Portable Router Build: Picking Your CPU

I want to introduce you to a project of mine – a portable router build, and with its help, show you how you can build a purpose-built device. You might have seen portable routers for sale, but if you’ve been in the hacking spheres long enough, you might notice there are “coverage gaps”, so to speak. The Pi-hole project is a household staple that keeps being product-ized by shady Kickstarter campaigns, a “mobile hotspot” button is a staple in every self-respecting mobile and desktop OS, and “a reset device for the ISP router” is a whole genre of a hacker project. Sort the projects by “All Time” popularity on Hackaday.io, and near the very top, you will see an OpenVPN &Tor router project – it’s there for a reason, and it got into 2014 Hackaday Prize semifinals for a reason, too.

I own a bunch of devices benefitting from both an Internet connection and also point-to-point connections between them. My internet connection comes sometimes from an LTE uplink, sometimes from an Ethernet cable, and sometimes from an open WiFi network with a portal you need to click through before you can even ping anything. If I want to link my pocket devices into my home network for backups and home automation, I can put a VPN client on my laptop, but a VPN client on my phone kills its battery, and the reasonable way would be to VPN the Internet uplink – somehow, that is a feature I’m not supposed to have, and let’s not even talk about DNSSEC! Whenever I tried to use one of those portable LTE+WiFi[+Ethernet] routers and actively use it for a month or two, I’d encounter serious hardware or firmware bugs – which makes sense, they are a niche product that won’t get as much testing as phones.

I’ve come to hate these little boxes with a passion. By [www.digitalpush.net], CC BY 4.0
Solving these problems and implementing my desired features is quite motivational for me – it’s not just that I need my devices to work for me, it’s also that every time I tackle a project like this, I push some cool tech boundaries, find out a number of fun things I can share with you all, and I end up creating yet another device I use to significantly improve my life. What’s more, routers are a sea of proprietary hardware coupled to proprietary software, and it shows. The Pi-hole project is about cutting profit margins, and the Tor network, so you won’t see them on a commercial device. Your Huawei portable router’s battery died? Good luck sourcing a replacement. Router randomly shutting down because of overheating? Either do something and lose your warranty, or send it away for repair for weeks with no guarantee of having it fixed, and stars help you if it’s made by Asus.

Feature Plan

I need a router with an always-on WiFi AP, LTE, Ethernet and an optional WiFi station interface. As for software, I need it to run a lightweight VPN client like Wireguard and route my traffic through it, as well as run a bunch of quality-of-life features – from reasonable static IP allocation and DNS configurability, to captive portal auto-clicking and DNSSEC. The best part about building your hardware is that you can pick your batteries and can choose cells as large as you desire, so it shouldn’t be hard to make it last a day, either.

You also get to pick your own CPU, LTE modem, power management circuits. Thankfully, I have building blocks for most of these, and I’ve discussed them before – let’s talk CPUs first, and next time, go into LTE modem selection.

You might have seen fun boards throughout the last decade – a half-a-GHz CPU, from 64 to 512 MB of external RAM, WiFi and Ethernet interfaces done in hardware, an SPI flash for firmware, a bunch of GPIOs, OpenWRT shipped by default, and no video output interface in sight. You might have bought one for a generic Raspberry Pi grade project, misunderstanding its purpose. It’s a a router CPU board, put into a maker-friendly form-factor – tt will work wonders for routing packets, but it won’t work well for streaming video. I know, because I bought my first board ever with the intention of running mjpg-streamer on it, and as soon as I set it to a reasonable resolution, the CPU went to 100% consumption in a heartbeat.

Perhaps one of the most promising “router CPU” modules to this day. By [Pinguinguy], CC0 1.0
There are plenty of boards like this around – the VoCore, the Carambola boards, the BlackSwift boards I keep nostalgically remembering, LinkIt boards, and the Onion Omega modules. Of these, to the best of my knowledge, the Onion Omega 2 is the most up-to-date of them all, so I got one for cheap locally with a breakout – despite their name, they have nothing to do with Tor routing, though I do aim to change that. The Omega-designed breakout is underwhelming in my eyes – they used a powerbank IC to add battery backup functionality, with all the inefficiency and bugs that entails. As you might already know, you literally don’t need to do that.

Still, it ships with OpenWRT, it’s reasonably open, and it’s got everything I need. I started this project in 2018, but thankfully, I picked well – the Onion Omega repositories are active to this day, which means that, to this day, I can resume my project by just reflashing OpenWRT to a newer version; if you don’t do this, you can’t use the repositories meaningfully, which is a large part of the fun!

