Installation[edit | edit source]

Refer to OpenWRT's list of hardware and firmware downloads at:

Intel based Hardware or as a VM[edit | edit source]

Navigate to the 'x86' target of the latest release. Use the '64' release for 64-bit capable processors or 'Generic' for 32-bit. For example, OpenWRT 19.0.7 for Intel based 64bit processors can be found at https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/.

Use either the read-only squashfs image (which limits you to 230MB available for packages) or the ext4 image (which can be expanded and the entire filesystem is writable but without a factory reset feature).

Download the combined ext4 disk image, uncompress the image, then dd the image to your hard drive or flash media. For ext4 images, use fdisk to expand the second partition to the full size of the storage device and then run resize2fs /dev/sdx2.

Raspberry Pi 1 Model B[edit | edit source]

For all other Raspberry Pis, the installation information can be found at https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi

The installation process involves dd'ing the image to the SD card. You may wish to resize the SD card after the image has been written. To do so, resize the data partition and then run e2fsck -f /dev/mmcblk0p2 and resize2fs /dev/mmcblk0p2. More info at https://elinux.org/RPi_Resize_Flash_Partitions#Manually_resizing_the_SD_card_on_Linux.

# dd if=openwrt-brcm2708-bcm270{8,9}-sdcard-vfat-ext4.img of=/dev/sdX bs=2M conv=fsync status=progress

## Optionally resize the data partition
# e2fsck -f /dev/sdX2
# resize2fs /dev/sdX2

Serial is enabled and is available via GPIO pins 8 and 10 for TX and RX respectively.

Default IP is 192.168.1.1/24.

Raspberry Pi 2 Model B v1.2[edit | edit source]

Update: It appears there is an official image. I have not tried this yet and the information below may be inaccurate or unnecessary. See https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi for more information.

OpenWRT does not list an official image for the Raspberry Pi 2 v1.2 board. Neither the Pi 3 or Pi 2 image works. This is because the Raspberry Pi 2 v1.2 board uses the bcm2710 SOC (same as the Pi 3) but both images don't properly handle the Pi 2 v1.2 board and as such, both versions fail to boot.

To get OpenWRT to work on this board, image the SD card with the bcm2710 image (the Pi 3 version) and then:

  1. Mount /boot
  2. Copy bcm2710-rpi-3-b.dtb to bcm2709-rpi-2-b.dtb

A copy can be found at https://github.com/raspberrypi/firmware/raw/master/boot/bcm2710-rpi-3-b.dtb to bcm2709-rpi-2-b.dtb.

Buffalo WZR-600HP[edit | edit source]

Flashing OpenWRT from DD-WRT was very straight forward. There is an issue with getting USB working however.

Links:

Flashing (on stock firmware):

# cd /tmp
# scp foo@host:~/openwrt-18.06.1-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin .
# mtd -r write openwrt-18.06.1-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin linux
## This may take about 1-2 minutes, and the -r will automatically reboot the device

USB Issues[edit | edit source]

USB support doesn't appear to work for this model. I installed the USB drivers with the following packages:

  • opkg install kmod-usb-printer
  • opkg install usbutils
  • opkg install kmod-usb-ohci kmod-usb2

However, OpenWRT does not seem to detect the USB devices. A printer should exist at /dev/usb/lp, but nothing shows up. LEDE 17.01 was unable to detect any USB devices at all.

root@buffalo:/dev/bus/usb/001# lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
root@buffalo:/dev# lsmod | grep usb
ledtrig_usbport         2160  0
nls_base                4736  1 usbcore
usb_common              1312  1 usbcore
usbcore               118528  4 usblp,ledtrig_usbport,ehci_platform,ehci_hcd
usblp                   8480  0
root@buffalo:/dev# dmesg | grep -i usb
[    6.651469] usbcore: registered new interface driver usbfs
[    6.657039] usbcore: registered new interface driver hub
[    6.662464] usbcore: registered new device driver usb
[    6.671682] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    6.690631] ehci-platform ehci-platform: new USB bus registered, assigned bus number 1
[    6.727198] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00
[    6.734199] hub 1-0:1.0: USB hub found
[   12.263746] usbcore: registered new interface driver usblp
root@buffalo:~# uname -a
Linux buffalo 4.9.120 #0 Thu Aug 16 07:51:15 2018 mips GNU/Linux

