OpenWrt router destroys Fritzbox

3 minute read Modified:

160€ for a router, that is a blackbox to me? ok no
Table of Contents

Intro

Everyone needs a router in their life. Many don’t care which, some care and pay a lot of money and a few care a lot and pay little. The ideal scenario would be the last option. Today I teach you how. It is easy as pie and costs you about 30-40€. Also as always I’ll include some bonus hacks. Let’s start.

GL.iNet a company that produces portable, privacy focused routers running OpenWrt

I own a GL.iNet ar300m, the external antenna version, as it provides more range. The ar300m is – in one-line (provided by Amazon.com) – a “Mini Travel Router, Wi-Fi Converter, OpenWrt Pre-installed, Repeater Bridge, 300Mbps High Performance, 128MB Nand flash, 128MB RAM, OpenVPN, Tor Compatible, Programmable IoT Gateway”. It even comes with a nice GUI to configure everything, if you are into that. Other features include a DynDns, remote access, powered by micro usb and a huge application repository. I actually use this travel router as my home router and find it to me more powerful than any fritzbox i owned previously. So if you are in need for a router, i can absolutely recommend this one.

Some small hacks, tips and tricks

First go to the install apps page and download wget, luci-app-adblock and luci-app-sqm. The first two are needed to block ads, trackers and malware network wide for any device usind the router as DNS. It is similar to a pihole and we will configure it in a second. The other package enables the smart queue management which reduces bufferbloat and makes your network more lively.

Adblock configuration

Go to Advanced -> Services -> Adblock and set the download utility to wget. Next up enable the following blocking lists:

  • adaway
  • adguard
  • disconnect
  • hphosts
  • malware
  • reg_de
  • winspy
  • youtube
  • yoyo If a page gets blocked falsely, you can add them to your whitelist by clicking Advance -> Edit Whitelist. Finally enable blocklist backup and set the backup mode to Enable Blocklist Backup.

Block Chromecast and the like to phone home by blocking the Google DNS

I like to do that via ssh to the console, but you can also configure it in the gui. SSH to your router and add in /etc/config/firewall following network rules:

// Block Google
config rule
        option src 'lan'
        option name 'Google DNS'
        option family 'ipv4'
        option dest 'wan'
        option dest_ip '8.8.8.8'
        option target 'REJECT'

config rule
        option src 'lan'
        option name 'Google DNS 2'
        option family 'ipv4'
        option dest 'wan'
        option dest_ip '8.8.4.4'
        option target 'REJECT'

Change DNS server

Many ISPs censor certain sites. Cloudflare offers their famous 1.1.1.1 DNS, but most likely protocol any requests. Luckily one of my favorite sites privacytools.io also has a list of privacy minded DNS servers. Choose two, that are closed to your location and set them in the routers gui.

All set and done. You can play around more with features like DynDns to remotely access your devices and much more. A lot of bang for your buck. Message me if you have any questions or feedback.