Introducing the NanoPi


NanoPi R4s

by Craig Miller

The NanoPi is an open source dream router. Friendly Electric (the manufacturer) has a port of OpenWrt that runs on it, and if you don't like that one, you can run vanilla OpenWrt on it. It only has 2 GigE ports (WAN and LAN). It also has two (2) USB ports, which support wireless dongles, making it a wireless router as well. It has excellent performance, with 970 Mbits/sec of routing power. My highest performing router in my stable.


As mentioned there are two GigE ports and two USB3 ports, as well as a six core ARM CPU. From the Wiki Page:


The base unit is $50 USD. I bought the 4GB RAM (additional $15) version with the solid aluminum case (additional $10) from Friendly Electric.

Picking an Image to boot

The Nano Pi has an SD card slot, and Friendly Electric has several images available to turn the small ARM processor-based box into a high performance router (running OpenWrt), or just a headless server running Debian or Ubuntu.

Booting the NanoPI

Once the image has been burned to an SD card, just insert it into the NanoPi and boot. However, because it is headless (no HDMI port) one will need to figure out the IP address and ssh to the NanoPi.

Running OpenWrt

When running OpenWrt, it is easy to determine the IP address, just plug into the LAN port, and ssh to the .1 or ::1 address of the subnet/prefix of your laptop. For example, if your computer's IP address is: 2001:db8:cafe:5f60:ad77:51b7:d4db:a3e3 then the router's IP address would be 2001:db8:cafe:5f60::1.

Just like any unconfigured OpenWrt router, there will be no password, and one should set a password as soon as possible. By default, OpenWrt has firewall rules which prevent ssh from connecting on the WAN port. Therefore this isn't as insecure as it sounds.

Running FriendlyWRT

Of course, one can run the vanilla OpenWrt (23.05.3), but there are advantages to running FriendlyWRT, Friendly Electric's prebuilt version of OpenWrt.

FriendlyWRT has several OpenWrt packages which I have never bothered to install, because I didn't have enough storage or RAM in my other routers. But with a 32 GB SD card, and 4 GB of RAM, I now had plenty of space.

Additional packages included in FriendlyWRT

Some of the additional pre-install packages include:

Package Description
adblock Blocks ads
block-mount Mounting USB drives
collectd Collects stats (more later)
coreutils Full versions of utils rather than busybox
dockerd Docker (more later)
iperf3 Measuring TCP and UDP bandwidth
Kernel Manager Manages kernel parameters
Netlink Bandwidth Monitor Draws nice graphs of BW usage
Network Shares Windows file sharing
SmartDNS A high performance DNS server
ttyd A web-based terminal server

Collectd Stats Package

Although the package itself doesn't take much storage, the data it collects does. The NanoPI with 32 GB of storage is perfect for giving it a try. There is nice integration with LuCI (the web interface of OpenWrt), where nice graphs of processor, interface, system load, memory, and thermal temperatures.



Docker Package

In order to run Docker, it is easiest to start with the version of FriendlyWRT with Docker pre-installed.

There is nice LuCI integration as well as running Docker CLI commands.

Continer in LuCI

I find it easiest to start a docker container with the CLI, as I want to bind the container to an IPv6 (as described in the IPv6 Advantage). For example, starting a container called whoami binding to an address that was created for this container.

docker run  -d -p [2001:db8:cafe:fd60::25]:8080:80 containous/whoami

In LuCI, the web interface of OpenWrt, we see the new container running:

Continer in LuCI

And putting that address into the browser shows this output:

Hostname: 05b5117b7837
GET / HTTP/1.1
Host: [2001:db8:cafe:fd60::25]:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Dnt: 1
Sec-Gpc: 1
Upgrade-Insecure-Requests: 1

Because the container is using the default Docker bridge the IPv4 address is still showing a address.

Of course, I don't recommend typing bare IPv6 addresses, but rather use the power of DNS, and a three line script to create your container (assuming your DNS name is web2):

    export HOST="web2"
    export IPADDR=$(host $HOST | awk '{print $5}')
    docker run -d -p "[$IPADDR]:80:80" containous/whoami

TTYd Package

The ttyd package makes it possible to log into the router's command line via the LuCI web page.

Terminal in LuCI

Unfortunately, one has to enable listening on IPv6, which is turned off by default. At least there is support for IPv6.

Terminal config in LuCI

As you can see, there is also an enable SSL option (should be TLS) as well. This would make the connection secure, but adding a signed CA certificate and key, may be challenging. It may be easier to just use ssh.

The NanoPi, a small powerful little machine

The NanoPi with 4 GB of RAM and 32 GB of storage, make not only a high performance Gigabit router, but also plenty room to run resource intensive packages, such as collectd and Docker. All at under $100 USD (


29 June 2024