OpenWRT

OpenWrt 是適用於嵌入式裝置的一個Linux發行版。相對原廠韌體而言，OpenWrt 不是一個單一、靜態的韌體，而是提供了一個可添加軟體套件的可寫的檔案系統。這使使用者可以自由的選擇應用程式和組態，而不必受裝置提供商的限制，並且可以使用一些適合某方面應用的軟體套件來客製化你的裝置。

NanoPi R4S
OpenWRT One
Upgrade Firmware
Network Hardening
VPN
Wireless
Additional Software
Quick Start
Custom Feeds Source

NanoPi R4S

URLs

Hardware

FriendlyWRT

https://wiki.friendlyelec.com/wiki/index.php/FriendlyWrt

Install OS

Download: http://download.friendlyelec.com/NanoPiR4S
File: rk3399-sd-friendlywrt-23.05-docker-20231031.img.gz

Flash Utility

dd
win32diskimager
balenaEtcher

First Boot

Account: root / password (empty password in some versions)
Web:
- http://friendlywrt/
- http://192.168.2.1/

Hardware SPEC.

SoC: Rockchip RK3399
- CPU: big.LITTLE，Dual-Core Cortex-A72(up to 2.0GHz) + Quad-Core Cortex-A53(up to 1.5GHz)
- GPU: Mali-T864 GPU，supports OpenGL ES1.1/2.0/3.0/3.1, OpenCL, DX11, and AFBC
- VPU: 4K VP9 and 4K 10bits H265/H264 60fps decoding, Dual VOP, etc
PMU: RK808-D PMIC, cooperated with independent DC/DC, enabling DVFS, software power-down, RTC wake-up, system sleep mode
RAM: 1GB DDR3/4GB LPDDR4
Flash: no Onboard eMMC
Ethernet: one Native Gigabit Ethernet, and one PCIe Gigabit Ethernet
USB: two USB 3.0 Type-A ports
Pin header extension interface
- 2x5-pin header: SPI x 1, I2C x 1
- 4-pin header: USB 2.0
microSD Slot x 1
Debug: one Debug UART, 3 Pin 2.54mm header, 3V level, 1500000bps
LEDs: 1 x power LED and 3 x GPIO Controlled LED (SYS, LAN, WAN)
others:
- 2 Pin 1.27/1.25mm RTC battery input connector
- one User Button
- one 5V Fan connector
Power supply: DC 5V/3A, via USB-C connector or Pin header
PCB: 8 Layer, 66 mm x 66 mm
Temperature measuring range: 0℃ to 80℃

OpenWRT One

URLs

Hardware

Specification

SoC	MediaTek MT7981B (Filogic 820) dual-core Cortex-A53 processor @ 1.3 GHz
System Memory	1GB DDR4
Storage	256 MB SPI NAND flash for U-boot and Linux 16 MB SPI NOR flash for write-protected (by default) recovery bootloader (reflashing can be enabled with a jumper) Two types of flash devices are used to make the board almost unbrickable M.2 2242/2230 socket for NVMe SSD (PCIe gen 2 x1)
Networking	1 x 2.5GbE RJ45 port 1 x Gigabit Ethernet RJ45 port Dual-band WiFI 6 via MediaTek MT7976C (2×2 2.4 GHz + 3×3/2×2 + zero-wait DFS 5Ghz) 3x MMCX antenna connectors
USB	1x USB 2.0 Type-A host port USB Type-C (device, console) port using Holtek HT42B534-2 UART to USB chip
Expansion	MikroBUS socket for expansion modules
Debugging	Console via USB-C port or 3-pin header, 10-pin JTAG/SWD header for main SoC
RTC	support RTC onboard
Misc	Reset and User buttons Boot select switch: NAND (regular) or NOR (recovery) 2x PWM LEDs, 2x Ethernet LED (GPIO driven) EM6324 External hardware watchdog NXP PCF8563TS (I2C) RTC with battery backup holder for CR1220 coin-cell
Power Supply	15V USB-PD on USB-C port Optional 802.3at/af PoE via RT5040 module
Dimensions	148 x 100.5 mm compatible with Banana Pi BPI-R4 case design
Certifications	FCC/EC/RoHS compliance

