OpenWRT getting started Question

chuckboecking · November 26, 2024, 7:39pm

Hi Team, May I get help getting started with openwrt in Incus?

I was able to create a local instance using:

incus launch images:openwrt/23.05 openwrt-delme-01

I was able to connect using sh (not bash):

incus exec openwrt-delme-01 sh

However, I do not know what to do from here. I am perfectly happy to configure the router from the command line (preferred actually); however, almost all tutorials revolve around flashing a device and connecting via a webui.

Any hints in getting started would be greatly appreciated. Thanks Chuck

stgraber · November 26, 2024, 7:44pm

It looks like the default firewall in OpenWRT prevents access to the UI from what it sees as the WAN interface, that makes sense I think.

A quick workaround you can use is flushing its firewall so you can then access it with a web browser. You’ll obviously want to reconfigure the firewall to allow it properly later.

incus exec openwrt-delme-01 – nft flush ruleset
incus list openwrt-delme-01

Then grab the IP from there and access it from your web browser.

chuckboecking · November 26, 2024, 7:58pm

Confirmed success, and thank you!!

Note that the -- is changed to ‘–’ in markdown in the above post. Updated commands for future reference:

incus exec openwrt-delme-01 -- nft flush ruleset
incus list openwrt-delme-01

I also found the following which is command line (cli) friendly starting at around minute 13:

xarufagem · November 27, 2024, 3:05am

I bieleve it would be nice, to add a “LAN” interface along image build, to solve the problem for UI lovers

Like :

- path: /etc/config/network
  generator: dump
  content: |-
    config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

    config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

    config interface 'wan6'
        option ifname 'eth0'
        option proto 'dhcpv6'


    config interface 'LAN'
        option proto 'static'
        option device 'eth1'
        option ipaddr '172.21.1.1'
        option netmask '255.255.255.0'

It would add a lan side interface, to eth1 (if added to the container), that’s usable to do dhcp out of the box (on another network than most commonly used by isp 192.168.1.0/24 by default)

If not, using command line, it would be pretty easy : after incus exec sh in the container, install Luci (it’s basically the UI : opkg update && opkg install luci), then modify file /etc/config/firewall as :

config zone
        option name 'wan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

You can now access openwrt, both using SSH and UI, on wan side

Don’t forget to change it back when you’re done configuring it

It’s a pretty nice piece of software, not a big memory footprint, can manage to do many things… my kid used it, with an old netbook to create an access point, using incus

Hope it helps,

usefive · November 27, 2024, 3:49pm

You can add a proxy device to access it with incus config device add openwrt-delme-01 luci proxy listen=tcp:127.0.0.1:8888 connect=tcp:127.0.0.1:80, if you want to allow access from outside the host change the listen argument to listen=tcp:0.0.0.0:8888, and of course you change the port 8888 with whatever you want.

If you are using a macvlan, bridge, etc you can add a rule allowing access to the web interface via the firewall in the shell using:

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-LuCI'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='80'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].target='ACCEPT'