OpenWRT testing in Incus

owrtinincus · January 1, 2026, 7:35pm

I plan to start testing and experimenting with OpenWRT builds in Incus and am curious if anyone has tried the same?

Of special interest to me is whether anyone has successfully complied Incus Agent to run on OpenWRT, be it x86-64 or ARM64 (AFAIK, there’s no Incus Agent for OpenWRT, even for x86-64?).

tregubovav · January 1, 2026, 8:22pm

OpenWRT container has restricted functionality. You are not able to load custom OpenWRT kernel modules (kmods).
Default OpenWRT images can be run as Incus/LXD VM on X86 and arm64 platforms. However, the Incus Agent can’t communicate with the incus daemon running on host. This restricts using incus to orchestrate OpenWRT VM instances.
There is a discussion at OpenWRT Forum: Vsock.ko kernel module needed (aarch64/X86_64 targets) and Pull Request created that allows to run OpenWRT VM under the incus natively. However, there is almost no progress due to low interest to this topic.

owrtinincus · January 1, 2026, 11:40pm

Thank You - apologies if I’m being pedantic in your use of the word OpenWRT container but does the inablility to load custom OpenWRT kernel modules (kmods) also apply to OpenWRT VMs?

Noted. I have been able to work around file push/pull using SSH and SCP. I’m working on getting shared p9 working (I will have a thread up soon) - I have it working using qemu-system-x86_64 like below, need to get it working under incus next:

qemu-system-x86_64 \
  -enable-kvm -cpu host -m 2048 -L "$BIOS_DIR" \
  -kernel "$KERNEL_PATH" \
  -append "$APPEND_ARGS" \
  -drive file="$DISK_PATH",format=raw,if=virtio \
  -virtfs local,path="$HOST_SCRIPT_DIR",mount_tag=host_share,security_model=none,id=host_share \
  -chardev socket,id=char0,path="$SERIAL_SOCK",server=on,wait=off,logfile="$DEBUG_LOG" \
  -serial chardev:char0 \
  -display none

where APPEND_ARGS has a script that starts with mount -t 9p -o trans=virtio host_share /mnt

Thank You for the link and the PR kernel: modules to run OpenWRT VM in LXD or incus by tregubovav-dev · Pull Request #19654 · openwrt/openwrt · GitHub

tregubovav · January 2, 2026, 12:34am

This is container’s nature. In simple word container run the process(es) in restricted linux environment unless they run as privilege container (i.e. run under root on the host instance). Even if you run the OpenWRT container as privilege container, you will not able to load OpenWRT kernel modules because they are not compatible with your host OS.

My experience shows that direct conversion the default OpenWRT X86_64 or armv8 allows incus to create and start instances from it. However, you need to have a custom OpenWRT network in the image or have ability to change it directly at the incus instance’s root storage (depending on kind of incus storage you use) . You need also configure incus network(s) for the instances. After that you can get network access to the OpenWRT instance. However, the incus will not able to manage it and you could see some side effects like long shutdowns. You will have to fine tune incus instance’s properties to reduce collateral damages with running unmanaged VM under incus.

owrtinincus · January 2, 2026, 12:57am

Agreed. I was just clarifying this won’t be an issue in VMs because the kernel can be different from the host

Yes, I created a separate thread for it to keep this one more focused: Root volume protection in Incus VM