Category: Network

OpenWRT Travel Router

I recently posted about my purchase of the GL.iNet GL-AR300M16 which I of course immediately flashed with OpenWRT. As this was intended as a travel router it came along with us on a recent vacation. Above you can see the tiny little GL.iNet device plugged via the WAN port into one of the LAN ports of the internet router of the rental we had.

The GL.iNet isn’t a speedy device – with only a single 2.4GHz wireless connection it wasn’t able to saturate the internet connection (200Mbps symmetric) but I was still getting pretty reasonable speeds (~50Mbps).

I had setup the travel router to have a “travel” SSID, and could associate all of the devices we’d brought (6) to that. Sure this is a setup step, but for future trips I’ll only have to setup the travel router and all the devices will connect to the “travel” SSID.

As an aside, I’ll mention that I’ve started to bring my Roku when we travel, this way I have a familiar movie/show watching experience and I don’t have to remember to clear any passwords when I leave because I take the box with me.

Where it gets more interesting, is that I configured the travel router as a wireguard client. Pretty much following my post on OpenWRT as a wireguard client verbatim. I did set up the allowed_ips as a /24 CIDR block – effectively creating a split VPN – so that traffic targeted at my ‘home’ network would flow over wireguard, but other traffic would go directly to the internet. The benefit to this VPN setup is that if I’m streaming a movie on Netflix, that traffic will bypass the wireguard tunnel and when I want to reach a “local to my home network” service like homeassistant, it just works like at home.

Then as icing on the cake, I fiddled with the DNS options so that any address handed out by the travel router gets my pi-hole as the DNS server. If you want to do something similar check out my pi-hole setup post that talks about this configuration in OpenWRT. This gives me ad-blocking and my personal block lists. This helps keep the internet a little bit more family friendly, plus no ads!

I did experience a couple of network hangs,  4 over the week long trip, but a quick power cycle of the router and we were back in business. I suspect that this may have been either high load, or heat, that triggered the problem. The limitation of only 2.4GHz networking didn’t seem to be a big deal, and I got reasonable WiFi coverage over a 3 floors of a townhome.

This setup was pretty awesome. It gave me a ‘at home’ network experience, while I was away from home. What a great little box.

As a bonus, let’s dive into another travel configuration. I’m writing this post from a hotel room, connected to the travel router. Now the hotel doesn’t have a wired ethernet port, so I need to do something slightly different.

There is an OpenWRT package “travel-mate” that makes this more complicated setup easy. We want to operate in AP+STA (access point + station) mode, where the single wifi radio is doing both jobs. Many routers can do this, the GL.iNet is one of them.

The travel-mate documentation is a little sparse, but there is a long and fairly active forum thread that provides help. I was able to get it working with a little bit of stumbling around.

Installing two packages: travelmate and luci-app-travelmate will get you going. An OpenWRT menu “Services->Travelmate” will appear in the web UI, allowing you to access the configuration.

A newly installed travel-mate will have blank information, mine is a capture from a running version.

You’ll need to do a one time “Interface Wizard” to get the interfaces setup. This should create some trm_ network interfaces. I did this once and have forgotten about the details, you can probably safely do the same.

When you are ready to connect to the upstream WiFi (say the hotel’s internet) you will want to visit the “Wireless Station” tab and scan for, and select a SSID to connect to.

There is some magic I don’t yet fully understand about configuring a login script to bypass the captive portal that your hotel is likely to have. In my case, my laptop that connected to the travel router was presented with the captive portal webpage and I was able to log in that way (the travel router basically was a proxy for the captive portal). Once logged in, the router was granted access by the hotel WiFi and all other devices connected to the travel router just worked. (yeah, magic)

I’ll just quickly cover the  travel-mate General Settings.

The top red circle is the “Enabled” checkbox. This is handy as you don’t want travel-mate to be active if you’re using the travel router in a wired setup like I was in the top part of this post. Leaving it enabled while in a wired setup will possibly cause WiFi drop outs as it tries to scan for available networks to connect to.

The bottom red circle is checked on by default, by for my use I found that I had to disable it. Otherwise it was disabling my wireguard VPN. With the checkbox cleared, my split VPN is working fine and I’m enjoying the “at home networking, while I’m not at home” experience. It was also pretty nice that my phone and my tablet just connected to the “travel” WiFi once it was up and running.

Since we are using a single radio to both handle the clients (my devices) and talk to the host network (the hotel WiFi) you can expect that the overall speed to be much less. I know this is true as I’ve tested travel-mate in this AP+STA mode with my home network, and seen the difference (I was only able to get about 26Mbps when my home net connection is much faster). The good news here is that hotel WiFi while adequate, isn’t very good, at least not in this hotel.

Here are two speed tests, one via the travel-router, and one directly to the hotel WiFi.

They are basically the same, especially given the variations you’ll see on the hotel WiFi. The key take away here is that using the travel router isn’t imposing any real overhead or limits, and if we had much better hotel WiFi I’d still get acceptable performance.

It is interesting to note that with travel-mate and running in AP+STA mode, and only 3 devices and 1 user .. it was very stable. I didn’t have any hangs or weird problems once it was setup. I’ll certainly bring it along for future trips.

GL.iNet GL-AR300M16 with OpenWRT 22.03.05

When travelling I usually just deal with the internet situation that is provided, I’ve got wireguard if I want to have ad blocking or reach to my home network. The other day I got looking at travel routers, and while TP-Link has some popular ones, the GL.iNet devices seem to have more flash and RAM for basically the same prices.

