This OS is used on router/switch/AP.
- supported devices
- configuration syntax update from 19 to 21
- Tri-band supported devices
- Tutorials: IPv6 from scratch, Proxmox sandbox network, Mesh, VLan
Web GUI (Luci)
opkg update opkg install luci-ssl
Note: It's also possible to install ''luci'' package without ssl
To start luci automatically :
First start :
opkg install luci-theme-bootstrap
Then, go on ''System > System > Language and Style > Design > Bootstrap''.
ASU: AttendedSysUpgrade (project)
AUC: AttendedsysUpgrade Cli (package)
- (-) no signature control
- (-) image build by an external worker however it is possible to self-host to build locally, you can specify the url through
/etc/config/attendedsysupgradeon the device. (no ARM support yet)
- (+) practical to build an image containing the packages on the current installation.
opkg install auc
Example for a specific version:
auc -b 22.03
Note if you obtain an error
Bad message (74), just do
/etc/init.d/rpcd restart source
See also discussion
Always run this command first time connection to install a new package.
If the router has problem, and is still inaccessible you will need to enter in this mode. If failsafe doesn't work, i'm sorry to say you will need to reinstall os see hard flash failsafe.
Shutdown the device
Set up your computer to static ip 192.168.1.2 with submask 255.255.255.0
Turn on the device and press button "reset" > depend to the experience, sometime i keep push during 10 secondes, sometime i push/unpsh during 10 secs
Then you can
ssh firstname.lastname@example.org run different commands:
mount_roottry to debug and change
- reset everyting:
Note: Don't forget to change root password !
WNDR 3700 wifi button
opkg update opkg install wifitoggle uci set wifitoggle.@wifitoggle.button=BTN_2 uci set wifitoggle.@wifitoggle.timer=0 uci commit wifitoggle
Configure ssh (dropbear)
Go to luci or
Note: ensure that if you change the port on the config file it is also open on the firewall
Generate host key
dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key
Verify the key
dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key | grep "^ssh-rsa "
ssh-keygen is not available on OpenWRT, extract the public key (see above), save it on a computer and check with
Add the public key
Access between vlans
- vlan 1 (home) : 192.168.2.1/24
- vlan 2 (services) : 192.168.4.1/24 (http service on port 8081 at 192.168.4.2)
Two equivalent accesses:
- one direct access
- one through dnat
# access with curl http://192.168.4.2:8081 (from home network) config rule option src 'home' option dest 'services' option dest_ip '192.168.4.2' option dest_port '8081' option proto 'tcp' option target 'ACCEPT' # dnat access with curl http://192.168.2.1:8081 (from home network) config redirect option target 'DNAT' option src 'home' option src_dport '8081' option proto 'tcp' option dest 'services' option dest_ip '192.168.4.2' option dest_port '8081' option family 'ipv4'