I wanted to create a small, cheap device that I could put on my parents’ and in-laws’ networks so that they could have a small local backup and so that I could have a secure entry point into their home network for support issues. I already have an online backup from their devices set to my own servers but nothing local and I already have Mesh Central for remote control but that doesn’t help if their computers have gone to sleep.
So my requirements were: a small, cheap, low-energy device with WiFi and some storage (not more than 50GB required – a micro-NAS if you like) to run Samba (file sharing) and Tailscale (VPN).
I looked into a Raspberry Pi Zero 2W with a USB thumbdrive and an adapter but I don’t have a 3D printer for a case and it would be messy, I wanted it to be a simple, enclosed box. I could have used a different Raspberry Pi or similar or even just an old mobile phone.
I settled on a device I already own – it’s a small travel router that runs OpenWrt, the GL.iNet GL-AR300M16-Ext (aka the Shadow). It’s very low-powered and not very fast but if I added some storage it was exactly what I needed, OpenWrt has thousands of plugins and configuration options and can happily run both Samba and Tailscale. It was on offer at £24 (about $30), once I’d popped in a tiny 64GB USB drive it would be perfect (I went for the tiny Integral Fusion 3.0, which was only £6 ($8) so it didn’t stick out too much – the drive is USB 3.2 and the router only supports USB 2 so perhaps slightly overkill. The SanDisk Ultra Fit series sticks out even less but they are slightly more expensive – plus I prefer metal). Total spend £30 ($40) – or less if you use any old thumbdrive that’s knocking about (or buy one of the less well-known brands).
A USB drive isn’t ideal for a NAS-type device of course, but this would only be a weekly or monthly sync. I did look into the NVMe hats for the Pi 5 which are very interesting but totally overkill. I was aiming for cheap and simple.
Now, the primary issue is that the router doesn’t have enough diskspace to install any plugins so that has to be dealt with first. Removing the GL.iNet firmware and flashing with vanilla OpenWrt reclaims a little bit of space, but not enough. So this is the tasklist:
- Partition the USB drive with some EXT4 space for plugins and some NTFS or FAT32 space for files.
- Extend the router filesystem onto the USB drive (extroot).
- Install and configure Samba.
- Install and configure Tailscale.
- Configure the router as client mode so it connects to existing WiFi but doesn’t broadcast its own signal (or you can use a network cable of course).
Plug the USB drive into the router and turn it on. Plug the router into a computer/laptop using a network cable (into the router port marked LAN). Turning off other network connections (WiFi etc.) will make this easier. Open up a browser and go to http://192.168.8.1 – it should start setup and ask you to choose a language. Do that and also set an admin password. The router needs to be online for this so plug a network cable into the WAN port and the other end into your switch/router. (If that’s not possible you can also use WiFi – in web admin go to System, Advanced Settings and log into LuCI, then go to Network, Wireless and hit Scan and connect to your local network.) Once logged in and online, go to System, Timezone and hit Sync. If this is the first time you’ve used the router you should also update the firmware (go to System, Upgrade, then hit Install). This guide was written using firmware 4.3.18.
Instructions for the next part are over at the OpenWrt website but I’ll pop them here too (slightly adapted for this device and our usage).
Now open up your SSH program (PuTTY, ZOC or similar on Windows) and connect to IP address 192.168.8.1 with username root and the password you just entered. We need to install a package to partition the USB drive. So run these commands over SSH:
opkg update
opkg install parted
Now we want to create a small ext4 partition for the extroot and the rest as NTFS for file sharing. I went with 200MB for the first partition (should be more than enough – we’ll only use about 75MB). So to partition and then format (unmounting first just in case) run:
umount /dev/sda1
parted -s /dev/sda -- mklabel gpt mkpart primary ext4 0% 200MiB
parted -s /dev/sda -- mkpart primary ntfs 200MiB 100%
mkfs.ext4 -L extroot /dev/sda1
mkfs.ntfs -L data -Q /dev/sda2
Next, configure the extroot mount entry and configure a mount entry for the the original overlay.
eval $(block info /dev/sda1 | grep -o -e 'UUID="\S*"')
eval $(block info | grep -o -e 'MOUNT="\S*/overlay"')
uci -q delete fstab.extroot
uci set fstab.extroot="mount"
uci set fstab.extroot.uuid="${UUID}"
uci set fstab.extroot.target="${MOUNT}"
uci commit fstab
ORIG="$(block info | sed -n -e '/MOUNT="\S*\/overlay"/s/:\s.*$//p')"
uci -q delete fstab.rwm
uci set fstab.rwm="mount"
uci set fstab.rwm.device="${ORIG}"
uci set fstab.rwm.target="/rwm"
uci commit fstab
Now we transfer the content of the current overlay to the USB. If you get an error with the mount command check if /dev/sda1 is already mounted (in the browser Mount Points page). Then reboot to apply changes.
