OpenWrt 21.02 has just been released with higher security with WPA3, HTTPS & TLS enabled by default, as well as initial support for the Distributed Switch Architecture (DSA), the Linux standard for configurable Ethernet switches.
OpenWrt is the most popular open-source Linux distribution for routers and entry-level Linux-capable embedded systems, and the latest release includes over 5800 commits since the release of OpenWrt 19.07 in January 2020.
WPA3 was already supported in OpenWrt 19.07, but not enabled by default, OpenWrt 20.02 changes that, together with TLS thanks to trusted CA certificates from Mozilla. That means LuCi interface, wget, opkg package manager can all support HTTPS out-of-the-box. Note that HTTPS redirection can be disabled for LuCI in the configuration files. Another security change is that SELinux is now supported by OpenWrt, but not enabled by default.
OpenWrt 21.02’s DSA implementation replaces the current swconfig system, but not all targets have been ported, so some are still using swconfig. Since the two solutions are much different, a system upgrade will not be able to convert an existing swconfig configuration to DSA configuration.
The new release also updates the syntax of configuration files including board.json. OpenWrt 21.02 will still support the old convention and the LuCI interface can migrate your config automatically to the new syntax.
Various packages have been updated with OpenWrt relying on Linux 5.4.143, busybox 1.33.1, gcc 8.4.0, and the operating system switched from mbedTLS to wolfSSL as the default SSL library. Both mbedTLS and OpenSSL can still be installed manually. New hardware targets have been added from realtek, Broadcom (bcm4908), and Rockchip RL33xx which should be good news for Rockchip RK3328 and RK3399 boards such NanoPi R2S, Rock Pi 4, Pine64 RockPro64, or which are already supported, but hopefully others like Orange Pi R1 Plus will be added to the list.
Getting new features and more security is always nice, but it does come at the cost of higher requirements. OpenWrt 19.07 already upped systems requirements to 32MB RAM and 4MB storage, but OpenWrt 21.02 increases that to 8 MB flash and 64 MB RAM, and developers even recommends 16MB flash and 128MB RAM if you intend to install extra packages. It’s still possible to build OpenWrt 21.02 for system with 4MB flash and 32MB RAM, but stability cannot be guaranteed, as stated in the 8/64 warning page:
Insufficient RAM for stable operation
32 MB RAM is already deprecated. You will run into issues with an up to date OpenWrt version.
64 MB RAM may have some issues with stability, depending on your hardware and use cases, although it is enough for basic usage
128 MB RAM or more is recommended if software past basic router/AP functionality is to be used
If you’d like to go ahead, upgrading 19.07 to 21.02 is possible, but not from OpenWrt 18.06. Configuration files will be preserved in most cases, and if you’re using swconfig the system may refuse to update due to the new DSA settings. In that case, a new installation is the only option and you can find images for your target on the download page.
More details may be found in the announcement.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.