OpenWRT Services

From Exterior Memory
Jump to: navigation, search
This article was written in April 2009, and last updated in March 2010. This article was written with OpenWRT 8. I have not upgraded to the latest version. Given the volatile nature of this topic, expect that the content of this article is outdated after about two years time.

See OpenWRT on WRT54GL for the basic setup.


The two tools you will use most are:

an older tool to set the NVRAM, used for OpenWRT 0.9 and earlier, still available in OpenWRT 7.09. Gone in OpenWRT 8.09.
a package manager, used to install packages in OpenWRT 7.09 and up. As of OpenWRT 8.08, the opkg package manager replaced the ipkg package manager.
a configuration tool, used in OpenWRT 7.09 and up.
the webinterface, available in OpenWRT 8.09 and up.

Previously, (WhiteRussion, OpenWRT 0.9 and before) much of the configuration was stored in VRAM, and the nvram was used for the configuration. Since Kamikaze (OpenWRT 7.06 and up) most configurations are stored on file in /etc/, and uci can easily get and set those settings. NVRAM does still keep a lot of settings, but most of these nvram settings are ignored since Kamikaze. In fact, it is only needed to set boot_wait. Since 8.09, the nvram tool is not present anymore (you need to downgrade to set boot_wait!).

LuCI, the webinterface, is available since OpenWRT 8.09. I used ipkg and uci mostly to do the configuration, but it should be straightforward to translate the settings to the LuCI webinterface. I do recommend to change the view from minimal ("Essentials") to full ("Administration"). You can set the in the menu on the right.


Download package list:

opkg update

Search / view available packages:

opkg list
opkg list_installed

Install a package:

opkg install packagename

Upgrade installed packages:

opkg upgrade


IPv6 tunnel

I have an IPv6 tunnel between my OpenWRT basestation and a Sixxs endpoint. The OpenWRT serves as the IPv6 router for the other machines in my home network. Getting this to work requires three steps:

  1. Request request an SIXXS account and tunnel, as explained in 10 easy mini steps to IPv6
  2. Install the software on OpenWRT as explained in Installing Aiccu on OpenWRT. Note that for this step you also need to request an SIXXS subnet, which SIXXS only allows you to do if your tunnel is running stable for a week.
  3. Configure an IPv6 firewall. Remember that you just poked a hole in your IPv4 router, which allows all IPv6 traffic to pass through.

More generic information on IPv6 on OpenWRT can be found at either the IPv6 howto on the OpenWRT wiki and in the thread of HOWTO use your WL-500g as IPv6 router. While the later talks about ASUS WL-500g firmware, the comments underneath describe how to install the Aiccu tool using ipkg.

All went quite smootly, although radvd did not work for me (the file /var/etc/radvd.conf remained empty). Basically, the startup script is way too complex. Instead, I created a simple config file at /etc/radvd.conf (removing /etc/config/radvd):

interface br-lan
        AdvSendAdvert on;
        AdvManagedFlag off;
        AdvOtherConfigFlag off;
        prefix 2001:0DB8:A376:00FD::0/64
                AdvOnLink on;
                AdvAutonomous off;
                AdvRouterAddr off;

This allows for a very simple /etc/init.d/radvd script:


start() {
        radvd -m logfile -p /var/run/

stop() {
        killall radvd

In addition, I had to carefully tune the order in which processes are started at boot time. This was the original order:


This fails because radvd only runs if net.ipv6.conf.all.forwarding is set by sysctl. My final order was:


Aiccu must run after radvd. If that is not the case, it fails, but very subtle. The result (somehow) is that the bridge interface receives the link-local IPv6 address "fe80::200:ff:fe00:0". This is incorrect, since that is associated with MAC address 00:00:00:00:00:00. Other hosts were not able to ping this IP address, so the router could not be reached.

br-lan    Link encap:Ethernet  HWaddr 00:1E:E5:84:E2:E8  
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link

This is incorrect, since that is associated with MAC address 00:00:00:00:00:00. Other hosts were not able to ping this IP address, so the router could not be reached.

DHCP server

OpenWRT comes with dnsmasq, which is a DNS, DHCP and TFTP server in-one. the configuration files are /etc/dnsmasq.conf and /etc/ethers (fixed IP address). The configuration is pretty straightforward, see the example config and man page (the names in the configuration files are the same as the command line options).

I disable the DNS part with:


The startup script on OpenWRT, /etc/init.d/dnsmasq did not work for me. It tries to be smart and thus fails horribly because it's assumption are wrong (it assumes OpenWRT is running in routed mode; mine is running in bridged mode). The default script adds all kinds of option. In my config, it runs dnsmasq with these options:

/usr/sbin/dnsmasq -I br-lan --dhcp range=lan,,,,12h -I eth0.1 

The -I br-lan option makes sure that it does not listen on my bridge interface. That is a show-stopper, as that is supposed to be the only interface were it should listen on.

It is much, much better to make a really stupid startup script, and insert all option in a config file. The current startup script looks like:

#!/bin/sh /etc/rc.common
# Copyright (C) 2007


start() {

stop() {
        killall dnsmasq

Note: I no longer use dnsmasq, since I found it to be too limited for my needs.

NTP time client

The Linksys has no internal clock, so the time is reset after each reboot. You can install the ntpclient to synchronize the clock. has an excellent how-to at OpenWrt Time Synchronisation on OpenWrt.

opkg install ntpclient

I did not specify a time zone (so it uses UTC)

My startup script looks like:

#!/bin/sh /etc/rc.common


start() {
        /usr/sbin/ntpclient -c 1 -s -h &

stop() {
        killall ntpclient

and my crontab:

# to timesync every hour at 10 minutesi past the hour
10 * * * * /etc/init.d/ntpclient restart