New Build 42617: 03-05-2020-r42617

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3, 4  Next
Author Message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu Mar 05, 2020 12:50    Post subject: New Build 42617: 03-05-2020-r42617 Reply with quote
WARNING: DO NOT flash this experimental test build unless you know the risks and recovery methods. Report here to provide important info for developers and users. Always state your hardware model & version, mode (e.g. Repeater) and SPECIFIC build (e.g. netgear-r7000-webflash). Avoid discussions and create a new thread for specific problems or questions as this thread is not for support, and posts may be deleted or moved.

Downloads: if a link does not work, try another (alternative @DD-WRT website)
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/03-05-2020-r42617/
ftp://ftp.dd-wrt.com/betas/2020/03-05-2020-r42617/
Note: for wget (or curl) with CLI flash (`write {f/w} linux`), change the https to http, use `curl -k {link} -o {file}`, or ftp

Changelogs:
SVN* changelog since last build: 42602
Summary: (deprecated after 29739)
*Github mirror: https://github.com/mirror/dd-wrt/

Important: if reporting any issues, provide applicable info (GUI syslog, `dmesg`, `cat /var/log/messages`, etc.)
Or put into SVN ticket. For firewall issues, also provide "iptables" info (`iptables -L`, `iptables -t nat -L`, & the /tmp/.ipt file).

Issues, observations, and/or workarounds reported:
1. DNScrypt is mostly only using v2 protocols now, but requires Golang that DD can't use: 6246
2. WDS does not work on Broadcom ARM devices (only MIPS<->MIPS)
3. VAPs not working at boot fixed for unbridged VAPs with r40564:40566. Workaround startup command:
sleep 10;stopservice nas;stopservice wlconf;startservice wlconf;startservice nas (there are a few alternatives to search)

Notes:
1. SFE accelerated NAT is in 33006+ builds but only in kernel 3.2 and newer
2. 'KRACK' vulnerability fixes were completed in r33678 for Broadcom, including k26 (33655) & k24 (33656); use 33772 or later.
3. Bridge modes on k4.4 devices may sometimes work in some configurations in certain builds but are not supported by the bcmdhd driver. Use client or repeater instead as WDS doesn't work with Broadcom ARM either (see Issues below).
4. PBR/UDP with SFE working again since r40513 (see 6729)
5. CAKE scheduler changes "completed" with r41057 (see 5796) & FQ_CODEL_FAST with r41027 (reset first!)
6. Reset button was broken in 40571; fixed in build 40750.
7. Radio Timer / GTK Renewal issues, syslog spam and wireless issues (BCM MIPS) fixed with r41662
8. New Broadcom build option for 8MB+ K2.x devices (limited currently):
broadcom_K3X_mipsel32r1 [BS has tested on a WRT600N v1.1]
9. CVE-2019-14899 VPN fix (r41784: applicability depends on VPN setup) and GUI toggle (r41812): ticket 6920, 6928, 6931, 6932
10. In-kernel samba now used and default min/max versions have changed, so change them if needed: 6954, 6957

Template example to copy (after "Code:") for posting issues, be sure to include the mode in use (gateway, AP, CB, etc.):
Code:
[b][u]Router/Version: [/u][/b]
[b]Mode: [/b]
[b]File: [/b]
[b]Kernel: [/b]
[b]Status: [/b]

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Sponsor
turbowells
DD-WRT User


Joined: 14 Sep 2019
Posts: 301
Location: Maine, USA

PostPosted: Thu Mar 05, 2020 14:34    Post subject: Reply with quote
Router/Version: Asus RT-N66U
File: dd-wrt.v24-42617_NEWD-2_K3.x_mega_RT-N66U.trx
Firmware: DD-WRT v3.0-r42617 mega (03/05/20)
Kernel: Linux 3.10.108-d10 #2784 Thu Mar 5 13:17:43 +04 2020 mips
Mode: AP/USB
Previous: r42602
Reset?: N
Status: Working

Router/Version: Asus RT-N12D
File: dd-wrt.v24-42617_NEWD-2_K3.x_mega.bin
Firmware: DD-WRT v3.0-r42617 mega (03/05/20)
Kernel: Linux 3.10.108-d10 #2784 Thu Mar 5 13:17:43 +04 2020 mips
Mode: Router/OpenVPN client
Previous: r42602
Reset?: N
Status: Working

