New Build - 04/17/2021 - r46380

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Sat Apr 17, 2021 9:30    Post subject: New Build - 04/17/2021 - r46380 Reply with quote
[WARNING]: This thread is only for feedback on this beta release for developers and the community's benefit.
DO NOT flash this beta release unless you understand the risks involved and device specific recovery methods.
Avoid discussions! Create threads for questions, general problems or use search; this thread is not for support.
Please list router model & revision, operating & wireless mode(s) and exact filename/firmware image flashed.


Downloads: (DD-WRT website) HTTPS & FTP (try another if a link does not work)

CLI Flash: 'cd /tmp' then 'wget {file URL}' (or 'curl -k {file URL} -o {file}') with http (not https) or ftp. Then 'write {file} linux'.

Repository: Trac SVN changelog since last build r46329 (GitHub mirror)

Notes:
OpenVPN 2.5.1: Guides, Server, PBR, Reverse PBR, Client (see second post), Kill Switch, update tips, scripts and more.
WireGuard 1.0.20210219/Tools: Guides, Client, Server, Advanced, PBR, KS, update tips, scripts & more. Thanks BS & egc!
• CVE-2019-14899 VPN fix (applicability depends on VPN setup) and GUI toggle since r41813.
Select ath10k radios now feature on-the-fly firmware type switching between Customized DD-WRT and Vanilla QCA binaries!
SmartDNSMiniDLNA • Privoxy 3.0.31 • Unbound 1.13.1 • CoovaChilli 1.6 • Tor 0.4.5.7 • OpenSSL 1.1.1k • Dnsmasq 2.85
In-kernel Samba (ksmbd 3.3.9+): default min/max versions changed. • WSD updateANTFS/NTFS3 kernel mode driver++.

Issues:
• Show us your findings with steps to reproduce, configuration, output, logs and important information below!

Important:
• For issues provide applicable info: 'dmesg', 'cat /tmp/var/log/messages', syslog, klog, serial, strace, tcpdump, wireshark etc.
• Any firewall NAT or WAN issues, show output: 'iptables -vnL', 'iptables -t nat -vnL', 'iptables -t mangle -vnL' and /tmp/.ipt file.
• Search SVN tickets & discuss in forum before opening. Before reporting: reset & manually set up, not restore from a backup.
• Please include operating & wireless modes (e.g. Gateway, Router, AP, CB, WDS, Mesh) & relevant configuration information.

Example Template:
Code:
[b]Router/Version: [/b]
[b]File/Kernel: [/b]
[b]Previous/Reset: [/b]
[b]Mode/Status: [/b]
[b]Issues/Errors: [/b]
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12835
Location: Netherlands

PostPosted: Sat Apr 17, 2021 9:49    Post subject: Reply with quote
Router Model: Linksys EA8500

Firmware Version: DD-WRT v3.0-r46380 std (04/17/21)
Kernel Version: Linux 4.9.265 #131 SMP Fri Apr 16 16:38:08 +07 2021 armv7l

Upgraded: DD-WRT v3.0-r46329
Reset: No not this time

Status: Up and running for 24 hours, basic setup as Gateway, static leases, 2.4 GHz and 5 GHz working (vanilla firmware), OpenVPN client and OpenVPN server working, WireGuard client and Server working

Errors: No, Seems like a good build

Note: this build has a new OpenVPN killswitch see second post of this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398


Big Thanks to the devs!!

