Most home routers sold today are running Linux under the hood with a proprietary web GUI intended for home users. There’s been a movement over the past several years to create a more featureful environment for these routers by creating third-party firmware.
I installed OpenWRT on a Linksys WRT1900ACS router acting as my internet gateway. OpenWRT is a fully writeable Linux filesystem, and unlike factory images, allows you to extend the router’s capabilities through add-on packages. OpenWRT can serve files visa NFS, act as a web server or reverse proxy for your homelab, filter web ads for your network, and more. It’s as close to a full router experience as you can get on a piece of commodity home hardware. As a router/firewall, OpenWRT features zone-based firewall rules, NAT, Port forwarding, VLANs and advanced wireless security and support for Wireguard and OpenVPN virtual private networks.
The installation took about 15 minutes – going to the OpenWRT site, finding the correct firmware version, and flashing my router from the OEM web interface with the web-upgrade version of OpenWRT. Many Linksys routers feature a dual-flash design, so if you brick the router during the process you can boot over to the working partition and start over again.
As a side-benefit, my WAN speeds increased by roughly 30% by running OpenWRT on the same hardware versus the OEM firmware.
Once I had my router working, I added Wireguard VPN support. Wireguard is an efficient, key-based VPN that claims to be simpler than IPSec or OpenVPN. Torguard, my VPN provider supports Wireguard, so I downloaded my Wireguard configuration from their web site, entered it into the OpenWRT GUI, and enabled Wireguard.
VPNs are great at hiding your traffic from your ISP and local traffic, but many streaming media sites block VPN traffic. That’s where the vpn-policy-routing package comes in. Install it, enter the names of sites that should bypass the VPN and you’re done.
Now, I have all of my traffic routed through a VPN with the exception of streaming services, and can add any new services that need to route over my WAN with a web administration page.