Eastern Europe have increasingly become the front line of defensive cyber security strategy. The Czech Republic has a Domain Registry CZ.NIC who amongst servicing the .eu domain, also conducts projects around defencing public security. Project “Turris” (a hard shell sea snail) was erected to project Czech citizens in home networks, and created a network of satellite routers that provided information to support cyber incident response and improve the registrar and nation’s defensive capability.
The units that were used as result of that project were spun off as a Indigogo kickstarter project, and was announced at FOSDEM 2016. Originally targeted at $100K, it reached $857K at the end of deadline and after the campaign achieved $1.22M. Confident the project had clear demand. It is one of the few open source routers that have a distributed attack prevention system supported by aggregating the attacks across other Turris Omnia owners. Participation in telemetry is optional.
Buying a unit supports improving the Open Source networking software, and allows participation in a wider distributed community of increasingly secure routing systems, through updates and telemetery. Shut-up and take my money!
There are scarce developer resources, and it takes a while to port the code from the mainline kernel into this embedded distribution, many devices including the Turris Omnia are 32 bit, a architecture that’s increasingly difficult to support as distributions are pushing to deprecate 32 bit. As you can see the OpenWRT distribution lags Linus’s Kernel by between 1 - 2 years on average.
| Code name | General availability | Kernel | Mainline date | Days Lag | Years Lag |
|---|---|---|---|---|---|
| 0.9 (White Russian) | 2007-02-05 | 2.4.30 | 2001-01-04 | 2223 | 6.09 |
| 7.06 (Kamikaze) | 2007-06-02 | 2.6.19 | 2006-11-29 | 185 | 0.51 |
| 8.09 (Kamikaze) | 2009-02-19 | 2.6.26 | 2008-07-13 | 221 | 0.61 |
| 10.03 (Backfire) | 2010-04-07 | 2.6.32 | 2009-12-02 | 126 | 0.35 |
| 12.09 (Attitude Adjustment) | 2013-04-25 | 3.3.0 | 2012-03-18 | 403 | 1.10 |
| 14.07 (Barrier Breaker) | 2014-10-02 | 3.10.49 | 2013-06-30 | 459 | 1.26 |
| 15.05 (Chaos Calmer) | 2015-09-11 | 3.18.20 | 2014-12-07 | 278 | 0.76 |
| 17.01.0 (Reboot OpenWrt) | 2017-02-22 | 4.4.50 | 2016-01-10 | 409 | 1.12 |
| 18.06.0 | 2018-07-31 | 4.9.111 | 2016-12-11 | 597 | 1.64 |
| 19.07.0 | 2020-01-06 | 4.14.162 | 2017-11-12 | 785 | 2.15 |
| 21.02.0 | 2021-09-04 | 5.4.143 | 2019-11-24 | 650 | 1.78 |
| 22.03.0 | 2022-09-06 | 5.10.138 | 2020-12-13 | 632 | 1.73 |
| 23.05.0 | 2023-10-13 | 5.15.134 | 2021-10-31 | 712 | 1.95 |
Shortly after CZ.NIC embarked on the Turris Omnia, there were upstream organisational issues on the Upstream OpenWRT project forked away for 2 years from problems with the development practices in 2018 they merged together again adopting many of the requests of the LEDE fork (Linux Embedded Development Environment) codebase. Reviewing payloads and the release cadence, whilst they do lag the kernel more at the moment the release cadence is more consistent and regular. In the midst of this Turris have layered their reFloris web UI on the OpenWRT foundations, and their UI operates in parallel with the OpenWRT LuCI UI. The rate of UI development of the reFloris UI looks to overtake parity with most of LuCI elements by end of 2024. OpenWRT have the harder issue of making LuCI compliant for a wider number of devices. How old this the Busy-Box version in your router?
Power, compute and I/O in embedded systems are significantly lower, hence several of the programs I’m used to are either running on minimal implementations or substituted for faster less capable but lighter weight implementations. Table of Differences. Unified Configuration Interface (UCI) will take some getting used to, as these are dynamic configuration files, so Ansible does not play so easily. I set my “plays” for run_once: true as a hack. Requires more research…
I’ll document my adventures in using this router shortly…