Setup OpenWRT on Raspberry Pi 3 B+ to avoid data trackers

I am definitely not an expert in networking, so take all of this with some salt. Still, I found it valuable to have my home internet powered by open source software as much as possible, rather than some shitty closed black-box provided by my ISP.

There are already lots of valuable resources on setting up OpenWRT on a Raspberry Pi as a home router. To cite some:

Upon first setup, I had issues connecting the Raspberry to my Ubuntu laptop and make the first setup. Only later did I learn that I could have simply edited the config file on the microSD and avoided the pain, but anyway, I was able to have it work through ethernet on my laptop by setting the ethernet interface to be unmanaged.

I found the wifi adapter of the Raspberry do be strong enough to cover a 3-room apartment, and also go outside. When all the confi was right, I just disable DHCP on my ISP router, enable DMZ to the Raspberry (which had a static address by then), and let the Raspberry be the only DHCP server in the network.

You can check if the Raspberry really is the only DHCP server by running the command udhcpc -n -q -s /bin/true -t 1. You should get udhcpc: no lease, failing as last line of output; if you don’t, then there is still another DHCP server active in the network.

Ads and trackers blocking through dnsmasq

I then wanted to block ads and data trackers through a DNS filter. Starting from this, I eventually ended up using the first of these lists as DNS blacklist, with a handy bash script that would update the list on a regular basis. Note that data in /tmp is lost on reboot, and data not in /etc is lost on firmware re-flashing.

If you use some custom DNS, like OpenDNS, make sure they are actually working.
DNS based adblock using OpenWRT, OpenDNS and dnsmasq is another good resource.

VPN?

I first set out to set up a VPN tunnel through ProtonVPN at router level, but only later realized how much un-privacy safe this actually is, so I backtracked everything. What might instead be valuable is to host your own WireGuard VPN on the Raspberry to connect to your network from outside, and avoid insecure networks (and still escape tracking, if you use your home router DNS filtering). Some resources on that:

After configuration, make sure the IP your devices appear to connect from really is your home’s.

Sysupgrade

When running on the snapshot image, you’ll often have to update (even just for the fact that otherwise it is not possible to install new packages). This will clear up installed packages, albeit their configs will be retained. All files within /lib/upgrade/keep.d, paths listed inside /etc/sysupgrade.conf and listed by command opkg list-changed-conffiles will be retained; everything else deleted. To make it less of a pain, there is a nice script that will dump out a list of currently installed packages and easily reinstall it after upgrading. Here is the Snapshot upgrade URL for Raspberry 3B+.

The list of commands I run is:

Upgrading OpenWrt firmware using LuCI and CLI
OpenWrt: Upgrading OpenWrt to the latest snapshot build
OpenWrtScripts GitHub repo (opkgupdate.sh)

  • Was this Helpful ?
  • yes   no

Leave a Reply

Your email address will not be published. Required fields are marked *