I decided to make my own custom openwrt build (official builds won't work for me) running on PC without virtualization (such as virtualbox) BECAUSE virtualbox uses additional drivers which kill all your speeds drastically.
If you're working with Gigabits this ain't do the job. Cannot expect good USB3 speeds as well.
But running openwrt directly on PC makes it really hard to manage without LuCi.
I don't want to use another PC to make tunnel and then use LuCi. Makes no practical sense.
So I'm asking you if somebody has tried openwrt as Qemu host as described here
and also being able to run window manager in order to fire some browser ?
I can also read that there's chroot package but seems complicated and yet again dunno how it is possible to have window manager (with LXDE or XFCE for example).
Like has anybody succeeded in that and can share how to do it ?
There would be no practical way to install a window manager into OpenWrt because the platform has only the most basic video drivers (sufficient for getting text output on devices like x86, pi, and other similar systems). There is no ability for the system to render a graphical interface.
If you're familiar with using Linux CLI, it should be pretty straight forward in general, and the OpenWrt configuration options are well documented.
Since OpenWrt doesn't have the ability to run a graphical interface, you can't use a web browser and LuCI can't obviously be used on the physical OpenWrt host (when you're running bare metal).
But, you can run LuCI from any other normal machine on the network. You just need to have LuCI installed on OpenWrt. You can install it when you build your own images (or simply install post-installation of the core OpenWrt image).
Not the best solution yet. I still need 2nd node to access LuCi,which is unnecessary in my situation.
I'm not talking about OpenWrt environment itself but what OpenWrt is made for - to route traffic, where you may have many nodes in LAN networks and the people behind those nodes are usually "users" lol
What about putting a small SBC type system next to your x86 router. x86 headless, put a pi (or other) next to it with the monitor connected, keyboard, mouse, GUI and web browser. Yes, still another node, but cheap, low power, perfect for a web browser context.
If I have to use my creativeness in this manner I would suggest even better.
Connect smartphone with usb-hdmi cable to monitor or cast screen with Wifi Direct to a TV and use BT keyboard/mouse or OTG ones.
You do realize that your favourite desktop linux (arch, debian, fedora, gentoo, mandriva/ mageia, OpenSuSE, Ubuntu) does have everything necessary to make it a router? It 'just' needs configuration - not saying that this would be trivial, but at least it's a much more reasonable to approach the problem from this angle, that to shoehorn X/ lxde/ firefox onto OpenWrt (you're on x86_64/ ARMv8 SBC level hardware requirements to run a browser anyways).
To be honest with you. I LOVE what openwrt does. Much better than dealing with Linux distro as router. After all OpenWRT was built to simplify things and be a helper. It has specific purpose.
It is not used to be a playstation, but graphics/GUI on PC was always there since Bill Gates showed us.
Does anybody knows if OpenWRT inside LXC container has minimal overhead compared to VirtualBox ? AFAIK LXC is sharing the kernel, but I don't know how it works if actually OWRT needs its own custom kernel.
Indeed, it does - but that purpose explicitly excludes running a desktop environment or web-browser. Get the right tool for the job.
Making your favourite general purpose linux distribution a workable router shouldn't take you more than an evening - add a weekend to that figure for properly hardening it, but then it'll work, properly and in an upgrade safe manner.
Making OpenWrt capable to run a web-browser in a graphical environment…, well…, wake me up in half a year to two years, when you've packaged the pre-requisites and found alternatives to udev (input hotplugging and similar), D-Bus, polkit, opkg, etc., designed a way to do proper in-place upgrades for OpenWrt (you have a huge stack of desktop libraries to take care of now, with changing sonames, symbol versioning, C++ versioning, regular security updates), added multi-user support to OpenWrt, and found enough fellow developers to sign up for continued support of your multiple hundreds of new desktop packages.
…and the result would still not be security hardened for all these new features no-one but you (~a few x86, RPi, sunxi and rockchip users) are ever be able to use on their hardware.
Just Say No.
Disclaimer: I have been running Linux (pretty much exclusively) on my personal desktop for well over two decades now - and I have (dual-)used said general purpose distributions as router during analogue modem- and then ISDN times as well.
As you can read my post heading - in any way. That's why I am asking about LXC container stuff right now.
The whole problem is that 2-3 years ago I tested VBOX on gigabit connection with low-mid processor in SpeedTest. Guess what I had as result: 200mbps out of possible 800mbps.
BTW you never know if somebody will invent simple insmod (after all it is linux) that will use some kind video drivers and be pluggable for every router running linux not just OWRT. We are running in developing world so being pessimistic and rejecting simplicity isn't how it works nowadays. As I said graphics is going everywhere, otherwise even your phone would be still with green display and only be able to play snake game. Yeah .. imagine phone used to be for calling people, look what is now..
