OpenWrt 21.02.0 second release candidate

Hi,

The OpenWrt community is proud to announce the second release candidate of the upcoming OpenWrt 21.02 stable version series. It incorporates over 5800 commits since branching the previous OpenWrt 19.07 release and has been under development for about one and a half year.

Changes between OpenWrt 21.02.0-rc1 and 21.02.0-rc2

New network configuration syntax

There have been several changes to the network configuration syntax in /etc/config/network:

  • in config interface, option ifname has been renamed to device (since it refers to a device section)
  • in config device of type bridge, ifname has been renamed to ports
  • for new installs, the generated configuration now creates separate sections for layer 2 (config device) and layer 3 (config interface) configuration

The old syntax is still supported to facilitate transition, and there is no automated migration when upgrading.

However, the LuCI web interface detects old-style configuration and will propose to migrate it to the new syntax. This is necessary to be able to edit network configuration through LuCI.

The new configuration style looks like this:

config device
    option name 'br-lan'
    option type 'bridge'
    option macaddr '00:01:02:XX:XX:XX'
    list ports 'lan1'
    list ports 'lan2'
    list ports 'lan3'
    list ports 'lan4'

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config device
    option name 'eth1'
    option macaddr '00:01:02:YY:YY:YY'

config interface 'wan'
    option device 'eth1'
    option proto 'dhcp'

config interface 'wan6'
    option device 'eth1'
    option proto 'dhcpv6'

This example uses DSA with lanX interface names. A non-DSA device would use more classical ethX interface names.

LuCI update

LuCI has been updated to support the most recent network syntax (and migrate old config files if needed). In some cases migration will take 2 steps.

Support for configuring devices (config device UCI sections) was added. It can be used for setting layer 2 options (like MTU and MAC address). It also supports bridge devices (including VLAN tagging).

LuCI HTTPS

LuCI is now available over HTTPS in addition to HTTP in the default images.
After an upgrade from OpenWrt 19.07 to OpenWrt 21.02 unencrypted HTTP requests are redirected to HTTPS. On fresh OpenWrt 21.02 installations they are not redirected. Deactivate the redirect to HTTPS like this:

uci set uhttpd.main.redirect_https=0
uci commit uhttpd
service uhttpd reload

Software updates

  • Linux kernel updated to version 5.4.119 (from 5.4.111 in v21.02.0-rc1)
  • mac80211 updated to version 5.10.34-1 (from 5.10.16-1 in v21.02.0-rc1)
  • mac80211 backport upstream fixes for the new FragAttacks vulnerabilities in 802.11
  • mt76 updated to latest version
  • dnsmasq updated to version 2.85 (from 2.84 in v21.02.0-rc1)
  • busybox updated to version 1.33.1 (from 1.33.0 in v21.02.0-rc1)

Misc changes

  • Linux kernel fix parsing fixed subpartitions
  • Linux kernel Activate FORTIFY_SOURCE for MIPS kernel 5.4
  • busybox add SRV support to nslookup_lede.c patch
  • busybox disable PREFER_IPV4_ADDRESS
  • openwrt-keyring only copy sign key for 21.02
  • sdk, imagebuilder unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archives
  • uqmi fix network registration loop

Device support

  • Lantiq DSL multiple backports for DSL statistics
  • New devices MikroTik SXTsq 5 ac, MikroTik hAP ac2
  • Device fixes for ALFA Network devices, Youku YK1, TP-Link AD7200,
    TP-Link EAP-225, TP-Link TL-WR810N v1, MikroTik RB922UAGS-5HPaCD

Known issues

  • LuCI network migration tool doesn't migrate custom bridge MAC addresses. Custom device MAC has to be set again manually.

Full release notes and upgrade instructions are available at
https://openwrt.ifw.cn/releases/21.02/notes-21.02.0-rc2

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.ifw.cn/releases/21.02/notes-21.02.0-rc2#known_issues

For a detailed list of all changes since 21.02.0-rc1, refer to
https://openwrt.ifw.cn/releases/21.02/changelog-21.02.0-rc2

To download the 21.02.0-rc2 images, navigate to:
https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/


To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

26 Likes

Can I install certbot and install letsencrypt certificates?

Upgraded wndr3700v2
No issues

Luci migration of network config also no issues.

1 Like

Thanks to all the OpenWrt developers.

No issues encountered so far with D-Link DIR-882.

No issues encountered so far with tp-Link cpe210 V2

Nice Work.

big thanks to @rmilecki and all the developers for their hard work in this

solid move forward

1 Like

Thanks :slight_smile: I received a huge support from @jow

LuCI support for DSA is an important step. For those unfamiliar with DSA config I can recommend my mini tutorial:

6 Likes

I'm also affected by "automatic network config migration failed" and posted in https://forum.openwrt.ifw.cn/t/network-migration-21-02-0-rc2

1 Like

@hauke Is it correct to disable ipv6 in the "config interface" section by ...

config interface 'VL10'
	option proto 'static'
	option ipv6 '0'
	option device 'br-vl10'

? Where do it put "option igmp_v3 '1'" in a bridged scenario - below "config device" or "config interface"?

There's something strange going on.

I flashed the OpenWrt 21.02.0-rc.2 factory image via TFTP recovery to my Archer C7 v2 EU with success.

