Posted: Wed Apr 10, 2019 13:46 Post subject: New Build 39469: BS 04-10-2019-r39469 [build size reduced]
Broadcom build size is reduced 4, 8, or 12 KB versus 39296 (not for Atheros though) partly due to udhcpd removal. The already present dnsmasq has replaced it. PIE has also been added for some builds. Get your whip (or ice) cream...
Notes: 1. SFE accelerated NAT is in 33006+ builds but only in kernel 3.10 and newer 2. 'KRACK' vulnerability fixes were completed in r33678 for Broadcom, including k26 (33655) & k24 (33656); use build 33772 or later.
3. Bridge modes on k4.4 devices may sometimes work in some configurations in certain builds but are not supported by the bcmdhd driver. Use client or repeater instead as WDS doesn't work with Broadcom ARM either (see Issue #4 below).
4.R6400v2 support added in r36811-36818, 36825, and 36826. R6700v3 support added in r36828-36840.
Issues, observations, and/or workarounds reported: 1. (egc) Policy-Based Routing broken if SFE enabled: 5900 quarkysg's PBR+SFE fix: 5986 2.Trendnet 81*DRU models are missing factory-to-flash 3.DNScrypt is mostly only using v2 protocols now, but requires Golang that DD can't use:6246 4.WDS does not work on ARM devices (only MIPS<->MIPS) 5.VAPs not working at boot; workaround startup command:
sleep 10;stopservice nas;stopservice wlconf;startservice wlconf;startservice nas
6.K2.6 builds are broken since 38253(?); GUI issues:6538 7.High CPU usage (on httpd?) occurring for some configurations:6555 Try `stopservice httpd` from ssh/telnet and report back. To flash another build, stop httpd and use CLI flash.
Important: if any issues are found, please provide log info (GUI syslog, `dmesg`, `cat /var/log/messages`).
Or put into SVN ticket. For firewall issues, also provide "iptables" info (`iptables -L`, `iptables -t nat -L`, & the /tmp/.ipt file).
Template to copy (after "Code:") for posting issues, be sure to include the mode in use (gateway, AP, CB, etc.):
WARNING:This thread is to report on flashing this experimental test build, providing important info for both developers and users. Always state your hardware model, version, mode (e.g. Repeater) and SPECIFIC build (e.g. 33555_NEWD-2_K3.x_mega-nv64k.bin). Please avoid discussions and create a new thread to discuss specific problems or questions, as this thread is for reporting, not support. Posts may be deleted or moved to keep this thread manageable and useful. If you don't understand the risks or what to flash and how, with a means of recovery if it bricks, do NOT flash this experimental test build. _________________ #NAT/SFE/CTF: limited speed w/ DD#Repeater issues#DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo#
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Last edited by jwh7 on Tue Apr 16, 2019 16:33; edited 1 time in total
Joined: 26 Mar 2013 Posts: 1857 Location: Hung Hom, Hong Kong
Posted: Wed Apr 10, 2019 16:21 Post subject: Re: New Build 39469: BS 04-10-2019-r39469 [build size reduce
jwh7 wrote:
Broadcom build size is reduced 4, 8, or 12 KB versus 39296 partly due to udhcpd removal (not for Atheros though). The already present dnsmasq has replaced it. PIE has also been added for some builds. Get your whip (or ice) cream...
Posted: Wed Apr 10, 2019 17:20 Post subject: VPN Server and SPI Firewall
Hi
I have upgraded my E1200V1 from build 21061 to 39296 yesterday and to 39469 just now and I have a problem that I cannot fix about VPN (PPTP) Server.
I spent the last 2 days searching on this issue and I haven't found any fix yet.
On the old 21061 build, everything was working fine so I copied every settings onto the new setup without luck
I can connect to the VPN Server from a phone or another Windows PC but I cannot ping anyone else on the network. The "Connected PPTP Clients" from the status page show "None" even if I'm connected.
Syslog shows this when I connect which seems fine to me:
Code:
Apr 10 13:08:03 Maison daemon.info pptpd[1669]: CTRL: Client 2XX.4X.7X.2XX control connection started
Apr 10 13:08:04 Maison daemon.info pptpd[1669]: CTRL: Starting call (launching pppd, opening GRE)
Apr 10 13:08:04 Maison daemon.notice pppd[1670]: pppd 2.4.7 started by root, uid 0
I disabled the SPI Firewall and then it works. My old setup had SPI Firewall enabled though.
I tried to uncheck every box on the security page but if the SPI Firewall is Enabled, VPN won't transmit data
BTW, I tried to revert to an older build (37305) but I get the same results...
Is there something I miss within the configuration?
Can anyone help me with that ?
