Joined: 03 Nov 2015 Posts: 317 Location: Florida, USA
Posted: Thu Jan 19, 2023 15:14 Post subject:
Router: Linksys ea8500 ..WDS AP
Firmware: DD-WRT v3.0-r51440 std (01/19/23)
Kernel: Linux 4.9.337 #1490 SMP Mon Jan 16 04:19:44 +07 2023 armv7l
Reset: NO...GUI upgrade from r50841
Mode: 2.4 GHz only ....Firmware type .. DD-WRT
Errors: NONE
Router: Linksys ea8500 ..WDS Stations ... X (2)
Firmware: DD-WRT v3.0-r51440 std (01/19/23)
Kernel: Linux 4.9.337 #1490 SMP Mon Jan 16 04:19:44 +07 2023 armv7l
Reset: NO...GUI upgrade from r50841
Mode: 2.4 GHz only ....Firmware type .. DD-WRT
Errors: NONE
Upgrades successful !! Seems all my "self inflicted" issues have been worked out..THANKS BS and all ! _________________ ......All GOOD here... Just Handshakes and Time Stamps !......
errors: For some odd reason...I keep seen remote_mgt_https=1 comes enabled by default on all my routers...and its not enabled in the GUI...by default ...so check yours :P
This might be a glitch in ssh remote being enabled. Or not. Just a guess. I haven't reviewed any code.
Just loaded up 51440 and I have ssh enabled and all good...
Well, the source of the report is questionable in my opinion, to say the least, anyway. Thank you for your confirmation of no bug related to that, mac913. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 21 Aug 2019 Posts: 120 Location: Here, There And Everywhere
Posted: Thu Jan 19, 2023 20:16 Post subject:
Router/Version: Netgear Nighthawk X10 (R9000)
File/Kernel: DD-WRT v3.0-r51440 std (01/19/23) / Linux 4.9.337 #658 SMP Mon Jan 9 04:22:19 +07 2023 armv7l
Previous/Reset: No
Mode/Status: Gateway, Wireguard, USB, Samba / Working OK
Issues/Errors: Did not work (respond) at first, but a power cycle helped. Now everything seems to be OK.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Thu Jan 19, 2023 21:51 Post subject:
dale_gribble39 wrote:
Well, the source of the report is questionable in my opinion, to say the least, anyway. Thank you for your confirmation of no bug related to that, mac913.
well... i had a quick look and here what i ve found:
i have web access https only, no remote access enabled on this unit:
so, every time i go to GUI Administration>Management page and hit save and than apply,
remote https becomes enabled, than if i do a nvram set .... manually revert it to 0 than, nvram commit (or even reboot), on check its 0, on save apply on this page it comes back to 1....
root@1043NDv2:~# nvram show | grep remote_mgt_https=
remote_mgt_https=1
root@1043NDv2:~# nvram set remote_mgt_https=0
root@1043NDv2:~# nvram commit
root@1043NDv2:~# nvram show | grep remote_mgt_https=
remote_mgt_https=0
root@1043NDv2:~# nvram show | grep remote_mgt_https=
remote_mgt_https=1
I guess, same happens for the rest units i have...what ever i enter on this page, and i dont do it very often.... on save apply it triggers remote_mgt_https=1 no idea since when...
I also tend to carry same setup forward and no reset or manually rebuild, unless is needed...so, no idea when the glitch happened... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Jan 19 23:36:35 router authpriv.info dropbear[12166]: Child connection from 192.168.xx.xx:xxxxx
Jan 19 23:36:50 router authpriv.info dropbear[12171]: Child connection from fe80::xxx:xxx:xxx:xxx%br0:xxxxx
Jan 19 23:36:53 router authpriv.notice dropbear[12171]: Password auth succeeded for 'root' from fe80::xxx:xxx:xxx:xxx%br0:xxxxx
Well, the source of the report is questionable in my opinion, to say the least, anyway. Thank you for your confirmation of no bug related to that, mac913.
