How to build a home lab: Openwrt soft router

Original link: https://icyleaf.com/2023/04/how-to-homelab-part-2-openwrt-soft-router/

photo-1521542464131-cb30f7398bc6?ixlib=r

The router is the most powerful leader of the cat manager (modem), and is in charge of the homelab network. For Chinese players who mentioned soft routing, OpenWrt must not be bypassed. Today I try to use a new perspective to talk about this familiar but unfamiliar system.
The following will involve a lot of basic cognition and conceptual understanding, and will not involve network configuration or advanced gameplay .

What is OpenWrt

Compared with hard routers at the same price, soft routers have better hardware and are more configurable, but they require certain network knowledge to function. The choice of soft and hard routing depends on the network environment. Some people embrace soft routing, some people firmly use hard routing after experiencing soft routing, and some people will connect a soft routing as a side to the hard routing. Route 1 .

First of all, OpenWrt is an open source operating system, which can realize the core functions of hard routers: LAN and WAN network forwarding, routing (DHCP, firewall, DNS resolution, etc.), and expands rich functions on the basis of Linux’s open ecology and community 2 , this is something that hardware routers cannot achieve (except banknote capability or reflashing magic modified firmware).

Image Source

Image source SuLingGG/OpenWrt-Rpi

Abundant package resources

It adapts to thousands of hardware devices with architectures such as x86, x86_64, arm, arm64 and MIPS. The hardware requirements are extremely low. Version 21.02 requires at least 16M flash memory and 128M memory. In 2023, no one will use the old hard router to toss it, right? no? Any obsolete x86 device is higher than this configuration.
And installing it on the x86/x86Z_64 platform is even easier than installing Ubuntu and Debian systems. For a more complete list, please refer to the official hardware support list. Those not listed can also be searched in Github .

version distribution

Although OpenWrt has a set of release processes , it does not have a stable release rhythm and obsolete rules for old versions. The version number is similar to the division of X . Y . Z into the semantic version specification . X . Y is relatively fixed for the year and month, and small function iterations depend on updating the value of Z Versions are broadly divided into two categories:

  • Stable version: The stable version of the production environment Ready. v22.03.2 is the latest release in the series.
  • Development version: The development version that is unstable but will contain continuous iterative enhancements, also known as the snapshot version, will enter the RC version when the milestone is completed.
Version state major changes
snapshot development version
22.03 The latest version Based on 5.10 kernel, firewall migration nftables, dark mode
21.02 It can be regarded as an LTS version Based on 5.4 kernel, DSA initial support
19.07 no longer supported Based on 4.11 kernel, WPA3 support, client rendering luci
18.06 no longer supported Based on 4.9 or 4.11 kernel, merged Lede source code
LEDE 17.01 no longer supported Based on 4.4 kernel

The above version information is as of the end of April 2023.

Derivatives and offshoots

Speaking of the general trend of the world, the long-term division must be united, and the long-term unity must be divided

The open source system ecology also follows. Some are dissatisfied with the management of the original system or branches of ecological resentment, and some have in-depth derivative functions for specific aspects. Here are a few branches that I know.

LEDE

LEDE is a faction branched out of the former. It has added many key new features and support for new devices. In January 2018, LEDE announced the merger with OpenWRT and officially announced the merger. After the merger, the name of OpenWrt and the code of LEDE were used. .

The Lean Lede system , which is well-known in China in the early days, was one of the first systems that many domestic players came into contact with.

Immortal wrt

Immortalwrt, based on the official branch, is a new branch that follows up the upstream quickly and incorporates the features of the Lean wolf version. Lean Wolf University also participated in it , mainly for Chinese players to customize the firmware, which has better localization adaptation and added various software functions that are not in the official software list but may be used in the domestic environment, such as network multi-dial , domestic mirroring and opening will not tell you the function, etc.

I started to follow up from 21.02 and used the snapshot development version without encountering any big pitfalls. The project regularly merges the upstream code every week.

iStoreOS

The iStoreOS , which is also based on the official branch, took a different approach, abandoned OpenWrt’s own package management mechanism, and recreated a set of software stores similar to KoolCenter Merlin firmware to solve the mismatch of plug-in dependencies on different platforms due to the messy OpenWRT system dependencies and software package dependencies. The problem of not being able to install. At the same time, it provides multiple sets of UI operation interfaces and the same features as above and NAS-oriented functions: network disk, Docker, remote networking, photo album backup, etc.

Since the individual has not actually deployed and used it, it is not listed.

Firmware composition

Various combinations of hardware and software packages lead to various firmware versions. Have you ever wondered what firmware is and what it consists of?

The composition of the firmware is mainly three types of vmlinuz, rootfs and system boot.

  • vmlinux is the most original executable file containing the static link of the Linux kernel in the ELF file; vmlinuz is the compressed vmlinux and can start the file 3 .
  • rootfs is all the files of the root partition of OpenWrt, providing original files after gzip compression, files after ext4 partition and files after squashfs partition.
  • System boot is the bootloader that leads to the above two files correctly after booting the device. OpenWrt uses grub2 to implement legacy or EFI partition booting.

The combined contained in the firmware file name is translated as combined, which is the free combination of the above files, and the combination method will be reflected in the two fields文件分区and封装.

openwrt-file-structure_hue8f8b12b4fb68e9

Openwrt firmware file deconstruction

OpenWrt file system partition can choose ext4 or squashFS . ext4 is a readable and writable partition format, which is also the most widely used file system in the Linux ecosystem; compared with squashFS, it is a read-only partition format, which seems to be difficult to use, but it has a very attractive function, which can Restore factory settings or directly flash the firmware of the same file partition to achieve the upgrade function, but it needs to be hung on other writable disks for extended applications.

The packaging format provides not only burnable iso and img images, but also virtualized image files, which is convenient for users to deploy at will according to their own conditions.

One more thing, the official also provides a combined field -factory and -sysupgrade to distinguish between newly installed or upgraded exclusive firmware, these two cannot be mixed.

This section will involve the boot mechanism of Linux. I also have a little understanding of it. Please correct me if there are any errors in the description.

install firmware

openwrt-fireware-image-files_hu4904a2725

Openwrt firmware image file

I believe that combining the principles of the above firmware composition will solve the problem of what type of firmware to choose. Let’s skip the installation steps, there are too many tutorials on the Internet for reference.

system core

access channel

OpenWrt provides Web UI and SSH for access and management. The default web interface is displayed by luci , and uhttpd is responsible for the web proxy service.
It can be opened by visiting http://192.168.1.1 or http://openwrt.lan through a browser, and port 80 is open by default; SSH port is 22, and the default user name is root without a password.

Image Source

Image credit 3elajar OpenWrt

luci rich themes

luci is a front-end UI implementation that is officially maintained and enabled by default. In fact, digging deeper can reveal that there are still many implementation solutions .
There are also oui , x-wrt which are still being maintained by the community and juci which has not been updated for a long time
It can also be seen that OpenWrt has a great tolerance for system openness.

Network Interface

By default, LAN 2 (eth1) is used as the WAN port, and LAN 1 (eth0) is used as the LAN port. If there are multiple WAN and LAN ports, it needs to be reconfigured in the network interface.

configuration management

Configuration files of the system Most of the configuration files at the system level are stored under the /etc/config path. After editing and saving, the configuration files are saved instead of the corresponding services. Therefore, it is necessary to perform the submit operation again. This part of the service will be completed. The intermediate configuration is updated to the real configuration file, and it is necessary to perform the restart operation of the service.

I will demonstrate several ways to modify the OpenWrt configuration file through the example of “modifying the LAN IP address”.

via the web UI

luci provides visual operations for web pages, such as viewing configurations, updating management, and other configuration management tasks.

openwrt-luci_huaf10a363431c055ce85f91b70

Select “Network” -> “Interface”, find the edit button on the right side of the interface lan, click to edit the IPv4 address, save and apply.

via terminal editor

Use a text editor such as vim or nano to edit the /etc/config/network file, and find the ipaddr modification value under the lan section:

 1 config interface 'loopback' 2 option device 'lo' 3 option proto 'static' 4 option ipaddr '127.0.0.1' 5 option netmask '255.0.0.0' 6   
 7 config globals 'globals' 8 option ula_prefix 'fdd3:af57:2ab4::/48' 9   
10 config device 11 option name 'br-lan' 12 option type 'bridge' 13 list ports 'eth0' 14 option ipv6 '0' 15   
16 config interface 'lan' 17 option device 'br-lan' 18 option proto 'static' 19 - option ipaddr '192.168.1.1' 20 + option ipaddr '10.10.10.1' 21 option netmask '255.255.255.0' 22 option ip6assign '60' 23 option gateway '192.168.16.1' 24 list dns '233.5.5.5' 25 list dns '202.106.0.20'

After saving, restart the network service.

 1 $ /etc/init.d/network restart

Via the terminal uci tool

Image Source

Image source OpenWrt Wiki

Openwrt uci correspondence

uci is a shortcut CLI tool for configuration management, which is more convenient than web page editing or terminal configuration file editing.

 1 # 设置LAN 的IP 地址2 $ uci set network.lan.ipaddr = 10.10.10.1 3 # 提交应用操作4 $ uci commit network 5 # 重启网络服务6 $ /etc/init.d/network restart

via JSON-RPC interface

Image Source

Image credit Rapid@twitter

Overview of API interface solutions

The internal communication of Openwrt relies on the ubus bus tool, and JSON-RPC is an interface service based on its secondary encapsulation. The firmware does not enable this service by default, please enable it in the compiled firmware configuration if necessary.