Interface

Installation

Firmware Download

Download1: https://firmware-selector.openwrt.org/?version=24.10.1&target=mediatek%2Ffilogic&id=openwrt_one
Download2: https://downloads.openwrt.org/releases/

First Power up

第一次啟動時，每台Openwrt One都會根據目前的製造批次日期更新最新的OpenWrt版本韌體。

在裝置開機之前，請確認 NAND/NOR 開關設定為 NAND
透過乙太網路 192.168.1.1 連接到裝置的 1G 連接埠
開啟裝置電源，等待綠燈亮起表示裝置已開機
將瀏覽器指向 192.168.1.1 來使用 LuCI GUI，或從終端會話透過 ssh root@192.168.1.1。

FAQ

Why are there are 2 different flash chips?

The idea is to make the device (almost!) unbrickable and very easy to recover.

NAND will hold the main loader (U-Boot) and the Linux image and will be the
default boot device
NOR will be write-protected by default (with WP jumper available on the board) and will hold a recovery bootloader (and other essential data, like Wi-Fi calibration)
a dedicated boot select switch will allow changing between NOR and NAND

What will the M.2 slot be used for?

We will use M.2 with M-key for NVMe storage. There is a work-in-progress patch to make PCIe work inside the U-Boot bootloader. This will allow booting other Linux distributions such as Debian and Alpine directly from NVMe.

Why is there no USB 3.x host port on the device?

The USB 3.x and PCIe buses are shared in the selected SoC silicon, hence only a single High-Speed USB port is available

What is the purpose of the console USB-C port?

Holtek UART to USB bridge with CDC-ACM support on USB-C makes the device ultra easy to communicate with. No extra hardware or drivers will be required. Android for example has CDC-ACM support enabled by default.

What MAC OUI will the device have?

We plan to register an OUI block for OpenWrt which can also be used for other vendor extensions such as Wi-Fi beacon IEs.

What is the purpose of the mikroBUS connector?

mikroBUS was chosen as we wanted to make the hardware extendable. There are dedicated pins for UART, SPI, I2C buses and RST/INT signals. The standard uses regular 2.54 mm pitch connectors (you can use available mikroBUS modules or just connect to it something else, with 2.54 mm jumper cables).

Why have the RTC on board instead of a mikroBUS module?

We believe there are many things a Wi-Fi (or networking in general) device should have on-board by default. Always having a correct time on the device is crucial in many applications, like VPN, DNSSEC, …

Upgrade Firmware

Download

選擇適合機型的韌體

Download1: https://firmware-selector.openwrt.org/?version=24.10.1&target=mediatek%2Ffilogic&id=openwrt_one
Download2: https://downloads.openwrt.org/releases/

Using LuCI GUI

Firmware 格式：sysupgrade
Upgrade: LuCI Web → System → Backup / Flash Firmware → Flash new firmware image

Using CLI

Firmware 格式：sysupgrade
sysupgrade 指令說明：https://openwrt.org/docs/techref/sysupgrade

Command

# example downloading the OpenWrt 15.05 upgrade image for a TP-LINK TL-WR1043ND ver. 1.x router
cd /tmp
wget http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/openwrt-15.05-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin
 
# check the integrity of the image file via md5sums (older images)
wget http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/md5sums
md5sum -c md5sums 2> /dev/null | grep OK
 
# check the integrity of the image file via sha256sums
wget http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/sha256sums
sha256sum -c sha256sums 2> /dev/null | grep OK
 
# the desired result is that the downloaded firmware filename is listed with "OK" afterwards
 
####################################################
# Initiate sysupgrade with your desired options
# by default ( no -n ) settings are kept
####################################################
sysupgrade -v /tmp/openwrt-15.05-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin

Using USB drive

OpenWRT One

prepare a FAT32 formatted USB drive that contains the sysupgrade.itb file from either the SNAPSHOT or Release repositories
remove power
insert the USB stick in the Type A USB Port.
make sure NAND boot switch is selected.
press and hold the button on the back side labeled Reset
power up the device. Release the Reset button as soon as all LEDS turn off.
wait for the middle LED to go green.

