Topic: davidc502 1900ac 3200acm builds

The content of this topic has been archived between 26 Feb 2018 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Page 213 of 229

Post #5301

Cantenna

3 Apr 2018, 10:15

bytchslappa wrote:

Cantenna wrote:
So i'm coming from dd-wrt and was using a great script to re-direct all dns traffic to my privoxy server using this script below;
#!/bin/sh
PROXY_IP=180.168.123.15
PROXY_PORT=8118
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
#
###EXCEPTIONS###
iptables -t nat -I PREROUTING -i br0 -s 180.168.123.6 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -s 180.168.123.13 -j ACCEPT

Anyone have any idea how to re-tool for openwrt?
Maybe paste it directly into the 'custom rules' section of the firewall setup - I have a similar rules but to force all DNS traffic to a specific DNS provider for region geo-unlocking..

Thank mate,

I tried posting into firewall.user, is that the custom you speak of? Also NVRAM is a problem, don't believe openwrt uses it but instead uci commit?

Post #5302

Vindicator

3 Apr 2018, 11:53

Regarding dnscrypt-proxy 2, it's from the same developer jedisct1 (reddit.com/r/linux/comments/7owb1s/psa_dnscrypt_is_now_abandoned):

dnscrypt-proxy is not dnscrypt.
dnscrypt is the specification of a protocol.
dnscrypt-proxy was an early, client-side implementation of that protocol. Recent addons for that software such as the cache and the FPST-based filter plugin were great, but the core proxy itself was old, ugly, buggy and hard to maintain.
So, it was rewritten from scratch: github.com/jedisct1/dnscrypt-proxy
dnscrypt itself didn't change. The protocol isn't bad nor broken.

Regarding OpenWRT integration:

The binary blob is located at github.com/jedisct1/dnscrypt-proxy/releases/latest.

I'm using dnscrypt-proxy-linux_arm-2.0.8.tar.gz for my WRT3200ACM with Davidc502's latest build:

I'm running the daemon as nobody (requires sudo pkg), load-balancing between cloudflare (1.1.1.1 and 1.0.0.1) and google (8.8.8.8 and 8.8.4.4). Both with DNSoHTTPs:

authpriv.notice sudo:     root : TTY=unknown ; PWD=/ ; USER=nobody ; COMMAND=/usr/sbin/dnscrypt-proxy -config /var/tmp/dnscrypt-proxy/dnscrypt-proxy.toml -syslog
user.notice DNSoHTTPS: dnscrypt-proxy started successfully. Configuring dnsmasq...
daemon.notice dnscrypt-proxy[4256]: Source [/var/tmp/dnscrypt-proxy/public-resolvers.md] loaded
daemon.notice dnscrypt-proxy[4256]: dnscrypt-proxy 2.0.8
daemon.notice dnscrypt-proxy[4256]: Now listening to 127.0.0.1:5053 [UDP]
daemon.notice dnscrypt-proxy[4256]: Now listening to 127.0.0.1:5053 [TCP]
daemon.notice dnscrypt-proxy[4256]: Now listening to [::1]:5053 [UDP]
daemon.notice dnscrypt-proxy[4256]: Now listening to [::1]:5053 [TCP]
daemon.notice dnscrypt-proxy[4256]: [cloudflare] OK (DoH) - rtt: 7ms
daemon.notice dnscrypt-proxy[4256]: [google] OK (DoH) - rtt: 99ms
daemon.notice dnscrypt-proxy[4256]: Server with the lowest initial latency: cloudflare (rtt: 7ms)
daemon.notice dnscrypt-proxy[4256]: dnscrypt-proxy is ready - live servers: 2

For this:

1 - I had to disable the FW's old dnscrypt-proxy with /etc/init.d/dnscrypt-proxy disable