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Wed Apr 10, 2019 20:28 Post subject: Re: VPN Server and SPI Firewall
TorqueDelight wrote:
Hi
I can connect to the VPN Server from a phone or another Windows PC but I cannot ping anyone else on the network.
IMHO, ARP can't go through tunnel without ARP proxy or bcrelay (broadcast support) enabled... also check VPN.asp page and if vpn passthrough is enabled/dosabled for GRE...
Posted: Wed Apr 10, 2019 20:28 Post subject: Re: VPN Server and SPI Firewall
TorqueDelight wrote:
I have upgraded my E1200V1 from build 21061 to 39296 yesterday and to 39469 just now and I have a problem that I cannot fix about VPN (PPTP) Server.
I spent the last 2 days searching on this issue and I haven't found any fix yet.
I don't know if this will help as I don't use DD's VPN, but there was an OpenVPN fix for the transition to v2.4 in older versions of my new build page, which solved issues for many:
Quote:
Issues, observations, and/or workarounds reported:
[...]
2. (egc) "OpenVPN 2.4 is stable but you have to tweak your config" with: `mtu-disc yes` & `proto udp4`
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Wed Apr 10, 2019 20:29 Post subject:
Router Model Netgear R6250
Firmware Version DD-WRT v3.0-r39469 std (04/10/19)
Kernel Version Linux 4.4.178 #49 SMP Wed Apr 10 07:39:46 CEST 2019 armv7l
Router/Version: Netgear R7000
Firmware: DD-WRT v3.0-r39469 std (04/10/19)
Kernel: Linux 4.4.178 #49 SMP Wed Apr 10 07:39:46 CEST 2019 armv7l
Previous: r39296
Mode/Status: Gateway / working
Reset: no
Issues/Errors: No issues so far. Edit - have had some questionable Wifi disconnects in my last 90 minutes of uptime.
Uptime: 18m
Temperatures: CPU 67.5 °C / WL0 50.0 °C / WL1 53.5 °C
Posted: Wed Apr 10, 2019 22:22 Post subject: Re: VPN Server and SPI Firewall
Mile-Lile wrote:
TorqueDelight wrote:
Hi
I can connect to the VPN Server from a phone or another Windows PC but I cannot ping anyone else on the network.
IMHO, ARP can't go through tunnel without ARP proxy or bcrelay (broadcast support) enabled... also check VPN.asp page and if vpn passthrough is enabled/dosabled for GRE...
Thanks for the reply here are my settings:
Services / VPN:
- PPTP Server : Enable
- Broadcast Support : Enable
- MPPE Encryption : Enable
- DNS1/2 : Router IP
- WINS1/2 : Router IP
- MTU : 1436
- MRU : 1436
- Server IP : Router IP
- Client IP : "Subrange of the DHCP range"
Posted: Wed Apr 10, 2019 22:43 Post subject: Re: VPN Server and SPI Firewall
jwh7 wrote:
I don't know if this will help as I don't use DD's VPN, but there was an OpenVPN fix for the transition to v2.4 in older versions of my new build page, which solved issues for many:
Quote:
Issues, observations, and/or workarounds reported:
[...]
2. (egc) "OpenVPN 2.4 is stable but you have to tweak your config" with: `mtu-disc yes` & `proto udp4`
Router/Version: Cisco Linksys E4200 v1
File: dd-wrt.v24-39469_NEWD-2_K3.x_mega-e4200.bin
Firmware: DD-WRT v3.0-r39469M mega (04/10/19)
Kernel: Linux 3.10.108-d8 #23786 Wed Apr 10 13:38:52 CEST 2019 mips
Previous: DD-WRT v3.0-r39290M mega (03/26/19)
Reset: No
Mode: Gateway/AP (5GHz band only, 2.4 radio disabled)
Uptime: ~5.5 hrs
Status: OK
Issues/Errors:
1) No new errors. So far, so good. Disabled 2.4GHz radio previously due to wi-fi stability issues as I am not using that radio anyway. I may eventually do a reset and manual re-config if the need arises.
2)
mwchang wrote:
Script (especially custom ones) error alert?
Are you saying there is an error message because BS didn't run the build *after* the 39471 commit? Surely, you jest.
3) Also, the "Services" page wasn't updated to remove the additional DHCPD options that were tied to udhcpd (at least I think that's what that part of the page is for??).
Router/Version: TP LINK Archer C8 v1
Firmware: DD-WRT v3.0-r39469 std (04/10/19)
Kernel: Linux 4.4.178 #51 SMP Wed Apr 10 07:56:10 CEST 2019 armv7l
Previous: r39296
Mode/Status: Gateway / 2.4 and 5ghz working
Reset: no
Issues/Errors: No issues so far