Openwrt

Setting up OpenWrt extroot, rootfs on USB storage

Configuration of OpenWrt extroot on a TP-Link MR-3220 v2.4 router.

Though I did this on a MR-3220, this guide also applies to other routers like TP-Link WR703N, MR3020, D-Link DIR-505 etc etc. Just make sure you have downloaded the correct firmware for your router.

So the final choice is for a router with 4MB flash, choose only OpenWrt 14.07 or earlier and ext4 as extroot filesystem. None of them will fit in the 288 KB free JFFS2 space, so I didn’t tested them.

Installing OpenWrt

Assuming you have a PC running a Linux distribution, this is required for flashing the firmware and

Download the OpenWrt 14.07 firmware

wget -c https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3220-v2-squashfs-factory.bin

WARNING: Do it at your own risk, event with great precautions there is a chance of bricking the router. If possible connect the router to an UPS before flashing it.

  1. Power on the router and connect a PC through ethernet straight cable to one of four the LAN ports.
  2. Open up a browser and go to this address; 192.168.0.1 to access the web interface and login. Username: admin Password: admin .
  3. Go to the System Tools > Firmware Upgrade choose the previously downloaded OpenWrt firmware with the Browse *button and Hit the *Upgrade button.
  4. Wait for few minutes to let the flashing complete and automatic reboot.

Installation is complete now your PC will automatically receive a different IP via DHCP.

Initial OpenWrt setup

For first time we have to use telnet to login into OpenWrt,

telnet 192.168.1.1

or if you don’t have telnet try this

busybox telnet 192.168.1.1

after login, change the password to enable ssh

passwd root

now exit from the telnet session with *exit *command and re-login with SSH,

ssh root@192.168.1.1

If you are unable to ssh to openwrt that asks for a diffie-hellman-group1-sha1 key exchange method with the following error message..

Unable to negotiate with 123.123.123.123 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

By adding the following line on the client to ~/.ssh/config, the above issue can be resolved.

Host 123.123.123.123

KexAlgorithms +diffie-hellman-group1-sha1

Source: https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0/ ↗

Installing necessary packages

At this step the router must be connected to the internet, you could use your existing DSL/cable internet for this purpose or share an existing connection from your PC. I personally did it by sharing my 3G connection with Network-Manager from my laptop.

Make sure that the router could connect to the internet

ping -c 4 8.8.8.8

Update opkg package repository and install necessary packages to support USB storage device and ext4 filesystem kernel module.

opkg update
opkg install kmod-usb-storage kmod-scsi-core block-mount
opkg install kmod-fs-ext4

That’s all, check free flash space with df -h , do not install anything more ! if you try to do so, any packages larger than 10KB will return no space left on device error.

Now load all necessary kernel modules with modprobe command.

modprobe sd_mod
modprobe usb-storage
modprobe ext4

Or simply reboot the device with reboot command.

Partitioning the USB drive

Lets partition the USB drive, another question, how much space should I use for the extroot partition? Just 100-200 MB is more than enough, I allocated a 200 MB ext4 partition for extroot, you could use more if you wish. I used Gparted for partitioning a 4 GB USB drive.

Now safely remove the USB drive and plug it in the routers USB port.

Notes from Prabu

Remember to use the MBR instead of GPT as partition table type. Since I used ext4,I need to install these two extra packages for ext4 filesystem support kmod-lib-crc32c and *kmod-crypto-crc32c *, or I should have formatted the USB drive to ext2/ext3. I used a 16GB stick and created a partition size of 5xxMB.

