UPDATE 2019-04: The OpenWRT website lives again, following the merger of the OpenWRT and LEDE projects. I have recently updated this router to OpenWRT 18.06.2 and it works well. Information on updating has been added as a section near the end of this article.
UPDATE 2017-11: The OpenWRT project (at least its website) is pretty dead at the moment - no updates for a very long time. However the codebase is being further maintained and developed by the LEDE project. I just updated the OpenWRT software to the latest LEDE version (17.01.4) using exactly the same steps described below for an OpenWRT update. Thank you LEDE team! The process is in fact so similar that the install-from-scratch instructions for OpenWRT below are probably also valid for LEDE. It’s actually quite impressive that a now 4-year-old router can be updated so easily.
Introduction
I’ve just bought a new TP-Link WDR4300 router; this is both a review of the router and a description of how I installed the OpenWRT linux distribution on it. I’m familiar with Linux, and familar with networking basics, but no guru - this guide is most likely useful for people with beginner-to-intermediate network and linux administration skills.
Overall verdict on the TP-Link WDR4300: thumbs up. Good functionality, reasonable price, and OpenWRT works well on it.
NOTE: documentation updated 2014-11-02 with new links to OpenWRT resources, as OpenWRT version “Barrier Breaker” has now been released.
Much of this information is derived from the official tl-wdr4300 page on the openwrt wiki. Since this article was written, that page has been significantly improved; if you have experience with linux on routers then you may wish to just use that page as a guide rather than this one.
My Home Setup
This is the equipment I had at the time the WDR4300 was bought, ie what I had to work with while setting up the router. If you have a different setup, then you may need to make some adjustments to the steps below.
- network access via a Cable TV provider, using the cable modem they provide (one cable connection in, one ethernet connection out)
- an existing Linksys WRT45GL wireless router; bought 6 years ago with the intention of installing OpenWRT but never got around to it, so it’s still running the stock firmware. Network technology has improved to the point that it isn’t worth installing OpenWRT on it now - and it doesn’t have enough ram/flash to take a modern linux distro anyway!
- a laptop running Linux Mint 15 Olivia (Ubuntu-based) using wireless to access the internet via the existing Linksys router
Physical Assembly
Unpack and assemble router (attach antennae, remove label over network ports, throw away Windows CD). Nothing else to do.
The router comes with a short ethernet cable.
Download Required Files
From http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/ download file “openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin” (or whatever the latest patch-release of barrier-breaker is, ie use v2 instead of v1 if available).
Also open this installation-guide webpage and leave it open for later reference!
Obtain the Existing Outbound MAC Address
My ISP (a cable provider) used to permit only a single device on a “home” connection; the MAC address of the device was registered at the provider, and only that MAC address was permitted. Of course this was rather pointless; any decent router simply provided the option to dynamically configure the MAC address it used on the WAN side, and then multiple devices could be connected to the router. This single-device limitation is getting pretty old-fashioned now that even “home” customers typically have multiple internet-capable devices (multiple PCs, WiFi tablets, televisions, etc). But for safety, I still connected to the admin page of the existing router and wrote down the MAC address it uses (for later use).
Check your ISP’s terms and conditions to see whether you need to set the MAC address of your new router to emulate your current device.
Connect PC to New Router and Log In
Simply connect the ethernet cable from PC to any local port on the router (not the WAN port!). Ensure PC has switched to new network (ie has obtained a DHCP address from the new router).
In a browser, go to “http://192.168.1.1” and enter credentials “admin/admin”.
Theoretically it should be possible to establish a network from the PC to the new router while still having connectivity to the internet via your existing router. Unfortunately, I couldn’t get this to work : I use WIFI to connect to the old router (it is in a different room), and as soon as a physical ethernet cable was attached to my laptop the WIFI shut down. According to advice on the internet, it should be possible to tell NetworkManager to run both a wireless and wired network concurrently, and indeed all the relevant options seemed to be present in NetworkManager. As I understand it the following should have worked; it didn’t for me but I’ll leave these notes here in case they work for someone else..
- open NetworkManager applet by clicking on the status-panel network icon and choose Network Settings
- select “wired” and then “options”
- in the “general” tab, disable the “Automatically connect” option
- in the IPv4 tab, set “Method” to Manual (ie laptop should not request DHCP address)
- in the IPv4 tab, select “Routes” and enable “Use this connection only for resources on its network”, then add address 192.168.1.1 with mask of ‘255.255.255.255’
In my case, connecting the ethernet cable always terminated the wireless connection despite the above (running /sbin/ifconfig showed no relevant interface). Maybe this model laptop has something in ACPI that does this; unfortunately even “sudo rfkill unblock all” did not help. I also tried connecting the new router directly to the existing one, hoping it would obtain a DHCP address from the current router and be accessable/configurable that way. Apparently that doesn’t work, at least out of the box with the standard firmware.
However it isn’t actually necessary to have internet connectivity while configuring the new router as long as everything necessary has been downloaded first.
Upload New Firmware
Go to “System Tools” page, and checked the status info. For my device it was: WDR4300 v1 00000000 Firmware Version 3.13.23 Build 121225 Rel.37950n
Go to “System Tools | Firmware Upgrade”, select the openwrt-ar*-factory.bin file downloaded earlier. The upload and install took about 2 minutes on my system. |
Allow the system to restart.
Log In to OpenWRT
Disconnect ethernet cable (ie stop interface) and reconnect cable to router (reinit interface).
The default behaviour for a new OpenWRT install is to have:
- a DHCP server enabled, with the router having fixed address 192.168.1.1
- a telnet server with no password (yes, very insecure but it’s only temporary)
So:
- connect to the router with “telnet 192.168.1.1”
- run command “passwd” and enter a real password for the system (a good one).