Using the stock dd-wrt firmware, the AR7100 EHCI USB controller is found and devices are also discovered:

root@DD-WRT:~# lsmod | grep usb
usblp                   8996  0
usbcore               118161  4 usblp,ohci_hcd,ehci_hcd
usb_common              1146  1 usbcore
root@DD-WRT:~# lsusb
-sh: lsusb: not found
root@DD-WRT:~# uname -a
Linux DD-WRT 3.10.102 #28624 Thu Nov 30 14:01:34 CET 2017 mips DD-WRT
root@DD-WRT:~# dmesg | grep -i usb
<6>[  552.770000] usbcore: registered new interface driver usbfs
<6>[  552.780000] usbcore: registered new interface driver hub
<6>[  552.790000] usbcore: registered new device driver usb
<6>[  552.880000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
<7>[  552.880000] drivers/usb/host/ehci-ar71xx.c: starting AR7100 EHCI USB Controller...done. reset 0x40 usb config 0x30000
<6>[  554.800000] ar71xx-ehci ar71xx-ehci.0: new USB bus registered, assigned bus number 1
<6>[  554.850000] ar71xx-ehci ar71xx-ehci.0: USB 2.0 started, EHCI 1.00
<6>[  554.850000] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
<6>[  554.860000] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
<6>[  554.870000] usb usb1: Product: Atheros AR71xx built-in EHCI controller
<6>[  554.870000] usb usb1: Manufacturer: Linux 3.10.102 ehci_hcd
<6>[  554.880000] usb usb1: SerialNumber: platform
<6>[  554.880000] hub 1-0:1.0: USB hub found
<6>[  555.100000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
<7>[  555.100000] drivers/usb/host/ohci-ar71xx.c: starting AR7100 OHCI USB Controller...
<6>[  555.110000] ar71xx-ohci ar71xx-ohci.0: new USB bus registered, assigned bus number 2
<6>[  555.180000] usb usb2: New USB device found, idVendor=1d6b, idProduct=0001
<6>[  555.190000] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
<6>[  555.190000] usb usb2: Product: Atheros AR71xx built-in OHCI controller
<6>[  555.200000] usb usb2: Manufacturer: Linux 3.10.102 ohci_hcd
<6>[  555.210000] usb usb2: SerialNumber: platform
<6>[  555.210000] hub 2-0:1.0: USB hub found
<6>[  555.500000] usbcore: registered new interface driver usblp

Reverting to Stock Firmware[edit | edit source]

After being unable to get this router working with a USB printer, I decided to revert back to the stock firmware.

# arp -s 192.168.11.1 02:aa:bb:cc:dd:20
## Type the following, but don't run the PUT command just yet.
## Power on the device. When the router's link light blinks on startup, press the enter key.
# tftp 192.168.11.1
tftp> binary
tftp> rexmt 1
tftp> timeout 60 
tftp> trace 
Packet tracing on.
tftp> put wzr600dhp-pro-v3.0-r30356.enc

## The transfer took about 33 seconds and the diagnostic light will blink rapidly initially, then followed by a slightly slower blink. It took another 5 or so minutes for it to come online afterwards.

## Clear the ARP table:
arp -d 192.168.11.1

The router will be accessible at 192.168.11.1 with the new stock firmware with the stock username/password 'admin' and 'password.

Package Development[edit | edit source]

Guide on building packages for OpenWRT: http://dvblog.soabit.com/building-custom-openwrt-packages-an-hopefully-complete-guide/

Tasks[edit | edit source]

Change LAN IP Address[edit | edit source]

By default, OpenWRT will assign itself 192.168.1.1. You can change this default IP address to something else by editing /etc/config/network or using the Unified Configuration Interface (uci) configuration tool.

The first method requires editing /etc/config/network and changing the option ipaddr value within the 'lan' interface section.

## The 'lan' section in /etc/config/network
config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'    <-- change this
        option netmask '255.255.255.0'
        option ip6assign '60'

Apply the changes by running service network reload, or /etc/init.d/network reload.

Alternatively, use uci by setting the network.lan.ipaddr with the desired IP address.

# uci set network.lan.ipaddr  10.1.0.10
## Optionally set other values as well:
# uci set network.lan.gateway 10.1.1.1
# uci set network.lan.dns 10.1.1.1
# uci set network.lan.ifname  eth0
## Apply changes, and reload network
# uci commit network
# /etc/init.d/network reload

See Also: https://openwrt.org/docs/guide-user/base-system/basic-networking

Add an IP Alias[edit | edit source]

To add an additional IP address to the LAN interface, create a new interface with the ifname set to @lan.

# uci set network.lan2=interface
# uci set network.lan2.ifname='@lan'
# uci set network.lan2.proto=static
# uci set network.lan2.ipaddr=192.168.35.10
# uci set network.lan2.netmask=255.255.255.0
# uci commit network
# /etc/init.d/network reload

Running a PHP Application[edit | edit source]

I want to run a PHP application on a separate IP address. I will use the built-in uHTTPd web server and have the PHP application served from a secondary IP address.