Proper security practices also depend on separation of services, to provide the least amount of attack surface to the outside, it's still a friggin' router, not a general purpose server or hypervisor. That you can do those things with OpenWrt does not imply that you should, especially not on your border gateway.
It might be worth remembering that OpenWrt mainly targets embedded devices, specifically (traditional) routers, APs, and all-in-one wifi router devices. OpenWrt 22.03 runs on as little as 64MB RAM and 8MB flash storage. Yes, megabytes of RAM and storage. Yes, the system does run on more powerful hardware such as the Pi4 (which is actually a great wired router platform) and x86 and other devices that can have many gigabtyes of RAM and storage. But those 'standard' embedded devices don't have any graphics capability whatsoever, so running anything more than a text based terminal on-device has never been a priority, and would be a huge undertaking to develop.
Linux CLIs are still very common. But the graphical interfaces are made available by means of a web server (OpenWrt's LuCI, as well as so many other devices). The benefit here is that the embedded device doesn't need to run a full graphics stack and web browsers and all the other things that the bigger distros use. All the heavy lifting is done by the more capable systems leaving OpenWrt to do what it does best -- routing and other embedded device functions.
And, FWIW, GUIs predate Bill Gates' Windows by a very long time... yet, DOS existed in command line form for a long time.
Yeah, this request is basically towards x86 and any other much more powerful systems.
It makes no sense to request this from tiny 64RAM system.
But since PCs and definitely Laptops equipped with monitors and make no use of them and have to use another node for graphics is discomfort. I'm pretty sure something in future will happen (again ONLY for PCs and laptops) and be able to see LuCi.
Unless OWRT running inside LXC is already resolving the mentioned problems.
I think that this is the path most users take if they need to have on-host GUI access on an x86 or similar system.
I honestly think that this will never happen on OpenWrt. The development work is so massive and so fundamentally different than what OpenWrt targets that it just makes more sense to use a big distro. Once you have an in-built graphical environment, you end up with a system that is more like a general purpose OS. And fun fact... most big distros have a 'server' version which actually lacks a GUI -- take Ubuntu:
Ubuntu Server is a variant of the Ubuntu OS that does not include a graphical user interface (GUI) by default . GUI applications consume system resources needed for server-oriented tasks, so Linux server distributions usually avoid a GUI in favor of the command-line terminal.
While I do see the desire and benefit of having the GUI run on the same host as the server/router, I'm still not quite sure why lacking it is such a significant problem given that you can run a Pi or a phone or even a 15 year old laptop with a browser. You have concerns about the performance penalty for running a VM based OpenWrt install, which I get, but for some reason running some small SBC like a Pi (which takes up almost no space, works on wifi or wired, uses very little power, and can use the same monitor/keyboard/mouse that you would use for the x86 machine) is too cumbersome or otherwise problematic.
Yes, atm I will either try and see if LXC container can help me first then use smartphone to cast my screen as alternative.
Why is that ? Well sometimes we look for the most professional way to do something, especially if that's your job and somebody is observing you. Like imagine telling my colleagues - guys I have the solution we will use 15 year old laptop with a browser to connect and get display. Or heree - use my phone to connect.. I will be probably fired. Just think of it. Even if you don't have colleagues you need stability/professional method.
So if LXC works why you say "never" when it already may resolve the problem or it is close to resolving it.
The thing is that upon building OWRT I know that I do kernel menuconfig and know that there are kmods and stuff. I just don't get how LXC shares the system kernel and yet OWRT can run its own kernel - makes no sense.
Anyway I think this discussion is enough for now. Thanks all.
If you're doing this in a professional environment, use your modern workstation or laptop to connect using a web browser. You can show your coworkers how you can manage everything from wherever you need to be, rather than having to go to a server rack somewhere.
I don't know of any routers or other networking appliances (switches, APs, etc.) that have a full stack graphical UI included in the system (except for a big distro that runs as a router/server). If you look at all the professional and enterprise gear, they operate using a terminal/ssh CLI based UI and/or they use a web based interface, similar to LuCI. I use Unifi for my home network (and also my dad's and in-law's). Unifi is what I'd consider low-end enterprise gear (common for professional use and leagues above most consumer kit, but there's certainly higher end stuff) -- it has no graphical capabilities on its own, but uses a web server for it's GUI. I can manage the three networks from wherever I am in the world on my phone, or from my desktop/laptop computers... I can be home and manage networks 3000 miles away using the web interface and/or an ssh terminal (depending on what I need to do).
You guys both ended with wrong conclusions as this was just example of why there should be better ways. @slh You're the first man on planet stating that graphics is security concern.
Using only CLI doesn't make you more protected nor more professional. It is just in the movies.
Actually with CLI only you may have much more security concerns of missing something in the settings than reviewing it 10 times in the gui easily. Moreover X is running on localhost and if your localhost isn't protected nothing is.