 1 # 登录认证获得token (返回JSON 的result 字段值) 2 $ curl http://<hostname>/cgi-bin/luci/rpc/auth --data ' 3 { 4 "id": 1, 5 "method": "login", 6 "params": [ 7 "user", "password" 8 ] 9 }' 10   
11 # 修改LAN IP 地址12 $ curl http://<hostname>/cgi-bin/luci/rpc/uci?auth = yourtoken --data ' 13 { 14 "method":"set", 15 "params":[ 16 "network", "lan", "ipaddr", "10.10.10.1" 17 ] 18 }' 19   
20 # 提交network 配置变更21 $ curl http://<hostname>/cgi-bin/luci/rpc/uci?auth = yourtoken --data ' 22 { 23 "method":"commit", 24 "params":[ 25 "network" 26 ] 27 }' 28   
29 # 重启network 服务(接口请求后可能无法正常响应) 30 $ curl http://<hostname>/cgi-bin/luci/rpc/sys?auth = yourtoken --data ' 31 { 32 "method":"call", 33 "params":[ 34 "/etc/init.d/network restart" 35 ] 36 }'

A more comprehensive interface address and debugging can go to the Postman OpenWrt RPC interface collection I maintain.

device management

Dnsmasq is a service that integrates DHCP and DNS for default configuration and management of devices. The configuration file is /etc/config/dhcp , and the application service /etc/init.d/dnsmasq .

firewall

OpenWrt version 22.03 no longer uses iptable but should be implemented with nfstable. Attention should be paid to the incompatibility of the two simultaneous times. The firewall also undertakes the configuration of interface forwarding,
The configuration file is /etc/config/firewall , application service /etc/init.d/firewall .

DDNS

Dynamic dynamic domain name resolution solves the problem that the public network IP is not fixed, the premise is that there must be a public network IP. You can open it with a certain probability by submitting a work order to the customer and saying that you need to use the camera to watch the cats, dogs, fish, and turtles at home.
The configuration file is /etc/config/ddns , and the application service /etc/init.d/ddns . Note that the use of different domain name providers requires the installation of corresponding software package extensions.

package management

opkg is a package management tool of OpenWrt, the command is similar to Debian’s apt.
It can set official and third-party sources. It also has the ability to install, upgrade and uninstall packages. The configuration directory file is composed of the /etc/opkg.conf file and other source configuration files under the /etc/okpg directory. Packages are .ipk extension. There are also corresponding functions on the web page.

compile firmware

There seems to be a prejudice in China that any software upgrade and new software package must be recompiled and reflashed the firmware, so that it has become popular to use Github Action free prostitution resources to compile Hamlet that meets the hearts of 10,000 people.

There are also a lot of tutorials for compiling firmware. You can find a lot of hardware devices and a lot of personalized tools for compiling firmware on Github. It’s really lazy and easy, and some developers provide online custom firmware building tools for you to choose from.

When I first came into contact with it in the early stage, I was no exception and joined the ranks of compiling firmware. Until recently, I realized that compiling firmware is just to upgrade several software package versions. I felt that this matter deviated from the original design intention. Software packages and software sources .

development package

If you want to develop a new software package or compile a software package, you will immediately get a headache. There are very few resources in this area. My suggestion is to follow the official documentation step by step.

What you need is to understand how to prepare the development environment, clone the source code, install the compilation environment, and understand the directory structure of the project. The official also considers that the early preparation will be extremely hard and difficult, and specially provides three development kits.

openwrt-dev-files_hu788235e2748ce1264a22

Openwrt development package files

  • toolchain : Contains a precompiled environment consisting of GCC compiler, binary tools and linkers necessary for compilation (such as tar, binutils, etc.), and C standard library (such as glibc, musl, uClibc or dietlibc), which is convenient for modifying OpenWrt source code.
  • SDK : Contains pre-compiled toolchain packages and a compilation platform (target or platform) development kit for cross-platform ipk packages. It should be noted that only the ipk software package is allowed to be cross-compiled, and the firmware itself cannot be cross-compiled.
  • imagebuilder : A platform-specific precompiled out-of-the-box package that can quickly adjust the firmware content. This preset environment can simplify the pre-installed ipk package and adjust system parameters to quickly generate personalized firmware. It should be noted that the software package is preset in advance, and it can only be simplified and cannot add new software packages.

This chapter is just for everyone to understand and there is no plan to fully expand it. If you want to learn more about how to develop an OpenWrt software package, please leave a message to interact with me. If there are more, I may open a separate series.

last words

In my Homelab network topology, OpenWrt only undertakes the network forwarding and routing functions of the wired part, mainly DHCP, DNS, DDNS and network acceleration, and the wireless network will be completed through the downstream Mesh AP.
Complex and risky functions such as Docker and network disks will not appear in the OpenWrt system.

Next, core basic services such as storage services and VM virtual machine management system Proxmox will be enabled.


  1. You can refer to Kawaba ‘s tutorial to view the main and bypass router settings and performance comparison ↩

  2. Wikipedia ‘s explanation ↩

  3. For vmlinuz information, refer to kernel environment construction and basic knowledge and vmlinuz file decompression ↩

This article is transferred from: https://icyleaf.com/2023/04/how-to-homelab-part-2-openwrt-soft-router/
This site is only for collection, and the copyright belongs to the original author.