- log out (ctrl-d)
Now that a password has been set, telnet is disabled. So reconnect with “ssh root@192.168.1.1” and enter the password from above.
Configure Wireless
Ensure the physical wifi switch on the back of the router is in the “on” position.
Run “vi /etc/config/wireless”
In section “config wifi-iface”, change
option ssid OpenWrt --> option ssid '{newnetworkid}'
option encryption none --> option encryption 'psk2'
option key '{newWiFiPassword}'
option hidden '1'
In section “config wifi-device radio0”, make the following changes:
option disabled 1 --> option disabled '0'
option country '{code}' where code is US, GB, DE, etc
Run “wifi down; wifi up”. Some error messages may be displayed about “insufficient entropy to generate keys”, but reconfiguring the PC to connect to the new wireless network and using “ssh” over this network to log back in to the router should work fine.
Note that I chose to make the network a ‘hidden’ one. I’ve never seen the point of making the SSID available; it’s very little more effort to connect to a hidden network than a nonhidden one, and more secure. For Windows PCs, just choose “unnamed network” to connect to, and enter the name. For Linux PCs with NetworkManager, just choose “connect to hidden network” from the wireless networks page.
Connect to WAN
Now disconnect the old router from the cable modem, and connect the new one (via the router WAN port of course). You should have internet access through the new OpenWRT-powered router!
Install Web Admin Interface
While OpenWRT can be configured fine by either editing config files or using the “uci” commandline tool, it can be nice to also have a more graphical interface. To install one (the LUCI web interface), do the following..
Log in using SSH, and run:
opkg update
opcg list luci-*
opkg install luci-ssl
Run “vi /etc/config/uhttpd” and change
list listen_http 0.0.0.0:80 --> remove line
list listen_https 0.0.0.0:443 --> 192.168.1.1:443
Run
/etc/init.d/uhttpd enable
/etc/init.d/uhttpd start
Then connect with a browser to “https://192.168.1.1” and log in with the root password.
The changes to /etc/config/uhttpd above are because I have no reason to administer this router from anywhere but within the same network (ie no need to administer it from work, overseas, etc), and no reason to ever use the LUCI webserver over http (unencrypted!). Given that wireless is enabled, it would be nice to lock down this web interface (and ssh) even further; right now anyone who can connect to the wireless network can try to connect to the admin interface via a password.
Still To Do
- somehow lock down access to the admin interface further (eg by mac address, or by private key). Maybe use fail2ban or similar?
- enable logging of all inbound and outbound connection attempts
- figure out how to use the inbuilt tftp server (in case I misconfigure openwrt at some time and need to reinstall..)
Upgrading Firmware
If a new version of OpenWRT is released, then the installation can be upgraded following the instructions in section “Upgrading OpenWRT” here:
I find the easiest way to upgrade is to use the LuCI web interface:
- Download the appropriate *-sysupgrade.bin file from http://wiki.openwrt.org/toh/tp-link/tl-wdr4300
- Connect to LuCI via a browser
- In menu “System | Backup/Flash Firmware”:
- Generate Archive –> saves settings to local PC
- Flash new image –> select “keep settings”, upload the wdr4300-*-sysupgrade.bin file and click the “flash image” button.
After reinstall, internet access will be working, and ssh. However anything installed via opkg (such as LuCI) will not be working. Therefore, log in using ssh and reconfigure/reinstall any packages, eg:
opkg update
opkg install luci-ssl
/etc/init.d/uhttpd enable
/etc/init.d/uhttpd start
To verify upgrade was successful, run the following from your ssh login session:
- cat /etc/openwrt_release
- cat /etc/openwrt_version
More Detailed Device Review
Pros:
- reasonable native firmware (I played with it a bit)
- really easy to install OpenWRT
- reasonable price
- good specs (gigabit ethernet, dual-band wireless, lots of flash and ram storage)
- physical wireless enable/disable switch on the back - good if you don’t want wireless
- physical on/off switch on the back - nice not to have to disconnect the powercable.
Cons:
- physically quite a large device (bigger than the Linksys WRT45GL that it replaces)
- lots of bright LEDs on the front panel; as this device sits in my living room I had to put tape over the front panel
- slightly rounded on top, making it trickier to stack things on top of it
- a somewhat ugly device; won’t take pride of place in the glass-fronted electronics cabinet
- quite a large wall-wart power supply; could be a problem in tight spaces.
- so far, I haven’t been able to get great WAN performance out of it; might be just my setup or ISP though; more testing required.
Updating to OpenWR 18.06.2
Upgrading the router to OpenWRT 18.06.2 was relatively simple. It consisted of:
- going to the downloads page, filtering by model=WDR4300
- downloading from the Upgrade URL
- following the upgrade instructions
- going to http://192.168.1.1, logging in as root/admin and setting up credentials
- logging in via ssh root@192.168.1.1 (optional)
- going to Network/Wireless and enabling the two radio channels (or doing this via the ssh terminal session)
When choosing firmware to download, there are now two install options available: a base install without the LUCI web interface, and one with it. Using the one with LUCI enabled makes it possible to immediately log into the web interface, rather than using telnet. And from there, you can enable the SSH server (dropbear) and connect via ssh. However the included package is just luci and not luci-ssl - and therefore only an http (and not https) connection is supported, which is not a good idea. Therefore I recommend using the basic install bundle and installing luci-ssl manually as described above. Or use the luci install-package, then immediately use the web interface to install the luci-ssl package
Note that the official install-instructions recommend unselecting the “keep previous settings” option in the LUCI interface when upgrading to a new major OpenWRT version. If you do this, then this effectively results in a “new install” rather than an upgrade - all passwords are lost, radio channel settings lost, etc.