Any idea when this build be up in snapshots? No rush though, going back two builds as I might have an issue myself with SQM.
Probably this coming Saturday or Sunday -- 16th-17th.
1 Like
Thanks for the reply can't wait to test.
Yes, I run Wireguard with the davidc502 build. I've done so both as a client, where I use a service such as Mullvad, IVPN, or a server I created on DigitalOcean; and as a server, where when I'm on travel I use a travel router to create a Wireguard connection to my home network.
I more-or-less follow the guide published by Mullvad:
I have a couple of minor changes. First I install both luci-proto-wireguard and luci-app-wireguard, whereas the guide only has the proto package called out. Second, I don't change the LAN interface which is the last step the recommend in the guide.
I've found that it all works good. I also run vpn-policy-routing so I can route some things, like Roku streaming boxes, around to the WAN because Amazon, Netflix, and the like complain about proxy servers.
Hope that helps.
It's more simple and fast way already available - SSH tunnel. Minimal performance decrease, 3 min to configure out, free.
Dear Dave,
Hello and I hope that you are well; as always, I want to thank you for all your hard work and dedication in keeping us all being able to utilize your excellent OpenWrt Builds. That being said, I felt it incumbent upon me to report my finding concerning OPENVPN and Openssl 1.1 along with difficulty in encountered in creating the OPENVPN Client interface on Build = r9506 Release Date 2019-03-02.
First, see here : https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
Go the section " Checking openssl support " and underneath the box containing the available encryption algorithms you will see the following entry:
For openssl-1.0.2 and earlier, the engine was called cryptodev. It was renamed to devcrypto in openssl 1.1.0. In this example, engine 'devcrypto' is available, showing the list of algorithms available.
For any and all who may have any difficulties getting OPENVPN Client to start when using the the following entry in their config file:
option engine 'cryptodev' it is obsolete with the introduction of Openssl 1.1 - at least on my 3200ACM and 1900ACS - the hardware cryptographic acceleration entry has been changed to the following which means use this instead : option engine 'devcrypto'
In order to run speed tests - run these commands after installing cryptsetup :
openssl speed -evp aes-256-cbc -engine devcrypto
openssl speed -evp aes-256-gcm -engine devcrypto
Now for the other issue of not being able to create the OPENVPN Client interface ( tun0 ).
See this reference: SOLVED: [18.06.1] No tun0 device after upgrading netifd tp netifd_2018-11-19-4b83102d-2_arm_cortex-a9_vfpv3.ipk
I really do not know why this issue surfaced during my setup of NORDVPN OPENVPN Client; especially when others seem did not seem to have had this issue.
This fix is located at the bottom of the page and I can report that it worked for me;
Solved with this workaraound:
root@wrt1900acs:~# cat /etc/rc.local ( enter in /etc/rc.local the entry below ) :
/usr/sbin/openvpn --mktun --dev tun0
exit 0
The interface was created and survives reboots and works great as it should.. So, those are my findings. I hope that helps those in the event anyone runs across these issues while attempting to connect their VPN Client to their VPN Provider.
May God Bless You and Yours -
Peace,
directnupe
3 Likes
From my experience @kar200 it will try and copy the settings from the current partition to the alternate one which the sysupgrade will be applied to. The alternate partition settings will be overwritten/erased. Carrying across settings I find needs to be done with caution however as if you have installed additional packages that modify some of the settings then you may find some things won't work until you have reinstalled them.
1 Like
Is the new https://dc502wrt.org/ site / repository down?
I cant connect or download packages.
Thanks.
Correct.. It is down right now.
It should be back up shortly. This was my fault for not verifying my email address with the registrar for the new domain... sigh. It has been verified, and they have confirmed it should be back on-line shortly. They didn't give me an exact time.
1 Like
Thanks for letting me know by the way.
The Site Should be back up for everyone now.
1 Like
Dear Dave,
The site is back up now !
directnupe
Thanks. I use VPN.ac for a vpn.
Thanks to you for all your work.
I just installed python on my wrt3200 and it literally drained all my available space.
Pretty sure there's a tutorial somewhere to install on external storage (didn't think I could ever need it with 512MB but apparently I do, also because 256 mb for tmpfs are maybe a bit much?).
Pino.
Dear puppinoo,
Hello - and I hope that you are well. If you want more space for your router ( I also have wrt3200 acm ) - see here : If you need more storage and swap memory for your router see here: http://ediy.com.my/index.php/blog/item/118-how-to-increase-storage-on-tp-link-tl-mr3020-with-extroot and here: https://samhobbs.co.uk/2013/11/more-space-for-packages-with-extroot-on-your-openwrt-router For partitioning USB external flash drives I personally prefer GParted Live and / or MiniTool Partition Wizard 9.1 Boot Iso and both work great - found here: https://gparted.org/download.php and here respectively https://www.chip.de/downloads/Partition-Wizard-Bootable-CD_38297298.html If you would like a nifty little free portable format tool - then look no further - try out MiniTool Portable Partition Magic found here : https://www.partitionwizard.com/partitionmagic/portable-partition-magic.html
from my tutorial DNS-OVER-TLS on OpenWrt/LEDE found here:
and also here for those who desire implementation using DNSMASQ 
I hope that this helps yoiu.
Peace and I am out
directnupe
5 Likes
Thanks directnupe
Thanks for your efforts in informing and helping people around here.
It's really appreciated by me and I'm sure by many others.
I'll check out your advices and links.
Pino.
Dear puppinoo,
It is my pleasure to be of assistance in some small way as many others have helped me in getting to
the point where I can at least contribute somewhat to the overall project.
Peace and Thank You For Your Kind Words,
directnupe
Hi slim! You are doing exactly what I'm trying to do; I've got Mullvad set up correctly on my WRT32x on david's OpenWrt build. The piece I'm struggling with is getting vpn-policy-routing set up so I can move devices with specific assigned IP addresses to route directly to WAN (Rokus, AppleTVs) since Netflix and other streaming services do not like running through proxies. Can you share your vpn-policy-routing config so I can figure out why mine doesn't work?
Would seem to call into question, going the extra mile, and doing the inline assmbler work.
drbanzi (first name bukaroo? ),
Sure, it is very simple but here /etc/config/vpn-policy-routing is, with the first of many policies:
config vpn-policy-routing 'config'
option strict_enforcement '1'
option dnsmasq_enabled '1'
option ipv6_enabled '1'
option verbosity '0'
option enabled '1'
config policy
option interface 'wan'
option comment 'Master Bedroom Roku'
option local_address '192.168.1.102'
option proto 'tcp'
option chain 'PREROUTING'
Do you have your firewall zones set up properly? lan needs to have both your wireguard interface and wan as forwardings.
This is helpful; thanks! I'm trying to get my Plex server to be accessible via WAN. I have the port forwarded on the router, but I'm not sure what vpn policies I need to allow access to my Plex server. My router is at 192.168.1.1 and my Plex server is at 192.168.1.30. Port 32400 is forwarded at the router to the Plex server.