## Install PHP and dependencies
# opkg install php7 php7-cgi php7-cli php7-mod-mbstring php7-mod-json php7-mod-pdo-sqlite php7-mod-sqlite3

## Set the primary IP LAN address for luci only
# uci set uhttpd.main.listen_http=`uci get network.lan.ipaddr`:80
# uci set uhttpd.main.listen_https=`uci get network.lan.ipaddr`:443
# uci commit uhttpd

## Create a second listener for 'app' listening on second IP address
## served from /srv/www
# uci set uhttpd.app=uhttpd
# uci set uhttpd.app.listen_http=`uci get network.lan2.ipaddr`:80
# uci set uhttpd.app.home=/srv/www

## Enable PHP interpreter and index files
## Unset doc_root in php.ini so script can be found in /srv/www
# uci add_list uhttpd.app.interpreter=".php=/usr/bin/php-cgi"
# uci set uhttpd.app.index_page="index.html index.php"
# sed -i 's,doc_root.*,doc_root = "",g' /etc/php.ini

## Apply and restart uhttpd
# uci commit uhttpd
# /etc/init.d/uhttpd restart

This will start an instance of uhttpd serving /srv/www on the second IP address on port 80. From a security point of view however, this is far from ideal since uhttpd is spawned as root and your PHP script will also execute with root privileges.

To make this second instance of uhttpd run as a non-root user, we will need to make a few changes to /etc/init.d/uhttpd so that procd is told what user to run uhttpd as. However, we will also need to change the listen port from 80 to something above 1024 because uhttpd is no longer running as a privileged user. We can still make it this instance appear on port 80 by configuring the firewall to redirect port 80 to our new listen port number.

# Set listen port to 8000 and run as a non-root user
# uci set uhttpd.app.listen_http=`uci get network.lan2.ipaddr`:8000
# uci set uhttpd.app.user=httpd

## Ensure that a user 'httpd' is created.
# useradd ...

## Configure the firewall
# uci set firewall.@redirect[0]=redirect
# uci set firewall.@redirect[0].proto='tcp'
# uci set firewall.@redirect[0].dest_ip='192.168.35.10'
# uci set firewall.@redirect[0].src='lan'
# uci set firewall.@redirect[0].name='8000to80'
# uci set firewall.@redirect[0].src_dip='192.168.35.10'
# uci set firewall.@redirect[0].dest='lan'
# uci set firewall.@redirect[0].target='DNAT'
# uci set firewall.@redirect[0].dest_port='8000'
# uci set firewall.@redirect[0].reflection='0'
# uci set firewall.@redirect[0].src_dport='80'

The /etc/init.d/uhttpd script must have the following lines added in start_instance():

config_get user "$cfg" user
procd_set_param user "$user"


Setup Adblock[edit | edit source]

You can make the DNS server block advertisement servers using blacklists that are available online. This is similar to how Pi-hole blocks ads with a modified version of dnsmasq.

To set up adblock on OpenWRT, install the following packages:

  • adblock
  • luci-app-adblock

Update block lists in the luci adblock page.

Backup[edit | edit source]

Run uci export to dump all configs. Useful for generating a periodic config backup.

$ ssh root@openwrt "uci export" > config

Logging DNS Queries[edit | edit source]

For troubleshooting, you may wish to enable DNS logging in dnsmasq. Do so by editing two files:

/etc/dnsmasq.conf:

log-queries
    log-facility=/tmp/dnsmasq.log

/etc/config/dhcp:

config dnsmasq
        ...
        option logdhcp '1'
        option logqueries '1'
        option logfacility '/tmp/dnsmasq.log'

When done, comment out log-queries and restart dnsmasq with /etc/init.d/dnsmasq restart.

Recursive DNS[edit | edit source]

I did not get this working.

OpenWRT by default uses dnsmasq which will forward non-local DNS lookups to another server (typically your actual router or ISP retrieved from WAN DHCP). You could configure dnsmasq to use a local resolver such as Unbound.

See: https://kevinlocke.name/bits/2017/03/09/unbound-with-dnsmasq-on-openwrt/

Troubleshooting[edit | edit source]

your adblock config seems to be too old, please update your config with the '--force-maintainer' opkg option[edit | edit source]

Recreate the configs from the package by reinstalling the package:

# opkg --force-maintainer --force-reinstall install adblock

TP-Link USB WiFi Support[edit | edit source]

The TP-Link dual antenna USB adapter that I have has a RTL8192 chip. Install these packages:

  • rtl8192cu-firmware
  • kmod-rtl8192cu
  • kmod-rtl8192
  • cu-common