New Build - 10/10/2021 - r47528

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Goto page 1, 2  Next
Author Message
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Sun Oct 10, 2021 7:38    Post subject: New Build - 10/10/2021 - r47528 Reply with quote
[WARNING]: This thread is only for feedback on this beta release for developers and the community's benefit.
DO NOT flash this beta release unless you understand the risks involved and device specific recovery methods.
Avoid discussions! Create threads for questions, general problems or use search; this thread is not for support.
Please list router model & revision, operating & wireless mode(s) and exact filename/firmware image flashed.


Downloads: (DD-WRT website) HTTPS & FTP (try another if a link does not work)

CLI Flash: 'cd /tmp' then 'wget {file URL}' (http only) or 'curl -O {file URL}' (https, http or ftp). 'write {file} linux' then 'reboot'.

Repository: Trac SVN changelog since last build r47510 (GitHub mirror)

Notes:
OpenVPN 2.5.3: Guides, Server, PBR, Reverse PBR, Client (see second post), Kill Switch, update tips, scripts and more.
WireGuard 1.0.20210606/Tools: Changelog, Guides, Client, Server, Advanced, PBR, KS, tips and scripts. Thanks BS & egc!
• CVE-2019-14899 VPN fix (applicability depends on VPN setup) and GUI toggle since r41813.
MiniDLNACoovaChilliPrivoxyiperf3cakeFreeRADIUSOpenSSLBusyBoxdnsmasqUnboundTorSquidSmartDNSAsterisk
In-kernel Samba (ksmbd 3.4.2): default min/max versions changed. • WSD updateANTFS/NTFS3 kernel mode driver+++
CVE-2020-26147, CVE-2020-24586, CVE-2020-24587 & CVE-2020-24588 (Fragattack) fixed.
• "Assign WAN port to Switch" feature removed; likely no longer required. • MAC Filtering fixed in WebUI (see 47184-47205).
New DD-WRT inspired themes conversion by the-joker & BrainSlayer, micro devices excluded. • Sputnik Agent is removed.
• "Ignore WAN DNS" also ignores WAN domain. Thank you BS & egc, also dTX for reporting, twindragon6 logs and buffpatel!

Issues:
• Show us your findings with steps to reproduce, configuration, output, logs and important information below!

Important:
• For issues provide applicable info: 'dmesg', 'cat /tmp/var/log/messages', syslog, klog, serial, strace, tcpdump, wireshark etc.
• Any firewall NAT or WAN issues, show output: 'iptables -vnL', 'iptables -t nat -vnL', 'iptables -t mangle -vnL' and /tmp/.ipt file.
• Search SVN tickets & discuss in forum before opening. Before reporting: reset & manually set up, not restore from a backup.
• Please include operating & wireless modes (e.g. Gateway, Router, AP, CB, WDS, Mesh) & relevant configuration information.

Example Template:
Code:
[b]Router/Version: [/b]
[b]File/Kernel: [/b]
[b]Previous/Reset: [/b]
[b]Mode/Status: [/b]
[b]Issues/Errors: [/b]
Sponsor
Argenis
DD-WRT User


Joined: 18 Feb 2019
Posts: 159

PostPosted: Tue Oct 12, 2021 5:58    Post subject: Reply with quote
Router/Version: 3200ACM v1
File/Kernel: ddwrt-linksys-wrt3200acm-webflash.bin/DD-WRT v3.0-r47528 std (10/10/21)
Previous/Reset: 10-04-2021-r47510 / No
Mode/Status: Router/AP
Issues/Errors: So far only one issue I've found which is only cosmetic. In the status > syslog tab, the previous and next buttons have odd characters before and after, respectively, but the buttons do work. I'll update if there's any other issues found.

_________________
Router: Linksys WRT3200ACM WLAN0 and 1 have same SSID
88W8964 802.11ac WLAN0 Mode AP VHT80 80MHz Mixed Mode Channel and Extension Channel Auto Extension LL-6
88W8964 802.11ac WLAN1 Mode AP 20 MHz Mixed Mode Channel Auto
SD8887 802.11ac disabled but visible on GUI and CLI
TX Power 18 dBm
Antenna Gain 0 dBi
U-APSD (Automatic Power Save)Enabled 
Protection Mode None
RTS Threshold Disabled
Short Preamble Disabled 
Short GI Enabled
Single User Beamforming Enabled
Multi User Beamforming Enabled 
AP Isolation Disabled
Beacon Interval 100
DTIM Interval 2
WMM Support Enabled 
Radar Detection Disabled 
ScanList default
Sensitivity Range (ACK Timing) 500 (Default: 500 meters)
Max Associated Clients 256 (Default: 256 Clients)
Minimum Signal for authenticate -128
Minimum Signal for connection -128
Poll Time for signal lookup 10
Amount of allowed low signals 3
Wireless security is WPA2 Personal CCMP-128 only
QAM256 is on
T-z3P
DD-WRT Novice


