Any other interesting use cases for OpenWrt other than as a router OS?

Think that you have a small device, running a network-oriented operating system, connected 24/7 to the internet... now just let your imagination wandering around!

Some ideas: BitTorrent client, file server, web server, VPN server, add blocker, ...

4 Likes

You can do almost anything with OpenWrt, even crazy stuff. &-)

For example: Hook up 13 USB webcams (I thought I had 15, but can count only 13 in the picure) and a DSLR to a DIR-505 and take a picture every 10 minutes.

In addition to the cams, hook up a weather station and some 1-wire sensors (DS18B20) to the same DIR-505. Feed the data into an rrd and let it create nice graphs which are then served via webserver on the DIR-505 (internal use only, of course).



(picture not showing the final state with still 2x DIR-505)

Of course, no mentally sane user would do this (# of cameras) for productive use. This setup was only for testing and comparing different cameras. And it was fun learning how to keep this many different cameras apart (not an easy task)!

If you reduce the setup to a more practical number of USB cameras, you can take single shots every minute and create timelapse videos on your OpenWrt device (given that it has the required oomph in terms of flash and RAM).

To summarize this use case:

  • take DSLR stillpictures (gphoto2)
  • take USB wecam stillpictures (live video optional) (fswebcam)
  • create timelapse video (ffmpeg)
  • read out weatherstation and create graphics (open2300, weewx, ..., rrdtool)
  • read out 1-wire devices and create graphics (owfs and others, rrdtool)

Personal learnings out of this project:

  • learned a lot about OpenWrt and Linux in general.
  • 4/32 devices were a PITA already back in 2012. (I started with TL-MR3020 v1 and quickly changed to DIR-505))
  • USB webcams are fine for daylight, but can't compete at all with RPi cams at nightime.
5 Likes

The others have given great answers.

Another thing to do: just use it as an educational platform... messing up is very low risk in many cases, and there's a lot you can do...

  • learn various things about linux (if you don't already know it). There are some differences due to the limited resources of most consumer routers, but it is fundamentally the same.
  • learn advanced networking concepts (yes, this is still 'routing' and such, but again, a useful environment to experiment with VLANs, firewalls, wifi, VPNs, etc.)
  • learn to compile your own software -- you can do this with the whole OS and/or you can make your own little scripts/apps/packages.
  • the list goes on...

And check out all of the various packages that are already available -- there are a ton of things you can just install and play with, and many things there that might inspire new projects or ideas for you.

2 Likes

Can I add, and I hope to do this, that you can use it as a media server, locally. Get a router with a USB port, attach your external HDs with media, and playon. This you can do without security, since all you may have there is, for example, music, and your neighbour can listen to your music. I don't think you need the Internet to get this working. I may be wrong. Myself, I just got here a few days ago.

1 Like

While it's "possible" to do many of the listed tasks the majority will run considerably better and be a lot easier to maintain on lets say a SBC with a "fully fledged distro" as there's no real update path regarding packages, no security advisories except for release notes or abiility to check for vulns on running systems, breaking changes regarding system configuration are barely at best documented etc. Most of these issues are more or less however related to what OpenWrt mainly targets (devices with very limited hardware resources). If you like to experiment it might be a good and fun learning experience however.

1 Like

Here's a goodie:

It looks like alot of work though...

3 Likes

Interesting topic

It's improving and as always, anyone can help it's FOSS.

  1. List of security advisories
  2. Email for Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability (CVE-2020-8597) and forum post as this was considered as critical with RCE potential.

So I'm wondering what can be improved in this direction.

1 Like

OpenWrt is swiss army knife, you can build literally anything with it.

For example F-Tester(measure parameters of communication networks), ModBus gateway, Image Acquisition Component in UPSat the open source satellite in space and Smart waste (device in top right including that semaphore is RFID reader powered by OpenWrt) to name a few. Literally OpenWrt is running on billion of devices around, under and above of you :slight_smile:

1 Like

Thank you for all your interesting ideas so far! For the moment, let's take these:

Taking both your points into consideration. Let's say, just for the sake of example the media I want to enjoy is my private porn collection, eg. I want to be absolutely and 100% sure my neighbor doesn't have access to it. Just for the same of example. But I don't need to access it through the Internet (that's an added bonus though), only from my home network.

Is OpenWRT and its 3000 app ecosystem able to reliably and 100% securely do the job or do I truly need a fully fledged distro and its wider app ecosystem for this task? Or maybe I don't necessarily need a fully fledged distro but I would more than likely want to use one instead of OpenWRT?

If it's the latter is it because of some inherent limitation of OpenWRT itself or the limitation of its 3000 app ecosystem? Now I'm not talking about any hardware limitations as OpenWRT runs on all kinds of hardware.

The only method to make a device 100% hack-proff is to power it off. If you really need such a tight security, I would not put any data on a device that is always connected to the internet, specially one that is facing the internet directly.

That said, OpenWrt comes preconfigured with one all-blocked WAN interface and one all-allowed LAN interface. Other distros do not have this security model by default.

There is nothing that makes OpenWrt less secure than a general Linux distribution.

1 Like

It depends as you have different attack vectors.

If you're running a release you're most likely more vulnerable as very little gets backported (primarily packages) in general and many are quite honestly quite dated. As long as you don't expose services to unknown clients you'll most likely be fine from a realistic point of view as very few (if any) will have interest in hacking your network as far as file sharing daemons goes etc. The kernel, wifi related software, firewall is however what's exposed and even though WPA2 might not be the safest wireless protocol around it's a good as it gets when it comes to wirelss devices, cable will be by far more "secure" in that regard but you usually want wireless access in 2020 for at least some devices. You can in theory use VPN on top of your wifi network but that quite inconvenient for casual use. Regarding kernel and firewall goes you should be fine in most case, if anything you're most likely encounter some kind of DDOS attack before someone gains root access to your device and are able to access your network. Don't forget that DNS can also be used for various attacks.

What OpenWrt falls short (compared to a "full distro" but again, it's due to what kind of devices OpenWrt targets) is that there's no way to easily upgrade/maintain a device if your device is vulnerable. It will in the majority of cases involve flashing the firmware, reinstalling packages and/or compiling your own firmware which in turn requires a lot more time and user interaction than just running <command> update and reboot. What might be even more annoying is that breaking changes are rarely documented so you might end up with a non booting device in some cirsumstances if you keep your settings.

Summary,
Your device running OpenWrt will "be fine" if you install latest release and/or trunk with the latest package tree available however you will most likely need to spend more time keeping it up to date than a "full distro" and here's where many (including myself) falls into "as long as it works I don't touch it" reasoning due to upgrade path. Unless it's a major security flaw you're most likely going to be fine in the end despite some vuln but there's always a possibility.

To be clear, it's not like Debian, Alpine, FreeBSD, OpenBSD and so on will ever have breaking changes etc but they're usually well documented and if you need to upgrade they require much less time to do so. It's also usually much easier to get whatever software you want running due to larger package repos or the simple fact that you can compile directly on the device without too much hassle.

Edit:
Regarding packages
https://sdwalker.github.io/uscan/
https://sdwalker.github.io/uscan/index-19.07.html
Keep in mind that "not current" doesn't necessarily mean security vulnerability but it might of some concern depending on what kind of software it is.

1 Like

Can you formulate it in one sentence?

Roughly, you're probably fine if you install a current version but you'll most likely fall behind because upgrading usually involves quite a bit of user interraction.

1 Like

Thanks to diizzy and others here who helped I have been able to set up shared file servers for several family member now. I use a 4-6 year old "top of the line" used router from pawn shop or salvage center, one that has USB port and 64M or more and set it up for them installing Samba server on it and then with a USB drive they can watch video on windows machines and from Kodi's SMB interface running on the firestick all through the house. Both VNC and Kodi on Android have SMB support. As stated, O*WRT comes stock with this security configuration built in. I also added the VPN server opkg so I can "service" them remotely but that's an option that doesn't have to be added.

I have to say this is the best post on this thread. I cannot stop thinking about it. And even more so, that the writer used the phrase 'no mentally sane user would do this' to describe it, I think. Would you care to show us how you set this up, perhaps an example of only 2 cameras, as replication will be the only change from there. Thanks.

The main ingredients are already mentioned:

What exactly do you want to know?

thanks @tmomas a howto guide on how you accomplished the list above would be quite nice.

@tmomas, for example, I just tried looking for the first two packages, and they're not available, I'm told. A complete Howto, which I think will fire up some imagination on 'playing' and learning as you did, would be great indeed. And thanks

Both packages are available.

opkg update
opkg install gphoto2
opkg install fswebcam

google for instructions for both, there is nothing really OpenWrt specific.

gphoto2 manual: http://www.gphoto.org/doc/manual/