https://lede-project.org/docs/start

Question?  I haven't heard if this has happened yet or not... Apparently it's a secret. lol

oh the date... thanks - fixed

(Last edited by davidc502 on 7 May 2017, 18:39)

hello wotsac please take a look at my post here https://forum.lede-project.org/t/need-h … os-sqm-qos right now am using stock firmware however it is missing some features etc, but if you can help me prioritize port 21 and 80, i will definily go back to lede, also i did notice a wifi drop connection even with oem firmware, what is going on here?

(Last edited by anielarias on 7 May 2017, 21:44)

@David hey, just curious, how much of a hassle for you would it be to build an image for the 3200ACM on kernel 4.9.26?

According to this here: https://github.com/kaloz/mwlwifi/issues/152 there's no high memory usage issue on that version *touches wood*

EDIT: Along with that specific version of WPA_Supplicant and that other thing...

(Last edited by farchord on 8 May 2017, 01:02)

I know you saw the response from chad.

"The 4.9.26 kernel isn't enough you also need hostapd 2.6 and wpa_supplicant 2.6."

I don't know what's all involved.  It looks like we will just need for everyone and everything to catch up.

Yeah I guess we might as well wait

BTW anyone seen this yet? Right now I'm running off of radio2 considering the other radios eat ram like I eat Lay's chips, and it just died with this error:

Sun May  7 20:15:39 2017 kern.warn kernel: [84730.358387] ------------[ cut here ]------------
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.363035] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:316 dev_watchdog+0x1b4/0x234
Sun May  7 20:15:39 2017 kern.info kernel: [84730.371339] NETDEV WATCHDOG: wlan2 (mwifiex_sdio): transmit queue 1 timed out
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.378508] Modules linked in: pppoe ppp_async pppox ppp_generic nf_nat_pptp nf_conntrack_pptp nf_conntrack_ipv6 iptable_nat ipt_REJECT ipt_MASQUERADE xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_policy xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY ums_usbat ums_sddr55 ums_sddrSun May  7 20:15:39 2017 kern.warn kernel: [84730.450498]  nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_broadcast ts_kmp nf_conntrack_amanda mwifiex_sdio mwifiex iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt fuse sch_cake em_nbyte act_ipt cls_basic sch_prio sch_pie sch_gred em_meta sch_dsmark sch_teql em_cmp act_police em_text sch_codel sch_sfq sch_fq sch_red act_connmark nf_conntrack act_skbedit act_mirredSun May  7 20:15:39 2017 kern.warn kernel: [84730.527905] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.20 #0
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.533847] Hardware name: Marvell Armada 380/385 (Device Tree)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.539802] [<c0016010>] (unwind_backtrace) from [<c0012220>] (show_stack+0x10/0x14)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.547580] [<c0012220>] (show_stack) from [<c020ecbc>] (dump_stack+0x7c/0x9c)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.554832] [<c020ecbc>] (dump_stack) from [<c00290a0>] (__warn+0xbc/0xec)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.561735] [<c00290a0>] (__warn) from [<c0029104>] (warn_slowpath_fmt+0x34/0x44)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.569250] [<c0029104>] (warn_slowpath_fmt) from [<c03b7ae0>] (dev_watchdog+0x1b4/0x234)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.577464] [<c03b7ae0>] (dev_watchdog) from [<c006fdb0>] (call_timer_fn+0x20/0x94)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.585153] [<c006fdb0>] (call_timer_fn) from [<c006ffdc>] (run_timer_softirq+0x1b8/0x1f4)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.593454] [<c006ffdc>] (run_timer_softirq) from [<c002d160>] (__do_softirq+0xd0/0x204)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.601579] [<c002d160>] (__do_softirq) from [<c002d518>] (irq_exit+0x94/0xb8)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.608833] [<c002d518>] (irq_exit) from [<c0061bd8>] (__handle_domain_irq+0x90/0xb4)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.616696] [<c0061bd8>] (__handle_domain_irq) from [<c0009428>] (gic_handle_irq+0x50/0x94)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.625081] [<c0009428>] (gic_handle_irq) from [<c0012c8c>] (__irq_svc+0x6c/0x90)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.632592] Exception stack(0xc061bf60 to 0xc061bfa8)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.637665] bf60: 00000001 00000000 00000000 c001b080 00000000 c061a000 c061cfe4 00000001
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.645875] bf80: c0617138 00000000 c061bfb8 00000001 00000000 c061bfb0 c000f808 c000f80c
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.654085] bfa0: 60000013 ffffffff
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.657588] [<c0012c8c>] (__irq_svc) from [<c000f80c>] (arch_cpu_idle+0x2c/0x38)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.665018] [<c000f80c>] (arch_cpu_idle) from [<c005af0c>] (cpu_startup_entry+0xf0/0x19c)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.673232] [<c005af0c>] (cpu_startup_entry) from [<c05d4c50>] (start_kernel+0x398/0x41c)
Sun May  7 20:15:39 2017 kern.warn kernel: [84730.681448] ---[ end trace d95f83414c6076f2 ]---

@farchord

Radio 2 has a different chip than Rado0/1. From what I understand it's job is to detect radar for DFS channels.