Configuring the OpenWrt extroot

After plugging the USB drive, it should show up as a storage device under the /dev directory as /dev/sda1 , /dev/sda2 etc. Simply go through the commands bellow

Mount the USB drive, change /dev/sda2 according to yours

mount /dev/sda2 /mnt

Copy data from /overlay partition to the USB drive

tar -C /overlay/ -c . -f - | tar -C /mnt/ -xf -

Un-mount the USB drive

sync && umount /dev/sda2

Configure /etc/config/fstab to mount the USB drive as /overlay partition

block detect > /etc/config/fstab

Now edit the /etc/config/fstab to mount the etxt4 partition, /dev/sda2 at /overlay partition at startup such that /etc/config/fstab appears as follows:

config 'global'
option anon_swap '0'
option anon_mount '0'
option auto_swap '1'
option auto_mount '1'
option delay_root '5'
option check_fs '0'
config 'mount'
option target '/overlay'
option uuid'7669178c-3f77-4fb1-b421-6ec6f61be672'
option enabled '1'

Set the target to /overlay, and change the option enabled line from 0 to 1 . Now enable the fstab service at startup

/etc/init.d/fstab enable

and check it

readlink -f /etc/rc.d/*fstab

reboot the router with the reboot command if required.

Check if the extroot is working or not

After the reboot is complete login to the router with ssh again and check the free disk space with df and mount command.

df -h
mount

The df commnd should return a lot of free space available at rootfs, that means extroot is working fine. Test it again by installing some big packages, example:

opkg install e2fsprogs

Download the below wrt image.

https://downloads.openwrt.org/releases/18.06.9/targets/ar71xx/tiny/openwrt-18.06.9-ar71xx-tiny-tl-wr841-v11-squashfs-factory.bin ↗

Installing the above firmware through tp-link web ui will fail. So must use tftp installation method

TFTP recovery/install via bootloader

Set your PC to use the static IP address 192.168.0.66 and Install atftpd from repository on Debian/Ubuntu/Mint

Create directory where you want to put the image file

Put an OpenWrt factory in the root directory of an TFTP server and name it as wr841nv11_tp_recovery.bin.

Change the ownership of the folder and the file in it

Run TFTP server (run as daemon, do not fork, log events to stdout)

Check if your TFTP server is listening

If not set, you should try running TFTP server as superuser.

Power on the router while pressing the reset button until the lock LED is lighting up.

Wait for the router to reboot.

TFTP server log may contain info about firmware image name that router requested. Something like: Read request for file <*wr841nv11_tp_recovery.bin*> . Mode octet [21/11 09:45:27.574]

Source: https://openwrt.org/toh/tp-link/tl-wr841nd#tftp_recovery_via_bootloader_for_v8_v9_v10_v11_v12_v13 ↗

https://openwrt.org/docs/guide-user/troubleshooting/tftpserver ↗

Initial OpenWrt setup

Initial OpenWrt setup is same as MR3220

Followed the steps in the the below link in toto:

Source: https://openwrt.org/docs/guide-user/network/wifi/atheroswds ↗

Configuring the Access Point

example from /etc/config/wireless on the access point device:

root@OpenWrt_FF:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option macaddr '18:A6:F7:EF:AB:16'
option channel '11'
option hwmode '11g'
option path 'platform/qca953x_wmac'
option htmode 'HT20'
option legacy_rates '1'
option country 'IN'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option wds '1'
option encryption 'psk2'
option key 'mypassword'

Configuring Wireless Client Bridge Device

Preparing the device for the bridging.

If this is a new OpenWrt setup, a DHCP server is enabled on the lan interface of the device by default. This needs to be disabled before the device is connected to the production network (assuming the production network already has DHCP set up). To do so, edit the/etc/config/dhcpfile. Find the config dhcp ’lan’ section and add the line option ignore ‘1’ to this section. This will disable the DHCP server on the lan interface.

Reconfigure the lan interface to have another address than the default static IP assignment of 192.168.1.1. Edit the/etc/config/networkfile. Set the IP to an another address from the same subnet. For example 192.168.1.2. After rebooting the router, remember to access the console & config via the new IP addess.

Edit the/etc/config/wirelessfile. In the radio0 section, make sure that the wireless settings match the values in the access point.

