Posted: Mon Feb 13, 2023 15:16 Post subject: New Build - 02/13/2023 - r51679
Welcome to Marvell r51679 beta release thread for reporting, feedback to developers and community benefit.
Please do not flash builds until installation is understood, risks involved and device specificrecovery methods.
Avoid discussions, create threads for questions, general problems or use search; this thread is not for support.
List router model & version or revision, operating & wireless modes & exact filename/firmware image flashed.
CLI Flash: 'cd /tmp' then 'wget {file URL}' (httponly) or 'curl -O {file URL}' (http, https, ftp). 'write {file} linux' then 'reboot'.
Issues, observations, and/or workarounds reported:
• WebUI: Clear history or use a portable. Temporary cache bypass: Ctrl+F5, Cmd+Shift+R or new private window/incognito.
• Please report findings with steps needed to reproduce, configuration, clients, output, logs and important information below!
Important:
• Detail issues & relevant configs, logs: syslog klog 'dmesg' 'cat /tmp/var/log/messages' nvram set console_debug=1, serial.
• Firewall NAT: 'iptables -vnL' 'iptables -t nat -vnL' 'iptables -t mangle -vnL' & 'cat /tmp/.ipt'. Misc: stracetcpdumpwireshark.
• Gremlins: reboot. cold boot. Reset & reconfigure not restore backup. Search Trac & discuss in forum before opening tickets.
• Include operating & wireless modes (e.g. Gateway, Router, AP, SB, WDS, Mesh) and applicable configurations to reproduce.
Updated from r51617 to r51679 on my WRT1200 v1. VPN would not connect nor would the VPN tab show any data with everything else functional.
Disabled/Enabled a couple of times, rebooted twice after initial install/reboot with no luck. Reverted back to r51617 VPN connects and VPN tab shows data with everything else functional. (ExpressVPN)
Just a heads up. If no similar findings from others I will embrace "my setup" is flawed now and work from there.
Updated to r51679 again with same issue. SysLog for both below. Zero issues with VPN last few years. Must need some setup changes so I will contact ExpressVPN since I don't have "remove ncp-disable from OpenVPN 2.6.0 config" visible in my vpn setup. They make changes server side they said . . as I have not had to change my client setup for years. May need to update config info. Appears to be a ref to 2.6 in r51679 error. Thanks for the feedback.
r51617 SysLog VPN works
Dec 31 19:00:18 Router daemon.notice openvpn[1801]: OpenVPN 2.5.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 9 2023
Dec 31 19:00:18 Router daemon.notice openvpn[1801]: library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
r51679 SysLog VPN won't load with following error with no OpenVPN version available.
Dec 31 19:00:17 Router daemon.err openvpn[1812]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/openvpncl/openvpn.conf:33: keysize (2.6.0)
--client-cert-not-required (replaced with --verify-client-cert none)
--ifconfig-pool-linear (replaced with --topology p2p)
--ncp-ciphers (renamed to --data-ciphers)
--key-method
--no-iv
--no-replay
--ns-cert-type
Last edited by blkt on Tue Feb 14, 2023 3:32; edited 2 times in total
Router Model Linksys WRT1900ACS v2
Firmware Version DD-WRT v3.0-r51679 std (02/13/23)
Kernel Version Linux 4.9.337 #3631 SMP Mon Feb 13 03:30:31 +07 2023 armv7l
Current Time Tue, 14 Feb 2023 07:21:41
Uptime 7:06
update-browser waterfox, I switched from partition 1 from Linksys firmware, all ok
connection Type PPPoE - IPv6 Type DHCPv6 with Prefix Delegation 1Gbps
IPv6 Type DHCPv6 with Prefix Delegation-On - Ok
Operating Mode Gateway/AP
Shortcut Forwarding Engine-On
Schedule Reboot-On,
Web Access Protocol - HTTPS,
SSH (public key)-ok
Validate DNS Replies (DNSSEC)-ok
Port Forwarding - Ok,
USB - System Log -Ok
Schedule Reboot - At a Set Time - On
Wireless Interface 5GHz-Wireless Mode AP-Wireless Network Mode-AC/N, Width VHT 80 Mhz-Wireless Channel-36,Short GI, Short Preamble, Single User Beamforming, Radio Scheduling, Enable-WPA2/WPA3 Personal-CCMP-128 (AES), Regulatory Domain Romania , all-ok
Wireless Interface 2.4GHz-Wireless Mode AP-Wireless Network Mode-N, Width VHT 40 Mhz-Wireless Channel-6, Extension Channel Lower,TurboQAM (QAM256),Short Preamble, Short GI ,Threshold 784, Radio Scheduling, Enable-WPA2/WPA3 Personal-CCMP-128 (AES) all-ok!
After configuring the settings, I rebooted the router every time!
Validate DNS Replies (DNSSEC) _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt
Joined: 21 Aug 2019 Posts: 120 Location: Here, There And Everywhere
Posted: Wed Feb 15, 2023 15:13 Post subject:
Router/Version: Linksys WRT1200AC / v1
File/Kernel: DD-WRT v3.0-r51679 std (02/13/23) / Linux 4.9.337 #3631 SMP Mon Feb 13 03:30:31 +07 2023 armv7l
Previous/Reset: r51530 / No
Mode/Status: WAP, USB / Working OK
Issues/Errors: None so far (2 days uptime)
congratulations to everyone who contributed to the implementation of ipv6 on ddwrt, in the test below ddwrt passes the test with default settings!
https://ipv6.chappell-family.com/ipv6tcptest/
Hmm, I think that with ipv6 there is no NAT so you have tested the firewall on the host, where you run the browser. There is no ipv6 firewall by default running on dd-wrt.
Joined: 12 Dec 2007 Posts: 780 Location: Pittsburgh, PA USA
Posted: Wed Feb 15, 2023 17:13 Post subject:
wrtloop wrote:
Hmm, I think that with ipv6 there is no NAT so you have tested the firewall on the host, where you run the browser. There is no ipv6 firewall by default running on dd-wrt.
Don't confuse NAT and firewall. There most certainly is IPV6 firewalling on DD-WRT, but you're correct, NAT is unnecesary. I turned off the Windows Firewall on my desktop and ran the same port scan. Only difference was that it got a ping reply.
If you want to see the firewall rules, go to the CLI and run the commands:
Hmm, I think that with ipv6 there is no NAT so you have tested the firewall on the host, where you run the browser. There is no ipv6 firewall by default running on dd-wrt.
Don't confuse NAT and firewall. There most certainly is IPV6 firewalling on DD-WRT, but you're correct, NAT is unnecessary. I turned off the Windows Firewall on my desktop and ran the same port scan. Only difference was that it got a ping reply.
If you want to see the firewall rules, go to the CLI and run the commands:
Thank you for the clarification. This addition of ip6tables rules must have been a relatively recent event. Since my RPi connected to dd-wrt LAN used to be completely exposed to the internet on ipv6. I tested it now and it is safe behind the dd-wrt now.
OpenWrt with the default settings does not pass this test on ipv6, ddwrt made a big step in implementation in my opinion.
Congratulations once again and thank you for your work! _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt