Can You Make a Router Out of Raspberry Pi
Recently I replaced my habitation router with Raspberry Pi iv. My main goal was to increase throughput through my VPN. While at it, I also migrated from OpenVPN to WireGuard, and read their whole technical paper. This postal service sums upwards my insights with repurposing a Raspberry Pi into a network device.
Why having a dwelling router in the first place?
When you sign a contract with your isp, likewise the Internet service, you usually lease a router too. Information technology is certified for the Internet service provider network and gives you lot wired and wireless connectivity for all devices in your domicile. In most cases, yous can't go rid of this router, and most people don't bother. I recollect differently, and I believe it'southward of import to talk about its security risks.
Routers provided by your ISP have several drawbacks like:
- Their hardware is often very low-stop, with insufficient RAM and flash storage
- Every bit a upshot, their software is limited in functionality
- Sometimes, such routers take hardware modifications from variants made for the consumer market, and frequently they have custom firmware explicitly fabricated for your ISP
- You, as a customer, have limited access to these devices. On the other hand, Internet service provider often has remote access and full control over the equipment
- In the past, security experts establish several backdoors allowing remote access to anyone who is motivated enough
- Such routers usually don't get firmware updates, or they become it very rarely and just for a express time
- Every bit a consequence, if security experts detect bugs in software libraries used in such routers, these bugs are never fixed
- You utilise such routers daily for years. Usually, until your Internet access provider gives you an updated model, which is rare
For me, having a custom router connected behind the ISP router is a no-brainer. I similar having things under command, and I as well use non-standard services similar VPN, which spans through my home and flat and so that I can access my stuff everywhere I go.
From Mikrotik to Raspberry
I tried different brands of routers over the years, but one make stuck with me for a long time — Mikrotik. A friend of mine recommended one to me, and since and so, I passed that advice to others, having my own feel at present.
In my home, I used the RB450G model, which has a MIPS-based 680 MHz single-core CPU with 256 MB of RAM, and 512 MB of flash storage. Information technology was already a considerable upgrade from having a router from my ISP. At that time, a typical Isp router, or cheap habitation router, had most 32 MB of RAM and four MB of storage. You almost couldn't fit any decent software at that place; at that place was just no infinite.
We were using ADSL for connectivity. To hook up this new router into my network, I connected it to the LAN port of the ADSL modem as the only client. Too, I turned off DHCP, set up static IP address, and turned off all "smart" functions, effectively making the modem just a bridge passing data from my router to the ISP, forth and back.
Each ISP router is different, but you should exist able to set it up similarly. Likewise, try to look upwards for the DMZ choice and set it to your abode router IP address. That manner, all data traffic is forwarded to your domicile router, and no special rules are applied. 1 final thing, if your ISP router has a WiFi, plough information technology off. Yous need to gear up upward a WiFi on your home router, or a device behind information technology. Otherwise, all wireless traffic bypasses your habitation router, and that'south probably non what you want.
OpenWrt
Mikrotik devices use RouterOS as their system. It gives users features plant in much pricier network products. I peculiarly honey their WinBox app, which helps to manage my equipment through a simple-to-use UI. Yet, as I used it, I institute several bugs, and some features I needed were missing. For example, RouterOS supports OpenVPN simply through TCP, which adds overhead. As well, when my provider configured a DS-Lite IPv6 stack, RouterOS back up was express, and I had trouble accessing a native IPv6 network. Therefore, I decided to migrate to OpenWrt, which is an open-source Linux distribution aimed at routers. Due to this, many features were but there, including OpenVPN on UDP, and proper DSLite support.
OpenWrt had many software packages available out of the box. If I missed a feature, I could (and did) set up a bundle, and if I found a problems, I could (and did) report an issue and provide a patch. One mean solar day, yet, Linux kernel dropped support for my flash storage. All of a sudden, the latest OpenWrt versions didn't work correctly with my router, and I was stuck with an sometime version of the system. It was a problem from a security standpoint, as well as from a usability standpoint; I couldn't use the latest software anymore. Because this was my master router, I couldn't experiment with it and set patches. Testing my changes was non possible. I kept running this sometime OpenWrt distribution on my router for over a year. During that time, I was looking for an alternative solution, which is powerful plenty to increase my VPN performance, and which can run customizable firmware.