Want to prototype a project that contains multiple components? Just tape them to a piece of board while you map it out and test things together!

Could you pick something more powerful? Yes, absolutely – a Raspberry Pi would have a beefier CPU for anything I’d want to hack – in fact, many boards today can boast a faster CPU and better peripherals. My hunch, however, is that native WiFi and Ethernet are an important thing to have – I don’t want to go full USB for everything I need, lest I get throttled by the 480 Mbps restriction. Also, I do want to make sure the module I pick is well-suited for the task in aspects I might not even foresee yet, and it just feels right to use a router CPU.

In short, I’m cool with throttling my Internet uplink in some ways, as long as this gives me a bunch of cool features in return; later on, I can do a market review and see if there’s a more suitable board I could integrate, but until then, I see no boards like this. Do you have better CPU board suggestions for a portable router? Drop them in the comments down below.

Choice Outcomes

So, this is what I set out to do – use an Onion Omega as my personal WiFi repeater, for now, without an LTE uplink integrated. I’ve used it as my portable router, in a half-complete configuration, and here’s what I found. First off, the WiFi adapter allows combined STA (station=client) and AP (access point=hotspot) mode – something that might feel like a pretty nifty feature to you, and it did to me. Initially, I thought this would allow me to do WiFi forwarding easily – and it did, but as soon as I leave the house with the router in my backpack and the STA mode goes inactive, things break.

Test setup, creating an access point with an Ethernet uplink. With two 18650 cells, no LTE enabled, it works for about 20 hours.

Here’s a bug – if you expect an always-on AP and an occasionally active STA, your AP will be regularly glitching out, at least on the Onion Omega, and this is a fundamental problem that might translate into other hardware too. This is because, whenever the STA interface is disconnected, it needs to periodically re-scan the network to see if it needs to reconnect to an AP. Your WiFi radio needs to stop and drop what it’s doing, including any ongoing transmissions, and listen to the aether for a while – switching between different channels while at it. This is very noticeable when doing live audio or video streaming; if you do a local file transfer over the AP’s network and the transfer speed is plotted, there will be visible gaps in the transmission speed.

First lesson – scrutinize cool features like the combined STA+AP modes if you’re actually building a network you want to rely on, especially if you don’t see them – you will notice that many devices don’t come with STA+AP simultaneous connection support out of the box. Sharing an antenna for two different purposes at once feels like an error-prone situation, and if you’re having a connectivity problem, you will want to look into that.

Is the hardware support ideal? No. Is this fun so far? Yes, absolutely, and it gives some cool insights into features you might consider worth building your project around. Does this router beat the performance of a Huawei battery-powered router I used to carry in my pocket? Yep, it already has quite a few important features I always wanted to have, like static IP assignments and an Ethernet port I can use for an uplink. Now, it doesn’t have LTE just yet – let’s talk about that in the next article, showing you how to pick an LTE modem, and what can you do to make the process significantly easier for you.

23 thoughts on “Portable Router Build: Picking Your CPU

    1. glad I had this one – used to be a cheap “solar+battery” charger for phones, the cell died, I gutted it, and kept it in my drawers until the moment struck =D the solar battery spot is about to be taken up by a display, and, somehow, it all fits inside still! I will be switching to surface-mount Omega modules in a later revision, that will free up a whole lot of space inside. One gripe of mine, unless I figure out how to source similar zipper packs – I should probably do some Alibaba excursions.

      1. screen? how about keyboard?
        ssh is always good idea ;)

        In my opinion 18650 is not good idea. Please think about using one 18650 OR two but with different size OR AA and 18650 (step up from 1V to 12V) and solar panel

        1. Screen and a few buttons at the very least, plus, who knows, maybe I’ll get DRM working so could even get CLI! Otherwise, I’ll be running a custom interface on it, for sure. And yeah, SSH is helpful, UART more so, that’s why there’s a UART adapter in the picture – defo will be incorporating that!

          Can elaborate on the 18650? I’m not getting the logic behind it. Also, 1V to 12V is a brutal way to do step-up conversion, ngl =D

  1. One of my friends developed a MT7628AN based router board just like yours, with the Hi Link HLK7628 module, that can run OpenWRT, run off a common 3.3v PSU, and have USB support for a Modem.

    I had to modify the device tree to remove the LAN switch, enable SDCard, i2c and the two other UARTs.

