Openwrt One
I bought an OpenWrt One WiFi router from “Bipai Corp”, via AliExpress.
The list price was $89, I got it for $109 with shipping from China.
My OpenWrt One arrived wrapped in a blob of bubble wrap and tape. I’m not sure there was any exterior box, only layers of tape. Not much in the way of markings, either, merely an address label.
Inside the tape and bubble wrap, a professionally done box, about 9 inches on its longest side.
A completely acceptable box, they took care to print a notice about where to find the source code for the One’s software.
Everything was neatly packed, arriving undamaged. I still feel amazed when I see a USB cube transformer for a power supply. It’s better than a unique “wall wart” for each appliance, where each unique transformer plugs in oriented in some Lovecraftian non-euclidean fashion.
The OpenWrt One itself feels solid, has a reasonably well machined aluminum case. The “front” is mostly blank, unfortunately bearing no labels. The back side has all the interesting sockets and switches.
The designers of this router clearly imagined it solely as a WiFi router: it only has enough sockets to get cabled to some ethernet router. That has consequences in setup, since I want IPv4 addresses given out by that ethernet router. I won’t be able to plug the ethernet router into the WiFi router’s bridged CAT-5 sockets.
And that brings me to configuring the OpenWrt One.
openwrt the firmware does not turn on radios by default.
You have to explicitly enable them.
After cabling the OpenWrt One, and turning it on,
I could not find an ssh TCP port,
which was probably due to the built-in openwrt firewall
exposing dropbear to the “WAN” on TCP port 22001,
but I didn’t know that when I started working on the One.
I used the USB-C serial console.
USB-C Serial console
The USB-C port on the front of the OpenWrt One enclosure is the serial console.
I’ve circled the USB-C serial console port in red. The LED circled in green glows green when OpenWrt (the operating system) has finished booting. I don’t know what the button up and right from the USB-C socket is, just yet.
I was able to plug in a USB-C-to-USB-A cable from my laptop (USB-A socket) to the USB-C socket on the front of the OpenWrt One enclosure, then use minicom on my Arch Linux laptop to connect to the OpenWrt One Linux shell.
journalctl -f in one xterm showed me this right after I plugged in the cable:
Dec 16 16:43:02 hazard kernel: usb 1-1: new full-speed USB device number 8 using xhci_hcd
Dec 16 16:43:02 hazard kernel: usb 1-1: New USB device found, idVendor=04d9, idProduct=b534, bcdDevice= 2.10
Dec 16 16:43:02 hazard kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Dec 16 16:43:02 hazard kernel: usb 1-1: Product: OpenWrt One
Dec 16 16:43:02 hazard kernel: usb 1-1: Manufacturer: OpenWrt
Dec 16 16:43:02 hazard kernel: usb 1-1: SerialNumber: 0000
Dec 16 16:43:02 hazard kernel: cdc_acm 1-1:1.0: ttyACM0: USB ACM device
The minicom command: minicom -D /dev/ttyACM0
It seemed to take some seconds, maybe a minute,
for the /dev/ttyACM0 device file to appear.
minicom running in an xterm shows this:
BusyBox v1.36.1 (2024-10-22 08:16:16 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt SNAPSHOT, r27876+1-3098b4bf07
-----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~#
Looks like I should update the firmware,
maybe add a password for user root.
Bridge the OpenWrt One network
I configured my OpenWrt One using the command line via the serial console.
Because there’s no set of ethernet sockets that can be left as a bridge, and turn off the router’s DHCP and DNS servers, I followed the OpenWrt wiki’s Wi-Fi Extender/Repeater with Bridged AP over Ethernet instructions, the Wireless Access Point - Dumb Access Point section.
These instructions seem a little vague, probably due to the author wanting to cover a lot of different situations. I modified one file, as per Switch and dedicated WAN devices post 21.01 and ran a few commands.
/etc/config/network
config device
option name 'br-lan'
option type 'bridge' <- added this line
list ports 'eth0'
list ports 'eth1' <- I added this line
config interface 'lan'
option device 'br-lan' <- changed from "lan", refers to the bridged, "br-lan" device
option proto 'dhcp' <- this was "static"
#option ipaddr '192.168.1.1' <- commented out these 3 lines
#option netmask '255.255.255.0'
#option ip6assign '60'
I believe these changes, when they take effect,
bridge the two ethernet ports and the radios into a single broadcast segment.
The router itself will acquire an IPv4 network on the br-lan interface.
Because the router is cabled to my Dell R530 server,
kea-dhcp4
running on the R530 will give out an IPv4 address to the router itself.
/etc/config/wireless
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan' <- this is the "lan" device including eth0 and eth1 from /etc/config/network file
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none' <- I should specify encryption and a shared secret
Commands
root@OpenWrt:~# /etc/init.d/dnsmasq disable
root@OpenWrt:~# /etc/init.d/dnsmasq stop
root@OpenWrt:~# /etc/init.d/odhcpd disable
root@OpenWrt:~# /etc/init.d/odhcpd stop
root@OpenWrt:~# /etc/init.d/firewall disable
root@OpenWrt:~# /etc/init.d/firewall stop
root@OpenWrt:~# /etc/init.d/network reload
Apparently, the “firewall” redirected “WAN” port 22001 to “LAN” port 22.
Turning off the firewall and rebooting, the “dhcp” setting in /etc/config/network
allows me to ssh root@10.0.0.67 from my BAN (basement area network) and log in to the OpenWrt One.
Further work and unsolved questions
- Need to upgrade
openwrtfirmware. - Need to add a root password.
- Does the other ethernet socket work? Is it bridged into
br-lan? - Does the “Power over Ethernet” socket enable imaginative new uses?