OpenWRT

Installation on OpenWRT

• Requirements
• OpenWRT Software Package Repository
• Netify Custom Feed vs Command Line
• Adding the Netify Custom Feed Signing Key
• OpenWRT 23.05
• OpenWRT 22.03
• OpenWRT 21.02
• OpenWRT 19.07
• Hardware Targets Other than x86
• System Integrator and Edge Device OEM
• Post Installation
• Netify Informatics
• Next Steps

Requirements

OpenWRT's underlying software is ubiquitous in edge gateway computing - especially on smaller footprint devices. It is used by OEM's like GLiNet as well as reference platforms from organizations like the prpl Foundation.

In this role, the system will need at least 2 network interfaces:

• Network Interface #1: used to access the operating system and Netify
• Network Interface #2: used to ingest port mirror traffic from LAN segment 1
• Network Interface #N: used to ingest port mirror traffic from LAN segment N (optional)

Depending on the amount and type of network traffic, a minimum of 256MB RAM is required.

You will also need to know which version of OpenWRT you are running in order to add the correct repository. If you're not sure, cat the /etc/os-release file:

cat /etc/os-release 
NAME="OpenWrt"
VERSION="21.02-SNAPSHOT"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 21.02-SNAPSHOT"
VERSION_ID="21.02-snapshot"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r0+16524-6d8fbf8d79"
OPENWRT_BOARD="ipq40xx/generic"
OPENWRT_ARCH="arm_cortex-a7_neon-vfpv4"
OPENWRT_TAINTS="no-all"
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt 21.02-SNAPSHOT r0+16524-6d8fbf8d79"

OpenWRT Software Package Repository

Like many distributions, OpenWRT has it's own software package repository. It contains thousands of packages to extend the functionality of OpenWRT. The Netify agent was accepted into the OpenWRT ecosystem in 2019 and continues to be supported today. It makes it very easy to install Netify, either from Luci or the command line (see below).

One difference between supporting OpenWRT and most other Linux distributions is that OpenWRT is generally installed on a much more diverse landscape of hardware. Where Ubuntu and Debian are typically installed on x86 architecture, OpenWRT is compiled for many different Platforms (or Targets). Compiling Netify for dozens of custom chipsets is one of the many benefits of being accepted into the OpenWRT community.

One drawback, however, is that the Netify agent version usually lags behind the latest versions of the Netify software due to differences in the release dates and OpenWRT policies around upgrades. If you are interested in installing the latest Netify version and you are installing on a physical or virtual machine using x86 instruction set, the documentation below is for you.

Netify Custom Feed vs Command Line

Adding the Netify repository to your OpenWRT server has three main advantages:

• Automatically resolves and install dependencies
• Increases security through the use of signed packages
• Allows for auto or simplified updates in the future

Adding the Netify Custom Feed Signing Key

In order to add Netify's custom feed to your OpenWRT router, you'll need to add both the custom feed and the public key used to sign Netify packages.

The Netify public signing key, key-build.pub can be found in the root folder of the OpenWRT branch of the download mirrors Netify maintains. This key needs to be added to OpenWRT's package manager (opkg) keys folder, found in /etc/opkg/keys

https://download.netify.ai/5/openwrt/

OpenWRT requires this public key to be renamed with the fingerprint (usign -F -p /path/to/key-build.pub) as the filename. Using wget, we can download and correctly rename the file in one step:

wget  https://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/b18c240cb821dad2

In the event Netify changes the build key and does not update this documentation, it is perhaps safer to import the key in two steps:

wget  https://download.netify.ai/5/openwrt/key-build.pub -O /etc/opkg/keys/key-build.pub
usign -F -p /etc/opkg/keys/key-build.pub | xargs mv /etc/opkg/keys/key-build.pub

OpenWRT 23.05

Adding Netify Custom Feed

Step 1: Ensure you have added the Netify public signing key using the instructions provided.

Step 2: Add the Netify Custom feed location to the /etc/opkg/customfeeds.conf file.

echo 'src/gz netify https://download.netify.ai/5/openwrt/23.05/x86' >> /etc/opkg/customfeeds.conf

Step 3: Update the list of available packages and install Netify.

opkg update
opkg install netifyd

Command Line Installation

Open a browser and navigate to https://download.netify.ai/5/openwrt/23.05/x86. Find the version you would like to install, right click over the filename and select "Copy link address".

opkg update
cd /tmp/
wget https://download.netify.ai/5/openwrt/23.05/x86/netifyd_5.0.44-1_x86_64.ipk
opkg install ./netifyd_5.0.44-1_x86_64.ipk

OpenWRT 22.03

Adding Netify Custom Feed

Step 1: Ensure you have added the Netify public signing key using the instructions provided.

