New Build - 12-29-2019-r41813

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2, 3  Next
Author Message
ironstaff
DD-WRT User


Joined: 11 Oct 2019
Posts: 157

PostPosted: Mon Dec 30, 2019 12:31    Post subject: New Build - 12-29-2019-r41813 Reply with quote
New Build - 12-29-2019-r41813

ftp://ftp.dd-wrt.com/betas/2019/12-29-2019-r41813/

Please report errors on this topic.


Release Notes:
http://svn.dd-wrt.com/timeline


Router Model:

Status:
Reset:
Errors:
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Mon Dec 30, 2019 12:57    Post subject: Reply with quote
Linksys WRT160NL
DD-WRT v3.0-r41813 std (12/29/19)
Linux 3.10.108-d8 #32475 Sun Dec 29 11:05:48 +04 2019 mips
No Reset -- GUI install over r41811
just a switch / samba share FAT
All good --- Uptime 24 min

#

Netgear WNDR3700 V4
DD-WRT v3.0-r41813 std (12/29/19)
Linux 3.18.140-d1 #64007 Sun Dec 29 12:32:33 +04 2019 mips
No Reset -- GUI install over r41811
just used as switch / ovpn server / samba share ext4
All good --- Uptime 19:25

#

Linksys EA8500 ...main router
DD-WRT v3.0-r41813 std (12/29/19)
Linux 4.9.207 #502 SMP Sun Dec 22 17:49:08 +03 2019 armv7l
No Reset -- GUI install over r41811
unbound / ovpn server / samba share ext4 / VLAN on one port with ath0.1 via br1 / HFSC CAKE
everything working fine --- Uptime 5:39
Bernadoe
DD-WRT User


Joined: 03 Dec 2014
Posts: 217

PostPosted: Mon Dec 30, 2019 13:37    Post subject: Reply with quote
Router: Netgear R7800
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Kernel: Linux 4.9.207 #502 SMP Sun Dec 22 17:49:08 +03 2019 armv7l
Status: Working
Reset: No
Previous: 41686
Errors: No

Temperatures : CPU 51.230 °C / ath0 48 °C / ath1 50 °C

Working very well :
Router mode : DHCP
SFE Enable
STP Enable
DNSMasq
Cache DNSSEC data
Validate DNS Replies (DNSSEC)
Check unsigned DNS replies
Local DNS
No DNS Rebind
ath0, ath1
Vpn (OpenVPN Client)

without VPN


with VPN
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Dec 30, 2019 13:53    Post subject: Reply with quote
Router Model: Netgear R7800

Firmware Version: DD-WRT v3.0-r41813 std (12/29/19)
Kernel Version: Linux 4.9.207 #502 SMP Sun Dec 22 17:49:08 +03 2019 armv7l

Upgraded from: DD-WRT v3.0-r41486 DD-WRT v3.0-r41464
Reset: Yes, nvram erase && reboot

Status: Up and running for 24 hours (had a private build to test), basic setup as Gateway, static leases, OpenVPN client (on PIA) with Policy Based Routing up and running, 2,4GHz, 5Ghz, USB storage NAS and OpenVPN server and Wireguard working

Errors:
1. DNS leak see: http://svn.dd-wrt.com/ticket/6020

Otherwise build is fine

Resolved:
1. Pushed DNS servers from VPN provider are used starting with build 41120, if you do not want that, add the following to the Additional Config of the VPN client:
pull-filter ignore "dhcp-option DNS"
2. Build 41174 has an improved VPN Policy Based Routing, it is now possible to use the VPN route command i.e. to route a DNS server via the VPN (in this way you will get rid of the DNS leak), see: https://svn.dd-wrt.com/ticket/6815#comment:1 , and for DNS leaks the second posting of this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
3. Another improvement on PBR is that local routes are now copied over to the alternate routing table so there is communication if you have unbridged VAP's and you can set the router's IP on PBR.
See: https://svn.dd-wrt.com/ticket/6821#comment:3
4. Starting with build 41174, the PBR has become more versatile, you can now use " from [IP address] to [IP address] ", so if you enter the following in the PBR field:
192.168.1.124 to 95.85.16.212 #ipleak.net, it will only route IP address 95.85.16.212 (which is ip leak.net) from my IP address 192.168.1.124 via the VPN everything else from this IP address will route via the WAN (this is just an example).
See: https://svn.dd-wrt.com/ticket/6822
Although this command itself supports routing per port this is however only available starting from K 4.17 so we have to rely on scripting for per port routing until then.
5. New OpenVPN TLS ciphers are added in 41308 see: https://svn.dd-wrt.com/changeset/41308
6. Starting with build 41304 you can now choose which TLS Key you want to use: TLS Auth or the newer/better TLS Crypt. See https://svn.dd-wrt.com/ticket/6845#comment:17
7. Builds from 41786 onwards, when using an OVPN server to connect to your local LAN clients, access might be prevented because of a patch which should solve a recent vulnerability ( see: https://svn.dd-wrt.com/ticket/6928)
This can be mitigated with the following firewall rule:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j MASQUERADE

When using WireGuard you can run into the same trouble,i.e. not being able to access your local LAN clients. For WireGuard this is the workaround:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j MASQUERADE

This method described above also has security and logging concerns as all traffic has the same source address (your router)
An alternate method is using the following rule but it only works if the VPN or Wireguard interface is up and if your VPN or Wireguard interface goes down you have to reapply or run a continuous script checking/applying:
OpenVPN server:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j ACCEPT

WireGuard:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j ACCEPT

This rule can expose your LAN side to the CVE attack, but if you have your IOT things separated and tight control over your LAN you should be good, if your LAN is hacked you have got bigger problems.
Builds starting with 41813 have an option button in OpenVPN and Wireguard for disabling the CVE-patch 14899



Big Thanks to BS!!

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
volos
DD-WRT Novice


Joined: 25 Dec 2019
Posts: 14

PostPosted: Mon Dec 30, 2019 15:14    Post subject: Reply with quote
Hi, is this build working for anyone with the TP-Link TL-WDR4300 v1? Thanks!
dasnick
DD-WRT User


Joined: 23 Jul 2009
Posts: 69

PostPosted: Mon Dec 30, 2019 18:49    Post subject: Reply with quote
Router Name 1043ndv3
Router Model TP-Link WR1043ND V3
Firmware Version DD-WRT v3.0-r41813 std (12/29/19)
Kernel Version Linux 3.18.140-d1 #63981 Sun Dec 29 11:55:40 +04 2019 mips

working as a WAP. No problems loading the firmware. I tried to mess around with wireguard but it seems to be missing on tplink 1043nd v3. It should be found on setup/tunnels, right? I only have Microtick and RFC something. Not sure if this is due to the fact that the 1043nd is working as a WAP, or if it is really missing.

Also, there is a "undefined" in the OVPN server section.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Mon Dec 30, 2019 18:58    Post subject: Reply with quote
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache
dasnick
DD-WRT User


Joined: 23 Jul 2009
Posts: 69

PostPosted: Mon Dec 30, 2019 19:21    Post subject: Reply with quote
mrjcd wrote:
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache

A reboot was sufficient! thanks mrjcd
MLandi
DD-WRT Guru


Joined: 04 Dec 2007
Posts: 1008

PostPosted: Tue Dec 31, 2019 1:09    Post subject: Reply with quote
SSH update, no issues. All functions working as expected.
_________________
Netgear R9000
DD-WRT v3.0-r55460 std (03/25/24)
Linux 4.9.337 #715 SMP Mon Mar 25 06:15:53 +07 2024 armv7l
Gateway, AP, DNSMasq, Clock 2000MHz
VAP on wlan1 for internet devices
IPv4 & IPv6 (Prefix Delegation)
Static Leases & DHCP
CloudFlare, no SFE, SmartDNS, no QoS
2.4GHz: Vanilla, Airtime Fairness, NG-Mixed, ACK Timing 3150, WPA2 w/AES & WPA3
5GHz: Vanilla, Airtime Fairness, AC/N Mixed, ACK Timing 3150, WPA2 w/AES & WPA3
2 Netgear AX1800 WiFi Mesh Extenders
Xfinity 1.2Gbps/35Mbps
zen1932
DD-WRT User


