Making the Omnia work in the real world

Turris Omnia
1

My router arrived just before Thanksgiving so I had a few days to get to know it. I’ve been reading the challenges people had on this forum but decided to dive straight in. I’ve been using OpenWRT for many years so have no issues with LuCI, UCI or generally directly editing the config files. I also had a mature, working setup on my WRT1900AC and suffered the early days of OpenWRT on that device too. I was an early backer of this device and appear to be one of the last to recieve the device. I guess that’s because I checked the 2GB option.

In the hope that the last couple of days can help both Turris get their act together and others get their routers configred to their liking, here’s what I did:

Basic Config:

  • Wireless - off ( I’m running this as a pure wired device since it sits in a 19" rack in the basement )

  • VLANs: wifi (eth2/Port4) , DMZ(eth0.4/port 1) , Lan (eth0.3/port0), each with DHCP ranges, all based on 192.168.YY.XX / 24. I left the original vlan configs alone and set the two new ones with untagged on egress and tagged at the CPU. These feed into an external managed switch and any trunking is done at the managed switch.

  • OpenVPN using a previous config

  • mSata installed in the ‘CPU PCI slot’. Mounted as /mnt/sda1 (though also automounts for some reason - need to fix that). This needed to be an ext4 fs rather than xfs but I think this is more of an OpenWRT issue than Turris’

  • DHCP and DNS being served through dnsmasq ( I’m too lazy to go reconfigure kresd etc right now and had a whole bunch of static IP addresses served to known devices in my house)

  • installed a UART->USB serial connector (not the ‘hacker pack’)

  • Firewall: Because of the VLANs, NAT setups and years of firewall tweaking, I copied over the config from the previous router, edited a few settings and use that to kick start the firewall on the Omnia.

I disabled:

  • unbound, kresd - these were conflicting with port 53 and blocking dnsmasq starting. Disabling them within the startup config didn’t seem to make a difference so I deleted the init files ( See above about being lazy :wink: )
  • auto updater - seems that there are too many issues right now so that’ll stay off until I see positive news on the forum.
  • Wifi - see above. I left the cards in but they’re not in use. No antenna on the unit either.

I added:

  • snmpd - all devices in my house are monitored
  • vnstat to log network traffic ( overkill since nagios does this for me but hey, the router has the power)
  • collectd ( but I can’t get this to work)
  • DDNS-scripts and configured them to use my DDNS provider. I probably had to add bind and tools to make these work due to compilation options for BusyBox.

I modified:

  • Other than the disables above, I changed the wondershaper settings to meet the cable speeds (200d/10u), DNS forwarding (8.8.8.8)
  • LED settings - Power to red, all indicators to green, heartbeat on USR1. It looks like PCI3 automatically gets set to blink on access with the mSata installed.
  • Changed network listening addresses for sshd and httpd to keep them ‘inside’ rather than listening on all addresses.

After all that, what am I seeing?

  • A fast router that is delivering the same speeds to the outside world as my WRT1900AC. Some might ask why I bothered changing given the similarities in hardware… I like to tweak and hack and I liked the metal case :wink:
  • Stability - router so far has been great. I know it’s a couple of days but with the traffic that goes through it, it’s proving solid.
  • Secure - portscans show it blocking external traffic as I’d expect
  • Temp: a toasty 70 degrees celcius ( the rack is about 18 celcius ambient and the Omnia sits on a metal tray though those rubber feet will likely keep it insulated).

In reading this it becomes clear why there’s a polarized crowd on the forum, I got everything set up to my liking by basically turning off most of the Turris ‘value add’ and going back to my true OpenWRT roots which isn’t what we all hoped for. That however, is the beauty of the hardware. Once any necessary drivers are upstreamed, I’ll prob flash the device with a custom build.

Do I like the hardware so far? Yes. Am I blown away with Turris’ value add? Nope.

Hope this helps someone.

8 Likes
2

I have installed it today in my office, it doesn’t have to do much work since it just service 4 PCs and few wifi clients. I had it running in a few minutes, installed ssd ( fixed the naming for cards after :slight_smile: ), created LCX on the ssd which will be serving encrypted disk ( hopefully ), almost got openVPN client working ( will fix tomorrow) and then firewall, which I’m looking forward to least as I’m not friend with ip tables at all :frowning: ah and DDNS was easy to setup and seems to be workig fine :wink:

3

I did an external test from my office today and can confirm that my existing NAT setup, firewall and OpenVPN setups are all functioning correctly with no incorrectly opened ports (e.g. no ssh into the house from the outside into the router unless over the VPN). The VPN is secured through certs and passwords which required some custom scripts which I took from my last setup. The VPN performance is pretty slick when tested with iperf3 so right now, I’m very happy with the hardware.

I also extended the snmpd setup to execute a sensors + awk script to allow the tracking of the device internal temperature. Still a warm 70c but it seems pretty stable.

Total time to provision and operate the device - half a day using existing configurations and tweaking a few things. Time well spent in my opinion.

4

IT has been my hobby for about 13 years now. However there is SO MUCH knowledge that many essential parts you just forget to investigate what it is all about.

SNMP being one of them. Just a few months ago i decided to really look at what SNMP was. I was blown away. Never knew that such a thing existed. My question to you.

You already have it up and running. Could you pass me some tutorials or manuals etc that are really helpful and help me get my stuff up and running.

hardware configuration:

  • own build NAS (i7, RAID6 (5x2TB), Ubuntu server 16.04)
  • laptop (Ubuntu Desktop 16.04)
  • Turris Omnia

Will a sort of “manager” be installed on the Omnia so i can monitor everything?

5

@Big_boss I personally, run Observium inside Docker container on NAS for monitoring my gear :stuck_out_tongue:

6

I am planning to have my NAS turned off for most of the time. The essential parts why i needed my NAS to be on 24/7 has Omnia taken over. In the future i will configure it to boot on during the night let it do what it needs to do and then turn it self off when the job is done. Other times when it will be on, is when i am at home.

This will safe me about 150-200 euro’s each year on my electric bill.

So i guess Observium inside a Ubuntu LXC on the Omnia should and could do the job or does it ask a lot of CPU power?

7

Well, technically you could run it on LXC as well, in fact Docker and LXC are quite similar.
But I have no idea about performance, I chose NAS because it is always on and acts as a server in my home network.

Does not seem to tax CPU too much, currently as I constantly poll 6 devices, whole container seems to consume <300MB of Memory, CPU usage is neglible <1%.
Keep in mind thought, that CPU in my NAS is Pentium N3710, which is more powerful than Armada in Omnia.

8

@Etz , well lets hope for the best and that it does run smoothly on it :).

For now i am still painting my living room, so much of the Omnia settings will be later on.