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Sat Apr 17, 2021 10:55; edited 1 time in total
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Sat Apr 17, 2021 10:07    Post subject: Reply with quote
Router Model: dir-862L(x2), x86_64(2x qca9984 ,1x qca9882)

Status: it runs
Reset: no
Errors: see tickets below

https://svn.dd-wrt.com/ticket/5225 *
https://svn.dd-wrt.com/ticket/5603 *
https://svn.dd-wrt.com/ticket/5848
https://svn.dd-wrt.com/ticket/5938
https://svn.dd-wrt.com/ticket/6286
https://svn.dd-wrt.com/ticket/6315
https://svn.dd-wrt.com/ticket/6481 *
https://svn.dd-wrt.com/ticket/6495 *
https://svn.dd-wrt.com/ticket/6655
https://svn.dd-wrt.com/ticket/6842
https://svn.dd-wrt.com/ticket/6903 *
https://svn.dd-wrt.com/ticket/6921
https://svn.dd-wrt.com/ticket/7154
https://svn.dd-wrt.com/ticket/7222 *
https://svn.dd-wrt.com/ticket/7226
https://svn.dd-wrt.com/ticket/7246
https://svn.dd-wrt.com/ticket/7284
https://svn.dd-wrt.com/ticket/7331
https://svn.dd-wrt.com/ticket/7338
https://svn.dd-wrt.com/ticket/7398

bad commit r45727 ruining ng-mixed, make sure to override it manually... x86_64 cpu temp is broken now.

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

abhijitat
DD-WRT User


Joined: 06 Feb 2020
Posts: 167
Location: Maharashtra, India

PostPosted: Sat Apr 17, 2021 10:40    Post subject: Reply with quote
Router/Version: Netgear R7800
Firmware: DD-WRT v3.0-r46380 std (04/17/21)
Kernel: Linux 4.9.265 #133 SMP Sat Apr 17 00:48:49 +07 2021 armv7l
File/Upload: dd-wrt-webupgrade.bin / Upload using SSH
Mode: Gateway/AP
Reset: No
Previous: DD-WRT v3.0-r46316 std (04/09/21)
Setup Using: PPPOE, 2.4 GHz, 5.0 GHz, IPv4, DNSMasq, NTP TimeSync, Samba

Status: Working Fine running vanilla firmware type for 2.4ghz & 5ghz, Samba Share still needs user, Guest access not working

Just updated the build, will update if any errors are observed.

android not connecting to 5ghz AC/n mixed on dd-wrt, channel 40 domain India. Changing setting to vanilla enables all android devices to connect. rest all setting from guides by egc & msoengineer.

Thank you BrainSlayer for Wonderful firmware.

Thanks all Guru for your help in forums.
MLandi
DD-WRT Guru


Joined: 04 Dec 2007
Posts: 1008

PostPosted: Sat Apr 17, 2021 15:41    Post subject: Reply with quote
Update method: SSH / CLI
Router/Version: Netgear R9000 Nighthawk X10
File/Kernel: DD-WRT v3.0-r46380 std (04/17/21)
Previous/Reset: DD-WRT v3.0-r46329 std (04/13/21) / No
Mode/Status: Gateway / Working Normally / Clock 2000MHz
Issues/Errors: None

Thanks BS!

_________________
Netgear R9000
DD-WRT v3.0-r55460 std (03/25/24)
Linux 4.9.337 #715 SMP Mon Mar 25 06:15:53 +07 2024 armv7l
Gateway, AP, DNSMasq, Clock 2000MHz
VAP on wlan1 for internet devices
IPv4 & IPv6 (Prefix Delegation)
Static Leases & DHCP
CloudFlare, no SFE, SmartDNS, no QoS
2.4GHz: Vanilla, Airtime Fairness, NG-Mixed, ACK Timing 3150, WPA2 w/AES & WPA3
5GHz: Vanilla, Airtime Fairness, AC/N Mixed, ACK Timing 3150, WPA2 w/AES & WPA3
2 Netgear AX1800 WiFi Mesh Extenders
Xfinity 1.2Gbps/35Mbps
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Sat Apr 17, 2021 21:42    Post subject: Reply with quote
Netgear WNDR3700 V4
DD-WRT v3.0-r46380 std (04/17/21)
Linux 3.18.140-d5 #113227 Sat Apr 17 04:33:51 +07 2021 mips
GUI install over r45735 / no reset
used as switch / OVPN server / samba share 32GB ext4 --- all ok
uptime 5:51
xstefen
DD-WRT Novice


