Review: Turris Omnia, a FOSS wifi router, NAS and Server, based on a highly improved OpenWRT, with BTRFS!
Review: Turris Omnia, a FOSS wifi router, NAS and Server, based on a highly improved OpenWRT, with BTRFS!
PĆedstavujeme open source a bezpeÄnĂĄ sĂĆ„ovĂĄ zaĆĂzenĂ Turris. OchraĆte celou svou sĂĆ„ vysoce vĂœkonnĂœm Turris Omnia nebo modulĂĄrnĂm Turris MOX.
I dont even know how to summarize that machine đ
It is absolutely awesome.
Turris is a company by the czech TLD registrar CZ.NIC, which is ran as a nonprofit and invests a ton in open source network software.
The Origin
This talk summarizes it well:
https://www.youtube.com/watch?v=cB5OG_V3aSE
They wanted to build a device to analyze hacking attacks on the people in Czechia.
The device should be as close to the network as possible (i.e. a router) and have compelling and understandable hardware that could be upgraded over time.
So... they made a router. Originally using PowerPC, now on ARMv7 (poorly only their mobile MOX already is on ARMv8).
Where to get it
Originally they gave the devices away for free, under the agreement that the users contributed the Sentinel analysis data.
Then they opened an indiegogo campain, which far exceeded their expected amount of funding.
Afterwards they had their own webshop, which is now discontinued.
Instead, these stores are available:
- Rubytech DE (The strangest signup method I ever had :) but all fine)
- Discomp CZ
- Amazon
Note: they sent me an additional Tshirt, ethernet cable and tube scarf, which is... interesting, but could be considered waste.
Tbh, I use the tube scarf daily :D
Poorly they didnt add any stickers!
Also, they dont have a good system to determine the recipient country, so I have an additional power supply cable for another country.
They also included a wall mount, with a set of perfectly fitting, longer screws.
All screws have regular phillips heads.
Software
They took OpenWRT, but extended it a ton. As they have 8GB of storage and 2GB of RAM, they can do stuff way above the minimum hardware requirements of OpenWRT.
They have a graphical package manager in the WebUI, and use BTRFS snapshots for atomic updates. Which is totally cool!
That was over 10 years ago and the first router they made is still supported with updates.
Hardware
The data sheet can be obtained here.
The "Omnia Wifi6" I got uses a bit outdated hardware, similar to my Thinkpad T430. They will very likelybswitch to m.2 slots and ARMv8, so you may want to wait for such a revised model.
The current Omnia has 3 mini-PCIe Slots, 2 USB-3 ports and a ton of pins accessible from the inside.
- The left one supports USB, and below you can plug in a SIM card and use an 3G/4G/5G card. With an additional package, this can be used to automatically fallback to cell network, when the regular connection fails.
- The middle one is just mini-PCIe
- The right one supports mSATA so with a simple adapter you can use SATA SSDs for near-native speed. (I want to do that, but it may need an additional power supply)
And, of couse in the front it has fancy RGB LEDs. They are used as indicators for the running state, and for the action you do by pressing the "Reset" button.
In the back it has 4 ethernet sockets, 1 WAN ethernet socket to connect to the internet, one SFP socket for a fiber connection, a multi-purpose button and a power socket.
The button in combo with the LEDs is used for various things like reboot, reset, update, update from local file, update from internet.
Setup
To set it up, connect it to power and with one of the LAN (not WAN) sockets to a Laptop, using ethernet.
Right, before setup it doesnt open a wireless connection! This was confusing for me but really make sense.
In the browser enter http://192.168.1.1 and a very nice graphical WebUI guides you through the setup.
If you use it over LAN, accept the self-signed TLS certificate in your browser, then HTTPS should work.
Applications
It runs a highly extended variant of OpenWRT. There is a huge amount of software. It varies from preinstalled installable through packages, from Foris WebUI integrated to advanced, requiring the normal OpenWRT LuCI or requiring configuration through the terminal.
An incomplete and chaotic overview:
- file server: SMB, DLNA, encrypted storage, mdadm
- Transmission bittorrent client
- OpenVPN server & client
- Wireguard (advanced)
- Nextcloud, Syncthing (both have acessible login pages from the main WebUI)
- Tor
- Adblock
- Dynamic firewall
- haas: honeypot as a service (needs a public forwarded IPv4 address)
- Turris Sentinel: security data collection service, analyze incoming threats (the use they originally intended)
- Librespeed: lightweight network speed test
- support for LXC containers to run your favourite Linux distro
- schnapps to manipulate BTRFS snapshots
- LAN monitoring with PaKon and Morce
NOTE: the data collection service "Sentinel" is opt-in and disabled by default.
