Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Fri Jun 17, 2022 13:02 Post subject:
OpenVPN and WireGuard guides are stickies in this forum.
Your build is outdated and has security issues, upgrading is recommended.
Coming from such an old build resetting *after* updating is also highly recommended.
Put settings in manually never restore from a backup (to different build that is)
Thanks, but I've explained my why I didn't. Unless you have a better build that works with my use case?
By non-techie I meant I've spent 2/3 times more to figure things out, not being a lazy ass.
egc wrote:
OpenVPN and WireGuard guides are stickies in this forum.
Your build is outdated and has security issues, upgrading is recommended.
Coming from such an old build resetting *after* updating is also highly recommended.
Put settings in manually never restore from a backup (to different build that is)
Current build is 49212
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Jun 17, 2022 14:13 Post subject:
Old Kong build from 2019 is full with security issues...like
VPN, DNSmasq, Dropbear, DLNA, NAS, WiFi and many other binaries that ware patched for security issues...
Bad very bad idea is to stay on this old build wherever it may be stable...for you, you need to update reset and rebuild your setup manually....and adapt to the new settings...we are here to help...after update post pic of your set up so ppl can see and help you out...explain in details, provide logs and cover/hide the sensitive data... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Fri Jun 17, 2022 14:21 Post subject:
First I doubt the flashrouter app works with kong builds, we already have a thread with actual recent dd-wrt builds that the guy states this flashrouters app kills his VPN, so it doesn't even work with more recent dd-wrt.
Sorry too busy to go find that thread.
But running old kong build must be a nice change for botnets, enjoy being a node. and if you're lucky that's all you get.
But its your network and your attached devices, so have it.
What makes me glitch is, wont even try a current dd-wrt build. Is this pure comedy or what?
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Fri Jun 17, 2022 17:29 Post subject:
Re the shortcut... It's been a long time since I posted on this, and my setup has evolved so much that it's not even close to portable/shareable at this point. Too many aspects of it are really tailored to my own routers and their particular setups.
Worse, it's also been obsoleted by openvpn's new PBR features. If you use those features, the -HUP trick is not going to play well. See the openvpn guide for how to stop/start the openvpn client these days instead. And if you are doing it this new way, the "sed -i..." trick to edit the server name/IP won't fly either, as the stop/start will reinitialize the openvpn.conf file, causing the edit to be lost. So instead you'd need to edit the nvram variable openvpncl_remoteip.
So I'm afraid that instead of a proper solution to offer you, all I have is those hints on what you'll need to look into if you are up to coding your own! _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
The above was intended primarly for major changes of the OpenVPN client (e.g., different VPN providers), but there's no reason it won't work for minor changes too (e.g., preferred servers).
Thanks guys, I don't mean to come across being rude but have had enough people misunderstanding what non-techie meant.
Honestly I've got new build working, just a couple months ago, but the DLNA speed just wasn't on par with the one I'm sticking with. What specifically I report if you really want me to try that for the third time? I've tried two newer builds and have been aware and used the VPN enhancement.
Alozaros wrote:
Old Kong build from 2019 is full with security issues...like
VPN, DNSmasq, Dropbear, DLNA, NAS, WiFi and many other binaries that ware patched for security issues...
Bad very bad idea is to stay on this old build wherever it may be stable...for you, you need to update reset and rebuild your setup manually....and adapt to the new settings...we are here to help...after update post pic of your set up so ppl can see and help you out...explain in details, provide logs and cover/hide the sensitive data...
You're right on the first part.
And try to read what I wrote again. Did I ever say I have not tried? I guess you're not too busy to make fun of yourself.
the-joker wrote:
First I doubt the flashrouter app works with kong builds, we already have a thread with actual recent dd-wrt builds that the guy states this flashrouters app kills his VPN, so it doesn't even work with more recent dd-wrt.
Sorry too busy to go find that thread.
But running old kong build must be a nice change for botnets, enjoy being a node. and if you're lucky that's all you get.
But its your network and your attached devices, so have it.
What makes me glitch is, wont even try a current dd-wrt build. Is this pure comedy or what?
Not a problem, thanks for your response, I don't expect to get what I needed from my first post 😃
SurprisedItWorks wrote:
Re the shortcut... It's been a long time since I posted on this, and my setup has evolved so much that it's not even close to portable/shareable at this point. Too many aspects of it are really tailored to my own routers and their particular setups.
Worse, it's also been obsoleted by openvpn's new PBR features. If you use those features, the -HUP trick is not going to play well. See the openvpn guide for how to stop/start the openvpn client these days instead. And if you are doing it this new way, the "sed -i..." trick to edit the server name/IP won't fly either, as the stop/start will reinitialize the openvpn.conf file, causing the edit to be lost. So instead you'd need to edit the nvram variable openvpncl_remoteip.