The device will boot from NAND and the bootloader will reflash the kernel and root filesystem on the NAND.

Network Hardening

Solutions

VPN

PPTP

PPTP Server

PPTP in LAN not working

LAN 網路的電腦無法連接外網的 PPTP VPN Server

解決：OpenWRT 預設不支援 PPTP 連線，需安裝 kmod-nf-nathelper-extra。

opkg update
opkg install kmod-nf-nathelper-extra

重啟設備後，重新再試一次。

OpenVPN

OpenVPN

Wireless

Enable Wi-Fi

[OpenWrt Wiki] Enabling a Wi-Fi access point on OpenWrt

LuCI Web → Network → Wireless → Edit :

General Setup:
- Country Code: TW
- ESSID: OpenWRT
Wireless Security:
- Encryption: WPA2-PSK or WPA3-SAE
- Key: <your-wireless-password>
- Save
Save & Apply
Enable

Additional Software

Network Monitor

nlbwmon

opkg install luci-app-nlbwmon luci-i18n-nlbwmon-zh-tw

Netdata

Add the custom feed: fantastic-packages
Run opkg install luci-app-netdata

中文化介面

opkg install luci-i18n-base-zh-tw

Themes

Argon

Download *.ipk: https://github.com/jerrykuku/luci-theme-argon
Install: opkg install luci-theme-argon_2.3.2-r20250207_all.ipk

Quick Start

DHCP

Enable DHCP Server

LuCI Web → Network → Interfaces → Edit: lan → DHCP Server → General Setup

Ignore interface : 啟用（不勾）/ 關閉（勾）
Start : 100（IP 位址從 *.100 開始分配）
Limit : IP 分配最多數量

LuCI Web → Network → DHCP and DNS → General

Allocate IPs sequentially : 勾選（依順序分配 IP）

Disable IPv6 for LAN

LuCI Web → Network → Interfaces → Edit: lan → DHCP Server → IPv6 Settings

RA-Service : disabled
DHCPv6-Service : disabled
NDP-Proxy : disabled

DHCP Options

可以指定 IP 配發時的 DNS 位址與 Gateway 位址，且透過 tag 設定，可以設定不同裝置有不同的 DNS 與 Gateway 位址。

LuCI Web → Network → Interfaces → Edit: lan → DHCP Server → Advanced Settings → DHCP-Options

6 指定 DNS : 6,4.4.4.4
3 指定 Gateway : 3,192.168.8.254
包含tag ipphone 的所有裝置，指定 Gateway : tag:ipphone,3,192.168.8.253
！不包含 tag sensor 的所有裝置，指定 Gateway: tag:!sensor,3,192.168.8.252

為 IP（裝置）設定 tag

LuCI Web → Network → DHCP and DNS → Static Leases

Custom Feeds Source

fantastic-packages

/etc/opkg/customfeeds.conf :

<major.minor version> : 24.10（系統版本）
<package arch> : aarch64_cortex-a53（系統架構）

# fantastic-packages Packages
# URL: https://github.com/fantastic-packages/packages/tree/gh-pages#readme
src/gz fantastic_packages_luci https://fantastic-packages.github.io/packages/releases/<major.minor version>/packages/<package arch>/luci
src/gz fantastic_packages_packages https://fantastic-packages.github.io/packages/releases/<major.minor version>/packages/<package arch>/packages
src/gz fantastic_packages_special https://fantastic-packages.github.io/packages/releases/<major.minor version>/packages/<package arch>/special

Add usign pub-keys to opkg

Download https://fantastic-packages.github.io/packages/releases/<major.minor version>/<KEY-ID>.pub
Put to /etc/opkg/keys/<key-id>, note filename must be lowercase

KEYID=<KEY-ID>
mkdir /etc/opkg/keys 2>/dev/null
curl -sSL -o /etc/opkg/keys/${KEYID,,} "https://fantastic-packages.github.io/packages/releases/<major.minor version>/${KEYID}.pub"