  2. I use a Gl.Inet 750S “Slate” as my go-to mobile router. I wrote up some of the things I have done with it here: https://dawes.za.net/rogan/twitterbackup/RoganDawes/status/1203622183530123264/

    TL;DR: Atheros10k 2.4GHz and 5GHz wifi allows separate STA and AP interfaces. 3 GbE interfaces. 128MB RAM, 16MB NOR and 128MB NAND as well as uSD support for effectively unlimited storage needs. Runs mainline OpenWrt. An external USB2 port, as well as another on a header inside the case makes for expandability. Header with TTL UART and I2C pins in the case. Button and switch for easy headless config changes.

      1. The Xitter backup was made using this tool: https://tinysubversions.com/twitter-archive/make-your-own/

        Pictures of the Slate are readily available online, so nothing special there. One additional thing I did was add a Bluetooth Serial Port Profile dongle to the TTL UART inside the case. And by dongle, I really mean a $1 Aliexpress module that takes Vcc, Gnd, Rx and Tx, and exposes the UART over bluetooth. https://www.aliexpress.us/item/2251832775250988.html Soldered some wires to the module, and to the header (since vertical space is tight). The idea is slightly flawed, in that there is not really enough time to pair with the bluetooth interface and open a serial console in time to prevent uboot continuing to boot the OS, but if you can reboot the device without detaching power, it is also possible to access the u-boot shell.

        The flesh out some of the tweets:
        – Using it as a personal AP in a hotel is near trivial. Disable the Access Point on one interface, then Scan for the uplink you will be using. Associate with that, save and activate. Add the wwan interface to the wan firewall zone for proper NAT, etc. Any portals that you need to jump through can be navigated by the first device that tries to access the internet. Chromecasts, etc can then connect to your own AP instead of the hotel’s peer-isolated network, and you can cast to them accordingly. And of course, the nickel and diming hotels will only ever see a single MAC address for you to pay for.
        – Examples of the transparent Person in the Middle are inspired by Duckwall’s “A Bridge Too Far” at Defcon 2010 (I think). Basically iptables and ebtables rewriting to make your device appear to be a legitimate, authenticated device on a secured network. More details can be seen at the Phantap site that I linked, but I also have an implementation for a non-OpenWrt-based device at https://sensepost.com/blog/2020/making-the-perfect-red-team-dropbox-part-2/
        – Triggering commands via a button or slide switch can be done as per https://openwrt.org/docs/guide-user/hardware/hardware.button
        – ssh’ing to the IPv6 Link Local address is a neat trick to ensure that you can always access your router, even if the IPv4 configuration is broken/forgotten, etc. All IPv6 interfaces assign a Link Local address, usually derived from the MAC address of the interface. So long as you have made a note of the address in advance (or know how to calculate it), you can always ssh to your device. You do need to specify the interface to use (e.g. eth0, en0, wlan0, whatever), since the Link Local prefix exists on all interfaces, and has no preferred routing.
        – I’ve mentioned LOGITacker a few times in the past on Hackaday, but I see that Marcus Mengs (MaMe82)’s amazing work has never been featured. While the github is under my name, I am merely a custodian. https://github.com/rogandawes/logitacker LOGITacker allows any nRF52840-based dongle to conduct basic mousejacking attacks, but also to establish a (relatively slow) bidirectional tunnel over the Unifying Dongle!
        – Wireless Intrusion Detection Systems look for any unauthorised Wireless Traffic and sends deauthentication frames to the client and access point to interfere with it. Encrypted Management Frames prevent this sort of DoS.
        – The Slate does have removal antennae connectors, if you are prepared to open up the case. The rotating “ears” are near-perfectly sized to be replaced with an RP-SMA pigtail, which is commonly used for external antennae.
        – … that’s probably enough :-) If you want specific details, you should be able to get my email address from WordPress (or just search my name, I don’t keep a low profile!). For whatever reason, I never seem to get notifications of replies to my posts on HaD.

      2. Oh, and to answer your question about alternate modules to the Onion Omega2, you might want to take a look at “Gainstrong router modules”, which range from classic AR9331 modules consuming 0.4W, up to MT7621-based modules with dual-band WiFi and 5GbE ports, and USB3, and more. Haven’t actually purchased from them myself, but they appear to be quite interesting for DIY options, especially for someone capable of making a simple baseboard for them. Also some quite neat complete devices too, that should not be too difficult to get mainline OpenWrt running on.

        There are a bunch of others, of course, such as https://www.8devices.com/products/jalapeno, etc.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.