Quick start instructions for how to roll your own Bitcave!


You can build a Bitcave for under USD $30 by using an OpenWrt comaptible router with at least 16MB of Flash memory (or a USB port). Our target hardware is the GL.iNet Router.

The TP-Link MR3020 and TP-Link MR3040 are also supported though you will also require a USB flash drive to use these devices.


The following tutorial will teach you how to set up VPN tunnels on your Bitcave router that will encyrpt your internet traffic and cloak your IP address using two VPN service providers: Private Internet Access (based in the USA with private servers around the world) and IPredator (based in Sweden). You will need to set up accounts with one or both of these VPN services in order to utilize your Bitcave.

For more info about why Bitcave uses and endorses these two VPN service providers, please visit our VPN page on the Bitcave Wiki.

1. Flash your router with OpenWrt (Barrier Breaker)

i) For new routers with the original factory firmware installed:

a) Download the correct stable version of OpenWrt Barrier Breaker for the GLiNet router to your computer: OpenWrt Direct Download Link

b) Turn off your laptop’s wireless.

c) Connect the router’s WAN port to your home router with an ethernet cable.

d) Connect the router’s LAN port via ethernet cable to your computer and open a web browser to:

e) Select a language, time zone, and password.

f) Navigate to “Firmware > Upload Firmware” and select the OpenWRT firmware that you downloaded to your computer earlier and select upgrade. Make sure the flag “keep settings” is not ticked.

g) After the upgrade completes, the router will restart automatically.

ii) For routers that are already running a version of OpenWrt:

a) Now open a terminal window (for OS X, go to Applications > Utilities > Terminal; for Windows, install and open PuTTY and Telnet or ssh to your router:

ssh root@

b) Issue the following three commands:

cd /tmp
wget http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/openwrt-ar71xx-generic-gl-inet-v1-squashfs-factory.bin
mtd -r write openwrt-ar71xx-generic-gl-inet-v1-squashfs-factory.bin firmware

c) After the upgrade completes, the router will restart automatically.

2. Install Bitcave

a) When reboot is done, open a terminal window (for OS X, go to Applications > Utilities > Terminal; for Windows, install and open PuTTY and Telnet to your router:


b) Add the Bitcave Beta repository to the opkg.conf

echo "src/gz bitcave http://beta.openwrt.bitcave.io/ar71xx/bitcave/" >> /etc/opkg.conf

c) Install Bitcave

opkg update
opkg install luci-app-bitcave

d) Initialize the Bitcave configurations

run_bitcave_cmd.sh bitcave_init

3. Install IPredator

a) Assign IPredator to the 2nd wifi interface

opkg install bitcave-vpn-ipredator
run_bitcave_cmd.sh apply_vpn_to_hole IPredator hole2        # see note below **
uci commit

Note: In the current version of bitcave package 0.0.8-3 , there is an uncaught error. It says “uci: Entry not found” - this is ok.

b) Reboot the device


4. Install Private Internet Access VPN (Eastern United States)

a) Assign Private Internet Access ssign it to the 3rd wifi interface

opkg update
opkg install bitcave-vpn-pia-US-East

b) Attach the new VPN to a (exit-)hole:

run_bitcave_cmd.sh apply_vpn_to_hole PIA_USE hole3
uci commit

Note: To see the latest entry in the configuration you can run:

uci show openvpn.@[-1]

5. Configure Bitcave

a) Open a web browser and point it to:

b) Notice the “No Password Set!” warning at the top of the page. Click on the “Go to password configuration…” and then click on the “Login” button. Enter your new password and confirm.

Note: Be sure not to forget this password as you’ll need it to access your router from both the web interface or via the terminal.

ProTip:Also note that once you have set a password for your router, you will no longer be able to use Telnet to access it from the terminal. Instead, you can use ssh:

ssh root@

c) Now click on the “Bitcave > Bitcave-VPN” menu near the top left of the page.

d) Click on the “Change Login User&Password” for IPredator and enter the credentials you set up with IPredator. Press “Save and Apply”.

e) Click on the “Change Login User&Password” for Private Internet Access (PIA-USE) and enter the credentials you set up with PIA. Press “Save and Apply”.

f) Select the “Network->Wifi” menu and lick the “Enable” button beside the SSIDs: Bitcave.2 AND Bitcave.3 wifi network.

g) Unplug & Plug in the “WAN” network cable on the back of the router.

i) Click on the “Bitcave” menu again –> after a minute or two you should see network activity at “hole2” and “hole3”.

6. Test Bitcave

a) You can now test the Bitcave by joining the wireless network Bitcave.2 or Bitcave.3 and visiting a DNS test site like DNS Leak Test to confirm your IP address and geographical “location” on the Internet.

Note: If after joining the wireless network you cannot access the Internet, power cycle (reboot) the router.

7. Add Wireless Passwords (optional)

a) By default, Bitcave.2 (IPredator) and Bitcave.3 (PIA) do not have wireless passwords. To add them, visit the web interface and click on “Network->Wifi”.

b) Click on the “Edit” button beside Bitcave.2 or Bitcave.3. Select “Interface Configuration->Wireless Security”.

c) Under the “Encryption” section, select WPA2-PSK and add a password. Click “Save and Apply”.

Note: The Bitcave software automatically generates and enables a “Bitcave.Clear” wireless network that does not use VPN cloaking or encryption. The default password is BitcaveC and you should change it now as well by following the three steps above!


Visit the Bitcave Wiki and Bitcave Forum!