Linksys EA8500
Access Point Mode
Uptime about 5.5 hrs
No reset, locked-up after webflash so power cycle was required
Very good as AP only, I probably have my AP mounted in the worse possible location but it just works. Gave up the gig fiber connection for cable so this is as good as it gets for now. This is the 5GHz result with the EA8500 buried in my basement, I’m on the main floor so not bad at all
that is very good and I know the EA8500 has the best wifi range of any router I've ever seen
just wondering what build was before installed this
My two EA8500 have NOT caused any little problems at all doing GUI upgrade ... but then again, I have been upgrading lately soon as BS has one compiled for it
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Wed Feb 26, 2020 0:43 Post subject:
ironstaff wrote:
FYI: Noticed that active VPN client connection (tun1) doesn't let traffic through if cve-2019-14899 mitigation is disabled.
Was this not the purpose of the mitigation in the first place? When disabled, it cuts traffic off, when on, it allows traffic? I seem to have forgotten and am genuinely asking to make sure I am thinking correctly, nothing more. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Posted: Wed Feb 26, 2020 1:10 Post subject: TP-Link ARCHER-C5 v1
Router: TP-Link ARCHER-C5 v1
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 3.18.140-d4 #71383 Tue Feb 25 05:14:58
Status: Working
Reset: No
Previous: 42460
Errors: After update no 5g ssid. I must save settings and manualy restart router after that 5g is on. No open port 9100 not working usb printer.
FYI: Noticed that active VPN client connection (tun1) doesn't let traffic through if cve-2019-14899 mitigation is disabled.
Was this not the purpose of the mitigation in the first place? When disabled, it cuts traffic off, when on, it allows traffic? I seem to have forgotten and am genuinely asking to make sure I am thinking correctly, nothing more.
the mitigation was put in place to stop an attacker with nmap/zenmap from probing tun1 TCP connection and “guessing” if it is connected to a specific destination IP and port. If the attacker guesses the correct IP and port, they will confirm the connection exists. If the connection is unencrypted, the attacker could then inject data into it. It does the same thing as setting rp_filter for tun1/tun2 to strict.
The downside of the mitigation was that it essentially blocked remote LAN access by an openvpn server router connection. It basically isn't a nuisance in only point to point connections. Any point to multi-point openvpn scenario makes the mitigation more trouble than not
I kept mine disabled on openvpn client connections after it started giving problems in r42460 and upgraded to 42514. As soon as I upgraded, I noticed that none of my devices able to reach out to the internet via tun1 (Enabling the mitigation again quickly brought back internet access)
I haven't done iptables -nvL or checked /tmp/.ipt during the mitigation disabled scenario yet since I was under pressure to quickly get the units back up before an angry internet-starved mob surrounded me but will in the coming days. Who knows, it could be something unique to my setup since I tend to add too many firewall rules and startup commands.
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Wed Feb 26, 2020 1:31 Post subject:
Thanks for the clarification. I honestly could not remember. I just remember seeing some recent commits that changed a few things regarding VPN and firewall or some such, but there may be more changes in the next build. Ok, which tab was DD SVN on.... _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Linksys EA8500
Access Point Mode
Uptime about 5.5 hrs
No reset, locked-up after webflash so power cycle was required
Very good as AP only, I probably have my AP mounted in the worse possible location but it just works. Gave up the gig fiber connection for cable so this is as good as it gets for now. This is the 5GHz result with the EA8500 buried in my basement, I’m on the main floor so not bad at all
that is very good and I know the EA8500 has the best wifi range of any router I've ever seen
just wondering what build was before installed this
My two EA8500 have NOT caused any little problems at all doing GUI upgrade ... but then again, I have been upgrading lately soon as BS has one compiled for it
Been updating the AP/EA8500 regularly, last build was r42502 and then the r42490 just before that one. Have not reset in a while.
Off topic but you’ll appreciate this, on my #2 EA8500 configured as OpenVPN client just up over 84 days. Still running the r41399 on the EA8500 as a OpenVPN client. you suggested that build when I was having the issue with the Wireless scheduling which was obviously fixed in all subsequent builds. Figured I owe it to EA8500 #2 to let it go for at least 100 days before even thinking about upgrading. Mostly use Ethernet on #2 so could get by with less than optimal wireless performance. we'll see what happens tomorrow with this build on AP/EA8500 when the Wireless scheduling toggles the wireless off/on... Thanks for your help!
Linksys EA8500
Access Point Mode
Uptime about 5.5 hrs
No reset, locked-up after webflash so power cycle was required
Very good as AP only, I probably have my AP mounted in the worse possible location but it just works. Gave up the gig fiber connection for cable so this is as good as it gets for now. This is the 5GHz result with the EA8500 buried in my basement, I’m on the main floor so not bad at all
that is very good and I know the EA8500 has the best wifi range of any router I've ever seen
just wondering what build was before installed this
My two EA8500 have NOT caused any little problems at all doing GUI upgrade ... but then again, I have been upgrading lately soon as BS has one compiled for it
Been updating the AP/EA8500 regularly, last build was r42502 and then the r42490 just before that one. Have not reset in a while.
Off topic but you’ll appreciate this, on my #2 EA8500 configured as OpenVPN client just up over 84 days. Still running the r41399 on the EA8500 as a OpenVPN client. you suggested that build when I was having the issue with the Wireless scheduling which was obviously fixed in all subsequent builds. Figured I owe it to EA8500 #2 to let it go for at least 100 days before even thinking about upgrading. Mostly use Ethernet on #2 so could get by with less than optimal wireless performance. we'll see what happens tomorrow with this build on AP/EA8500 when the Wireless scheduling toggles the wireless off/on... Thanks for your help!
THIS IS OT from oiginal thread ---
well fooydog I should never opened my big trap
r42524 installed and all great on EA8500 & WNDR3700v4 both WAN disabled switches.... but it went to shit
when I installed on EA8500 main gateway router. NO nothing at all and power switch trick tried few times but she wouldn't come back to life.
Had to swap in backup main router. I'll look into her in the morning ---- that's just what I get for fooling around with damn test builds anyways.
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Wed Feb 26, 2020 3:25 Post subject:
mrjcd wrote:
THIS IS OT from oiginal thread ---
well fooydog I should never opened my big trap
r42524 installed and all great on EA8500 & WNDR3700v4 both WAN disabled switches.... but it went to shit
when I installed on EA8500 main gateway router. NO nothing at all and power switch trick tried few times but she wouldn't come back to life.
Had to swap in backup main router. I'll look into her in the morning ---- that's just what I get for fooling around with damn test builds anyways.
the speedtest above was from my HP laptop to the EA8500 as an Access Point. This result below is from my Dell laptop. I upgraded the wireless adapters in both the HP and Dell to the Intel Wireless-AC 9260 and it’s finally paying off with this build. see how it goes tomorrow
Joined: 18 Mar 2014 Posts: 12887 Location: Netherlands
Posted: Wed Feb 26, 2020 8:42 Post subject:
ironstaff wrote:
kernel-panic69 wrote:
ironstaff wrote:
FYI: Noticed that active VPN client connection (tun1) doesn't let traffic through if cve-2019-14899 mitigation is disabled.
Was this not the purpose of the mitigation in the first place? When disabled, it cuts traffic off, when on, it allows traffic? I seem to have forgotten and am genuinely asking to make sure I am thinking correctly, nothing more.
the mitigation was put in place to stop an attacker with nmap/zenmap from probing tun1 TCP connection and “guessing” if it is connected to a specific destination IP and port. If the attacker guesses the correct IP and port, they will confirm the connection exists. If the connection is unencrypted, the attacker could then inject data into it. It does the same thing as setting rp_filter for tun1/tun2 to strict.
The downside of the mitigation was that it essentially blocked remote LAN access by an openvpn server router connection. It basically isn't a nuisance in only point to point connections. Any point to multi-point openvpn scenario makes the mitigation more trouble than not
I kept mine disabled on openvpn client connections after it started giving problems in r42460 and upgraded to 42514. As soon as I upgraded, I noticed that none of my devices able to reach out to the internet via tun1 (Enabling the mitigation again quickly brought back internet access)
I haven't done iptables -nvL or checked /tmp/.ipt during the mitigation disabled scenario yet since I was under pressure to quickly get the units back up before an angry internet-starved mob surrounded me but will in the coming days. Who knows, it could be something unique to my setup since I tend to add too many firewall rules and startup commands.
It (simple VPN client) works on my setup with and without the CVE 41899.
It can take some time because the firewall has to renew and the connection has to restart.
It is possibly you have to press apply a second time on the VPN page to restart the VPN.
There are some changes made which let you loose the vpn firewall rules when the firewall restarts, but an apply on the VPN page should solve that.
I will contact BS next week about that. _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Router Model: Linksys EA8500
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.9.214 #519 SMP Sat Feb 15 05:17:49 +03 2020 armv7l
Previous: DD-WRT v3.0-r42174 std (01/30/20)
Mode: AP-Switch / QoS HFSC - FQ-CODEL/ Static DHCP x 24
Reset: No
Status: Appear to be working as expected.
Router Model: Linksys EA8500 #2
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.9.214 #519 SMP Sat Feb 15 05:17:49 +03 2020 armv7l
Previous: DD-WRT v3.0-r42335 std (02/10/20)
Mode: VPN AP-Switch / QoS HFSC - FQ-CODEL/ Static DHCP x 18
Reset: No
Status: Appear to be working as expected.
(note: always have to go to vpn setup and do a save and apply to bring up vpn after reboot, seems stable after that - had to do that for about as long as I can remember)
Router Model: Linksys EA8500
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.9.214 #519 SMP Sat Feb 15 05:17:49 +03 2020 armv7l
Previous: DD-WRT v3.0-r42174 std (01/30/20)
Mode: AP-Switch / QoS HFSC - FQ-CODEL/ Static DHCP x 24
Reset: No
Status: Appear to be working as expected.
Router Model: Linksys EA8500 #2
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.9.214 #519 SMP Sat Feb 15 05:17:49 +03 2020 armv7l
Previous: DD-WRT v3.0-r42335 std (02/10/20)
Mode: VPN AP-Switch / QoS HFSC - FQ-CODEL/ Static DHCP x 18
Reset: No
Status: Appear to be working as expected.
(note: always have to go to vpn setup and do a save and apply to bring up vpn after reboot, seems stable after that - had to do that for about as long as I can remember)
Same here with having to click save and apply after reboot to get internet access with openvpn client. It’s random and happens more often than not.
Great build though. Very excited to see all these new features and functionalities added. DD-WRT is a gem and international treasure I shudder when I think of the nightmare days of consumer router stock firmware
Router Model TP-Link TL-WR841ND v9
Firmware Version DD-WRT v3.0-r42514 std (02/25/20)
Kernel Version Linux 3.18.140-d4 #71363 Tue Feb 25 04:47:31 +04 2020 mips
Reset: no
Status & Uptime: Working over 60min uptime
errors: no
Router Model TP-Link TL-WDR4300v1
Firmware Version DD-WRT v3.0-r42514 std (02/25/20)
Kernel Version Linux 3.10.108-d10 #39933 Tue Feb 25 03:24:08 +04 2020 mips
Reset: yes
Status & Uptime: wifi error
errors: after reset and re-enter wifi security password wpa2-tkip,the speed drops to 54mbps on 2.4Ghz and 5 Ghz. with security disabled it have 300mbps on 2.4Ghz and 144mbps on 5 Ghz
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Wed Feb 26, 2020 14:06 Post subject:
termo24 wrote:
Router Model TP-Link TL-WDR4300v1
Firmware Version DD-WRT v3.0-r42514 std (02/25/20)
Kernel Version Linux 3.10.108-d10 #39933 Tue Feb 25 03:24:08 +04 2020 mips
Reset: yes
Status & Uptime: wifi error
errors: after reset and re-enter wifi security password wpa2-tkip,the speed drops to 54mbps on 2.4Ghz and 5 Ghz. with security disabled it have 300mbps on 2.4Ghz and 144mbps on 5 Ghz
Is there a reason why you're not using CCMP-128/AES for wireless security? TKIP is not secure an is likely forcing legacy wireless rates. You may wish to try AES unless your wireless clients do not support it. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net