Openwrt old version

Is it safe now a days to use openwrt 19.07?
I use a device which has only 8mb flash so i cant install necessary package if i use openwrt 22, because of limited storage :frowning:

Generally speaking, this is not recommended. There are known security vulnerabilities that will never be patched, so a device running 19.07 should not be directly exposed to the internet.

What is your use case? And what is the device?

3 Likes

The wireless side also tends to be prone to security issues, making it vulnerable to nearby attackers as well, even without direct internet connectivity.

If a device can no longer be updated to a current -security supported- firmware version (because it no longer meets minimum system requirements or had to be dropped for other reasons), it should be replaced with one that can be kept updated. Today's internet is rather dangerous, with numerous commercially driven criminals and state actors constantly looking for victims and scapegoats to add to their botnets, and well-connected always-on network infrastructure devices are 'perfect' for their nefarious intentions. Vulnerable devices need to be updated/ replaced as soon as possible.

4 Likes

Sincere advice to you to use the oldest possible versions of them for stable operation, the newer the version openwrt, its performance will destroy your router (I mean slow)

If you only care about security and don't care about anything else like performance then you should use the latest openwrt

Unfortunately, @senko2276 's advice is extremely shortsighted. OpenWrt is still quite performant even on older hardware, but fundamentally, if your hardware is so old as to be unable to work reasonably well with a modern version of OpenWrt, replacement should be in the cards.

After all, you wouldn't run Windows 95 anymore unless you absolutely had to for some very speicific application, and in that case, you would need to run it in an entirely airgapped environment (i.e. no internet connectivity whatsoever), otherwise it would become overrun by viruses almsot immediately.

4 Likes

Can we get openwrt security updates through some way without having to upgrade to the latest version ???
I have an old laptop windows 7 but with some tricks i can still install the latest security updates till february 2023, i think everything will work fine as long as it still supported

But Microsoft doesnโ€™t support Win 7 in any way or form since a couple of years.
The updates you get is not security updates but instead at best Win Defender updates that everyone gets.

Nowadays Win 7 is usually the problem when talking about botnets.

OpenWrt change Linux kernel at every mayor release so you canโ€™t mix updates between versions. Packages may work or not, roll your dice on them.

2 Likes

I ordered a new router yesterday, hope it will work fine with latest version i think 256mb ram and mt7621 will run well v22

Hi @psherman ,

If I may ask a question about the same topic ...

I have set up an old router (the whole story here: Wireless bridge with ASUS RT-10 B1) as explained in this page: https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi (this is what I would consider a wireless bridge, but I am not sure if it is the right technical definition).

That old device:

  • runs OpenWRT 17.01.7
  • is connected to my ISP modem router wirelessly, and to a IoT client on the LAN port
  • is switched on only when the IoT client is needed (between 1 time per day and 1 time per week - just to say that it is not a 24/7 device...), and kept on for few hours

Do you consider it risky, and that I should think about a newer device?

My intention was to reuse that old harware, but if there are security flaws, I would reconsider that ...

Thank you in advance

PS: I was evaluating the purchase of a set of zyxel Multy M1 WSM20 few weeks ago ... I could consider a unit for that scope (which would improve the performances of the connection as well...)

The mt7621 is still a great SoC. I suspect you'll be quite happy with it.

There are serious issues with this version of OpenWrt in various areas throughout including the kernel and wireless security.

That's one of the new batch of mt7621 devices revamped with AX. That's a pretty good device. It supports hardware flow offload, and the mt7915 on board supports WED. To get full performance, I recommend to go with version 23 as soon as it's out of release candidate stage.

1 Like

There have been a couple of high profile security issues in the wireless subsystem and -drivers since 17.01.x, which are only fixed in more current versions. The system is effectively open to nearby attackers, who can then take over the whole device from the inside.

Bugs (security and otherwise) are inevitable, they will always happen and found, the importance is to stay on top of them and to upgrade to fixed versions in a timely fashion.

1 Like

Thank you @VA1DER and @slh for confirmation / alert
I will move to a better solution as soon as possible

Thank you for your reply.
I was wondering if I should wait for the release 23 before moving on .... since I am a beginner with OpenWRT, and I have read that it is much easier (Luci should be already installed by default :slight_smile: ) . But the question was already asked in the forum, and it was unclear how much we should wait before the release version ...

Yes, and I don't have any good answer how long it will be either.

Version 23 has improvements to WED (MediaTek's Wireless Ethernet Dispatch) and a package (bridger) that makes WED usable even when the device is used as a dumb access point or client bridge.

The mt7621 is almost nine years old. It was originally made for WiFi 4 and 5, and for modern WiFi 6 it is pushed pretty hard. It's still a decent SoC, don't get me wrong, but improvements in hardware flow offload, WED, and the ability to use bridger will squeeze a lot more performance out of your device. I would suggest it's really worth the wait.

until 23 is released update to 22

Not sure I have understood correctly ....
The Zyxel Multy M1 WSM20 is quite a new device in OpenWRT, only Snapshot is available today... and I am thinking about starting with that or waiting for the release of the version 23.
Or if your remark was about my old retour, due to limitations on the hardware, it does not support any upgrade of OpenWRT version

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.