Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Tue Feb 25, 2020 12:59 Post subject: New Build 42514: 02-25-2020-r42514
WARNING:DO NOT flash this experimental test build unless you know the risks and recovery methods. Report here to provide important info for developers and users. Always state your hardware model & version, mode (e.g. Repeater) and SPECIFIC build (e.g. netgear-r7000-webflash). Avoid discussions and create a new thread for specific problems or questions as this thread is not for support, and posts may be deleted or moved.
Important: if reporting any issues, provide applicable info (GUI syslog, `dmesg`, `cat /var/log/messages`, etc.)
Or put into SVN ticket. For firewall issues, also provide "iptables" info (`iptables -L`, `iptables -t nat -L`, & the /tmp/.ipt file).
Issues, observations, and/or workarounds reported: 1. DNScrypt is mostly only using v2 protocols now, but requires Golang that DD can't use:6246 2. WDS does not work on Broadcom ARM devices (only MIPS<->MIPS) 3. VAPs not working at bootfixed for unbridged VAPs with r40564:40566.Workaround startup command: sleep 10;stopservice nas;stopservice wlconf;startservice wlconf;startservice nas(there are a few alternatives to search)
Notes: 1. SFE accelerated NAT is in 33006+ builds but only in kernel 3.2 and newer 2. 'KRACK' vulnerability fixes were completed in r33678 for Broadcom, including k26 (33655) & k24 (33656); use 33772 or later.
3. Bridge modes on k4.4 devices may sometimes work in some configurations in certain builds but are not supported by the bcmdhd driver. Use client or repeater instead as WDS doesn't work with Broadcom ARM either (see Issues below).
4. PBR/UDP with SFE working again since r40513 (see 6729)
5. CAKE scheduler changes "completed" with r41057 (see 5796) & FQ_CODEL_FAST with r41027 (reset first!)
6. Reset button was broken in 40571; fixed in build 40750.
7. Radio Timer / GTK Renewal issues, syslog spam and wireless issues (BCM MIPS) fixed with r41662 8. New Broadcom build option for 8MB+ K2.x devices (limited currently):
broadcom_K3X_mipsel32r1 [BS has tested on a WRT600N v1.1]
9. CVE-2019-14899 VPN fix (r41784: applicability depends on VPN setup) and GUI toggle (r41812): ticket 6920, 6928, 6931, 6932
10. In-kernel samba now used and default min/max versions have changed, so change them if needed: 6954, 6957
Template example to copy (after "Code:") for posting issues, be sure to include the mode in use (gateway, AP, CB, etc.):
Joined: 18 Mar 2014 Posts: 12903 Location: Netherlands
Posted: Tue Feb 25, 2020 16:08 Post subject:
Router Model: Linksys EA6900 (XVortex CFE)
Firmware Version: DD-WRT v3.0-r42514 std (02/25/20)
Kernel Version: Linux 4.4.214 #994 SMP Mon Feb 24 11:53:31 +04 2020 armv7l
Upgraded: DD-WRT v3.0-r42460 std (02/20/20) via telnet (update via GUI not possible because nvram is placed on linux partition and not linux2 partition due to Xvortex CFE)
Reset: No, not this time
Configuration: AP, DHCP server, 2,4GHz wireless running, 5GHz running, some static leases and some port range forwarding, OpenVPN client running, Wireguard running, SFE on, NVRAM size just over 36K (NVRAM size should not be a problem with the Xvortex CFE)
Status: Up and stable for 3 hours, excellent wireless speed and range
Errors: Lots of regulatory domains missing (like Panama)
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Tue Feb 25, 2020 17:01 Post subject:
Router Model Netgear R7000
Firmware Version DD-WRT v3.0-r42514 std (02/25/20)
Kernel Version Linux 4.4.214 #994 SMP Mon Feb 24 11:53:31 +04 2020 armv7l
update: CLI 42054 > 42514
reset: NO/Yes
status: BAD router is non operational
errors: Still investigating, already tried reset/manual rebuild router hangs on entware/stubby...
absolutely identical set up, flawlessly running on my 1043v2...so its a very Broadcom/R7000 related mess...
also tried to turn on WiFi and update, than router behaves differently, almost boot's up, but no stubby again...no DNS
dmesg is available...
p.s. so far i managed to install and run stubby via entware + adblocker ....however router hangs on boot,
it never boots up, unless i open/close my browser couple of times...
