Automated install script for OpenWrt in a Container on Proxmox!

thpryrchn · February 26, 2025, 12:51am

I have created an automated install script for ProxMox to install OpenWrt in a container. The beauty is that it downloads the rootfs directly from Openwrt, and not the Linux containers site.

The script detects bridges, and network devices that can be used for the WAN or LAN, and even has the option to set the subnet of the LAN, with a defaule value of 10.23.45.1/24. If you do not select any network devices, it will still configure the container for eth0 being the WAN, and eth1 being the LAN for manually adding network devices later.

Tested using 2 bridges. One for WAN, and the other for LAN. and had a VM connect through the LAN bridge. It detects the latest stable version, and installes that by default, but you can specify a version manually. I have tested it on 23.05.5 and the current 24.10.0.

If you have multiple Container storage locations, it will prompt you for which one you want to use!

gist.github.com

https://gist.github.com/jaminmc/7e786a8947746439f7b8a8e2726e629d

install_openwrt_proxmox.sh

#!/bin/bash

# Script to create an OpenWrt LXC container in Proxmox
# Downloads from openwrt.org with latest stable version, detects bridges/devices, IDs, configures network, sets optional password
# Pre-configures WAN/LAN in UCI, includes summary and confirmation

# Default resource values
DEFAULT_MEMORY="256"                      # MB
DEFAULT_CORES="2"                         # CPU cores
DEFAULT_STORAGE="0.5"                     # GB

This file has been truncated. show original

edit: Added support for Snapshot, and auto install prompt for LiCi web interface for snapshot. I couldn't test wireguard, as the repo is missing the ip package right now.

slh · February 26, 2025, 3:20am

[Insert the usualy disclaimer here that running OpenWrt in a container is NOT a supported setup and broken by design, with functional deficiencies and security issues ranging from subtle to glaring]

thpryrchn · February 26, 2025, 4:06am

Not supported, as in, don't bug the developers if some package breaks the container, or doesn't work?

The Install script does install UnPrivileged! So it does not run as root on the Kernel. So the security isn't as bad as it could be. Running in a VM is more secure, but running in a container is great for a VPN gateway, and other things. Especially if you are running on a mini-pc that has very limited resources.

slh · February 26, 2025, 4:15am

Not supported as in known broken, with parts 'just' not working and others ripping open security holes.

Yes, you will get a pretty webinterface, some aspects may randomly appear to work, others won't, even less securely.

I can't stop you from shooting off both of your feet, just don't say you haven't been warned, explicitly - and when you become part of a botnet or experience other security issues, you have only yourself to blame, not OpenWrt.