OpenWrt 21.02.0 first release candidate

Hi,

The OpenWrt community is proud to announce the first release candidate of the upcoming OpenWrt 21.02 stable version series. It incorporates over 5800 commits since branching the previous OpenWrt 19.07 release and has been under development for about one and a half year.

WPA3 support included by default

WPA3 was already supported in 19.07 but it was not provided by the default set of packages in OpenWrt images.
With 21.02, all packages necessary to provide WPA3 are installed by default in OpenWrt images.

TLS and HTTPS support included by default

TLS support is now provided by default in OpenWrt images including the trusted CA certificates from Mozilla. It means that wget and opkg now support fetching resources over HTTPS out-of-the-box. The opkg download server is accessed through HTTPS by default. OpenWrt switched from mbed TLS to wolfSSL as the default SSL library, mbed TLS and OpenSSL are still available and can be installed manually.

Initial DSA support

DSA stands for Distributed Switch Architecture and is the Linux standard to deal with configurable Ethernet switches.
OpenWrt 21.02 comes with initial support for DSA, which replaces the swconfig system that OpenWrt was using up until now. Not all targets have been ported: some devices still use swconfig while some devices already switched to DSA.
This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing swconfig configuration to DSA configuration (see “Upgrading” below).

The following targets are using a switch managed with DSA in OpenWrt 21.02:

  • ath79 (only TP-Link TL-WR941ND)
  • bcm4908
  • gemini
  • kirkwood
  • mediatek (most boards)
  • mvebu
  • octeon
  • ramips/mt7621
  • realtek

Increased minimum hardware requirements: 8 MB flash, 64 MB RAM

Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt.
It is still possible to build custom OpenWrt images (e.g. using the ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM. However, the level of functionality will be reduced and there is no guarantee to stability. See OpenWrt on 4/32 devices for more details and guidance.

New hardware targets

A new realtek target has been added, which is often found in managed switches. As a result, it is now possible to run OpenWrt on devices with a significant number of Ethernet ports. See supported devices for realtek.
In addition, new bcm4908 and rockchip targets have been added.
Support for many new boards was added to the existing targets.

Dropped hardware targets

The ar71xx was deprecated in OpenWrt 19.07 and was gradually replaced by ath79, see ar71xx-ath79 migration. With OpenWrt 21.02, the ar71xx has been removed and users must use ath79 instead. If you are still running with the ar71xx target, it is recommended to reinstall OpenWrt 21.02 from scratch. Users already on the ath79 target can use sysupgrade to upgrade to OpenWrt 21.02.
Other targets were also removed: cns3xxx, rb532 and samsung.

ASLR activated

Network exposed user space applications are linked as position-independent executable (PIE) to allow full Address Space Layout Randomization (ASLR) support. This makes it harder for attackers to exploit OpenWrt. See Hardening build options for more details.

Kernel with container support

Multiple Linux kernel compile options, needed for Linux Containers (LXC) and procd-ujail are activated by default for most targets. This allows to use LXC and ujail with the normal release builds.

SELinux support

It is possible to compile OpenWrt with SELinux support. This is currently not activated by default.

Core components update

Core components have the following versions in 21.02.0-rc1:

  • Updated toolchain:
    • musl libc 1.1.24
    • glibc 2.33
    • gcc 8.4.0
    • binutils 2.35.1
  • Updated Linux kernel
    • 5.4.111 for all targets
  • Network:
    • hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81
    • cfg80211/mac80211 from kernel 5.10.16
    • wireguard backport from upstream Linux kernel
  • System userland:
    • busybox 1.33.0

In addition to the listed applications, many others were also updated.


Upgrading to 21.02.0-rc1

Sysupgrade can be used to upgrade a device from 19.07 to 21.02, and configuration will be preserved in most cases.

Sysupgrade from 18.06 to 21.02 is not supported.

There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

The default root file system partition size changed for targets/devices relying on booting from mass storage (HDD, USB flash, SD card, etc.), so MBR will change and any additional partition will be deleted when sysupgrading.


