My OpenWRT Packages & Plugins & Tips & Tricks - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Saturday, April 17, 2021

My OpenWRT Packages & Plugins & Tips & Tricks

This post is to collect some of packages using on my OpenWRT router. The list is still adding. Once more packages tested and used, they will be added in this post for future reference. 

Terminal integration in LUCI: luci-app-ttyd

This package intigrates ttyd in LUCI. Two packages to install, ttyd and luci-app-ttyd. 


Argon is a clean HTML5 theme for LuCI. Users may setup their own favorite logins, including beautiful pics and customized mp4 videos.

Github address:

You will have to use TTYD to do installation. 

For openwrt official 19.07 Snapshots LuCI master

opkg install luci-compat
wget --no-check-certificate
opkg install luci-theme-argon*.ipk

DNS based ad/abuse domain blocking - Adblock

Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your OpenWRT router. Adblock on OpenWrt uses DNS to block Ads by becoming your first-hop DNS server, and returning IP address not found when the queried for the address of the an Ads server. 

Some installed packages and enabled feature to get ADBlock working:
- adblock - luci-app-adblock - curl/wget/uclient-fetch - Enable DNS Reporting - tcpdump /tcpdump-mini

Github :

vlmcsd - KMS server

Github project:

Install following two packages 

You will need to find right architecture ipk file for your OpenWRT system. All pre-compiled ipk files can be found from:

You will need to click the ipk link then go to download page:

vlmcsd_svn1113-1_x86_64.ipk download address:

vlmcsd_svn1113-1_i386_pentium4.ipk download address:

Activate Windows steps:

1. Open Command Prompt or Powershell, type: slmgr /upk, unload Windows existing product key

2. if it is win 10 pro version, enter: slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX

(Please find you key from following list or search online)

Windows VL KMS Product Key list:

Win10专业版KMS: W269N-WFGWX-YVC9B-4J6C9-T83GX

Win10企业版KMS: NPPR9-FWDCX-D2C8J-H872K-2YT43


Win10家庭版KMS: TX9XD-98N7V-6WMQ6-BX7FG-H8Q99




3. Enter : slmgr /skms OpenWRT vlmcsd server address)

4. Activate : slmgr /ato

OFFICE Activation steps:

1. locate your office folder. 

If you are using OFFICE 2016 32B,the folder directory is :

C:\Program Files (x86)\Microsoft Office\Office16

open the folder directory, you will find this file : OSPP.VBS

If you are using OFFICE 2016 64B ,the folder directory is :

C:\Program Files\Microsoft Office\Office16

2. From powershell, 
cd “C:\Program Files (x86)\Microsoft Office\Office16”(your office folder directory)

3. enter: cscript ospp.vbs /sethst: OpenWRT vlmcsd server address)

4. activate your office: cscript ospp.vbs /act

C:\Windows\system32>slmgr /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43

C:\Windows\system32>slmgr /skms

C:\Windows\system32>slmgr /ato


DDNS for CloudFlare

Install packages
  1. Login to you router
  2. Go to [System] -> [Software]
  3. In {Actions} tab, click the <Update lists> button
  4. Install the following package
    • luci-app-ddns

Settings for CloudFlare

Creating a DNS A record for

  1. Login to your CloudFlare account
  2. Go to your domain, in my example it will be ‘’
  3. Go to [DNS]
  4. Click <+Add record>
  5. In {Type} field select:
    • A
  6. In {Name} field input:
    • ddns
  7. In {IPv4 address} field input a random IP first, for example,
  8. Change Proxy Status from Proxied to DNS Only
  9. Click <Save> button

Copy your global API key:
  1. Go to [My Profile]
  2. Go to {API Tokens} tab
  3. Go to {API Keys} section
  4. Click the <View> button at {Global API Key}
  5. Copy that API key and it will in used in the next section

Add DDNS entry in OpenWRT

  1. Go to [Services] -> [Dynamic DNS]
  2. In section {Overview} -> {Basic} tab
  3. In drop down menu {DDNS Service provider [IPv4]}:
  4. Go to input field and input
  5. Click <Add> button and it will go into the details page
  6. Ensure {Enabled} field:
    • Marked with tick
  7. In {Lookup Hostname} input field:
  8. In {IP address version} select:
    • IPv4-Address
  9. In {Domain} field in put your domain with a @ character:
  10. In {Username} field:
  11. In {Password} field:
    • The Global API Key from CloudFlare
  12. In section {Overview} -> {Advanced Settings} tab
  13. In {URL to detect [IPv4]} field
  14. In {Event Network [IPv4]} field
    • wan or lan , depending on which port is used for externa traffic
  15. Click <Save & Apply> button

YouTube Videos

OpemWRT Image Download

OpenWRT Command Line

OpenWRT comes with a program called uci, or Unified Configuration Interface. This utility allows you to temporary or permanently modify the system configuration files in the /etc/config/ directory. Also allows for easy scripting.

The syntax is broken into three parts. The first two are mandatory with the [arguments] field being optional depending on the [option]

uci options commands arguments

[commands] is also broken down into three parts: file.section.option. Section can be called by their name, such as lan, wan as in /etc/config/network or wifi0 in /etc/config/wireless. Sections that do not have names can be called their position in the array of sections. An example of this is wireless.@wifi-iface[0].ssid

To view a configuration file such as /etc/config/network:

uci export network

Making or adding a new value to a section, in this case the default gatway, is easy as typing:

uci set network.lan.gateway=
uci set network.@interface[1].gateway=

To add and delete options use uci add or uci delete:

uci delete wireless.@wifi-iface[0].encryption

It is also possible to set DHCP options, such as the gateway or DNS servers to push to clients. Refer to this website to find the DHCP option codes.

uci add_list network.lan.dhcp_option="3,"

When done making changes you must run:

uci commit [configuration]
example: uci commit network

It is possible to change the behavior of startup services.

Syntax /etc/init.d/network [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if that fails)
enable Enable service autostart
disable Disable service autostart

Resetting Root Password

If you have forgotten the root password or if the root password no longer works, you have to use the Failsafe Mode and Factory Reset.

From there, you don't have to reset the whole configuration. Note that fail safe mode does not require a password for authentication of root (!)

You only have to mount the root file system and set a new password with passwd and then trigger a restart. In fail safe mode, passwd will not ask for the old password (that you may have forgotten):

root@(none):~# mount_root
switching to jffs2 overlay
root@(none):/rom/root# passwd
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
root@(none):/rom/root# reboot -f



No comments:

Post a Comment