Openwrt not working on truenas Incus container

After successfully booting openwrt24.10.2 on truenas 25.10, I uninstalled dnsmasq and installed dnsmasq-full, but that’s where the problem comes in, it reports an error and no network connection.

daemon.crit dnsmasq[1]: failed to seed the random number generator: No such file or directory
daemon.crit dnsmasq[1]: FAILED to start up
daemon.info procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash

I checked dnsmasq: unable to access /dev/urandom in lxc · Issue #14092 · openwrt/openwrt · GitHub and dnsmasq: allow using /dev/urandom by vgaetera · Pull Request #14091 · openwrt/openwrt · GitHub
and i tried to hook up the volume to the external storage but was unable to open the UI. any advice and help would be appreciated.

Hello there?

For a just created openwrt instance, here are cmds for install dnsmasq-full:

opkg update
opkg remove dnsmasq
mv /etc/config/dhcp /etc/config/dhcp-old
opkg install dnsmasq-full

@catfish When the configuration is completed following the above commands, DNS does not seem to work

BusyBox v1.36.1 (2025-06-23 20:40:36 UTC) built-in shell (ash)

~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
67: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 00:16:3e:5d:11:f9 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.23/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe5d:11f9/64 scope link 
       valid_lft forever preferred_lft forever
~ # cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0'
        option proto 'dhcpv6'

config globals 'globals'
        option ula_prefix 'fdbf:fecf:2a1a::/48'

~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=111 time=86.417 ms
64 bytes from 8.8.8.8: seq=1 ttl=111 time=86.241 ms
64 bytes from 8.8.8.8: seq=2 ttl=111 time=86.515 ms
64 bytes from 8.8.8.8: seq=3 ttl=111 time=86.477 ms
64 bytes from 8.8.8.8: seq=4 ttl=111 time=86.393 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 86.241/86.408/86.515 ms

~ # ping openwrt.org
ping: bad address 'openwrt.org'

@catfish and there are dhcp new version vs old

~ # cat /etc/config/dhcp
config dnsmasq
        option domainneeded     1
        option boguspriv        1
        option filterwin2k      0  # enable for dial on demand
        option localise_queries 1
        option rebind_protection 1  # disable if upstream must serve RFC1918 addresses
        option rebind_localhost 1  # enable for RBL checking and similar services
        #list rebind_domain example.lan  # whitelist RFC1918 responses for domains
        option local    '/lan/'
        option domain   'lan'
        option expandhosts      1
        option nonegcache       0
        option cachesize        1000
        option authoritative    1
        option readethers       1
        option leasefile        '/tmp/dhcp.leases'
        option resolvfile       '/tmp/resolv.conf.d/resolv.conf.auto'
        #list server            '/mycompany.local/1.2.3.4'
        option nonwildcard      1 # bind to & keep track of interfaces
        #list interface         br-lan
        #list notinterface      lo
        #list bogusnxdomain     '64.94.110.11'
        option localservice     1  # disable to allow DNS requests from non-local subnets
        option ednspacket_max   1232
        option filter_aaaa      0
        option filter_a         0
        #list addnmount         /some/path # read-only mount path to expose it to dnsmasq

config dhcp lan
        option interface        lan
        option start    100
        option limit    150
        option leasetime        12h

config dhcp wan
        option interface        wan
        option ignore   1
~ # cat /etc/config/dhcp-old

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Edit /etc/resolv.conf, add nameserver to whatever you like, for example:

nameserver 1.1.1.1
nameserver 1.0.0.1

I noticed that when I change the NS to 1.1.1.1 it pings fine, but at that point I can’t access the UI, and then I try to change it and it doesn’t work:

~ # cat /etc/resolv.conf
search lan
nameserver 1.1.1.1
nameserver 1.0.0.1
~ # cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdbf:fecf:2a1a::/48'

config interface 'lan'
        option ifame 'eth0'
        option proto 'static'
        option ipaddr '10.0.0.2'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'
~ # ping openwrt.org
ping: bad address 'openwrt.org'
~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
70: eth0@if5: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 00:16:3e:5d:11:f9 brd ff:ff:ff:ff:ff:ff

