OpenWrt One

I bought an OpenWrt One WiFi router from “Bipai Corp”, via AliExpress.

The list price was $89, I got it for $109 with shipping from China.

My OpenWrt One arrived wrapped in a blob of bubble wrap and tape. I’m not sure there was any exterior box, only layers of tape. Not much in the way of markings, either, merely an address label.

Inside the tape and bubble wrap, a professionally done box, about 9 inches on its longest side.

openwrt one box with tape measure for scale

A completely acceptable box, they took care to print a notice about where to find the source code for the One’s software.

opened openwrt one box

Everything was neatly packed, arriving undamaged. I still feel amazed when I see a USB cube transformer for a power supply. It’s better than a unique “wall wart” for each appliance, where each unique transformer plugs in oriented in some Lovecraftian non-euclidean fashion.

The OpenWrt One itself feels solid, has a reasonably well machined aluminum case. The “front” is mostly blank, unfortunately bearing no labels. The back side has all the interesting sockets and switches.

openwrt one back side, with ethernet sockets

The designers of this router clearly imagined it solely as a WiFi router: it only has enough sockets to get cabled to some ethernet router. That has consequences in setup, since I want IPv4 addresses given out by that ethernet router. I won’t be able to plug the ethernet router into the WiFi router’s bridged CAT-5 sockets.

And that brings me to configuring the OpenWrt One. openwrt the firmware does not turn on radios by default. You have to explicitly enable them.

After cabling the OpenWrt One, and turning it on, I could not find an ssh TCP port, which was probably due to the built-in openwrt firewall exposing dropbear to the “WAN” on TCP port 22001, but I didn’t know that when I started working on the One. I used the USB-C serial console.

USB-C Serial console

The USB-C port on the front of the OpenWrt One enclosure is the serial console.

front view of openwrt one enclosure

I’ve circled the USB-C serial console port in red. The LED circled in green glows green when OpenWrt (the operating system) has finished booting. I don’t know what the button up and right from the USB-C socket is, just yet.

I was able to plug in a USB-C-to-USB-A cable from my laptop (USB-A socket) to the USB-C socket on the front of the OpenWrt One enclosure, then use minicom on my Arch Linux laptop to connect to the OpenWrt One Linux shell.

journalctl -f in one xterm showed me this right after I plugged in the cable:

Dec 16 16:43:02 hazard kernel: usb 1-1: new full-speed USB device number 8 using xhci_hcd
Dec 16 16:43:02 hazard kernel: usb 1-1: New USB device found, idVendor=04d9, idProduct=b534, bcdDevice= 2.10
Dec 16 16:43:02 hazard kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Dec 16 16:43:02 hazard kernel: usb 1-1: Product: OpenWrt One
Dec 16 16:43:02 hazard kernel: usb 1-1: Manufacturer: OpenWrt
Dec 16 16:43:02 hazard kernel: usb 1-1: SerialNumber: 0000
Dec 16 16:43:02 hazard kernel: cdc_acm 1-1:1.0: ttyACM0: USB ACM device

The minicom command: minicom -D /dev/ttyACM0

It seemed to take some seconds, maybe a minute, for the /dev/ttyACM0 device file to appear.

minicom running in an xterm shows this:

BusyBox v1.36.1 (2024-10-22 08:16:16 UTC) built-in shell (ash)                                   
                                                                                                 
  _______                     ________        __                                                 
 |       |.-----.-----.-----.|  |  |  |.----.|  |_                                               
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|                                              
 |_______||   __|_____|__|__||________||__|  |____|                                              
          |__| W I R E L E S S   F R E E D O M                                                   
 -----------------------------------------------------                                           
 OpenWrt SNAPSHOT, r27876+1-3098b4bf07                                                           
 -----------------------------------------------------                                           
=== WARNING! =====================================                                               
There is no root password defined on this device!                                                
Use the "passwd" command to set up a new password                                                
in order to prevent unauthorized SSH logins.                                                     
--------------------------------------------------                                               
root@OpenWrt:~# 

Looks like I should update the firmware, maybe add a password for user root.

Bridge the OpenWrt One network

I configured my OpenWrt One using the command line via the serial console.

Because there’s no set of ethernet sockets that can be left as a bridge, and turn off the router’s DHCP and DNS servers, I followed the OpenWrt wiki’s Wi-Fi Extender/Repeater with Bridged AP over Ethernet instructions, the Wireless Access Point - Dumb Access Point section.

These instructions seem a little vague, probably due to the author wanting to cover a lot of different situations. I modified one file, as per Switch and dedicated WAN devices post 21.01 and ran a few commands.

/etc/config/network

config device                                  
        option name 'br-lan'                   
        option type 'bridge' <- added this line
        list ports 'eth0'                      
        list ports 'eth1' <- I added this line
                                               
config interface 'lan'      
        option device 'br-lan'  <- changed from "lan", refers to the bridged, "br-lan" device
        option proto 'dhcp'     <- this was "static"
        #option ipaddr '192.168.1.1' <- commented out these 3 lines
        #option netmask '255.255.255.0'
        #option ip6assign '60'         

I believe these changes, when they take effect, bridge the two ethernet ports and the radios into a single broadcast segment. The router itself will acquire an IPv4 network on the br-lan interface. Because the router is cabled to my Dell R530 server, kea-dhcp4 running on the R530 will give out an IPv4 address to the router itself.

The One’s second ethernet socket works, this network configuration bridges it into br-lan, which includes the radios.

/etc/config/wireless

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan' <- this is the "lan" device including eth0 and eth1 from /etc/config/network file
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none' <- I should specify encryption and a shared secret

Commands

root@OpenWrt:~# /etc/init.d/dnsmasq disable
root@OpenWrt:~# /etc/init.d/dnsmasq stop
root@OpenWrt:~# /etc/init.d/odhcpd disable
root@OpenWrt:~# /etc/init.d/odhcpd stop
root@OpenWrt:~# /etc/init.d/firewall disable
root@OpenWrt:~# /etc/init.d/firewall stop
root@OpenWrt:~# /etc/init.d/network reload

I did not put option ignore '1' lines in various places in /etc/config/dhcp as I did when configuring OpenWrt on my AX6000. I think disabling and stopping all these services is enough.

Apparently, the “firewall” redirected “WAN” port 22001 to “LAN” port 22. Turning off the firewall and rebooting, the “dhcp” setting in /etc/config/network allows me to ssh root@10.0.0.67 from my BAN (basement area network) and log in to the OpenWrt One.

Further work and unsolved questions

  • Need to upgrade openwrt firmware.
  • Need to add a root password.
  • Does the “Power over Ethernet” socket enable imaginative new uses?