Upgrading the TL-WR902AC Travel Router with OpenWrt

I had an ageing TP-Link AC750 (TL-WR902AC) pocket router that I used to carry around on my travels before the pandemic. It is a handy travel mate allowing me to share the hotel Wi-Fi with my laptop, tablet and Chromecast devices. Sadly, the router has its limitations, but OpenWrt gave the AC750 a second life.

The tiny AC750 router – running the stock TP-Link firmware – was far from perfect for a few reasons:

• It didn’t support WPA3, either as a wireless client or an access point.
• Does not support VPN connections as a client. This forced me to install a VPN client on every connecting device, otherwise all traffic would have ended up using the open hotel Wi-Fi.
• Random wireless reliability problems. My devices kept dropping off from the Wi-Fi, and I had no idea why.

Because TP-Link have stopped releasing new firmware to address any of these issues, I was about to upgrade the AC750 with something more capable, like one of the travel routers from GL.iNet or the Netgear Nighthawk M1. As I was travelling with more devices, I wanted a travel router with solid VPN support.

Installing OpenWrt and Customisations

Luckily, I did some research and noticed that OpenWrt supports the AC750. In addition, the CPU of this router is relatively powerful and comes with 64 MB RAM and 8 MB of storage, so the hardware should be up to the job.

I chose the tftp method to install OpenWrt, and once the flashing process succeeded, the following screen greeted me on the web UI:

I won’t repeat the instructions here, but I installed and configured the WireGuard client and the DDNS client on the router.

LED and Buttons

Firstly, I wanted to do something with the additional LED lights on the router that did nothing. Compared to the stock firmware, OpenWrt allowed me to make two other lights blink when the 5 GHz Wifi or the VPN was active.

It was easy as the OpenWrt firmware compiled for the AC750 could recognise the LEDs and buttons on the router. All I had to do was navigate to System –> LED Configuration on the LuCI web interface. I changed the usb and wps LEDs behaviour as below to light them up if some traffic passes through the 5 GHz Wifi or WireGuard.

The WPS LED on the little AC750 functions as a push button, so I made some changes to the OpenWrt configuration files to turn this button into a VPN on/off switch.

I added the following snippet to /etc/hotplug.d/button/vpn to enable or disable the VPN link when the button on the router is pressed:

#!/bin/sh

[ "${BUTTON}" = "wps" -o -n "${TYPE}" ] || exit 0

. /lib/functions.sh

ip a show vpn up
STATUS=$?

if [[ "$ACTION" == "pressed" && "$STATUS" == 1 ]]; then
  logger "Button ${BUTTON} pressed, bringing up VPN."
  ifup vpn
elif [[ "$ACTION" == "pressed" && "$STATUS" == 0 ]]; then
  logger "Button ${BUTTON} pressed, bringing down VPN."
  ifdown vpn
fi

Because we configured the LED on LuCI earlier, the wps button should light up when the VPN becomes active.

Advanced Wireless Features

The other thing I liked was the WPA3 support. This ageing pocket router can now support the latest WPA2/WPA3 mixed and WPA3-only modes. These new wireless protocols are something TP-Link would have never implemented in a future firmware upgrade.

Regarding the connection reliability issues, this boils down to hardware limitations. According to the ‘travelmate’ developer, Wi-Fi connections tend to get unstable if the same wireless chip is used as an AP (for the connecting devices, e.g. laptop) and a wireless client (i.e. WAN port). This is known as the AP+STA mode.

As a workaround, devices should connect to the AP running on one wireless chip, while the WAN connection should be going through the other chip. This limitation is not something TP-Link mentioned anywhere as far as I know, and I believe this was the root cause of the reliability problems of the stock firmware.

Hardware Limitations

While OpenWrt elevates the AC750 to the next level, there are a few caveats due to the hardware limitations of the device:

Low Storage

Firstly, the low amount of storage (8 MB) is quite restrictive. Once the basic OS, WireGuard and the DDNS client is installed, there is very little storage left for anything else. Many people like to install the Samba for sharing movies and music over the network. To compare the AC750 with other devices, older GL.iNet models come with 16 MB, while newer routers have1 128 MB, so they can accommodate more apps like Samba. I usually never used the AC750 as a NAS on my travels, so I am happy to live with this compromise.

Sadly, the low storage prevents me from installing other packages, like the ones necessary for smartphone tethering. According to OpenWrt, tethering is faster to access the internet than sharing 4G/5G link with the phone’s personal hotspot feature. Devices like the GL-MT300N-V2 Mango can tether with a phone over USB and use this as the WAN gateway. Unfortunately, the AC750 disappoints again because of the limited flash capacity.

CPU Limitations

The second limitation of the TP-Link is the CPU power. The WireGuard VPN client requires processing power for the encryption and the decryption processes therefore, the VPN bandwidth will correlate with the single-core CPU performance. According to a few random Speedtest results, WireGuard maxes out at circa 13 Mbps (download) and 21 Mbps (upload) due to the limited resources.

An iperf3 test (using eight network streams) corresponds to the Speedtest results above. According to my results, the AC750 running OpenWrt can squeeze ~15 Mbps download and ~16 Mbps upload speeds through a WireGuard VPN.

Interestingly, the old GL.INet Mango (GL-MT300N-V2) has a similar CPU as the TP-Link AC750, but the real-world WireGuard speed of the Mango is 30 Mbps for some reason, and I am not sure why. If I recompiled OpenWrt with a few optimisations, the transmission speed would be on par with the GL.INet Mango, but I am just guessing here.

In summary, poor VPN performance could be a significant issue in a home-network environment, but most hotel wireless and wired networks are slow anyway. So, it is another compromise again, but I can live with this.

Potential Overheating Issues

Lastly, the device seems to waste a lot of power as it tends to get hot. The bottom side of the travel router heats up to the 40 degree range when the VPN link is enabled. This can be a problem if the travel router was running from a power bank, as a lot of electricity is dissipated as heat. Because of the excessive heat, the device should not be operated in enclosed areas like a backpack.

Conclusion

Is it worthwhile buying the TP-Link AC750 (TL-WR902AC) pocket router in 2022 and installing OpenWrt on it?

I reckon the answer is no. Unless you have one device already at home, there are more capable travel routers on the market with more storage space and beefier CPUs. The frustrating thing is that blogs and tech papers – often associated with affiliate marketing – keep recommending this TP-Link model as a good travel router (e.g. Google “The 6 Best Wireless Travel Routers of 2022”).

My honest verdict of the TP-Link AC750 (TL-WR902AC) running OpenWrt is:

Pros:

• WPA3 support;
• WireGuard VPN client support;
• Reconfigurable push button and LED lights;
• Very customisable, thanks to OpenWrt.

Cons:

• Lacklustre VPN performance;
• Limited flash storage space;
• The router tends to get hot;
• The original TP-Link firmware isn’t under active development.