How to install Luci & Wifi offline via SSH


#1

I installed OpenWrt on GL-AR750S and was able to access it via SSH. The installation seems to lack Luci and Wifi, so how do install them offline via SSH? Where do I download the necessary packages?

This is the OpenWrt package I have installed: http://downloads.openwrt.org/snapshots/targets/ath79/generic/openwrt-ath79-generic-glinet_gl-ar750s-squashfs-sysupgrade.bin


#2

LuCI is not present in snapshot images. Wireless should be functional, though is disabled until configured. This is the case for all snapshot images.

opkg update
opkg install <package name>


#4

It is reasonably complex to find all the dependencies of a given package. Most find it easier to configure the network for outside connectivity by editing /etc/config/network and use opkg to fetch it from the OpenWrt repositories. That connectivity doesn't need to be the "permanent" configuration, just one that works.

Packages can be browsed on a "desktop" at https://openwrt.org/packages/start


#5

https://openwrt.org/docs/guide-user/luci/luci.essentials


#6

Thanks. I got network connectivity and used opkg. One thing I've noticed is that it downloads via an unsecure connection i.e. HTTP not HTTPS.


#7

Correct. You would have to install the HTTPS packages and edit the repository config file.


#8

But I would install the HTTPS packages over HTTP :slight_smile:


#9

:confused:

Huh...they're the same package, from the same server. It's just the transfer method, as you described (HTTPS vs HTTPS). There's no need to install HTTPS, unless you're afraid your ISP or nation will try to corrupt the file.


#10

If you want to avoid the bootstrap, you can build your own images.

You could also obtain the TLS-enabling packages to a desktop (over HTTP-S) and then move then to your router and manually install them.


#11

What I meant was I would install the HTTPS packages via http protocol so it kind of takes away the whole point of doing it. Shouldn't OpenWrt come with the HTTPS packages - this seems like a security must?


#12

Many devices on which people want to run OpenWrt are too small for the TLS libraries.


#13

Ah, I see. Thanks!


#14

Then you would do as @jeff stated:

A lot of people fail to realize that setting up a router is more or less considered a chicken-and-the-egg situation. So just using a PC to download the packages, or compiling them yourself would solve that security concern.


#15

Sorry to bother you again, but how would I go about that?


#16
  • Securely download libmbedtls package IPKs for your CPU/Target; and its dependencies on your laptop/PC
  • Transfer the files to router using SSH-FTP (i.e. with Filezilla) or via a local HTTP server using wget
  • Install IPKs in order (prerequisites first)

https://openwrt.org/packages/pkgdata/libmbedtls

After complete, you should be able to wget to HTTPS sites, and edit your repository file accordingly.

EDIT: These packages will disappear upon a reset to default. You have to build and flash an image including them - to be permanent.


#17

The repo is signed, so the packages can't be changed via a man in the middle attack (well, they could be, but opkg would reject them due to an invalid signature). All https would give you, is hiding which files you're downloading (and that's questionable, as file sizes -even over an encrypted link- are rather revealing if you know the unencrypted files), but there is solid -non-https- signature verification in place to ensure their authenticity.


#18

@sln - thanks, that's what I was concerned about!