Joined: 18 Nov 2011
Posts: 26

PostPosted: Tue Oct 12, 2021 10:31    Post subject: Reply with quote
Router/Version: Linksys WRT32X
File/Kernel: Linux 4.9.285 #2895 SMP Sun Oct 10 03:12:22 +07 2021 armv7l
Previous/Reset: r47282 std (08/30/21)
Mode/Status: Gateway
Issues/Errors: On Administration > Management > Router GUI Style the "Preview" button doesn't seem to work. Other than that, I haven't noticed anything else.

_________________
Linksys WRT32X - DD-WRT v3.0-r50551 std (10/19/22)
Linksys EA6300 - DD-WRT v3.0-r40167 (backup router if something goes wrong with the main one)
kosmos
DD-WRT User


Joined: 31 Jan 2013
Posts: 53

PostPosted: Tue Oct 12, 2021 20:50    Post subject: Reply with quote
Since r47528 I have had a display error in the buttons, possibly something was messed around here in the character table. Here is a picture, the two buttons below are affected.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue Oct 12, 2021 21:46    Post subject: Reply with quote
Already reported, will be fixed in the next release.

https://svn.dd-wrt.com/changeset/47529

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
papagdog
DD-WRT Novice


Joined: 09 Sep 2021
Posts: 23

PostPosted: Fri Oct 15, 2021 7:47    Post subject: Net Isolation on Guest VAP Reply with quote
Router/Version: Linksys WRT3200ACM
File/Kernel: Linux version 4.9.285 (root@server2) (gcc version 11.1.0 (OpenWrt GCC 11.1.0 r16904-a4e2766a5b) ) #2895 SMP Sun Oct 10 03:12:22 +07 2021
Previous/Reset: v3.0-r47381 std (09/08/21)
Mode/Status: Router/AP
Issues/Errors: (Net Isolation on Guest VAP) - After upgrading r47381 to r47528 with reset and scratch build, everything seemed to be working well until I noticed my guest network had access to the router GUI, and also an external USB hard drive attached to the router.

****************************
Linksys WRT3200ACM

Firmware: DD-WRT v3.0-r47381 std (09/08/21)
Firmware: DD-WRT v3.0-r47528 std (10/10/21)

Net Isolation on VAP:
After upgrading r47381 to r47528 with reset and scratch build, everything seemed to be working well until I noticed my guest network had access to the router GUI, and also my external USB hard drive attached to the router.

To be absolutely sure, I reset my router to default stock firmware for (BOTH) versions and followed these very minimum steps to reproduce the issue.

-Load r47381 - (reset)
nvram erase && reboot - extra clear/boot to be absolutely sure I'm starting from scratch.

-Load r47528 - (reset)
nvram erase && reboot - extra clear/boot to be absolutely sure I'm starting from scratch.

I followed these steps with NO other modifications for both versions. I also checked to see which partition I was loading to.

STEPS:
Log in to 192.168.1.1
Set Router Username
Set Router Password
Confirm Password

Setup/Basic Setup
• NTP Client (Enable)
• Set Time Zone
• Set Server/IP Name
• Save/Apply

Wireless/Basic Settings
• Add Virtual AP to wlan0
• Save/Apply/Reboot
• Log in again
• -- Advanced Settings wlan0.1
• AP Isolation (Enable)
• Network Configuration (Unbridged)
• Net Isolation (Enable)
• IP Address (192.168.2.1/24)
• Save/Apply/Reboot

Setup/Networking
• DHCPD
• Add Interface wlan0.1: IP 192.168.2.1/24
• Save/Apply/Reboot

I connected to the VAP and ran a Lan Scan from an android phone to produce the attached screen captures, which validated the reason I could hit the router GUI and my router attached USB hard drive.

It would be great if someone could reproduce these steps, or simply test adding a guest configured VAP, unless you may already have one configured. Simply test your lan access. Any help would be greatly appreciated.

