OpenWRT in Vmware as a light weight router and virtual host

OpenWrt is a Linux distribution for embedded devices and provides a fully writable filesystem with package management.

Also for me, it is perfect for running OpenWRT as a small router or virtual host in my virtual rack. I was using BSD Router (BSDRP) for this purpose quite a while. Now it seems better one coming.

To make a mark on it, I list all steps regarding how to load it in the Vmware workstation.

Using OVA file

Download Version 19.07.05 OVA : https://www.dropbox.com/s/4b0dy8d8iqf8a91/OpenWRT_x86_64_19.07.05.ova?dl=0

Or version 15.05: https://www.dropbox.com/s/ao805tl33mqe0an/openwrt15cc.ova

No password for root. 

Follow these steps to get an Up to Date VM with the latest code running on ESX in 15 minutes:

1. Import the OVA to VMware ESXi (tested with latest version 6 in July 2016)
   The base image only has 1 virtual NIC setup with DHCP
2. Power on the VM - observe the MAC Address - find that on you DHCP server
3. Confirm the OpenWrt VM's IP address by opening the console
4. Press enter to get a prompt
5. Type ifconfig | more to see the DHCP assigned IP address for the Bridge assigned to the NIC
6. If you don't have a DHCP server on your network you can set the IP Address manually: vi /etc/config/network
   The whole goal here is to get the OpenWrt VM on the network so you can hit the LuCI Web User Interface with a web browser. This way we can update the base image.
7. Once you've logged in to the LuCI web interface set a root password so you can ssh in
8. With the Web UI navigate to the System/Flash Operations page and find this text: Flash new firmware image - Upload a sysupgrade-compatible image here to replace the running firmware. Check “Keep settings” to retain the current configuration (requires an OpenWrt compatible firmware image).
9. On your admin system with the web browser download the latest file to prepare for the flash upgrade of OpenWrt: https://downloads.openwrt.org/chaos_calmer/15.05.1/x86/generic/openwrt-15.05.1-x86-generic-combined-ext4.img.gz ←- this was the most current available from https://downloads.openwrt.org/ dated 16 March 2016 (last checked 11 Sept 2016)
10. Then upload that to your running OpenWrt system and click “Flash Image…”
11. Reboot and login again.
12. Now you can add the second NIC to use the OpenWrt VM as a WAN router. I set mine up with both DHCP and Static IP addresses for the WAN - and the LAN interface was configured as a DHCP server.
13. To prepare for testing: install iperf3 and nmap from the System/Software page of the Web UI.
14. See the testing section below for details…
15. That's pretty much it. I'm very happy with this new setup. I was also looking at M0n0wall (monowall), and pfsense to run as VMs but OpenWrt has a lot more going for it as far as an Open Source eco-system and developer/vendor support.

Notes: https://openwrt.org/docs/guide-user/virtualization/vmware

Using VMDK file

1. Download the package from

https://downloads.openwrt.org/backfire/10.03.1/x86_generic/openwrt-x86-generic-combined-ext2.vmdk
MD5Sums：  a258b7a5787f6bd8c8169391941813f4  

There are some other versions we can use :

version 10.03.1 - https://archive.openwrt.org/backfire/10.03.1/x86_generic/openwrt-x86-generic-combined-ext2.vmdk

version 15.05.1 - https://downloads.libremesh.org/community_chaos/16.07/x86/generic/openwrt-15.05.1-x86-generic-combined-ext4.vmdk

It is also able to convert from any raw image file to vmdk format using qumu-img program. Here is the command in case you have latest image file:

qemu-img convert -f raw openwrt-15.05.1-x86-generic-combined-squashfs.img -O vmdk openwrt-15.05.1-x86-generic-combined-squashfs.vmdk

2. Create a vm with following configurations 

almost all are default settings except choosing Other Linux 2.6.x kernel as guest operating systemMemory = 32M
Hard Disk = 52M

Note: Named pipe configuration is not needed anymore. You can directly press enter to get into console after completed installation. 

In OpenWrt, the first interface (eth0) is setup as LAN by default. The second (eth1) is setup as WAN. You might need to adjust LAN and WAN interface configuration to match the VMWare network settings.

3. Choose IDE as your hard disk type

If the default SCSI type makes your vm stop at "Waiting for root device /dev/sda2...", you can choose IDE.

It wont be an issue in newer version of OpenWRT.

4. Booting Console Windows Outputs

Please be patient, while OpenWrt loads ...
- preinit -
Press the [f] key and hit [enter] to enter failsafe mode
- regular preinit -
- init -

Please press Enter to activate this console. natsemi dp8381x driver, version 2.1, Sept 11, 2006
  originally by Donald Becker <[email protected]>
  2.4.x kernel port by Jeff Garzik, Tjeerd Mulder
PPP generic driver version 2.4.2
ip_tables: (C) 2000-2006 Netfilter Core Team
NET: Registered protocol family 24
nf_conntrack version 0.5.0 (449 buckets, 1796 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
8139too Fast Ethernet driver 0.9.28
e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI
e100: Copyright(c) 1999-2006 Intel Corporation
Intel(R) PRO/1000 Network Driver - version 7.3.21-k5-NAPI
Copyright (c) 1999-2006 Intel Corporation.
ne2k-pci.c:v1.03 9/22/2003 D. Becker/P. Gortmaker
pcnet32.c:v1.35 21.Apr.2008 [email protected]
pcnet32 0000:02:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18
pcnet32: PCnet/PCI II 79C970A at 0x2000, 00:0c:29:cb:1b:48 assigned IRQ 18.
eth0: registered as PCnet/PCI II 79C970A
pcnet32 0000:02:01.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
pcnet32: PCnet/PCI II 79C970A at 0x2080, 00:0c:29:cb:1b:52 assigned IRQ 19.
eth1: registered as PCnet/PCI II 79C970A
pcnet32: 2 cards_found.
eth0: link up
sis900.c: v1.08.10 Apr. 2 2006
device eth0 entered promiscuous mode
br-lan: port 1(eth0) entering forwarding state
via-rhine.c:v1.10-LK1.4.3 2007-03-06 Written by Donald Becker



BusyBox v1.15.3 (2011-11-24 18:38:13 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 Backfire (10.03.1, r29592) ------------------------
  * 1/3 shot Kahlua    In a shot glass, layer Kahlua
  * 1/3 shot Bailey's  on the bottom, then Bailey's,
  * 1/3 shot Vodka     then Vodka.
 ---------------------------------------------------
[email protected]:/#

5. Basic Configuration with UCI Show command

[email protected]:/# uci
Usage: uci [<options>] <command> [<arguments>]

Commands:
        batch
        export     [<config>]
        import     [<config>]
        changes    [<config>]
        commit     [<config>]
        add        <config> <section-type>
        add_list   <config>.<section>.<option>=<string>
        show       [<config>[.<section>[.<option>]]]
        get        <config>.<section>[.<option>]
        set        <config>.<section>[.<option>]=<value>
        delete     <config>[.<section[.<option>]]
        rename     <config>.<section>[.<option>]=<name>
        revert     <config>[.<section>[.<option>]]
        reorder    <config>.<section>=<position>

Options:
        -c <path>  set the search path for config files (default: /etc/config)
        -d <str>   set the delimiter for list values in uci show
        -f <file>  use <file> as input instead of stdin
        -L         do not load any plugins
        -m         when importing, merge data into an existing package
        -n         name unnamed sections on export (default)
        -N         don't name unnamed sections
        -p <path>  add a search path for config change files
        -P <path>  add a search path for config change files and use as default
        -q         quiet mode (don't print error messages)
        -s         force strict mode (stop on parser errors, default)
        -S         disable strict mode
        -X         do not use extended syntax on 'show'