router is behind NAT and doesn't have a real IP
R7000 in this condition there is no point to add VPN details as it never boots up as it should
tcpdump
Error loading shared library libpcap.so.1: No such file or directory (needed by /usr/sbin/tcpdump)
Error relocating /usr/sbin/tcpdump: pcap_list_tstamp_types: symbol not found
Error relocating /usr/sbin/tcpdump: pcap_set_promisc: symbol not found
Error relocating /usr/sbin/tcpdump: pcap_dump_flush: symbol not found
Error relocating /usr/sbin/tcpdump: pcap_tstamp_type_name_to_val: symbol not found
Joined: 14 Sep 2019 Posts: 301 Location: Maine, USA
Posted: Tue Feb 25, 2020 17:08 Post subject:
Router/Version: Asus RT-N66U
File: dd-wrt.v24-41954_NEWD-2_K3.x_mega_RT-N66U.trx
Firmware: DD-WRT v3.0-r42514 mega (02/25/20)
Kernel: Linux 3.10.108-d10 #2574 Tue Feb 25 14:48:51 +04 2020 mips
Mode: AP/USB
Previous: r41954
Reset?: N
Status: Working
Router/Version: Asus RT-N12D
File: dd-wrt.v24-41954_NEWD-2_K3.x_mega.bin
Firmware: DD-WRT v3.0-r42514 mega (02/25/20)
Kernel: Linux 3.10.108-d10 #2574 Tue Feb 25 14:48:51 +04 2020 mips
Mode: Router/OpenVPN client
Previous: r41954
Reset?: N
Status: Working
Router/Version: Asus WL-500G Premium v2
File: dd-wrt.v24_mega_generic.bin
Firmware: DD-WRT v3.0-r42514 mega (02/25/20)
Kernel: Linux 2.4.37 #59234 Tue Feb 25 07:44:37 +04 2020 mips
Mode: Router/USB
Previous: r41813
Reset?: N
Status: Working
Router/Version: Linksys E2500 V3
File: dd-wrt.v24-41954_NEWD-2_K3.x_mega-e2500.bin
Firmware: DD-WRT v3.0-r42514 mega (02/25/20)
Kernel: Linux 3.10.108-d10 #2574 Tue Feb 25 14:48:51 +04 2020 mips
Mode: Router/USB
Previous: r41954
Reset?: N
Status: Working - had to manually power off/on after flash
Re: Remote Code Execution in ppp
I've seen that this version fixes the recently discovered hole in ppp. Could someone tell me how critical this is?
What could happen if ignored?
Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Tue Feb 25, 2020 18:51 Post subject:
Hamlet wrote:
Re: Remote Code Execution in ppp
I've seen that this version fixes the recently discovered hole in ppp. Could someone tell me how critical this is?
What could happen if ignored?
Router/Version: Netgear R8000
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.4.214 #999 SMP Tue Feb 25 09:35:58 +04 2020 armv7l
Previous: r42460
Mode/Status: Gateway / working
Reset: no
Uptime: 4h+
Temperatures: CPU 47.5 °C / WL0 41.5 °C / WL1 40.5 °C / WL2 38.5 °C
Issues/Errors:
After the upgrade it changed Wireless Channel (wl0) to "Auto" and I can not choose any other channels, I tried the last ways to restore the choice, unfortunately they give nothing. It starts to annoy me :/ _________________ netgear r8000
Router/Version: Netgear R7000
File: netgear-r7000-webflash.bin
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.4.214 #994 SMP Mon Feb 24 11:53:31 +04 2020 armv7l
Mode: Gateway, Wifi disabled, wireguard endpoint, WAN to DSL
Reset: No
Status: updated 2h ago, working!
[edit]as mentioned in marvel Thread:
"CVE-2019-14899 Mitigation" seems inverted for tunnel setting.
Previously I had to enable it for local LAN DNS being accessable. After upgrade of firmware it was set to disabled but wireguard worked fine. Set it to enabled and wasn't able to access local DNS via wireguard anymore. Disabled it again --> working.[/edit]
Router/Version: Netgear R7000
Firmware: DD-WRT v3.0-r42514 std (02/25/20)
Kernel: Linux 4.4.214 #994 SMP Mon Feb 24 11:53:31 +04 2020 armv7l
Previous: r42460
Mode/Status: Gateway / working
Reset: no
Issues/Errors: Working well so far
Uptime: 2hrs 18min
Temperatures: CPU 64.7 °C / WL0 46.5 °C / WL1 52.3 °C
Netgear WNDR3400 v1/Version: 42514 Mode: A/P File: wndr4300-webflash.bin Kernel: Linux 3.18.140-d4 #71405 Tue Feb 25 06:00:57 +04 2020 mips Status: Running well, uptime 40min
Added OpenVPN client
Added VAP with guest network, AP isolation, Net Isolation
works well
had to add Startup "sleep 60; iptables -I FORWARD --source <VAP IP> --destination <VPN IP> -j DROP" to keep the guest wireless from having access to the VPN
Note my OpenVPN network has been working since 2013 January. I just retired this WNDR3400 and I'm now free to use it as a test bed.