Thanks for the heads up.  I was just really confused... I was not touching stuff, just adding my scripts to etc and also building a version for buffalo ag300h.

The tar.xz works perfect!  No more issues, I even did a git pull and it still worked fine.  Sometimes linux stupifies me, too many options. 

As for the block lists, yeah, it's insane.   But for those who do torrents, the 128 MB ram routers really can handle it.  You can also run peerblock on the PC with the torrent client, but I have others in the house who use p2p and don't want bad ips/ranges from connecting.

For example, I run 14 small allow lists(for gaming-etc),  11 smaller lists, and 2 HUGE lists (level 1 bluetack, and a slightly bigger one- primary threats- which some are dupes of L1).
Just to make your point, yes huge memory hog LOL
lol here are the bzip2 compressed sizes of the lists:
Allow list-   3K
11 small lists-   420K
L1+Primary threats-   1.75MB!
L1 alone-  800K.
Memory wise:
Allow-  23.4Kb
11 lists-   1.4MB
L1+primary threats-   8.8MB
L1 alone- 7MB

It is integrated into the switch config. Port 5 is used for wan LED config.

https://dev.openwrt.org/browser/trunk/t … twork#L394
https://dev.openwrt.org/browser/trunk/t … _leds#L408

Probably you would need to change the mode from default 2 to 0.

Earlier it was explained better in wndr3700-specific etc/config/network, but now the code gets generated without comments. Comments are only visible in that 02_network uci-defaults, (which gets deleted after succesful run).
https://dev.openwrt.org/changeset/39373/

So PPPoE not working on kernels > 3.10 on wdr4900?

(Last edited by markuznw on 9 Nov 2014, 18:24)

I'm having the same issue, but coxmobil isn't. I'm finding it quite odd.

I've got a good contact at my ISP and I'm going to see if he can see anything in the logs.

Yes, quite odd. I'm having issues with kernel 3.10, but kernel 3.16 and 3.18 works very well with pppoe. Here is my network config:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd43:1f01:e36c::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option macaddr '64:66:b3:de:...'
    option dns '8.8.8.8 8.8.4.4'

config interface 'wan'
    option ifname 'eth0.2'
    option _orig_ifname 'eth0.2'
    option _orig_bridge 'false'
    option proto 'pppoe'
    option username 'username'
    option password 'password'
    option ipv6 '1'
    option peerdns '0'
    option dns '8.8.8.8 8.8.4.4'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0t 2 3 4 5'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0t 1'

config interface 'vpn'
    option proto 'none'
    option ifname 'tun0'
    option auto '1'

config interface 'tor'
    option proto 'static'
    option ipaddr '192.168.2.1'
    option netmask '255.255.255.0'

(Last edited by coxmobil on 9 Nov 2014, 19:38)

Thanks for the settings, mine are slightly different

i'll give your extra parameters a try.

Hi Arokh,

Today i updated tot version 43219 on my WNDR3700v1,

Now i get a lot of connectivity errors with internet:

[16875.560000] eth1: link down
[16876.560000] ar71xx: pll_reg 0xb8050014: 0x11110000
[16876.560000] eth1: link up (1000Mbps/Full duplex)
[16898.570000] eth1: link down
[16899.570000] ar71xx: pll_reg 0xb8050014: 0x11110000
[16899.570000] eth1: link up (1000Mbps/Full duplex)
[16913.580000] eth1: link down
[16915.580000] ar71xx: pll_reg 0xb8050014: 0x11110000
[16915.580000] eth1: link up (1000Mbps/Full duplex)
[29577.590000] eth1: link down
[29579.590000] ar71xx: pll_reg 0xb8050014: 0x11110000
[29579.590000] eth1: link up (1000Mbps/Full duplex)
[29601.600000] eth1: link down
[29603.600000] ar71xx: pll_reg 0xb8050014: 0x11110000
[29603.600000] eth1: link up (1000Mbps/Full duplex)
[29617.610000] eth1: link down
[29619.610000] ar71xx: pll_reg 0xb8050014: 0x11110000
[29619.610000] eth1: link up (1000Mbps/Full duplex)

Any thought what may cause this?

Regards, Eric

hi arokh,
do I have to activate jows reghack? For me it doesn't work. I am not able to choose a channel above 48.
I set the Country Code to "00 - World" but it did nothing.
What am I doing wrong?

I am using  r43219 on a WNDR3700v1

Thanks

(Last edited by openwrt on 10 Nov 2014, 12:06)

In the stock config, dnscrypt is only binding to the router's v4 address. For it to work with both v4 and v6, it has to bind to both 127.0.0.1 and ::1.

How can i replace hosts.block with easylist? I used a script but it didnt do well since your method is different: https://newspaint.wordpress.com/2014/08 … e-adblock/

@eric111

No config needed, your DNS traffic should automatically be encrypted. Not sure about your link issue. Did you try going back to a different version?

@markuznw @johanrd

There's been some updates to ar8216 switch driver, let's see if the upcoming build fixes it.

@openwrt

Should just work, it does here on my v1. Let me know if u find an issue.

@bmccoy11

dnscrypt-proxy doesn't need to listen to an ipv6 address. It's only being queried locally by dnsmasq which in turn should listen on ipv6.

@stereohype

If you're interested in another approach I suggest you do the work and post your results.

