Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds

Kherby · September 2, 2018, 2:23pm

Today i've noticed a message in my Kernel Log that i've never noticed before...

nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.

Does anyone have some infos about this?

oli · September 2, 2018, 4:29pm

This message is also found in other compilations SuperWRT Linksys WRT1900ACS v2 Kernel 4.14.67!
426.256697] ieee80211 phy0: change: 0x40
[ 426.412584] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 426.436713] ieee80211 phy0: change: 0x40

Kherby · September 2, 2018, 4:37pm

I found out that it has something to do with (recent) Kernel changes but i'm too noobish to exactly understand what it means. But looking at the message it is something related to security.

echowarrior108 · September 2, 2018, 7:02pm

more followup re: login password, after doing a complete reinstall and restoring from backup the issue went away! I love it when a plan comes together!

matt83958 · September 2, 2018, 7:57pm

Hi David! Could you add support for BBR congestion algorithm in the next release of the WRT1200AC firmware?

directnupe · September 2, 2018, 8:27pm

Dear Dave,
Hello and I hope that you are well. Thank you for the continued outstanding work and production on your Custom Builds. I am not complaining; but is there any particular reason that STUBBY and GETDNS were removed from your repository on the latest Build Lede SNAPSHOT r7938 on 8/26/2018?
Also, can you or anyone here on this thread assist me in getting luci-app-bcp38 and bcp38 installed and configured properly on my OpenWrt / Lede Router.I was hoping that you can help me out. I was unable to find a guide or tutorial anywhere. I am a retired English Teacher and if you are kind enough to share a detailed description of how to implement these packages; I will gladly write up a tutorial on the LEDE / OpenWrt Forum. Please see a tutorial which I wrote here for DNS OVER TLS ( using Unbound and Stubby ) on the aforementioned Lede forum:

So - if it is not too much of an imposition, I truly would appreciate your help in my setting this up for myself and others. I wish to thank you in advance for the time and effort you give to the furtherance and advancement of this project.
May God Bless You and Yours Always -

In Peace and Grace,
directnupe

Alchemystical · September 2, 2018, 9:24pm

8+ hours of stable work. Then at about 83.5 degrees there comes a reboot. 10 minutes of rest - temperature on CPU drops to 71 degrees and router keeps working as if nothing happened. I may falsely link unrelated matters, but it really seems to be a hardware issue and is connected to CPU temperature.
Can anyone tell me theirs working temperatures on this same model (idle/normal/full load) on CPU/WLAN?

According to Marvel site ( https://www.marvell.com/embedded-processors/armada-38x/ ) - "The ARMADA 38x family supports Industrial Grade which can operate between -40°C to +105°C.".
According to Marvel product guide ( https://datasheet.octopart.com/88EM8801-Marvell-datasheet-13758780.pdf page 42) 88W8864 has a working temperature between 0°C to +70°C.
Both statements go against my observations.
I really want to make sure if this is a software or hardware issue. (Really I want this issue solved - have spent to much time to determining the cause and really tired of going in circles with different firmwares)

Is there any firmware revision (davids) that is guaranteed to work with this model 24/7 and someone has an example (uptime data for instance)?

UPD: According to datasheet on 88F6820 (CPU) ambient temperature for commercial is maxed at 70°C and for industrial at 85°C, junction is maxed at 115°C - http://www.marvell.com/embedded-processors/armada-38x/assets/ARMADA-38x-Hardware-Spec.pdf page 106

Kherby · September 2, 2018, 9:55pm

Sorry i can't help you configure it but i wonder why the bcp38 package isn't included by default in david's builds. Afaik it's included in most custom/community builds.

davidc502 · September 2, 2018, 10:03pm

Question: Do you get the same reboots when the Factory Firmware is installed?

Currently there are no reported issues with reboots on any of the Linksys 1900/1200 or 3200 lines. The last reboot issue I recall was with the 1900ac Version 1, and that fixed months ago.

Kherby · September 2, 2018, 10:05pm

I'm having trouble to install dnsmaq-full which i need for stangri's "vpn policy-based routing" package.
I'm following the readme but for some reason im not able to install dnsmasq-full... I'm pretty sure it worked in the past.

github.com

stangri/openwrt_packages/blob/master/vpn-policy-routing/files/README.md

# VPN Policy-Based Routing

## Description

This service allows you to define rules (policies) for routing traffic via WAN or your L2TP, Openconnect, OpenVPN, PPTP or Wireguard tunnels. Policies can be set based on any combination of local/remote ports, local/remote IPv4 or IPv6 addresses/subnets or domains. This service supersedes the [VPN Bypass](https://github.com/openwrt/packages/blob/master/net/vpnbypass/files/README.md) service, by supporting IPv6 and by allowing you to set explicit rules not just for WAN interface (bypassing OpenVPN tunnel), but for L2TP, Openconnect, OpenVPN, PPTP and Wireguard tunnels as well.

## Features

### Gateways/Tunnels

- Any policy can target either WAN or a VPN tunnel interface.
- L2TP tunnels supported (with protocol names l2tp\*).
- Openconnect tunnels supported (with protocol names openconnect\*).
- OpenVPN tunnels supported (with device names tun\* or tap\*).
- PPTP tunnels supported (with protocol names pptp\*).
- Wireguard tunnels supported (with protocol names wireguard\*).

### IPv4/IPv6/Port-Based Policies

- Policies based on local names, IPs or subnets. You can specify a single IP (as in ```192.168.1.70```) or a local subnet (as in ```192.168.1.81/29```) or a local device name (as in ```nexusplayer```). IPv6 addresses are also supported.