mount -t ext4 /dev/sda1 /mnt
tar -C ${MOUNT} -cvf - . | tar -C /mnt -xf -
reboot
Once rebooted, the Mount Points page should show /dev/sda1 as /overlay with plenty of space (in web admin go to System, Advanced Settings, log into LuCI, then System, Mount Points). Next up, Samba. Back into SSH, install Samba, mount the partition:
opkg update
opkg install samba4-server
mkdir -p /mnt/sda2
umount /dev/sda2
ntfs-3g /dev/sda2 /mnt/sda2
You may have to run that umount command twice. Now to make sure this is mounted on boot:
uci add fstab mount
uci set fstab.@mount[-1].target='/mnt/sda2'
uci set fstab.@mount[-1].device='/dev/sda2'
uci set fstab.@mount[-1].fstype='ntfs-3g'
uci set fstab.@mount[-1].options='rw,sync'
uci set fstab.@mount[-1].enabled='1'
uci set fstab.@mount[-1].enabled_fsck='0'
uci commit fstab
Now we need to configure Samba (if we edit /etc/samba/smb.conf it gets overwritten when rebooting):
uci add samba4 sambashare
uci set samba4.@sambashare[-1].name='NTFSShare'
uci set samba4.@sambashare[-1].path='/mnt/sda2'
uci set samba4.@sambashare[-1].read_only='no'
uci set samba4.@sambashare[-1].guest_ok='yes'
uci set samba4.@sambashare[-1].create_mask='0700'
uci set samba4.@sambashare[-1].directory_mask='0700'
uci add_list samba4.@sambashare[-1].users='samba_user'
uci commit samba4
Then create that user (you’ll have to enter a password for the first prompt but you have just hit Enter for the smbpasswd), restart Samba and start it on boot:
adduser samba_user
smbpasswd -a samba_user
/etc/init.d/samba4 restart/etc/init.d/samba4 enable
On your connected device try browsing in explorer to \\192.168.8.1 – you should see a password prompt and then the shared folder. If you want you can also install the package luci-app-samba4 to administer your shares in LuCI (opkg install luci-app-samba4). Next is Tailscale.
opkg install tailscale
/etc/init.d/tailscale start
/etc/init.d/tailscale enable
tailscale up
It should give you a URL to visit and authenticate. I got some errors about log files uploading but they didn’t seem to affect how it worked. Once this is done you should be able to SSH in from another computer on your Tailscale network using the Tailscale IP address – and even bring up the login page in your browser.
Finally we want to make it a network device. Go to LuCI, Network, Wireless and hit Scan and connect to your local network (Client mode should be selected by default). You’ll have to hit Submit, Save, then Save & Apply to make this change permanent. Then you can hit Disable next to the master WiFi. If you want to access the login page and SSH over the network, go to the GL.iNet web admin page, Network, Firewall, Open Ports on Router and Add ports 80 (HTTP) and 22 (SSH). Also add port 139 (Samba) and 445 (Samba-NetBIOS) if you want to be able to access the network share, then go to LuCI, Services, Network Shares (assuming you installed luci-app-samba4) and make sure the interfaces you want to connect on are selected (if you can’t yet see this option you will have to reboot the router first). It may be worth adding UDP port 41641 (Tailscale) to the Open Ports on Router – though it usually works without this.
You should now be able to access SSH and web admin login over both the local IP and the Tailscale IP – and Samba over the local IP address.
My final step was to install a WOL plugin and the frontend in LuCI:
opkg install etherwake luci-app-wol
Potential issues
1. No wireless connection after reboot (Client WiFi settings lost) – edit the file /etc/rc.local (vi /etc/rc.local – then hit “i” for insert mode, paste the following block before the line that exits (put in your own SSID and password), then hit Esc, ZZ to save and quit), that way it will set up the connection again every time it boots:
echo "" >> /etc/config/wireless
echo "config wifi-iface 'wifinet0'" >> /etc/config/wireless
echo " option ssid 'YourSSID'" >> /etc/config/wireless
echo " option encryption 'psk2'" >> /etc/config/wireless
echo " option device 'radio0'" >> /etc/config/wireless
echo " option mode 'sta'" >> /etc/config/wireless
echo " option key 'YourPassword'" >> /etc/config/wireless
echo " option network 'wwan'" >> /etc/config/wireless
wifi reload
DO NOT use the web admin panel to change to Extender mode; although this will sort the WiFi issues, it will also stop you connecting via Tailscale.
2. Data partition mounts in read-only mode so file sharing doesn’t work. This seems to be an issue with boot-time mounting, edit /etc/rc.local (instructions above) and add these lines to unmount and remount the drive:
umount /mnt/sda2
ntfs-3g /dev/sda2 /mnt/sda2 -o rw,sync,umask=000