This is the entire process from creating the image to the problem occurring

BusyBox v1.36.1 (2025-06-23 20:40:36 UTC) built-in shell (ash)
~ # ping openwrt.org
PING openwrt.org (64.226.122.113): 56 data bytes
64 bytes from 64.226.122.113: seq=0 ttl=47 time=248.782 ms
64 bytes from 64.226.122.113: seq=1 ttl=47 time=250.950 ms
64 bytes from 64.226.122.113: seq=2 ttl=47 time=247.977 ms
64 bytes from 64.226.122.113: seq=3 ttl=47 time=250.974 ms
^C
--- openwrt.org ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 247.977/249.670/250.974 ms
~ # cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
config globals 'globals'
option ula_prefix 'fdee:a48:db93::/48'
~ # opkg update
Downloading https://downloads.openwrt.org/releases/24.10.2/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/24.10.2/targets/x86/64/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/24.10.2/targets/x86/64/kmods/6.6.93-1-1745ebad77278f5cdc8330d17a3f43d6/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_kmods
Downloading https://downloads.openwrt.org/releases/24.10.2/targets/x86/64/kmods/6.6.93-1-1745ebad77278f5cdc8330d17a3f43d6/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/telephony/Packages.sig
Signature check passed.
~ # cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
~ # cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
config globals 'globals'
option ula_prefix 'fdee:a48:db93::/48'
~ # ping openwrt.org
PING openwrt.org (64.226.122.113): 56 data bytes
64 bytes from 64.226.122.113: seq=0 ttl=47 time=247.812 ms
64 bytes from 64.226.122.113: seq=1 ttl=47 time=250.449 ms
64 bytes from 64.226.122.113: seq=2 ttl=47 time=247.720 ms
64 bytes from 64.226.122.113: seq=3 ttl=47 time=251.138 ms
^C
--- openwrt.org ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 247.720/249.279/251.138 ms

~ # opkg remove dnsmasq
Removing package dnsmasq from root...
Not deleting modified conffile /etc/config/dhcp.
~ # mv /etc/config/dhcp /etc/config/dhcp-old
~ # opkg install dnsmasq-full
Installing dnsmasq-full (2.90-r4) to root...
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/dnsmasq-full_2.90-r4_x86_64.ipk
Installing libgmp10 (6.3.0-r1) to root...
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/libgmp10_6.3.0-r1_x86_64.ipk

Installing libnettle8 (3.9.1-r1) to root...
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/libnettle8_3.9.1-r1_x86_64.ipk
Installing libnfnetlink0 (1.0.2-r1) to root...
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/libnfnetlink0_1.0.2-r1_x86_64.ipk
Installing kmod-nf-conntrack-netlink (6.6.93-r1) to root...
Downloading https://downloads.openwrt.org/releases/24.10.2/targets/x86/64/kmods/6.6.93-1-1745ebad77278f5cdc8330d17a3f43d6/kmod-nf-conntrack-netlink_6.6.93-r1_x86_64.ipk
Installing libnetfilter-conntrack3 (1.0.9-r2) to root...
Downloading https://downloads.openwrt.org/releases/24.10.2/packages/x86_64/base/libnetfilter-conntrack3_1.0.9-r2_x86_64.ipk
Configuring libnfnetlink0.
Configuring kmod-nf-conntrack-netlink.
Configuring libnetfilter-conntrack3.
Configuring libgmp10.
Configuring libnettle8.
Configuring dnsmasq-full.
~ # 
~ # ping openwrt.org
ping: bad address 'openwrt.org'
~ # 

Well, in this case, you need to post your instance network config:
incus config show <instance name>

In my case, I use this to create instance: incus launch images:openwrt/24.10 test, so it only has a network interface, then run cmds in instance:

opkg update
opkg remove dnsmasq
mv /etc/config/dhcp /etc/config/dhcp-old
opkg install dnsmasq-full

To access webui, I need to switch wan to lan in instance:

sed -i 's/wan/lan/g' /etc/config/network
/etc/init.d/network reload

Add to access webui, I need to port forward:
incus config device add test port-8000 proxy listen=tcp:0.0.0.0:8000 connect=tcp:127.0.0.1:80
Then I can access webui use host ip + port 8000. And change lan’s dns in webui in Network-Interfaces-lan(edit)-Advance Setting-uncheck Use DNS servers advertised by peer-add 1.1.1.1 in Use custom DNS servers and save and apply.

Oh, sorry, /etc/resolv.conf will be reset after reboot, and manually edit dns in lan will failed too.
I find a post to solve it:

You only need to run this in instance:
sed -i ‘s/procd_add_jail/: \0/g’ /etc/init.d/dnsmasq

And my webui never fail to work, I won’t be able to help you solve it.

@catfish Thank you for help. Your answers have been an absolute help to me.

I change network After sed -i ‘s/procd_add_jail/: \0/g’ /etc/init.d/dnsmasq , and it working now.
vi /etc/config/network and delete interface wan and lan, change to

config interface 'lan'
	option ifame 'eth0'
        option proto 'static'
        option ipaddr '10.0.0.38'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'