2 - Placed the new binary blob from github in overlay's /usr/sbin

3 - Created my own start\stop actions:
start:
mkdir -p /var/tmp/dnscrypt-proxy; cp /etc/myconfs/dnscrypt-proxy/* /var/tmp/dnscrypt-proxy/; sudo -b -u nobody dnscrypt-proxy -config /var/tmp/dnscrypt-proxy/dnscrypt-proxy.toml -syslog;
if [ `pidof dnscrypt-proxy` ]; then cp /etc/myconfs/dnsmasq/dnsmasq-dnscrypt-proxy.conf /tmp/dnsmasq.d/; /etc/init.d/dnsmasq restart; fi

stop
if [ -f /tmp/dnsmasq.d/dnsmasq-dnscrypt-proxy.conf ]; then rm /tmp/dnsmasq.d/dnsmasq-dnscrypt-proxy.conf; /etc/init.d/dnsmasq restart; fi
if [ `pidof dnscrypt-proxy` ]; then kill $(pidof dnscrypt-proxy); rm -R /var/tmp/dnscrypt-proxy; fi

4 - My custom conf files are in etc/myconfs/. For dnscrypt-proxy it's dnscrypt-proxy.toml, based on the supplied example file in the tar, but with DoH and TCP enabled, and the servers set to cloudflare and google

For dnsmasq, it's a custom file that gets added to /tmp/dnsmasq.d

server=127.0.0.1#5053
no-resolv

I'm not saying this is how it should be done. Just showing what I did, because it could help\inspire someone else.

PS: Sorry for messed up links on this post, but because it's my first post here, I'm not allowed to post links...

(Last edited by Vindicator on 3 Apr 2018, 11:55)

Post #5303

komodo_1

3 Apr 2018, 13:47

If you run
echo $PATH
is /opt listed?

cat /etc/profile |grep -i PATH
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"

If not, you have to add /opt to your path variable:
export PATH="/usr/sbin:/usr/bin:/sbin:/bin:/opt"

wrtboy wrote:

antonsamoziv wrote:
Also dnscrypt-proxy installs the service at /etc/init.d/dnscrypt-proxy so you should uninstall v1.
cool, i uninstalled v1 then installed v2 but i've encountered an error when i tried to start the service using command:
./dnscrypt-proxy -service start
[FATAL] Failed to start DNSCrypt client proxy: "service" failed: exec: "service": executable file not found in $PATH

Post #5304

AddRemover

3 Apr 2018, 13:53

Cantenna wrote:

So i'm coming from dd-wrt and was using a great script to re-direct all dns traffic to my privoxy server using this script below;
#!/bin/sh
PROXY_IP=180.168.123.15
PROXY_PORT=8118
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
#
###EXCEPTIONS###
iptables -t nat -I PREROUTING -i br0 -s 180.168.123.6 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -s 180.168.123.13 -j ACCEPT

Anyone have any idea how to re-tool for openwrt?

indeed, there is no nvram, but uci.

root@LINKSYS:~# uci get network.lan.ipaddr
192.168.1.1
root@LINKSYS:~# uci get network.lan.netmask
255.255.255.0

and br0 interface is br-lan

Post #5305

AddRemover

3 Apr 2018, 14:43

antonsamoziv wrote:

I don't use pi-hole but it looks a lot more powerful than the included adblock(someone correct me if I'm wrong).

I've looked at the pi-hole and appears to do very same as included adblock - a list of ad network hosts filtered via blackhole DNS answer. The only difference is included web-interface showing nice stats of what and how many was blocked.
Not sure a source of ad networks is same or not.

Post #5306

antonsamoziv

3 Apr 2018, 20:11

wrtboy wrote:

antonsamoziv wrote:
Also dnscrypt-proxy installs the service at /etc/init.d/dnscrypt-proxy so you should uninstall v1.
cool, i uninstalled v1 then installed v2 but i've encountered an error when i tried to start the service using command:
./dnscrypt-proxy -service start
[FATAL] Failed to start DNSCrypt client proxy: "service" failed: exec: "service": executable file not found in $PATH

You have to do

./dnscrypt-proxy -service install

that install the service to /etc/init.d/dnscrypt-proxy. Can't start it if it isn't there . And it's nice to have the executable added to your path.

(Last edited by antonsamoziv on 3 Apr 2018, 20:12)

Post #5307

wrtboy

3 Apr 2018, 20:24

antonsamoziv wrote:

You have to do
./dnscrypt-proxy -service install
that install the service to /etc/init.d/dnscrypt-proxy. Can't start it if it isn't there . And it's nice to have the executable added to your path.

the -service install went fine and i can see the service /etc/init.d/dnscrypt-proxy being added. the error i've encountered is when i executed the -service start. now i recognize i need to edit the path to include /opt.

