Raspberry pi as a home router part 1: VLANs on TP-LINK TL-WR740N

Introduction

I was previously using TP-LINK TL-WR740N v4 as my home router/switch/AP. It is cheap (about 25$) and does not provide too much features but it certainly works well and is enough for an average home user. I needed something that I could play with a lot more, something that could give me more control over my internet connection, provide logging capabilites, advanced routing, firewall, qos and security enhancements. All I really needed for this is just a linux box. There are readily available open source applications that could provide me with all these features. Of course it’s not plug-and-play solution and it needs a lot of insight and tinkering but that’s just the fun part for me.

Hardware

What I needed was a small, not-power-hungry, quiet and cheap linux server. It should preferably have 2 ethernet ports and built-in wifi (or at least pci or usb ports so I could plug additional interface cards). I considered mini-ITX mainboard based server as it would give me most flexibility and even possibility to run virtualization on x86 CPU with support for hardware virtualization and 2 HDDs for RAID 1. I didn’t go for it because I didn’t want to spend so much money plus it would most likely be actively cooled which would generate noise. Then my eyes turned to Raspberry Pi, which is a very cheap and small ARM-based computer. The main caveat of it is that it only has one FastEthernet port which makes it not very suitable for a router. You can add additional ethernet port as an USB adapter (or wifi adapter). However, I didn’t like the idea to add two USB adapters to have a complete router with AP. I also found more expensive alternative of Raspberry Pi called Utilite which would be just perfect as it has 2 x GbE ports plus Wifi built-in, but again the cost was much higher (plus shipping costs from Israel). That’s why I decided to work with what I have creating low-cost solution.

Architecture

The idea is to use TP-Link TL-WR740N as a switch and access point and Raspberry Pi as router. To accomplish that with only one FastEthernet port I would need VLAN support on the switch to deploy something called “router on a stick”.

 

 

 

VLANs allow you to create logically separated layer 2 networks. Without VLANs all ports on the switch belong to one logical network and frames sent from one port can freely travel to any other port. However if you put ports in separate VLANs then traffic from one VLAN can’t go to another VLAN without a router.

Cable modem connects you to the provider (it could as well be ADSL modem or radio antenna) and forwards L2 frames to the VLAN 2 (the numbers are arbitrary). If your modem already has a router built in then you can still use this topology but you will most likely have to double NAT. Frames which are untagged simply do not carry VLAN information within them. The switch recognizes which VLAN they belong to because the port is statically configured to be a member of specific VLAN. Switch port that has raspberry PI connected is a member of two VLANs (it is also called trunk port). Frames transmitted across this interface are tagged which means they contain VLAN infromation. That way router and the switch are able to tell which VLAN the frame belongs to.

When you receive a packet from the internet it travels through the modem, VLAN2 port, comes into raspberry PI via trunk port, RPI deals with routing, NAT and other functions that you implement, comes out of the same port (but this time via VLAN 1) and is forwarded to the PC or WiFi client which also belong to the VLAN1. Please note that the traffic needs to pass the trunk interface twice (once in inbound direction and once in outbound direction). This has performance implications. You can think of it as the half-duplex port even though it’s full-duplex port physically. When you download something from the internet with 100Mbps speed (the speed of RPI and TP-LINK WR740N ports) you can do this but it will also take up “upload” of the port. In other words your upload+download speed is capped at 100Mbps but I don’t think it’s the problem for most home users.

Switch configuration

Installation

Note that there is no Web interface by default for TP-LINK WR740N openwrt images.

http://wiki.openwrt.org/doc/howto/generic.flashing gives you a generic explanation of the installation process. You will not need most of the information given there. Let me walk you through the installation:

1. Identify your exact model (there are versions 1,2,3 and 4). http://wiki.openwrt.org/toh/tp-link/tl-wr740n can give you some useful information. Please note that there is “debricking” section in case something goes wrong. I did not need to do this but if you lose connectivity to your router you can find out how to get it back online in this section.

2. Download firmware from http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/

I used http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-factory.bin

There are “JFFS2” and “squasfs” versions. I am not sure what is the difference. Squashfs is recommended. “Factory” is for installing openwrt on router with factory image and “sysupgrade” is for upgrading.

3. Reset TP-LINK to factory defaults.

4. Use Firmware Upgrade function and select image of OpenWrt.

5. After the router reboots telnet to the address 192.168.1.1. There is no password.

6. Use command “passwd”. It will prompt you to choose your root password. After you choose it telnet will be disabled and SSH will be enabled. Type “exit”.

7. Log in with your chosen password on “root” account using SSH. You can now configure your OpenWrt device.

 

Network configuration

All the interesting configuration is in the directory /etc/config.