Finding alternative hardware
In my other site, I use Turris Omnia, which uses a forked OpenWrt lawmaking. I thought nearly replacing my Omnia with a network programmer board like MACCHIATObin Double Shot and replacing my Mikrotik with Omnia. Yet, ultimately I abased the thought due to the college price and lower availability of the MACCHIATObin lath. From the applied point, I don't need hardware capable of routing x Gbit/second if my Internet access provider gives me only one Gigabit, but I must admit it would be cool. Later on I shifted my focus to a hardware running pfSense or OPNSense. These distributions have minimal support for ARM-based boards, and finding x86 hardware with low power consumption, reasonable price, and decent performance is not that easy.
And so I remembered on my Odroid C2. It'due south a developer board with a single Ethernet port and a bunch of USB2 ports. What's important is that it can handle Ethernet through its RJ45 port at total speed of i Gigabit. If y'all'd like to use such a device as a router, you demand to have at least 2 interfaces — 1 facing your ISP router (WAN) and one facing your devices (LAN). I was thinking of using this internal Ethernet port for LAN considering the maximum speed on the local network is essential. However, for WAN, I needed much lower throughput because my Internet speed was only around 100 Mbit/second. I institute some decent USB3 to Ethernet adapters for that purpose. Odroid C2 supports several Linux distributions, including Ubuntu and ArchLinux ARM. Therefore, transforming information technology into a router is possible, and I would certainly practice that if in that location weren't a new revision of Raspberry Pi. The principal trouble with Odroid C2 is that its kernel is non mainline, and it's rather old. Too, ArchLinux ARM, which I planned to use, is not explicitly designed for routers. This solution could piece of work, merely it would most likely have a significant time to set upwards.
Last weekend I was determined to go with the Odroid C2 path. Only then I looked at my shiny Raspberry Pi 4, and I changed my mind. I own almost all revisions of Raspberry Pi, and I use them in my work IoT projects. That was also the reason why I bought the Raspberry Pi four. Previous generations of RPi were not that useful for use as a router because their Ethernet interface was internally routed through a USB2 hub, effectively limiting the throughput to around 200 Mbit/2d. Nonetheless, RPi4 can finally saturate a full Gigabit link because of its new I/O compages. As well, it finally provides USB3 ports, which work great with my external USB-to-Ethernet adapter. The main advantage of RPi4 over Odroid C2 is the mainline kernel support. Therefore information technology's easy to utilize close-to-latest Linux kernel. Due to its popularity, community support is besides better. And, every bit a bonus, OpenWrt added support for it in their programmer builds. Therefore, migration from my existing router to Raspberry Pi should be relatively painless. Let'due south take a wait at this process.
Turning Raspberry Pi into a router
As I mentioned, I needed to have 2 Ethernet interfaces, and Raspberry gives me only 1. I decided to utilize the internal Ethernet port for my local LAN and a USB-to-Ethernet adapter for WAN. Of course, this assignment is not mandatory, and if you utilize a USB adapter for LAN instead, your setup should work besides. In my example, the LAN port on RPi is connected to a 24-port Gigabit Ethernet switch to provide connectivity for more than than ane device. You can buy any cheap Gigabit Ethernet switch.
Without going into much detail about how an Ethernet works, a router serves two purposes — it resolves an IP address into device MAC using the ARP protocol, and it routes traffic into outside networks, similar the Cyberspace. When ii of your devices desire to communicate inside the same LAN network, their traffic won't go through your router at all, only through the switch. Hence, if you buy a cheap Gigabit switch, you lot'll get a decent network performance, and it doesn't thing what kind of router you use.
Therefore, if you have some spare Raspberry Pi 3, it tin nonetheless serve y'all well equally a router, just hook upwards some switch behind it, and make certain your Internet link is slower than 200 Mbit/second. Otherwise, your speed is limited. Raspberry Pi 3 won't handle more traffic because of the internal USB2 hub mentioned earlier. RPi4 is a better choice in that case. I don't have exact stats, but USB 3.0 throughput is 5 Gbit/southward, so I believe the latest RPi should have no problem saturating an outgoing link.
OpenWrt installation
The installation of the system was pretty straight-forward. I followed the official instructions. Note that if you have Raspberry Pi iv, its back up is non even so in stable OpenWrt builds, and you need to download the latest development build. The image is gzip-compressed; first yous need to unpack the file. I explicate the required steps using the Linux control line:
i gunzip rpi-iv-ext4-mill.img.gz
As a result, yous'll get a file without the *.gz extension. You can at present flash this file into a MicroSDXC card. I'k using the dd tool:
one dd if = rpi-4-ext4-manufactory.img of = /dev/mmcblk0 bs = 4096
ii sync
You specify source file as the if parameter, and target retentiveness bill of fare as the of parameter. Block size, bs, is optional to speed things upwards, and sync command makes certain everything is written into the card.
Unlike distributions similar Raspberry Pi OS, OpenWrt doesn't aggrandize your organisation partition to fit the whole space. Typically, y'all'll get but 100 MB of space for your apps, fifty-fifty if your retention card has 64 GB of storage. I resized the sectionalization manually on my PC. Offset, I edited the partition tabular array with fdisk, and and so used the resize2fs command. The animation below illustrates all these steps:
First, y'all demand to alter the partition table so that the 2nd, rootfs, sectionalization fits all available space. You demand to delete the partition commencement and then create a new i. The key is to make sure the new larger partition starts at the same get-go. This operation might sound dangerous, only information technology's not. Of form, yous need to make sure that you've picked the correct device. When yous change the segmentation tabular array, then remove and insert the memory card back and so that Linux uses the updated partition table. Next, check the file organization for errors, and finally, initiate the resize2fs control.
The offset run
Raspberry Pi has assigned the IP address of 192.168.i.1. To go access to it, connect your PC into the Ethernet port on RPi, and set its IP address to 192.168.1.2. And then you should be able to access OpenWrt through SSH:
2
3
4 BusyBox v1.31.1 ( ) congenital-in shell ( ash )
five
6 _______ ________ __
vii | | .-----.-----.-----. | | | | .----. | | _
8 | - || _ | -__ | || | | || _ || _ |
9 | _______ || __ | _____ | __ | __ || ________ || __ | | ____ |
x | __ | Westward I R Eastward L E Southward S F R E Due east D O M
11 -----------------------------------------------------
12 OpenWrt SNAPSHOT, r12945-0aa2ecf5b2
13 -----------------------------------------------------
Equally a next footstep, information technology's a good exercise to gear up a password:
one passwd < your-new-password >
To continue further, we demand to have Internet connectivity inside OpenWrt. In my instance, I changed the Raspberry Pi IP accost inside the /etc/config/network file. If y'all statically assign an IP from a range matching your LAN, you can claw upward the Raspberry as a regular client behind your existing router. It makes further steps easier.
To edit the network file, y'all can utilize the pre-installed half-dozen text editor. If yous never used vi or vim, here'due south a brief overview. When you open a file, y'all're in a command way. Use your arrow keys to move the cursor to the point you want to change. And so, press "i" to switch to the editing mode, in which y'all can write a text and delete an existing text using the Delete key. After you make your changes, printing Escape to get back into the command style, and shop your file by typing :wq <Enter> (i.eastward., command: write and quit).
Start editing the network file:
Adjust the wan department to lucifer your current LAN config, i.eastward., assign to RPi a static IP, which is non used in your network, gear up a proper default gateway address pointing to your current router, and set up a DNS. Here's an case from my configuration:
1 config interface 'wan'
ii pick ifname 'eth1'
3 selection proto 'static'
iv option ipaddr '192.168.0.two'
five option netmask '255.255.255.0'
half-dozen option gateway '192.168.0.i'
7 selection ipv6 'car'
8 choice peerdns '0'
ix option dns '193.17.47.1 185.43.135.1'
After you lot write your changes, apply your new configuration by rebooting your RPi or typing the post-obit command:
Now your RPi should be continued to the Cyberspace, which yous can confirm with the ping command. Starting time, ping a well-known public IP address:
two PING 8.8.8.8 ( viii.viii.eight.8 ) : 56 information bytes
3 64 bytes from 8.viii.viii.8: seq = 0 ttl = 118 time = 35.707 ms
4 64 bytes from viii.8.8.8: seq = 1 ttl = 118 time = 35.544 ms
v ^C
6 --- viii.8.8.8 ping statistics ---
7 two packets transmitted, 2 packets received, 0% packet loss
If this command worked, your RPi has a connection. Let's also verify your DNS name resolution works, and that you're able to connect to services using their domain names:
ii PING www.google.com ( 172.217.23.228 ) : 56 data bytes
three 64 bytes from 172.217.23.228: seq = 0 ttl = 118 time = 33.452 ms
4 64 bytes from 172.217.23.228: seq = one ttl = 118 time = 33.279 ms
five ^C
6 --- www.google.com ping statistics ---
vii ii packets transmitted, two packets received, 0% parcel loss
When y'all have a working Internet connection, feel gratuitous to install whatsoever text editor, which suits you ameliorate than vi, or whatever package you demand. I recommend nano. First, update your package list:
i opkg update
ii Downloading http://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/packages/Packages.gz
iii .. .
