OpenWrt 23.05.0 - First stable release


The OpenWrt community is proud to announce the first stable release of the OpenWrt 23.05 stable series.
OpenWrt 23.05.0 incorporates over 4300 commits since branching the previous OpenWrt 22.03 release and has been under development for over one year.

Download firmware images using the OpenWrt Firmware Selector:

Download firmware images directly from our download servers:

Highlights in OpenWrt 23.05.0:

Many new devices added

OpenWrt 23.05 supports over 1790 devices. Support for over 200 new devices was added in addition to the device support by OpenWrt 22.03.

  • The ipq807x target for the Qualcomm IPQ807x Wifi 6 SoCs was added
  • The mediatek/filogic subtarget for the Mediatek Filogic 830 and 630 SoCs was added
  • The sifiveu target for the HiFive RISC-V Unleashed and Unmatched boards

Highlights of device support

  • Switched ipq40xx target to DSA
  • VDSL support on AVM FRITZ!Box 7530
  • Support for devices with 2.5G PHYs
    • Acer Predator W6 (MT7986A)
    • Mercusys MR90X v1 (MT7986BLA)
    • Netgear WAX206 (MT7622)
    • Netgear WAX220 (MT7986)
    • ZyXEL NWA50AX Pro (MT7981)
    • Asus (TUF Gaming) AX4200 (MT7986A)
    • Netgear WAX218 (IPQ8074)
    • Xiaomi AX9000 (IPQ8074)
    • Dynalink DL-WRX36 (IPQ8074)
    • GL.iNet GL-MT6000 (MT7986A)
    • ZyXEL EX5700 (MT7986)
  • Support for Wifi 6E (6GHz)
    • Acer Predator W6 (MT7986A)
    • ZyXEL EX5700 (MT7986)
  • 2 Gbps WAN/LAN NAT Routing on ramips MT7621 devices (See OpenWrt forum)
  • Improved DSL statistics on ubus and in LuCI
  • Added Arm SystemReady (EFI) compliant target replacing the armvirt target

Switch from wolfssl to mbedtls as default

OpenWrt has transitioned its default cryptographic library from wolfssl to mbedtls. This shift brings several changes and implications:

  • Size Efficiency: mbedtls is considerably smaller, making it an optimal choice for systems where storage space is paramount.
  • LTS and ABI Stability: mbedtls consistently provides updates via its Long Term Support (LTS) branch, ensuring both security and a stable application binary interface (ABI). In contrast, wolfssl does not offer an LTS release, and its stable ABI is limited to a specific set of functions.
  • TLS 1.3 Support: Users should be aware that mbedtls 2.28 no longer supports TLS 1.3.

While mbedtls is now the default, users who have specific needs or preferences can still manually switch back to wolfssl or choose openssl.

Rust Package Support

This release introduces the ability to include rust-written programs into the OpenWrt package infrastructure. Examples are: bottom, maturin, aardvark-dns and ripgrep.

Core components update

Core components have the following versions in 23.05.0:

  • Updated toolchain:
    • musl libc 1.2.4
    • glibc 2.37
    • gcc 12.3.0
    • binutils 2.40
  • Updated Linux kernel
    • 5.15.134 for all targets
  • Network:
    • hostapd master snapshot from September 2023
    • dnsmasq 2.89
    • dropbear 2022.82
  • cfg80211/mac80211 from kernel 6.1.24
  • System userland:
    • busybox 1.36.1

Upgrading to 23.05.0

Sysupgrade can be used to upgrade a device from 22.03 to 23.05, and configuration will be preserved in most cases.

  • Sysupgrade from 21.02 to 23.05 is not officially supported.
  • ipq40xx EA6350v3, EA8300 and MR8300 require tweak to the U-Boot environment on update from 22.03 to 23.05. Refer to the Device wiki or the instruction on sysupgrade on how to do this change. Config needs to be reset on sysupgrade.

Known issues

  • lantiq/xrx200 target is not build because the DSA driver for the integrated GSWIP switch shows some error messages. (see:
  • bcm53xx: Netgear R8000 and Linksys EA9200 Ethernet is broken (see:
  • default gateway setting is not applied when using the wifi device in station mode. (see:
  • The prebuilt images for Zyxel NR7101 are currently broken and will brick your device. PLEASE DO NOT INSTALL. (bug already fixed but require SNAPSHOT or self-compile)
  • realtek: there is currently a problem with MAC address getting wiped on installing 23.05.0. A fix is in progress has been merged and the correct MAC address will be restored on 23.05.1 (see:
  • OpenWrt 23.05.0 was signed with the wrong signing keys. The keys from OpenWrt snapshot were used for OpenWrt 23.05.0 including the release candidates. A later OpenWrt 23.05 service release will use a different key.
  • In Mesh only configuration for WiFi 2.4GHz, force 40MHz option is ignored and doesn't work. Problem has been bisected, fixed in main and backported in 23.05. Normal function will be restored on 23.05.1 (see:

See up to date information here:

Full release notes and upgrade instructions are available at

In particular, make sure to read the regressions and known issues before upgrading:

For a detailed list of all changes since 22.03.0, refer to

To download the 23.05.0 images, navigate to:
Use OpenWrt Firmware Selector to download:

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there are new channels available:


Thank you for the new release, I am excited about the new features and hardware support :slight_smile:

An issue that might need to be added to the known issues list: - under some circumstances, the system might fail to set a default route after reboot. I'm not entirely sure what triggers the bug yet, but as far as I can tell it happens when an interface is set up as a wifi client (no wired devices attached), with option proto 'static' and an option gateway configured. The issue is that the option gateway does not actually take effect after a reboot.


Binary builds are still going, it seems? At the time of this posting, ipq40xx generic targets aren't on the downloads site.


I have upgraded 15min ago Netgear "Nighthawk X4S R7800". Many thanks to all developers and other contributors.

A first test with 8K streaming was successful, the upgrade went very well as always.


The build failed.

Well done to everyone involved! Great work as always :smile:

first of all, thanks for the new release. second, can you please elaborate this item? no longer means there is no tls 1.3 support in the used version (v2.28)? if one needs tls 1.3 what are the options please?


Good to hear the r7800 upgrade goes well!

I'll update mine when the current connection users move outside to play....

Tried to apply an attended sysupgrade from -rc4 to both of my actively-used devices.

Linksys E8450 UBI (main router): not a 100% successful upgrade, the backup LTE connection is currently down. Error: Network device is not present.

The relevant parts of the log:

Mon Oct  9 21:45:45 2023 daemon.notice netifd: Interface 'lte' is setting up now
Mon Oct  9 21:45:47 2023 daemon.notice netifd: lte (3687): WARNING: Variable '^rssi:17' does not exist or is not an array/object
Mon Oct  9 21:45:47 2023 daemon.notice netifd: lte (3687): Unsupported modem
Mon Oct  9 21:45:50 2023 daemon.notice netifd: lte (4897): sending -> AT^NDISDUP=1,0
Mon Oct  9 21:45:50 2023 daemon.notice netifd: lte (4897): Command failed: ubus call network.interface notify_proto { "action": 0, "link-up": false, "keep": false, "interface": "lte" } (Permission denied)
Mon Oct  9 21:45:50 2023 daemon.notice netifd: Interface 'lte' is now down

Root cause: apparently, the USB TTYs where the Huawei E3372h modem (reflashed to the stick firmware, therefore using the NCM protocol) accepts AT commands and where it provides connection stats got swapped. Reconfiguring the connection to use /dev/cdc-wdm0 instead of /dev/ttyUSB1 has helped.

