This OS is used on router/switch/AP.


    Web GUI (Luci)

    opkg update
    opkg install luci-ssl

    Note: It's also possible to install ''luci'' package without ssl

    To start luci automatically :

    /etc/init.d/uhttpd enable

    First start : /etc/init.d/uhttpd start

    Change WEB-UI: opkg install luci-theme-bootstrap

    Then, go on ''System > System > Language and Style > Design > Bootstrap''.

    Auto upgrade

    ASU: AttendedSysUpgrade (project)

    AUC: AttendedsysUpgrade Cli (package)

    Use carefully:

    • (-) no signature control
    • (-) image build by an external worker however it is possible to self-host to build locally, you can specify the url through /etc/config/attendedsysupgrade on the device. (no ARM support yet)
    • (+) practical to build an image containing the packages on the current installation.
    opkg install auc

    Example for a specific version:

    auc -b 22.03

    Note if you obtain an error Bad message (74), just do /etc/init.d/rpcd restart source

    Nodes management


    See also discussion


    Always run this command first time connection to install a new package.

    opkg update


    If the router has problem, and is still inaccessible you will need to enter in this mode. If failsafe doesn't work, i'm sorry to say you will need to reinstall os see hard flash failsafe.


    1. Shutdown the device

    2. Set up your computer to static ip with submask

    3. Turn on the device and press button "reset" > depend to the experience, sometime i keep push during 10 secondes, sometime i push/unpsh during 10 secs

    4. Then you can ssh root@ and run different commands:

    • mount_root try to debug and change /etc/config/* before rebooting
    • reset everyting: firstboot

    Note: Don't forget to change root password !


    WNDR 3700 wifi button

    opkg update
    opkg install wifitoggle
    uci set wifitoggle.@wifitoggle[0].button=BTN_2
    uci set wifitoggle.@wifitoggle[0].timer=0
    uci commit wifitoggle

    Configure ssh (dropbear)

    Go to luci or /etc/config/dropbear.

    Note: ensure that if you change the port on the config file it is also open on the firewall

    Generate host key

    dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key


    Verify the key

    dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key  | grep "^ssh-rsa "

    Note: ssh-keygen is not available on OpenWRT, extract the public key (see above), save it on a computer and check with ssh-keygen -lf

    Add the public key



    Access between vlans


    • vlan 1 (home) :
    • vlan 2 (services) : (http service on port 8081 at

    Two equivalent accesses:

    • one direct access
    • one through dnat
    # access with curl (from home network)
    config rule
            option src  'home'
            option dest 'services'
            option dest_ip ''
            option dest_port '8081'
            option proto   'tcp'
            option target  'ACCEPT'
    # dnat access with curl (from home network)
    config redirect
            option target 'DNAT'
            option src 'home'
            option src_dport '8081'
            option proto 'tcp'
            option dest 'services'
            option dest_ip ''
            option dest_port '8081'
            option family 'ipv4'