OpenWISP 22.05 release

PS: demo site available!

I am extremely proud to announce the release of OpenWISP 22.05!

In the last 18 months we have done a terrific job at making the system more stable, fixing bugs, adding important features that are essential to manage production networks and improving documentation.

This release comes after many iterations and testing on real world production systems.

Highlights

As usual, if you are using the official ansible role you can upgrade by following its upgrade instructions,

PLEASE MAKE SURE TO BACK UP YOUR CURRENT INSTANCE BEFORE UPGRADING.

Complete list of changes

For the exhaustive list of changes, please refer to the change log of the modules you're interested in:

Many thanks to all the contributors and OpenWrt users who made this possible!

PS: demo site available!

21 Likes

I read a few of the getting started and and the quickstart page but I did not see any info on the minimum requirements for the openwrt device.

I am guessing that my tplink 4300 will not have enough space or memory to run this.

If I am reading this correctly that can be used for layer 3 roaming like ruckus has with there dataplane box. IE AP makes a tunnel back to central server and the wifi client's mac address would always show up as coming from server and not a AP allowing the client to roam and not re arp at every new AP.

Looks interesting, but what is this and what does it have to do with OpenWrt?

1 Like

@sml156 the application is designed to run on a server, the packages (see the bottom part of the post where it says "OpenWrt package" run on the device and require some hundred KB of space)

@zunder1990 the ways in which automatic provisioning of tunnels is used by OpenWISP users never ceases to surprise me, the automation is there, once the tunnel is up you can do whatever you want with it. I haven't tried what you suggest but sounds like it could be possible.

@phinn OpenWISP is a network management system which allows to automate the provisioning, configuration, monitoring and firmware upgrades of a fleet of OpenWrt devices from a central system. If you look for "openwisp" in the search box of this forum you will find plenty of posts mentioning it.

4 Likes

It's only a few small ipks on the device. The core does all the heavy lifting.

3 Likes

I am always interested to know if SQM can be configured, and more importantly,
monitored (backlog, flows, drops, ack_drops, etc) ?

1 Like

Hi David, it can be configured using the advanced mode JSON syntax.

Right now those metrics are not monitored because there hasn't been an expressed interest in it, my aim is to make the metric collection more flexible as the configuration system so that it will be easier to add custom metrics and charts in the system.

1 Like

ubnt's unms' rate limiters all use fq_codel underneath. hopefully soon, mikrotik's. I'd like to have an interface that got that more right...

Yea, nobody is keeping track of these key metrics! it's not lack of demand, IMHO, but of clue

2 Likes

As more people will become aware and demand it, it will be implemented or we'll provide alternative paths to customize the monitoring module and track custom metrics.

@nemesis Very cool system ( trying it out at the moment )
How is captive portal configured ?

Do we need to create a template to configure the "local" captive portal system ( OpenNDS in our case, but I see Coovachilli in your github repo ) to speak to OpenWISP Radius and set up the specific networks / VLANs which should have captive portal ( template for the openNDS or Coova config files with Radius server / authentication server details, walled garden IP/ domains, local networks to intercept, directory of captive portal resources - php/ html.. whatever is sent to the client )?

Does openwisp_config on the network device fetch the Web pages form the OpenWisp server and save it locally ( for Coova or OpenNDS to use )-> and how is this set up ?

Is there a way to use the overlay network ( Wireguard / OpenVPN ) to get SSH access to devices for in field debugging -> like using https://xtermjs.org/ or something similar )

I like the idea of having the metrics/ monitoring more extensible to set up "strange" monitoing things, or call a local script to assemble data ( like connected users to a specific network , some networks are bridges of many interfaces like eth VLANS from dumb APs, multiple wifi cards etc ), or to figure out the current path thru the mesh taht batman-adv has chosen - need to do a batctl tr <current gateway> to get that traceroute to assist in mesh planning.
or to get wifi signal details for cleints and repeaters( iw <wlanx-y> station dump ).

Any interest in using MQTT as a way of submitting data form network devices to the server ?

Do we need to create a template to configure the "local" captive portal system ( OpenNDS in our case, but I see Coovachilli in your github repo ) to speak to OpenWISP Radius and set up the specific networks / VLANs which should have captive portal ( template for the openNDS or Coova config files with Radius server / authentication server details, walled garden IP/ domains, local networks to intercept, directory of captive portal resources - php/ html.. whatever is sent to the client )?

Yes, templates if you want these configurations to be easily updatable from a central point, alternatively you can build the configurations into your firmware.

Does openwisp_config on the network device fetch the Web pages form the OpenWisp server and save it locally ( for Coova or OpenNDS to use )-> and how is this set up ?

The agent fetches whatever you put in templates, you can put files too although I wouldn't recommend defining web pages as templates, it would be a stretch and probably result in something painful to maintain.

For those who use RADIUS we have built an application which is designed to be hosted on a server and which can provide the web portal to sign up, perform log in to the captive portal, reset password, SMS verification and so on, this is called wifi-login-pages.

Is there a way to use the overlay network ( Wireguard / OpenVPN ) to get SSH access to devices for in field debugging -> like using https://xtermjs.org/ or something similar )

The tunnels can be used for management purposes, we just use SSH, HTTP and SNMP at the moment.

I like the idea of having the metrics/ monitoring more extensible to set up "strange" monitoing things, or call a local script to assemble data ( like connected users to a specific network , some networks are bridges of many interfaces like eth VLANS from dumb APs, multiple wifi cards etc ), or to figure out the current path thru the mesh taht batman-adv has chosen - need to do a batctl tr <current gateway> to get that traceroute to assist in mesh planning.
or to get wifi signal details for cleints and repeaters( iw <wlanx-y> station dump ).

Hopefully there will be enough interest in the near future to allow to easily define and collect custom metrics.

Right now it is possible to execute custom linux/unix commands and even define new commands in the UI which make it easier to send custom commands for less experienced users.

There's also a network topology module which is able to collect, store historic daily snapshots and visualize, network topology data (also from batman-adv), which can be also accessed via REST API.
In the OpenWISP demo system we are collecting topology data for OpenVPN and Wireguard.

Any interest in using MQTT as a way of submitting data form network devices to the server ?

Yes definitely, although I see this as a long term goal and not necessarily a short term pressing need.
When I started rewriting OpenWISP, I stayed as close as possible to the old system for different reasons, then I focused on building other features that I needed for the projects I have been working on, but over time is becoming clear that there's different parts of the system which need to be redesigned, and one of these is the way agents communicate with the server. I have been thinking about MQTT or MQTT over WebSocket as possible solutions.
I also think it's possible to allow OpenWISP to support standard protocols like TR069 or Netconf. Ideally we'll be able to support multiple protocols and multiple embedded OSes, that is my personal goal.

1 Like

@nemesis Why is the install for openwisp seemingly so complex? Why isn’t this just a package I can install on Linux? It seems like a monumental task for someone who is a mere human like myself. I would like an easier way to manage the 17 x86 openwrt routers I have, but this seems too daunting to be worth it.

For commercial systems (IoT, Hotspots) I did various custom systems to remotely manage the fleet of devices, by using different levels of security. Incl. remote firmware updates or remote login, of course.

The focus of the people actively involved in OpenWISP right now is not home users, I'm quoting an older reply for reference:

It has been improving over time though so I am confident it will get better.

Finally got this installed, now to get my head round it.

1 Like