New Build - 12-29-2019-r41813

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2, 3  Next
Author Message
ironstaff
DD-WRT User


Joined: 11 Oct 2019
Posts: 52

PostPosted: Mon Dec 30, 2019 12:31    Post subject: New Build - 12-29-2019-r41813 Reply with quote
New Build - 12-29-2019-r41813

ftp://ftp.dd-wrt.com/betas/2019/12-29-2019-r41813/

Please report errors on this topic.


Release Notes:
http://svn.dd-wrt.com/timeline


Router Model:

Status:
Reset:
Errors:
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5010
Location: Texas

PostPosted: Mon Dec 30, 2019 12:57    Post subject: Reply with quote
Linksys WRT160NL
DD-WRT v3.0-r41813 std (12/29/19)
Linux 3.10.108-d8 #32475 Sun Dec 29 11:05:48 +04 2019 mips
No Reset -- GUI install over r41811
just a switch / samba share FAT
All good --- Uptime 24 min

#

Netgear WNDR3700 V4
DD-WRT v3.0-r41813 std (12/29/19)
Linux 3.18.140-d1 #64007 Sun Dec 29 12:32:33 +04 2019 mips
No Reset -- GUI install over r41811
just used as switch / ovpn server / samba share ext4
All good --- Uptime 19:25

#

Linksys EA8500 ...main router
DD-WRT v3.0-r41813 std (12/29/19)
Linux 4.9.207 #502 SMP Sun Dec 22 17:49:08 +03 2019 armv7l
No Reset -- GUI install over r41811
unbound / ovpn server / samba share ext4 / VLAN on one port with ath0.1 via br1 / HFSC CAKE
everything working fine --- Uptime 5:39
Bernadoe
DD-WRT User


Joined: 03 Dec 2014
Posts: 189

PostPosted: Mon Dec 30, 2019 13:37    Post subject: Reply with quote
Router: Netgear R7800
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Kernel: Linux 4.9.207 #502 SMP Sun Dec 22 17:49:08 +03 2019 armv7l
Status: Working
Reset: No
Previous: 41686
Errors: No

Temperatures : CPU 51.230 °C / ath0 48 °C / ath1 50 °C

Working very well :
Router mode : DHCP
SFE Enable
STP Enable
DNSMasq
Cache DNSSEC data
Validate DNS Replies (DNSSEC)
Check unsigned DNS replies
Local DNS
No DNS Rebind
ath0, ath1
Vpn (OpenVPN Client)

without VPN


with VPN
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4836
Location: Netherlands

PostPosted: Mon Dec 30, 2019 13:53    Post subject: Reply with quote
Router Model: Netgear R7800

Firmware Version: DD-WRT v3.0-r41813 std (12/29/19)
Kernel Version: Linux 4.9.207 #502 SMP Sun Dec 22 17:49:08 +03 2019 armv7l

Upgraded from: DD-WRT v3.0-r41486 DD-WRT v3.0-r41464
Reset: Yes, nvram erase && reboot

Status: Up and running for 24 hours (had a private build to test), basic setup as Gateway, static leases, OpenVPN client (on PIA) with Policy Based Routing up and running, 2,4GHz, 5Ghz, USB storage NAS and OpenVPN server and Wireguard working

