OpenWrt

1. Description
2. Installation
3. Bridge mode
4. Dropbear does not recognize key type ed25519, only rsa
5. LuCI web interface
- 5.1. uHTTPd web server configuration
  - 5.1.1. Bind uHTTPd to LAN port only
  - 5.1.2. Accessing LuCI via SSH tunnel
6. Upgrade OpenWrt
- 6.1. Attended Sysupgrade (not supported between major releases)
- 6.2. Manual Sysupgrade
7. Home network basics
8. Supported releases
9. References

1. Description

General notes about OpenWrt

2. Installation

First time installation is called factory install

3. Bridge mode

Main router with DMZ mode turned ON and its WiFi OFF, OpenWrt ethernet cable is the only one plugged on the main router

4. Dropbear does not recognize key type `ed25519`, only `rsa`

root@OpenWrt:~# dropbearkey -t ed25519 -f ~/.ssh/openwrt_id_ed25519
Unknown key type 'ed25519'
Usage: dropbearkey -t <type> -f <filename> [-s bits]
-t type Type of key to generate. One of:
                rsa
[..]

5. LuCI web interface

LuCI is the configuration interface of OpenWrt

5.1. uHTTPd web server configuration

The /etc/config/uhttpd configuration is provided by the uhttpd package

5.1.1. Bind uHTTPd to LAN port only

https://openwrt.org/docs/guide-user/services/webserver/uhttpd#securing_uhttpd

Print OpenWrt LAN IP

uci get network.lan.ipaddr

Change listen_http and listen_https options to OpenWrt LAN IP, by default uHTTPd is bind to 0.0.0.0 which includes the WAN port

config uhttpd 'main'
        list listen_http '192.168.0.1:80'
#       list listen_http '[::]:80'
        list listen_https '192.168.0.1:443'
#       list listen_https '[::]:443'

Reload the service with an init.d call (run the command without arguments for help)

/etc/init.d/uhttpd reload

5.1.2. Accessing LuCI via SSH tunnel

https://openwrt.org/docs/guide-user/luci/luci.secure#tunneling_luci_http_protocol_through_ssh

6. Upgrade OpenWrt

6.1. Attended Sysupgrade (not supported between major releases)

https://openwrt.org/docs/guide-user/installation/attended.sysupgrade

Make a backup Go to System > Backup / Flash Firmware. Click Generate archive (Just do it. Every time…)
Go to System > Attended Sysupgrade
Click Search for firmware upgrade
Click Request Sysupgrade (use the default firmware version given)
The sha256sums is unique to the requested file, its checksum can be verified locally (see Verify ISO files)

6.2. Manual Sysupgrade

On the firmware selector page under About this build click on the folder icon for a list of the files checksum

Go to the firmware selector
Copy the corresponding firmware file URL
Run this script to download and verify the download integrity, e.g. ./download_verify_openwrt <url>
Login via LuCi (the web interface of OpenWrt)
Click System > Backup / Flash Firmware > Flash image... to upload the firmware

7. Home network basics

https://www.homenethowto.com/