OpenWrt 21.02.0 first release candidate
hauke at hauke-m.de
Mon Apr 26 22:05:03 BST 2021
The OpenWrt community is proud to announce the first release candidate
of the upcoming OpenWrt 21.02 stable version series. It incorporates
over 5800 commits since branching the previous OpenWrt 19.07 release and
has been under development for about one and a half year.
WPA3 support included by default
WPA3 was already supported in 19.07 but it was not provided by the
default set of packages in OpenWrt images.
With 21.02, all packages necessary to provide WPA3 are installed by
default in OpenWrt images.
TLS and HTTPS support included by default
TLS support is now provided by default in OpenWrt images including the
trusted CA certificates from Mozilla. It means that wget and opkg now
support fetching resources over HTTPS out-of-the-box. The opkg download
server is accessed through HTTPS by default. OpenWrt switched from mbed
TLS to wolfSSL as the default SSL library, mbed TLS and OpenSSL are
still available and can be installed manually.
Initial DSA support
DSA stands for Distributed Switch Architecture and is the Linux standard
to deal with configurable Ethernet switches.
OpenWrt 21.02 comes with initial support for DSA, which replaces the
swconfig system that OpenWrt was using up until now. Not all targets
have been ported: some devices still use swconfig while some devices
already switched to DSA.
This is a significant change to how switch ports and VLANs are managed.
As such, sysupgrade will not be able to convert existing swconfig
configuration to DSA configuration (see “Upgrading” below).
The following targets are using a switch managed with DSA in OpenWrt 21.02:
* ath79 (only TP-Link TL-WR941ND)
* mediatek (most boards)
Increased minimum hardware requirements: 8 MB flash, 64 MB RAM
Due to new features being introduced and the general size increase of
the Linux kernel, devices now need at least 8 MB of flash and 64 MB of
RAM to run a default build of OpenWrt.
It is still possible to build custom OpenWrt images (e.g. using the
ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM.
However, the level of functionality will be reduced and there is no
guarantee to stability. See OpenWrt on 4/32 devices for more details and
New hardware targets
A new realtek target has been added, which is often found in managed
switches. As a result, it is now possible to run OpenWrt on devices with
a significant number of Ethernet ports. See supported devices for realtek.
In addition, new bcm4908 and rockchip targets have been added.
Support for many new boards was added to the existing targets.
Dropped hardware targets
The ar71xx was deprecated in OpenWrt 19.07 and was gradually replaced by
ath79, see ar71xx-ath79 migration. With OpenWrt 21.02, the ar71xx has
been removed and users must use ath79 instead. If you are still running
with the ar71xx target, it is recommended to reinstall OpenWrt 21.02
from scratch. Users already on the ath79 target can use sysupgrade to
upgrade to OpenWrt 21.02.
Other targets were also removed: cns3xxx, rb532 and samsung.
Network exposed user space applications are linked as
position-independent executable (PIE) to allow full Address Space Layout
Randomization (ASLR) support. This makes it harder for attackers to
exploit OpenWrt. See Hardening build options for more details.
Kernel with container support
Multiple Linux kernel compile options, needed for Linux Containers (LXC)
and procd-ujail are activated by default for most targets. This allows
to use LXC and ujail with the normal release builds.
It is possible to compile OpenWrt with SELinux support. This is
currently not activated by default.
Core components update
Core components have the following versions in 21.02.0-rc1:
* Updated toolchain:
* musl libc 1.1.24
* glibc 2.33
* gcc 8.4.0
* binutils 2.35.1
* Updated Linux kernel
* 5.4.111 for all targets
* hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81
* cfg80211/mac80211 from kernel 5.10.16
* wireguard backport from upstream Linux kernel
* System userland:
* busybox 1.33.0
In addition to the listed applications, many others were also updated.
Upgrading to 21.02.0-rc1
Sysupgrade can be used to upgrade a device from 19.07 to 21.02, and
configuration will be preserved in most cases.
Sysupgrade from 18.06 to 21.02 is not supported.
There is no migration path for targets that switched from swconfig to
DSA. In that case, sysupgrade will refuse to proceed with an appropriate
Image version mismatch. image 1.1 device 1.0 Please wipe config during
upgrade (force required) or reinstall. Config cannot be migrated from
swconfig to DSA Image check failed
The default root file system partition size changed for targets/devices
relying on booting from mass storage (HDD, USB flash, SD card, etc.), so
MBR will change and any additional partition will be deleted when
* DSA support is new and might not be complete or fully working
* The LuCI web interface has no support for DSA yet
* LuCI writes unnecessary IPv6 RA options to /etc/config/dhcp if the
user edits interface's DHCP settings. This could prevent client IPv6
* Update luci-mod-network to git-21.107.58557 or later to fix this
Full release notes and upgrade instructions are available at
In particular, make sure to read the regressions and known issues before
For a very detailed list of all changes since 19.07, refer to
To download the v21.02.0-rc1 images, navigate to:
To stay informed of new OpenWrt releases and security advisories, there
are new channels available:
* a low-volume mailing list for important announcements:
* a dedicated "announcements" section in the forum:
* other announcement channels (such as RSS feeds) might be added in the
future, they will be listed at https://openwrt.org/contact
As always, a big thank you goes to all our active package maintainers,
testers, documenters, and supporters.
The OpenWrt Community
More information about the openwrt-devel