Errors:
1. DNS leak see: http://svn.dd-wrt.com/ticket/6020

Otherwise build is fine

Resolved:
1. Pushed DNS servers from VPN provider are used starting with build 41120, if you do not want that, add the following to the Additional Config of the VPN client:
pull-filter ignore "dhcp-option DNS"
2. Build 41174 has an improved VPN Policy Based Routing, it is now possible to use the VPN route command i.e. to route a DNS server via the VPN (in this way you will get rid of the DNS leak), see: https://svn.dd-wrt.com/ticket/6815#comment:1 , and for DNS leaks the second posting of this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
3. Another improvement on PBR is that local routes are now copied over to the alternate routing table so there is communication if you have unbridged VAP's and you can set the router's IP on PBR.
See: https://svn.dd-wrt.com/ticket/6821#comment:3
4. Starting with build 41174, the PBR has become more versatile, you can now use " from [IP address] to [IP address] ", so if you enter the following in the PBR field:
192.168.1.124 to 95.85.16.212 #ipleak.net, it will only route IP address 95.85.16.212 (which is ip leak.net) from my IP address 192.168.1.124 via the VPN everything else from this IP address will route via the WAN (this is just an example).
See: https://svn.dd-wrt.com/ticket/6822
Although this command itself supports routing per port this is however only available starting from K 4.17 so we have to rely on scripting for per port routing until then.
5. New OpenVPN TLS ciphers are added in 41308 see: https://svn.dd-wrt.com/changeset/41308
6. Starting with build 41304 you can now choose which TLS Key you want to use: TLS Auth or the newer/better TLS Crypt. See https://svn.dd-wrt.com/ticket/6845#comment:17
7. Builds from 41786 onwards, when using an OVPN server to connect to your local LAN clients, access might be prevented because of a patch which should solve a recent vulnerability ( see: https://svn.dd-wrt.com/ticket/6928)
This can be mitigated with the following firewall rule:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j MASQUERADE

When using WireGuard you can run into the same trouble,i.e. not being able to access your local LAN clients. For WireGuard this is the workaround:
Code:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j MASQUERADE

This method described above also has security and logging concerns as all traffic has the same source address (your router)
An alternate method is using the following rule but it only works if the VPN or Wireguard interface is up and if your VPN or Wireguard interface goes down you have to reapply or run a continuous script checking/applying:
OpenVPN server:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j ACCEPT

WireGuard:
Code:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j ACCEPT

This rule can expose your LAN side to the CVE attack, but if you have your IOT things separated and tight control over your LAN you should be good, if your LAN is hacked you have got bigger problems.
Builds starting with 41813 have an option button in OpenVPN and Wireguard for disabling the CVE-patch 14899



Big Thanks to BS!!

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
volos
DD-WRT Novice


Joined: 25 Dec 2019
Posts: 14

PostPosted: Mon Dec 30, 2019 15:14    Post subject: Reply with quote
Hi, is this build working for anyone with the TP-Link TL-WDR4300 v1? Thanks!
dasnick
DD-WRT User


Joined: 23 Jul 2009
Posts: 60

PostPosted: Mon Dec 30, 2019 18:49    Post subject: Reply with quote
Router Name 1043ndv3
Router Model TP-Link WR1043ND V3
Firmware Version DD-WRT v3.0-r41813 std (12/29/19)
Kernel Version Linux 3.18.140-d1 #63981 Sun Dec 29 11:55:40 +04 2019 mips

working as a WAP. No problems loading the firmware. I tried to mess around with wireguard but it seems to be missing on tplink 1043nd v3. It should be found on setup/tunnels, right? I only have Microtick and RFC something. Not sure if this is due to the fact that the 1043nd is working as a WAP, or if it is really missing.

Also, there is a "undefined" in the OVPN server section.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5010
Location: Texas

PostPosted: Mon Dec 30, 2019 18:58    Post subject: Reply with quote
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache
dasnick
DD-WRT User


Joined: 23 Jul 2009
Posts: 60

PostPosted: Mon Dec 30, 2019 19:21    Post subject: Reply with quote
mrjcd wrote:
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache

A reboot was sufficient! thanks mrjcd
MLandi
DD-WRT User


Joined: 04 Dec 2007
Posts: 193

PostPosted: Tue Dec 31, 2019 1:09    Post subject: Reply with quote
SSH update, no issues. All functions working as expected.
_________________
Netgear R9000 X10
DD-WRT v3.0-r42460 std (02/20/20)
AP, DNSMasq, Local DNS
CloudFlare DNS
QoS using HFSC w/FQ_CODEL_FAST
500Mbps/40Mbps
ACK, SYN, FIN, RST
Static Leases & DHCP
2.4GHz: 3 + 7 (2422 MHz HT40)
5GHz: 100 + 114 (5500 MHz VHT160)
Xfinity 1Gbps/40Mbps
zen1932
DD-WRT User