After a failed network migration, I was unable to enter failsafe mode, so decided to flash the OpenWrt 21.02.0-rc.2 factory image (for v5) to my Archer C7 v5 and the unit stayed dead. I only saw power light on most of the time and then all LEDs blinking. After multiple tries, it did not work to flash factory image to the Archer C7v5 and it remained dead.

Then I've tried to flash the OpenWrt 21.02.0-rc1 (v5) factory image to my Archer C7v5 device and - voila - it came back to life again, just booted normally.

I suspect some bug with the factory image for the Archer C7v5 (used ImageBuilder to build it - if that matters).

Upgrade RC1 to RC2 worked like a charm on Cudy WR1300. LuCi-Update fine, too.
Good work, guys!

Running great on my WRT32X... The only issue is with luci-app-samba4 which I need, Network Shares is broken in LuCI. This has already been fixed with a commit on 5/29/21 though, so I'll have to grab a 6/1/21 nightly unless the package can be updated I'll check tonight.

1 Like

I flashed 21.02.0-rc2 in my Raspberry Pi 4B, Netgear R7800 and TP-Link Archer A7 v5. In all the 3 devices I manually edited /etc/config/network with the new syntax changes.

I don't have any issues with Raspberry Pi 4B and Netgear R7800. But with my TP-Link Archer A7 v5, I am getting the following errors with "opkg update". I never had these errors with 21.02.0-rc1. Any idea what's wrong?

root@Archer_A7:~# opkg update
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/targets/ath79/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/targets/ath79/generic/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/base/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/base/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/luci/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/luci/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/packages/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/telephony/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.
root@Archer_A7:~# opkg update
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/targets/ath79/generic/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/targets/ath79/generic/packages/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/base/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/base/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/luci/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/luci/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/routing/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/routing/Packages.gz

Downloading https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/telephony/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/targets/ath79/generic/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/routing/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.ifw.cn/releases/21.02.0-rc2/packages/mips_24kc/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

Hi,

I tried to upgrade my Archer C7 v2 from 19.07.7 (ath79) to 21.02rc2 with keeping all settings.
It came up but after selecting "switch" options it tried to convert settings but never came back. I must reset it and reload 19.07.7.

Another problem seems to be with "wireguard" vpn.
I tried to install it with LUCI but there are missing dependencies with a kernel module.
This module is not available (and not needed) anymore...

Is it possible to use wireguard with 21.02rc2?

Uwe

2 Likes

Thanks for your job :+1: hap ac 2 is a good news but no yet linksys e8450 soon maybe :pray:

There is a snapshot avail.
https://firmware-selector.openwrt.ifw.cn/?version=SNAPSHOT&target=mediatek%2Fmt7622&id=linksys_e8450
HTH

1 Like

Anyone know what this is? It is flooding my syslog and didn't happen in rc1. Running on Raspberry Pi 4

Tue Jun 1 16:07:46 2021 daemon.info https-dns-proxy[2879]: [E] 1622578066.641924 src/https_client.c:102 CURLOPT_HTTP_VERSION error 1: Error
Tue Jun 1 16:07:46 2021 daemon.info https-dns-proxy[2879]: [E] 1622578066.641972 src/https_client.c:104 Try to run application with -x argument!

1 Like

There's acme package in OpenWrt repo which can achieve the same. Alternatively, you can just grab the script from https://acme.sh.

The new switch configuration syntax introduces a regression, unfortunately.

I have an Archer C7 v2 running as a simple wireless accesspoint. The wireless interface is bridged to the default "LAN" interface. From the first LAN port I run a cable to a switch connected to my main router. It was all running fine with 21.02.0-rc1. After upgrading to rc2 I converted the network or switch configuration to the new layout. After that, my wireless clients get authenticated on the AP, but don't receive an IP address anymore from the main router. When I revert my /etc/network/config to the old syntax, everything works again. So, it's clearly an issue caused by the new syntax and or the code interpreting it.

The switch inside the Archer C7 v2 itself still works fine, even with the new syntax. Because if I connect the client via ethernet to one of the other LAN ports of the Archer C7 v2, it get's an IP address just fine and the conneciton works. I also have no trouble reaching the AP (LuCI or SSH) from a client connected to my main router, so the connection between the switch and the CPU port seems to work as well. There only seems to be an issue with bridging the wireless interface to the LAN interface and switch ports with the new syntax even though I haven't touched the wireless configuration.

So, here is my old network configuration file that works fine on both rc1 and rc2 (the WAN interface is unused in my setup btw. – it's just a leftover from the default configuration):

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1'
	option proto 'static'
	option ipaddr '192.168.10.100'
	option netmask '255.255.255.128'
	option gateway '192.168.10.1'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'none'
	option auto '0'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'none'
	option auto '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 6t'

And here's the diff after the automatic syntax conversion from within LuCI (left is the old file above, right is the new file that breaks connectivity for the wireless clients):

3d2
<       option ifname 'lo'
6a6
>       option device 'lo'
11,12d10
<       option type 'bridge'
<       option ifname 'eth1.1'
17a16
>       option device 'eth1.1'
20d18
<       option ifname 'eth0.2'
22a21
>       option device 'eth0.2'
25d23
<       option ifname 'eth0.2'
27a26
>       option device 'eth0.2'
42a42,46
> 
> config device
>       option name 'br-lan'
>       option type 'bridge'
>       list ports 'eth1.1'

P.S.: Just after writing this up, I'm starting to wonder if the last line "list ports" should include the wireless interface?