Post #5308

antonsamoziv

3 Apr 2018, 20:28

Vindicator wrote:

3 - Created my own start\stop actions:
start:
mkdir -p /var/tmp/dnscrypt-proxy; cp /etc/myconfs/dnscrypt-proxy/* /var/tmp/dnscrypt-proxy/; sudo -b -u nobody dnscrypt-proxy -config /var/tmp/dnscrypt-proxy/dnscrypt-proxy.toml -syslog;
if [ `pidof dnscrypt-proxy` ]; then cp /etc/myconfs/dnsmasq/dnsmasq-dnscrypt-proxy.conf /tmp/dnsmasq.d/; /etc/init.d/dnsmasq restart; fi

stop
if [ -f /tmp/dnsmasq.d/dnsmasq-dnscrypt-proxy.conf ]; then rm /tmp/dnsmasq.d/dnsmasq-dnscrypt-proxy.conf; /etc/init.d/dnsmasq restart; fi
if [ `pidof dnscrypt-proxy` ]; then kill $(pidof dnscrypt-proxy); rm -R /var/tmp/dnscrypt-proxy; fi

Interesting that you made you're own start/stop actions. The way dnscrypt-proxy v2 does startup is like https://pastebin.com/dJ2WrRVm (too long to grace the thread with).
And I don't think it can autostart on boot

Post #5309

ambrosa

3 Apr 2018, 20:45

R6565 and OpenVPN : doesn't work anymore.

Hi guys, I need some help.
Since about 1 year I connect my internal home network for simple remote maintenance using my Android smartphone and "OpenVPN for Android" (by Arne Schwabe) app (based on OpenVPN 2.5 code) https://play.google.com/store/apps/deta … kt.openvpn

All works fine without any problem since r6565: with this release Lede OpenVPN stop to work correctly.

From mobile I connect as usual OpenVPN server (Lede), authentication is successful but Lede System Log shows about an hundred of:
Tue Apr 3 21:21:07 2018 daemon.warn openvpn(sample_server)[4358]: mobile/5.xx.yy.zz:42357 IP packet with unknown IP version=15 seen

There is no traffic (no route ?) between mobile and Lede and after about 30-40 seconds, link is restarting

This is route table after connection:

root@lede:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
172.16.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

and this is the /etc/config/openvpn file (yes, daemon is listening on 443 port):

config openvpn 'my_server'
    option dev 'tun'
    option ca '/etc/openvpn/ca.crt'
    option cert '/etc/openvpn/server.crt'
    option key '/etc/openvpn/server.key'
    option dh '/etc/openvpn/dh.pem'
    option ifconfig_pool_persist '/tmp/ipp.txt'
    option comp_lzo 'yes'
    option persist_key '1'
    option persist_tun '1'
    option user 'nobody'
    option status '/tmp/openvpn-status.log'
    option verb '3'
    option server '172.16.0.0 255.255.255.0'
    option enabled '1'
    option port '443'
    option proto 'tcp-server'
    option keepalive '20 60'

