OpenWRT Aruba AP-303
Oh, look, it is 2026!
And things are mostly the same. New images to install listed at https://downloads.openwrt.org/releases/25.12.2/targets/ipq40xx/generic/ :
- https://downloads.openwrt.org/releases/25.12.2/targets/ipq40xx/generic/openwrt-25.12.2-ipq40xx-generic-aruba_ap-303-initramfs-uImage.itb
- https://downloads.openwrt.org/releases/25.12.2/targets/ipq40xx/generic/openwrt-25.12.2-ipq40xx-generic-aruba_ap-303-squashfs-sysupgrade.bin
And the package manager, opkg, has been replaced by a tool called apk. This seems to have nothing to do with Android's APK package files, though. An administrator's apk cheatsheet can be found at https://openwrt.org/docs/guide-user/additional-software/opkg-to-apk-cheatsheet.
So far, it is a bit more like Debian's apt-get tool. Getting all outstanding package updates is simply apk update; apk upgrade now.
Packages we want on our OpenWrt 25.12.x APs
- diffutils -- GNU text file delta generator, useful for comparing two versions of a config file
- usteer -- this steers WiFi clients toward the best frequency band and AP depending on signal strength, number of stations connected, and other factors.
And some basic system setup
OpenWrt has most (all?) of its config files stored under /etc/config. There is a CLI tool, uci, to manage them. Let's walk through setting up a new AP's hostname, and getting a juicy kernel random seed value set:
root@OpenWrt:~# uci show system system.@system[0]=system system.@system[0].hostname='OpenWrt' system.@system[0].timezone='GMT0' system.@system[0].zonename='UTC' system.@system[0].ttylogin='0' system.@system[0].log_size='128' system.@system[0].urandom_seed='0' system.@system[0].compat_version='1.1' system.ntp=timeserver system.ntp.enabled='1' system.ntp.enable_server='0' system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org' root@OpenWrt:~# uci set system.@system[0].hostname=fnord-ap303-4 root@OpenWrt:~# uci commit system root@OpenWrt:~# /etc/init.d/system reload root@fnord-ap303-4:~# uci set system.@system[0].urandom_seed=$(wget -q -O - 'https://www.random.org/cgi-bin/randbyte?nbytes=32&format=h' | tr -d ' ' | tr -d '\n') root@fnord-ap303-4:~# uci commit system root@fnord-ap303-4:~# /etc/init.d/system reload root@fnord-ap303-4:~#
paste might be the better standard UNIX tool for the tr -d '\n' in the above. But many of the things we might expect from GNU coreutils are not installed by default on OpenWrt. So we have tr remove spaces from the output from random.org's super awesome random bits delivery service and then have it remove the newlines, too. End result is the same.
Wired network config
Feed this block of text to uci import network and finish things off with an ASCII end-of-transmission marker (Ctrl-D) or whatever your termios end-of-file (EOF) character is.
package network config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd1f:ed39:f7d::/48' option packet_steering '1' config device option name 'br-lan' option type 'bridge' list ports 'lan' config interface 'lan' option device 'br-lan.10' option proto 'dhcp' config device option type '8021q' option ifname 'br-lan' option vid '1001' option name 'br-lan.1001' config device option type '8021q' option ifname 'br-lan' option vid '3900' option name 'br-lan.3900' config interface 'lan_1001' option device 'br-lan.1001' config interface 'lan_3900' option device 'br-lan.3900' config bridge-vlan option device 'br-lan' list ports 'lan:u*' option vlan '10' config bridge-vlan option device 'br-lan' option vlan '1001' list ports 'lan:t' config bridge-vlan option device 'br-lan' option vlan '3900' list ports 'lan:t'
This was pieced together experimentally over time. Not guided by the reference documentation. Mostly with the LuCI web UI. The ula_prefix global option value probably does not matter for anything I'm doing here.
Wireless network config
This is like the wired networking config previously. Except it has SSID security passwords in it. So I am not sharing the actual contents here. Essentially, though, feed a config to uci import wireless; uci commit wireless; sync; sleep 3; sync; reboot and things should work out OK.