Further down in the same file, modify the wifi-iface section to include the desired SSID to which to connect (the same one as on the access point) and ensure WDS is enabled by setting this value to 1.

Example from /etc/config/wireless on the wireless client bridge device.

root@OpenWrt_GF:~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option macaddr 'F8:1A:67:41:5E:4A'
option hwmode '11g'
option path 'platform/ar933x_wmac'
option htmode 'HT20'
option country 'IN'
option txpower '20'
option disabled '0'
option channel '11'
config wifi-iface
option ssid 'OpenWrt'
option encryption 'psk2'
option device 'radio0'
option mode 'sta'
option bssid '18:A6:F7:EF:AB:16'
option key 'mypassword'
option wds '1'
option network 'lan'

Disconnect the device from the wired network and reboot the device without any wired connection. Any wired devices connected via Ethernet to the LAN ports on the repeater should now be transparently bridged into the main network over the wireless link.

Enabling wireless connection

Create a new wireless interface. You can simply add it in LuCi → WiFi, or create a new wifi-iface section in etc/config/wireless. Copy all the values from the existing interface, but make two changes: use mode ‘ap’ instead of ‘sta’ and leave out the WDS option or set it to 0. SSID and key may be the same as with the host SSID for transparent roaming, but they can also be different. As long as you connect this new interface to /lan, which is the default, your other wireless devices connecting through this AP will also be seen as part of the big network.

config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt_GF'
option network 'lan'
option encryption 'psk2'
option key 'mypassword' #or can be anything.

`* Configuring usb storage as file server using samba

Created an ext4 partition on usb drive and mounted it on mount point /mnt/usb_stick.

Enabled the fstab. Added the UID of the partition i.e /dev/sda2.

Installing samba

Decided to do the configuration of samba without luci.

Installed samba server using the below command

opkg update
opkg install samba36-server

Configuring firewall for samba

Configure the uci firewall as per below steps

uci -q delete firewall.samba_nsds
uci set firewall.samba_nsds="rule"
uci set firewall.samba_nsds.name="Allow-Samba/NS/DS"
uci set firewall.samba_nsds.src="lan"
uci set firewall.samba_nsds.dest_port="137-138"
uci set firewall.samba_nsds.proto="udp"
uci set firewall.samba_nsds.target="ACCEPT"
uci -q delete firewall.samba_ss
uci set firewall.samba_ss="rule"
uci set firewall.samba_ss.name="Allow-Samba/SS"
uci set firewall.samba_ss.src="lan"
uci set firewall.samba_ss.dest_port="139"
uci set firewall.samba_ss.proto="tcp"
uci set firewall.samba_ss.target="ACCEPT"
uci -q delete firewall.samba_smb
uci set firewall.samba_smb="rule"
uci set firewall.samba_smb.name="Allow-Samba/SMB"
uci set firewall.samba_smb.src="lan"
uci set firewall.samba_smb.dest_port="445"
uci set firewall.samba_smb.proto="tcp"
uci set firewall.samba_smb.target="ACCEPT"
uci commit firewall

Restart the firewall service.

/etc/init.d/firewall restart

Configuring Samba for User Level Access

Decided to follow the /User level access / ↗ as security for the samba.

Add user to system

Added unix user smb_guest by directly editing /etc/passwd file in openwrt as per suggestionin

smb_guest:*:1001:65534:nobody:/var:/bin/false

Add samba password to user

Set the samba passwd for the user

root@OpenWrt_GF:~# touch /etc/samba/smbpasswd
root@OpenWrt_GF:~# smbpasswd -a smb_guest
New SMB password:
Retype SMB password:

Change samba config

Change the config to accept users with null passwords. Actually this was already there as default. However the below was added..