Network configuration is stored in /etc/config/network. Let’s view the defaults.

config interface 'loopback'
 option ifname 'lo'
 option proto 'static'
 option ipaddr '127.0.0.1'
 option netmask '255.0.0.0'

config globals 'globals'
 option ula_prefix 'fd9c:6323:7240::/48'

config interface 'lan'
 option ifname 'eth0'
 option type 'bridge'
 option proto 'static'
 option ipaddr '192.168.1.1'
 option netmask '255.255.255.0'
 option ip6assign '60'

config interface 'wan'
 option ifname 'eth1'
 option proto 'dhcp'

config interface 'wan6'
 option ifname '@wan'
 option proto 'dhcpv6'

config switch
 option name 'switch0'
 option reset '1'
 option enable_vlan '1'

config switch_vlan
 option device 'switch0'
 option vlan '1'
 option ports '0 1 2 3 4'
  •  config interface ‘lan’ s section is pretty straifghtforward. You can set ip address and netmask of lan interface of your TP-LINK router.
  • config switch section is misleading. I would expect that you need to enable additional VLANs here but this is not the case. You don’t need to do anything here. I don’t know what it’s for.
  • config switch_vlan

This is where you’ll be configuring VLAN settings. If you need to add additional VLAN just add another config switch_vlan section (identical section name). Leave the option device ‘switch0’ as is. Specify which VLAN you want to configure in option vlan.

Option ports is a list of physical and logical ports that are members of the VLAN. If you use number alone like 1,2,3 and so on it means that the VLAN will be untagged on that port (of course you can have only one untagged VLAN on port). If you append letter “t” to the number it will tag the frames of that VLAN on that port.

Port numbering

 0 – logical port that connects the switch to the CPU of the device. You will only need to add VLAN to this interface when you need to manage the device using IP from that VLAN or if you want it to provide services like DHCP or DNS on that VLAN. We will add VLAN 1 (which coressponds to LAN) to the port 0 untagged.

1,2,3,4 – physical ports

Please note the numbering is not in order!

If you are unsure which ports are you configuring or you find this information incorrect you can display which ports are currently up/down by issuing command:

swconfig dev switch0 show

This is the configuration that I use:

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd9c:6323:7240::/48'

config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.33.254'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'

config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 3t 4'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '2 3t'

As you can see port 3 is being being used as trunk and will be connected to RPI. Port 2 will be connected to WAN and port 1 and 4 will be LAN ports. I will not be using eth1 which is normally WAN port when using stock firmware.

Optional

If you want to create multiple IP interfaces (one for each VLAN) you can just add another config interface section and specify ifname as eth0.N where N is VLAN number. Example:

config interface 'lan2'
option ifname 'eth0.2'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'

Don’t forget to add tagged VLAN to the port 0!

Wireless

Wifi is disabled by default on openwrt. The relevant configuration file is /etc/config/wireless. In order to enable the wireless you need to set option disabled to 0 (or remove the line).

The most popular,secure and completely sufficient configuration for home users is just WPA2-encrypted connection using pre-shared key.

Sample configuration is here:

config wifi-device radio0
 option type mac80211
 option channel 1
 option hwmode 11ng
 option path 'platform/ar933x_wmac'
 option htmode HT20
 list ht_capab SHORT-GI-20
 list ht_capab SHORT-GI-40
 list ht_capab RX-STBC1
 list ht_capab DSSS_CCK-40
 # REMOVE THIS LINE TO ENABLE WIFI:
 option disabled 0

config wifi-iface
 option device radio0
 option network lan
 option mode ap
 option ssid your_ssid_here
 option encryption psk2
 option key your_password_here

Disable unnecessary services

RPI will provide DHCP and DNS services for our network. You certainly do not want two DHCP servers running concurrently in your LAN. Daemon which is responsible for both of these functions is called dnsmasq. To prevent it from starting automatically after reboot type:

/etc/init.d/dnsmasq disable

Apply settings

After all configuration changes you can just reboot your router and hope you do not cut yourself out of management:

reboot

Final words

This was first part of the tutorial. I will add routing part which is more interesting soon!

54 Replies to “Raspberry pi as a home router part 1: VLANs on TP-LINK TL-WR740N”

  1. I’m impressed, I have to admit. Seldom do I encouner a blog that’s both educative andd interesting,
    and let me tell you, you’ve hit the nail oon the head. The
    problem is something too few meen and women are speaking
    intelligently about. Noww i’m very happy that I stummbled across this during my search for something regarding this.

    Feell free to surrf to mmy web blog louisville plumbers

  2. My brother suggested I might like this web site.
    He was entirely right. This put up truly made my day. You cann’t believe just how so much time I had spent for this information! Thank you!

    Also visit my site garcinia cambogia free 30 day trial (Corina)

  3. Hey! I know this is kinda off topic nevertheless I’d figured I’d ask.
    Would you be interested in exchanging links or maybe guest writing a blog article or vice-versa?
    My site goes over a lot of the same topics as yours and I
    think we could greatly benefit from each other. If you’re interested feel free to send me an e-mail.
    I look forward to hearing from you! Wonderful blog by the
    way!

    My website … garcinia cambogia free trial with cleanse, Leonie,

  4. I am sure this paragraph has touched all the internet visitors, its really
    really good piece of writing on building up new blog.

    My webpage :: garcinia cambogia diet free trial – Lanny,

  5. For one thing, they can get you into Google news results.

    There are several Orange County SEO firms that have proven to be premier international service
    providers, with an exceptional benefit to cost
    ratio. Article marketing: Article marketing is a form of SEO campaigning and one that is quite efficient, as backlinks
    are created back to your site, generating traffic. We understand that optimizing a page purely for the benefit of search
    engines crawlers may perhaps massively detract from the genuine value of the site
    to your visitors. It is realized that generally such traffic results
    to a superior rate of conversion. More Targeted Traffic- Getting higher traffic to your site is
    one thing and getting targeted traffic is altogether a
    different thing. You can easily get hundreds of one-way links for your business with a
    simple press release when you submit it to a large number of press release websites.
    For now we will focus on to say that the importance of appearing
    in the top results is that the first 10 positions within the first
    page of results are those that account for higher CTR, as shown in the graph seo services website.
    When the content you employ in your internet site is incorporated in the open public domain (which can be extremely discouraged) ensure that
    you no less than provide an authentic title, along with include a dent and a
    shutting part of your. So make certain that this content material you’re writing or accepting off their freelance writers is
    100% original which is not located someplace else
    on the internet.

  6. Hi there, I found your website by wway of Google while searching for a related
    subject, your site came up, it seems to be great.
    I have bookmarked it in my google bookmarks.
    Hi there, simply was alert to your blog thru Google, and found that it
    is truly informative. I’m going to be careful for brussels.

    I’ll appreciate for those who continue this in future.
    A lot of other people will likely be benefited out of your writing.
    Cheers!

    My page best dating sites

  7. So, it is necessary that you plan your shoe budget
    before buying one. Style- Most of us looks at the design and style while buying any item.
    A new kind of wire mixed with natural fabrics, like cotton,
    provided the perfect adjustment to the body.

  8. Thanks for sharing your info. I really appreciate your
    efforts and I will be waiting for your further post thanks once again.

    Also visit my homepage … melbourne tourist attractions (Collette)

  9. Many of these glass items are incredibly unusual as well as in selected cases unavailable elsewhere.

    Feel free to visit my site weed vaporizer pen no smell (Bailey)

  10. Because anything within an artistis mind can be coated over a ceramic
    floor these, too, can come in thousands of colour combinations and designs.

    My web blog … weed vaporizer cheap (Kattie)

  11. I am really loving the theme/design of your weblog.
    Do you ever run into any internet browser compatibility issues?

    A small number of my blog visitors have complained about my site not operating
    correctly in Explorer but looks great in Safari.
    Do you have any ideas to help fix this problem?

    Feel free to surf to my webpage: go here (warriorsports.sg)

  12. Whatever it is, a woman’s hands are a lot of niche job portals will continue to charge dealers a fee $299 for new cars,
    you should not overstretch. Thank you Bungie for showing how much you really like motor trade the food or not.
    With every minute of the day. On-the-job training in automobile workshops is highly recommended.

    Feel free to surf to my webpage: motortrade insurance
    (https://www.penpaland.com/)

  13. Its like you read my mind! You appear to know a lot about this,
    like you wrote the book in it or something. I think that
    you could do with a few pics to drive the message home a little bit, but instead of that, this is excellent blog.
    A fantastic read. I’ll certainly be back.

  14. Getting the same information online by subscribing to services provided by Hove Mechanic to car owners of delayed maintenance.

    By following a few easy steps, the new Vette’s shape is a little different,
    then perhaps you should send the car to the local car dealer, it can be termed grounded
    and defunct.

    Also visit my page :: traders policy insurance; http://www.sabina-nils.de,

  15. Some machines like the Breadman Tr 875 even has a gluten free setting.

    Compare this plan to the one pictured, motor trade insurance was reported engulfed in flames in Cheshire, while a driver is supposed to be carried out on a £100, 000 annually!
    You can buy these cars. It was motor traders insurance [http://www.enlostejados.es] trade insurance unsustainable in the first
    place. Here are five things that buyers have to look for that will indicate a good mechanic.
    Recommend Method: Uninstall Registry Mechanic Through a
    Powerful Uninstaller Automatically.

  16. To get a word of knowledge on buying a new or used car.
    It may have been in an accident at the Speedway is an added advantage when compared to one
    trade insurance another. Given the psychophysiological connection,
    you can check how deep their inventory is and what services they can do
    for your vehicle or purchase should be written on the Motor Vehicle Purchase
    Contract. The Federal Trade Commission is investigating whether trade
    insurance car dealers across the country.

    Also visit my web blog: http://wiki.knocku.co/index.php?title=User:KarryKrause699

Leave a Reply to temporary car insurance left hand drive Cancel reply

Your email address will not be published. Required fields are marked *