The OpenWrt community is proud to announce the first stable release of the OpenWrt 24.10 stable series.

Download firmware images via the Firmware Selector or directly from our download servers:

• Download firmware image for your device (firmware selector)
• Download firmware images directly from OpenWrt download servers

An upgrade from OpenWrt 23.05 to OpenWrt 24.10 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration. A configuration backup is advised nonetheless when upgrading to OpenWrt 24.10. (see “Upgrading” below).

About OpenWrt

The OpenWrt Project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

Announcements about new releases and security fixes

Do you want to be informed about important changes such as new releases and security fixes?

We have a new mailing list for this, as well as RSS options: see Important changes and announcements.

Highlights in OpenWrt 24.10

OpenWrt 24.10.0 incorporates over 5400 commits since branching the previous OpenWrt 23.05 release and has been under development for over one year.

General changes

• Upgrades of many components to new versions like the Linux kernel from version 5.15 to 6.6
• TLS 1.3 support in default images
  • mbedtls was updated to version 3.6 which includes support for TLS 1.3
• Activate POSIX Access Control Lists and file system security attributes for all file systems on devices with big flash sizes. This is needed by docker nowadays.
  • This is activated for all targets which do not have the small_flash feature flag. small_flash is set for the ath79/tiny, bcm47xx/legacy, lantiq/ase, lantiq/xrx200_legacy, lantiq/xway_legacy, ramips/mt76x8, ramips/rt288x, ramips/rt305x and ramips/rt3883 targets.
• Activate kernel support for Multipath TCP on devices with big flash sizes.
• Improved support for WiFi6 (802.11ax) and initial support for WiFi7 (802.11be)
  • Not many Wifi7 devices are supported by OpenWrt yet
• Improved Link Layer Discovery Protocol (LLDP) support
• OpenWrt 24.10 uses OPKG only, APK packages are not supported. Only main branch was changed to APK.

Many new devices added

OpenWrt 24.10 supports over 1970 devices. Support for over 100 new devices was added in addition to the device support by OpenWrt 23.05.

• Added support for OpenWrt One

Target changes

• Added d1 target for AllWinner D1 RISC-V SoC
• Added ixp4xx target for Intel XScale IXP4xx SoCs.
• Added loongarch64 target for SoCs with Loongson LoongArch CPUs.
• Added starfive target for StarFive JH71x0 (7100/7110) SoCs.
• Added stm32 target for STMicroelectronics STM32 SoCs.
• Renamed ipq807x target to qualcommax.
• Removed ath25 target. It supported Atheros ieee80211g devices with maximum 16MB RAM
• Removed bcm63xx target. It supported some Broadcom DSL MIPS SoCs and was replaced by the bmips target. The Broadcom DSL itself was never supported.
• Removed octeontx target. It supported the Octeon-TX CN80XX/CN81XX based boards
• Removed oxnas target. It supported the PLXTECH/Oxford NAS782x/OX8xx
• The qoriq target for the NXP QorIQ (PowerPC) SoCs is built
• The ipq806x target for Qualcomm Atheros IPQ806X SoCs was converted to DSA
• Added support for Airoha AN8855 DSA Switch (Xiaomi AX3000T ship both Mediatek and Airoha Switch in the same revision)

Core components update

Core components have the following versions in 24.10.0:

• Updated toolchain:
  • musl libc 1.2.5
  • glibc 2.38
  • gcc 13.3.0
  • binutils 2.42
• Updated Linux kernel
  • 6.6.73 for all targets
• Network:
  • hostapd master snapshot from September 2024, dnsmasq 2.90, dropbear 2024.86
  • cfg80211/mac80211 from kernel 6.12.6

In addition to the listed applications, many others were also updated.

Upgrading to 24.10

Sysupgrade can be used to upgrade a device from 23.05 to 24.10, and configuration will be preserved in most cases. For for upgrades inside the OpenWrt 24.10 stable series for example from a OpenWrt 24.10 release candidate Attended Sysupgrade is supported in addition which allows preserving the installed packages too.

⚠ Sysupgrade from 22.03 to 24.10 is not officially supported.

⚠ There is no configuration migration path for users of the ipq806x target for Qualcomm Atheros IPQ806X SoCs because it switched to DSA. You have to upgrade without saving the configuration. Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

⚠ User of the Linksys E8450 aka. Belkin RT3200 running OpenWrt 23.05 or earlier will need to run installer version v1.1.3 or later in order to reorganize the UBI layout for the 24.10 release. A detailed description is in the OpenWrt wiki. Updating without using the installer will break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

⚠ Users of the Xiaomi AX3200 aka. Redmi AX6S running OpenWrt 23.05 or earlier have to follow a special upgrade procedure described in the wiki. This will increase the flash memory available for OpenWrt. Updating without following the guide in the wiki break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

⚠ Users of Zyxel GS1900 series switches running OpenWrt 23.05 or earlier have to perform a new factory install with the initramfs image due to a changed partition layout. Sysupgrade will show a warning before doing an incompatible upgrade and is not possible.

