # If your USB2Eth is different, figure out it's chipset, then use command below to find and install the appropriate drivers opkg list kmod-usb-net*
ip a # Sample command output: 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc mq master br-lan state UP group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: wlan0: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 ff:ff:ff:ff:ff:ff 5: br-lan: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan valid_lft forever preferred_lft forever inet6 fe80::dea6:32ff:feac:78c9/64 scope link valid_lft forever preferred_lft forever 6: eth1: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10. Now that our system is ready, go ahead and configure your interfaces, install all of the required packages and so on. Come back when you are ready to install and configure AdGuard Home.
5. AdGuard Home Installation and Configuration
opkg update opkg install adguardhome
mkdir /root/adguardhome nano /etc/init.d/adguardhome # Replace -w option from tmp to root, like this: # OLD: # procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w /tmp/adguardhome --no-check-update # NEW: # procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w /root/adguardhome --no-check-update service adguardhome restart
This will ensure that our AdGuard Home DNS database and configuration is persistent between reboots. I don’t know how great of idea it is to leave it in /root/, only time will tell (or expert users in my YouTube comments section, not a sarcasm, I’ve got a very decent and smart audience).
5. Now reboot the device and check if your AdGuard WebUI resets the stats. If it does, something is wrong, but if it doesn’t – congratulations you’ve got yourself a decent router with built-in ad protection.
In my case, the experiment to use RPi4 as my router turned out well, and I decided to stick with this setup for the time being. After a long time, I have tried something other than pfSense/OPNSense: OpenWRT on RPi4 with the latest patches, which gives me 4 GB of RAM and almost 30 GB of storage. I’m pleased that, finally, we have development boards capable of replacing proprietary SOHO network equipment. Such boards may shape the segment of home networking significantly in upcoming years.
Consider donating towards our project, to support a future content release