This documentation applies only Turris OS 3.x that is no longer present in newly sold routers. The new documentation is located at https://docs.turris.cz/.
Although a router is a device that does not need a permanent attention, it has to be configured before its first use. To make the configuration simpler, The Turris router contains the Foris web interface, which also contains an initial setup wizard. Until you finish the basic router configuration, computers connected to the LAN ports won't be able to connect to the internet.
If you are configuring either the Turris 1.0 or Turris 1.1, some parts of the configuration are different. These routers are referred to as the original Turris router in this guide. The summary of the differences can be found at the end of this page in the section about configuration differences.
Information about the first run apply in the case when the router has been reset to the factory defaults.
If you have restored the factory defaults and you have a configuration backup of your router, you don't have to go through all the steps and you can restore this backup. Click the
Skip wizard button in the upper part of the screen and restore your backup on the Maintenance page.
In order to access the Foris configuration interface, you need to be connected to the same network as the router. It is possible to use only cable connection during the first run – WiFi network may be enabled later.
Before you begin the configuration, make sure the cables are connected properly:
Start up your web browser and connect to the http://192.168.1.1/ address. This address is valid for the first run with the default LAN configuration. If you change the LAN setting later, you must use the address you have entered.
You will be presented with the following screen on this address:
Continue to the next step by clicking the
Begin installation button.
The wizard itself is well commented and we do not want to repeat ourselves, so let's go through the individual steps of the wizard just with some explaining comments.
You can set the password that will be used to access the Foris interface here. If you enable the
Use the same password for advanced configuration option, the same password will be used for the advanced configuration interface LuCI and for the user root when accessing the router via SSH.
If you do not need to adjust any advanced functions, we recommend you not to set the password for LuCI and SSH until the time when you need it. (This password can be changed at any time in the future on the Advanced administration page.)
This page adjusts the method the router Turris connects to the internet. In most cases, the option
DHCP (automatic configuration) should be sufficient. If it is not the case, you should have obtained the configuration details from your internet service provider – i. e. the static IP address, default gateway for your connection, etc.
If you are connecting using xDSL, you will need a DSL modem. Your old router can serve as a modem, if you switch it to the Bridge mode. Unfortunately, it is not possible to provide a universal guide as the procedure varies for every device and should be described in the device's user manual. A less preferred alternative is connecting the router to your old DSL router – in that case setting the
DHCP (automatic configuration) should work.
As it's been said, it is not possible to provide a unambiguous guide for every device. It is needed to find a specific guide for the device you own.
If you manage to find a guide for some device, do not hesitate and provide it to other users through our community documentation.
So far, we have these guides:
In a case that you are connecting to the internet using a less common method (for example a situation when the router itself is a WiFi client), we have prepared some detailed tutorials (in Czech only).
This step checks whether the WAN settings are correct. If the connection to the internet does not work, check that all the cables are connected correctly, re-check the WAN settings and repeat the test. If the problems persist, you might want to check our troubleshooting page.
In order to display the time in the proper timezine, you should select the time zone in which the router is being operated. If the central European time zone – which is selected as the default one – does not suit you, you can change it to a different one in this step.
Although it might look a bit uncommon, Turris routers require to know the correct time for their proper operation.
One of the goals of Project Turris is to provide a state-of-the-art security. One of the vital technologies nowadays is DNSSEC which – with the help of asymetric cryptography – signs all the DNS records and ensures that the reply you receive from the DNS server was not spoofed on the way. Validity of the used encryption keys is time-limited and thus it is needed to know the correct time to validate the replies.
If the automatic synchronization fails for some reason, you will be presented by a form for manual synchronization or for synchronization of the time with your computer.
Another thing that makes the Turris routers secure are the automatic updates of the installed software. Home routers are target of many malicious attacks, most often successfull due to outdated software which is present on the device and was not updated ever since the first run of the device. We have decided to help the users here and the updates are performed automatically.
Although it is possible to disable the automatic updates, we strongly recommend you not to do so. If you decide to keep them enabled or if you turn them off, if you change your mind in the future, you can find the form for toggling of the automatic updates in the Foris interface on the page Updater.
The download and installation of the updates takes some time, particularly on the original Turris routers. The main reason is the fact that this update does not only install the updated software but also many new applications which could not fit to the device's memory during the production.
In a case that the check for updates fails, do not worry – the router automatically regularly checks and installs the updates.
This step serves for setting the range of IP addresses which will be used in your local network. If you do not have any special preferences, just click the
If you require some advanced configuration options, for example the size of the subnet or anything else, please head over to the advanced configuration interface LuCI.
If you change the router's local IP address (and thus the range of LAN IP addresses), you should know that you won't be able to load the configuration page, because the old address of the router won't be available anymore. Foris should offer you you a link to the new location or you can change the address in your web browser manually.
It is also required to change the IP address of your computer. If you have obtained your IP address from the DHCP server and you don't know how to request a new one in your operation system, disconnect your computer from the router and reconnect it again after a few seconds.
This step helps you set up the WiFi network. The Foris interface, in order to provide the highest security level possible, does not allow to set anything else than the WPA2 encryption.
You can also choose whether you want to use the WiFi in the 2.4 GHz or 5 GHz band. The 5 GHz band is usually less crowded, which also means you can achieve greater speed and have more stable connection – unfortunately, many old devices usually do not support this mode.