(Last edited by arokh on 11 Nov 2014, 09:59)

I tried this build:

http://enduser.subsignal.org/~trondah/w … actory.img

so r43229

it flashed via tftp okay, but then just gave one steady LAN (switch) light.

Router wouldn't respond on 192.168.1.1 so couldn't get any further.

Flashed multiple times via tftp, same result.

Back on my old version OpenWrt Barrier Breaker r41336 now

Anyone had success with the wndr3700v4 on the latest release?

@arokh, any chance you could leave the files/packages etc for wdr4900/r43063 on your site until this issue with PPPoE is resolved?

Wouldn't want to have to stop using my beloved router and your builds are brilliant!

Sure. Did you try the latest release?

Hi i tried r43229, so far so good, but what i noticed is that reaching www.mozilla.org is very slow.

Can that have something to do with OpenDNS?

Can you try it yourself arokh?

Thanks in advance.

(Last edited by bladeoner on 11 Nov 2014, 23:40)

Seems quick here.

Is anyone else having issues with dnscrypt-proxy not running at boot, or is it just me? I have the service enabled to run at boot in System/Startup. Nothing shows up in the log at all until I manually start it.

Just in case anyone is wondering, the 800MHZ build works great with my RTL-SDR dongle at 0.44 average load when using rtl_tcp.

Installing the r43229 is my first time using openwrt and i ran in some trouble that the WAN didn't come up.

For people experiencing the same, i did a 30/30/30 reset and my ISP modem needed to be reset (power off) after that the WNDR4300 worked like a charm.

And i noticed that the wlan config was on 20Mhz both 2.4 Ghz and 5 Ghz, this made the wifi connection unstable. After putting it on 40 Mhz that was fixed.

Good job for making the firmware.

(Last edited by bladeoner on 12 Nov 2014, 06:55)

I will to test www.mozilla.org tonight again, i was testing from a wired connection.

Strange thing it was the only website running slow.

Thanks!
No I've not had a chance to test the latest release yet. I'll let you know when I have though.

I tried again, still slow.

Here are the results of a ping:

Pinging mozorg.dynect.mozilla.net [63.245.217.105] with 32 bytes of data:
Reply from 63.245.217.105: bytes=32 time=276ms TTL=52
Reply from 63.245.217.105: bytes=32 time=277ms TTL=52
Reply from 63.245.217.105: bytes=32 time=279ms TTL=52
Reply from 63.245.217.105: bytes=32 time=167ms TTL=52

How can i change the DNS server to another one in the list?

The command you mentioned earlier?

sed -e s/127.0.0.1\#5353/8.8.8.8/ -i /etc/config/dhcp && /etc/init.d/dnsmasq restart

(Last edited by bladeoner on 12 Nov 2014, 19:22)

Are there any other sites that are slow? I get around 170ms to mozilla.org which is kinda high already, and you get 100ms more than that. I notice your last ping is 167ms, are you sure you aren't running any torrents or something in the background? Anyways, I wouldn't draw any conclusions just from mozilla.org being slow. Do some more tests.

And yes, that is one way to change the DNS. You can also do it in the web interface or editing the config file with your favorite editor. 127.0.0.1#5353 is the local dnscrypt proxy which encrypts your DNS traffic.

Hi Arokh,

I don't understand exactly where to change this using the web interface. Until now i have set the Custom DNS servers of my ISP in the interface settings of the WAN interface but want to use the DNS server of OpenDNS together with dnscrypt.

Another problem, using r43229 the Luci web interface is very slow and i get many of these errors in the system log:
Wed Nov 12 20:33:28 2014 kern.warn kernel: [82323.530000] nf_conntrack: table full, dropping packet
Wed Nov 12 20:33:28 2014 kern.warn kernel: [82323.540000] nf_conntrack: table full, dropping packet
Wed Nov 12 20:33:29 2014 kern.warn kernel: [82324.410000] nf_conntrack: table full, dropping packet

After rebooting the router all works okay again for about half an hour, then i get the same problems with to many active connections :-(

Thanks, Eric

(Last edited by eric111 on 12 Nov 2014, 21:06)

It's the blocklist, one of the cdn.xxxx  servers was making some firefox addon pages slowwwwww.  (cdn.optimizely.com)
I saw it was trying to contact cdn.optimizely.com.  Looked in /etc/hosts.block and it was there.
Edit /etc/config/dhcp and comment out, or rename to a wrong name this line:
list addnhosts /etc/hosts.block 
to
list addnhosts /etc/hosts.blockNOTUSED

then
/etc/init.d/dnsmasq restart
and try again

If instead you want to make a hosts.block that is minimal but blocks malware, put this into a script and run it to update hosts.block

# Create new hosts.block file for adblocking 
# (removed lists that block ads/cdn that kill some sites responsiveness)
wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt | grep "^127.0.0.1" > /tmp/block.build.list

sed -i 's/127.0.0.1/192.168.3.254/g' /tmp/block.build.list
sed -e 's/\r//g' -e 's/^192.168.3.254[ ]\+/192.168.3.254\t/g' /tmp/block.build.list|sort|uniq > /tmp/hosts.block
mv /tmp/hosts.block files/etc/

(Last edited by robnitro on 12 Nov 2014, 21:51)