Even though the RAM usage is high, if another process needs the ram, it becomes available. This can be tested by doing a large Samba file transfer, as RAM is used heavily during this process..

Unknown about the validity of the below post.

Quote from kb3tbx ---  "Even though 'Radio 2' has a very capable 88W8887 chip, it seems to be provisioned for Receive-only monitoring, in conjunction with Radio 0; to accomplish required DFS in the 5Ghz band. This should NOT be enabled as an access point while testing the mwlwifi driver."

(Last edited by davidc502 on 8 May 2017, 01:40)

Thanks for the advice with the VPN, I will eventually set one up, but could you or anyone answer my question?  What is the difference between port forward vs opening a port with a traffic rule?  Why not use port forwarding to access the router from outside the LAN; @david had suggested to @jack instead to use a traffic rule?

(Last edited by starcms on 8 May 2017, 04:50)

Very interesting.

@david, what do you think about possibly adding this to future builds?

@starcms

Port forward redirects traffic reaching a device on a specific port to an other device/and port.

Traffic rules are meant to define how traffic from specific zones that match the specified criteria are being treated. (Accepted/denied etc)

You can open a port both ways.
But, in the example with accessing the router outside the LAN you have these two options:

a) Traffic rule: accept tcp traffic from wan with destination port 80(or 443) to "this device" (input)
Which makes your router accessible from the outside when you type your public ip on a browser.

b) Port Forward: accept tcp traffic from wan on port "whatever you want"  and send it to 192.168.1.1(router ip) at port 80.
This way you can reach your router interface from the outside typing http(s)://public-ip:"whatever port you chose"

Note that with port forward you can expose to the internet also other services from your home network by "binding" them to different ports of your external ip

I hope I made it a bit more clear to you

Very!  Crystal clear!  Thanks much!

@david, your build already includes better than hostapd 2.6, it includes 2.7-developer, since you are building from LEDE trunk/development snapshot branch.

root@WRT1200AC:~# hostapd -v
hostapd v2.7-devel
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors

I'm assuming the same is true for wpad and wpad-mini (since their source-code is part of hostapd -- so my guess is that hostapd version determines wpad and wpad-mini version).  So you may only need to up the kernel version.

Edit: On a completely unrelated note, may I recommend including the package luci-app-uhttpd in future builds.  It shows up under services (like network shares and upnp) and allows for easy configuration of the web server.

(Last edited by starcms on 9 May 2017, 03:03)

One follow up question.

I noticed that in settings for port forward, there is an option for source port in addition to external port and internal port.  In traffic rules, there is also a settings for source port, in addition to destination port..  What is source port for?

Because in your examples, 
a) traffic rule: destination port would be 80 (or 443)

b) port forward: external port would be whatever I want (say for example 5555, so the router could be accessed by http(s)://public-ip:5555, and internal port would be 80 (or 443).

So what is source port for?

Typically source ports are auto-negotiated and are random, so that field is "usually" left as any.

Essentially, the web server is "listening" on port 443 for new connections and does not send on that same port (only listens), so a source port has to be negotiated after the initial connection. The server will talk back to the client (browser) on that random source port they agreed to talk on.

If the source port is random then why have a setting for a specific source port? Well there are situations where you might set up communications on a specific source port, and if you know how to control it, and what it is, then it can be defined.

Sure, lets give it a try.

I'm a big fan of the 4.9er build!!! (Also all 4.4 and wifi works great)
With kernel 4.9 it should be possible to activate 802.1AE/macsec/layer2-encryption. I'm not sure it the linksys-hardwarespec fits. Could you please enable the module in the upcoming builds (for testing)?

Hey David just wanted to say I've been using the 4.9 kernel build on my ACS and it's working very well. No issues I've noted. Thanks!

Hi david !
Thanks for you release, it's awesome !
But I've got still some questions:
1 - What are the differencies between the release in "Kernel_4.9" and in "releases" ?
2 - In the future, will still manage your repositories ?
3 - Directly connected to question 2, is ti possible to use the LEDE official repositories (snapshot, 17.01...) with your release and use the latest WiFi drivers ?
4 - What is your advise for the wifi driver ? Wait to it in the LEDE official/snapshot release ?