And this is System Log

Tue Apr  3 21:36:40 2018 daemon.notice openvpn(sample_server)[4358]: TCP connection established with [AF_INET]5.xx.yy.zz:42338
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 TLS: Initial packet from [AF_INET]5.xx.yy.zz:42338, sid=0f3869d8 4ad1d474
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 VERIFY OK: depth=1, CN=MY CA
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 VERIFY OK: depth=0, CN=p9lite
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_VER=2.5_master
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_PLAT=android
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_PROTO=2
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_NCP=2
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_LZ4=1
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_LZ4v2=1
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_LZO=1
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_COMP_STUB=1
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_COMP_STUBv2=1
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_TCPNL=1
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 peer info: IV_GUI_VER=de.blinkt.openvpn_0.6.73
Tue Apr  3 21:36:41 2018 daemon.warn openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1543', remote='link-mtu 1544'
Tue Apr  3 21:36:41 2018 daemon.warn openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: 5.xx.yy.zz:42338 [p9lite] Peer Connection Initiated with [AF_INET]5.xx.yy.zz:42338
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 MULTI_sva: pool returned IPv4=172.16.0.6, IPv6=(Not enabled)
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 MULTI: Learn: 172.16.0.6 -> p9lite/5.xx.yy.zz:42338
Tue Apr  3 21:36:41 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 MULTI: primary virtual IP for p9lite/5.xx.yy.zz:42338: 172.16.0.6
Tue Apr  3 21:36:42 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr  3 21:36:42 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 SENT CONTROL [p9lite]: 'PUSH_REPLY,route 172.16.0.1,topology net30,ping 20,ping-restart 60,ifconfig 172.16.0.6 172.16.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Apr  3 21:36:42 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Apr  3 21:36:42 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr  3 21:36:42 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr  3 21:36:43 2018 daemon.warn openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 IP packet with unknown IP version=15 seen
Tue Apr  3 21:36:43 2018 daemon.warn openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 IP packet with unknown IP version=15 seen
***(..omissis about 100 identical rows)***
Tue Apr  3 21:37:38 2018 daemon.warn openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 IP packet with unknown IP version=15 seen
Tue Apr  3 21:37:38 2018 daemon.warn openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 IP packet with unknown IP version=15 seen
Tue Apr  3 21:37:44 2018 daemon.err openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 Connection reset, restarting [0]
Tue Apr  3 21:37:44 2018 daemon.notice openvpn(sample_server)[4358]: p9lite/5.xx.yy.zz:42338 SIGUSR1[soft,connection-reset] received, client-instance restarting

Any idea ??

Regards

Post #5310

Cantenna

3 Apr 2018, 21:30

AddRemover wrote:

antonsamoziv wrote:
I don't use pi-hole but it looks a lot more powerful than the included adblock(someone correct me if I'm wrong).
I've looked at the pi-hole and appears to do very same as included adblock - a list of ad network hosts filtered via blackhole DNS answer. The only difference is included web-interface showing nice stats of what and how many was blocked.
Not sure a source of ad networks is same or not.

thanks for your help mate, was able to get it to work with your info:)

(Last edited by Cantenna on 4 Apr 2018, 03:35)

Post #5311

starcms

3 Apr 2018, 22:09

wrtboy wrote:

antonsamoziv wrote:
You have to do
./dnscrypt-proxy -service install
that install the service to /etc/init.d/dnscrypt-proxy. Can't start it if it isn't there . And it's nice to have the executable added to your path.
the -service install went fine and i can see the service /etc/init.d/dnscrypt-proxy being added. the error i've encountered is when i executed the -service start. now i recognize i need to edit the path to include /opt.

This is where I got stuck. A path error when trying to do -service start. What's the solution?

edit: Added /dnscrypt to path (where I installed it), but now I am getting this:

BusyBox v1.27.2 () multi-call binary.

Usage: basename FILE [SUFFIX]

Strip directory path and .SUFFIX from FILE

when I try ./dnscrypt-proxy -service start.

Also, I can't enable the init.d script (it won't stay enabled)

(Last edited by starcms on 3 Apr 2018, 22:43)

Post #5312

antonsamoziv

3 Apr 2018, 22:32

starcms wrote:

wrtboy wrote:
antonsamoziv wrote:
You have to do
./dnscrypt-proxy -service install
that install the service to /etc/init.d/dnscrypt-proxy. Can't start it if it isn't there . And it's nice to have the executable added to your path.
the -service install went fine and i can see the service /etc/init.d/dnscrypt-proxy being added. the error i've encountered is when i executed the -service start. now i recognize i need to edit the path to include /opt.
This is where I got stuck. A path error when trying to do -service start. What's the solution?
edit: Added /dnscrypt to path (where I installed it), but now I am getting this:
BusyBox v1.27.2 () multi-call binary.

Usage: basename FILE [SUFFIX]

Strip directory path and .SUFFIX from FILE
when I try ./dnscrypt-proxy service -start.
Also, I can't enable the init.d script (it won't stay enabled)

To anyone trying please follow this procedure to start dnscrypt-proxy v2 with the executable.

 ./dnscrypt-proxy -service install

/etc/init.d/dnscrypt-proxy start

To stop just

/etc/init.d/dnscrypt-proxy stop

I noticed a bit back that

./dnscrypt-proxy -service start

doesn't work and forgot to file a bug

Be warned that there is no way to enable dnscrypt-proxy for startup with the default script that it installs.
So you'll have to hack the /etc/init.d/dnscrypt-proxy.

Edit:
eff this script, just use this:

#!/bin/sh /etc/rc.common

START=70
EXTRA_COMMANDS="status"
EXTRA_HELP="        status  Check service status"

PROG="<FULL-PATH>/dnscrypt-proxy"

start() {
    SERVICE_DAEMONIZE=1 service_start "$PROG"
}

stop() {
    service_stop "$PROG"
}

reload() {
    restart
}

status() {
    if service_check "$PROG"; then
        echo "Running"
    else
        echo "Stopped"
    fi
}

(Last edited by antonsamoziv on 3 Apr 2018, 23:22)

Post #5313

starcms

3 Apr 2018, 22:52

antonsamoziv wrote:

eff this script, just use this:

#!/bin/sh /etc/rc.common

START=50
EXTRA_COMMANDS="status"
EXTRA_HELP="        status  Check service status"

PROG="<FULL-PATH>/dnscrypt-proxy"

start() {
    SERVICE_DAEMONIZE=1 service_start "$PROG"
}

stop() {
    service_stop "$PROG"
}

reload() {
    restart
}

status() {
    if service_check "$PROG"; then
        echo "Running"
    else
        echo "Stopped"
    fi
}

Thank you very much! Finally rocking and rolling. Only note is I had to change START=70 or it loaded too early and couldn't open the ports. I highly recommend uncommenting use_syslog in the conf (.toml) file so you can see what's its doing.

Huge improvement over version 1.9.5. I love how it automatically just chooses the fastest server (lowest ping). Just set the config to require DNSSEC capability and no logging and it does the rest. Even updates the servers file automatically too.

(Last edited by starcms on 3 Apr 2018, 22:55)

Post #5314

antonsamoziv

3 Apr 2018, 23:26

starcms wrote:

Thank you very much! Finally rocking and rolling. Only note is I had to change START=70 or it loaded too early and couldn't open the ports. I highly recommend uncommenting use_syslog in the conf (.toml) file so you can see what's its doing.
Huge improvement over version 1.9.5. I love how it automatically just chooses the fastest server (lowest ping). Just set the config to require DNSSEC capability and no logging and it does the rest. Even updates the servers file automatically too.

I've edited my reply so it's START=70 now. Glad it's working for you.
I also recommend adding the init.d script and your .toml to your backup file list.

Post #5315

wrtboy

3 Apr 2018, 23:54

i managed to get dnscrypt-proxy v2 to run and many thanks for all the feedback and advise. i often wonder if utilizing dnscypt-proxy is absolutely necessary when vpn tunnel is also running? frank denis, when asked what is he using instead of dnscrypt-proxy, his reply was.

Frank Denis @jedisct1 10 Nov 2017
A VPN.

more info from the tweets:
https://twitter.com/jedisct1/status/928942292202860544

Post #5316

starcms

4 Apr 2018, 00:51

wrtboy wrote:

i managed to get dnscrypt-proxy v2 to run and many thanks for all the feedback and advise. i often wonder if utilizing dnscypt-proxy is absolutely necessary when vpn tunnel is also running? frank denis, when asked what is he using instead of dnscrypt-proxy, his reply was.
Frank Denis @jedisct1 10 Nov 2017
A VPN.
more info from the tweets:
https://twitter.com/jedisct1/status/928942292202860544

Safest to use both

(Last edited by starcms on 4 Apr 2018, 00:51)

Post #5317

Cantenna

4 Apr 2018, 03:33

ambrosa wrote:

R6565 and OpenVPN : doesn't work anymore.

Nope, comp-lzo doesn't work anymore, its depreciated;) drop that option from server and client config's.

There was talk about it having changed to "compress" instead, but i'm unsure if that option has been fully implemented yet in the most recent build. Anyways, based on what I read about comp-lzo, doesn't seem like it's very useful anyways.

(Last edited by Cantenna on 4 Apr 2018, 03:41)

Post #5318

wrtboy

4 Apr 2018, 03:46

Cantenna wrote:

ambrosa wrote:
R6565 and OpenVPN : doesn't work anymore.

