Distributions

OpenWrt releases "Barrier Breaker"

By Jake Edge
November 12, 2014

Continuing its tradition of releases named after cocktails, the OpenWrt project released the latest version of its firmware for home routers and other devices, "Barrier Breaker" (14.07), on October 2. As one might guess, it comes with plenty of new features, especially in the networking area (improved IPv6 support, in particular). OpenWrt has long been used by many of the technically savvy, but it is reaching a point where it "just works" and provides such an upgrade from the factory firmware that it may well make sense for some regular users as well.

OpenWrt began in 2003 by starting with the code grudgingly released by Linksys to comply with the GPL for its WRT54G wireless home router. Support for other routers and devices soon followed and the current Table of Hardware that documents the hardware supported by the distribution is truly impressive. We last looked at OpenWrt in 2011, shortly before the "Backfire" maintenance release (10.03.1). Since then, there was also the 12.09 "Attitude Adjustment" release in April 2013.

Though it is getting a little long in the tooth now, the Netgear WNDR3800 is a nice router for testing (and running) OpenWrt. Used devices appear to be plentiful and fairly inexpensive (less than $75 on eBay) or new ones can be purchased for a bit more than double that. The WNDR3800 is certainly one of the easier routers to install OpenWrt on; it is simply a matter of grabbing the right firmware (the factory image for WNDR3800 from this directory) and uploading it to the device using the factory firmware's web interface. Upgrading from an earlier OpenWrt release uses the sysupgrade image, instead; uploading that file into the OpenWrt interface will upgrade the device while preserving the existing configuration (though not any extra packages that may have been installed).

Once installed, there are several things that OpenWrt does (or, perhaps, doesn't do) to improve the security of newly installed devices. To start with, WiFi and ssh are disabled, while telnet is enabled. Turning off ssh and telnet on might seem like poor choices, but the idea is to force the user to set a root password. Users can either telnet or browse to 192.168.1.1 (after connecting some system to one of the device's ethernet ports) to set the password. Once a password has been set (and the same root password works for logging in as root to both the ssh command line and the web interface), the telnet service is terminated and Dropbear SSH is started instead.

From then on, most of the administration or monitoring that needs to be done can either use the command-line interface (CLI) or the LuCI Lua-based web interface. It uses the Unified Configuration Interface (UCI), which provides the CLI tool for the configuration of OpenWrt devices. For example, one of the first tasks is likely to be turning on the WiFi, which is easily done from LuCI, though it can also be done using UCI or by editing /etc/config/wireless directly.

Using LuCI is quite straightforward. It has hierarchical menus that govern most of the tasks an administrator might need to do. There are, naturally, realtime traffic graphs of various sorts, along with log file output, diagnostic tools (e.g. ping, traceroute), and other troubleshooting and monitoring aids available. Configuring various services, such as DHCP or DNS, is easy to do. LuCI restarts the services or network interfaces as needed to effect whatever changes were made.

Beyond that, there are some fairly complicated configuration options that one normally would not see in a router's web interface. The firewall configuration and monitoring (listing all of the different tables) is top-notch. Port forwarding, quality of service (QoS), VLAN, and other configuration are all quite accessible.

On the negative side, though, is the documentation, which suffers from a few flaws. It is disorganized, with information scattered on the Documentation page, wiki, and in the forum. You can often find what you are looking for in one of those places, but it is easiest to consult a search engine. After finding the topic you are looking for, though, you may encounter another problem: the information may be out of date—sometimes long out of date. This is not really meant as a knock on the project, as the versatility of the distribution means that there is an incredible amount of information to maintain. But it can be frustrating to new users.

Some of that versatility and complexity may be part of the reason there are several derivative distributions based on OpenWrt. We have looked at CeroWrt and the EFF's Open Wireless Router project (which is based on CeroWrt) in the last few years. Both of those focus on a single router (the WNDR3800) to try to cut down the complexity of the multi-platform problem. Documenting the base functionality of those routers is a much simpler task.

OpenWrt has, thankfully, taken a much larger bite; its work can be picked up—and simplified—by others. Development flows in both directions, though, as OpenWrt has adopted most of the anti-bufferbloat work that CeroWrt has done.

Beyond just the multi-platform support, OpenWrt's complexity comes from the sheer number of packages it supports. Numbers are hard to come by, but Attitude Adjustment came with nearly 3,500 packages, so one would guess that Barrier Breaker has at least that many. Certainly scanning through the package list in LuCI is eye-opening. One of the features for the release was a reorganization of the package feed into a single GitHub repository. For now, the older repository is still available, but it must be manually enabled.

The opkg package management system works just as one would expect. Packages can be installed from the command line or LuCI and, as with any modern package manager, dependencies are automatically resolved. One of the features that will be coming is the ability to sign and verify packages, which is a welcome feature.

Security updates are somewhat problematic for OpenWrt, however. Kernel fixes require installing a new image. User-space vulnerabilities can be fixed by updating packages, but the distribution isn't really set up to handle the kind of advisory and update process that is normal for desktop and server distributions. Package signing seems like a step along the way toward a solution to some of these problems.

Barrier Breaker is based on the 3.10 kernel, which moves things along a good ways from the 3.3 kernel (with some backports from 3.5) that was used in Attitude Adjustment, but is still more than a year old at this point. The release notes for Barrier Breaker say that the next release (named "Chaos Calmer") will be based on 3.14 or some more recent kernel that has long-term support. Given that the project is aiming for a release of Chaos Calmer this year, it would seem that 3.14 is a good bet.

While it has been around 18 months between releases, OpenWrt certainly gives the appearance of being a highly active project. Another release before the end of the year would seem pretty aggressive, however. In any case, it is a distribution worth checking out for a wide variety of embedded Linux needs. As they say: Friends don't let friends run factory firmware. Perhaps that overstates things, but there are many things that can be done with an OpenWrt device—well beyond the manufacturer's vision.

Comments (14 posted)

Brief items

Distribution quotes of the week

If I have one regret from my 18 years in Debian, it's that when the Debian constitution was originally proposed, despite seeing it as dubious, I neglected to speak out against it. It's clear to me now that it's a toxic document, that has slowly but surely led Debian in very unhealthy directions.

-- Joey Hess resigns from Debian (Thanks to Josh Triplett)

User choice isn't bad any more than combining software to reduce code size is bad. There isn't a right answer. As Russ has explained a number of times in the TC, on debian-vote and on his blog, this is about tradeoffs. I'm sure some people will be happy if the project's values are aligned with theirs. When they take that as far as saying the project made the "right decision" or rejected "bad options," they are not valuing the contributions of those who disagreed with them.

-- Sam Hartman

In recent years I think it has been too easy to think of the Mandriva-based projects as "also ran" distributions. The financial troubles Mandriva faced and the user friendly efforts of projects like Ubuntu and Mint have conspired to push Mandriva out of the spotlight. OpenMandriva 2014.1 is one of the best efforts I have seen to date to take back the "beginner friendly" crown. This distribution was easy to set up, easy to use, has a great control centre and should appeal to both novice users and power users alike.

-- Jesse Smith (DistroWatch review)

Need to infiltrate Pixar and make them create a character named Kraken. I can only imagine how cool would be for the Release Team to shout

"RELEASE THE KRAKEN!!!11!!"

-- Francesca Ciceri

Comments (2 posted)

Red Hat Enterprise Linux 7 Atomic Host Beta

Red Hat has announced the availability of the first public beta of Red Hat Enterprise Linux 7 Atomic Host. "Red Hat Enterprise Linux 7 Atomic Host Beta provides a streamlined host platform that is optimized to run application containers. The software components included in Red Hat Enterprise Linux 7 Atomic Host Beta, as well as the default system tunings, have been designed to enhance the performance, scalability and security of containers, giving you the optimal platform on which to deploy and run application containers."

Comments (59 posted)

Distribution News

Debian GNU/Linux

Bits from the release team: Jessie Freeze

Debian 8.0 "Jessie" has been frozen. That means only release critical bugs will be fixed. There will be no more new features, just some polishing. The release team also provided some additional information from a recent sprint. During the sprint the code names for the next two versions of Debian were chosen: Debian 9 "Stretch" and Debian 10 "Buster".

Full Story (comments: none)

DEP-14: Recommended layout for Git packaging repositories in Debian

Raphaël Hertzog has posted a proposal for the standardization of Git repositories used for Debian packaging.

The goals are multiple:

making it easier for Debian and its derivatives to build upon their respective Git repositories (with the possibility to share a common one in some cases)
make it easier to switch between various git packaging helper tools. Even if all the tools don't implement the same worflow, they could at least use the same naming conventions for the same things (Debian/upstream release tags, default packaging branch, etc.).

Comments on the proposal are requested (and many have been posted).

Full Story (comments: 5)

Ubuntu family

A proposed policy to remove unfixable packages from Ubuntu

In response to the recent ownCloud troubles, Martin Pitt has put together a proposal allowing for the removal of problematic packages from the Ubuntu repositories in the future. "In rare cases, an universe package becomes actively detrimental in stable releases: If it is unmaintained in Ubuntu and has unfixed security issues or got broken because of changing network protocols/APIs, it is better to stop offering it in Ubuntu altogether rather than continuing to encourage users to install it." Comments are requested.

Full Story (comments: 46)

Newsletters and articles of interest

Distribution newsletters

DistroWatch Weekly, Issue 584 (November 10)
5 things in Fedora this week (November 5)
Ubuntu Weekly Newsletter, Issue 391 (November 9)

Comments (none posted)

The 9 Best Linux Distros (Datamation)

Bruce Byfield takes a quick look at nine reliable distributions for everyday use. He includes Bodhi Linux, Debian, elementary, Fedora, Linux Mint, Mageia, Manjaro, openSUSE, and Ubuntu. "This list focuses on distributions for the average user. However, change what you are looking for, and the list changes, although a few distros like Debian are versatile that they tend to show up on any list."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>