NanoPI R6S with OpenWRT

I didn't install AdGuard. OpenWRT packages are installed the same way in FriendlyWRT as they are in OpenWRT. They are the same packages, but they are downloaded from a different repository. This download is transparent to you. You run the opkg install command or use LuCI to install the package, and it gets installed the same way it does in OpenWRT.

I don't have enough knowledge of Linux to be able to tell you exactly what's different in FriendlyWRT from OpenWRT. From a user perspective, the only difference is that you are getting the software from a third party, which you would have to trust to feel safe. My position on this is that the FriendlyElec operation is so small that the CCP and the Chinese Government are unlikely to make them embed some sort of spy code in FriendlyWRT to spy on you or try to steel something from you. The threat level from FriendlyElec is not nearly on the same level as it may be from a Huawei mobile phone or Huawei router.

I can accept a possibility of risk with Huawei hardware and software, as it's a giant operation that - if CCP wanted to exploit - would make financial sense to invest in the development of back doors and exploits to gain something for China in terms of stolen data. I really don't think CPP has any interest in investing anything in developing an exploit for FriendlyWRT or other operating systems modified for their hardware by FriendlyElec. Of course, I have no way to prove this position of mine, so use FriendlyElec at your own risk. In about 2 years, there should be an official OpenWRT version supporting the R6S and R6C devices made by FriendlyElec, so you could simply wait for 2 years and then use the official stable release of OpenWRT on an R6S or R6C.

1 Like

Great reply. Thank you.

I actually have a great Huawei Phone :smile: (albeit for backup). To be honest, the back doors, the spying and the insecure code exists everywhere, including forwigh and domestic sources.

Getting back to the technical aspect, thank you for explaining the same software but different repo part. That helps me. In fact I received my device just yesterday and will update it's firmware and try to install AdGuard. In case my NanoPI R6S doesn't not come with a VPN client preinstalled (to connect to a VPN provider), would you have a recommendation(s) on a good client to install and use from the repo? Thank you again.

I would look for a VPN service that supports WireGuard and use the WireGuard package from the FriendlyWRT repository. WireGuard is supported in LuCI, so you can do configure whole thing in GUI.

WireGuard runs the best of all other types of VPN types in Linux. Definitely better than OpenVPN, which is a resource hog. If the goal is to get as much performance as possible through the VPN tunnel, I would definitely go with WireGuard.

I myself need to do the same. I don't want to put everything through a VPN tunnel, but I do want to hide my searches from the ISP (so secure DNS would help with this) as well as some of the traffic that I want to keep out of being tracked to my public IP for physical security concerns from the security services of a certain foreign country.

1 Like

Thank you. Yes, I agree. My provider offers WireGuard and indeed it is superior to OpenVPN.

Right now I have this neat little OpenWrt based box from GL-INET (model MT2500A) which included a VPN client preinstalled (I forget which one), but it allows one to, on a client IP-Address basis, specify which traffic to send through the VPN channel and which to send directly to the internet. (By the way I know Linux well - I've run Fedora almost exclusively for many years).

But I want to convert that box (which although performs well, has low specs and runs a bit warm) into my D/R box in case my NanoPi R6S fails. That's because my LAN side runs and WAN side runs so I'll always require a router. :blush:

I've just spent a couple hours researching the VPN services that support WireGuard with routers, and from my search it appears that Mullvad is probably the best offering right now, being affordable, not offering a subscription model - hence, not having customer records on file, being fast, secure, reliable, offering support for OpenWRT (with step-by-step instructions on how to set it up in OpenWRT), and well reviewed. Also, they don't offer affiliate links to web sites that publish reviews, so those reviews that recommended them do it honestly without drawing any benefit from linking to Mullvad.

Edit: I’ve just tried Mullvad with an app on my Mac, and it induces a terrible latency (200 ms extra latency) and cuts the bandwidth by about 75%. The maximum I can get is 120 Mbps by 8 Mbps. This is a no go.

1 Like

Thank you for doing that. Mulvad isn't currently my provider but they've enjoyed such a good reputation across the board that, including your input above, I'll probably add them as a provider, if not make them the main provider. :blush:

Yikes, that's a bummer. When I get there, I'll let you know what I experience. Not today (got side tracked) but soon. I normally have used Private Internet Access (PIA) or ProtonVPN.

What power supply are you guys using to power the R6S?

Would the Raspberry Pi 4 power supply work successfully?

No that won't work, the R6S needs 9V, 12V, 15V or 20V power in, but the Pi 4 power supply works at 5V.

The R6S specs say it supports USB-C PD at 5V, but I haven't gotten that to work. The front of the device says 9V/12V/15V/20V.

Interesting, I will give a few different USB-C PD adapters a try when I receive my R6S

The reason why I mentioned the Rpi4 adapter was because this guy here uses it, and it seems to work ok:

It seems to use 5W when used as a "router"

I suspect the higher power requirements may arise if the board is used for other purposes (e.g emulation) where the strong GPU is heavily leveraged, or if things like hard drives are connected

But total guesswork until I receive mine :smiley:

If you run more dashboards, more traffic shaping, it's possible to use more power.

Good point. I guess a laptop USB-C charger with PD is a good option

I bought the charger that FriendlyElec was selling as an option for the R1S, but I ended up getting a POE splitter to power the R1S from the Cisco POE switch it’s connected to. My POE switch has Gigabit ports, and the POE splitter is also Gigabit Ethernet.

If I migrate my L3 switching from my L3 Cisco POE switch to the R1S, I would need to get a POE switch with 2.5 Gbps ports to increase the L3 pipe to 2.5 GBPs (sufficient for L3 switching bandwidth on my LAN) and will have to rethink how I power the R1S so as not to create a bottleneck through the POE splitter. But for now, the POE splitter works wonders.

Another place to start may be to subtract load you are not putting on the factory recommended power supply. It looks like the R6S has an HDMI, a USB2 and a USB3 port. If you are not plugging anything into these ports, add up what each could draw and subtract from the factory power supply rating?

Edit: Check yourself of course, but these ports should add up to 1.25W for the HDMI, 2.5W for the USB2 and 4.5W for the USB3 port, so 8.25W total you could drop from the factory power supply rating.

Looking to obtain R6S, however I have concerns about Chinese government's requirements to a acquire any and all data it can get its hands on.
What guaranties is there that Friendly Elecs build does not "Call Home" in order to fullfill this requirement ?

There is no guarantee.

So basically we should assume there is spy code present...

You are free to assume anything you want. I’m assuming it’s safe.

When you assume you make an ass out of u and me...

Are you talking about yourself?