How to download LXC version of OpenWRT and run it on Proxmox

kavejo

New Member
Jan 28, 2020
15
0
1
36
Hi,

I am looking to run an OpenWRT container to provide network access to my VMs.

I have seen on https://us.images.linuxcontainers.org/ that there is a template built for OpenWRT 19.07.
When I run pveam available, the containers at the URL above are not listed but other ones are listed instead.

Looking at https://bugzilla.proxmox.com/show_bug.cgi?id=2044, this seem to have been requested already.
I have just updated the bug informing about the availability of a pre-built template from https://us.images.linuxcontainers.org/images/openwrt/.

Is there any chance to have this container included in the one Proxom VE has access to?
Otherwise is there an easy way to downlaod it from the linuxcontainers.org images repository using pveam?

Thank you.
 
hi,

you can use wget to download the rootfs (rootfs.tar.xz) to your PVE host and use it as a template (however since this isn't officially supported by PVE some things may not work properly)
 
  • Like
Reactions: MadalinC
Thank you @oguz,

Would I need to convert the file from tar.xz to tar.gz? Do I need to observe any specific naming convention in the way I rename the file?

Thank you.
 
i think it should work as tar.xz
place it on one of your storages with CT templates (for example local) and use it as the template while running CT creation wizard
 
oguz said:
i think it should work as tar.xz
place it on one of your storages with CT templates (for example local) and use it as the template while running CT creation wizard
Click to expand...

Thanks for the info. I tried this with the latest Arch Linux and all seems to be working just fine.

I am wondering, are there any changes that the Proxmox team made to the provided archlinux-base template?

OR is it simply a LxC archlinux template from September 2019?
Weirdly enough, the latest Arch Linux template has working networking and the provided one (from Sept. 2019) breaks when updated.

Thanks!
 
Hi All.

I have used an LXC/LXD openwrt 21.02 image from Canonical but I cannot get any Internet on the LAN. The openwrt router has Internet access, I can install packages, and use diagnostic utilities. It might be an issue with openwrt firewall not loading properly as I can access Luci via WAN interface which is normally blocked. Has anyone else come across this? Many thanks.
 
I was following this post to install the openwrt on proxmox LXC, I have the same problem. From openwrt I can access internet, but any VM behind openwrt is not able to ping any machine outside the proxmox.
I noticed the iptables -L does not show any iptables rules, so, I update something in firewall settings via Luci Web UI, and iptables seems appear. After that I added some NAT rules in firewall, studently everything works, but after I reboot the openwrt, everything stops working again, and I tried to redo all the work, seems no luck.

Btw, install openwrt as VM seems work well, just I see a constant small CPU usage(1-2%) on proxmox dashboard, but inside operwrt VM, cpu usage is zero, not sure why.
 
Hi. I have used a Snapshot image of OpenWrt and it's working as expected. https://uk.lxd.images.canonical.com/images/openwrt/snapshot/amd64/default/
Download one of the available images, and create your container in the Proxmox shell.
Code: 
pct create 301 local:vztmpl/openwrt-20221011-rootfs.tar.xz --rootfs local-lvm:0.256 --ostype unmanaged --hostname openwrt --arch amd64 --cores 1 --memory 256 --swap 0 --unprivileged 1
Now, create a new Linux bridge in Proxmox (e.g. 192.168.3.0/24).
Add 2 new network devices to your new container eth0 (this is the OpenWrt WAN interface, so I connected mine to vmbr0 for Internet access) and eth1 (LAN interface in OpenWrt - connected to new linux bridge vmbr1)
Start your container and from the Proxmox shell connect to it.
Code: 
pct enter 301
Update packages, install nano and luci
Code: 
opkg update
opkg isntall nano
opkg install luci-ssl
/etc/init.d/uhttpd restart
Edit the firewall configuration to allow HTTPS traffic from WAN. nano /etc/config/firewall
Add this to end of file and save with Ctrl + X
Code: 
config rule
    option target 'ACCEPT'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option name 'Allow-WAN-Web'

Get your WAN ip address with ip a | grep eth0 and reboot the container.

Open a browser tab and go to https://ContainerWanIP, log in and change your root password.

Now go to Network -> Interfaces -> Add new interface.

Name: lan
Protocol: Static address
Device: eth1

Click Create Interface. Now add...

IP Address: 192.168.3.1 (or whatever subnet you wish to use)
IPv4 Netmask: 255.255.255.0

Click Firewall Settings tab and select LAN from the dropdown list and on the DHCP server tab, select Setup DHCP server and then click Save.

Now move a VM to vmbr1 and test connectivity. Thank you.
 
  • Like
Reactions: vesalius
OpenWRT 21 does not seem to NAT correctly for some reason. I have the same problem, the LXC can ping a wan address but anything on the lan doesn't make it through. I was also able to get it working just once by fiddling with NAT but then I lost it and can't seem to get it working again.

OpenWRT 22.03 seems to pass traffic in an LXC just fine. In fact, I was able to get openvpn, mwan3, wireguard, even iphone backup working, and more with a weeks worth of work. Where I'm stumped at the moment is getting ipset working. This is needed to complete my dynamic (best attempt) split vpn working properly as I have it configured in pfsense today. This appears to be a problem because ipset is not compiled in the latest dnsmasq version: https://forum.openwrt.org/t/dnsmasq-full-ipset-support-removed-in-master/150274/5


Why:
The efficiency potential for this is incredible.

VM: Pfsense/Opnsense Lan -> IP (VM) routing speed (iperf3) is ~ 3 Gbps for me. And that's with many months of trying things (pci pass through, etc). I noticed

LXC: openwrt 21 direct can do ~ 55 Gbps but no routing
LXC: openwrt 22 can route ~ 22 Gbps! And pretty much everything works as expected except ipset

I only need ~1.2 gbps to max out my home internet provider but I'm mainly after the efficiency gains on this. The cpu usage is drastically reduced.

My hardware is Intel(R) Pentium(R) Gold 7505 (quad 2.5 gbps intel nics)
 
@Brandon168 following this post. I have set up a couple 22.03 OpenWRT LXC to see if they might be a more efficient and performant option as my home network router/firewall.

it’s early days, but can do you have resources on mwan3 for dual wan setup you can point me toward.

I plan to try and replicate my simple WireGuard home network access and adguard home use on Openwrt before any potential switch from OPNsense.

Lastly, how do you update the OpenWRT firmware when run as an LXC with the least and shortest impact on your network? Install new and restore from backup? Maybe I am missing something obvious there.
 
vesalius said:
@Brandon168 following this post. I have set up a couple 22.03 OpenWRT LXC to see if they might be a more efficient and performant option as my home network router/firewall.

it’s early days, but can do you have resources on mwan3 for dual wan setup you can point me toward.

I plan to try and replicate my simple WireGuard home network access and adguard home use on Openwrt before any potential switch from OPNsense.

Lastly, how do you update the OpenWRT firmware when run as an LXC with the least and shortest impact on your network? Install new and restore from backup? Maybe I am missing something obvious there.
Click to expand...
Nice. Please share your findings. I’m excited about getting this all to work.

I pretty much followed this: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3

Imho WireGuard with openwrt seems much more straightforward than via pfsense. I know my outbound route is working but I can’t easily test the inbound until this switches over to primary.

Upgrading the “firmware” is an open question of mine as well. I don’t know how to goo about this easily. Worst case, I’m thinking backup production, restore to the upgraded lab and see how it goes. Honestly, I’m not exited about this route though.

It’s looking like pfsense will remain my primary for a while longer while a few of these things are ironed out.
 
Last edited:
updated my test OpenWRT LXC from 22.03.4 to 22.03.5 by creating a new container then restoring it from a backup of the 22.03.4 config I made. Can't figure out how to update the already running container.

OpenWrt in LXC containers
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!
Community platform by XenForo® © 2010-2023 XenForo Ltd.
Top Bottom
Back