Joined: 15 Apr 2021
Posts: 1

PostPosted: Sat Apr 17, 2021 21:57    Post subject: Reply with quote
Router/Version: Netgear XR500
Current firmware: DD-WRT v3.0-r46380 std (04/17/21)
File/Kernel: Linux 4.9.265 #133 SMP Sat Apr 17 00:48:49 +07 2021 armv7l
Previous: r46329 (04/13/21)
Upgrade method: cli
Reset: Did not reset
Mode/Status: Success, so far so good
Issues/Errors: None as of yet

Thanks for your work!
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Sat Apr 17, 2021 22:31    Post subject: Reply with quote
Linksys EA8500
DD-WRT v3.0-r46380 std (04/17/21)
Linux 4.9.265 #131 SMP Fri Apr 16 16:38:08 +07 2021 armv7l
GUI install over r44786 ... no reset and surprised all startup commands & firewall is entacted and worky fine Cool
used as switch / OVPN server / samba share 16GB ext4 --- all ok
VLAN on two wired ports and only reason DNSMasq is enabled - Additional Dnsmasq Options =
interface=vlan15
dhcp-option=vlan15,3,192.168.1.5
dhcp-range=vlan15,192.168.1.6,192.168.1.10,255.255.255.0,12h
mainly used to tinker with broken routers thats why its 192.168.1.x subnet
all else in DNSMasq is disabled ... setup just like a WAP with guest net
------------
played a bit with its 5GHz radio set to:
Firmware Type: VANILLA
AC/N-Mixed
Wide HT40
CH: 48 ...Lower
WiFi SweetSpots on moto edge+ phone shows 383~400 Mbps
../Status_Wireless.asp shows TX & RX at 400 ...so guess it's ok Smile
prolly put on main EA8500 soon. Wink
MLandi
DD-WRT Guru


Joined: 04 Dec 2007
Posts: 1008

PostPosted: Sun Apr 18, 2021 16:48    Post subject: Reply with quote
Up and stable for 24 hours+. All looks good.
_________________
Netgear R9000
DD-WRT v3.0-r55460 std (03/25/24)
Linux 4.9.337 #715 SMP Mon Mar 25 06:15:53 +07 2024 armv7l
Gateway, AP, DNSMasq, Clock 2000MHz
VAP on wlan1 for internet devices
IPv4 & IPv6 (Prefix Delegation)
Static Leases & DHCP
CloudFlare, no SFE, SmartDNS, no QoS
2.4GHz: Vanilla, Airtime Fairness, NG-Mixed, ACK Timing 3150, WPA2 w/AES & WPA3
5GHz: Vanilla, Airtime Fairness, AC/N Mixed, ACK Timing 3150, WPA2 w/AES & WPA3
2 Netgear AX1800 WiFi Mesh Extenders
Xfinity 1.2Gbps/35Mbps
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Sun Apr 18, 2021 18:42    Post subject: Reply with quote
Router: TL-WDR3600 v1
Firmware: tl-wdr3600_us-webflash.bin (v3.0-r46380 std)
Kernel: Linux 3.10.108-d10 #78633 Sat Apr 17 02:30:13 +07 2021 mips
Status: working
Reset: No
Notes on configuration:

    Client

Errors:


    1. 5Ghz wireless light is not on (2.4Ghz light works)

