Need advice on best update build with great security

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
thorrrr
DD-WRT User


Joined: 01 Feb 2012
Posts: 63

PostPosted: Wed Aug 17, 2022 17:43    Post subject: Need advice on best update build with great security Reply with quote
Hello Guys
Currently running Firmware: DD-WRT v3.0-r37495M kongat (10/28/1Cool
Which is old now and i think the new Kong have stopped being updated.

Looking for advice on best one to update to with best security features.
I would like a build i dont have to keep resetting and re-configuring.
Like being able to backup config and re import into any new build if needed
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Aug 17, 2022 17:51    Post subject: Re: Need advice on best update build with great security Reply with quote
thorrrr wrote:
I would like a build i dont have to keep resetting and re-configuring.
Like being able to backup config and re import into any new build if needed

Technically a unicorn, but you can always try importing previous config backup from older build, but it is NOT recommended. The caveat is that certain nvram variables have changed since your build, and this is an ongoing development thing as these have changed plenty over the past 4 years. That being said, the latest build is always a recommended stepping point first.

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2022/08-15-2022-r49741/

Always recommended to have a clear browser cache, CTRL+F5 page reloads, or use a portable browser in private browsing mode with no add-ons or extensions loaded, separate from your internet traffic.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Aug 17, 2022 19:16    Post subject: Reply with quote
Technically you are now using a build with known unpatched and currently exploited security issues, both kernel side, libraries side to name one of the several e.g. openssl and several dd-wrt components.

All such patched to known exploits in the wild are present in latest DD-WRT build.

You can export your current nvram to human readable format for reference only but restoring old kongac build backup to current DD-WRT is not recommended for the reason already mentioned on post above mine.

To do such export login via SSH/Telnet and run nvram show > /tmp/somebackupname-id-date.txt and then grab that file to your desktop.

After upgrade you should run nvram reset && reboot and reconfigure from scratch for best results using the human readable backup as reference and ensuring what you are configuring nvram variables wise exist in current build.

And of course browse cache clearing as already mentioned.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Wed Aug 17, 2022 20:40    Post subject: Reply with quote
There's also the option of doing a proper print-out of all configuration pages for reference. For Windows peeps who are brave enough, there's NVRAM Editor 0.92 Beta, so no need to use text files. There is also ddwrt-nvram-tools if you're a Linux type and skilled enough to compile and use it <grin>
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
thorrrr
DD-WRT User


Joined: 01 Feb 2012
Posts: 63

PostPosted: Thu Aug 18, 2022 7:47    Post subject: Reply with quote
HI
Cheers for quick reply so if i forget the unicorn option.
If i take a screenshot of all my settings which might be quicker or printout as i am on linux.

So grabbing the latest option please can you remind me how to process goes to make a fresh install.
As it is 4 years since i did this. Do i have to reset it to factory default x2 then add latest version r49741/netgear-r7800?
Is there an upgraded guide or are we still on the same one?

Finally can i configure the router with a good firewall or should i look towards going with pfsense?
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Thu Aug 18, 2022 8:03    Post subject: Reply with quote
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1228742

read your own thread
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Aug 18, 2022 8:03    Post subject: Reply with quote
thorrrr wrote:
HI
Cheers for quick reply so if i forget the unicorn option.
If i take a screenshot of all my settings which might be quicker or printout as i am on linux.

So grabbing the latest option please can you remind me how to process goes to make a fresh install.
As it is 4 years since i did this. Do i have to reset it to factory default x2 then add latest version r49741/netgear-r7800?
Is there an upgraded guide or are we still on the same one?

Finally can i configure the router with a good firewall or should i look towards going with pfsense?


I second the opinions above...
what i do is to export/print (via browser) the settings pages to a PDF than copy paste
Laughing

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
thorrrr
DD-WRT User


Joined: 01 Feb 2012
Posts: 63

PostPosted: Thu Aug 18, 2022 14:03    Post subject: Reply with quote
ho1Aetoo wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1228742

read your own thread


Hi I was just asking in case things had changed over the years Smile
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Aug 18, 2022 18:01    Post subject: Reply with quote
DD-WRT has much changed, the basics remain and will likely remain for the long forseable future, like you still need to reset and reconfigure coming from ancient builds and not restore backups.

The only change is that since Web interface has had much work and because browsers cache stuff that will cause issues we recommend you to clear the cache in addtion.

So, old thread, new thread, seems nothing has changed your side that is for sure! Wink

See you next year with another similar thread? Beat you to the punch, nothing will change, except I may no longer be around or contribute as often.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
thorrrr
DD-WRT User


Joined: 01 Feb 2012
Posts: 63

PostPosted: Thu Aug 18, 2022 20:46    Post subject: Reply with quote
Have you any thoughts or advice on my last sentence re firewall ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Aug 18, 2022 20:51    Post subject: Reply with quote
The router has a decent enough firewall.

Mine is directly connected to the internet.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
thorrrr
DD-WRT User


Joined: 01 Feb 2012
Posts: 63

PostPosted: Thu Sep 08, 2022 13:22    Post subject: Reply with quote
dale_gribble39 wrote:
There's also the option of doing a proper print-out of all configuration pages for reference. For Windows peeps who are brave enough, there's NVRAM Editor 0.92 Beta, so no need to use text files. There is also ddwrt-nvram-tools if you're a Linux type and skilled enough to compile and use it <grin>


Hello i am on Linux Fedora but newish to it do you have any docs or point me on how to do it. I read the docs and unlike most Github docs this has no instructions on how to do this Sad
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Sep 08, 2022 14:23    Post subject: Reply with quote
You will need a C compiler and then try to build it and see what dependencies it complains about and install the respective dev packages until all deps are satisfied.
_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu Sep 08, 2022 15:30    Post subject: Reply with quote
Step #1: Install C/C++ compiler and related tools
If you are using Fedora, Red Hat, CentOS, or Scientific Linux, use the following yum command to install GNU c/c++ compiler:
Code:
# yum groupinstall 'Development Tools'

Step #2: Verify installation
Type the following command to display the version number and location of the compiler on Linux:
Code:
$ whereis gcc
$ which gcc
$ gcc --version

Step #3: Clone git repository for ddwrt-nvram-tools
NOTE: If git was not installed in step 1, then you will have to install it manually (i.e. yum install git)
Code:
git clone https://github.com/tknarr/ddwrt-nvram-tools.git

Step #4: Change into directory for code repository (I presume it will be ddwrt-nvram-tools) and issue 'make' or 'make all' and the compiled binaries should be in the same directory when compiling is done, unless it installs them elsewhere like /usr/bin, /usr/sbin, /usr/local/bin, or /usr/local/sbin. If the resulting binaries do not install into any directory in the $PATH environment variable in your system, you will need to either specify path to binary or be in the same directory as the binary to execute it.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
thorrrr
DD-WRT User


Joined: 01 Feb 2012
Posts: 63

PostPosted: Fri Sep 09, 2022 8:10    Post subject: Reply with quote
Thank you very much for your detailed explanation worked a treat.
Just need to run it now Smile
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum