I’ve always preferred to use my own router at home when possible, and was pleasantly surprised to learn that the EU actually has rules around router freedom. That is, each user is allowed to use their own hardware at home, rather than being imposed which hardware they can use by their service provider.
Additionally, the Netherlands has local legislation to reflect this, and KPN has a dedicated page explaining that they support this too.
Okay, maybe support is not the right word. They allow it and provide all necessary technical details, but any actual support requests should go to the community forums. Makes sense; they can’t realistically support any random permutation of devices. I can’t imagine trying to train tech support to handle calls from people running OpenBSD on their router.
Why use one’s own router ¶
Running one’s own router for a home network has a few advantages. A big one is security and privacy: rather than have a device managed by a third party on one’s private home network, there’s just yet-another device managed by the owner.
That aside, there’s a few more quite practical usages. Because my own router is the publicly-facing device, I can easily expose services (i.e.: port forwarding), and have no issue with breaking through a black-box NAT. It’s also possible to run any lightweight services on the box itself.
Finally, a nice-to-have is having isolated guest or testing wireless networks. These are isolated from the “main” home network without having to add a second access point into the mix.
What is OpenWrt ¶
OpenWrt is a Linux distribution aimed at routers and access points. It
supports a variety of consumer hardware. It can be configured via SSH like a
traditional Unix-like system, or via LuCI, the web-based graphical interface.
It’s pretty end-user-friendly to be honest, and mostly edits configuration in
/etc/config under the hood.
Technical details ¶
The page linked above has a link to a PDF with all the technical details, though it’s actually very verbose, since it includes details on using your own fibre modem as well.
The important bits are:
Internet: VLAN = 6 met prioriteit P-bit = 1 Vast Bellen: VLAN = 7 met prioriteit P-bit = 5 TV: VLAN = 4 (DHCP gebaseerd die ook IGMPv2 moet ondersteunen) met prioriteit P-bit = 5
Technische details Internet • PPPoE via VLAN 6 (802.1q). • PPPoE authenticatie PAP met een gebruikersnaam en wachtwoord (bijv. internet / internet). • Maximale pakket grote (mtu) 1500 bytes (rfc4638) • IPv4 adres + DNS servers via PPPoE verkrijgen • IPv6 adresreeks + DNS servers (IPv6) via DHCPv6-PD verzoek (in PPPoE). Een adres gebruiken uit reeks voor router.
Nothing unusual here, though I do admit I had to re-read on a lot of these
concepts which I hadn’t touched in many years. Basically, it’s just VLAN6 with
PPPOE, the default MTU (1500) and any username and password (e.g.:
internet). IPv4, IPv6 and both sets of DNS also come via PPPOE.
VLAN configuration in OpenWrt ¶
VLAN (virtual LAN) is a technique run different networks on a same physical layer by tagging packets. The tag indicates to which VLAN each packet belongs. This is standardised in IEEE 802.1Q. You don’t need to understand much more about VLAN for this setup.
Network menu has a
Switch entry which allows configuring the VLAN.
By default there are two VLANs; one will have just the WAN port enabled and the
other will have all the LAN ports enabled. The one with the WAN port needs to
be set to
VLAN ID = 6. This row should be the one which has all LAN ports set
off and the WAN port set to
tagged (the CPU port should also remain
tagged. This mostly covers the VLAN side of things.
After saving in LuCI, it’s possible to check that everything looks in order on
/etc/config/network should have something like this:
config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '1 2 3 4 6t' config switch_vlan option device 'switch0' option vlan '2' option vid '6' option ports '0t 5t'
PPPOE configuration in OpenWrt ¶
Network menu pick
Interfaces. If there are any existing WAN
configurations that are not PPPoE (e.g.: from previous configurations), you
probably want to delete them at this point.
Add a new interface, pick
eth0 is the
actual device, and
0.6 means “VLAN6 on eth0”. You probably want to leave
Bring up on boot enabled and set
password to “internet”. Any
value should work, but leaving them empty does not work!
The relevant bits in
/etc/config/network should have something like this:
config interface 'pppoe' option device 'eth0.6' option proto 'pppoe' option username 'internet' option password 'internet' option ipv6 'auto' option mtu '1500'
If you ever need to configure anything for the IPv6 aspect of this, it needs to
be in a
config interface 'pppoe_6' block.
Configuring custom DNS ¶
By default, OpenWrt will pick up advertised DNS and use these as upstream. I don’t want this since I run my own DNS which does some basic adware filtering (mostly for “smart” devices which can’t run proper ad blockers).
The simplest way to disable using upstream DNS is to head over to
DHCP and DNS and in the
Resolv and Hosts Files tab uncheck
Ignore resolv file.
This is equivalent to editing
config dnsmasq # ... lots of other options ... option noresolv '1'
Make sure to configure the actually desired DNS in the
DHCP and DNS section.
Have comments or want to discuss this topic?
Send an email to ~firstname.lastname@example.org (mailing list etiquette)