Initially I was not sure what was installed on the router, so I started by restoring the original firmware from TP-LINK: https://www.tp-link.com/en/support/download/tl-mr3020/v1/#Firmware (I have the version 1.9 of this router, which can be read from the label of the serial number, on the bottom.)

wget https://static.tp-link.com/res/down/soft/TL-MR3020_V1_150921.zip
unzip TL-MR3020_V1_150921.zip
cd TL-MR3020_V1_150921/
ls

We will see the file ~'mr3020nv1_en_3_17_2_up_boot(150921).bin'~. According to the instructions on https://openwrt.org/toh/tp-link/tl-mr3020, since it contains the word boot, we need to cut off some part of it, before flashing it:

dd if='mr3020nv1_en_3_17_2_up_boot(150921).bin' of=tplink.bin skip=257 bs=512
ls -l

Notice that it's size is 3932160, about 4M, which is also the size of its storage.

To flash this image to the router I used a TFTP server (according to these instructions: https://openwrt.org/docs/guide-user/troubleshooting/tftpserver)

apt install atftpd
mkdir /srv/tftp
cp tplink.bin /srv/tftp/
chown nobody:nogroup -R /srv/tftp
atftpd --daemon /srv/tftp
netstat -lunp | grep 69

ip address add 192.168.0.66/24 dev enp1s0f0

tftp 192.168.0.66
get tplink.bin
quit

Now connect the router to the computer with a cable and turn it on while keeping pressed the WPS/RESET button. Looking at the logs (tail /var/log/syslog -f), you will see a message like this:

Serving mr3020v1_tp_recovery.bin to 192.168.0.86:3686

This means that the router is looking by default for the file mr3020v1_tp_recovery.bin. So, we should rename tplink.bin to this:

mv /srv/tftp/{tplink.bin,mr3020v1_tp_recovery.bin}

Then try it again and the router will start flashing the new image to its storage and will reboot. If everything goes well you should be able to ping to 192.168.0.254, which is the default IP of the flashed image. You can also open http://192.168.0.254 without password and access the greenish interface of the router. (If it asks for a password, then try username 'admin' and password 'admin'.)

Now you can stop the TFTP server:

ps ax | grep atftpd
kill -9 32264
ps ax | grep atftpd

From the download page http://downloads.openwrt.org/releases/17.01.5/targets/ar71xx/generic/ get the file tl-mr3020-v1-squashfs-factory.bin:

wget http://downloads.openwrt.org/releases/17.01.5/targets/ar71xx/generic/lede-17.01.5-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

Then, following instructions similar to these, open "System Tools" and "Firmware", then "Choose File" and select 'lede-17.01.5-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin', and finally click on "Upgrade".

When upgrade and restart is finished, the router can be accessed on =192.168.1.1= without password:

ip address add 192.168.1.2/24 dev enp1s0f0
ip addr
ping 192.168.1.1
ssh root@192.168.1.1
df -h
free
passwd

It can also be accessed at http://192.168.1.1.

You will notice that the native storage is very limited and you cannot harness the full power of OpenWrt with so little storage. Plugging a USB stick to the router doesn't work because the necessary drivers are missing. If we follow the instructions on this page we have to build a new image upgrade that contains these drivers and install it. If we had more disk space (for example 8MiB) we could have installed the needed drivers from the internet, like this:

opkg update
opkg install block-mount kmod-fs-ext4 kmod-usb-storage kmod-usb-ohci kmod-usb-uhci
opkg install e2fsprogs fdisk   # optional

However the small disk space would not be enough to fit the package list and the necessary packages.

Let's start by downloading from http://downloads.openwrt.org/releases/17.01.5/targets/ar71xx/generic/ the file lede-imagebuilder-17.01.5-ar71xx-generic.Linux-x86_64.tar.xz (it is at the end of the page) and opening it:

wget http://downloads.openwrt.org/releases/17.01.5/targets/ar71xx/generic/lede-imagebuilder-17.01.5-ar71xx-generic.Linux-x86_64.tar.xz
tar -xf lede-imagebuilder-17.01.5-ar71xx-generic.Linux-x86_64.tar.xz
cd lede-imagebuilder-17.01.5-ar71xx-generic.Linux-x86_64/

Now we can build the image using the profile for tl-mr3020-v1 and adding some extra packages:

make info
make image PROFILE=tl-mr3020-v1 PACKAGES="block-mount kmod-fs-ext4 kmod-usb-storage kmod-usb-ohci kmod-usb-uhci"

If the command fails, most probably you need to install some additional development packages. The error message should give a hint about what needs to be installed.

If the image build was successful, you will find on bin/targets/ar71xx/generic/ the images lede-*-factory.bin and lede-*-sysupgrade.bin. Let's copy the sysupgrade image to the router and upgrade the system:

scp bin/targets/ar71xx/generic/lede-17.01.5-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin \
    root@192.168.1.1:/tmp/
ssh root@192.168.1.1
ls /tmp/
sysupgrade -v /tmp/lede-17.01.5-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

On a linux system, we can partition the USB stick (for example using fdisk) to have a swap partition of 512MiB, and the rest of it an ext4 partition. We can plug this USB on the router and continue the configuration like this:

ssh root@192.168.1.1
block info  # should see /dev/sda1 as swap and /dev/sda2 as ext4
DEVICE="/dev/sda2"

eval $(block info "${DEVICE}" | grep -o -e "UUID=\S*")
echo $UUID
uci -q delete fstab.overlay
uci set fstab.overlay="mount"
uci set fstab.overlay.uuid="${UUID}"
uci set fstab.overlay.target="/overlay"
uci show fstab
uci commit fstab

mount $DEVICE /mnt
cp -a -f /overlay/. /mnt
umount /mnt

reboot ; exit

Then login again after reboot and check that /dev/sda2 is mounted as root (with the command df -h). If it is not, then try the troubleshooting instructions on https://openwrt.org/docs/guide-user/additional-software/extroot_configuration.