Joined: 22 Feb 2018
Posts: 50

PostPosted: Tue Dec 31, 2019 12:12    Post subject: Reply with quote
Routers: TP-Link TL-WR841ND v7.1, v7.2
Upgrade: via web
Firmware: v3.0-r41813 std (12/29/19)
Kernel: Linux 3.10.108-d8 #32507 Sun Dec 29 11:29:13 +04 2019 mips
Previous: 37961
Mode: Access Point
Reset: No
Errors: when router is idle, the 'Free Memory' will
decrease continuously resulting auto-reboot.
if any network activities before auto-reboot, the amount of
free memory will increase to normal level.
no memory leak when wireless disabled (radio off).
jerrytouille
DD-WRT Guru


Joined: 11 Dec 2015
Posts: 1305

PostPosted: Tue Dec 31, 2019 14:46    Post subject: Reply with quote
zen1932 wrote:
Routers: TP-Link TL-WR841ND v7.1, v7.2
Upgrade: via web
Firmware: v3.0-r41813 std (12/29/19)
Kernel: Linux 3.10.108-d8 #32507 Sun Dec 29 11:29:13 +04 2019 mips
Previous: 37961
Mode: Access Point
Reset: No
Errors: when router is idle, the 'Free Memory' will
decrease continuously resulting auto-reboot.
if any network activities before auto-reboot, the amount of
free memory will increase to normal level.
no memory leak when wireless disabled (radio off).


nvram erase / reset to default settings reconfig
jerrytouille
DD-WRT Guru


Joined: 11 Dec 2015
Posts: 1305

PostPosted: Tue Dec 31, 2019 14:48    Post subject: Reply with quote
dasnick wrote:
mrjcd wrote:
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache

A reboot was sufficient! thanks mrjcd


not sure how old your previous build was but this is usually a sign for nvram erase / reset to default settings a reconfig is needed as nvram structure has changed
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5010
Location: Texas

PostPosted: Tue Dec 31, 2019 14:52    Post subject: Reply with quote
jerrytouille wrote:
dasnick wrote:
mrjcd wrote:
if you have an undefined in ovpn GUI ---
reboot router and clear browser cache

A reboot was sufficient! thanks mrjcd


not sure how old your previous build was but this is usually a sign for nvram erase / reset to default settings a reconfig is needed as nvram structure has changed


naa, I got the 'undefined' in ovpn server webif on the WNDR3700v4 and on just one of the EA8500
....a reboot fixed them up okydoky and all tis well Twisted Evil
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1357
Location: Indiana

PostPosted: Tue Dec 31, 2019 15:24    Post subject: Reply with quote
mrjcd wrote:
naa, I got the 'undefined' in ovpn server webif on the WNDR3700v4 and on just one of the EA8500

Had the same on my buffalo, clear browser cache fixed it.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 3466
Location: Texas, USA

PostPosted: Tue Dec 31, 2019 17:15    Post subject: Reply with quote
Only times you really need to do an nvram reset is after initial conversion to DD-WRT or in the case of Broadcom, moving from K2.6 to K3.x or K2.4 to K2.6 on certain WRT54* devices. Otherwise, it's usually not necessary except in the off-chance that the nvram partition got corrupted. If you really wanted to, you could do an `nvram show` from old build, copy and paste into text document, flash new build, reset, and do the same for the new build and compare variables listed. The thing is, if the variable is no longer being used, it is (supposed to be) ignored, anyway. If that is causing issue, that is somewhere else in the firmware that is culprit. BUT, BrainSlayer himself has said he never does a reset when upgrading, so, take this however you want.
_________________
E4200 v1 DD-WRT 42460 mega (02/20/20) K3.x
R7000P DD-WRT 40270M kongac
E4200 v1 FreshTomato 2020.1
E4200 v1 FreshTomato 2020.2.development
R7000 FreshTomato 2020.2.development
E4200 v1 1.0.07.development
WRT3200ACM OpenWRT 18.06.7
---------------------------------------------------------
Linux User #377467 counter.li.org / linuxcounter.net
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum