We decided to use an existing Linux based operating system as the basis for our Turris OS. Amongst the few existing projects focused on home routers, we chose OpenWrt, which already had many of the desired features as well as a broad and enthusiastic community.
We have improved the system in several ways. There is a new system for automatic updates, our own network probe called ucollect and a netconf based system for remote management called nuci.
The following list forms the basic set of features our operating system should support:
- secure by default (no open and password-less administration interface on WAN port, etc.)
- perfect IPv6 support including firewall and transition mechanisms
- DNSSEC support in recursive resolver
- unattended updates
- modern user interface
- interesting network traffic statistics
Because our system is based on OpenWrt, all packages for this distribution are available for installation. Experienced users are thus able to install for example a web server, email server or configure a network storage.
Tutorials on how to setup many of these advanced functions are available in the user documentation (mostly in Czech).
Majordomo - overview of your network
Majordomo is a tool for monitoring of communication of LAN devices with the Internet. Besides giving an overview about behavior of individual computers in the local network, it can also uncover suspicious traffic from clever home appliances or help with splitting of the bill for network connection.
Passive monitoring of network speed
One of many probes in router Turris continually monitors current transfer speed. Based on this data, we can offer our users detailed statistics of their bandwidth utilization as well as generate a global statistics of maximum speeds, which predict the actual bandwidth of the connection.
The "flows" probe collects netflow data (that is IP addresses, ports, time and amount of transported data) of suspicious traffic. Data collection is started automatically based on detection of specific network traffic, anomaly or communication with a suspicious address.
There are several publicly available statistics resulting from aggregated data from all routers. These are available at https://project.turris.cz/en/global-stats/.
Users of router Turris also have their own, much more detailed, statistics available in their online profile.
The source code of applications running on router Turris is available through the following GitLab web interface.
User documentation is available at https://www.turris.cz/doc/.