We continue the settings at home. After buying HUAWEI WiFi AX3 Pro, it became clear that it would be enough as wifi, but as a router you need to take something else. The main thing that is missing is good management of DHCP and VPN.

The choice fell on Orange Pi R1 Plus LTS – 3.1tr (plus sd card and usb-c power adapter). The main thing about it is:

  • ARM for low power consumption
  • There is no fan
  • 2 1GB ports
  • 4 cores
  • 1GB of RAM
  • 1 USB 2.0
  • there is no video output (neither VGA nor hdmi), you can connect via a debugging terminal, but then you need to take it out of the case, which is inconvenient

Externally, the device is small and heavy, I liked it. According to tests on the Internet, it should have the ability to route gigabit.

I must say right away that pfSense and OPNsense don’t work on ARM, so I haven’t tried them.

The manufacturer offers Ubuntu, Debian and OpenWRT.

I started with OpenWRT, as it seems to be for routing. I was pleasantly surprised by a lot of settings: for some reason I did not expect to see docker management, dlna, and various downloads there in the firmware. On the other hand, the main points were upset:

  • Although there are a lot of DHCP settings, it is somehow inconvenient and difficult:
    • to set the time zone, you need to write 101,Europe/Moscow without any prompts
  • there are no settings at the level of individual clients (except for a static IP address – neither DNS nor default route)
  • DHCP did not work out of the box
  • I like strongswan as a VPN: it connects quickly, there are built-in clients for all operating systems (IKEv2). There is no UI at all for him.
  • OpenWRT works through its own configs and already generates configs from them in the format of real programs. In fact, this means that it is impossible to use real configs and limited functionality (because not all settings are made in the UI).
  • OpenWRT has some kind of strange update policy: they do not recommend updating via opkg, but updating when there is a complete rebuild of img. Unfortunately, my router is not in the builds on the openwrt website (maybe some other build will do, but I don’t want to check and fix it), and the manufacturer hasn’t released updates for a year.

Initially, OpenWRT from the manufacturer’s website is available in English and Chinese. Add Russian:

opkg install luci-i18n-adblock-ru luci-i18n-advanced-reboot-ru luci-i18n-aria2-ru luci-i18n-banip-ru luci-i18n-base-ru \
luci-i18n-commands-ru luci-i18n-ddns-ru luci-i18n-dockerman-ru luci-i18n-firewall-ru luci-i18n-minidlna-ru luci-i18n-mjpg-streamer-ru \
luci-i18n-nlbwmon-ru luci-i18n-ntpc-ru luci-i18n-opkg-ru luci-i18n-qos-ru luci-i18n-samba4-ru luci-i18n-sqm-ru luci-i18n-squid-ru \
luci-i18n-statistics-ru luci-i18n-transmission-ru luci-i18n-ttyd-ru luci-i18n-unbound-ru luci-i18n-vnstat2-ru luci-i18n-watchcat-ru \
luci-i18n-wireguard-ru

Then, for some reason, DHCP did not work out of the box, and after the updates, installing strongswan led to a bunch of errors on the kernel modules. All this can be overcome, but I don’t see the point of OpenWRT for myself.

At this stage, I decided to switch to Ubuntu and calmly and quickly configure everything in text files (fortunately, strongswan and dnsmasq have already been configured). Ideally, Correos, but you still need to deal with it separately (whether this hardware requires some special settings/kernel modules or not).

The details are already in the next article.