The GL.iNet AR300M16 was under $40 on amazon.ca, and it shipped (free) in a few days. Look at it, very tiny and cute – but more powerful than the Netgear WNR3500L that I’ve used in the past. The USB power supply I’m using is larger than the router.

Of course, I selected this device with OpenWRT in mind. While the stock firmware has some really nice features as a travel router – I think I can achieve the same things with plain old OpenWRT. The GL.iNet device family apparently uses an OpenWRT base and customizes it. There are a number of GL.iNet devices documented on the OpenWRT site, but nothing specific for the AR300M16. The AR300M is close, but has a different flash module setup.

The first thing I did was just connect to the device, both wireless and wired. I knew that the OpenWRT install was going to require a wired only connection so I wanted to make sure that the laptop I was using was going to be able to successfully connect to the stock firmware over wire.

I was impressed at the quality of the user interface. I may have to give the stock firmware a proper try, but first let’s flash OpenWRT to it.

This turns out to be very easy. The stock firmware ‘local’ upgrade process will accept a .bin file. The OpenWRT firmware selector gives us an easy way to find a compatible firmware for the “GL.iNet GL-AR300M16” device.

I started with the Kernel image. This is the recommended path for moving from stock as it’s a smaller image. The stock firmware was happy to accept this .bin file as an upload, but warned me that I was treading in dangerous waters.

No problem, I know what I’m doing (so I told myself). Hitting “Install” and off we went. I did made sure that before I flashed the firmware I was using a quality USB power supply that delivered more than 2A of power.

This went smoothly, but the IP address of the router changed from 192.168.8.1 to 192.168.1.1. This is a difference between the stock firmware defaults and the OpenWRT defaults.

I then used the OpenWRT firmware upgrade to flash the sysupgrade image. This went smoothly as well. Now I have a teeny tiny router with OpenWRT installed.

Next I need to figure out how I want to configure this particular device to be my travel router, allowing me to connect my devices to it – and have it use another wifi network as the upstream. Then explore adding some ad blocking and some other nice features.

OpenWRT 21.02 to 22.03 upgrade

Here are my notes on upgrading OpenWRT, they are based on my previous post on upgrading.

In this case I’m upgrading specifically TP-Link Archer C7 v2 – the process will be similar for other OpenWRT devices but it’s always worth reviewing the device page. I’ve also got some v5 versions, and this means a slightly different firmware, but the same exact process.

For a major version upgrade it is worth reading the release notes First start by reading the release notes – nothing seems to be specific to my device that requires any special considerations, so I can just proceed.

An upgrade from OpenWrt 21.02 or 22.03 to OpenWrt 22.03.5 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration.

I personally prefer the cli based process, so we’ll be following that documentation.

Step 1. While I do nightly automated backups, I should also just do a web UI based backup – this is mostly for peace of mind

Step 2. Download the correct sysupgrade binary -the easy way to do this is by using the firmware selector tool. I recommend that you take the time to verify the sha256sum of your download, this is rarely an issue but I have experienced bad downloads and it’s hard to debug after the fact.

It is recommend to check you have enough RAM free – thankfully the archer has a lot of RAM (which is used for the /tmp filesystem too) so I have lots of space.

Step 3. Get ready to flash – if you review the post install steps, you’ll see that while the sysupgrade will preserve all of our configuration files – it won’t preserve any of the packages.

This script will print out all of the packages you’ve installed.

Save the list away so you can easily restore things post install. There is a flaw with this script as I’ll point out later, but in many cases it’ll work fine for you.

On my dumb access points I get this list of packages

Mostly I have the prometheus exporter (for metrics) and rsync (for backups) installed. My main gateway has a few more packages (vnstat and sqm) but it’s similar.

Step 4. Time to flash. Place the firmware you downloaded onto the openwrt router in /tmp and run sysupgrade.

This is a bit scary — because you lose your ssh connection as part of the upgrade.  It took about a minute and a half of radio silence before the device came back.  However, I was then greeted with the new web UI – and over ssh I get the 22.03.5 version splash.

Step 5. Check for any package updates – usually I leave things well enough alone, but we just did a full upgrade so it’s worth making sure we are fully current. Note, this may mess with the script in step 3 since the install dates will change for other components.

If you get any packages listed, we can easily upgrade using opkg upgrade <pkg name>

Step 6.  Install packages captured in step 3. Do this by creating a simple script to opkg install <pkg name> for each package.

Post install, take a careful look at the output of the installs, and look for any *-opkg files in /etc/config or /etc. These are config files which conflicted with local changes.

Sometimes you will want to keep your changes – others you’ll want to replace your local copy with the new -opkg file version. Take your time working through this as it will avoid tricky problems to debug later.

When I upgraded my main router, vnstat seems to have been busted in some way. The data file was no longer readable (and it’s backup) – I suspect that some code change caused the format to be incompatible. I had to remove and recreated a new one. Oh well.

Things mostly went smoothly, it took about 30mins per openwrt device and I was going slowly and taking notes. There was one tiny glitch in the upgrade. The /root/.ssh directory was wiped out – I use this to maintain a key based ssh/scp from each of my dumb AP to the main router.

Bonus. I found a new utility: Attended Sysupgrade. This is pretty slick as it makes it very easy to roll minor versions (so 22.03.02 -> 22.03.05 for example) but it will not do a major upgrade (21.03 -> 22.03). I’ve installed this on all of my openwrt devices and will use it to stay current. It takes care of all of the upgrade steps above.. but it does suffer the same ‘glitch’ in that /root/.ssh is wiped out. The other downside is that the custom firmware that is built, breaks the script in step 3 – since the flash install date is the same for all of the components. I’ll need to go refactor that script for my next upgrade.