Router/Version: Asus WL-500G Premium v2
File: dd-wrt.v24_mega_generic.bin
Firmware: DD-WRT v3.0-r42617 mega (03/05/20)
Kernel: Linux 2.4.37 #59410 Thu Mar 5 06:21:26 +04 2020 mips
Mode: Router/USB
Previous: r42602
Reset?: N
Status: Working-USB not mounting

Router/Version: Linksys E2500 V3
File: dd-wrt.v24-42617_NEWD-2_K3.x_mega-e2500.bin
Firmware: DD-WRT v3.0-r42617 mega (03/05/20)
Kernel: Linux 3.10.108-d10 #2784 Thu Mar 5 13:17:43 +04 2020 mips
Mode: Router/USB
Previous: r42602
Reset?: N
Status: Working, had to manually power off/on after flash

Flashed from gui. Syslogs clean. Up one hour.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Mar 05, 2020 15:29    Post subject: Reply with quote
Router Model: Netgear R6400v2, board_id: U12H332T30_NETGEAR

Firmware Version: DD-WRT v3.0-r42617 std (03/05/20)
Kernel Version: Linux 4.4.215 #1052 SMP Wed Mar 4 12:16:22 +04 2020 armv7l

Upgraded from: DD-WRT v3.0-r42602 std (03/03/20)
Reset: No, not this time

Status: Up and running for 24 hours, basic setup as Gateway, static leases, OpenVPN client (on PIA) with Policy Based Routing up and running, 2,4GHz, 5Ghz USB storage NAS working, OpenVPN server and WireGuard working.

Errors:
1. DNS leak see: http://svn.dd-wrt.com/ticket/6020, https://svn.dd-wrt.com/ticket/6908

Otherwise build is fine

Resolved:
1. Pushed DNS servers from VPN provider are used starting with build 41120, if you do not want that, add the following to the Additional Config of the VPN client:
pull-filter ignore "dhcp-option DNS"
2. Build 41174 has an improved VPN Policy Based Routing, it is now possible to use the VPN route command i.e. to route a DNS server via the VPN (in this way you will get rid of the DNS leak), see: https://svn.dd-wrt.com/ticket/6815#comment:1 , and for DNS leaks the second posting of this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
3. Another improvement on PBR is that local routes are now copied over to the alternate routing table so there is communication if you have unbridged VAP's and you can set the router's IP on PBR.
See: https://svn.dd-wrt.com/ticket/6821#comment:3
4. Starting with build 41174, the PBR has become more versatile, you can now use " from [IP address] to [IP address] ", so if you enter the following in the PBR field:
192.168.1.124 to 95.85.16.212 #ipleak.net, it will only route IP address 95.85.16.212 (which is ip leak.net) from my IP address 192.168.1.124 via the VPN everything else from this IP address will route via the WAN (this is just an example).
See: https://svn.dd-wrt.com/ticket/6822
Although this command itself supports routing per port this is however only available starting from K 4.17 so we have to rely on scripting for per port routing until then.
5. New OpenVPN TLS ciphers are added in 41308 see: https://svn.dd-wrt.com/changeset/41308
6. Starting with build 41304 you can now choose which TLS Key you want to use: TLS Auth or the newer/better TLS Crypt. See https://svn.dd-wrt.com/ticket/6845#comment:17
7. Starting with build 41664 no problems with GTK renewal and authenticating problems, unbridged VAP works, for bridged VAP's this is still needed:
sleep 20; stopservice nas; wlconf eth1 down; wlconf eth2 down; wlconf eth1 up; wlconf eth2 up; startservice nas
8. Builds from 41786 onwards, when using an OVPN server to connect to your local LAN clients, access might be prevented because of a patch which should solve a recent vulnerability ( see: https://svn.dd-wrt.com/ticket/6928)
This can be mitigated with the following firewall rule:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j MASQUERADE

When using WireGuard you can run into the same trouble,i.e. not being able to access your local LAN clients. For WireGuard this is the workaround:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j MASQUERADE

This method described above also has security and logging concerns as all traffic has the same source address (your router)
An alternate method is using the following rule but it only works if the VPN or Wireguard interface is up and if your VPN or Wireguard interface goes down you have to reapply or run a continuous script checking/applying:
OpenVPN server:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j ACCEPT

WireGuard:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j ACCEPT

This rule can expose your LAN side to the CVE attack, but if you have your IOT things separated and tight control over your LAN you should be good, if your LAN is hacked you have got bigger problems.