xraive
DD-WRT User


Joined: 08 Mar 2016
Posts: 134

PostPosted: Wed Apr 21, 2021 16:43    Post subject: Reply with quote
Router Model / Version: Linksys EA8500
Previous Firmware:DD-WRT v3.0-r46329 std (04/13/21)
Current Firmware: DD-WRT v3.0-r46380 std (04/17/21)
Kernel: Linux 4.9.265 #131 SMP Fri Apr 16 16:38:08 +07 2021 armv7l
Reset: No
Mode: Wireless - Client, Operating - Gateway
Setup: SFE, NTP, DDNS (inadyn-Entware), DNSMasq (GUI+ additional options on USB, Syslog, SSH,FreeRadius, Telnet, USB, ProFTPD (with users), Samba (with users), CoovaChilli (with local users & radius), WiFiDog, Remote Access (HTTPS & SSH), Startup Script (For DNSMasq & inadyn)
Uptime: up 3 days, 7:31, load average: 0.00, 0.00, 0.00
Temperature: CPU 55.539 °C / wlan0 47 °C / wlan1 48 °C
Status: OK
Issues: I'm having an issue with runnig WiFiDog successfully. By default the "SSL PeerVerification" parameter is enabled and is looking for certs to verify the auth server in the "/etc/ssl/certs/" directory which doesn't exist. To troubleshoot I modified the "SSLCertPath" parameter to "/jffs/etc/ssl/certs/" and copied the cert from my auth server and placed it in the same directory. I still received the same error as below in my debug log.

For reference I'm including the parameters that are responsible for this below.

Default config file
# Parameter: SSLPeerVerification
# Default: yes
# Optional

# Parameter: SSLCertPath
# Default: /etc/ssl/certs/
# Optional



Debug Log

Code:

root@Router2:~# wifidog -f -d 9 -c /tmp/wifidog/wifidog.conf
[6][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:651) Reading configuration file '/tmp/wifidog/wifidog.conf'
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: GatewayID, value: default
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: ExternalInterface, value: wlan0
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: GatewayInterface, value: wlan1.1
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: GatewayPort, value: 2060
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: HTTPDMaxConn, value: 10
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: HTTPDName, value: wifidog
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: CheckInterval, value: 60
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: ClientTimeout, value: 5
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: TrustedMACList, value: AC:E2:D3:3B:10:D1
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:882) Parsing string [AC:E2:D3:3B:10:D1] for trusted MAC addresses
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:902) Adding MAC address [AC:E2:D3:3B:10:D1] to trusted list
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: HtmlMessageFile, value: /jffs/wifidog-msg.html
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:697) Parsing token: AuthServer, value: {
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:379) Adding 192.168.2.105:80 (SSL: 443) / to the auth server list
[7][Wed Apr 21 11:28:38 2021][29735](../../src/conf.c:404) Auth server added
*********Skipped all the firewall rules from the log***********