This file has been truncated. show original

opkg update; opkg remove dnsmasq; opkg install dnsmasq-full

Removing package dnsmasq from root...
Not deleting modified conffile /etc/config/dhcp.
Installing dnsmasq-full (2.80test3-1) to root...
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r7829/packages/arm_cortex-a9_vfpv3/base/dnsmasq-full_2.80test3-1_arm_cortex-a9_vfpv3.ipk
Collected errors:
 * opkg_download: Failed to download https://davidc502sis.dynamic-dns.net/snapshots/r7829/packages/arm_cortex-a9_vfpv3/base/dnsmasq-full_2.80test3-1_arm_cortex-a9_vfpv3.ipk, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_install_pkg: Failed to download dnsmasq-full. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package dnsmasq-full.

Any idea what's wrong here?

edit: even the offline installation doesn't work...

root@OpenWrt:~# opkg remove dnsmasq; opkg install /tmp/dnsmasq-full_2.80test3-1_arm_cortex-a9_vfpv3.ipk
Removing package dnsmasq from root...
Not deleting modified conffile /etc/config/dhcp.
Installing dnsmasq-full (2.80test3-1) to root...
Installing libgmp (6.1.2-1) to root...
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r7829/packages/arm_cortex-a9_vfpv3/base/libgmp_6.1.2-1_arm_cortex-a9_vfpv3.ipk
Collected errors:
 * opkg_download: Failed to download https://davidc502sis.dynamic-dns.net/snapshots/r7829/packages/arm_cortex-a9_vfpv3/base/libgmp_6.1.2-1_arm_cortex-a9_vfpv3.ipk, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_install_pkg: Failed to download libgmp. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package dnsmasq-full.

davidc502 · September 2, 2018, 10:09pm

I could be wrong because I don't document each request, but I don't recall folks asking for it.

When I do a search for the package this is the description: bcp38 implements IETF BCP38 for home routers.

Can you give more information of what this package does, and why you use it? Do you see this package becoming utilized by more people? << Appreciate the thoughts here.

Best Regards,

davidc502 · September 2, 2018, 10:12pm

It's been a while since I have installed dnsmasq full because of past inherent issues, but doesn't dnsmasq full need simple dnsmasq as well?

davidc502 · September 2, 2018, 10:15pm

Those two packages are still a part of the .config to build, and haven't been removed. This is usually a sign that they failed to compile during the build process. They should be back in the next build. Please let me know if this is not the case and I'll take a closer look.

Thanks,

David

Alchemystical · September 2, 2018, 10:16pm

Yes, if I remember correctly I had similar behaviour, but I cannot be 100% sure - at that moment i've not had a USB-TTY cable and there may have been problems with one of the wireless clients.
I can check if reboots persist on the latest stock from Linksys. Can I assume that if stock firmware is running normal, than its not a hardware issue and opposite if problem persists?

If I remember correctly - there is no temperature/sensor monitors on stock firmware. Is there any way to monitor temperatures from, for example, USB-TTY connection?

Kherby · September 2, 2018, 10:16pm

I think u need to remove dnsmasq before you can install dnsmasq-full.
I did it in the past but i'm not sure how i did it but i'm pretty sure that i had vpn policy-based routing installed with one of your builds and it was working great!
I'm very confused atm...

edit: okay so i was able to install dnsmasq-full but it was quite a hassle...
I needed to install a few packages offline before i was finally able to install dnsmasq-full.

1. libgmp_6.1.2-1_arm_cortex-a9_vfpv3.ipk
2. libnettle_3.4-1_arm_cortex-a9_vfpv3.ipk
3. libnfnetlink_1.0.1-1_arm_cortex-a9_vfpv3.ipk
4. kmod-nf-conntrack-netlink_4.14.62-1_arm_cortex-a9_vfpv3.ipk
5. libnetfilter-conntrack_2017-07-25-e8704326-1_arm_cortex-a9_vfpv3.ipk

I guess there is something messed up with my config. Normally opkg install should automatically install all the needed packages if i remember right.
Very weird...

davidc502 · September 2, 2018, 10:19pm

Hey Matt83958,

Is this the package you are looking for below?

root@lede:~# opkg list |grep kmod-tcp-bbr
kmod-tcp-bbr - 4.14.66-1 - Kernel module for BBR (Bottleneck Bandwidth and RTT) TCP congestion control. It requires the fq ("Fair Queue") pacing packet scheduler. For kernel 4.13+, TCP internal pacing is implemented as fallback.

davidc502 · September 2, 2018, 10:31pm

I would check the stock fw because it if it isn't stable, then I'd say there is a hardware issue going on. If it doesn't have issues then it would likely be an issue in the LEDE software or configuration within LEDE. If that were the case, I'd request a re-install/flash of LEDE without saving any configurations, and wait for a failure.

There are a couple of options (probably more) for monitoring the CPU temperature. First would be to write a simple script to check cpu temperature and write the result to a text file, and have cron run it as often as you like. Or you could use SNMP to monitor the temperature using a client. There's also a way you could probably add it to Collectd, and have it graph the CPU temperature.

EDIT
Looking at collectd, it's a simple check box to add "Sensors" to get CPU temperature.

cpu_Temp

Savagepagan · September 3, 2018, 1:42am

Isn't there a software package that will display cpu temps?

Alchemystical · September 3, 2018, 11:33am

Yes, this process is simple on LEDE. But I've no idea how to do it on stock firmware - it even has no ssh/telnet/smth to connect and USB-TTY connection does not give you any way to issue any commands.

Is this your normal temperature on a router?

Alchemystical · September 3, 2018, 11:34am

Yes, on LEDE.
But I can't find a way to do this on stock firmware (Linksys SmartWiFi).