Setup OpenWRT on Raspberry Pi 3 B+ to avoid data trackers

I am definitely not an expert in networking, so take all of this with some salt. Still, I found it valuable to have my home internet powered by open source software as much as possible, rather than some shitty closed black-box provided by my ISP.

There are already lots of valuable resources on setting up OpenWRT on a Raspberry Pi as a home router. To cite some:

Upon first setup, I had issues connecting the Raspberry to my Ubuntu laptop and make the first setup. Only later did I learn that I could have simply edited the config file on the microSD and avoided the pain, but anyway, I was able to have it work through ethernet on my laptop by setting the ethernet interface to be unmanaged.

I found the wifi adapter of the Raspberry do be strong enough to cover a 3-room apartment, and also go outside. When all the confi was right, I just disable DHCP on my ISP router, enable DMZ to the Raspberry (which had a static address by then), and let the Raspberry be the only DHCP server in the network.

You can check if the Raspberry really is the only DHCP server by running the command udhcpc -n -q -s /bin/true -t 1. You should get udhcpc: no lease, failing as last line of output; if you don’t, then there is still another DHCP server active in the network.

Ads and trackers blocking through dnsmasq

I then wanted to block ads and data trackers through a DNS filter. Starting from this, I eventually ended up using the first of these lists as DNS blacklist, with a handy bash script that would update the list on a regular basis. Note that data in /tmp is lost on reboot, and data not in /etc is lost on firmware re-flashing.

If you use some custom DNS, like OpenDNS, make sure they are actually working.
DNS based adblock using OpenWRT, OpenDNS and dnsmasq is another good resource.


I first set out to set up a VPN tunnel through ProtonVPN at router level, but only later realized how much un-privacy safe this actually is, so I backtracked everything. What might instead be valuable is to host your own WireGuard VPN on the Raspberry to connect to your network from outside, and avoid insecure networks (and still escape tracking, if you use your home router DNS filtering). Some resources on that:

After configuration, make sure the IP your devices appear to connect from really is your home’s.

  • Was this Helpful ?
  • yes   no

Leave a Reply

Your email address will not be published. Required fields are marked *