Posted: Wed Aug 17, 2022 17:43 Post subject: Need advice on best update build with great security
Hello Guys
Currently running Firmware: DD-WRT v3.0-r37495M kongat (10/28/1
Which is old now and i think the new Kong have stopped being updated.
Looking for advice on best one to update to with best security features.
I would like a build i dont have to keep resetting and re-configuring.
Like being able to backup config and re import into any new build if needed
Joined: 08 May 2018 Posts: 14217 Location: Texas, USA
Posted: Wed Aug 17, 2022 17:51 Post subject: Re: Need advice on best update build with great security
thorrrr wrote:
I would like a build i dont have to keep resetting and re-configuring.
Like being able to backup config and re import into any new build if needed
Technically a unicorn, but you can always try importing previous config backup from older build, but it is NOT recommended. The caveat is that certain nvram variables have changed since your build, and this is an ongoing development thing as these have changed plenty over the past 4 years. That being said, the latest build is always a recommended stepping point first.
Always recommended to have a clear browser cache, CTRL+F5 page reloads, or use a portable browser in private browsing mode with no add-ons or extensions loaded, separate from your internet traffic. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Wed Aug 17, 2022 19:16 Post subject:
Technically you are now using a build with known unpatched and currently exploited security issues, both kernel side, libraries side to name one of the several e.g. openssl and several dd-wrt components.
All such patched to known exploits in the wild are present in latest DD-WRT build.
You can export your current nvram to human readable format for reference only but restoring old kongac build backup to current DD-WRT is not recommended for the reason already mentioned on post above mine.
To do such export login via SSH/Telnet and run nvram show > /tmp/somebackupname-id-date.txt and then grab that file to your desktop.
After upgrade you should run nvram reset && reboot and reconfigure from scratch for best results using the human readable backup as reference and ensuring what you are configuring nvram variables wise exist in current build.
There's also the option of doing a proper print-out of all configuration pages for reference. For Windows peeps who are brave enough, there's NVRAM Editor 0.92 Beta, so no need to use text files. There is also ddwrt-nvram-tools if you're a Linux type and skilled enough to compile and use it <grin> _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
HI
Cheers for quick reply so if i forget the unicorn option.
If i take a screenshot of all my settings which might be quicker or printout as i am on linux.
So grabbing the latest option please can you remind me how to process goes to make a fresh install.
As it is 4 years since i did this. Do i have to reset it to factory default x2 then add latest version r49741/netgear-r7800?
Is there an upgraded guide or are we still on the same one?
Finally can i configure the router with a good firewall or should i look towards going with pfsense?
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Thu Aug 18, 2022 8:03 Post subject:
thorrrr wrote:
HI
Cheers for quick reply so if i forget the unicorn option.
If i take a screenshot of all my settings which might be quicker or printout as i am on linux.
So grabbing the latest option please can you remind me how to process goes to make a fresh install.
As it is 4 years since i did this. Do i have to reset it to factory default x2 then add latest version r49741/netgear-r7800?
Is there an upgraded guide or are we still on the same one?
Finally can i configure the router with a good firewall or should i look towards going with pfsense?
I second the opinions above...
what i do is to export/print (via browser) the settings pages to a PDF than copy paste
_________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu Aug 18, 2022 18:01 Post subject:
DD-WRT has much changed, the basics remain and will likely remain for the long forseable future, like you still need to reset and reconfigure coming from ancient builds and not restore backups.
The only change is that since Web interface has had much work and because browsers cache stuff that will cause issues we recommend you to clear the cache in addtion.
So, old thread, new thread, seems nothing has changed your side that is for sure!
There's also the option of doing a proper print-out of all configuration pages for reference. For Windows peeps who are brave enough, there's NVRAM Editor 0.92 Beta, so no need to use text files. There is also ddwrt-nvram-tools if you're a Linux type and skilled enough to compile and use it <grin>
Hello i am on Linux Fedora but newish to it do you have any docs or point me on how to do it. I read the docs and unlike most Github docs this has no instructions on how to do this
Joined: 08 May 2018 Posts: 14217 Location: Texas, USA
Posted: Thu Sep 08, 2022 15:30 Post subject:
Step #1: Install C/C++ compiler and related tools
If you are using Fedora, Red Hat, CentOS, or Scientific Linux, use the following yum command to install GNU c/c++ compiler:
Code:
# yum groupinstall 'Development Tools'
Step #2: Verify installation
Type the following command to display the version number and location of the compiler on Linux:
Code:
$ whereis gcc
$ which gcc
$ gcc --version
Step #3: Clone git repository for ddwrt-nvram-tools
NOTE: If git was not installed in step 1, then you will have to install it manually (i.e. yum install git)
Step #4: Change into directory for code repository (I presume it will be ddwrt-nvram-tools) and issue 'make' or 'make all' and the compiled binaries should be in the same directory when compiling is done, unless it installs them elsewhere like /usr/bin, /usr/sbin, /usr/local/bin, or /usr/local/sbin. If the resulting binaries do not install into any directory in the $PATH environment variable in your system, you will need to either specify path to binary or be in the same directory as the binary to execute it. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net