Joined: 22 Feb 2018
Posts: 77

PostPosted: Tue Dec 31, 2019 12:12    Post subject: Reply with quote
Routers: TP-Link TL-WR841ND v7.1, v7.2
Upgrade: via web
Firmware: v3.0-r41813 std (12/29/19)
Kernel: Linux 3.10.108-d8 #32507 Sun Dec 29 11:29:13 +04 2019 mips
Previous: 37961
Mode: Access Point
Reset: No
Errors: when router is idle, the 'Free Memory' will
decrease continuously resulting auto-reboot.
if any network activities before auto-reboot, the amount of
free memory will increase to normal level.
no memory leak when wireless disabled (radio off).
jerrytouille
DD-WRT Guru


Joined: 11 Dec 2015
Posts: 1304

PostPosted: Tue Dec 31, 2019 14:46    Post subject: Reply with quote
zen1932 wrote:
Routers: TP-Link TL-WR841ND v7.1, v7.2
Upgrade: via web
Firmware: v3.0-r41813 std (12/29/19)
Kernel: Linux 3.10.108-d8 #32507 Sun Dec 29 11:29:13 +04 2019 mips
Previous: 37961
Mode: Access Point
Reset: No
Errors: when router is idle, the 'Free Memory' will
decrease continuously resulting auto-reboot.
if any network activities before auto-reboot, the amount of
free memory will increase to normal level.
no memory leak when wireless disabled (radio off).


nvram erase / reset to default settings reconfig
jerrytouille
DD-WRT Guru


Joined: 11 Dec 2015
Posts: 1304

PostPosted: Tue Dec 31, 2019 14:48    Post subject: Reply with quote
dasnick wrote:
mrjcd wrote:
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache

A reboot was sufficient! thanks mrjcd


not sure how old your previous build was but this is usually a sign for nvram erase / reset to default settings a reconfig is needed as nvram structure has changed
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Tue Dec 31, 2019 14:52    Post subject: Reply with quote
jerrytouille wrote:
dasnick wrote:
mrjcd wrote:
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache

A reboot was sufficient! thanks mrjcd


not sure how old your previous build was but this is usually a sign for nvram erase / reset to default settings a reconfig is needed as nvram structure has changed


naa, I got the 'undefined' in ovpn server webif on the WNDR3700v4 and on just one of the EA8500
....a reboot fixed them up okydoky and all tis well Twisted Evil
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 2029

PostPosted: Tue Dec 31, 2019 15:24    Post subject: Reply with quote
mrjcd wrote:
naa, I got the 'undefined' in ovpn server webif on the WNDR3700v4 and on just one of the EA8500

Had the same on my buffalo, clear browser cache fixed it.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue Dec 31, 2019 17:15    Post subject: Reply with quote
Only times you really need to do an nvram reset is after initial conversion to DD-WRT or in the case of Broadcom, moving from K2.6 to K3.x or K2.4 to K2.6 on certain WRT54* devices. Otherwise, it's usually not necessary except in the off-chance that the nvram partition got corrupted. If you really wanted to, you could do an `nvram show` from old build, copy and paste into text document, flash new build, reset, and do the same for the new build and compare variables listed. The thing is, if the variable is no longer being used, it is (supposed to be) ignored, anyway. If that is causing issue, that is somewhere else in the firmware that is culprit. BUT, BrainSlayer himself has said he never does a reset when upgrading, so, take this however you want.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum