Posted: Wed Apr 15, 2020 19:43 Post subject: New Build - 04/15/2020 - r42910
Flashing any beta build assumes you are responsible, have researched, know the risks and recovery methods.
If you don't understand your router, which file or recovery methods, do NOT flash this experimental test build.
This thread is for feedback on beta build r42910 for developers and users (configuration, status, errors & logs).
Avoid discussions, create a new thread for specific problems, questions or use search as this is not for support.
Please report hardware model, version, operating & wireless modes along with file name (factory, webflash).
Notes: 1. CVE-2019-14899 VPN fix from December, since then various revisions including recently 7040.
2. In-kernel Samba has been implemented this year and default min/max versions have changed, with WSD support.
3. VAP issue is fixed! For any Wireless Mode, create a VAP and both ath0/ath1 should now function properly.
4. WireGuard! New GUI Tunnel options have appeared since r42872, script no longer required!
Issues: 1. There may be remaining issues for Samba (for example NTFS), with frequent updates.
Important: if reporting issues, provide applicable info (syslog output, 'dmesg', 'cat /var/log/messages', serial output etc.)
or place into an SVN ticket. For firewall issues, also provide iptables info ('iptables -L', 'iptables -t nat -L', & the /tmp/.ipt file).
Be sure to include operating and wireless modes (Gateway, AP, CB, etc.) along with any relevant configuration information.
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Wed Apr 15, 2020 20:13 Post subject:
Router/Version: R7800/42910
Config/Mode: router and wireless ap 2,4 & 5 GHz, VAP on both bands
Status/Errors: running fine, no errors
File/Kernel: Previous/Reset: 42872, no reset
Status: Up and running for 4 hours , basic setup as Gateway, static leases, OpenVPN client (on PIA) with Policy Based Routing up and running, 2,4GHz, 5Ghz, OpenVPN server working, Wireguard working
Resolved: 1. Pushed DNS servers from VPN provider are used starting with build 41120, if you do not want that, add the following to the Additional Config of the VPN client:
pull-filter ignore "dhcp-option DNS"
2. Build 41174 has an improved VPN Policy Based Routing, it is now possible to use the VPN route command i.e. to route a DNS server via the VPN (in this way you will get rid of the DNS leak), see: https://svn.dd-wrt.com/ticket/6815#comment:1 , and for DNS leaks the second posting of this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662 3. Another improvement on PBR is that local routes are now copied over to the alternate routing table so there is communication if you have unbridged VAP's and you can set the router's IP on PBR.
See: https://svn.dd-wrt.com/ticket/6821#comment:3 4. Starting with build 41174, the PBR has become more versatile, you can now use " from [IP address] to [IP address] ", so if you enter the following in the PBR field:
192.168.1.124 to 95.85.16.212 #ipleak.net, it will only route IP address 95.85.16.212 (which is ip leak.net) from my IP address 192.168.1.124 via the VPN everything else from this IP address will route via the WAN (this is just an example).
See: https://svn.dd-wrt.com/ticket/6822
Although this command itself supports routing per port this is however only available starting from K 4.17 so we have to rely on scripting for per port routing until then.
5. New OpenVPN TLS ciphers are added in 41308 see: https://svn.dd-wrt.com/changeset/41308 6. Starting with build 41304 you can now choose which TLS Key you want to use: TLS Auth or the newer/better TLS Crypt. See https://svn.dd-wrt.com/ticket/6845#comment:17 7. Builds from 41786 onwards, when using an OVPN server to connect to your local LAN clients, access might be prevented because of a patch which should solve a recent vulnerability ( see: https://svn.dd-wrt.com/ticket/6928)
This can be mitigated with the following firewall rule:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j MASQUERADE
When using WireGuard you can run into the same trouble,i.e. not being able to access your local LAN clients. For WireGuard this is the workaround:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j MASQUERADE
This method described above also has security and logging concerns as all traffic has the same source address (your router)
An alternate method is using the following rule but it only works if the VPN or Wireguard interface is up and if your VPN or Wireguard interface goes down you have to reapply or run a continuous script checking/applying:
OpenVPN server:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j ACCEPT
WireGuard:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j ACCEPT
This rule can expose your LAN side to the CVE attack, but if you have your IOT things separated and tight control over your LAN you should be good, if your LAN is hacked you have got bigger problems.