In my case I had to do these extra steps to make it work:

ssh root@192.168.1.1
mount /dev/sda2 /mnt
rm -f /mnt/.extroot-uuid
rm -f /mnt/etc/.extroot-uuid
umount /mnt
reboot ; exit
ping 192.168.1.1
ssh root@192.168.1.1
df -h

It is also useful to preserve software package lists across boots and to enable the swap partition:

sed -i -r -e "s/^(lists_dir\sext\s).*/\1\/usr\/lib\/opkg\/lists/" /etc/opkg.conf
opkg update    # it doesn't work yet because there is no internet connection

uci -q delete fstab.swap
uci set fstab.swap="swap"
uci set fstab.swap.device="/dev/sda1"
uci show fstab.swap
uci commit fstab
free
/etc/init.d/fstab boot
free

We can connect to a Wi-Fi network from the command line, like this:

uci show wireless
uci set wireless.@wifi-device[0].disabled="0"
uci show wireless
uci commit wireless
wifi

Now we can list the networks in range using iw dev wlan0 scan. Then continue the network configuration using the right values for ssid, bssid and key:

uci show network

uci set network.lan.ipaddr='192.168.2.1'
uci set network.wan=interface
uci set network.wan.proto='dhcp'

uci show wireless.@wifi-iface[0]
uci set wireless.@wifi-iface[0].network='wan'
uci set wireless.@wifi-iface[0].mode='sta'

iw dev wlan0 scan

uci set wireless.@wifi-iface[0].bssid='C8:D5:FE:C8:61:B0'
uci set wireless.@wifi-iface[0].ssid='Violetta'
uci set wireless.@wifi-iface[0].encryption='psk2'
uci set wireless.@wifi-iface[0].key='myWifiPasswordHere'

uci show network
uci show wireless

I had to set the IP of the LAN interface (eth0) to 192.168.2.1 in order to be on a different network from that of the Wi-Fi interface (which is 192.168.1.0/24). For more details see: https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi

Now we can enable/activate this configuration:

ip addr
ip ro
ping 8.8.8.8

uci commit wireless
wifi

At this moment, the IP on eth0 will be changed from 192.168.1.1 to 192.168.2.1 and our connection will be frozen. We have to add another IP to enp1s0f0 and connect again:

ip addr add 192.168.2.2/24 dev enp1s0f0
ping 192.168.2.1

ssh root@192.168.2.1
ip addr
ip ro
ping 8.8.8.8
ping www.google.com

If everything went well, the router should now be connected to the internet. Not only that, but it should also act as a gateway for our computer (connected through the cable).

Somehow we broke the LUCI web interface when we installed the upgrade image (in order to install the USB drivers). Now that we have plenty of storage space and have internet connection, we can fix it easily (following these instructions: https://openwrt.org/docs/guide-user/luci/luci.essentials):

opkg update
opkg install luci
opkg install luci-ssl-openssl
reboot ; exit

Now you can open in browser https://192.168.2.1/ and manage the router from the web interface.

It is easy to install adblock, following the instructions on this page: https://openwrt.org/docs/guide-user/services/ad-blocking]

opkg install adblock
opkg install luci-app-adblock
uci set adblock.global.adb_enabled="1"
uci set adblock.extra.adb_backup="1"
uci set adblock.extra.adb_backupdir="/etc/adblock"
uci set adblock.extra.adb_backup_mode="1"
uci commit adblock
/etc/init.d/adblock restart

uci show adblock

You can setup a VPN based on these instructions: https://openwrt.org/docs/guide-user/services/vpn/openvpn/client

Basically you need to copy the client profile to /etc/openvpn/client.conf and fix its permissions, like chmod 600 /etc/openvpn/client.conf. Then install the package openvpn-openssl and make a small change on the firewall:

ip addr
ip ro

opkg install openvpn-openssl
/etc/init.d/openvpn restart
ip addr
ip ro

uci set firewall.@zone[1].device='tun0'
uci show firewall.@zone[1].device
uci commit firewall
/etc/init.d/firewall restart
iptables-save | grep tun0

Right now the router can be used as a gateway only for a computer that is connected to it by a network cable. It would be nice if it could be used as a gateway for a phone or tablet as well, connecting to it by wi-fi.

We can do this by creating a new wireless interface, connecting it to the LAN network, and configuring it as an AP:

ip addr
ip ro

uci set wireless.@wifi-iface[1]=wifi-iface
uci set wireless.@wifi-iface[1].device='radio0'
uci set wireless.@wifi-iface[1].network='lan'
uci set network.lan.type='bridge'

uci set wireless.@wifi-iface[1].mode='ap'
uci set wireless.@wifi-iface[1].ssid='OpenWrt'
uci set wireless.@wifi-iface[1].encryption='psk2+tkip+ccmp'
uci set wireless.@wifi-iface[1].key='123abc'

uci commit wireless
wifi reload

ip addr
ip ro

For a more advanced configuration see wwanHotspot.