Builds starting with 41813 have an option button in OpenVPN and Wireguard for disabling the CVE-patch 14899

Big Thanks to BS!!

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
twindragon6
DD-WRT User


Joined: 29 Jun 2008
Posts: 332

PostPosted: Thu Mar 05, 2020 17:36    Post subject: Netgear Nighthawk R7000 Reply with quote
Router/Version: Netgear R7000
Firmware: DD-WRT v3.0-r42617 std (03/05/20)
Kernel: Linux 4.4.215 #1052 SMP Wed Mar 4 12:16:22 +04 2020 armv7l
Mode: Gateway
Reset: No
Previous: 03-03-2020-r42602
Status: Working


grep -i err /var/log/messages

Dec 31 16:00:08 R7000 kern.err kernel: bcmsflash: found no supported devices
Dec 31 16:00:09 R7000 daemon.info mstpd[616]: error, CTL_set_cist_bridge_config: Couldn't find bridge with index 8
Dec 31 16:00:09 R7000 daemon.info mstpd[616]: error, CTL_set_cist_bridge_config: Couldn't find bridge with index 8
Dec 31 16:00:09 R7000 daemon.info mstpd[616]: error, CTL_set_msti_bridge_config: Couldn't find bridge with index 8
Dec 31 16:00:09 R7000 daemon.info mstpd[616]: error, CTL_set_cist_bridge_config: Couldn't find bridge with index 8
Dec 31 16:00:09 R7000 daemon.info mstpd[616]: error, CTL_set_cist_bridge_config: Couldn't find bridge with index 8
Dec 31 16:00:12 R7000 local5.err usmbd: [usmbd-worker/1020]: ERROR: Can't open `/tmp/smb.db': No such file or directory
Dec 31 16:00:12 R7000 local5.err usmbd: [usmbd-worker/1020]: ERROR: User database file does not exist. Only guest sessions (if permitted) will work.
Dec 31 16:00:12 R7000 user.err wsdd2[1007]: error: wsdd-mcast-v4: wsd_send_soap_msg: send
Dec 31 16:00:21 R7000 daemon.err ntpclient[1080]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Dec 31 16:00:21 R7000 daemon.err ntpclient[1080]: Failed resolving server 2.pool.ntp.org: Network is down
Mar 5 09:25:27 R7000 kern.err kernel: hub 3-0:1.0: config failed, hub doesn't have any ports! (err -19)
Mar 5 09:25:36 R7000 daemon.err dnscrypt-proxy[1262]: Unable to retrieve server certificates
Mar 5 09:25:53 R7000 daemon.err dnscrypt-proxy[1262]: Unable to retrieve server certificates
Mar 5 09:26:16 R7000 daemon.err dnscrypt-proxy[1450]: Unable to retrieve server certificates
Mar 5 09:26:32 R7000 daemon.err dnscrypt-proxy[1450]: Unable to retrieve server certificates
Mar 5 09:26:50 R7000 daemon.err dnscrypt-proxy[1450]: Unable to retrieve server certificates
Mar 5 09:27:11 R7000 daemon.err dnscrypt-proxy[1450]: Unable to retrieve server certificates
Mar 5 09:27:35 R7000 daemon.err dnscrypt-proxy[1450]: Unable to retrieve server certificates
Mar 5 09:28:15 R7000 daemon.err dnscrypt-proxy[1493]: Unable to retrieve server certificates
Mar 5 09:28:31 R7000 daemon.err dnscrypt-proxy[1493]: Unable to retrieve server certificates
Mar 5 09:28:49 R7000 daemon.err dnscrypt-proxy[1493]: Unable to retrieve server certificates
Mar 5 09:29:10 R7000 daemon.err dnscrypt-proxy[1493]: Unable to retrieve server certificates
Mar 5 09:29:34 R7000 daemon.err dnscrypt-proxy[1493]: Unable to retrieve server certificates
Mar 5 09:30:15 R7000 daemon.err dnscrypt-proxy[1563]: Unable to retrieve server certificates