Builds starting with 41813 have an option button in OpenVPN and Wireguard for disabling the CVE-patch 14899
Joined: 10 May 2008 Posts: 1380 Location: Pacific North West, USA
Posted: Thu Apr 16, 2020 18:21 Post subject:
Router/Version: TP-Link Archer C7 V3
Firmware: DD-WRT v3.0-r42910 std (04/15/20)
Kernel: Linux 3.18.140-d4 #75943 Wed Apr 15 10:31:52 +04 2020 mips
Previous: r42819
Mode/Status: Gateway / Working
Reset: no
Issues/Errors: Working as a Gateway - Basic setup.
Haven't posted in a while but new builds seem to be great for my routers. _________________ Soylent Green Is People !
=-=-=-=-=-=-=-=-=-=-=
Netgear Nighthawk R7000 - DD-WRT Build R46220
Linksys EA8500 - OpenWRT IPQ806x Trunk R16375 5.4 Kernel
Router/Version: Linksys EA8500
Firmware: DD-WRT v3.0-r42910 std (04/15/20)
Kernel: Linux 4.9.219 #539 SMP Tue Apr 14 00:38:01 +03 2020 armv7l
Previous: r42847
Mode/Status: Gateway / Working
Reset: no
Issues/Errors:
Simple upgraded via CLI, no hang during reboot.
Experiencing Issue 1 mentioned at the top of this post, unable to get Samba/NAS working.
Set SMB min to 2.02
Set SMB Max to 3.11
Encryption to Off
On my Linux Mint I'm running Samba version 4.3.22-Ubuntu which should support SMB3
When I try to connect from Linux I get:
mount error(22): Invalid argument
The command I'm using:
(mount -t cifs //192.168.1.1/usb /mnt/usb -o user=myuser )
It correctly prompts me for a password then throws mount error 22. This command works fine on other servers. I've double-checked the password is correct.
When I try to connect from W10 (net use * \\192.168.1.1\usb ) I get:
System error 58 has occurred.
To troubleshoot the issue I removed the 8TB NTFS drive from the and replaced it with a 2GB EXT4 USB Key Reloaded the new directory, save/apply, no change, unable to NAS.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Fri Apr 17, 2020 11:55 Post subject:
Router/Version: Netgear R7800
Firmware: DD-WRT v3.0-r42910 std (04/15/20)
Kernel: Linux 4.9.219 #539 SMP Tue Apr 14 00:38:01 +03 2020 armv7l
Previous: DD-WRT v3.0-r42819 std (03/30/20)
Reset: No
Mode: Status: OK
Uptime: ~16 hours
Errors: _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Router/Version: Netgear R7800 (5 of them)
Config/Mode: WDS - 4 stations
Status/Errors: None noted
File/Kernel: dd-wrt-webupgrade-netgear_r7800-r42910.bin/4.9.219
Previous/Reset: No reset.
UPDATE: I've been having random reboots. Logging has no helpful info. Running online games like Fortnite when using wireguard on Win10 can't connect to the game server even though lag is less than 10 ms and speed tests show 300 Mb up and down. Fortnite works after turning off wireguard.
Above I had posted about challenges with NAS and USB Drive attached to the router with r42910. Despite some notes saying r42681 works with NAS, I had to backlevel to r41813 std (12/29/19) in order to get NAS working.
Linksys EA8500 with 8TB NTFS USB3 drive attached. Works fine on 41813, but not on 42910. I did significant experimentation with various SMB versions, and 42681 will connect to Mint Samba version 2:4.3.11+dfsg-0ubuntu0.16.04.25. However version 42681 does not seem to work with W10 v1909 build 18362.720. With W10 I get "System error 58 has occurred." I hope this helps others who are struggling with NAS.
Joined: 19 Nov 2008 Posts: 274 Location: Madison, CT, US
Posted: Sat Apr 18, 2020 13:58 Post subject:
Mitch, r42910 works with nas but with some changes. For win10 ver 1909 and ver2020 (beta), I had to change from server name to ip address for nas to work. For android 10, I also had to change to smb1 instead of auto or smb2 for nas to show up. I also use wds so results might be different for you. _________________ Netgear R7800(2), R7500v2(2) WDS, Asus RT-AC68R (2)