Step 2: Add the Netify Custom feed location to the /etc/opkg/customfeeds.conf file.

echo 'src/gz netify https://download.netify.ai/5/openwrt/22.03/x86' >> /etc/opkg/customfeeds.conf

Step 3: Update the list of available packages and install Netify.

opkg update
opkg install netifyd

Command Line Installation

Open a browser and navigate to https://download.netify.ai/5/openwrt/22.03/x86. Find the version you would like to install, right click over the filename and select "Copy link address".

opkg update
cd /tmp/
wget https://download.netify.ai/5/openwrt/22.03/x86/netifyd_5.0.44-1_x86_64.ipk
opkg install ./netifyd_5.0.44-1_x86_64.ipk

OpenWRT 21.02

Adding Netify Custom Feed

Step 1: Ensure you have added the Netify public signing key using the instructions provided.

Step 2: Add the Netify Custom feed location to the /etc/opkg/customfeeds.conf file.

echo 'src/gz netify https://download.netify.ai/5/openwrt/21.02/x86' >> /etc/opkg/customfeeds.conf

Step 3: Update the list of available packages and install Netify.

opkg update
opkg install netifyd

Command Line Installation

Open a browser and navigate to https://download.netify.ai/5/openwrt/21.02/x86. Find the version you would like to install, right click over the filename and select "Copy link address".

opkg update
cd /tmp/
wget https://download.netify.ai/5/openwrt/21.02/x86/netifyd_5.0.44-1_x86_64.ipk
opkg install ./netifyd_5.0.44-1_x86_64.ipk

OpenWRT 19.07

Adding Netify Custom Feed

Step 1: Ensure you have added the Netify public signing key using the instructions provided.

Step 2: Add the Netify Custom feed location to the /etc/opkg/customfeeds.conf file.

echo 'src/gz netify https://download.netify.ai/5/openwrt/19.07/x86' >> /etc/opkg/customfeeds.conf

Step 3: Update the list of available packages and install Netify.

opkg update
opkg install netifyd

Command Line Installation

Open a browser and navigate to https://download.netify.ai/5/openwrt/19.07/x86. Find the version you would like to install, right click over the filename and select "Copy link address".

opkg update
cd /tmp/
wget https://download.netify.ai/5/openwrt/19.07/x86/netifyd_5.0.44-1_x86_64.ipk
opkg install ./netifyd_5.0.44-1_x86_64.ipk

Hardware Targets Other than x86

By convention, until more recent versions of Netify are pushed through the OpenWRT build ecosystem, packages for OpenWRT will only be compiled and available for x86 architecture in the Netify Download servers. If you are an individual looking to run a more recent version of Netify on your OpenWRT router, please contact us - there is a chance we have binaries compatible for your hardware target.

System Integrators and Edge Device OEM

If you are a system integrator or OEM of an edge computing device and would like to incorporate the Netify agent into your software stack, please contact us. Our team routinely compiles Netify source code (both open and proprietary) using your custom buildroot environment.

Post Installation

After installing the agent, verify the installation and some path information using the -s (status) argument.

netifyd -s
Netify Agent/5.0.44-1-HEAD-nnnn-aaaaaaaa (debian; linux-gnu; x86_64; conntrack; netlink; dns-cache; tpv3; tcmalloc; regex)
✗ agent is not running: PID 0
• persistent state path: /etc/netifyd
• volatile state path: /var/run/netifyd
! agent run-time status could not be determined.

Netify Informatics

Netify Informatics is an optional, cloud-based, SaaS service. It uses analytics and Machine Learning to transform telemetry originating from the Netify DPI Agent into high-level network intelligence and visibility. The solution provides insights into what's happening on the network in areas that include:

• Device Identification and Management
• Cybersecurity Risk
• Forensics
• Regulatory Compliance

To learn more about Netify Informatics, click here.

In addition to the Netify agent being installed, two plugins are required:

• Netify Proc Core
• Netify Sink HTTP

If you installed the agent by configuring a Netify software repository, simply run:

opkg update
opkg install netify-proc-core netify-sink-http

If you installed the agent manually, you will also need to install the plugin packages manually.

• Install Netify Processor Core
• Install Netify Sink HTTP

Once the plugins have been installed, run the following two commands:

netifyd --enable-informatics
netifyd -p

The first command will enable and auto configure the two plugins that were installed as well as restarting the Netify agent. The second command will display your Netify Agent UUID (in the form xx-xx-xx-xx) that will be needed when you provision the agent to your Netify Informatics account.

Next Steps

• Packet capture with the Netify agent
• Installing the Netify Core processor plugin
• Installing the Netify Socket sink plugin