How to install Luci & Wifi offline via SSH

stynx · 2019-01-10 19:46:53 UTC

I installed OpenWrt on GL-AR750S and was able to access it via SSH. The installation seems to lack Luci and Wifi, so how do install them offline via SSH? Where do I download the necessary packages?

This is the OpenWrt package I have installed: http://downloads.openwrt.org/snapshots/targets/ath79/generic/openwrt-ath79-generic-glinet_gl-ar750s-squashfs-sysupgrade.bin

jeff · 2019-01-10 19:58:45 UTC

LuCI is not present in snapshot images. Wireless should be functional, though is disabled until configured. This is the case for all snapshot images.

opkg update
opkg install <package name>

jeff · 2019-01-10 20:14:54 UTC

It is reasonably complex to find all the dependencies of a given package. Most find it easier to configure the network for outside connectivity by editing /etc/config/network and use opkg to fetch it from the OpenWrt repositories. That connectivity doesn't need to be the "permanent" configuration, just one that works.

Packages can be browsed on a "desktop" at https://openwrt.org/packages/start

tmomas · 2019-01-10 20:43:22 UTC

https://openwrt.org/docs/guide-user/luci/luci.essentials

stynx · 2019-01-10 20:59:02 UTC

Thanks. I got network connectivity and used opkg. One thing I've noticed is that it downloads via an unsecure connection i.e. HTTP not HTTPS.

lleachii · 2019-01-10 21:11:07 UTC

Correct. You would have to install the HTTPS packages and edit the repository config file.

stynx · 2019-01-10 21:13:24 UTC

But I would install the HTTPS packages over HTTP

lleachii · 2019-01-10 21:14:18 UTC

Huh...they're the same package, from the same server. It's just the transfer method, as you described (HTTPS vs HTTPS). There's no need to install HTTPS, unless you're afraid your ISP or nation will try to corrupt the file.

jeff · 2019-01-10 21:14:55 UTC

If you want to avoid the bootstrap, you can build your own images.

You could also obtain the TLS-enabling packages to a desktop (over HTTP-S) and then move then to your router and manually install them.

stynx · 2019-01-10 21:16:53 UTC

What I meant was I would install the HTTPS packages via http protocol so it kind of takes away the whole point of doing it. Shouldn't OpenWrt come with the HTTPS packages - this seems like a security must?

jeff · 2019-01-10 21:17:29 UTC

Many devices on which people want to run OpenWrt are too small for the TLS libraries.

stynx · 2019-01-10 21:17:42 UTC

Ah, I see. Thanks!

lleachii · 2019-01-10 21:20:40 UTC

Then you would do as @jeff stated:

A lot of people fail to realize that setting up a router is more or less considered a chicken-and-the-egg situation. So just using a PC to download the packages, or compiling them yourself would solve that security concern.

stynx · 2019-01-10 21:20:41 UTC

Sorry to bother you again, but how would I go about that?

lleachii · 2019-01-10 21:23:14 UTC

Securely download libmbedtls package IPKs for your CPU/Target; and its dependencies on your laptop/PC
Transfer the files to router using SSH-FTP (i.e. with Filezilla) or via a local HTTP server using wget
Install IPKs in order (prerequisites first)

https://openwrt.org/packages/pkgdata/libmbedtls

After complete, you should be able to wget to HTTPS sites, and edit your repository file accordingly.

EDIT: These packages will disappear upon a reset to default. You have to build and flash an image including them - to be permanent.

slh · 2019-01-10 23:06:14 UTC

The repo is signed, so the packages can't be changed via a man in the middle attack (well, they could be, but opkg would reject them due to an invalid signature). All https would give you, is hiding which files you're downloading (and that's questionable, as file sizes -even over an encrypted link- are rather revealing if you know the unencrypted files), but there is solid -non-https- signature verification in place to ensure their authenticity.

stynx · 2019-01-11 15:35:44 UTC

@sln - thanks, that's what I was concerned about!