This is a new version of the the TP-Link WR-1043ND, with a redesigned casing, running on a Qualcomm Atheros QCA9558@720MHz (versus Atheros AR9132@400MHz on V1) and 64MB of RAM (versus 32MB in V1). It has 8GB of flash storage like the V1.


Initial Installation


  • Download Firmware 14.07-rc3 (Barrier Breaker) from http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd#downloads.for.tl-wr1043nd.v2.x
  • Device is at 192.168.0.1 on LAN port.
  • Browse to it and login as admin/admin.
  • In the menu on the left, click System Tools followed by Firmware Upgrade.
  • Select the firmware file that was downloaded earlier, and press Upgrade.
  • Wait While System reboots.
  • Router will now appear at 192.168.1.1 on LAN port.
    • Click Login
    • Set root password
    • Click Save and Apply

Configuring as UNIFI Router


System
  • System -> System -> HostName = "Router"
  • Save and Apply

Setup the VLANs
  • Select Network -> Switch
  • Tick "Enable VLAN Functionality"
  • Add VLAN as follows. Note that on the V2 model, OpenWRT labels the "Ports" differently from what is writting on the unit itself. They're reversed from the V1 model, and also there are two different interfaces to the host CPU.
  • My Port 2 LAN 3 is an inhouse VLAN-trunk leading to my upstairs access point. This carries both LAN traffic as well as IPTV traffic, so I can use the UniFi Set Top Box on my upstairs TV.
  • My Port 1 LAN 4 also carries the UniFI IPTV VLAN, so I can watch IPTV by bringing the set top box downstairs and plugging it in.


  • Save and Apply.

Setup Intefaces
  • Network -> Interfaces
    • LAN -> Edit
      • General Setup
        • Use Custom DNS Servers = 8.8.8.8
        • Use Custom DNS Servers = 8.8.8.4
        • IPV6 assignment length = 64
        • Save And Apply

    • WAN -> Edit
      • General Setup
      • Protocol -> PPPoE, Really Switch Protocol.
        • Set PAP/CHAP username: user@unifi
          • Set PAP/Chap password: ********
          • Set Access Concentrator and Service Name as Blank.
      • Advance Settings
        • "Bring up on Boot" = Y
        • "Use built-in IPV6-management" = Y
        • "Enable IPV6 negotiation on the PPP Link" = Y
        • "Use Default Gateway" = Y
        • "Use DNS Services Advertised By Peer" = N
      • Physical SettingsSave and Apply
        • "VLAN Interface "eth0.500"

Configure WiFi
  • I don't run WiFi on my router, but the following instructions may be useful to someone.
  • Network --> WiFi
    • Generic MAC80211 802.11bgn (radio0) -> Edit
      • Wireless Network is disabled => Enable
      • General Setup
        • ESSID = (Your WiFi Name)
        • Mode = Access Point
        • Network = LAN
      • Wireless Security
        • Encryption = WPA2-PSK
        • Key = Your WiFi Password
    • Save and Apply

Setup Software Install
  • System -> Software
  • Click "Update Lists"

Extras


DynDNS

  • A Dynamic DNS Service lets other people find your dynamic UniFi public IP address with via a host name. You have to subscribe to a Dynamic DNS service provider to use this. Your settings below will depend on your service provider.
  • System -> Software
    • Install "luci-app-ddns"
    • System -> Reboot -> reboot.
  • Services -> Dynamic DNS
    • Service = dyndns
    • hostname = home.abubakar.net
    • username = shahada
    • password = **********
    • source of IP = interface
    • interface = pppoe-wan
    • check for change every = 10
    • check unit = min
    • force update every = 72
    • force time unit = h
    • Save and Apply
  • System -> Startup
    • ddns = enabled
    • Save and Apply
  • System -> Reboot -> reboot.

Port Forwarding

  • This allows you to expose services on your LAN out to the Internet.
  • Network -> Firewall -> Port Forwards
  • enter port forward details
  • Save and Apply

OpenVPN Server

  • You probably don't need this, but I do used to ๐Ÿ˜„.
  • System -> Software
    • Install "openvpn-openssl"
    • Install "openvpn-easy-rsa"
  • Network -> Firewall -> Traffic Rules
    • Name: OpenVPN
    • Protocol: TCP
    • Port: 443
    • Save and Apply
  • Edit /etc/config/openvpn:
    • under config openvpn custom_config:
      • option enabled 1
      • option config /etc/openvpn/my-vpn.conf
  • Place server configuration file in /etc/openvpn/my-vpn.conf
    • use absolute pathnames to refer to other files.
  • System -> Startup
    • OpenVPN => Enabled

OpenVPN Client

  • I need this to connect my router (just the router, not routing through traffic) to my VPN.
  • This is to reach the remove rsync backup server.
  • System -> Software
    • Install "openvpn-openssl"
    • edit /etc/config/openvpn:
      • under config openvpn custom_config:
        • option enabled 1
        • option config /etc/openvpn/my-vpn.conf
    • Place client configuration file in /etc/openvpn/my-vpn.conf
      • use absolute pathnames to refer to other files.
    • System -> Startup
      • OpenVPN => Enabled

Automated Backups

  • Store backups of the the router's configuration at regular intervals on an rsync server.
  • Generate dropbear key:
    • Execute the following via ssh as root:
      • cd /etc/dropbear
      • dropbearkey -t rsa -f id_rsa
    • Retrieve public key by executing the following via ssh as root:
      • dropbearkey -y -t rsa -f ./id_rsa
    • Cut and paste the output of the above into the rsync server's authorized_keys file.
    • On rsync server, create folder "router"
    • Under System->Scheduled Tasks, add the following cron entry:
      • * 2 * * * /bin/sh -c 'sysupgrade --create-backup - | ssh -i /etc/dropbear/id_rsa shahada@nxbackup "cat - > router/router.backup.`/bin/date +%a`.tar.gz"'
    • Under System->startup, restart "cron".

Also Of Interest



To Do

  • IPV6
References