The Turris Omnia router has two WiFi cards installed. This makes it possible to use the both bands at once – this may be useful if you want to use the 802.11ac standard in the 5 GHz band for the new devices which support it and use the 802.11g (802.11n) legacy mode for the devices that can only communicate in the 2.4 GHz band. If you want to use the router in the modern 802.11ac mode, you also must select the respective choice in the
802.11n/ac mode drop-down box.
The Foris web interface is not just a setup wizard for the initial setup presented earlier – it is also an interface for basic maintenance of the router and for adjusting of the initial settings you have set during the wizard's steps.
Now let's go through all the pages that are different from those you have encountered in the wizard. Details about the rest are explained in the previous section about initial setup wizard.
You can access the administration the same way as you have accessed the setup wizard. If you have finished the wizard successfully, you may log in with the password you have chosen. If you ever have problems remembering the password, you can find help on the page dedicated to troubleshooting (in Czech only).
The login page looks like this:
The administration interface offers these extra pages not present in the wizard:
This pages contains settings for resolver forwarding mode and a connectivity test.
The Turris router uses its own DNS resolver with DNSSEC support. It is able to work as a completely independent resolver or with the help of ISP's DNS resolver which is the target of the so-called forwarding. Where the ISP's resolver works correctly, it is preferred to use the forwarding mode which usually yields better response times. If this mode does not work in your network, you have to disable the forwarding mode. Forwarding can be broken in cases when your ISP does not support DNSSEC and has incorrectly configured servers.
Turris Omnia allows you to disable the DNSSEC validation. We highly recommend you not to do so, since you can easily become a target of a DNS spoofing attack then.
The connectivity test can be used to check different aspects of your connection. You can also test whether the forwarding setup works or not.
Advanced configuration page allows you to change the password for LuCI and SSH or set it for the first time in a case that you have not done so in the first step of the wizard.
This page contains a few useful function for management and maintenance of your Turris router.
The router can inform you – for example about the required device restart, installation of the updates or potential problems – by sending you an email message. If you are interested in receiving these notifications, enable this function first by checking the
Enable notifications, set your email address and chose what type of notifications you want to receive.
You have to set an outgoing SMTP server which will be used to send the messages for this to work. Please be aware that the password can be obtained in the configuration files in a readable form. Because of this, you should not use the account you usually use for sending and receiving emails. Instead you can create a dedicated mailbox for your router at one of the free mailbox providers.
Alternatively you can use the servers of the Turris infrastructure – that way you have only to set the
SMTP provider to
Turris and enter your email address. The number of emails which can be sent in this mode is limited but it should not pose any problems, as the limit should not be exceeded during the normal use of the notification service.
Router Turris features automatic updates. Almost all updates can be installed without noticing, except the update of the kernel of the operating system and few other low-level software components which requires a device restart. This option can be used to choose the preferred time when the automatic restart would be performed.
The complete configuration of the router can be obtained in a single compressed file. If you need to reinstall the router in the future (for example because of an error) and reset its configuration to factory defaults, you can save some time by saving the configuration and restore it later. A useful tip might be saving the configuration right after you finish the wizard.
The backup contains only the
/etc/config directory, which contains all the settings that can be adjusted in the Foris interface and almost all the settings present in the interface LuCI.
Please be aware of this fact if you perform any administration steps directly using SSH.
Restart buttons has almost the same effect as a short press of the reset button on the back of the router. Router restarts, which causes a short outage of the provided services (usually around half a minute). Using the
Restart buttons in the Foris interface is the preferred way how to perform restart of the router as it is more friendly to the operating system. All the settings will be preserved. If you wish to reset the router to the factory-default state, you can find the instructions on the page dedicated to troubleshooting (in Czech only).
Contrary to the original Turris router, the Turris Omnia can activate or deactivate the automatic updates. If the automatic updates are enabled, you can install lists of software packages using the Updater. These lists can simplify the installation of software required to turn your router into an NAS (network attached storage) for example, or allow you to connect a printer to the router. The packages will be installed shortly after selecting the desired package lists and pressing the
Save changes button.
If you own the Turris Omnia router, you can join the research project called Project:Turris and help the research by contributing your data. In return you can check the statistics about your connection and attack to your router. We will also contact you if any of our analyses reveals a potential threat in your network. In order to activate the data collection, you must enable the automatic updates.
If the data collection is enabled you can adjust its settings here – either disable the emulated services (so-called minipots, which emulate services that are a common target of internet attackers) or you can choose whether you opt-in for the collection of credentials entered by the attackers.
This page contains information about the version of hardware and operating system, along with other operational information.
On the original Turris router you can also obtain a new registration code for the data collection if the process failed during the setup wizard.
The routers Turris 1.0 and 1.1, distributed in the Turris research project, have slightly different settings. Some of the notable are:
After connecting and setting the new router successfully, it is recommended to register the device on the page of the project, where you have to enter a sixteen-digit code presented in the last step of the configuration guide. A working internet connection is required to generate the code – if the communication with the server fails, you are informed about the fact – in that case, you can request it again on the About page.
You only have to register the router once. If you reset the router to the factory-default settings, the wizard still asks you to register the device in the last step. This step is not necessary to be performed again and the repeated attempt to register the router would end up in a failure.