OpenWrt

1. Description
2. Installation
3. Bridge mode
4. Dropbear does not recognize key type ed25519, only rsa
5. LuCI web interface
- 5.1. uHTTPd web server configuration
  - 5.1.1. Bind uHTTPd to LAN port only
  - 5.1.2. Accessing LuCI via SSH tunnel
6. Upgrade OpenWrt
- 6.1. Attended Sysupgrade (not supported between major releases)
- 6.2. Manual Sysupgrade
7. Home network basics
8. Supported releases
9. References

1. Description

General notes about OpenWrt

2. Installation

First time installation is called factory install

3. Bridge mode

Main router with DMZ mode turned ON and its WiFi OFF, OpenWrt ethernet cable is the only one plugged on the main router

4. Dropbear does not recognize key type `ed25519`, only `rsa`

root@OpenWrt:~# dropbearkey -t ed25519 -f ~/.ssh/openwrt_id_ed25519
Unknown key type 'ed25519'
Usage: dropbearkey -t <type> -f <filename> [-s bits]
-t type Type of key to generate. One of:
                rsa
[..]

5. LuCI web interface

LuCI is the configuration interface of OpenWrt

5.1. uHTTPd web server configuration

The /etc/config/uhttpd configuration is provided by the uhttpd package

5.1.1. Bind uHTTPd to LAN port only

https://openwrt.org/docs/guide-user/services/webserver/uhttpd#securing_uhttpd

Print OpenWrt LAN IP

uci get network.lan.ipaddr

Change listen_http and listen_https options to OpenWrt LAN IP, by default uHTTPd is bind to 0.0.0.0 which includes the WAN port

config uhttpd 'main'
        list listen_http '192.168.0.1:80'
#       list listen_http '[::]:80'
        list listen_https '192.168.0.1:443'
#       list listen_https '[::]:443'

Reload the service with an init.d call (run the command without arguments for help)

/etc/init.d/uhttpd reload

5.1.2. Accessing LuCI via SSH tunnel

https://openwrt.org/docs/guide-user/luci/luci.secure#tunneling_luci_http_protocol_through_ssh

6. Upgrade OpenWrt

6.1. Attended Sysupgrade (not supported between major releases)

https://openwrt.org/docs/guide-user/installation/attended.sysupgrade

Make a backup Go to System > Backup / Flash Firmware. Click Generate archive (Just do it. Every time…)
Go to System > Attended Sysupgrade
Click Search for firmware upgrade
Click Request Sysupgrade (use the default firmware version given)
The sha256sums is unique to the requested file, its checksum can be verified locally (see notes:verify-iso-files)

6.2. Manual Sysupgrade

For a list of files checksum, click on the folder icon 📁 under About this build in the firmware selector page.

Make a backup: System > Backup / Flash Firmware > Generate archive
Download the corresponding Sysupgrade image
Verify the download
Upload the firmware via LuCi: System > Backup / Flash Firmware > Flash image...

7. Home network basics

https://www.homenethowto.com/