Btw - I'm not sure when this issue occurred since I realize there are several versions in between 381 and 528. I went back to 381 because I was sure Net Isolation was working at that version.


Last edited by papagdog on Fri Oct 15, 2021 20:31; edited 1 time in total
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Fri Oct 15, 2021 13:03    Post subject: Reply with quote
USB and the router GUI have always been accessible from every subnet. It's not a bug.

Edit: People who know the big picture better than I are digging into it below, so maybe my routers are a special case because I implement my own net isolation with iptables commands. So let's just stand back and learn! Very Happy

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.


Last edited by SurprisedItWorks on Fri Oct 15, 2021 14:09; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Fri Oct 15, 2021 13:05    Post subject: Reply with quote
Net Isolation and AP Isolation are not the same thing. You're probably not employing both?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
papagdog
DD-WRT Novice


Joined: 09 Sep 2021
Posts: 23

PostPosted: Fri Oct 15, 2021 13:28    Post subject: Net Isolation on Guest VA Reply with quote
Yes, I do understand the difference in how AP Isolation and Net Isolation function respectively. AP Isolation is still working in both versions. I tested each feature independently of the other. I included both in my scenario for a sanity check. Net Isolation was definitely working on r47381.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Oct 15, 2021 13:50    Post subject: Re: Net Isolation on Guest VA Reply with quote
papagdog wrote:
Yes, I do understand the difference in how AP Isolation and Net Isolation function respectively. AP Isolation is still working in both versions. I tested each feature independently of the other. I included both in my scenario for a sanity check. Net Isolation was definitely working on r47381.


Show output of (from CLI):
iptables -vnL FORWARD
iptables -vnL INPUT

If possible from both versions to compare

To be sure you did not setup as a Wireless Access Point but as a router in gateway mode where the WAN is connected to the internet (or another router)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
papagdog
DD-WRT Novice


Joined: 09 Sep 2021
Posts: 23

PostPosted: Fri Oct 15, 2021 14:52    Post subject: Re: Net Isolation on Guest VAP Reply with quote
egc wrote:

Show output of (from CLI):
iptables -vnL FORWARD
iptables -vnL INPUT

If possible from both versions to compare

To be sure you did not setup as a Wireless Access Point but as a router in gateway mode where the WAN is connected to the internet (or another router)


I'll be glad to get the outputs but it will take a while. To reiterate, I did not make any other changes to the default configuration when following the previously listed steps. Default configuration for Wireless Mode = "AP". There are no other routers in my configuration.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Oct 15, 2021 14:53    Post subject: Reply with quote
This is how the Net isolation shows on my router:

Code:
root@R7800:~# iptables -vnL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  wlan1.1 *       0.0.0.0/0            192.168.0.0/24       state NEW
  60M   80G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

root@R7800:~# iptables -vnL INPUT
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 205 67240 ACCEPT     udp  --  wlan1.1 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
  958 59365 ACCEPT     udp  --  wlan1.1 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  wlan1.1 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 DROP       all  --  wlan1.1 *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 ACCEPT     all  --  wlan1.1 *       0.0.0.0/0            0.0.0.0/0
 410K   31M DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
root@R7800:~#


I left out some things and this is from my main router at home Netgear R7800 on subnet 192.168.0.0 running 47282 (I can not update it because I am elsewhere located Smile )

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
papagdog
DD-WRT Novice


Joined: 09 Sep 2021
Posts: 23

PostPosted: Fri Oct 15, 2021 20:30    Post subject: Re: Net Isolation on Guest VAP Reply with quote
egc wrote:

Show output of (from CLI):
iptables -vnL FORWARD
iptables -vnL INPUT

If possible from both versions to compare

To be sure you did not setup as a Wireless Access Point but as a router in gateway mode where the WAN is connected to the internet (or another router)


I've gone through this again and configured both versions individually and exactly as I noted in my first response to this thread. The differences between the two (iptables -vnL INPUT) records appears to show some definite discrepancies, although I don't declare myself an expert by any means.

I've attached a text file for your review. Thanks!


--- I deleted the attached .jpg images as they were annoyingly ugly and were polluting this topic.


Last edited by papagdog on Sat Oct 16, 2021 1:33; edited 3 times in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Fri Oct 15, 2021 21:09    Post subject: Reply with quote
I have a feeling this commit needs to be reverted:

https://svn.dd-wrt.com/changeset/47497

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Oct 16, 2021 5:50    Post subject: Reply with quote
So do I
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum