Nexx WT3020 Router


The Nexx WT3020 is a travel router that runs OpenWRT/LEDE and other third-party firmware. You can use it for Tor or OpenWRT private tunnelling at home or on the go.

The Nexx WT3020 is an OpenWRT/LEDE-compatible Travel Router. The most obvious reason to get one of these is to provide a safe way to connect to Internet hotspots and even share the connection if you wish.

You can also use one as a portable "tunnel router" (VPN or Tor) for privacy-enhanced computing at your home or office, or especially when you're away.

Nexx WT3020F Specifications

The commonly-available version is the WT3030F with 8MB of flash memory, enough for most purposes. Avoid the 4MB WT3020A model.

Notable Features

  • 580MHz CPU (Ralink/MediaTek MT7620N)
  • 8MB of flash and 64MB of RAM
  • 2TX/2RX 2.4 GHz "300Mbps" 11a/g/n WiFi
  • Requires very little power (under 0.5w?)
  • Tor and OpenVPN Capable
  • Above-average documentation at
  • Low price

Notable Limitations

  • Flash and RAM sizes are adequate but not excessive.
  • 2.4 GHz only. 5GHz radios are extremely rare in Travel Routers.
  • Two printed-on-board 2dBi antennas. They're adequate, but not super sensitive.
  • USB port is USB 2.0. What you'd expect these days.

For this device's most useful purposes, none of the limitations are critical.

Firmware Alternatives

There are several alternative firmware choices for the WT3020.

Stock Firmware

The stock firmware "lacks polish". Some people might find it adequate.


There's a version of OpenWRT that runs on the WT3020F.


There's a version of LEDE that runs on the WT3020F.


Gargoyle firmware has a version for the WT3020F.


There are users reporting report running DD-WRT on the WT3020F.


There are users reporting report running Padavan's firware on the WT3020F.

Installing OpenWRT/LEDE

Links to the LEDE firmware image files are on the Nexx WT3020F Techdata page.

Note: If you have a new router and want to install a custom bootloader, do it before flashing to OpenWRT/LEDE.

Install with Breed Bootloader

You can install the "sysupgrade" version using Breed Bootloader.

  • Boot into Breed.
  • Do a firmware backup. (optional, recommended)
  • Flash "sysupgrade" image.
  • Boot into Breed.
  • Erase nvram.

Install From Stock Firmware

If Breed isn't installed there are other ways described in the WT3020's OpenWRT page.

Stock Firmware Web GUI Method

The normal way to install OpenWRT is to flash a stepping-stone "factory" image first, then use the normal OpenWrt OS upgrade procedure (LuCI or sysupgrade) to upgrade from there to the "sysupgrade" version.

  1. Boot factory OS.
  2. Flash the "factory" image ([...]wt3020-8M-squashfs-factory.bin).
  3. Clear your browser (in Firefox or Pale Moon: Ctrl+Shift+Delete).
  4. Erase nvram (set to factory defaults).
  5. Flash the "sysupgrade" image ([...]wt3020-8M-squashfs-sysupgrade.bin).

You can repeat the last three steps (re-flash the sysupgrade firmware from itself) if you want extra "insurance" that router will start its new life completely free of anomalies.

  • Erase nvram
  • Flash "sysupgrade" image again

Stock Firmware Sysupgrade Via MTD

The safest installation method is the the "sysupgrade" version directly from the factory firmware using the sysupgrade-via-mtd" approach described on the OpenWRT Sysupgrade Page%:

Here are the commands to install LEDE:

(none) login: nexxadmin
Password: y1n2inc.com0755
cd /tmp
mtd_write -r write lede-17.01.0-r3205-59508e3-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin mtd3

See the mtd reference page for more about mtd.

OpenWRT/LEDE Basic Setup

When you first boot into OpenWRT the router's web interface will have no password and the wireless interface will not be configured.

Log in with no password (just click the Login button), then click the link that says "Go to password configuration..." (second line beneath "No password set!").

Under "Dropbear Instance", click "lan".

Scroll to the bottom and click the "Save & Apply" button.

Go to Network -> Wireless

Edit the wireless device. Change the ESSID, then switch to "Wireless Security" under "Interface Configuration".

  • Encryption: WPA2-PSK
  • Cipher: Force CCMP (AES)
  • Key: <a passphrase>

You passphrase should have

  • at least 20 characters
  • at least one capital letter
  • at least one non-alphanumeric symbol

Scroll down and hit "Save & Apply".

Go to Network -> Wireless and enable the wireless device.

