OpenWRT is a Linux distribution for wireless routers and low-resource embedded devices. It provides a coherent base system for different plattforms, various hardware and firmware drivers, and a Debian-style packaging system for application and add-on packages. The JSON-RPC based admin web interface LuCI makes configuration very user-friendly, but keeps the similar SSH and command line UCI interface and /etc files accessible. With its own PROCD system event daemon it can immediately respond to updated device states and settings. As router distribution it includes stateful firewalling, WAN interface and VLAN route configuration, port forwarding, wireless drivers, IPv6 support, UPnP, TR-069, DHCP, DNS, RADv6, mesh networking, VPN, QoS management, a writeable root filesystem, print and file servers, media sharing, telephony systems, and much more.
Homepage
Download
Recent Releases
23.05.313 Apr 2024 18:21
security:
Security fixes
CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow in libtommath
CVE-2023-48795: dropbear: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted
CVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack
19.0713 Jan 2020 16:20
major feature:
With this release, the OpenWrt project brings all supported targets back to a single common kernel version and further refines and broadens existing device support. It also introduces a new ath79 target and brings support for WPA3. The LuCI web interface now uses client-side rendering of statistics/graphs.
Updated toolchain:
musl libc 1.1.24
uClibc-ng 1.0.31
glibc 2.27
gcc 7.5.0
binutils 2.31.1
Updated Linux kernel
4.14.162 for all targets
Flow offloading bugfixes
Network userland:
hostapd 2.9, dnsmasq 2.80, dropbear 2019.78
Fixes in network and wireless configuration handling
Bugfixes in DHCPv6 client and server
WPA3 configuration support
Install wpad-openssl for WPA3 support
Documentation: wpa_modes
System userland:
busybox 1.30.1
Sysupgrade support for backup and upgrade capability checks
Contains urngd, non-physical true random number generator daemon based on timing jitter
Bugfixes in the process manager, system message bus, embedded web server and the configuration management library
Platform and Driver Support
Dropped adm5120, adm8668, ar7, au1000, ixp4xx, mcs814x, omap24xx, ppc40x, ppc44x and xburst target
New ath79 target that will replace the popular ar71xx target
Updates and new device support across all targets
LuCI web interface:
Client side rendering of views for improved performance
Security fixes
18.0601 Aug 2018 03:26
major feature:
First major release since LEDE project merge. The OpenWrt 18.06 series focuses on support for network flow offloading and modernizing the Atheros AR71xx target. Utilizes kernel 4.12
15.0512 Sep 2015 12:38
major feature:
Kernel 3.18.20,
Improved Security Features:
Package signing via ed25519.
Jails support.
Hardened builds
Improved Networking Support:
Lots of 3G/4G modems.
Added support for 464XLAT (CLAT).
Netfilter performance enhancements.
Improved support for self-managing networks.
Better multi-core support for the network stack.
Improved network auto-setup capable of detecting and bootstrapping IPv4-only,
6rd, Dual-Stack, IPv6-only, DS-Lite, LW4over6, MAP-E, MAP-T, 464XLAT
and combinations without explicit configuration.
Added support for Smart Queue Management (SQM) QoS, AQM and Traffic Shaping.
Improved support for DNSSEC.
Platform and Driver Support:
externally maintained targets,
Mediatek 11ac SoC,
MTK 11ac WiFi cores,
Marvell 88W8864,
Broadcom ARM BCM47xx/53xx devices,
Freescale i.MX23/28 family and various boards,
AllWinner A10/A13/A20 boards.
Improvements since release candidates:
Security update of openssl to 1.0.2d,
Security update of curl,
brcmfmac: many BCM43602 related fixes,
ar71xx: support more devices,
brcm47xx/bcm53xx: support any NVRAM size,
bcm53xx: basic Netgear R7000 support R8000 image.
brcmfmac: support for BCM43602,
mt76: updated version with new firmware support, TX DMA fixes,
Fixed broken IPv6 downstream DHCPv6-PD and onlink-route handling,
Improved stability of sysupgrade on brcm47xx and bcm53xx,
Added HTTPS enforcement option to uhttpd,
Fixed umask issue.
And lots and lots of other advancements...
15.05-rc122 May 2015 09:45
major feature:
Linux kernel updated to version 3.18.
Improved Security Features:
- Rewritten package signing architecture based on ed25519.
- Added support for jails.
- Added support for hardened builds.
Improved Networking Support:
- Added or improved support for lots of 3G/4G modems (MBIM, QMI, NCM).
- Added support for 464XLAT (CLAT).
- Improved support for self-managing networks (draft-ietf-homenet-hncp).
- Netfilter performance enhancements (conntrack route cache).
- Better multi-core support for the network stack.
- Improved support for MAP-E and MAP-T IPv4 transitioning technologies.
- Improved network auto-setup capable of detecting and bootstrapping.
- IPv4-only,
6rd, Dual-Stack, IPv6-only, DS-Lite, LW4over6, MAP-E, MAP-T, 464XLAT
and combinations without explicit configuration.
- Added support for Smart Queue Management (SQM) QoS, AQM and Traffic
Shaping.
- Improved support for DNSSEC.
14.0702 Oct 2014 20:35
major feature:
Release 14.07 codenamed "Barrier Breaker" introduces more integrated native IPv6 support, reworked overlay filesystem support. Various fixes for ath9k, a few board releated, curl package dependencies. NAT firewall throughput improvements, security updates for OpenSSL PolarSSL, minor fixes in DHCP DHCPv6 handling, configuration support for GRE tunnels.
Linux kernel updated to version 3.10.
Procd: new preinit, init, hotplug and event system written in C.
Native IPv6-support (RA DHCPv6+PD client and server, local prefix allocation source-restricted routes for multihoming).
Added support for sysupgrade on NAND-flash, filesystem snapshot and rollback.
UCI configuration improvements, support for testing configuration and rollbacks,
unified change trigger system to restart services on-demand, added a data validation layer.
Networking improvements: Netifd now handles setup and configuration reload of wireless interfaces, added reworked event support to allow obsoleting network hotplug-scripts, added support for dynamic firewall rules and zones, added support for transparent multicast to unicast translation for bridges.
Extended IPv6-support (DS-Lite, 6to4, 6in4, 6rd, lightweight 4over6, MAP-E and MAP-T, HNCP).
rpcd: new JSONRPC over HTTP-frontend for remote access to ubus.
mdns: new lightweight mdns daemon (work in progress).
Initial support for the musl C standard library.
Support for QMI-based 3g/4g modems.
Support for DNSSEC validation.
Added architecture for package signing and SHA256 hashing.
14.07-rc114 Jul 2014 19:42
major feature:
The first release candidate for OpenWrt Barrier Breaker adds kernel 3.10, procd with a new init, hotplug and event handling scheme, native IPv6 support, testing and rollback features for UCI. Bridging, dynamic firewalls, automatic netifd reconfiguration of wireless devices were added. A new lightweigt DNS server and a JSON interface to UCI were added. While the packaging process now uses Github for source management.