Just went through this issue myself, comp-lzo is depreciated; drop that option from server and client config's.
There was talk about it having changed to "compress" instead, but i'm unsure if that option has been fully implemented yet in the most recent build. Anyways, based on what I read about comp-lzo, doesn't seem like it's very useful anyways.

more info: https://community.openvpn.net/openvpn/w … tedOptions

try

option compress 'lzo'

Post #5319

Cantenna

4 Apr 2018, 06:27

Thanks, that did the trick:)

This is a great fw for this router, seriously impressed!

(Last edited by Cantenna on 4 Apr 2018, 06:28)

Post #5320

d.o.scott

4 Apr 2018, 13:31

I'm using r6565 on my WRT1900ACSv2. I spent a day getting OpenVPN setup using PIA, added in VPN Policy Routing and everything is perfect except for DHCP.

The WRT is downstream from my ISP router, configured in it's advanced DMZ zone. It picks up it's IP address from the ISP router. The lease time set by the ISP is 10 minutes, and the WRT starts requesting a new address after 5 minutes. The log looks like:

Wed Apr  4 08:34:32 2018 daemon.notice netifd: wan (2454): udhcpc: lease of 142.167.62.69 obtained, lease time 600
Wed Apr  4 08:39:32 2018 daemon.notice netifd: wan (2454): udhcpc: sending renew
Wed Apr  4 08:42:02 2018 daemon.notice netifd: wan (2454): udhcpc: sending renew
Wed Apr  4 08:43:17 2018 daemon.notice netifd: wan (2454): udhcpc: sending renew
Wed Apr  4 08:43:54 2018 daemon.notice netifd: wan (2454): udhcpc: sending renew
Wed Apr  4 08:43:54 2018 daemon.notice netifd: wan (2454): udhcpc: lease of 142.167.62.69 obtained, lease time 600

I have spent another day trying to overcome this as the renewal occurs just before the lease expires. From what I have found the earlier requests use a unicast broadcast and the successful request comes when udhcpc switches over to a broadcast.

Has anyone encountered this and found a solution?

Thanks.

Post #5321

Newtman

4 Apr 2018, 15:36

With the latest firmware my Chromecast work again!

But I still unable to use two WiFi at 2.4GHz... I found this problem a lot of month ago without solutions.

Post #5322

ambrosa

4 Apr 2018, 17:09

wrtboy wrote:

Cantenna wrote:
ambrosa wrote:
R6565 and OpenVPN : doesn't work anymore.

Just went through this issue myself, comp-lzo is depreciated; drop that option from server and client config's.
There was talk about it having changed to "compress" instead, but i'm unsure if that option has been fully implemented yet in the most recent build. Anyways, based on what I read about comp-lzo, doesn't seem like it's very useful anyways.
more info: https://community.openvpn.net/openvpn/w … tedOptions
try
option compress 'lzo'

Many thanks Cantenna and wrtboy.

For now I've simply disabled the LZO and all works fine again :-)

(Last edited by ambrosa on 4 Apr 2018, 17:13)

Post #5323

ambrosa

4 Apr 2018, 17:12

Every time a new firmware is releases I ask to davidc502 "PLEASE check and fix TRANSMISSION package build"

Building is broken since months. I need it :-( And in my 1900ACS works great.

Post #5324

makedir

4 Apr 2018, 18:17

Sorry to ask this again, but I want to be certain about this, and did not get a clear answer:

How do I reset a WRT1200 with Davids image to default Linksys rom, so it starts Linksys and has no Lede installed on it anymore? I got a replacement from Amazon and now have to ship them the old one back.

I read there is the command "firstboot", does this do this? Or will it just clear the Lede configs?

Post #5325

davidc502

4 Apr 2018, 19:16

ambrosa wrote:

Every time a new firmware is releases I ask to davidc502 "PLEASE check and fix TRANSMISSION package build"
Building is broken since months. I need it :-( And in my 1900ACS works great.

I know, and this is a road I've been down before... Keep in mind though, it is very low priority.

The good news is, you can usually get the packages you need from the daily build anyway.

Sorry, posts 5326 to 5325 are missing from our archive.

Page 213 of 229