I've updated the libxml2 package, try again now.

New package works great....thank you!

@arokh is the build bot on your server down?

There's no daily builds anymore. I only make new builds when it makes sense, because stuff keeps breaking. Now for instance, minidlna decided to switch to autoconf so the package needs to be redone. I could switch to the release version but that isn't compatible with minissdpd. Also, there hasn't been any interesting changes in trunk there's no need to update just for a higher version number.

I've been having wifi stability problems with most of the latest builds, seems to be getting better, but given that there are updates to ath9k in trunk that are newer than your most recent build, I was also hoping for a new build (not that this would fix my problems, but one can hope).

New build out:

- minidlna removed (package needs to be reworked)
- IPSec/L2TP instead of PPTP
- transmission-daemon included
- nzbget is back
- kmod-usb-storage-extras included
- kmod-batman-adv and kmod-scsi-cdrom are built now

Hi Arokh, I am heavily dependant in the ppt vpn, could you tell me where I will find the new config files to add the secret and user accounts as well as ip range?

Thanks and keep up the good work!

Hey arokh,

why do you use unfsd as NFS server?
the nfs-kernel-server is more performant than unfsd.

I cant get unfsd to work.
unfortunately i can not install nfs-kernel-server in your build, because support is not included in the kernel.
can you provide a build with support for nfs-kernel-server instead of unfsd?

thanks!

ps: despite of that you are providing great builds!

(Last edited by openwrt on 7 Oct 2011, 16:58)

@abolition

The PSK is in /etc/racoon/psk.txt otherwise /etc/ppp/chap-secrets is still used for the username.

https://forum.openwrt.org/viewtopic.php?id=30982

@openwrt

I used nfs-kernel-server previously, but the performance difference is neglible on a router. unfs3 is performing about the same and is just 34k in size.

You can still install nfs-kernel-server if you want.

nfs-kernel-server - maybe better in real life on some real machines.
but you will not see the difference between nfs-kernel-server and unfsd in performance on our rooter but only the fact that nfs-kernel-server will occupy too much useful space in it.

I have a very weird problem with the latest builds (r28247, r28376) my old r27088 works fine , the "G network" starts stop working after a few hours. It means If I connect to the G wifi, the connection is established successfully, however I cant obtain an IP address and setting a static one makes no difference. Strangely the N wifi network works just fine, I can connect and get an IP adress without problems. This behaviour shows up only after a few hours of runtime and I can fix it by restarting the wifi network with "wifi", the logs show no strange behaviour:

Oct  8 12:09:45 hostapd: wlan0: STA 00:23:76:25:XX:XX IEEE 802.11: authenticated
Oct  8 12:09:45 hostapd: wlan0: STA 00:23:76:25:XX:XXIEEE 802.11: associated (aid 2)
Oct  8 12:09:45 hostapd: wlan0: STA 00:23:76:25:XX:XXRADIUS: starting accounting session 4E8F89AC-00000015
Oct  8 12:09:45 hostapd: wlan0: STA 00:23:76:25:XX:XXWPA: pairwise key handshake completed (RSN)
Oct  8 12:09:46 dnsmasq-dhcp[2752]: DHCPDISCOVER(br-lan) 00:23:76:25:XX:XX
Oct  8 12:09:46 dnsmasq-dhcp[2752]: DHCPOFFER(br-lan) 192.168.1.11 00:23:76:25:XX:XX

Any idea how I can debug this problem?

(Last edited by redcow on 8 Oct 2011, 11:23)

I followed the instructions of the link, and configured my mac with l2tp over ipsec but it won't connect

Is there any log I can open to troubleshoot this? The mac just says The L2TP-VPN server is not responding.

