The Nexx WT3020 is a travel router that runs OpenWRT/LEDE and other third-party firmware. You can use it for Tor or OpenWRT private tunnelling at home or on the go.
The Nexx WT3020 is an OpenWRT/LEDE-compatible Travel Router. The most obvious reason to get one of these is to provide a safe way to connect to Internet hotspots and even share the connection if you wish.
You can also use one as a portable "tunnel router" (VPN or Tor) for privacy-enhanced computing at your home or office, or especially when you're away.
Nexx WT3020F Specifications
The commonly-available version is the WT3030F with 8MB of flash memory, enough for most purposes. Avoid the 4MB WT3020A model.
- 580MHz CPU (Ralink/MediaTek MT7620N)
- 8MB of flash and 64MB of RAM
- 2TX/2RX 2.4 GHz "300Mbps" 11a/g/n WiFi
- Requires very little power (under 0.5w?)
- Tor and OpenVPN Capable
- Above-average documentation at OpenWRT.org
- Low price
- Flash and RAM sizes are adequate but not excessive.
- 2.4 GHz only. 5GHz radios are extremely rare in Travel Routers.
- Two printed-on-board 2dBi antennas. They're adequate, but not super sensitive.
- USB port is USB 2.0. What you'd expect these days.
For this device's most useful purposes, none of the limitations are critical.
There are several alternative firmware choices for the WT3020.
The stock firmware "lacks polish". Some people might find it adequate.
There's a version of OpenWRT that runs on the WT3020F.
There's a version of LEDE that runs on the WT3020F.
Gargoyle firmware has a version for the WT3020F.
- https://www.gargoyle-router.com/download.php (MediaTek/Ralink mips)
There are users reporting report running DD-WRT on the WT3020F.
There are users reporting report running Padavan's firware on the WT3020F.
Links to the LEDE firmware image files are on the Nexx WT3020F Techdata page.
Note: If you have a new router and want to install a custom bootloader, do it before flashing to OpenWRT/LEDE.
Install with Breed Bootloader
You can install the "sysupgrade" version using Breed Bootloader.
- Boot into Breed.
- Do a firmware backup. (optional, recommended)
- Flash "sysupgrade" image.
- Boot into Breed.
- Erase nvram.
Install From Stock Firmware
If Breed isn't installed there are other ways described in the WT3020's OpenWRT page.
Stock Firmware Web GUI Method
The normal way to install OpenWRT is to flash a stepping-stone "factory" image first, then use the normal OpenWrt OS upgrade procedure (LuCI or sysupgrade) to upgrade from there to the "sysupgrade" version.
- Boot factory OS.
- Flash the "factory" image (
- Clear your browser (in Firefox or Pale Moon: Ctrl+Shift+Delete).
- Erase nvram (set to factory defaults).
- Flash the "sysupgrade" image (
You can repeat the last three steps (re-flash the sysupgrade firmware from itself) if you want extra "insurance" that router will start its new life completely free of anomalies.
- Erase nvram
- Flash "sysupgrade" image again
Stock Firmware Sysupgrade Via MTD
The safest installation method is the the "sysupgrade" version directly from the factory firmware using the sysupgrade-via-mtd" approach described on the OpenWRT Sysupgrade Page%:
Here are the commands to install LEDE:
mtd_write -r write lede-17.01.0-r3205-59508e3-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin mtd3
mtd reference page for more about
OpenWRT/LEDE Basic Setup
When you first boot into OpenWRT the router's web interface will have no password and the wireless interface will not be configured.
Log in with no password (just click the Login button), then click the link that says "Go to password configuration..." (second line beneath "No password set!").
Under "Dropbear Instance", click "lan".
Scroll to the bottom and click the "Save & Apply" button.
Go to Network -> Wireless
Edit the wireless device. Change the ESSID, then switch to "Wireless Security" under "Interface Configuration".
- Encryption: WPA2-PSK
- Cipher: Force CCMP (AES)
- Key: <a passphrase>
You passphrase should have
- at least 20 characters
- at least one capital letter
- at least one non-alphanumeric symbol
Scroll down and hit "Save & Apply".
Go to Network -> Wireless and enable the wireless device.
Go to System -> System and set the Hostname to something similar to your SSID. Change the timeservers from "
N.lede.pool.ntp.org" to "
Go to System -> Backup / Flash Firmware and download a backup archive.
Your router is now configured as a Wired router.
Go to System -> Reboot to reboot your router and test logging in.
To share a WiFi connection:
Go to Network -> Wireless and click the "Scan" button.
Set up Tor
Using Tor can be inconvenient at times. Some sites block Tor nodes, and it can slow down your browsing experience. It does, however protect you from a passive man in the middle attack (up until the exit node only!), so it can be useful when you connect to open wireless networks.
Maybe try Gargoyle?
Tomato has GUI Tor support according to the chart.
Set up OpenVPN
Setting up OpenVPN isn't specific to the router. It's specific to the OS.
Upgrading the Bootloader
TL;DR: Flashing a bootloader is optional. It provides web-based recovery and configuration options that are especially useful if you'll be experimenting with your router.
[Skip to Installing OpenWRT if you aren't flashing a bootloader.]
Your router’s bootloader is what runs first—prior to the OS—when you turn the power on. The bootloader's main job is to bootstrap the OS. You can also interrupt the boot process and make system changes without booting the OS, similar to the BIOS/EFI Setup option in your computer.
On a router like the WT3020 the most important change you would make would be System Recovery if for some reason your router won't boot or has become misconfigured.
OpenWRT doesn't permit replacing the bootloader but the stock firmware does. Upload the bootloader from the stock firmware before you install OpenWRT.
Breed (Boot and Recovery Environment for Embedded Devices) Botloader provides a Web Recovery Console. Here are the menu options for Revision 849:
- System Information
- Firmware Update
- Firmware Backup
- Frequency Setting
- Firmware Startup Settings
- MAC Address Modification
Breed Bootloader's language is Chinese. There's a Translator for the Breed Bootloader Chrome extension available in the Chrome Web Store (untested).
Breed possibly suffers from some GPL license violation issues, so if you are sensitive about that you should look into whether it's a matter of of concern.
Breed Bootloader Installation
The procedure is covered on the WT3020's OpenWRT page:
In summary, download and verify
breed-mt7620-reset1.bin, available here:
These commands flash the bootloader.
wget <http-accessible location of firmware .bin file>
mtd_write unlock mtd0
mtd_write erase mtd0
mtd_write -r write breed-mt7620-reset1.bin mtd0
Reset to Defaults
Returning to factory defaults (also known as "wiping the nvram") can be done various ways.
Hardware Reset Button
This works with stock firmware and OpenWRT, but not LEDE.
With the router booted and running, use a wire (paperclip) to press and hold the reset button.
Note: You cannot hardware-reset the router with the reset button if you're running LEDE 17.01.
You can use the
firstboot command or use the web interface:
System -> Backup / Flash Firmware -> Reset to defaults
If you don't know the router's password you can reset the router by booting into Recovery Mode.
- Record your computer's Ethernet settings so you can return to them.
- Set your computer's Ethernet port to 192.168.1.2/24 (Static IPv4 address: 192.168.1.2 Netmask: 255.255.255.0)
- Temporarily disable your WiFi adapter.
- Connect your computer's Ethernet port to the LAN port on the router.
Boot Into Recovery Mode
Boot the router (plug in the power) while holding the reset button until the LED begins to blink. The router will go into recovery mode.
Wipe the nvaram and Reboot
Restore your computer's Ethernet adapter settings and enable your WiFi adapter if you disabled it.
- The Bootloader [OpenWrt Wiki]
- The bootloader's main function is to initialize the hardware, pass an abstraction of the initialized hardware, a hardware description, to and execute the Kernel. (A very nice technical example can be seen here.) After that the bootloader is done and not needed in memory any longer. Most bootloaders offer additional functions.
Why this model? Why not <fill_in_model_here>?
The WT2030 router works well for most travel router purposes. It's not just the price that makes it attractive. For one thing, it's popular enough to have some usable documentation.
How about doing <fill_in_task_here> with the WT3020?
I've narrowly focused on a few specific solutions. It's a capable router that can do many other things.
What if I want moar stuffs in my travel router?
If you need higher specs, consider the "GL.iNet MT300A-Ext" router, which has twice the flash storage, twice the RAM, external antennas, and a MicroSD slot.