Go to System -> System and set the Hostname to something similar to your SSID. Change the timeservers from "" to "".

Go to System -> Backup / Flash Firmware and download a backup archive.

Your router is now configured as a Wired router.

Go to System -> Reboot to reboot your router and test logging in.

To share a WiFi connection:

Go to Network -> Wireless and click the "Scan" button.


Set up Tor

Using Tor can be inconvenient at times. Some sites block Tor nodes, and it can slow down your browsing experience. It does, however protect you from a passive man in the middle attack (up until the exit node only!), so it can be useful when you connect to open wireless networks.

Maybe try Gargoyle?


Tomato has GUI Tor support according to the chart.

Set up OpenVPN

Setting up OpenVPN isn't specific to the router. It's specific to the OS.

Upgrading the Bootloader

TL;DR: Flashing a bootloader is optional. It provides web-based recovery and configuration options that are especially useful if you'll be experimenting with your router.

[Skip to Installing OpenWRT if you aren't flashing a bootloader.]

Your router’s bootloader is what runs first—prior to the OS—when you turn the power on. The bootloader's main job is to bootstrap the OS. You can also interrupt the boot process and make system changes without booting the OS, similar to the BIOS/EFI Setup option in your computer.

On a router like the WT3020 the most important change you would make would be System Recovery if for some reason your router won't boot or has become misconfigured.

OpenWRT doesn't permit replacing the bootloader but the stock firmware does. Upload the bootloader from the stock firmware before you install OpenWRT.

Breed (Boot and Recovery Environment for Embedded Devices) Botloader provides a Web Recovery Console. Here are the menu options for Revision 849:

  • System Information
  • Firmware Update
  • Firmware Backup
  • Frequency Setting
  • Reset
  • Firmware Startup Settings
  • MAC Address Modification
  • Restart
  • About

Breed Bootloader's language is Chinese. There's a Translator for the Breed Bootloader Chrome extension available in the Chrome Web Store (untested).

Breed possibly suffers from some GPL license violation issues, so if you are sensitive about that you should look into whether it's a matter of of concern.

Breed Bootloader Installation

The procedure is covered on the WT3020's OpenWRT page:

In summary, download and verify breed-mt7620-reset1.bin, available here:

These commands flash the bootloader.

(none) login: nexxadmin
Password: y1n2inc.com0755
cd /tmp
wget <http-accessible location of firmware .bin file>
mtd_write unlock mtd0
mtd_write erase mtd0
mtd_write -r write breed-mt7620-reset1.bin mtd0

Reset to Defaults

Returning to factory defaults (also known as "wiping the nvram") can be done various ways.

Hardware Reset Button

This works with stock firmware and OpenWRT, but not LEDE.

With the router booted and running, use a wire (paperclip) to press and hold the reset button.

LEDE Reset

Note: You cannot hardware-reset the router with the reset button if you're running LEDE 17.01.

Normal method

You can use the firstboot command or use the web interface:

 System -> Backup / Flash Firmware -> Reset to defaults

Recovery Method

If you don't know the router's password you can reset the router by booting into Recovery Mode.

  1. Record your computer's Ethernet settings so you can return to them.
  2. Set your computer's Ethernet port to (Static IPv4 address: Netmask:
  3. Temporarily disable your WiFi adapter.
  4. Connect your computer's Ethernet port to the LAN port on the router.
Boot Into Recovery Mode

Boot the router (plug in the power) while holding the reset button until the LED begins to blink. The router will go into recovery mode.

Wipe the nvaram and Reboot

ssh root@

Restore your computer's Ethernet adapter settings and enable your WiFi adapter if you disabled it.


The Bootloader [OpenWrt Wiki]
The bootloader's main function is to initialize the hardware, pass an abstraction of the initialized hardware, a hardware description, to and execute the Kernel. (A very nice technical example can be seen here.) After that the bootloader is done and not needed in memory any longer. Most bootloaders offer additional functions.


Why this model? Why not <fill_in_model_here>?

The WT2030 router works well for most travel router purposes. It's not just the price that makes it attractive. For one thing, it's popular enough to have some usable documentation.

How about doing <fill_in_task_here> with the WT3020?

I've narrowly focused on a few specific solutions. It's a capable router that can do many other things.

What if I want moar stuffs in my travel router?

If you need higher specs, consider the "GL.iNet MT300A-Ext" router, which has twice the flash storage, twice the RAM, external antennas, and a MicroSD slot.

Page last modified on June 25, 2017
Powered by: PmWiki and Quick Wiki CMS