Sharing my OpenWrt setup for the BPI-R4

After a long time of deliberation, I finally decided to share my OpenWrt setup for the BPI-R4.

You can find it in my Smart Home repository and use it as inspiration for your own setup.

It uses the OpenWrt image builder and docker or podman on Windows to build the firmware that can be loaded onto the R4.

My setup includes five different networks: private (internal), guest, IoT (internet of things and smart home devices), container (for podman on the router) and vpn (wireguard).

And three different WiFi networks: private, guests and IoT devices.

It uses Cloudflare DNS as default and also encrypts DNS traffic using stubby. Cloudflare is also used for dynamic DNS to reach the router via domain name when your ISP doesn’t provide static IPs.

VPN is provided using wireguard. A script to add clients is included, if you don’t want to use Luci for that. It even prints out the QR code on the command line, if your terminal supports it. I didn’t know that was possible.

There is an environment file .env.example that shows all the configuration options that are available. Root password, ssh public key for connections from your PC, WiFi names (SSIDs) and passwords, and cloudflare and domain configuration.

The image build makes extensive use of the uci defaults feature to establish the desired system state after first boot. I chose those scripts over simply replacing the files in /etc/config, as this was suggested in the OpenWrt wiki.

Please let me know if this setup could be helpful for you. And if you have any questions, suggestions or issues when trying it yourself.

It requires a bit more technical knowledge compared to images provided by other members of the community, as I currently have not setup GitHub actions to automatically build the image.

Thank you for this, I appreciate it! This is pretty close to my manual builds (I just use openwrt firmware selector, use bpi-r4 image, and customize the packages).

Few differences from your repo;

• I install irqbalance and set the config to for irqbalance to avoid cpu0. This at least gets both ethernets to use CPU1/CPU3 for irq requests.
• Per another thread, I set the ondemand scaling governer a bit more.
  • echo 35 > /sys/devices/system/cpu/cpufreq/policy0/ondemand/up_threshold
  • echo 10 > /sys/devices/system/cpu/cpufreq/policy0/ondemand/sampling_down_factor
• I adjust the thermal profile of the lowest threshold a little lower (because the fan will turn off/on every 5 seconds because it traverses the threshold)
  • echo 35000 > /sys/devices/virtual/thermal/thermal_zone0/trip_point_4_temp

I also have it limited to 2gb RAM and use offload features. I don’t see this here yet (I can’t recall the settings).

One thing that I’m missing, and I didn’t see it in your repo, is how do you do crypto offload using the CPU accelerator? I’m not sure at the moment.

I haven’t heard about this yet. I thought this would be enabled by default?

So far, I don’t have any performance or thermal issues. But I’m not generating a lot of traffic. Would have to look at that fan, I thought it was just always on. CPU at 42.4°C currently.

Does the irq balancing help with network performance?

I haven’t heard about this yet. I thought this would be enabled by default?

I’ve seen other older images install other things and use this? I’m not 100% clear/sure.

So far, I don’t have any performance or thermal issues.

My setup, under defaults, would measure between 39500 and 40500 (default threshold is 40000). So it would just drive me crazy seeing it turn off and on. I thought that this might wear out the fan early so I just set it lower to keep it on without it cycling.

Does the irq balancing help with network performance?

I think so. I didn’t do any scientific measurements, but from past experiences spreading out the irq requests helps (generally keeping it off of CPU0 helps, because CPU0 is handling other things).

in building the firmware number two is the fullstop at the end part of the command or added automatically by the word processor? I keep getting errors when I copy and paste it.

Could you share more of what you are doing? The shell commands or errors as text or screenshot?

If you talk about this one, then the dot is required, because that tells the docker command the current working directory it should use.

docker build -t router-firmware-builder -f Dockerfile.builder .

ignore this. It was probably a typo. I like to copy commands manually to learn what they mean and check it works here. For example I need to add “sudo” to the start of all docker commands because my user accounts lacks privilages here (Linux Mint). It works now. I am now making an .env file.

what does “DDNS_RECORD=” mean? Apologies if it’s obvious but I have avoided networking and googling didn’t help as I just get information on what DDNSs are. My ISP doesn’t use PPPOE so I was going to ignore those lines, this won’t cause a problem? and the only other setting left is “DOMAIN=” and procedes the DDNS setting so I guess the domain is the address of the DDNS I have setup?

You need to change the scripts then, if you want to disable some of the features. Sorry, I didn’t set this thing up in a generic way, but rather in a “works for me” way.

DDNS is used to assign a domain name to the IP address given by your ISP. Because here in Germany those are not static, so that helps with reaching the router from outside, e.g. for VPN.

DOMAIN is the local domain used in your network. could be eHB.lan or if you use DDNS, can also be a subdomain of your public domain. But that is just a gimmick.

Also, I’m running all of this on Windows, so your experience of cause will differ. But at least that is what docker is for to encapsulate stuff and make it behave the same on any host.

It is easy to just look at the code in the script and delete the bit. I did not realise anywhere in Europe used ISP usernames and passwords. I thought it was just an American thing.

I have a DDNS already from a Raspberry Pi 4B running Home Assistants OS. Is this just going to be duplicating what it does and I can just delete the section to make it simple? It wasn’t the DDNS that confused me it was the DDNS_RECORD. I don’t have any record of what IPs my DDNS has seen.

My LAN is all on 192.168.0.x currently except the guest network is 192.168.1.x so I’m guessing it just needs to know the 192.168? Or maybe it is for if I use a local DNS instead of just the numbers?

Thanks for all these questions, it tells me that I need to add some comments to the env file or maybe add some more information to the readme.

the DDNS_RECORD is the provider specific version of the DOMAIN. E.g. foo.example.com becomes [email protected] for cloudflare’s service. Since you do DDNS on another device already, you don’t need that and can also remove the DDNS parts from the uci-defaults scripts.

I was also confused, but the providers here use GPON and then inside have a PPPoE connection as well. Not the most efficient, because it costs some more bytes each packet, that’s how it is.

Which part of Germany? My father lives in Todtmaus (halfway between Freiburg and Switzerland) and I didn’t know.

Thanks for releasing this by the way. I installed a blank version and went back to the factory image when I saw how much work it would be to add packages one by one. This will save me a lot of work.

If that is all you want, my solution might be overkill, with all the additional configurations I apply. There is also the online image builder that allows you to get an image with the packages of your choice. And it would use the latest release, while mine uses the snapshot currently, though that could be changed.

https://firmware-selector.openwrt.org/?version=24.10.0&target=mediatek%2Ffilogic&id=bananapi_bpi-r4

And then edit the list of packages and it will build your image.

Last time I did that I could not even SSH into it and I already have a separate router for IoT stuff connected to a managed switch. Using OpenWRT won’t be that much more complicated than my current setup. This is the 1st of 4 Routers I’m putting OpenWRT on. This will be hopefully be the brains of the system.