[email protected]:/# uci show
[email protected][0]=dnsmasq
[email protected][0].domainneeded=1
[email protected][0].boguspriv=1
[email protected][0].filterwin2k=0
[email protected][0].localise_queries=1
[email protected][0].rebind_protection=1
[email protected][0].rebind_localhost=1
[email protected][0].local=/lan/
[email protected][0].domain=lan
[email protected][0].expandhosts=1
[email protected][0].nonegcache=0
[email protected][0].authoritative=1
[email protected][0].readethers=1
[email protected][0].leasefile=/tmp/dhcp.leases
[email protected][0].resolvfile=/tmp/resolv.conf.auto
dhcp.lan=dhcp
dhcp.lan.interface=lan
dhcp.lan.start=100
dhcp.lan.limit=150
dhcp.lan.leasetime=12h
dhcp.wan=dhcp
dhcp.wan.interface=wan
dhcp.wan.ignore=1
[email protected][0]=dropbear
[email protected][0].PasswordAuth=on
[email protected][0].RootPasswordAuth=on
[email protected][0].Port=22
[email protected][0]=defaults
[email protected][0].syn_flood=1
[email protected][0].input=ACCEPT
[email protected][0].output=ACCEPT
[email protected][0].forward=REJECT
[email protected][0]=zone
[email protected][0].name=lan
[email protected][0].network=lan
[email protected][0].input=ACCEPT
[email protected][0].output=ACCEPT
[email protected][0].forward=REJECT
[email protected][1]=zone
[email protected][1].name=wan
[email protected][1].network=wan
[email protected][1].input=REJECT
[email protected][1].output=ACCEPT
[email protected][1].forward=REJECT
[email protected][1].masq=1
[email protected][1].mtu_fix=1
[email protected][0]=forwarding
[email protected][0].src=lan
[email protected][0].dest=wan
[email protected][0]=rule
f[email protected][0].name=Allow-DHCP-Renew
[email protected][0].src=wan
[email protected][0].proto=udp
[email protected][0].dest_port=68
[email protected][0].target=ACCEPT
[email protected][0].family=ipv4
[email protected][1]=rule
[email protected][1].name=Allow-Ping
[email protected][1].src=wan
[email protected][1].proto=icmp
[email protected][1].icmp_type=echo-request
[email protected][1].family=ipv4
[email protected][1].target=ACCEPT
[email protected][2]=rule
[email protected][2].name=Allow-DHCPv6
[email protected][2].src=wan
[email protected][2].proto=udp
[email protected][2].src_ip=fe80::/10
[email protected][2].src_port=547
[email protected][2].dest_ip=fe80::/10
[email protected][2].dest_port=546
[email protected][2].family=ipv6
[email protected][2].target=ACCEPT
[email protected][3]=rule
[email protected][3].name=Allow-ICMPv6-Input
[email protected][3].src=wan
[email protected][3].proto=icmp
[email protected][3].icmp_type=echo-request destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation
[email protected][3].limit=1000/sec
[email protected][3].family=ipv6
[email protected][3].target=ACCEPT
[email protected][4]=rule
[email protected][4].name=Allow-ICMPv6-Forward
[email protected][4].src=wan
[email protected][4].dest=*
[email protected][4].proto=icmp
[email protected][4].icmp_type=echo-request destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
[email protected][4].limit=1000/sec
[email protected][4].family=ipv6
[email protected][4].target=ACCEPT
[email protected][0]=include
[email protected][0].path=/etc/firewall.user
luci.main=core
luci.main.lang=auto
luci.main.mediaurlbase=/luci-static/openwrt.org
luci.main.resourcebase=/luci-static/resources
luci.flash_keep=extern
luci.flash_keep.uci=/etc/config/
luci.flash_keep.dropbear=/etc/dropbear/
luci.flash_keep.openvpn=/etc/openvpn/
luci.flash_keep.passwd=/etc/passwd
luci.flash_keep.opkg=/etc/opkg.conf
luci.flash_keep.firewall=/etc/firewall.user
luci.flash_keep.uploads=/lib/uci/upload/
luci.languages=internal
luci.languages.en=English
luci.sauth=internal
luci.sauth.sessionpath=/tmp/luci-sessions
luci.sauth.sessiontime=3600
luci.ccache=internal
luci.ccache.enable=1
luci.themes=internal
luci.themes.OpenWrt=/luci-static/openwrt.org
network.loopback=interface
network.loopback.ifname=lo
network.loopback.proto=static
network.loopback.ipaddr=127.0.0.1
network.loopback.netmask=255.0.0.0
network.lan=interface
network.lan.ifname=eth0
network.lan.type=bridge
network.lan.proto=static
network.lan.ipaddr=192.168.1.1
network.lan.netmask=255.255.255.0
[email protected][0]=system
[email protected][0].hostname=OpenWrt
[email protected][0].timezone=UTC
system.ntp=timeserver
system.ntp.server=0.openwrt.pool.ntp.org 1.openwrt.pool.ntp.org 2.openwrt.pool.ntp.org 3.openwrt.pool.ntp.org
[email protected][0]=network
[email protected][0].init=network
[email protected][0].affects=dhcp radvd
[email protected][0]=wireless
[email protected][0].affects=network
[email protected][0]=firewall
[email protected][0].init=firewall
[email protected][0].affects=luci-splash qos miniupnpd
[email protected][0]=olsr
[email protected][0].init=olsrd
[email protected][0]=dhcp
[email protected][0].init=dnsmasq
[email protected][0]=dropbear
[email protected][0].init=dropbear
[email protected][0]=httpd
[email protected][0].init=httpd
[email protected][0]=fstab
[email protected][0].init=fstab
[email protected][0]=qos
[email protected][0].init=qos
[email protected][0]=system
[email protected][0].init=led
[email protected][0].affects=luci_statistics
[email protected]_splash[0]=luci_splash
[email protected]_splash[0].init=luci_splash
[email protected][0]=upnpd
[email protected][0].init=miniupnpd
[email protected][0]=ntpclient
[email protected][0].init=ntpclient
[email protected][0]=samba
[email protected][0].init=samba
[email protected][0]=tinyproxy
[email protected][0].init=tinyproxy
uhttpd.main=uhttpd
uhttpd.main.listen_http=0.0.0.0:80
uhttpd.main.listen_https=0.0.0.0:443
uhttpd.main.home=/www
uhttpd.main.rfc1918_filter=1
uhttpd.main.cert=/etc/uhttpd.crt
uhttpd.main.key=/etc/uhttpd.key
uhttpd.main.cgi_prefix=/cgi-bin
uhttpd.main.script_timeout=60
uhttpd.main.network_timeout=30
uhttpd.main.tcp_keepalive=1
uhttpd.px5g=cert
uhttpd.px5g.days=730
uhttpd.px5g.bits=1024
uhttpd.px5g.country=DE
uhttpd.px5g.state=Berlin
uhttpd.px5g.location=Berlin
uhttpd.px5g.commonname=OpenWrt

6. Change Interface IP Address

• VI /etc/config/network
• or use UCI command

[email protected]:/# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:0C:29:CB:1B:48 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:109 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:25588 (24.9 KiB)  TX bytes:812 (812.0 B)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:CB:1B:48 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:109 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:27114 (26.4 KiB)  TX bytes:812 (812.0 B)
          Interrupt:18 Base address:0x2000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:864 errors:0 dropped:0 overruns:0 frame:0
          TX packets:864 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:60480 (59.0 KiB)  TX bytes:60480 (59.0 KiB)

[email protected]:/# uci set network.lan.proto=static
[email protected]:/# uci set network.lan.ipaddr=192.168.1.130
[email protected]:/# uci set network.lan.netmask=255.255.255.0
[email protected]:/# uci set network.lan.gateway=192.168.1.1
[email protected]:/# uci set network.lan.dns=8.8.8.8
 
[email protected]:/# /etc/init.d/network restart
br-lan: port 1(eth0) entering disabled state
device eth0 left promiscuous mode
br-lan: port 1(eth0) entering disabled state
eth0: link up
eth0: link up
device eth0 entered promiscuous mode
br-lan: port 1(eth0) entering forwarding state
[email protected]:/# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:0C:29:CB:1B:48 
          inet addr:192.168.1.130  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 7. Upload it to ESXi

8. Second Interface

By default, only eth0 is activated as lan interface and assigned ip address 192.168.1.1. It is much easier to add another Interface into OpenWRT through Web UI as shown below screenshot.

KoolShare Firmware:

Download: http://firmware.koolshare.cn/LEDE_X64_fw867/

VMDK format can be download from: http://firmware.koolshare.cn/LEDE_X64_fw867/虚拟机转盘或PE下写盘专用

References:

• http://wenku.baidu.com/view/a8bbe60516fc700abb68fc8c.html
• Configure OpenWRT Allow All Traffic (Routing All Traffic with Stateful Firewall)