[Guide] Run OpenWrt as a container in Proxmox

Thanks aparcar and rkkoszewski/rkk2025 for the work you´ve done at https://github.com/mikma/lxd-openwrt!

This guide adds some more details to the instructions found at https://bugzilla.proxmox.com/show_bug.cgi?id=2044 by rkkoszewski/rkk2025. ·

NOTES

PREPARE BUILD ENVIRONMENT It's recommended you use Debian or Ubuntu on the build system. The following additional packages are required on Ubuntu 18.04:

sudo apt install -y build-essential subversion fakeroot gawk gpg

RETRIEVE BUILD SCRIPTS To build it manually just follow these steps,

Clone the lxd-openwrt repo:

git clone https://github.com/mikma/lxd-openwrt

To build a template that works with Proxmox, change directory into the top level of the cloned repo. The build.sh script has the following defaults (2019-09-11):

And supports the following options:

Relying on defaults, we simply have to give the script a single parameter to build what is needed:

./build.sh -t plain

Here´s another example which includes some additional packages:

./build.sh -t plain -p "luci-app-sqm sqm-scripts luci-app-ddns ddns-scripts ddns-scripts_no-ip_com iptables-mod-checksum"

UPLOAD OPENWRT TEMPLATE TO PVE Use WinSCP (or similar) to download the template from the build environment to your own computer. The file is located in the "bin folder" in the repo you initially cloned with a naming pattern such as "openwrt-18.06.4-x86-64-plain.tar.gz".

Upload the template to a PVE template directory using the PVE UI by clicking the "local (PVE)" storage on node PVE, and then select "Content" menu option and click the "Upload" button. Change Content to "Container Template" and locate your file and finally upload it.

CREATE A OPENWRT CONTAINER SSH into the PVE host, and create a container for OpenWRT by executing:

pct create 201 local:vztmpl/openwrt-18.06.4-x86-64-plain.tar.gz --rootfs local-lvm:0.4 --ostype unmanaged --hostname openwrt1806 --arch amd64 --cores 4 --memory 256 --swap 0

Notes about "pct create" command:

Recommended but optional configuration. Remove any other lxc.includes that might be already in that config file, and add these lines to the container config file in (/etc/pve/lxc/201.conf)

lxc.include: /usr/share/lxc/config/openwrt.common.conf lxc.include: /usr/share/lxc/config/common.conf lxc.cap.drop: sys_admin lxc.mount.entry: tmp tmp tmpfs rw,nodev,relatime,mode=1777 0 0

ADD A WAN-SIDE BRIDGE TO THE PVE HOST´S NETWORK CONFIGURATION This guide is based on the assumption that have a network card with two physical ports, where the LAN port is named "enp2s0f0" and WAN port is named "enp2s0f3". If needed, change these names to fit your setup. You probably already have a bridge named "vmbr0" as part of the default PVE setup, anyhow it should looks something like this and be physically connected to your internal LAN.

Create a new bridge named "vmbr1" and assign it the physical LAN port connected to your WAN:

ADD LAN & WAN NETWORKS TO OPENWRT CONTAINER Connect the OpenWRT container to your LAN bridge (vmbr0) by adding a virtual network adapter in the PVE UI. It could have these properties:

Add another network for the WAN side. This time connect it to the WAN side bridge ("vmbr1")

SET CONTAINER START-UP OPTIONS + START IT! Change container option "Start at boot" to "Yes", and then start the container

FINAL STEPS - A COUPLE OF CONFIGURATION FIXES IN OPENWRT OpenWRT root user password and network configuration for the LAN side is missing and has to be manually set up.

Access the OpenWRT container´s console through the PVE console by executing:

pct enter 201

Set a password for the root user

passwd [your password]

Open the file where OpenWRT keeps interface configuration:

vi /etc/config/network

And configure the "lan" interface to something like this

Finally, reboot the container, and now you should be able to access the OpenWRT UI through 192.168.1.1 and hopefully everything works out well!