I have devcrypto enabled, but it killed LuCi. My guess is LuCi uses SSL and some value was changed, so I'm unable to run it. Will investigate.
root@lede:~# openssl engine -t -c
(dynamic) Dynamic engine loading support
[ unavailable ]
(devcrypto) /dev/crypto engine
[DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB]
[ available ]
Next, I need to test to see if it actually makes ANY difference running this engine vs. dynamic.
Dear Dave,
Hello - as I said to you earlier on the previous build - 2019-03-02 r9506 - both " dynamic " and " devcrypto " were available. So, Luci worked and everything worked fine. I believe that this was the first time that openssl 1.1.0 was introduced.
I am reminding you of how r9506 was configured and built because maybe you can take a look at that Build and retrace your steps or at least get some clues as to what is going on with this issue.
Finally RE: your intent : Next, I need to test to see if it actually makes ANY difference running this engine vs. dynamic - you may wish to run your tests on Build r9506 as this Build has both engines working already and r9506 was already in production with Luci working
Peace,
DIT
You may want to check to see what you get, but on my system devcrypto performs no better than dynamic. I'm still getting around 70/120mbps Definitely running around the same CPU % as well -- around 40%-60% peak. Part of why I'm not getting better speeds could be due to the VPN provider.
Another test running Torguard client on the linux workstation I'm getting 180/200mbps.
Edit
I will make sure devcrypto is baked into the next build though.
@Kherby
Ok, I got it working. Helps if you use the right port for the security protocol. Kind of sad that the private Internet Access KB article tells you the wrong port to use in their setup instructions!
Thanks for your help!
Ok, looking for some info. I'm running David's build r9614-b61495409b on a WRT1200AC. When I sign into luci, I get a security error cause https is not working. I can live with that, but I just configured a VPN and used the config tables as much as possible, but when I didn't and used luci, half the time or more when I saved my changes it just goes to loading and sits there forever. I eventually fought through it, but is this a known issue? Thanks.
Dear N3kf,
Hello and I hope that you are well. First off I want to apologize to you if you were following the PIA VPN tutorial I authored. Found here: PIA OPENVPN on OpenWrt / Lede -
As general caveats, you should read through the tutorial PLUS comments in the threads as changes do occur. Also, VPN providers do from time to time change how their services work ( such as encryption protocols, ports , servers and so on ). For example TorGuard is now offering WireGuard and I am trying to figure out how to set this up on OpenWrt.
The reason that I have been communicating with Dave about the hardware acceleration engine in openssl 1.1.0 is due to the fact that if you set the option engine 'cryptodev' in your openvpn config file - then the service will not start as that is obsolete . Additionally, if you set the option engine 'devcrypto' ( which is the correct setting in openssl 1.1.0 ) - it still will not work with OpenVpn if it is not configured and enabled in the kernel build.
However, the guide's should be updated. But if you do your due diligence as you seem to have done - the tutorials still are a good jumping off point to lead you towards successfully getting your VPN service up and running.
I always look at several sources when trying to make sense as to how to proceed on a project of the nature that you have just undertaken. This is still after all open source software and thus reliant upon shared knowledge and work of hobbyists, enthusiasts and often volunteers.
I for one am grateful for the efforts and work of these individuals and enterprises - and realize that things may not always run as smoothly as many of us may wish or like. However, understandably this comes with the territory. In any event, I am glad that you have had success -
Peace,
directnupe
So Linux kernel 4.19 support is showing signed off. Think things are going to get interesting soon for us 
I could be wrong here, but does that do anything for Wrt AC series? The Solidrun Clearfog GT 8k is a "board" -- https://www.solid-run.com/product-tag/clearfog-gt-8k/
BTW - Still ticks me off 10Gbe isn't standard for switched Ethernet. At least this has 1 SFP+ capable of 10Gb, but it is just 1 interface that you could connect to a NAS, for example.
What leads you to believe it has been signed off, at least for me there is this issue.
And yes, it is for all mvebu targets, with the introduction of a new one.
Thanks for bringing it to attention < V1 issues. Who knows what other issues in the rest of the series.
Yea false alarm, I saw at the top of that thread "Signed-off-by" but that's just to worked on kernel 4.19 for mvebu, not that it's complete.
That looks like a neat little device - it would help push away from having to troubleshoot and associate odd wireless issues that come up from the Marvell chipset as well. 10GbE would be a nice get as well.
As much as the Marvell chipset has been problematic, I am still thankful for having any sort of open source functionality no matter if there are improvements that could be made.
SD Card on that device would make upgrading a breeze, you wouldn't need to use a devices proprietary upgrade system and would make de-bricking a heck of a lot simpler.
A bit off topic- but I wonder if this device would ever get supported ever.
@directnupe
No, sadly I did not find yours. Looks pretty good. However the whole thing made me become decent at configuring OpenWRT, so I guess that is a good thing! Thanks for your write-up. I do appreciate people who do such things. It helps a lot. Thanks!!!
To close my initial thread. With David's latest build on my WRT1200ac, and using Private Internet Access as my VPN provider, I get much better throughput then what I was getting with a similar setup with dd-wrt. Very happy with the result. Also thank you @davidc502 for the builds. Glad I found you all.
Regarding kernel 4.19, I've been running it for almost 3 months now on my Rango's without any issues at all. Currently I'm on 4.19.30.
nitroshift
Currently just seems to be the usual problem child(mamba) has an issue with 4.19, although it would be nice to see another data-point on this device.
I have been using 4.19 for more than a month and there are no problems.
From the positive, it seems changed the thermal profile of the processor, it has become less hot.
Is this in reference to use of the 4,19PR specifically on a mamba device, so you are not experiencing this issue? If so, I guess mine has reached EOL.
Edit: forget that ^^^, I couldn't remember what kind of device you had, but me thinks it is a mamba, thanks, and I will go check over there.
@davidc502
Switched from dnscrypt-proxy v1 to v2. Thanks to your script it was very easy.
I'm just not happy with the default config and I would like to use my old dns servers (+1 for ipv6).
How would I do that?
In the config (dnscrypt-proxy.toml) I changed ipv6_servers = true and block_ipv6 = false as my device is also reachable through ipv6 via Dynamic DNS service.
After /etc/init.d/dnscrypt-proxy restart I'm able to resolve IPv6 sites over cloudflares dns server but I don't know how to get my old servers back (they are both listed at: https://dnscrypt.info/public-servers/).
Any advice?
I'm not sitting behind the router to check this... but in the .toml file you will see a line with the current Cloudflare servers. You should be able to replace cloudflare with your servers and restart the service. From that point forward it should use the DNS servers you want.