Posted: Tue Jan 28, 2020 2:47 Post subject: [HELP WANTED] DD-WRT Needs YOU!!
I've been using dd-wrt in my router stacks for a good while now.
But I am not seeing the same level of participation that there used to be.
A lot of the people I knew as fellow compatriots and even a fair number
of the guru's seem to have left. ___What's been happening?
New builds may not be as needed today to deal with security &/or router problems?
Which would seem to say that my dd-wrt routers are still secure, But ??
And I just found out that I can no longer get the firmware
or even the convert program for my ng 6300v2's at all.
They were Kong build dependent boxes with the files available thru Desipro.
At the very least I would expect to still get the firmware that was available previously,
or a tech note explaining that new vulnerabilities had been found
which are NOT being addressed currently.
I'm running a mix of routers LinkSys 3200's, 1200's; wrt54GL's for secure subnets;
NG 6300v2's and a couple of TP_Links 4300 level in a multi-level router stack.
& WiFi plays only a small role on one Kong build NG 6300v2.
Speeds are good; The VPN's do quite well and are also fast. So not too bad, right?
But what to do next?
And can we even count on dd-wrt to still watch for vulnerabilities?
& that security fixes will be made in a timely fashion?
Are my Kong build NG6300v2's basically dead? _________________ multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.
BS only, drives the boat now, he keeps up with security&functional updates, so far so good things go
as they should...
egc (a forum member) does some, deeper testing and development on VPN & Wireguard as well some others..do their contributions to testing and development...just keep up with new builds threads..
Personally i feel safe and sound i haven't found anything dodge, so far so good...
security bulletin and update logs are not provided anymore/depreciated, in terms of security in case of someone takes advantage on it, so in that order even the things on SVN are a bit clouded, but this is understandable...you can always get a picture what has been updated and so on...
yep ppl tend to do a different things in live, some stay for longer at the forum, some quit their jobs and become beggers, or they start to hate routers and hammer their computers and even change gender.... who knows _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks for these replies. That kind of puts things in perspective. Though it doesn't help figure out how to stay up to date.
On my NG 6300v2's I'll have to look back thru my notes, but I think they had been ISP supplied routers that were being sold thru Amazon because they needed to be taken thru a conversion stage before one could load them with a "std" dd-wrt build. Once converted they would behave as "standard" routers and dd-wrt could be installed. But not sure I took all 4 thru the entire process.
For the money they offered nice WiFi and good speed.
I'd started to set them up to expand both wired and WiFi coverage thru this house with its thick stone walls.
Glad there is a dd-wrt for them. Just hope I set them all up correctly back then. If so that should allow me to continue with dd-wrt; rather than short cutting some to get things up quicker.
Thanks very much for the update information.
Is anyone trying to keep up a current list when new vulnerabilities that show up in mfgr router firmware are handled?
On a different question: Is there any easy way yet to check what versions of OpenVPN and OpenSSL are built into builds? I run router based VPN on my 3200's and 1200's. So using a build with the least vulnerable or close to the latest of those is also important. _________________ multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.
I know what you mean about there having been more techies. Kind of nice group of campadres so to speak.
I remember some good techincal discussions. The ratio now seems to have changed drastically, doesn't it?
AND I do applaud BrainSlayer for his continued work on these builds.
Makes me wonder if there are some Way(s) we can support / and encourage him?
Sam _________________ multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Tue Jan 28, 2020 10:04 Post subject:
Sam1789 wrote:
Is anyone trying to keep up a current list when new vulnerabilities that show up in mfgr router firmware are handled?
i guess this is depreciated activity, unless someone pops out with something major...
in other words its a double edge dagger activity
Sam1789 wrote:
On a different question: Is there any easy way yet to check what versions of OpenVPN and OpenSSL are built into builds? I run router based VPN on my 3200's and 1200's. So using a build with the least vulnerable or close to the latest of those is also important.
telnet /ssh
openvpn --version
or have a look at OpenVPN Server log, under GUI
In general those routers that are running fine as a WAP, you don't need to update that often..
Update those that are edge routers, those that are doing NAT/DNS/DHCP/FIREWALL/VPN _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Tue Jan 28, 2020 12:47 Post subject:
It is indeed a great loss that Kong has left.
However BS does an admirable job keeping up, we have the latest security patches and most packages are up to date
I also have one of my routers running OpenWRT (my own compiled build) and OpenWRT is not faster or more stable and has a steep learning curve.
As DDWRT is easier to use and has all the necessary goodies built in I would argue that for 95% of the users DDWRT is the better choice.
So I do not plan on leaving DDWRT for OpenWRT.
Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Tue Jan 28, 2020 21:07 Post subject:
I read and 'overlooked' the original post, no offense. There are things I know I am not in the loop on, but I do know that there are those of us who track things and email BS or open tickets, etc. regarding issues and reported vulnerabilities with certain packages in the firmware, etc. (recent VPN mitigation comes to mind). I also try to follow along in the forums when I can to keep up with things, and follow development and tickets. As I mentioned in another thread, we have open tickets that are 11+ years old. I have no idea of the validity on many of them because I have not been here following for that length of time, and there really isn't someone actively tracking them that I know of.
More to point, we have several technically apt folks here, but how many of them are contributing to development (privately OR publicly), I do not know. I have tried to piece the cumbersome puzzle of the public source code repo together, but it is slightly daunting and I have become very much not a fan of subversion because it is more cumbersome than git for code revision. Then again, it's likely better than CVS and a lot of the old school mechanisms that I was glad to not have to use anymore coming back into these kinds of things. Masochistic barely scratches the surface. Anyway, I understand the frustration, but until there is an actual TEAM effort and not so much bickering over silly stuff (guilty as charged!) ... I dunno. I am just trying to keep up and test what I can and help in any way I can. I only just recently started trying to keep a local working copy of the repo again to study and look through when I have time.
Do we need an actual CHANGELOG file to track things between releases? I think so, and am all for it. But trying to decipher commits and put it into the language of an actual changelog may be quite fun. As RMerlin said to me on another forum in another thread, "I quit trying to follow development because his commit messages are ambiguous and vague more often than not" or something to that effect. Personally, I think the repo could use a little thinning down to only what is currently required for firmware image builds, but unfortunately, that seems to be a slippery slope of what is actually required and what is not... I digress. I guess my arrival here was late, and after I had been out of the field for far too long, and just now catching up, and not having all of the former usual suspects active here makes things difficult. FWIW, I apologize if I am a little critical and rough to anyone or to the project in general. It's party of my charm and a character flaw that is a result of my upbringing and background. It's nothing personal lol _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Thu Feb 13, 2020 10:33 Post subject:
d0ug wrote:
I still actively use DD-WRT, but my participation on the forum has dropped significantly. I still pop in a few times a week to see the same old tired topics of "which build is the best for my router" and "which router is best" and other dumb topics that hold no interest to me. Stuff that people could have answered themselves with 5 minutes of searching the forum or google.
I feel like the forum used to be filled with a bunch of great techies I used to be able to learn a lot from, but now it's just flooded with clueless noobs. Rehashing the same tired questions that probably have 5 dozen similar existing threads already.
I agree, you kind of get burnt out seeing the same things posted and you just go aghhhhhh, and move on. I also pop on now and then, of course not as much as I used to, and keep track of the svn everyday. But I also come to learn stuff from the "elders" on here.
I also applaud BS and his continued work, he did a couple of solids for me back when the WRT1900AC came out, helped each other with a couple of problems (and Kong also), and learned a LOT.
Sam1789 wrote:
Makes me wonder if there are some Way(s) we can support / and encourage him?
Of course, I think someone already mentioned it, I donate twice a year, this firmware saved me a lot of money so far!.
blkt wrote:
https://dd-wrt.com/donations/
_________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Fri Dec 10, 2021 16:25 Post subject:
Sam1789 wrote:
d0ug,
I know what you mean about there having been more techies. Kind of nice group of campadres so to speak.
I remember some good techincal discussions. The ratio now seems to have changed drastically, doesn't it?
AND I do applaud BrainSlayer for his continued work on these builds.
Makes me wonder if there are some Way(s) we can support / and encourage him?
Sam
The problem that is and seems to have been for some time since the more technical folks who were more engaged in development contributions have fallen off the radar is we have too many people who are not technical people that have either been around forever or are flocking to the community in droves. Currently, there are ~5 people aside from BrainSlayer I know of contributing to current development in one way or another. The way that *anyone* can support this project is to start tracking issues in the firmware and vulnerabilities in the included packages, if they are capable. We have over 1000 open tickets currently that need review. The problem there is most people are of the "it's broken, fix it" category and don't know how to provide basic debug information, let alone any knowledge of coding / programming, etc. to even contribute a patch. @d0ughit the nail on the head in many ways in this thread. IMHO, DD-WRT will always remain relevant and have contributors. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
All I have to say is, people go for their own reasons, in the end real life matters more than working for free committing patches to a community that is mostly unaware how long it takes to do this work and for the most part developers are almost always never really appreciated.
But on the flip side of the coin, is that new people come and develop for DD-WRT, this is not noted in this topic title, which is quite harsh and not based on any current events or facts.
Should one (you or anyone) just look at the amount of patches going in almost daily, just from me, there are literally over 70 patches over the last 2 months or so...
DD-WRT like any other projects doesn't require just code contributions.
Areas like documentation and language fixes, translations, help pages in the source code, trac issue management, forums contributors, wiki editors to mention a few ways people can contribute.
And this is where most people could come in and pitch in, but instead... after reading this topic title, I'm left with some kind of bitter after taste. puah!
So thanks for showing some appreciation for the ones of us that work hard and often contributing to the project we love.
Will look forward to see your contributions in future, if you really want to help there is a list of things, I just stated. Pick the area you are most knowledgeable at and go for it, this is the best way to help.
TL;DR Stand up and be counted. Roll up your sleeves so to speak.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu May 19, 2022 12:57 Post subject:
the-joker wrote:
DD-WRT like any other projects doesn't require just code contributions.
Areas like documentation and language fixes, translations, help pages in the source code, trac issue management, forums contributors, wiki editors to mention a few ways people can contribute.
And this is where most people could come in and pitch in, but instead...
Snip...
Will look forward to see your contributions in future, if you really want to help there is a list of things, I just stated. Pick the area you are most knowledgeable at and go for it, this is the best way to help.
snip
Take care now.
And all these months later, it seems I may have scared off a huge potential contributor with my heavy dose of reality.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu May 19, 2022 13:47 Post subject:
Hes a busy guy, it could have been missed or email into spam folder.
I find that using https://github.com/mirror/dd-wrt for my patches and emailing him or via other methods the patches all get merged in a timely fashion.