Known issues

  • DSA support is new and might not be complete or fully working
  • The LuCI web interface has no support for DSA yet
  • LuCI writes unnecessary IPv6 RA options to /etc/config/dhcp if the
    user edits interface's DHCP settings. This could prevent client IPv6
    connectivity.
  • Update luci-mod-network to git-21.107.58557 or later to fix this
    problem

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/21.02/notes-21.02.0-rc1

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/21.02/notes-21.02.0-rc1#known_issues

For a very detailed list of all changes since 19.07, refer to
https://openwrt.org/releases/21.02/changelog-21.02.0-rc1

To download the v21.02.0-rc1 images, navigate to:
https://downloads.openwrt.org/releases/21.02.0-rc1/


To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

43 Likes

Slight correction to this advice. The fixed luci-mod-network is git-21.110.65613 or newer.

https://github.com/openwrt/luci/commit/af7a61d3a6c7bd6ceef03d4a2ad70b0366ad9d38

(My bad, I originally looked up the fixed version wrongly for Hauke)

I tried the RC on my CPE 210 v1 and it bootlooped afterwards. Also if I flashed it again through TFTP and regardless if I use the factory or sysupgrade image. After recovering using a 19.07.7 image it works fine again. A 21.02 snapshot build from a month or so ago worked fine on the same device.

I did not capture serial logs because that device is still sealed and on my roof.

Anyone else having issues?

What's about multiple identical mt76x8 devices like tl-wr840n v4,v5 & tl-wr850n v1,v2? There is no need to separate dts files for those devices. One build can run into other devices without any problems. So, don't make dts list so long, it is necessary to merge these devices in one dts file.

If DSA is not in LuCI. Where do I find the official instruction how OpwnWRT config files are supposed to look like for DSA to work?

If we can’t get even a hint of this, how are we supposed to test it?

5 Likes

2 posts were split to a new topic: Request help for a new network configuration with DSA

This RC is working fine for my TP-Link Archer C2600. I do have however one specific problem with the unbound package. When set to ip6_local mode (IPv4 WAN, IPv4+6 LAN) unbound continues to try and contact the Root DNS servers via IPv6, causing the logs to be flooded with error messages. I fixed it by setting ip4_only as protocol and having dnsmasq contact unbound via a IPv4 instead of IPv6 local address. Same config on 19.07.* with ip6_local works fine, barring any changes in syntax or config options.

Openwrt 21.02.0-rc1 works for me on an Edimax RA21S and on an Edimax RG21S.
Should successful tests be reported somewhere, so you know which devices might not have been tested at all?

Your network config looks a lot like the old swconfig code from 19.07.7?

The 1year old examples of DSA codes i have seen looks different.

Is this firmware stable for all devices for which a built package exists? I was able to find a build for my device (Archer C60 v3) on the firmware selector page; however when I flashed it, it broke support for a few of my devices (they are not able to connect). The wiki page for the device suggests that the latest supported release is the 19.x.

No, it is a release candidate RC1, see it like a alpha or beta test of the 21.02 branch.

But we are getting closer to a stable build.

1 Like

Installed this on my WRT32X when it was first posted with a 3 day uptime.

The build is barebones so I added a lot of packages. Using 5GHz wifi (only wpa2 unfortunately), SQM Cake (cable modem 500mbits down / 35mbit up) with only a 1-5ms ping fluctuation under max load is working amazing, Adblock, USB 3.0 storage and Samba4 (around 120 MB/s rw), advanced reboot, DSA, a basic mix of DHCP and static IPs and port forwards.

Everything running awesome so far thank you.

2 Likes

does 5 ghz radio work in station mode on your wrt32xx? i cannot make it work on any channel.

I just left it on the default (master) mode and it works great on all my devices. Not sure where you would change it to station mode.

i'm saying that the device is not able to work as client as station, like when you connect via wifi to other network.

The only "bug" I noticed with my WRT32X I described above was mounting USB 3.0 storage in LuCI. It simply wouldn't work. It detected the 3TB drive but when I added the necessary mounting options and clicked enable I couldn't see it with Samba4.

Had to edit /etc/rc.local/ and add "ntfs-3g /dev/sda1 /mnt/sda1 -o rw,lazytime,noatime,big_writes" and reboot for it to actually mount. From that point it worked perfectly and so did Samba4 sharing the drive.

Great performance though, around 110-120 MB/s read-write and samba4 works great sharing to my Win10 devices and Shield TV.

5 day uptime now on rc1.

if you use ntfs-3g remove another kmod ntfs

Another disadvantage for 21.02.0 is the speed on the wire, with wrt1900acs v2 I can no longer exceed 870Mbps.
Otherwise everything works well, congratulations for the hard work!

2 Likes

I enumerated all / most ?? of the new current possible uci config options in post. A working example follows that post, dealing with getting your WLAN into the fray.

1 Like