And and so install nano:
2 Installing nano ( five.ii-one ) to root .. .
iii .. .
From now on, yous can edit your files similar so:
ane nano /etc/config/network
At this point, you should be ready to proceed with the next steps. If you get stuck somewhere, shoot me a annotate below this mail service.
Enabling USB-to-Ethernet adapter
If you lot check your available interfaces, you'll most likely see simply the internal eth0 interface, even if your USB adapter is connected. In my case, I had to find out which chipset my adapter is using and install the appropriate kernel module.
After side by side reboot, you lot should see your USB Ethernet interface initialized:
i .. .
2 [ vii.159985 ] usbcore: registered new interface driver r8152
3 [ seven.370114 ] r8152 2-2:1.0 eth1: v1.ten.11
4 [ 10.665622 ] IPv6: ADDRCONF ( NETDEV_CHANGE ) : eth1: link becomes set
5 [ 10.673312 ] r8152 2-2:1.0 eth1: carrier on
6 .. .
Update network configuration
As I mentioned previously, I decided to employ a USB adapter for traffic going to the Cyberspace. Raspberry Pi uses the internal eth0 port for that by default. We need to do changes inside the /etc/config/network file. This time, all the same, we can apply the final configuration, including the terminal IP accost for the device. Y'all simply need to make certain that yous don't utilize the configuration, e.thou., by rebooting the device.
My file looks like this:
1 .. .
2
3
four config interface 'lan'
v selection type 'span'
6 option ifname 'eth0'
vii option proto 'static'
8
9
ten option ipaddr '10.0.0.1'
11 option netmask '255.255.255.0'
12 selection ip6assign '60'
13
14
fifteen
16
17 config interface 'wan'
18 option ifname 'eth1'
xix option proto 'static'
20
21 option ipaddr '192.168.1.two'
22 option netmask '255.255.255.0'
23 option gateway '192.168.ane.ane'
24 selection ipv6 'auto'
25 choice peerdns '0'
26
27 option dns '217.31.204.130 193.29.206.206'
28 .. .
Install webserver and GUI
OpenWrt provides LuCI as a spider web UI. It allows you to manage all these settings through a unproblematic webpage. On low-end OpenWrt routers, information technology ordinarily uses uhttpd equally a webserver. Nonetheless, Raspberry Pi is powerful enough to handle a full-fledged Nginx server.
You lot tin can install UI with these commands:
ane opkg update
2 opkg install luci-ssl-nginx
Optionally, y'all can install linguistic communication packs to switch UI into your preferred language. Meet the official documentation for the instructions.
To enable the UI, you need to do the following:
Final steps
That'south pretty much information technology! Raspberry Pi is ready now to serve equally a router. If you lot have another home router with OpenWrt (like the Mikrotik in my case), you can transfer the remaining configuration, like firewall rules, DHCP and DNS entries, and so you can plough Raspberry Pi downwards. Information technology'southward ready to be placed as a router now.
After reboot, you can access the spider web interface in your browser using the static IP set in the network configuration.
Decision
In my case, the experiment to employ Raspberry Pi every bit my router turned out well, and I decided to make this setup permanent. Afterward a long time, I accept OpenWrt with the latest patches. My VPN performance is significantly higher, and not to mention this solution gives me iv GB of RAM and almost 60 GB of storage, which brings new possibilities, like running my proxy server or configuring more demanding firewall rules. I'm pleased that, finally, nosotros have development boards capable of replacing network equipment. Such boards may shape the segment of dwelling house networking significantly in upcoming years. If you have a spare Raspberry Pi, I encourage you lot to endeavour to use it as a router too. It'south a fun feel.
Update 11/01/2020: Recently, the Raspberry Pi Foundation introduced a new compute module based on Raspberry Pi 4. Information technology has the same CPU and well-nigh of the features of the RPi4, but it as well offers some extra goodies, mainly the PCIe x1 port. A few days ago, I read on Hacker News a postal service like to mine. Even so, instead of using an external USB-to-Ethernet adapter, the author used an Intel NIC. He was able to attain a throughput of 3 Gbit/s, which is the maximum of the PCIe x1 motorcoach. Making the NIC work was non difficult at all. He used a cheap adapter to PCIe x16 and built the Intel NIC commuter from sources. I recall it'south worth reading and a decent alternative to my approach if you lot desire to squeeze fifty-fifty more operation out of your RPi.
Source: https://www.zahradnik.io/raspberry-pi-as-a-home-router/
0 Response to "Can You Make a Router Out of Raspberry Pi"
Post a Comment