These are the configs I used:

root@OpenWrt /root# vi /etc/ppp/chap-secrets

#USERNAME  PROVIDER  PASSWORD  IPADDRESS
user  * pass       *

root@OpenWrt /root# vi /etc/racoon/psk.txt

# Set your PSK (pre-shared key) here
* secret

root@OpenWrt /root# vi /etc/config/firewall

...           
                                          
config 'rule'                             
        option 'target' 'ACCEPT'          
        option '_name' 'IPsec'            
        option 'src' 'wan'                
        option 'proto' 'udp'              
        option 'dest_port' '4500' 

config 'rule'                             
        option 'target' 'ACCEPT'          
        option '_name' 'IPsec'            
        option 'src' 'wan'                
        option 'proto' 'udp'              
        option 'dest_port' '500'          
                                          
config 'rule'                             
        option 'target' 'ACCEPT'          
        option '_name' 'IPsec'            
        option 'src' 'wan'                
        option 'proto' 'esp'              
                                          
config 'rule'                             
        option 'target' 'ACCEPT'          
        option '_name' 'L2PT'             
        option 'src' 'wan'                
        option 'proto' 'udp'              
        option 'dest_port' '1701'

root@OpenWrt /root# vi /etc/firewall.user

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Allow forwarding from/to VPN interface
iptables -A forwarding_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -o ppp+ -j ACCEPT

root@OpenWrt /root# vi /etc/setkey.conf

#!/bin/sh

setkey -c <<EOF

flush;
spdflush;

# All tunnels to this host shall use ESP transport mode
spdadd $1[l2tp] 0.0.0.0/0 udp -P out ipsec esp/transport//require;
spdadd 0.0.0.0/0 $1[l2tp] udp -P in ipsec esp/transport//require;

EOF

root@OpenWrt /root# vi /etc/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";

remote anonymous {
        exchange_mode main;
        nat_traversal on;
        passive on;
        generate_policy on;
        proposal_check obey;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}
sainfo anonymous {
        encryption_algorithm aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

root@OpenWrt /root# vi /etc/ppp/options.xl2tpd

lock
auth
name "l2tp-server"
dump              
# CCP seems to confuse Android clients, better turn it off
noccp                                                     
novj 
novjccomp
nopcomp  
noaccomp
require-mschap
require-mschap-v2
ms-dns 192.168.0.49
lcp-echo-interval 120
lcp-echo-failure 10  
idle 1800          
connect-delay 5000
nodefaultroute    
noipdefault   
           
proxyarp
mtu 1400      
mru 1400

root@OpenWrt /root# vi /etc/xl2tpd/xl2tpd.conf

[global]
port = 1701
;auth file = /etc/xl2tpd/xl2tp-secrets
access control = no
ipsec saref = yes
;debug tunnel = yes
;debug avp = yes
;debug network = yes
;debug state = yes

[lns default]
exclusive = yes
ip range = 192.168.0.50-192.168.0.90
local ip = 192.168.0.49
;hidden bit = no
length bit = yes
name = VPNServer
ppp debug = yes
require authentication = yes
unix authentication = no
require chap = yes
refuse pap = yes
pppoptfile = /etc/ppp/options.xl2tpd

root@OpenWrt /root# /etc/init.d/racoon start
racoon is already running
3603
root@OpenWrt /root# /etc/init.d/xl2tpd start
root@OpenWrt /root#

(Last edited by abolition on 8 Oct 2011, 12:11)

Yes, you can use syslog to see logs (logread -f) and tcpdump to see if packets get there at all.

# tcpdump -n -i eth1 port 500 or 4500 or 1701

I have a MBA myself btw, it's tested and working

(Last edited by arokh on 8 Oct 2011, 12:29)

Ok, it works, it was because i was inside the network that didn't let me connect, as soon as I was in 3G it worked, do you think l2tp is better (faster, more stable) than pptp? I used pptp-vpn on my mac and iPhone also with traffic tunneling so all connections and downloads come from the router and that worked quite alright with pptp.

Thanks for your help.

Hi arokh!

So today I was trying to flash my WNDR3700 to your firmware but I did not succeed. I tried the latest Oct 7 build and the previous Sept 14 build. I was using the TFTP method for flashing.
At first the router flashes normally but in the middle of the process the power led turns to green and keeps flashing fast. Fester than when you are in TFTP recovery mode. I found out that this means Corrupted Firmware.
When it is flashing I cannot reach the router by any means not through web interface nor TFTP.

So I am asking do you have any ideas why does the flash fail on my machine? I was flashing the correct image not the v2 one. I double checked that, also I tried the flashing from 3 times, first via TFTP, second via the original firmware's web interface and last again via TFTP. None of them worked.

I am using the original firmware now.

@abolition

I haven't done any tests but it seems faster to me. I seem to recall someone posting a few pages back that it was faster for him as well. Why don't you report back what you find? L2TP/IPSec is definitely more secure than PPTP and in my experience more compatible with hotspots.

@hix3r

Sorry, I don't have any ideas. First I ever heard of bad flash. I guess the only way to find out what's going on is with a serial cable.

I had problems updating to the latest firmware as well, at one point it was succesful but
when logged in I only saw that the Wan en Lan interface were connecting and kept on connecting.
Weird thing is that wired, internet worked but I couldn not edit wifi because it was only connecting all the time.
I tried 3 times before going back to a previous firmware which works fine.
(no problems going back and forth with the firmwares though)

Well that kinda speaks to me that I screwed something up. I will try flashing tomorrow again, maybe powering down the router for an extended period of time before trying etc.

Thaks for replying though.

Hi,

sorry to bug you but have been looking through this thread and elsewhere and can not find a solution.

I am running your 14.9 build, got it to work pretty much as I like, but I have this issue: can not change the 2.4 radio to channels 12-13, and power limited to 50mw. The 5Ghz instead is wide open, thanks to my change in regulatory.bin (as per the wiki), and I can set it to IT and get allowed values.
Since I live in Italy, I am supposed to be able to get 100mw and those channels.
I have tried with the new regulator.bin, even written my own.
The funny part is that the 5Ghz radio goes:

PCI: Enabling device 0000:00:12.0 (0000 -> 0002)
ath: EEPROM regdomain: 0x0
ath: EEPROM indicates default country code should be used
ath: doing EEPROM country->regdmn map search
ath: country maps to regdmn code: 0x3a
ath: Country alpha2 being used: US
ath: Regpair used: 0x3a

the 2.4 one goes:

ath: eeprom contains invalid mac address: ff:ff:ff:ff:ff:ff
ath: random mac address will be used: 9e:eb:65:e4:d3:05
ath: EEPROM regdomain: 0x60
ath: EEPROM indicates we should expect a direct regpair map
ath: Country alpha2 being used: 00
ath: Regpair used: 0x60

So different reg domain. No matter what country I set this to, I always have that limit. Also invalid MAC address?

Any way to map 0x60 to Italy's values, or anyway to fix this?

thanks!

Fabio

What country is 0x60? Try changing it's entry in regulatory.bin if you didn't already do that. I believe the EEPROM country limits take presedence.

Hi.
Same thing happens here as well. V2 router. But all works fine except that weirdness.
Download/Flashed twice with same result.

Redcow: I've been having the same EXACT problem with my v2. Does anyone else have this problem? Redcow, what are your current wireless settings...channel/dbm, etc for 2.4 and 5?

Same as well on V2, "Collecting Data" on Wifi

But also having the same problem as Redcow.

Hmmm,
I remembered today ISP(Shaw) tech came to add two line phone interface box to our cable and he installed a bandpass/attenuator on the cable modem after adding a cable splitter. I removed the BP/Att. to
see if it makes difference. It does. Now all is well. I can see system status as usual.

Yes that is  what I first thought of, it seems that 0x60 is not a country, but some wordwide roaming regdomain.
See:

http://madwifi-project.org/wiki/UserDocs/CountryCode

It seems the regulatory domain is not part of the .bin database:
"The custom regulatory domains are kept statically as part of the driver. The custom regulatory domains are the 12 custom world regulatory domains. Regulatory pair regulatory domains are mapped to the first ISO-3166-alpha2 country. "
http://linuxwireless.org/en/users/Drive … ory_domain
and:
"The device programmed EEPROM is read. We then determine if the regulatory domain code is a country regulatory domain COUNTRY_ERD_FLAG (0x8000) or a regulatory pair. Based on that, we determine whether we use an ISO3166-alpha2 country code for a regulatory_hint() or we use a static world regulatory domain. "

One solution i found involved modifying the wireless eprom, with ath_info, but I would avoid that as it's quite risky.

Does anyone know how to change the regdomain in the 2.4 Ghz radio?

Thanks

Fabio