Hi,
The OpenWrt community is proud to announce the first stable release of
the OpenWrt 21.02 stable version series. It incorporates over 5800
commits since branching the previous OpenWrt 19.07 release and has been
under development for about one and a half year.
Highlights in OpenWrt 21.02.0
- ---
WPA3 support included by default
WPA3 was already supported in 19.07 but it was not provided by the
default set of packages in OpenWrt images.
With 21.02, all packages necessary to provide WPA3 are installed by
default in OpenWrt images. WPA3 is supported by most Wifi drivers in
OpenWrt.
- ---
TLS and HTTPS support included by default
TLS support is now provided by default in OpenWrt images including the
trusted CA certificates from Mozilla. It means that wget and opkg now
support fetching resources over HTTPS out-of-the-box. The opkg download
server is accessed through HTTPS by default. OpenWrt switched from
mbedTLS to wolfSSL as the default SSL library. mbedTLS and OpenSSL are
still available and can be installed manually.
In addition, LuCI is now available over HTTPS in addition to HTTP. There
is no automatic redirection to HTTPS on a fresh OpenWrt 21.02
installation; however, redirection will be enabled after upgrading from
OpenWrt 19.07 to OpenWrt 21.02.
It is always possible to activate or deactivate the redirection to HTTPS
like this:
uci set uhttpd.main.redirect_https=1 # 1 to enable redirect,
0 to disable redirect
uci commit uhttpd
service uhttpd reload
- ---
Initial DSA support
DSA stands for Distributed Switch Architecture and is the Linux standard
to deal with configurable Ethernet switches.
OpenWrt 21.02 comes with initial support for DSA, which replaces the
swconfig system that OpenWrt was using up until now. Not all targets
have been ported: some devices still use swconfig while some devices
already switched to DSA.
This is a significant change to how switch ports and VLANs are managed.
As such, sysupgrade will not be able to convert existing swconfig
configuration to DSA configuration (see “Upgrading” below).
See the OpenWrt DSA Networking documentation for details.
https://openwrt.org/docs/guide-user/network/dsa/start
The following targets are using a switch managed with DSA in OpenWrt 21.02:
* ath79 (only TP-Link TL-WR941ND)
* bcm4908
* gemini
* kirkwood
* mediatek (most boards)
* mvebu
* octeon
* ramips (mt7621 subtarget only)
* realtek
- ---
Increased minimum hardware requirements: 8 MB flash, 64 MB RAM
Due to new features being introduced and the general size increase of
the Linux kernel, devices now need at least 8 MB of flash and 64 MB of
RAM to run a default build of OpenWrt. More flash space is recommended
for extensibility, see 8/64 warning:
https://openwrt.org/supported_devices/864_warning
It is still possible to build custom OpenWrt images (e.g. using the
ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM.
However, the level of functionality will be reduced and there is no
guarantee to stability. See OpenWrt on 4/32 devices for more details and
guidance.
https://openwrt.org/supported_devices/openwrt_on_432_devices
- ---
New network configuration syntax and board.json change
There have been several changes to the network configuration syntax in
/etc/config/network:
* in config interface, option ifname has been renamed to device (since
it refers to a device section)
* in config device of type bridge, ifname has been renamed to ports
* for new installs, the generated configuration now creates separate
sections for layer 2 (config device) and layer 3 (config interface)
configuration
The old syntax is still supported to facilitate transition, and there is
no automated migration when upgrading.
However, the LuCI web interface detects old-style configuration and will
propose to migrate it to the new syntax. This is necessary to be able to
edit network configuration through LuCI.
New UCI syntax
The new configuration style looks like this:
config device
option name 'br-lan'
option type 'bridge'
option macaddr '00:01:02:XX:XX:XX'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth1'
option macaddr '00:01:02:YY:YY:YY'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
This example uses DSA with lanX interface names. A non-DSA device would
use more classical ethX interface names.
Changes to board.json
In addition, network fields in board.json have also been renamed from
“ifname” to “device”. In addition, DSA bridges