Creating packages for openwrt requires ipkg-utils and the procedure is debian style using a control file:

cat >> soft/CONTROL/control <<EOF
Package: soft
Version 0.1
Architecture: mipsel
Maintainer: john <john@mail.com>
Section: base
Priority: optional
Description: the soft package adds nothing
Source: http://john.net/soft
EOF
ipkg-build -o root -g root soft

OpenWrt scripts can add a TAP interface to a bridge on boot, however tap interfaces are usually created on demand rather than persisting across reboots. To make sure that the TAP interface is brought up on boot, create a script at /etc/init.d/createtap with the following contents:

#!/bin/sh /etc/rc.common
 
START=30
SERVICE_USE_PID=0
 
TAP=`ifconfig -a | grep tap0 | wc -l
 
start() {
    if [ $TAP -eq 0 ]; then
        ip tuntap add mode tap tap0
    fi
}
 
stop() {
    if [ $TAP -eq 1 ]; then
        ip tuntap del mode tap tap0
    fi
}

and possibly change tap0 to a desired interface name.

In order to activate the script, issue:

/etc/init.d/createtap enable

The interface should now be created on reboot.

Once TAP interfaces are created the MAC address is randomly generated such that unless you are sending a DHCP client ID, the interface will be difficult to track. To set a permanent MAC address for the TAP interface, edit /etc/config/network and add a MAC address for the TAP interface.

For example, the snippet:

config interface 'tap'
        option ifname 'tap0'
        option proto 'dhcp'
        option macaddr 'ca:36:40:4a:79:5e'

configures a TAP interface tap0 that will retrieve its address via DHCP by sending the MAC address ca:36:40:4a:79:5e.

The configuration combined with the script above work perfectly well together: the script takes care to create the interface and the OpenWrt network configuration will set the MAC address when the interface is brought up.

If you access OpenWrt from a cygwin shell, you will notice that running ncurses-based programs (for instance, joe, pico or nano editors) will mess up the lines. This is due to cygwin setting the terminal type to cygwin which is not contained in the terminfo OpenWrt package.

To resolve the issue, the cygwin terminal information from C:\cygwin64\usr\share\terminfo\63\cygwin (assuming the cygwin install root is at C:\cygwin64) should be copied over to /usr/share/terminfo/c/cygwin. Note that the terminfo OpenWrt package does not contain the c directory under /usr/share/terminfo such that it will have to be created before copying over the file.

On OpenWrt version 18.06.1, the Samba template files contains a variable that should be interpolated:

interfaces = |INTERFACES|

unfortunately, the interfaces do not seem to be configurable via LuCi and even using uci to set the variable samba.@samba[0].interfaces to some value will only make OpenWrt interpolate an empty string instead of the configured value.

Seeing that the interfaces to listen on cannot be configured via LuCi, removing the interfaces = |INTERFACES| line and hardcoding the interfaces to listen on seems to be the best option.

Unfortunately for quite a few releases (LEDE), the python setuptools package seems to be broken such that running depending software may bomb out with:

pkg_resources.DistributionNotFound: The 'setuptools' distribution was not found and is required by

The solution is to install pip via:

opkg install python-pip

and then reinstall pip and setuptools:

pip install -U pip setuptools

TL;DR: old trick, set a lower interface metric for the OpenVPN interface than the default gateway.

Since there does not seem to be an official straightforward answer to route all traffic through OpenVPN "the OpenWrt way"™ the following should be easy to accomplish via the interface:

• ensure that the OpenVPN server (or client configuration file) contains redirect-gateway def1,
• using the OpenWrt interface: Network → Interfaces and for each WAN interface, click Edit and then go to Advanced Settings and set the Interface Metric to a given value (ie: 10),
• using the OpenWrt interface: Network → Interfaces open up the OpenVPN interface, go to Advanced Settings and set the Interface Metric to a value lower than all WAN interfaces from the previous step (ie: 1).

OpenWrt does not do this automatically even if redirect-gateway def1 is pushed by the server.

In order to get full disk encryption to work on OpenWrt, install the following packages:

opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-hmac kmod-crypto-sha256 kmod-crypto-misc kmod-crypto-user cryptsetup

Similarly, if the storage device is connected via the USB port, install the dependent mass storage modules:

opkg install kmod-usb-storage kmod-usb-storage-uas

Some key derivation mechanisms are memory intensive and may exceed the available memory on an OpenWrt router, this results in the following error when formatting or opening a LUKS device "Not enough available memory to open a keyslot". To work around the issue, either:

• use the LUKSv1 key derivation by specifying –pbkdf pbkdf2 when formatting the storage device,
• restrict the memory available to the key-derivation mechanism by specifying –pbkdf-memory

The system log file can be dumped to the terminal by issuing:

logread

The equivalent of tail -f for monitoring the logs is:

logread -f 

POSIX threads are part of the core libc library on OpenWrt and linking might sometimes fail with the error:

/usr/bin/ld: cannot find -lpthread

To resolve the issue, simply create an empty library in the library path, ie:

ar -rc /usr/lib/libpthread.a

Setting iproute2 rules and routes does not exactly have an interface on OpenWrt but there is support to be found by editing the configuration files.

For instance, to perform the equivalent of the following on OpenWrt:

echo "200 vpn" >>/etc/iproute2/rt_tables
ip rule add from all fwmark 0xC8 lookup vpn
ip route add default via 192.168.1.1 table vpn

in order to be able to mark packets and send them through a different route, the following OpenWrt changes have to be made:

• define a table manually from the command line:

echo "200 vpn" >>/etc/iproute2/rt_tables

• edit /etc/config/network to define a rule:

config rule
        option mark '0xC8'
        option lookup 'vpn'

• edit /etc/config/network in order to add the route (this alone can be performed from LuCI interface by going to Networking→Static Routes):

config route
        option interface 'tap0'
        option gateway '192.168.1.1'
        option table 'vpn'
        option netmask '255.255.255.255'
        option target '0.0.0.0/0'

Parameters that are not processed by UCI can be passed to hostapd by using the UCI option hostapd_options that is defined as a list of options that will be passed directly to hostapd.

For example, the following command:

uci add_list wireless.radio0.hostapd_options='macaddr_acl=2'

will add the option macaddr_acl=2 to hostapd.

The opkg package manager is configured to download package lists to temporary storage that will end up cleared between reboots. The rationale is that OpenWrt is meant for embedded systems that are short on RAM and Flash ROM such that storing the package lists permanently would take up storage space. However, when OpenWrt is installed on a system with plenty of storage it makes sense to save the packages permanently such that opening System → Software will directly list the available packages without needing to click the Update lists… button.

In order to make package lists permanent, open a terminal on the OpenWrt machine and issue:

mkdir /etc/opkg/list

to create a directory that will store the lists permanently and then open /etc/opkg.conf in order to change the line:

lists_dir ext /var/opkg-lists

to:

lists_dir ext /etc/opkg/list

Finally, either use the menu to update packages or issue opkg update and the lists will now be stored permanently in /etc/opkg/list.