Netgear WAX202 (used as a WDS repeater): no issues, but some scary-looking lines in the log:

Mon Oct  9 21:45:44 2023 daemon.notice procd: /etc/rc.d/S25packet_steering: sh: write error: No such file or directory
Mon Oct  9 21:45:44 2023 daemon.notice procd: /etc/rc.d/S25packet_steering: sh: write error: No such file or directory

EDIT: DAWN failed on both devices. They just don't see each other in the hearing map. Fixed by restarting umdns on Netgear WAX202.

I just tried to use advanced attended-sysupgrade, unfortunately that failed....

What would be the best way to upgrade from 22.03.5 to 23.5.0 whilst preserving configuration and installed packages?

1 Like

If you are not in the US and you set your own country code for each wireless device, please can you check if running the following command at the shell prompt:

'iw reg get'

returns the same country code in global and for each wireless radio?

1 Like

Thanks :+1:

Successfully updated a Xiaomi Mi Router 3G running ksmbd with an attached USB 3.0 HDD (R/W is between 30 and 45 MiB/s)

Screenshot 2023-10-13 at 14.56.48

# iw reg get
country CH: DFS-ETSI
        (2400 - 2483 @ 40), (N/A, 20), (N/A)
        (5150 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
        (5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
        (5470 - 5725 @ 160), (N/A, 26), (0 ms), DFS
        (5725 - 5875 @ 80), (N/A, 13), (N/A)
        (5945 - 6425 @ 160), (N/A, 23), (N/A), NO-OUTDOOR
        (57000 - 71000 @ 2160), (N/A, 40), (N/A)

country US: DFS-FCC
        (902 - 904 @ 2), (N/A, 30), (N/A)
        (904 - 920 @ 16), (N/A, 30), (N/A)
        (920 - 928 @ 8), (N/A, 30), (N/A)
        (2400 - 2472 @ 40), (N/A, 30), (N/A)
        (5150 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
        (5250 - 5350 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
        (5470 - 5730 @ 160), (N/A, 24), (0 ms), DFS
        (5730 - 5850 @ 80), (N/A, 30), (N/A), AUTO-BW
        (5850 - 5895 @ 40), (N/A, 27), (N/A), NO-OUTDOOR, AUTO-BW, PASSIVE-SCAN
        (5925 - 7125 @ 320), (N/A, 12), (N/A), NO-OUTDOOR, PASSIVE-SCAN
        (57240 - 71000 @ 2160), (N/A, 40), (N/A)

country US: DFS-FCC
        (902 - 904 @ 2), (N/A, 30), (N/A)
        (904 - 920 @ 16), (N/A, 30), (N/A)
        (920 - 928 @ 8), (N/A, 30), (N/A)
        (2400 - 2472 @ 40), (N/A, 30), (N/A)
        (5150 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
        (5250 - 5350 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
        (5470 - 5730 @ 160), (N/A, 24), (0 ms), DFS
        (5730 - 5850 @ 80), (N/A, 30), (N/A), AUTO-BW
        (5850 - 5895 @ 40), (N/A, 27), (N/A), NO-OUTDOOR, AUTO-BW, PASSIVE-SCAN
        (5925 - 7125 @ 320), (N/A, 12), (N/A), NO-OUTDOOR, PASSIVE-SCAN
        (57240 - 71000 @ 2160), (N/A, 40), (N/A)

Is this what you requested?


Awesome, cant wait to try on my TP-Link tl-wr2543nd, hopefully soon my other device will be supported (BT Honehub 5 - lantiq/xrx200) soon, Keep up the good work!

Upgrade from 23.05.0-RC4 to 23.05.0 on Linksys E8450 (UBI) from RC4 was successful. Running well.

Outstanding news. Thanks to anyone involved in the dev process. This version will be a milestone.
Already installed successfully on WNDR 3700v2, R6220. Other devices to come.

How exactly did this fail?

Do you think this is something temporary or will it take a lot of time and effort?
Also, will the Xiaomi Mi AIoT Router AX3600 be officially supported?
Thank you

I got a notification about impossible package selection, therefore I cancelled the upgrade.