Turris Omnia – router for the household

The router is the door to most household’s data. Real door security to the house or apartment underestimates hardly anybody, but a discreet box that separates data in the home and in the outside world is often neglected.

Router Turris Omnia is one of the results of the research project of the non-profit association CZ.NIC, z. s. p. o., Czech national manager of the internet domain. CZ. The box has inscription Made in the Czech Republic, which applies to the design. The final assembly and, in particular, the software, and that's what counts, how does he know, for example, in India, where in 2010 they banned to import the active network elements of the infrastructure originating from China. The reason was the concerns of hidden device functionality, which could benefit the secret service of Chinese.

Turris Omnia could be purchased from the autumn 2015 on Indiegogo. A number of unique properties of this device makes him the ideal replacement of east Asia “boxes” forgotten under a desk.

What Turris can do is on the web. Here I'll add insights from real traffic.

First-time setup is straightforward and in a few minutes it is ready to connect to the Internet. Videoinstructions from the creators are here.

The router's operating system is based on the Linux distribution OpenWrt. The user has basically 3 methods to set device parameters:
  1. use the internet browser, enter the IP address of the router (default https://192.168.1.1);
  2. use the internet browser, enter the IP address of the web interface of the LuCI (unified configuration interface –https://192.168.1.1/cgi-bin/luci);
  3. uses the SSH client and logs on into the system remotely (on Windows you can use PuTTy client for example).

SSH

The last way mentioned, unfortunately, does not work out of the box. Easy solution: press the Reset button to restore the factory default settings. Another possible solution is to use LuCI. You must delete the preinstalled files with keys and then restart the OpenSSH Daemon sshd.

Menu System>Custom Commands, Configure:

rm /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub

/etc/init.d/sshd start

Logging on is then functional.

WiFi during the day only

The router has in the front of the box one button used for setting of brightness of the LEDs. Unfortunately it has no manual switch of WiFi. Automatic switching off the WiFi during the night is possible through editing the table of automated tasks, which handle daemon Cron.

root@turris:~# export EDITOR=vim
root@turris:~# crontab -e

In the table write these lines for turning off WiFi at 11:00 PM and turning it on at 6:00 AM…

00 23 * * * wifi down
00 6 * * * wifi up

Exit the editor with saving changes: ESC, Shift+Z, Shift+Z

root@turris:~# /etc/init.d/cron enable

Last check…

root@turris:~# crontab -l

Parental controls

The tool for simple setup filtering web sites is not available yet, but thanks to the flexible operating system of the router and thanks to the Cisco company, to which is belonging the OpenDNS service, you can partially replace the missing functionality.

You must first create an OpenDNS account and choose which content you do not wish to make available.

From the router’s console you need to modify DHCP and DNS server records of the Dnsmasq so that all devices accessing the Internet through the router should see the content filtered (a few exceptions from this rule we add later).

root@turris:~# vi /etc/config/dhcp

In the section

config dhcp 'lan'

we will override assigned addresses of the DNS servers and we will alter it to the OpenDNS servers:

list dhcp_option '6,208.67.222.222,208.67.220.220'

For the few exceptions we prepare the address of the DNS server without filtering:

config tag 'adult'
list dhcp_option '6,192.168.1.1'

…and we set the DHCP record of the computer that receives the DNS address without filtering:

config host
option name 'john'
option mac '11:AA:22:BB:33:CC'
option ip '192.168.2.2'
option tag 'adult'

The editor we will leave with saving: ESC, Shift+Z, Shift+Z (pozor na českou klávesnici)

It is necessary to reboot the server:

root@turris:~# /etc/init.d/dnsmasq restart

Then on the PC with Windows we need to restart computer or to renew allocated addresses:

C:\>ipconfig /renew

When you try to visit a disallowed web page the browser displays:

Ad-blocking everywhere

The server Nick Busey published the article how to install the OpenSource tool Pi-hole for blocking advertisement on every device in home network.

It is possible to use DNS resolver Knot and it's RPZ. Step by step tutorial you can found on forum.turris.cz.

přispět:
Turris Omnia