hi all, browsing on openwrt forums makes me feel all i know is nothing compared to the knowledge thats around here, and im glad for that. so i was wondering. cause ive never attempted it and if i would i wouldnt exactly know how. is it possible and is it secure, to somehow hookup the pc to the modem and chroot openwrt to have it running as for example pppoe and afterwards get it working with linux. im running debian. just wondering if this has been done before and for example im running kde and its configured with loopback. how would i get this working to securely use openwrt. im just clueless. hope this has been done before.
Use a full system virtualization like qemu/ kvm, virtualbox, hyperv, parallels, vmware, etc.
chroot-like approaches, docker, lxc/ lxd and friends are not really supported, as OpenWrt massively depends on host-side kernel features and -assumptions, which generally aren't met and might tear open serious security issues.
Apart from testing or 'optional' network segmentation, I would recommend against virtualizing your router - it makes the whole lot way more complex (having to configure your network twice, hypervisor- and VM side, internet exposure of the hypervisor, etc.) without really gaining you anything (in a home environment, this would might be different in an enterprise environment with auto-failover and redundancy for everything). Dedicated hardware, with clearly defined WAN and LAN interfaces just makes the situation a lot simpler.
1 Like
sounds complicated, ive never attempted it before. this is the kernel im running btw:
my thought process was since i have an isp modem > openwrt pppoe passthrough > x86 to get pppoe directly on my device bypassing the cpu of the router. and yes i was hesitating if it was such a smart idea to connect my desktop system directly with pppoe cause i do sacrifice a lot of security features in favor for performance. so i was wondering exactly this because i had no clue how to even start configuring it my thought process was as well having to connect the network twice because it works on loopback towards in my case the desktop environment. without saying much, not a smart idea to begin with. just wanted to be sure. thanks.
oh yes and on top of all its the kernel ofcourse since running in chroot shares the kernel as well, bet that would not work out so well since openwrt has its own kernel configuration. or as you say it might, if the config is compatible. but i get the idea. not worth setting it up. and if it has to be with a virtual machine id want to avoid it. was thinking of chroot being lighter since sharing the same resources thus my question. off topic though with all mitigation patches and even having read that x86 motherboards have a low level chip running minix independent of hdd etc was wondering for all the people using x86 as router. also having seen how things like intel management engine for example can be exploited. makes me think. luckily it can be scrambled partially. dont know about the prior part though if i have my information correct at least. and basically even if it worked with chroot since its my desktop any vulnerability the device would have would be directly exposed to the pppoe connection. well, was curious enough to ask. thanks again.
btw anyone interested https://github.com/corna/me_cleaner
there must also be an amd counterpart. consider this topic closed, unless someone wants to add.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.