Red alert indeed! Kamikaze 8.09 hit the shelves on March 4th and comes with a quite impressive changelog. The most intriguing addition to this already feature-packed embedded Linux distribution is the LuCi interface.

I have to admit I have never been more baffled by an OSS product.

The interface relies on Lua, an increasinly popular programming language, as its backbone. Despite all efforts, X-Wrt, the historical front-end of choice, suffered from some crucial shortcomings: it was not part of the OpenWrt project itself, so it is always a behind; it also did not (at least not with Kamikaze) allow in-depth configuration of some elementary settings, which made it fine for basic use, but kind of defeated the purpose of OpenWrt. Although LuCi is a separate project as well, it seems to be much more feature complete. Unlike LuCi though, X-Wrt has never been adopted officially by the OpenWrt team - the X-Wrt developers always provided their own OpenWrt images with their interface integrated.

My router has run both 7.0x releases. Coming from Oleg's firmware, I tried X-Wrt, but decided to dump it altogether, install the default OpenWrt image, and configure the router over SSH - the good old way. It might look like a drastic decision; but OpenWrt devs have put a lot work in uniformising the configuration file and file system layout, so you get the hang of it quite quickly. I do not want to sound disrespectful in any way; but for a power user, the public OpenWrt is catering to, X-Wrt is not the solution. On Kamikaze, it doesn't cover all settings OpenWrt has, so you need to pick up the configuration over SSH eventually. It can turn out to be quite the waste of time.

Truth be told, I was quite skeptical about the new, integrated web interface at first. With the X-Wrt experience in mind, I was reluctant to try it. Until Ks1, who's been running Tomato, installed 8.09 - and became an instant OpenWrt advocate. I was planning to hold out for a while - I want my router to be up, not down, and 7.09 was doing just fine - but Ks1 convinced me otherwise. He linked me to the screenshots page of the LuCi project and I was hooked.
I was back up and running within half an hour - hooking up the thing over Ethernet, backing up some settings, flashing it, reconfiguring the wired and wireless network interfaces, encryption....

Much to my surprise - I do a good job at being a skeptic - the LuCi interface allowed me to set up everything. No, really - everything. My wireless key didn't get eaten by the web interface (X-Wrt's would break on certain characters in your key), which was a good sign. I was able to convert my class C network to a pseudo class A network (10.0.0.x) - which is easier to work with - by just changing one value. It's easier to remember (and use) than its 192.168.x.x counterparts too - and shorter (although I mostly connect to clients on my LAN by hostname and not by IP). But yes, I admit to being shallow - it looks fancy. I could also change and narrow down the scope of the DHCP server - this is a private LAN after all, and I have some static IPs on the network too that I don't want the DHCP server to interfere with.

Just like the rest of OpenWrt, the LuCi interface is modular. The core is installed by default. Filtering the available packages for LuCi extensions (prefixed by luci-app) returns 18 results - quite impressive if you ask me. All those LuCi extensions act as a front-end for packages you can install for extra functionality - dynamic DNS setup, UPnP server, traffic statistics, QoS, network shares (Samba, NFS), ... There's plenty to choose from. Since the package manager does dependency checking, pulling in the LuCi extension will pull in the back end that does the dirty work too. Pure luxury.

One personal irritation still survived the development process though: the firewall still has a simplified configuration file like most other services. While the uninitiated might like this ( it looks easy at least), I think it stinks. Yet, I am not the intolerant git you take me for - to harness the power of iptables, with its myriad of options, is a daunting task for a front-end. I am used to the iptables way of doing it, and 7.09 allowed you to dump your rules in /etc/firewall.user. After some poking around I found out 8.09 allows so too - but it is not enabled by default. You need to uncomment the hook in /etc/config/firewall. 7.09, if I recall correctly, had it enabled by default.
As said before, the firewall can also be configured through LuCi, but you are limited to what the front-end supports. For most people this will be just fine, but I was e.g. unable to configure traffic to be handled by the router locally - the LuCi firewall interface expected me to put in an IP. With iptables, one just specifies the port in the input chain, without destination address, and iptables will process the packets matching that rule locally. This meant I was unable to e.g. open a port for my SSH server on the WAN. (Don't bother trying to hack me - it doesn't run on the default port and it's key-only access.) For things like this, having the possibility to run plain iptables commands is most welcome.

OpenWrt also replaced the package manager for 8.09. Say goodbye to ipkg, and hello to opkg - the package manager developed by the OpenMoko project. Essentially, opkg is a drop in replacement that, as the OpenWrt developers stated, fixes a number of issues concerning ipkg, which, according to the OpenMoko team, was 'a dead end project'. If you used previous OpenWrt versions, the only difference you'll see is the name - at first glance most arguments for opkg are similar, if not identical, to those for ipkg. A minor drawback to opkg is that you have to run a package database update every time the device has rebooted. Since a router is meant to be up and stay up, that shouldn't really pose any problems - although it can be quite confusing since querying opkg for available packages will only return what's installed, until you update the database.
Something else struck me too - my OpenWrt reports itself as r14417, while the release announcement says it's based on SVN revision r14365. This would mean the images have been updated in the meantime - I pulled mine from the projects' homepage yesterday.

All in all I can say I am extremely pleased with this OpenWrt release. On one hand it's more of the same - clean, uniform configuration files - and on the other hand the development team has integrated the LuCi interface, which puts OpenWrt right next to monolithic firmwares like DD-WRT, Oleg and Tomato when it comes to the magical userfriendliness - so it's not only for the happy few. If you're not yet convinced you should run OpenWrt and nothing else, then take a look at the screenshots of the awesome LuCi interface. The screenshots linked to show the administration interface, the default interface only shows the essentials, but you can switch between both.

A final note: at the time of writing there seems to be a problem with the wiki, which contains the hardware compatibility lists. Work your google magic ;-).