So I'm afraid that instead of a proper solution to offer you, all I have is those hints on what you'll need to look into if you are up to coding your own!
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Fri Jun 17, 2022 19:27 Post subject:
hommegam wrote:
You're right on the first part.
And try to read what I wrote again. Did I ever say I have not tried? I guess you're not too busy to make fun of yourself.
Easy there... Whats wrong with self deprecation? Nothing!
If you have tried and posted such info I may have glazed over speed reading, so if such info exists I apologize. For your security sake, and on how terrible flashrouters app is. Both of which are informative and helpful concerned comments.
We are here to help you get there with the latest DD-WRT build and are not obligated to support any builds other than the latest (especially old irrelevant stuff I for one never used). Your part (the one that most matters) is to help us help you better.
Everything else is extra which altogether is awful good value for money, I mean. seriously good bang for your buck. Its only our personal lives and time we put into this for no reward whatsoever.
And for your information egc is the resident tunneling expert, hes patched all the current DD-WRT solutions and he knows what he is talking about. Of which patches are not available on old builds and thus wont work properly. He is our beloved Master Chief HO (that last part sounded worse than it is HO, Happiness Officer.)
I'm not saying you or anyone aren't helping. Trust me I wanted to use the latest build that's why I've spent 2 efforts at two different time as I get more familiar with dd wrt.
I've no problem getting newer builds working. Maybe I should have posted something a lot earlier.
I'm not sure what I should report on miniDLNA speed as it's specific to my Apple TV that I thought no one would even care to support this as it seems out of scope. I've tried different settings and I'm now using miniDLNA config via jffs to increase the initial scan time, which I believe metadata was the bottleneck.
the-joker wrote:
hommegam wrote:
You're right on the first part.
And try to read what I wrote again. Did I ever say I have not tried? I guess you're not too busy to make fun of yourself.
Easy there... Whats wrong with self deprecation? Nothing!
If you have tried and posted such info I may have glazed over speed reading, so if such info exists I apologize. For your security sake, and on how terrible flashrouters app is. Both of which are informative and helpful concerned comments.
We are here to help you get there with the latest DD-WRT build and are not obligated to support any builds other than the latest (especially old irrelevant stuff I for one never used). Your part (the one that most matters) is to help us help you better.
Everything else is extra which altogether is awful good value for money, I mean. seriously good bang for your buck. Its only our personal lives and time we put into this for no reward whatsoever.
And for your information egc is the resident tunneling expert, hes patched all the current DD-WRT solutions and he knows what he is talking about. Of which patches are not available on old builds and thus wont work properly. He is our beloved Master Chief HO (that last part sounded worse than it is HO, Happiness Officer.)
For something quantitative: if I recall correctly, DLNA ATV
On my current build it's about 300 Mbps/s read speed
New builds: 100 Mbps/s.
Side note: SMB seems to be slower on both cases at around 80-150 Mbp/s.
The results are straight off Infuse which has the ability to test each specific sharing drive and it's connecting method, in this case all results were talking about the exact same devices and network (i.e. wifi). There's no gigabit on my ATV so let's not go there.
My speedtest on ATV is 500+ Mbps/s download and 450+ upload
I now realized I'm the odd ones who doesn't upgrade lol.
Does WireGuard work on a 2019 build? I have not tried/heard of this so am willing to try and explorer.
And that's actually my second goal - tunneling. My original ask was different server as I think speed/region varies and I want to be able to switch quickly. I think I have the answer but will test later.
egc wrote:
He probably want to just switch , preferably with an app.
For that you need a script as @Surpriseditworks already said.
Alternative could be to use WireGuard with multiple tunnels and make a combination of source and destination routing, e.g. your TV uses one tunnel, your IoT network another and the website of your bank and amazon are always using the WAN.
So you have a permanent solution.
Of course it is also possible to have multiple WG tunnels with multiple destinations and simply enable/disable but of course you need a script to do that albeit a simpler script
Last edited by hommegam on Fri Jun 17, 2022 20:30; edited 1 time in total
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Fri Jun 17, 2022 20:25 Post subject:
miniDLNA you need to use and are recommended as per internal DD-WRT help pages (which I have also improved slightly lately) to enable jffs to store the databases, else its stored in ram and each reboot re-triggers a re-scan otherwise if not stored in jffs.
Using USB to store the database also not ideal.
That said I dont use, dont recommend DLNA, Samba/NFS is the way to go. But DLNA is easier to setup especially for yuk smart tv's and other such botnet friendly hw.
That said doing stuff like this on a router isnt ideal, since the router needs to be a router first and foremost. Your router and mine are identical hardware btw. I use other servers on network for this, the router needs to be a router and not have CPU cycles consumed easily by demanding services, and decrease efficiency of the overall network in the process.
Wireguard has had many patches since 2019 and I dont recommend old builds for this or VPN/OPenVPN which egc has patched extensively after 2019.