Added min protocol = SMB2 to the template /etc/samba/smb.conf.template as per suggestion

Add a share

Then add a share to /etc/config/samba. Make shure that guest ok is set to no.

cat /etc/config/samba
config samba
option 'name' 'OpenWrt'
option 'workgroup' 'WORKGROUP'
option 'description' 'OpenWrt'
option 'homes' '1'
config 'sambashare'
option 'read_only' 'no'
option 'create_mask' '0700'
option 'dir_mask' '0700'
option 'name' 'smb_tempupload'
option 'path' '/mnt/usb_disk/tempupload'
option 'guest_ok' 'no'

Save and Restart Samba

After adding sambashare information, save it through uci commit command

Saving changes made to /etc/samba/smb.conf.template and /etc/config/samba

uci commit samba
/etc/init.d/samba restart

Now all the changes are reflected in both the files i.e /var/etc/smb.conf and /etc/samba/smb.conf

cat /var/etc/smb.conf

[global]
netbios name = OpenWrt
display charset = UTF-8
interfaces = 127.0.0.1/8 lo 192.168.1.2/24 br-lan
server string = OpenWrt
unix charset = UTF-8
workgroup = WORKGROUP
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min protocol = SMB2
min receivefile size = 16384
null passwords = yes
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
use sendfile = yes
writeable = yes

[homes]
comment = Home Directories
browsable = no
read only = no
create mode = 0750

[smb_tempupload]
path = /mnt/usb_disk/tempupload
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

Custom configuration surpassing the UCI configuration

I did not make use of this optionfor now.

sudo mount -t cifs -o guest,vers=1.0,dir_mode=0777,file_mode=0666
//192.168.1.2/share /mnt/ext_part2

https://forums.linuxmint.com/viewtopic.php?t=319630 ↗

The above command works to read the directory, but is unable to write.

https://github.com/vanaware/openwrt/wiki/samba ↗

https://openwrt.org/docs/guide-user/services/nas/cifs.server ↗

https://openwrt.org/docs/guide-user/services/nas/samba ↗

https://openwrt.org/docs/guide-user/services/nas/usb-storage-samba-webinterface ↗

https://redacacia.me/2013/04/08/openwrt-usb-external-storage-with-rootfs-swap/ ↗

https://www.klseet.com/networking/router-firmware/openwrt ↗

https://openwrt.org/docs/guide-user/storage/usb-drives ↗

https://linuxconfig.org/how-to-extend-lede-openwrt-system-storage-with-an-usb-device ↗

https://serverfault.com/questions/630631/how-to-make-samba-share-to-not-ask-for-password ↗

https://forum.openwrt.org/t/authentification-problems-with-samba/25418/6 ↗

Disabling IPV6

https://superuser.com/questions/1104484/disable-ipv6-with-openwrt ↗

Setting up unified WiFi

Used below instructions from Claude to change settings in Openwrt in early sep'25.

# Make both SSIDs the same name for seamless roaming
uci set wireless.default_radio0.ssid='OpenWrt'
uci set wireless.wifinet1.ssid='OpenWrt'

# Enable 802.11r fast transition for better roaming
uci set wireless.default_radio0.ieee80211r='1'
uci set wireless.wifinet1.ieee80211r='1'
uci set wireless.default_radio0.mobility_domain='4f57'
uci set wireless.wifinet1.mobility_domain='4f57'

# Commit and apply changes
uci commit wireless
wifi reload

Netgear R6220

Netgear R6220 AC1200 was purchased on 8 May 2023

Attempts to use the R6220 as fileserver failed when attempted on a BTRFS filesystem. The cpu power is not sufficient to cater to the load and it affects the wifi network.

Maintenance logs

2025-09-15 - Used ‘‘‘owut upgrade’’’ command to update the firmware

Services

SLB authorisation

SLB lending authorisation emails are sent to Zerodha on all weekdays using msmtp .

Monitoring service

There is a monitoring script named ‘‘‘sbi_monitor.sh’’’ that runs daily to monitor http://github.com/sahilgupta/sbi-fx-ratekeeper ↗

The above website hosts the exchange rates published by SBI. This rate is required for tax filing purposes in India.

© Prabu Anand K 2020-2026