well... i had a quick look and here what i ve found:
i have web access https only, no remote access enabled on this unit:
so, every time i go to GUI Administration>Management page and hit save and than apply,
remote https becomes enabled, than if i do a nvram set .... manually revert it to 0 than, nvram commit (or even reboot), on check its 0, on save apply on this page it comes back to 1....
root@1043NDv2:~# nvram show | grep remote_mgt_https=
remote_mgt_https=1
root@1043NDv2:~# nvram set remote_mgt_https=0
root@1043NDv2:~# nvram commit
root@1043NDv2:~# nvram show | grep remote_mgt_https=
remote_mgt_https=0
root@1043NDv2:~# nvram show | grep remote_mgt_https=
remote_mgt_https=1
I guess, same happens for the rest units i have...what ever i enter on this page, and i dont do it very often.... on save apply it triggers remote_mgt_https=1 no idea since when...
I also tend to carry same setup forward and no reset or manually rebuild, unless is needed...so, no idea when the glitch happened...
This may be by design and has always been this way (?). Still have not reviewed code to see. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Fri Jan 20, 2023 6:47 Post subject:
dale_gribble39 wrote:
Alozaros wrote:
errors: For some odd reason...I keep seen remote_mgt_https=1 comes enabled by default on all my routers...and its not enabled in the GUI...by default ...so check yours
This might be a glitch in ssh remote being enabled. Or not. Just a guess. I haven't reviewed any code.
its disabled by default. thats a fact. ssh is disabled too by default. it its enabled by default on yours you have issue in your network (trojan horse/virus) or you dont use my firmware or a firmware published on our website _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
Issues:
1. Cannot SSH into my router. Same problem as habeIchVergessen stated. Can't connect with IPv4. Haven't tried IPv6.
SSH daemon enabled. SSH TCP Forwarding disabled. Password Login disabled. Added two ssh keys. Worked fine before the update.
Jan 19 23:36:35 router authpriv.info dropbear[12166]: Child connection from 192.168.xx.xx:xxxxx
Jan 19 23:36:50 router authpriv.info dropbear[12171]: Child connection from fe80::xxx:xxx:xxx:xxx%br0:xxxxx
Jan 19 23:36:53 router authpriv.notice dropbear[12171]: Password auth succeeded for 'root' from fe80::xxx:xxx:xxx:xxx%br0:xxxxx
2. DNS not available after reboot.
3. Router can not update time because DNS doesn't work. Using 0.europe.pool.ntp.org as ntp server. In Administration -> Commands tab run command `ping -c 3 google.com` returns 'bad host google.com', something like that.
If I understand correctly DNS probably doesn't work because router has wrong time. And it can't update time because DNS doesn't work. Might be wrong here though.
What helps is uncheck 'Use dnsmasq for DNS' in DHCP options. Time updates and DNS works. Then I can check 'Use dnsmasq for DNS' again and all works fine.
Static DNS in DHCP Settings:
208.67.222.222
1.1.1.1
8.8.8.8
Dnsmasq settings:
Encrypt DNS disabled
Cache DNSSEC Data enabled
Validate DNS Replies (DNSSEC) enabled
Check Unsigned DNS Replies enabled
No DNS Rebind enabled
Query DNS in Strict Order enabled
Add Requestor MAC to DNS Query disabled
RFC4039 Rapid Commit Support disabled
Additional options:
Joined: 18 Mar 2014 Posts: 12914 Location: Netherlands
Posted: Fri Jan 20, 2023 17:47 Post subject:
SSH has been updated, if you have trouble connecting with SSH then download the latest Putty and make sure under SSH/Host keys to move ed25519 to the top and untick "Prefer Algorithms for which a host key is known" or forget your known HOST keys (the fingerprints) from your client.
If you have trouble connecting with WinSCP under Tools/Clean up Clear Cache.
You have a DNS/NTP catch 22 situation because you are using "secure DNS" which needs current time
In your case set IP addresses as NTP server, but frankly your DNS settings needs some attention (what is the use of setting Static DNS as you are using no-resolv?, Query DNS in strict order is not very useful etc.)