Thanks aparcar and rkkoszewski/rkk2025 for the work you´ve done at https://github.com/mikma/lxd-openwrt!
This guide adds some more details to the instructions found at https://bugzilla.proxmox.com/show_bug.cgi?id=2044 by rkkoszewski/rkk2025.
- This guide is confirmed to support building 18.06.2 and 18.06.4 for the x86_64 architecture
- You can create any additional network interfaces directly from the Proxmox Web UI, though configuring the IP from the Proxmox GUI only works temporarily till you restart the container, at least for now.
- You can´t use the PVE UI to connect to the OpenWRT console, but the container is still up and running
- PVE is short for Proxmox Virtual Environment
PREPARE BUILD ENVIRONMENT
It's recommended you use Debian or Ubuntu on the build system. The following additional packages are required on Ubuntu 18.04:
sudo apt install -y build-essential subversion fakeroot gawk gpg
RETRIEVE BUILD SCRIPTS
To build it manually just follow these steps,
Clone the lxd-openwrt repo:
git clone https://github.com/mikma/lxd-openwrt
To build a template that works with Proxmox, change directory into the top level of the cloned repo.
The build.sh script has the following defaults (2019-09-11):
arch_lxd=x86_64 ver=18.06.4* dist=openwrt type=lxd super=fakeroot # iptables-mod-checksum is required by the work-around inserted by files/etc/uci-defaults/70_fill-dhcp-checksum. packages=iptables-mod-checksum
And supports the following options:
[-a|--arch x86_64|i686|aarch64] [-v|--version <version>] [-p|--packages <packages>] [-f|--files] [-t|--type lxd|plain] [-s|--super fakeroot|sudo] [--help]
Relying on defaults, we simply have to give the script a single parameter to build what is needed:
./build.sh -t plain
Here´s another example which includes some additional packages:
./build.sh -t plain -p "luci-app-sqm sqm-scripts luci-app-ddns ddns-scripts ddns-scripts_no-ip_com iptables-mod-checksum"
UPLOAD OPENWRT TEMPLATE TO PVE
Use WinSCP (or similar) to download the template from the build environment to your own computer. The file is located in the "bin folder" in the repo you initially cloned with a naming pattern such as "openwrt-18.06.4-x86-64-plain.tar.gz".
Upload the template to a PVE template directory using the PVE UI by clicking the "local (PVE)" storage on node PVE, and then select "Content" menu option and click the "Upload" button. Change Content to "Container Template" and locate your file and finally upload it.
CREATE A OPENWRT CONTAINER
SSH into the PVE host, and create a container for OpenWRT by executing:
pct create 201 local:vztmpl/openwrt-18.06.4-x86-64-plain.tar.gz --rootfs local-lvm:0.4 --ostype unmanaged --hostname openwrt1806 --arch amd64 --cores 4 --memory 256 --swap 0
Notes about "pct create" command:
- "201" is the ID assigned to the container
- "local" is the default name for the storage where container templates are stored (check your pve storage.cfg for more info)
- "rootfs" is size of the container filesystem in GB
- "local-lvm" is where the container is to be stored
- "hostname" is name of container
Recommended but optional configuration. Remove any other lxc.includes that might be already in that config file, and add these lines to the container config file in (/etc/pve/lxc/201.conf)
lxc.mount.entry: tmp tmp tmpfs rw,nodev,relatime,mode=1777 0 0
ADD A WAN-SIDE BRIDGE TO THE PVE HOST´S NETWORK CONFIGURATION
This guide is based on the assumption that have a network card with two physical ports, where the LAN port is named "enp2s0f0" and WAN port is named "enp2s0f3". If needed, change these names to fit your setup. You probably already have a bridge named "vmbr0" as part of the default PVE setup, anyhow it should looks something like this and be physically connected to your internal LAN.
Name: vmbr0 IPv4/CIDR: 192.168.1.2/24 Gateway (IPv4): 192.168.1.1 Bridge ports: enp2s0f0
Create a new bridge named "vmbr1" and assign it the physical LAN port connected to your WAN:
Name: vmbr1 Bridge ports: enp2s0f3
ADD LAN & WAN NETWORKS TO OPENWRT CONTAINER
Connect the OpenWRT container to your LAN bridge (vmbr0) by adding a virtual network adapter in the PVE UI. It could have these properties:
Name: eth0 MAC: (use auto generated) Bridge: vmbr0 IPv4: "static" IPv4/CIDR: 192.168.1.1/24 (I don´t use IPv6 so I didn´t add anything related to it).
Add another network for the WAN side. This time connect it to the WAN side bridge ("vmbr1")
Name: eth1 MAC: (use auto generated) IPv4: "DHCP"
SET CONTAINER START-UP OPTIONS + START IT!
Change container option "Start at boot" to "Yes", and then start the container
FINAL STEPS - A COUPLE OF CONFIGURATION FIXES IN OPENWRT
OpenWRT root user password and network configuration for the LAN side is missing and has to be manually set up.
Access the OpenWRT container´s console through the PVE console by executing:
pct enter 201
Set a password for the root user
passwd [your password]
Open the file where OpenWRT keeps interface configuration:
And configure the "lan" interface to something like this
config interface 'lan' option type 'bridge' option ifname 'eth0' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.1.1'
Finally, reboot the container, and now you should be able to access the OpenWRT UI through 192.168.1.1 and hopefully everything works out well!