Level 1: Connecting to SSL auth server 192.168.2.105:443
[7][Wed Apr 21 11:28:38 2021][29735](../../src/centralserver.c:341) Level 1: Successfully connected to auth server 192.168.2.105:443
[7][Wed Apr 21 11:28:38 2021][29735](../../src/centralserver.c:158) Unlocking config
[7][Wed Apr 21 11:28:38 2021][29735](../../src/centralserver.c:158) Config unlocked
[7][Wed Apr 21 11:28:38 2021][29735](../../src/centralserver.c:164) Connected to auth server
[6][Wed Apr 21 11:28:38 2021][29735](../../src/wd_util.c:116) AUTH_ONLINE status became ON
[7][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:160) Locking wolfSSL Context
[7][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:160) wolfSSL Context locked
[6][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:200) Loading SSL certificates from /etc/ssl/certs/
[3][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:203) Could not load SSL certificates (error -244)
[3][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:207) Make sure that SSLCertPath points to the correct path in the config file
[3][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:208) Or disable certificate loading with 'SSLPeerVerification No'.
[7][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:210) Unlocking wolfSSL Context
[7][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:210) wolfSSL Context unlocked
[3][Wed Apr 21 11:28:38 2021][29735](../../src/simple_http.c:253) Could not get wolfSSL Context!
[3][Wed Apr 21 11:28:38 2021][29735](../../src/ping_thread.c:185) There was a problem pinging the auth server!
[7][Wed Apr 21 11:28:38 2021][29735](../../src/firewall.c:139) Marking auth server down
[7][Wed Apr 21 11:29:38 2021][29735](../../src/auth.c:79) Running fw_counter()
[7][Wed Apr 21 11:29:38 2021][29735](../../src/ping_thread.c:74) Running ping()
[7][Wed Apr 21 11:29:38 2021][29735](../../src/ping_thread.c:108) Entering ping()
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:156) Locking config
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:156) Config locked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:201) Level 1: Calculated 1 auth servers in list
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:217) Level 1: Resolving auth server [192.168.2.105]
[7][Wed Apr 21 11:29:38 2021][29735](../../src/util.c:149) Locking wd_gethostbyname()
[7][Wed Apr 21 11:29:38 2021][29735](../../src/util.c:149) wd_gethostbyname() locked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/util.c:162) Unlocking wd_gethostbyname()
[7][Wed Apr 21 11:29:38 2021][29735](../../src/util.c:162) wd_gethostbyname() unlocked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:274) Level 1: Resolving auth server [192.168.2.105] succeeded = [192.168.2.105]
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:302) Level 1: Connecting to SSL auth server 192.168.2.105:443
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:341) Level 1: Successfully connected to auth server 192.168.2.105:443
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:158) Unlocking config
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:158) Config unlocked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/centralserver.c:164) Connected to auth server
[7][Wed Apr 21 11:29:38 2021][29735](../../src/simple_http.c:160) Locking wolfSSL Context
[7][Wed Apr 21 11:29:38 2021][29735](../../src/simple_http.c:160) wolfSSL Context locked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/simple_http.c:220) Unlocking wolfSSL Context
[7][Wed Apr 21 11:29:38 2021][29735](../../src/simple_http.c:220) wolfSSL Context unlocked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/simple_http.c:276) Sending HTTPS request to auth server: [GET /ping/?gw_id=default&sys_uptime=281312&sys_memfree=324320&sys_load=0.06&wifidog_uptime=60 HTTP/1.0
User-Agent: WiFiDog 1.3.0
Host: 192.168.2.105

]

[7][Wed Apr 21 11:29:38 2021][29735](../../src/gateway.c:247) Handler for SIGCHLD called. Trying to reap a child
[7][Wed Apr 21 11:29:38 2021][29735](../../src/gateway.c:251) Handler for SIGCHLD reaped child PID 29829
[3][Wed Apr 21 11:29:38 2021][29735](../../src/simple_http.c:281) wolfSSL_send failed: no support for error strings built in
[3][Wed Apr 21 11:29:38 2021][29735](../../src/ping_thread.c:185) There was a problem pinging the auth server!
[7][Wed Apr 21 11:29:38 2021][29735](../../src/gateway.c:247) Handler for SIGCHLD called. Trying to reap a child
[7][Wed Apr 21 11:29:38 2021][29735](../../src/gateway.c:251) Handler for SIGCHLD reaped child PID 29830
[7][Wed Apr 21 11:29:38 2021][29735](../../src/firewall.c:267) Locking client list
[7][Wed Apr 21 11:29:38 2021][29735](../../src/firewall.c:267) Client list locked
[7][Wed Apr 21 11:29:38 2021][29735](../../src/firewall.c:275) Unlocking client list
[7][Wed Apr 21 11:29:38 2021][29735](../../src/firewall.c:275) Client list unlocked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/auth.c:79) Running fw_counter()[7][Wed Apr 21 11:30:38 2021][29735](../../src/ping_thread.c:74) Running ping()
[7][Wed Apr 21 11:30:38 2021][29735](../../src/ping_thread.c:108) Entering ping()
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:156) Locking config

