Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Jan 05, 2011 23:22 Post subject:
The wireless driver has many problems, 65 Mbps N speeds to several clients, crashes with P2P activity, odd TX power for some routers. All we can do is keep making noise about these issues until something happens... eventually. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Now you're just on par with the rest of us. With stock firmware I can transfer that same file of yours in about 40 secs or less.
Maybe its your wifi card on your client. I get 15+ MB/s with my Intel 6300 and with and old Intel 5300.
For the gain and tx power round the numbers up, this has already been discussed in this thread a couple of months back.
Well, this machine is 2 concrete walls away from the router, so it's quite a good performance (compared to my old d-link G router/ADSL modem). I believe what it matters the most, is to compare the performance of the dd-wrt firmware with the stock firmware, and, when correctly configured, the performance is the same.
Perhaps the default encryption option should be set as AES and not TKIP, or at least in our router dd-wrt Wiki page, that issue should be mentioned. I think this is giving a lot of headaches around.
Is there any benefit to nameing the 2.4 and 5g SSIDS the same? I see where some do and some don't. I have them seperately now but am wondering if I named them the same would I see any performance increase?
What's the best way to get the latest build? In this thread I see r15940 was posted a couple weeks ago (12/18/10). But when I go to the download page (http://www.dd-wrt.com/site/support/router-database) and enter WNDR3700 I get build 14896 from last August.
Posted: Thu Jan 06, 2011 18:04 Post subject: WNDR3700 Openvpn Disconnection issue - BUILD ERROR?
Hello team,
I have been working with dd-wrt for over two years, with different routers, always linksys. wrt320n mainly, some wrt160s, etc. I normally use BIG or MEGA, or custom builds for openvpn when ram is 4 meg. Never had any issues. Have my own openvpn servers running on different locations (Colocated Servers).
WNDR3700 is a new animal for me. I decided to make the shift when I found that it had the new Atheros 680mhz processor. Speed is an issue for a client of mine, so due to the cpu usage in encryption, 680mhz gives me a much higher throughput (ca. 11mbps), versus the 320n with 354mhz, ca. 7mbps.
Anyway, the point:
For some strange reason, wndr3700 severs the connection (it completely stops routing traffic), when an upload occurs. I noticed this during the upload tests on various pages such as speedtest.net / speakeasy.net/speedtest / and some text and java versions as well.
otherwise, the tunnel is stable. Whenever an upload occurs, everything stops routing. As soon as I kill the openvpn process through terminal, everything resumes promptly.
I have NEVER had this happen to me on any of the other routers, and the config for openvpn is the same. I have another E2000, E3000, and wrt320n, and they don't have this issue. it's only WNDR3700.
Syslog does not show anything (/var/log/messages). I tried to check if it was an iptables issue, i flushed the nat, and routed traffic again normally, as well as through tun0. Nothing.
I can still access 192.168.1.1 however, when this happens.
I have no idea why this is. I've upgraded to new firmware (the new 01/03/2011 .6.98 stock), then gone to dd-wrt, webflashed, a whole number of things, and no joy.
Is this a quirk? I have been googling for the better
part of three days and haven't found anything similar.
It ONLY happens with Openvpn active. Without OpenVPN, everything works peachy keen. upload through speedtest, and everything.
I tried to reproduce the error with any other things that would hang the router up, and the only thing that did so was my trying to access the internal ip's through the tun0 IP from another location.
Example:
tun0 established with IP 10.8.5.10 . I go to another location, and access http://10.8.5.10 (and on all my other routers it works just fine, by forwarding port 80 and/or disabling firewall), and with this one, it hangs.
The weird part is that the connection REMAINS ACTIVE to the openvpn server. just no traffic whatsoever.
Please help.
I'll include a few configs that I use, they work perfectly with all other builds i've ever used on dd-wrt, wrt320n's, wrt160n's, wrt54g, even some x86 custom boxes.
This one is the only quirky one I've ever come across, and it ONLY happens when doing an upload through speedtest. I've tried modifying QoS. Bit stumped, really Sad
This is my basic SH script so I can avoid the pesky "easy way" and all that that turns out not to be easy at all. It works perfectly for all dd-wrt builds I have ever built.
Code:
#/bin/sh
for i in `nvram show|grep openvpn|cut -d '=' -f1`; do nvram unset $i; done
nvram set rc_startup='mkdir /tmp/ovpn
cd /tmp/ovpn
nvram get ovpn_up>up
nvram get ovpn_dn>dn
chmod +x up dn
nvram get ovpn_cfg>ovpn.conf
mkdir -p /tmp/etc/config
echo -e "#!/bin/sh\nkillall openvpn\nping -c10 localhost\nkillall openvpn\nopenvpn --daemon --config /tmp/ovpn/ovpn.conf">/tmp/etc/config/ovpn.wanup
chmod +x /tmp/etc/config/ovpn.wanup'
nvram set ovpn_cfg='remote IP_ADDRESS PORT
proto udp
tls-auth ta.key 1
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 2
mute 20
cipher BF-CBC
keepalive 10 120
route-up "/tmp/ovpn/up"
down "/tmp/ovpn/dn"
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
*cut for security purposes*
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
*cut*
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
*CUT*
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
*cut*
-----END RSA PRIVATE KEY-----
</key>
<dh>
-----BEGIN DH PARAMETERS-----
*cut*
-----END DH PARAMETERS-----
</dh>
'
nvram set ovpn_up='iptables -t nat -A POSTROUTING -o $dev -j MASQUERADE
for R in /tmp/resolv.conf /tmp/resolv.dnsmasq; do
mv $R $R~
for O in "$foreign_option_1" "$foreign_option_2"; do
P="$O"
p1=$(echo "$P" | cut -d " " -f1)
if [ "$p1" == "dhcp-option" ]; then
p2=$(echo "$P" | cut -d " " -f2)
p3=$(echo "$P" | cut -d " " -f3)
if [ "$p2" == "DNS" ] ; then
echo "nameserver $p3">>$R
fi
fi
done
done
'
nvram set ovpn_dn='iptables -t nat -D POSTROUTING -o $dev -j MASQUERADE
for R in /tmp/resolv.conf /tmp/resolv.dnsmasq; do
mv $R~ $R
done
killall -HUP dnsmasq'
nvram commit
Code:
Warning: Permanently added '10.8.0.86' (RSA) to the list of known hosts.
DD-WRT v24-sp2 std (c) 2010 NewMedia-NET GmbH
BUILD 15962 (12/24/2010)
Jan 6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: [server] Peer Connection Initiated with ******
Jan 6 09:53:57 TRONIXWRTIX daemon.notice openvpn[1884]: TUN/TAP device tun0 opened
Jan 6 09:53:57 TRONIXWRTIX daemon.notice openvpn[1884]: /sbin/ifconfig tun0 10.8.0.86 pointopoint 10.8.0.85 mtu 1500
Jan 6 09:53:57 TRONIXWRTIX daemon.notice openvpn[1884]: Initialization Sequence Completed