Known issues

• LEDs for Airoha AN8855 are not yet supported. Devices like the Xiaomi AX3000T with an Airoha switch will have their switch LEDs powered off. This issue will be addressed in an upcoming OpenWrt SNAPSHOT and the OpenWrt 24.10 minor release.
• 5GHz WiFi is non-functional on certain devices with ath10k chipsets. Affected models include the TP-Link Archer C60 v1, TP-Link Archer C6 v2, and possibly others. For details, see issue #14541.
• Ethernet link instability on some MT7530 switches. Users experiencing unstable Ethernet connections should disable Energy-Efficient Ethernet (EEE) as a workaround. See issue #17351 for more information.
• Kernel warning in ath10k-ct driver at startup. The warning WARNING: CPU: 3 PID: 1695 at backports-6.9.9/net/mac80211/main.c:270 ieee80211_do_open+0x4e8/0x5e0 [mac80211] appears during boot but is harmless and can be ignored. See issue #15959 for details.

Final notes

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

Hey everyone!

I just ordered a Flint 2 to replace a TP-Link AX3000 (keeping as a backup) primarily for the faster WG VPN, to try an open source OS and try to segment my network for security and to manage devices easier. But I’m feeling a tad overwhelmed trying to do research. I’ve got a background in IT, so I’m not concerned with flashing firmware or SSH. But networking concepts always take a minute to sink in.

Current situation

• AX3000 is connected to 1G Fios
• Unmanaged 1G Netgear switch at entertainment center (TV, PS5, Apple TV, Hue Hub)
• Poorly daisy chained unmanaged Cisco 1G switch at my desk with my server (Proxmox on old Mac Mini), PiHole Pi and Mac Studio
• 5Ghz and 2.4Ghz with Hue bulbs, iPhones, Steam Deck etc
• Slow WG VPN on AX3000

The dream

• OpenWRT (open source OS router) which hopefully the Flint 2 works out
• 1G managed switch at entertainment center
• 2.5G (or 10G supposedly because I can’t find prosumer 2.5G options) managed switch at my desk
• Build a NAS (Node 304) to replace the Mac Mini hardware, make sure it has a 2.5G/10G NIC so my Studio to NAS connection is fast
• VLAN and Firewall rules to separate IoT, servers, personal devices and ensure everything is secure but also ensure the correct devices can talk to each other (phone turn on lights, HomePod accessible from iPad)
• WG VPN where I can access all of these VLANs and manage my services (something I can’t seem to figure out on the AX3000)
• Also fix my wiring to my bedroom so the switches aren’t daisy chained, it’s a tiny rented NYC apartment

Questions

• Any recommendations for articles, videos or forums/communities with tutorials for OpenWRT VLAN/Firewall setup similar to my goals? Anything specific to the Flint 2?
• Tips or guidance on how to divide my network appropriately and still allow communication between devices?
• Switch suggestions that you know will work well with the Flint 2? Also thoughts on the 2.5G vs 10G situation, spent ages looking at expensive switches and got window shopping fatigue
• What am I missing or forgetting about?

Finally, if this is not the appropriate place to post this, please provide suggested communities. I went back to the community that shall not be named because I was struggling to find comparable Lemmy communities. Oh boy was that a depressing experience and I really want to build out what I used to have on Reddit in Lemmy, but I can’t find active alternatives.

Thank you in advance to anyone that read this far 😊

I have read the documentation and googled extensively but, when I try to initiate WPS, I always receive a response of "FAIL". Nobody else seems to have this issue, so what am I doing wrong?

I only want to enable this temporarily as it is the only way I know to connect a doorbell camera that I obtained for free and need to "hack".

> uci show wireless | grep wps
wireless.wifinet6.wps_pushbutton='1'

> hostapd_cli wps_pbc
Selected interface 'phy1-ap3'
FAIL

I have tried on both a Turris Omnia (OpenWRT 23.05.3) and TP-Link Archer C7 (OpenWRT 23.05.2). On each, and per the instructions, I installed hostapd-utils and replaced the stock wpad-basic-mbedtls with the full-featured version (I tried both wpad and wpad-mbedtls).

I have 4 WLANs on each radio. I tried configuring the single WLAN of interest with the option wps_pushbutton '1' as well as setting it on all WLANs on that radio (per a suggestion I found), but same result.

I've tried adding other wps_… options, rebooting, and everything in between, but same result. I don't see anything relevant in the syslog, and can't find a way to increase verbosity for hostapd. I've even looked at the source code for hostapd_cli which didn't really help.

Any thoughts?

For example, privacy violating linksys or netgear, or devices with components running improper firmware with a 14 year old vulnerability?

The reason that I ask, although I don't want this to impact the quality of answers, is that I'm shopping for a new router that is secure and private but rather than paying commercial and industrial prices I would rather get a consumer router and overwrite it's software.