DNS
The DNS Server is not set, I used nic.cz with DNSSEC, other providers like Cloudflare and Quad9 are also available, just like manual setup.
DNSSEC works with a single button press, without any issues!
Configuration
You can configure things with a config file, that you insert over a USB stick.
Storage
You can plug in an external drive (USB of course, but I want to try mSATA to SATA) and it formats it and moves all data on there.
It sets up different RAID systems, I dont know if encryption is supported.
So, you have over 7 different ways to host a fileserver on there, up to a full instance of Nextcloud. This is crazy!
Wifi Routing
You can open 2 Wifis (no idea how that works) and each can also have a separated Guest network.
Security:
- By default, WPA3 with WPA2 fallback is used. I changed it to WPA3-only, as WPA2 is vulnerable to attacks (see this video on how to sniff passwords with Kali Linux, which requires a custom kernel driver)
- 2 Guest networks possible, I highly recommend to use those for everyone apart from Admins
- VLANs are also supported, and need to be enabled.
- Reminder: before first configuration, no Wifi is enabled. There is no initial password set.
- you can have different passwords for the admin WebUI and ssh.
The reach is great, but roughly equal to the modern Fritzbox we already have, which only has a single, hidden antenna.
The time to connect to the Wifi is a bit longer than at the FritzBox.
Community & Support
Their code is all hosted on the CZ.NIC Gitlab.
The Turris team can be contacted via email and they respond pretty quickly.
The same contact is used for repairs.
They also have a Discourse Forum for a long time, where people can exchange bugs, issues, software and hardware mods, adapters etc.
Other fun stuff
Nothing against the project but the price seems a bit salty. $367 for a WiFi 6 router!?
Yeah that has always been the downside, you have to pay for the "custom device you can geek out yourself"
Thinking about this more... no not at all.
They compile an OS with automatic, atomic OS updates. They have an advances package repo (afaik OpenWRT doesnt even support packages?).
They deal with all the CVEs and stuff.
They make a great WebUI, which is way better than the default one.
They have a support forum and mail that is actually helpful with a short response time.
They make a PCB, nice simple case etc.
So yeah, I dont think doing that myself would be cheaper, at all.
Yes it is. And mine was even more expensive I think.
Especially as they have "a lot" of storage, but not really modern hardware.
You pay for the 10+ years of support
but not really modern hardware
That is kind of an understatement, I believe the hardware is now at least 8 years old if Iâm not mistaken, and to me the biggest deterrent right now. If they updated the hardware to relatively modern standards I wouldnât mind the price tag and probably buy one immediately. As it stands though, no chance.
I love my Turris Omnia!
I got the one with the WiFi 6 card. The cool thing is that you can easily open it up and replace parts.
I run the upstream OpenWRT rather than the customized version by Turris. They are good about submitting patches upstream.
Nice! Any reason why you run that?
Part of it is the community. I really like the OpenWRT community, but it's harder to engage with them when you run a downstream distribution.
But also I'm a bit of a hacker (in the traditional sense). I like to experiment with custom builds of OpenWRT. (And FWIW, their build system uses the same menuconfig as Linux.)
Someone else who has the Omnia! I agree, itâs a great router.
I will post an update once I manage to do the mSATA-SATA SSD mod, install Nextcloud, NoIP and Wireguard.
Would love to have a small little box which also does my Nextcloud!
I'm not sure I see the use case. Why would I want my router to also be a NAS and a server? I don't like the all in one architecture. Also cost wise it doesn't make sense either.
Edit to add: It appears that the Wi-Fi 6 driver is open source:
https://en.wikipedia.org/wiki/Comparison_of_open-source_wireless_drivers#Status
I was under the impression that there are no Wi-Fi 5 or 6 modules for which there are open source Linux drivers. Am I wrong?
This code seems to be under an open source license (ISC), but Iâm not a Linux kernel or driver developer, so Iâm not sure if this represents the entire driver or if itâs just a stub for some binary blob.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/net/wireless/mediatek/mt76/mt7915I guess MediaTek is the designer and AsiaRF is the manufacturer of the Wi-Fi 6 11ax 4T4R Mini PCIe Module (AW7915-NP1).