Unlock routing powers with OpenWrt
Wednesday, August 29, 2012
I'm running a really complicated network in my house.
Surprisingly, the reason is not "Because I can" this time round. It's more of, I screwed up and it just ended up like this. Since everything is working fine, I didn't bother optimizing it due to the lack of time. (thanks exams!)
Since words are really not helpful in this situation, I shall make a simple diagram to illustrate my network. (I feel paranoid and insecure doing this, I pray the hackers stay away from me)
R1 ~ R3 refers to routers. (yes I am using 3)
SSID refers to the name of the wireless network
The grey dotted line is a wireless bridge between 2 routers
My NAS is connected to R3
What I ended up doing is actually quite interesting. It is stupid, but it's amusingly secure somehow. Now, all 3 of my routers are on separate networks. How the fuck? Because I treat each link from the router as a WAN connection. That means that each router thinks that it is directly connected to the internet. Which, is only true for R1.
What do I end up with? R1 is unable to access R2 or R3. R2 is able to access R1 but not R3. R3 is able to access both R2 and R1. Interesting right? Well, I am on R3. I could give my friends access to R2 or R1, using it as guests networks and it will be totally separated from me.
This also means that technically, I am behind 3 physical firewalls. Because I am actually triple NAT-ing my network. It might seem really stupid to the real geeks out there but well, I really don't know if this is ingenius or full retard.
To make this work, your normal home routers with their default software probably couldn't make such an interesting configuration work.
What is OpenWrt?
OpenWrt is described as a Linux distribution for embedded devices.
Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
It's relatively easy to flash a the Linux firmware onto your router. The hard part comes when you have to telnet/ssh into it and do a bunch of command line stuffs to get your web interface working. (I'm too noob to work solely in CLI) Of course, this is relatively advanced stuffs. Even I don't know half the settings that exists on the software. So if you want to mess around with your own hardware, do it at your own risk. As usual read the fucking manual and make sure you have a plan B in case something fucks up.
Many of the supported routers are not exactly stable per say, so please read carefully. I recently bought a TP-LINK WDR4300 and I think I haven't wrote about it yet. But it was relatively buggy with the first few OpenWrt firmwares and I had to power cycle it often. However, after switching to OpenWrt Attitude Adjustment r33276 / LuCI Trunk (trunk+svn9138) today, the connection is more stable and I didn't have to mess around with it anymore. My other TP-LINK 2543ND has been up and running for 5.5days without any hiccups at all.
Alright, how is the performance? I just took a test from www.speedtest.net
(R2 has been running for 13hours)
My connection is 100mbps. Using the direct wireless I could achieve roughly 60+mbps (due to overhead and whatnot). So my connection at R3 is about 60~70% of my maximum wireless throughput. Which is not bad, considering my location and overhead wireless has. Though technically this is only 36% of my total available bandwidth. However, since my wireless bridge link is my limiting speed, I could achieve average 3MB/s downloads, and bursts of up to 4.5MB/s.
I also ran a pinging test from R3 to R1 for about a minute or so, the average latency is about 7ms, with a minimum of 2ms and maximum of 28ms. Which is good enough for gaming.
Well, it's good enough for now. I will still continue to work on this little project and improve my networking skills over the holidays. There's still Dynamic DNS and VPN to set up. This is going to be one hell of a fun thing to experiment on.