Thanks !

I'm obviously not david but,

1) I'm assuming you are looking at https://davidc502sis.dynamic-dns.net/snapshots/ .  The folder Kernel_4.9 was the first build @david released that used kernel 4.9.  Now all of his releases use 4.9 (except he also builds a release for the 1900AC V1 that still uses Kernel 4.4 since the V1 with Kernel 4.9 causes a reboot issue).  You can tell the latest build by looking at the date on that webpage, or simply by finding the highest r4xxx number.  Even easier, just go here https://davidc502sis.dynamic-dns.net/releases/ to get the latest build.

2) He has thus far, I don't see him changing, but I'll let him answer this one.

3) As for the wifi drivers, the builds come with the latest mwlwifi driver with all of the very latest commits.  As for using the LEDE official repos, that's what I use (the snapshot one), to always have the most up-to-date version of apps/packages between @david's releases.  Just be sure if you do this never to upgrade the package base-files.  The 17.01 lede repos will have older versions compared to @david's builds since he builds from the development/snapshot branch, so I wouldn't recommend those.

4) Use the one included.  As I said, it includes all of the latest commits.

(Last edited by starcms on 9 May 2017, 20:06)

Ok, thanks for the explanation !

1 - So I think he could delete this directory. Or maybe it is for compatibility...
2 - I agree
3 - It's a bit more tricky...

You still talk about david's release right ? Because in the LEDE's one (snapshot), this is the 4.9.20+10.3.2.0-20170110-1 version.

So you disabled david's repo and use this one ?

src/gz reboot_core ...downloads.lede-project.org/snapshots/targets/mvebu/generic/packages
src/gz reboot_base ...downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/base
src/gz reboot_luci .../downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/luci
src/gz reboot_packages .../downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/packages
src/gz reboot_routing .../downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/routing
src/gz reboot_telephony .../downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/telephony

4 - The driver include in which one ? I bet on david's one but...

I've also tried the stable LEDE release where a guy (@eduperez on LEDE forum) provide the latest WIFI driver but I don't know if it's a good idea for everyday (the 4.4 kernel).

I think I'm gonna use david release with LEDE snapshot repo until LEDE/kaloz to provide an AIO release

Again, thanks a lot to the community !

P.S: does anyone know if someone provide the latest mwlwifi for the snapshot release of LEDE ?

(Last edited by aqwserf on 10 May 2017, 17:04)

@aqwserf

Not that I'm aware. If on the same kernel version, the wifi driver could be extracted from my build.

As far as using the lede repository... It will work as long as the kernels continue to match.

No luck, dnscrypt isn't even showing up anywhere in logs, just seems to not work at all, in which place did you need those two forward IP addresses? in the "list server"? section?

Using the default dncrypt-prox config file you can set these from the WEB interface.

config dnscrypt-proxy ns1
        option address '127.0.0.1'
        option port '5353'
        option resolver 'fvz-anyone'

First, under Network - Interfaces -WAN - Advanced, uncheck "Use DNS servers advertised by peer"

Under Network - DHCP and DNS you should create two DNS Forwarding fields, deleting/replacing any already shown if they are different. Enter the following in the two fields.

127.0.0.1#5353
/pool.ntp.org/208.67.222.222

In the log file you should see periodic entrys (hourly for me).

Wed May 10 09:30:29 2017 daemon.info dnscrypt-proxy[1485]: dnscrypt-proxy Refetching server certificates
Wed May 10 09:30:29 2017 daemon.info dnscrypt-proxy[1485]: dnscrypt-proxy Server certificate with serial '0001' received
Wed May 10 09:30:29 2017 daemon.info dnscrypt-proxy[1485]: dnscrypt-proxy This certificate is valid
Wed May 10 09:30:29 2017 daemon.info dnscrypt-proxy[1485]: dnscrypt-proxy Chosen certificate #808464433 is valid from [2016-05-28] to [2017-05-28]
Wed May 10 09:30:29 2017 daemon.info dnscrypt-proxy[1485]: dnscrypt-proxy The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Wed May 10 09:30:29 2017 daemon.info dnscrypt-proxy[1485]: dnscrypt-proxy Server key fingerprint is E737:6400:D646:0720:7D9D:29AB:A4C9:070C:4546:CEF7:0CFE:D62F:41E9:FEAA:C58F:6376

Go to dnsleaktest com and your current IP address is shown. Run one of the tests and the IP shown should be different. Using the default I get an address from Choopa, LLC in the US.

Hope this helps.

good instructions -- thanks d.o.scott