Posted: Wed Apr 15, 2020 19:43 Post subject: New Build - 04/15/2020 - r42910
Flashing any beta build assumes you are responsible, have researched, know the risks and recovery methods.
If you don't understand your router, which file or recovery methods, do NOT flash this experimental test build.
This thread is for feedback on beta build r42910 for developers and users (configuration, status, errors & logs).
Avoid discussions, create a new thread for specific problems, questions or use search as this is not for support.
Please report hardware model, version, operating & wireless modes along with file name (factory, webflash).
Notes: 1. CVE-2019-14899 VPN fix from December, since then various revisions including recently 7040.
2. In-kernel Samba has been implemented this year and default min/max versions have changed, with WSD support.
3. VAP issue is fixed! For any Wireless Mode, create a VAP and both ath0/ath1 should now function properly.
4. WireGuard! New GUI Tunnel options have appeared since r42872, script no longer required!
Issues: 1. There may be remaining issues for Samba (for example NTFS), with frequent updates.
Important: if reporting issues, provide applicable info (syslog output, 'dmesg', 'cat /var/log/messages', serial output etc.)
or place into an SVN ticket. For firewall issues, also provide iptables info ('iptables -L', 'iptables -t nat -L', & the /tmp/.ipt file).
Be sure to include operating and wireless modes (Gateway, AP, CB, etc.) along with any relevant configuration information.
Resolved: 1. Pushed DNS servers from VPN provider are used starting with build 41120, if you do not want that, add the following to the Additional Config of the VPN client:
pull-filter ignore "dhcp-option DNS"
2. Build 41174 has an improved VPN Policy Based Routing, it is now possible to use the VPN route command i.e. to route a DNS server via the VPN (in this way you will get rid of the DNS leak), see: https://svn.dd-wrt.com/ticket/6815#comment:1 , and for DNS leaks the second posting of this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662 3. Another improvement on PBR is that local routes are now copied over to the alternate routing table so there is communication if you have unbridged VAP's and you can set the router's IP on PBR.
See: https://svn.dd-wrt.com/ticket/6821#comment:3 4. Starting with build 41174, the PBR has become more versatile, you can now use " from [IP address] to [IP address] ", so if you enter the following in the PBR field:
192.168.1.124 to 18.104.22.168 #ipleak.net, it will only route IP address 22.214.171.124 (which is ip leak.net) from my IP address 192.168.1.124 via the VPN everything else from this IP address will route via the WAN (this is just an example).
Although this command itself supports routing per port this is however only available starting from K 4.17 so we have to rely on scripting for per port routing until then.
5. New OpenVPN TLS ciphers are added in 41308 see: https://svn.dd-wrt.com/changeset/41308 6. Starting with build 41304 you can now choose which TLS Key you want to use: TLS Auth or the newer/better TLS Crypt. See https://svn.dd-wrt.com/ticket/6845#comment:17 7. Builds from 41786 onwards, when using an OVPN server to connect to your local LAN clients, access might be prevented because of a patch which should solve a recent vulnerability ( see: https://svn.dd-wrt.com/ticket/6928)
This can be mitigated with the following firewall rule:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j MASQUERADE
When using WireGuard you can run into the same trouble,i.e. not being able to access your local LAN clients. For WireGuard this is the workaround:
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j MASQUERADE
This method described above also has security and logging concerns as all traffic has the same source address (your router)
An alternate method is using the following rule but it only works if the VPN or Wireguard interface is up and if your VPN or Wireguard interface goes down you have to reapply or run a continuous script checking/applying:
iptables -t raw -I PREROUTING -i br0 -d $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j ACCEPT
iptables -t raw -I PREROUTING -i br0 -d $(nvram get oet1_ipaddr)/$(nvram get oet1_netmask) -j ACCEPT
This rule can expose your LAN side to the CVE attack, but if you have your IOT things separated and tight control over your LAN you should be good, if your LAN is hacked you have got bigger problems.
Builds starting with 41813 have an option button in OpenVPN and Wireguard for disabling the CVE-patch 14899
Joined: 10 May 2008 Posts: 1380 Location: Pacific North West, USA
Posted: Thu Apr 16, 2020 18:21 Post subject:
Router/Version: TP-Link Archer C7 V3
Firmware: DD-WRT v3.0-r42910 std (04/15/20)
Kernel: Linux 3.18.140-d4 #75943 Wed Apr 15 10:31:52 +04 2020 mips
Mode/Status: Gateway / Working
Issues/Errors: Working as a Gateway - Basic setup.
Haven't posted in a while but new builds seem to be great for my routers. _________________ Soylent Green Is People !
Netgear Nighthawk R7000 - DD-WRT Build R46220
Linksys EA8500 - OpenWRT IPQ806x Trunk R16375 5.4 Kernel
Router/Version: Linksys EA8500
Firmware: DD-WRT v3.0-r42910 std (04/15/20)
Kernel: Linux 4.9.219 #539 SMP Tue Apr 14 00:38:01 +03 2020 armv7l
Mode/Status: Gateway / Working
Simple upgraded via CLI, no hang during reboot.
Experiencing Issue 1 mentioned at the top of this post, unable to get Samba/NAS working.
Set SMB min to 2.02
Set SMB Max to 3.11
Encryption to Off
On my Linux Mint I'm running Samba version 4.3.22-Ubuntu which should support SMB3
When I try to connect from Linux I get:
mount error(22): Invalid argument
The command I'm using:
(mount -t cifs //192.168.1.1/usb /mnt/usb -o user=myuser )
It correctly prompts me for a password then throws mount error 22. This command works fine on other servers. I've double-checked the password is correct.
When I try to connect from W10 (net use * \\192.168.1.1\usb ) I get:
System error 58 has occurred.
To troubleshoot the issue I removed the 8TB NTFS drive from the and replaced it with a 2GB EXT4 USB Key Reloaded the new directory, save/apply, no change, unable to NAS.
Router/Version: Netgear R7800 (5 of them)
Config/Mode: WDS - 4 stations
Status/Errors: None noted
Previous/Reset: No reset.
UPDATE: I've been having random reboots. Logging has no helpful info. Running online games like Fortnite when using wireguard on Win10 can't connect to the game server even though lag is less than 10 ms and speed tests show 300 Mb up and down. Fortnite works after turning off wireguard.
Above I had posted about challenges with NAS and USB Drive attached to the router with r42910. Despite some notes saying r42681 works with NAS, I had to backlevel to r41813 std (12/29/19) in order to get NAS working.
Linksys EA8500 with 8TB NTFS USB3 drive attached. Works fine on 41813, but not on 42910. I did significant experimentation with various SMB versions, and 42681 will connect to Mint Samba version 2:4.3.11+dfsg-0ubuntu0.16.04.25. However version 42681 does not seem to work with W10 v1909 build 18362.720. With W10 I get "System error 58 has occurred." I hope this helps others who are struggling with NAS.
Joined: 19 Nov 2008 Posts: 269 Location: Madison, CT, US
Posted: Sat Apr 18, 2020 13:58 Post subject:
Mitch, r42910 works with nas but with some changes. For win10 ver 1909 and ver2020 (beta), I had to change from server name to ip address for nas to work. For android 10, I also had to change to smb1 instead of auto or smb2 for nas to show up. I also use wds so results might be different for you. _________________ Netgear R7800(2) WDS, Asus RT-AC68R (2)