Writeup - Openwrt 23.05 on Raspberry Pi 4 with usb ethernet adapter

trevormcooper · January 23, 2024, 6:13pm

This write up includes a lot of things i have learned while setting this up for myself, i am using a much more complicated setup including multiple vlans and networks, but these base steps will get you running!

This guide assumes you own at least;
Raspberry Pi 4 + power cord
any 4gb or larger sd card
an adapter to plug the sd into your pc
TP Link UE300 usb 3.0 to ethernet adapter

(if you are using an alternate usb ethernet adapter, search google and figure out what chipset it is running, when we get to the step to install the driver, install the appropriate kmod for that chipset)

this guide will not use a custom-built image, and will not use the onboard Wi-Fi, we will use only the base image provided on the TOH and make changes from there. this can be done with only a single pc with a monitor/tv and the pi available for use.

use the default raspberry pi imager application (you can use others such as etcher or rufus, however for simplicity were using this one)

download an openwrt image from the TOH
https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi

flash the image to your sd card
*select the raspberry pi 4, choose custom image, and select no to os customizations

insert the sd card into pi, plug in the monitor and keyboard, then power on

you will see a bunch of activity on screen. once everything stops loading press the enter key to open the terminal

enter the following command

vi /etc/config/network 
press enter

to enter edit mode once in the vi editor, press the letter "i" and use the arrow keys to navigate around, to exit edit mode press the "escape" key, to write your changes type ":w" to quit the text editor press ":q"

you can combine this process simply press escape and type :wq then hit enter, your changes will be saved and you will exit the editor.

add the following wan interfaces to your pi, be sure to follow the formatting, the empty space is a single press of the "tab" button on your keyboard

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'

we are using eth0 on purpose here so we can get a connection directly from the internet.

change the lan to list ports 'eth1' and the lan option ipaddr to something other than 192.168.1.1

this change is optional however a lot of off the shelf hardware uses the 192.168.1.1 ip and it can create conflicts, to avoid them we simply change it to something far less common. '192.168.2.1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

we will change the wan to eth1 and lan to eth0 around after we have install the usb adapter driver.

reboot the pi, and connect the onboard ethernet port directly to your internet connection.

type the following command to install the driver for your TP-Link UE300 gigabit usb ethernet adapter.

opkg update && opkg install kmod-usb-net-rtl8152
press enter.

you will see some activity on screen, wait for it to stop.

next we are going to change our ports back to default.

enter the following command and change the ports around, we want lan on the onboard eth0 and wan/wan6 on the ue300 adapter eth1

vi /etc/config/network
press enter
make the following edits

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

reboot your pi and remove the keyboard and monitor, they are no longer needed as we will be doing the rest via SSH or web browser.

move the ethernet that comes from the internet provider into the usb adapter, and connect the onboard port to your lan device (if replaceing an off the shelf router youll use those wires, however if using in a test setup you can just plug an ethernet in from your main router)

if no connection, reboot your isp modem and power cycle the pi

connect to the pi via browser or ssh
web browser 192.168.x.1 
or 
ssh root@192.168.x.1 

(x being what you chose in the initial setup)

the first step is to set a password. 

if in web browser there will be a big button pointing you to the administration page

if using ssh

type passwd and hit enter
type your new password, hit enter, and type it again to confirm,

i recommend also restricting ssh access to the lan in the administration page under the ssh tab

there are further customizations that can be made, but this is the basic config to get up and running.

if you wish to set custom DNS servers you can do so by editing the wan and wan6 interfaces, under the advanced tab, uncheck "Use DNS servers advertised by peer" and enter in a custom DNS server, you'll use the ipv4 address on wan, and ipv6 address on wan6, press the green plus icon to add it to the list, and save, make sure to apply.

enable packet steering under interfaces in the global network options tab.

under system, in the software tab, click update lists, and then you can download packages such as SQM, Adblock, etc.

trevormcooper · January 23, 2024, 6:14pm

link to cloudflare dns server ip addresses!

IP addresses · Cloudflare 1.1.1.1 docs

KSofen · January 23, 2024, 6:38pm

Cloudflare's DNS server blocks access to most VPN providers. Quad9 is a good alternative if you use a VPN. Substitute 9.9.9.9 if this issue affects you.

trevormcooper · January 23, 2024, 6:39pm

good tip! this is def meant to be a super beginners guide

KSofen · January 23, 2024, 6:51pm

It would be nice of there was a repository of backup files people could just load in after burning the firmware using generic settings easily altered through Luci.

Basic Router with Ethernet (Your example)
Basic Router with Wireless (Slightly more tricky without a dongle)
Basic Router with Wireless and Ethernet (Needs the dongle)

Basic Router with Wireless, Ethernet and OpenVPN
Basic Router with Wireless, Ethernet and Wireguard.
Basic Travel Router setup (Very tricky because the wireless dongles are flaky)

LilRedDog · January 23, 2024, 7:04pm

I did not know that.

I use HotSpot Shield and cloudfare (well, I use 1.1.1.2 and 1.0.0.2 because they added some malwares sites they block using those addresses). 1.1.1.3 and 1.0.0.3 block "adult content". Never tried it. I like their use of DNSSEC.
Quad9 has addresses that use DNSSEC also, but I do not know the address.

HSS has never given me an issue but that is just one person's experience.

KSofen · January 23, 2024, 7:17pm

If your main router is set to use 1.1.1.1 and you try to go to the website of VPN providers, it won't let you go there. If your VPN is running on the Pi you already have all the setup and 1.1.1.1 will work fine - unless you try and go to the website of your provider. A good way to accomplish blocking ads and using a DNS provider that doesn't keep logs and encrypts even the DNS requests you make which can be seen by your ISP is to setup the package dnscrypt-proxy2 - it takes care of all these concerns in one package.

trevormcooper · January 23, 2024, 7:19pm

I agree with the thought, but I understand that the storage requirements across hundreds of devices would be astronomical, the builder is basically this but you need to know exacts ahead of time and feel comfortable with it,

My guide assumes you want to download and go

LilRedDog · January 23, 2024, 7:26pm

I pi-hole DNS.

KSofen · January 23, 2024, 7:32pm

Check out the wiki on the subject:

dnscrypt-proxy setup