[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:156) Config locked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:201) Level 1: Calculated 1 auth servers in list
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:217) Level 1: Resolving auth server [192.168.2.105]
[7][Wed Apr 21 11:30:38 2021][29735](../../src/util.c:149) Locking wd_gethostbyname()
[7][Wed Apr 21 11:30:38 2021][29735](../../src/util.c:149) wd_gethostbyname() locked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/util.c:162) Unlocking wd_gethostbyname()
[7][Wed Apr 21 11:30:38 2021][29735](../../src/util.c:162) wd_gethostbyname() unlocked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:274) Level 1: Resolving auth server [192.168.2.105] succeeded = [192.168.2.105]
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:302) Level 1: Connecting to SSL auth server 192.168.2.105:443
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:341) Level 1: Successfully connected to auth server 192.168.2.105:443
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:158) Unlocking config
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:158) Config unlocked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/centralserver.c:164) Connected to auth server
[7][Wed Apr 21 11:30:38 2021][29735](../../src/simple_http.c:160) Locking wolfSSL Context
[7][Wed Apr 21 11:30:38 2021][29735](../../src/simple_http.c:160) wolfSSL Context locked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/simple_http.c:220) Unlocking wolfSSL Context
[7][Wed Apr 21 11:30:38 2021][29735](../../src/simple_http.c:220) wolfSSL Context unlocked
[7][Wed Apr 21 11:30:38 2021][29735](../../src/simple_http.c:276) Sending HTTPS request to auth server: [GET /ping/?gw_id=default&sys_uptime=281372&sys_memfree=329468&sys_load=0.08&wifidog_uptime=120 HTTP/1.0
User-Agent: WiFiDog 1.3.0
Host: 192.168.2.105

]

[7][Wed Apr 21 11:30:38 2021][29735](../../src/gateway.c:247) Handler for SIGCHLD called. Trying to reap a child
[7][Wed Apr 21 11:30:38 2021][29735](../../src/gateway.c:251) Handler for SIGCHLD reaped child PID -1
[7][Wed Apr 21 11:30:38 2021][29735](../../src/gateway.c:247) Handler for SIGCHLD called. Trying to reap a child
[7][Wed Apr 21 11:30:38 2021][29735](../../src/gateway.c:251) Handler for SIGCHLD reaped child PID 29842
[7][Wed Apr 21 11:30:38 2021][29735](../../src/firewall.c:267) Locking client list
[7][Wed Apr 21 11:30:38 2021][29735](../../src/firewall.c:267) Client list locked





Config File (created by the GUI)

Code:

root@Router2:~# cat /tmp/wifidog/wifidog.conf
GatewayID default
ExternalInterface wlan0
GatewayInterface wlan1.1
GatewayPort 2060
HTTPDMaxConn 10
HTTPDName wifidog
CheckInterval 60
ClientTimeout 5
TrustedMACList AC:E2:D3:3B:10:D1
HtmlMessageFile /jffs/wifidog-msg.html
AuthServer {
Hostname 192.168.2.105
SSLAvailable yes
SSLPort 443
HTTPPort 80
Path /
}
FirewallRuleSet validating-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet known-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet unknown-users {
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
}
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0
}



To summarize

    a) The parameter is enabled by default which causes the WifiDog client not to connect with the auth server and
    b) When trying to configure the right information for the parameter it still doesn't seem to work.

For my second point the mistake can be mine as I might not have named the certificate correctly. The WifiDog Client requires that I name the certificate using its hash value.

I'm able to resolve the issue by specifically adding the "SSLPeerVerification No" parameter in the config file. Withouth this the WifiDog client will not start successfully.


More info on the WifiDog config file can be found here.
https://github.com/wifidog/wifidog-gateway/blob/master/wifidog.conf


Previous build issue (r46329) follow-up

Tickets(#7395,#7396,#7397) related to the WiFiDog Client from last build (r46329) have been fixed. Please see my post for that build for details and links to the tickets.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1234970#1234970

Thanks BS and all the forum moderators for keeping this great community going.[/code][/list]
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Wed Apr 21, 2021 17:27    Post subject: Reply with quote
your config does not contain the cert path. so config is wrong
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
xraive
DD-WRT User


Joined: 08 Mar 2016
Posts: 134

PostPosted: Wed Apr 21, 2021 18:54    Post subject: Reply with quote
Thanks for your response BS. I didn't include the config file with the modifications, I only inlcuded the default config file which was giving the error in the log. I had mentioned that I modified my config file in my post but still received the same results. My apologies for not including the modified config file. Please see below.

Code:

root@Router2:~# cat /tmp/wifidog/wifidog.conf
GatewayID default
ExternalInterface wlan0
GatewayInterface wlan1.1
GatewayPort 2060
HTTPDMaxConn 10
HTTPDName wifidog
CheckInterval 60
ClientTimeout 20
TrustedMACList AC:E2:D3:3B:10:D1
HtmlMessageFile /jffs/wifidog-msg.html

AuthServer {
Hostname 192.168.2.105
SSLAvailable yes
SSLPort 443
HTTPPort 80
Path /
}

SSLPeerVerification Yes
SSLCertPath /jffs/etc/ssl/test/
#SSLAllowedCipherList
#SSLUseSNI

FirewallRuleSet validating-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet known-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet unknown-users {
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
}
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0
}



Debug Log

Code:

[7][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:160) wolfSSL Context locked
[6][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:200) Loading SSL certificates from /jffs/etc/ssl/certs/
[3][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:203) Could not load SSL certificates (error -244)
[3][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:207) Make sure that SSLCertPath points to the correct path in the config file
[3][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:208) Or disable certificate loading with 'SSLPeerVerification No'.
[7][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:210) Unlocking wolfSSL Context
[7][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:210) wolfSSL Context unlocked
[3][Wed Apr 21 13:41:33 2021][4718](../../src/simple_http.c:253) Could not get wolfSSL Context!
[3][Wed Apr 21 13:41:33 2021][4718](../../src/ping_thread.c:185) There was a problem pinging the auth server!
[7][Wed Apr 21 13:41:33 2021][4718](../../src/firewall.c:139) Marking auth server down



I'm also including info on how I named the certificates below. I used the "openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]" command to generate the fingerprint. I generated the sha-1, sha-256 and md5 fingerprints just to be sure.

Code:

root@Router2:/jffs/etc/ssl/certs# ls -l
-rwxrwxrwx    1 root     root          1383 Apr 17 21:25 1729700FFD1DD039E24907958B8DB60159697608DC3C4617A5FB64C0D12BAE2F.crt
-rwxrwxrwx    1 root     root          1383 Apr 17 21:25 96808195bfcc5017bee06e35618196a6a482d439.crt
-rwxrwxrwx    1 root     root          1383 Apr 17 21:25 A98802BDCCAF15EC5ABDD7616AF43A3A.crt
-rwxrwxrwx    1 root     root          1383 Apr 17 21:25 nginx-selfsigned.crt
drwxr-xr-x    2 root     root          4096 Apr 21 14:47 test



Let me know if there is any additional info I can provide.

Update: The config file was correct but I messed up the names of the certificates during copy and paste. Certificate verifications works now! Awesome! My apologies and thanks for the follow-up.

Regarding the other issue I mentioned in my post, can we set the default of the "SSLPeerVerification" to No? Or maybe find some other solution that would allow for this option to be changed. By default it is set to yes and when the WifiDog client starts it looks for the certs in the "/etc/ssl/certs/" directory which doesn't exist. This causes WifiDog not to work. I can only fix this by manually modifying the config file.

Thanks once again!
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Thu Apr 22, 2021 9:18    Post subject: Reply with quote
okay. i changed the default path to /jffs/etc/certs btw for future versions.
i hope its working now. the original version did not support tls 1.2 which i added in this version. i can also add tls 1.3 support, but it will blow up the code alot

_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
xraive
DD-WRT User


Joined: 08 Mar 2016
Posts: 134

PostPosted: Thu Apr 22, 2021 17:43    Post subject: Reply with quote
BrainSlayer wrote:
okay. i changed the default path to /jffs/etc/certs btw for future versions.
i hope its working now. the original version did not support tls 1.2 which i added in this version. i can also add tls 1.3 support, but it will blow up the code alot


I'll do the test and let you know for the next build. For tls 1.3 I'll get back to you on that. Don't want to blow up anything at the moment. Thanks once again!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum