OpenWrt 21.02.0-rc3 - Third Release Candidate - 17 June 2021

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 OpenWrt 21.02.0-rc3, r16172-2aba3e9784

The OpenWrt Project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

An upgrade from OpenWrt 19.07 to OpenWrt 21.02 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration. A configuration backup is advised nonetheless when upgrading to OpenWrt 21.02. (see “Upgrading” below).

Get OpenWrt Firmware at:

The OpenWrt community is proud to announce the new release candidate of the upcoming OpenWrt 21.02 stable version series. It incorporates over 5800 commits since branching the previous OpenWrt 19.07 release and has been under development for about one and a half year.

Changes in this release candidate since the previous 21.02.0-rc2 release candidate are:

  • Network is not working in failsafe mode: FS#3866
  • LuCI network migration tool now migrates custom bridge MAC addresses.
  • Linux kernel updated to version 5.4.124 (from 5.4.119 in v21.02.0-rc2)
  • mac80211 updated to version 5.10.42-1 (from 5.10.34-1 in v21.02.0-rc2)
  • wireless-regdb updated to version 2021.04.21 (from 2020.11.20 in v21.02.0-rc2)
  • opkg Shows better error message when some dependencies are missing
  • sdk, imagebuilder json-c, libnl-tiny, libubox, ubus, uci and lua are marked nonshared and will be taken from release build and not package build.
  • New devices SERCOMM NA502, Linksys EA8100 v1, Amped Wireless ALLY, Linksys E5600, JCG Q20, cudy WR2100, TP-Link Archer C6U v1 (EU), TP-Link Archer A6 v3, ZyXEL NR7101, ZTE MF283+
  • Device fixes for Xiaomi Router 3 Pro, HILINK HLK-7628N, WD My Net Wi-Fi Range Extender, ALLNET ALL-WAP02860AC, Senao APs, TP-Link AD7200

WPA3 was already supported in 19.07 but it was not provided by the default set of packages in OpenWrt images.

With 21.02, all packages necessary to provide WPA3 are installed by default in OpenWrt images.

TLS support is now provided by default in OpenWrt images including the trusted CA certificates from Mozilla. It means that wget and opkg now support fetching resources over HTTPS out-of-the-box. The opkg download server is accessed through HTTPS by default. OpenWrt switched from mbedTLS to wolfSSL as the default SSL library. mbedTLS and OpenSSL are still available and can be installed manually.

In addition, LuCI is now available over HTTPS in addition to HTTP. There is no automatic redirection to HTTPS on a fresh OpenWrt 21.02 installation; however, redirection will be enabled after upgrading from OpenWrt 19.07 to OpenWrt 21.02.

It is always possible to activate or deactivate the redirection to HTTPS like this:

uci set uhttpd.main.redirect_https=1   # 1 to enable redirect, 0 to disable redirect
uci commit uhttpd
service uhttpd reload

DSA stands for Distributed Switch Architecture and is the Linux standard to deal with configurable Ethernet switches.

OpenWrt 21.02 comes with initial support for DSA, which replaces the swconfig system that OpenWrt was using up until now. Not all targets have been ported: some devices still use swconfig while some devices already switched to DSA.

This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing swconfig configuration to DSA configuration (see “Upgrading” below).

The following targets are using a switch managed with DSA in OpenWrt 21.02:

Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt. More flash space is recommended for extensibility, see 8/64 warning

It is still possible to build custom OpenWrt images (e.g. using the ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM. However, the level of functionality will be reduced and there is no guarantee to stability. See OpenWrt on 4/32 devices for more details and guidance.

There have been several changes to the network configuration syntax in /etc/config/network:

  • in config interface, option ifname has been renamed to device (since it refers to a device section)
  • in config device of type bridge, ifname has been renamed to ports
  • for new installs, the generated configuration now creates separate sections for layer 2 (config device) and layer 3 (config interface) configuration

The old syntax is still supported to facilitate transition, and there is no automated migration when upgrading.

However, the LuCI web interface detects old-style configuration and will propose to migrate it to the new syntax. This is necessary to be able to edit network configuration through LuCI.

New UCI syntax

The new configuration style looks like this:

config device
	option name 'br-lan'
	option type 'bridge'
	option macaddr '00:01:02:XX:XX:XX'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr ''
	option netmask ''
	option ip6assign '60'

config device
	option name 'eth1'
	option macaddr '00:01:02:YY:YY:YY'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

This example uses DSA with lanX interface names. A non-DSA device would use more classical ethX interface names.

Changes to board.json

In addition, network fields in board.json have also been renamed from “ifname” to “device”. In addition, DSA bridges now expose their list of ports in a “ports” attribute.

If you rely on board.json, this change is not backwards compatible.

Example for a DSA bridge:

"network": {
        "lan": {
                "ports": [
                "protocol": "static"
        "wan": {
                "device": "wan",
                "protocol": "dhcp"

Example for a classical swconfig switch configuration:

"network": {
        "lan": {
                "device": "eth0",
                "protocol": "static"
        "wan": {
                "device": "eth1",
                "protocol": "dhcp"

A new realtek target has been added, which is often found in managed switches. As a result, it is now possible to run OpenWrt on devices with a significant number of Ethernet ports. See supported devices for realtek.

In addition, new bcm4908 and rockchip targets have been added.

Support for many new boards was added to the existing targets.

The ar71xx target was deprecated in OpenWrt 19.07 and has been gradually replaced by ath79, see ar71xx-ath79 migration.

With OpenWrt 21.02, the ar71xx has now been removed and users must use ath79 instead. If you are still running with the ar71xx target, it is recommended to reinstall OpenWrt 21.02 from scratch. Users already on the ath79 target can use sysupgrade to upgrade to OpenWrt 21.02.

Other targets were also removed: cns3xxx, rb532 and samsung.

Network exposed user space applications are linked as position-independent executable (PIE) to allow full Address Space Layout Randomization (ASLR) support. This makes it harder for attackers to exploit OpenWrt. See Hardening build options for more details.

Multiple Linux kernel compile options, needed for Linux Containers (LXC) and procd-ujail are activated by default for most targets. This allows to use LXC and ujail with the normal release builds.

It is possible to compile OpenWrt with SELinux support. This is currently not activated by default.

FIXME: this should be updated for the final 21.02.0 release.

Core components have the following versions in 21.02.0:

  • Updated toolchain:
    • musl libc 1.1.24
    • glibc 2.33
    • gcc 8.4.0
    • binutils 2.34
  • Updated Linux kernel
    • 5.4.124 for all targets
  • Network:
    • hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81
    • cfg80211/mac80211 from kernel 5.10.42
    • wireguard backport from upstream Linux kernel
  • System userland:
    • busybox 1.33.1

In addition to the listed applications, many others were also updated.

Sysupgrade can be used to upgrade a device from 19.07 to 21.02, and configuration will be preserved in most cases.

:!: Sysupgrade from 18.06 to 21.02 is not supported.

:!: There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

:!: The default root file system partition size changed for targets/devices relying on booting from mass storage (HDD, USB flash, SD card, etc.), so MBR will change and any additional partition will be deleted when sysupgrading.

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/06/25 06:14
  • by zorun