OpenWrt 21.02.0-rc3 released: Linux operating system targeting embedded devices
The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned. In 2016, the LEDE project was founded as a spin-off of the OpenWrt project and shared many of the same goals. The project aimed at building an embedded Linux distribution that makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers. The name LEDE stood for Linux Embedded Development Environment.
Why use LEDE?
People install LEDE because they believe it works better than the stock firmware from their vendor. They find it is more stable, offers more features, is more secure and has better support.
Extensibility: LEDE provides many capabilities found only in high-end devices. Its 3000+ application packages are standardized, so you can easily replicate the same setup on any supported device, including two (or even five) year old routers. More…
Security: LEDE’s standard installation is secure by default, with Wi-Fi disabled, no poor passwords or backdoors. LEDE’s software components are kept up-to-date, so vulnerabilities get closed shortly after they are discovered. More…
Performance and Stability: LEDE firmware is made of standardized modules used in all supported devices. This means each module will likely receive more testing and bug fixing than stock firmware which can be tweaked for each product line and never touched again. More…
Strong Community Support: LEDE team members are regular participants on the LEDE Forum, LEDE Developer and LEDE Admin mailing lists, and LEDE’s IRC channels. You can interact directly with developers, volunteers managing the software modules and with other long-time LEDE users, drastically increasing the chances you will solve the issue at hand. More…
Research: Many teams use LEDE as a platform for their research into network performance. This means that the improvements of their successful experiments will be available in LEDE first, well before it gets incorporated into mainline, vendor firmware. More…
Open Source/No additional cost: LEDE is provided without any monetary cost. It has been entirely created by a team of volunteers: developers and maintainers, individuals and companies. If you enjoy using LEDE, consider contributing some effort to help us improve it for others! All of the above is possible because LEDE is part of the Open Source community, and powered by the Linux kernel. Get the source code…
openwrt v21.02.0-rc3 release.
WPA3 support included by default
WPA3 was already supported in 19.07 but it was not provided by the default set of packages in OpenWrt images.
With 21.02, all packages necessary to provide WPA3 are installed by default in OpenWrt images.
TLS and HTTPS support included by default
TLS support is now provided by default in OpenWrt images including the trusted CA certificates from Mozilla. It means that
opkgnow support fetching resources over HTTPS out-of-the-box. The
opkgdownload server is accessed through HTTPS by default. OpenWrt switched from mbed TLS to wolfSSL as the default SSL library, mbed TLS and OpenSSL are still available and can be installed manually.
Initial DSA support
DSA stands for Distributed Switch Architecture and is the Linux standard to deal with configurable Ethernet switches.
OpenWrt 21.02 comes with initial support for DSA, which replaces the
swconfigsystem that OpenWrt was using up until now. Not all targets have been ported: some devices still use
swconfigwhile some devices already switched to DSA.
This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing
swconfigconfiguration to DSA configuration (see “Upgrading” below).
The following targets are using a switch managed with DSA in OpenWrt 21.02:
ath79(only TP-Link TL-WR941ND)
Increased minimum hardware requirements: 8 MB flash, 64 MB RAM
Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt.
It is still possible to build custom OpenWrt images (e.g. using the ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM. However, the level of functionality will be reduced and there is no guarantee to stability. See OpenWrt on 4/32 devices for more details and guidance.
New hardware targets
realtektarget has been added, which is often found in managed switches. As a result, it is now possible to run OpenWrt on devices with a significant number of Ethernet ports. See supported devices for realtek.
In addition, new
rockchiptargets have been added.
Support for many new boards was added to the existing targets.
Dropped hardware targets
ar71xxwas deprecated in OpenWrt 19.07 and was gradually replaced by
ath79, see ar71xx-ath79 migration. With OpenWrt 21.02, the
ar71xxhas been removed and users must use
ath79instead. If you are still running with the
ar71xxtarget, it is recommended to reinstall OpenWrt 21.02 from scratch. Users already on the
ath79target can use sysupgrade to upgrade to OpenWrt 21.02.
Other targets were also removed:
Network exposed user space applications are linked as position-independent executable (PIE) to allow full Address Space Layout Randomization (ASLR) support. This makes it harder for attackers to exploit OpenWrt. See Hardening build options for more details.
Kernel with container support
Multiple Linux kernel compile options, needed for Linux Containers (LXC) and procd-ujail are activated by default for most targets. This allows to use LXC and ujail with the normal release builds.
It is possible to compile OpenWrt with SELinux support. This is currently not activated by default.
Core components update
Core components have the following versions in 21.02.0-rc1:
- Updated toolchain:
- musl libc 1.1.24
- glibc 2.33
- gcc 8.4.0
- binutils 2.35.1
- Updated Linux kernel
- 5.4.111 for all targets
- hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81
- cfg80211/mac80211 from kernel 5.10.16
- wireguard backport from upstream Linux kernel
- System userland:
- busybox 1.33.0
In addition to the listed applications, many others were also updated.