Speedtest.jpg
 Description:
Speedtest
 Filesize:  60.22 KB
 Viewed:  14186 Time(s)

Speedtest.jpg



Syslog.txt
 Description:
Syslog

Download
 Filename:  Syslog.txt
 Filesize:  516.19 KB
 Downloaded:  416 Time(s)



Last edited by twindragon6 on Sat Mar 14, 2020 17:12; edited 1 time in total
PITABoy
DD-WRT User


Joined: 07 Jun 2006
Posts: 186

PostPosted: Thu Mar 05, 2020 22:58    Post subject: Reply with quote
Router: ASUS RT-AC3200
Firmware: 03-05-2020 experimental build
Status: working
flyzipper
DD-WRT Guru


Joined: 21 Feb 2016
Posts: 504

PostPosted: Thu Mar 05, 2020 23:05    Post subject: Reply with quote
Router/Version: Netgear R7000
Firmware: DD-WRT v3.0-r42617 std (03/05/20)
Kernel: Linux 4.4.215 #1052 SMP Wed Mar 4 12:16:22 +04 2020 armv7l
Previous: r42602
Mode/Status: Gateway / working
Reset: no
Issues/Errors: Working well so far

Uptime: 1hrs 32min
Temperatures: CPU 66.9 °C / WL0 47.5 °C / WL1 53.2 °C
Dark_Shadow
DD-WRT Guru


Joined: 31 Aug 2009
Posts: 2448
Location: Third Rock from the Sun

PostPosted: Thu Mar 05, 2020 23:49    Post subject: Reply with quote
PITABoy wrote:
Router: ASUS RT-AC3200
Firmware: 03-05-2020 experimental build
Status: working


What mode you using?

_________________
Peacock Thread-FAQ -- dd-wrt Wiki

Testing Multiple Routers -- Bootloader Collection Project -- My Wiki
Veritech
DD-WRT User


Joined: 02 Jan 2007
Posts: 199

PostPosted: Fri Mar 06, 2020 3:32    Post subject: WRT54GSv1 WNDR4500v2 RT-N66R Reply with quote
Router/Version: WNDR4500v2
Mode: Gateway/AP
File: DD-WRT v3.0-r42617 giga (03/05/20)
Kernel: Linux 3.10.108-d10 #2768 Thu Mar 5 12:50:10 +04 2020 mips
Status: Working
Uptime: 20 min
Temps: WL0 43.4 °C / WL1 43.9 °C

I did a 30-30-30 reset prior to the update. I updated the logon creds then performed the update through the WebUI. This worked without the failed CRC check on boot that normally bricks this router. I re-configured my settings from scratch (saving without applying as I went) then rebooted the router to apply all settings at boot (I found hitting the apply button too fast can freeze the WebUI requiring a reboot or SSH to kill and start httpd)

Router/Version: RT-N66R
Mode: Gateway/AP
File: DD-WRT v3.0-r42617 big (03/05/20)
Kernel: Linux 3.10.108-d10 #2780 Thu Mar 5 13:13:20 +04 2020 mips
Status: Working
Uptime: 12 min
Temps: WL0 52.5 °C / WL1 50.8 °C

Router/Version: WRT54GSv1
Mode: Gateway/AP
File: DD-WRT v3.0-r42617 mega (03/05/20)
Kernel: Linux 2.4.37 #59410 Thu Mar 5 06:21:26 +04 2020 mips
Status: Working
Uptime: 18 min
Temps: Unsupported
tinkeruntilitworks
Guest





PostPosted: Fri Mar 06, 2020 15:18    Post subject: Reply with quote
Router: Netgear R7000P
Kernel: Linux 4.4.215 #1057 SMP Thu Mar 5 08:05:50 +04 2020 armv7l
Mode: Gateway/AP 2.4GHz 5GHz Unbound JFFS2
Status: all seems well

don't think i have seen this error before

Mar 6 09:04:19 DD-WRT daemon.err httpd[1501]: httpd : Request Error Code 408: No request appeared within a reasonable time period.


Last edited by tinkeruntilitworks on Tue Apr 28, 2020 23:03; edited 7 times in total
PITABoy
DD-WRT User


Joined: 07 Jun 2006
Posts: 186

PostPosted: Fri Mar 06, 2020 17:38    Post subject: Reply with quote
Dark_Shadow wrote:
PITABoy wrote:
Router: ASUS RT-AC3200
Firmware: 03-05-2020 experimental build
Status: working


What mode you using?


what do you mean what mode? I am using it as a router/AP if that is what you are asking.
adasch
DD-WRT User


Joined: 02 Jan 2015
Posts: 69
Location: Gdansk, Poland

PostPosted: Fri Mar 06, 2020 23:45    Post subject: Reply with quote
Router/Version: EA6900
Mode: gateway + VAP + VPN
File: ftp://ftp.dd-wrt.com/betas/2020/03-05-2020-r42617/linksys-ea6900/linksys-ea6900-webflash.bin
Kernel: Linux 4.4.215 #1052 SMP Wed Mar 4 12:16:22 +04 2020 armv7l
Status: Workinh w/o samba

Very fast wifi 2,4GHz
VPN working
VAP undbridged working
access restriction working
Samba - don't working - cant access to shared folders

_________________
Linksys EA6900
Firmware: DD-WRT v3.0-r44863 std (11/24/20)
TipTop
DD-WRT Novice


Joined: 14 May 2012
Posts: 7

PostPosted: Sat Mar 07, 2020 9:05    Post subject: Reply with quote
Router/Version: ASUS RT-AC66U B1 (H/W B2)
Mode: Gateway
File: asus_rt-ac68u-firmware.trx
Kernel: Linux 4.4.215 #1038 SMP Mon Mar 2 12:46:51 +04 2020 armv7l
Status: WAN Access don't work.
The rules in "Chain "*grp_*" don't work in iptables.

The configured rules in WAN Access, after some time after dd-wrt is started, stop working. If the traffic went through the filter, the filter stops working. Аfter a while all traffic is blocked, even if it is allowed. This occurs on all hosts that are described in WAN Access rules (Chain * grp_*). Other hosts that do not exist in WAN Access rules do not affect this.

Log dmesg, messages, iptables -nvL, config ...
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sat Mar 07, 2020 10:04    Post subject: Reply with quote
PITABoy wrote:
what do you mean what mode? I am using it as a router/AP if that is what you are asking.

I was also thinking about Wireless Mode in Status->Wireless->Wireless Status!


_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
Zyxx
DD-WRT Guru


Joined: 28 Dec 2018
Posts: 733

PostPosted: Sat Mar 07, 2020 10:11    Post subject: Reply with quote
Router/Version: Netgear R7000
File: netgear-r7000-webflash.bin
Firmware: DD-WRT v3.0-r42617 std (03/05/20)
Kernel: Linux 4.4.215 #1052 SMP Wed Mar 4 12:16:22 +04 2020 armv7l
Mode: Gateway, Wifi disabled, wireguard endpoint, WAN to DSL
Reset: No
Status: updated a few minutes ago, working!

Does "CVE-2019-14899 Mitigation" (Setup --> Tunnels --> WireGuard) need to be enabled or disabled for accessing local devices?
I think I had to enable it in previous versions, nowadays it needs to be disabled for accessing local devices.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Mar 07, 2020 10:29    Post subject: Reply with quote
Zyxx wrote:
Router/Version: Netgear R7000
File: netgear-r7000-webflash.bin
Firmware: DD-WRT v3.0-r42617 std (03/05/20)
Kernel: Linux 4.4.215 #1052 SMP Wed Mar 4 12:16:22 +04 2020 armv7l
Mode: Gateway, Wifi disabled, wireguard endpoint, WAN to DSL
Reset: No
Status: updated a few minutes ago, working!

Does "CVE-2019-14899 Mitigation" (Setup --> Tunnels --> WireGuard) need to be enabled or disabled for accessing local devices?
I think I had to enable it in previous versions, nowadays it needs to be disabled for accessing local devices.


It need to be disabled or use a workaround as describe in the WireGuard setup guide, see my signature at the bottom.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum