It's been a long time, but seems I've been down this road before dealing with conntrack_helper and security.
I think we want to leave it off, and those folks who need it can turn it on.
Ok, not a prob, but I think it was enabled in releases prior to kernels 4.12 or 4.14 - can't recall which. But as I say, no problem people can find the thread if they need to - based on the lack of traffic on it in this forum, seems not many people need the feature anyway.
Have a good day
1 Like
Size of the binary is a little smaller from v.2.016 to Davids procedure version of v.2.014 ...but got you, Thank you for letting me know that the ARM version is the correct on, I just used Davids procedure of installing DNSCRYPT 2 ...and then patched the binary to the ARM one from GitHub ...asap oficial support for v.2.016 comes to OpenWRT for it, Ill change...but its all working great...since some weeks now...
Thanks 2 David for all your work and contributions!
1 Like
The conntrack helper has been disabled by default starting with kernel 4.7.
Enabling it via sysctl.conf or rc.local is relatively easy to do.
The 'prefered' method would leave it disabled and write extra firewall lines to specifically pass the traffic you need.
This is much less straight forward than enabling the old pre 4.7 functionality.
1 Like
Hi all, currently driving Lede SNAPSHOT r7938 on my WRT32x and it's been pretty solid. Had a search through the thread and found 'how to' but nothing specific to this build.
Can anyone tell me if WPS is implemented on tihs release ? I have a wifi extender working (tp-link ER305) and whilst it works fine from it's own GUI and associates to the WRT32x (set up as AP-WDS) it has one quirk which assigns all clients a virtual MAC address, so first XX.XX.XX will be same as MAC of ER305 and last XX.XX.XX of MAC will be the last 3 octets of the actual MAC. This plays havoc with my dhcp assisgnments so would like to try WPS which some threads have suggested may be a way forward. Basically if i load what is required for WPS will the button actually work ?
thanks.
Hi folks, just wanted to say I've recently noticed that I'm losing connectivity between clients on the same wlan after the router has been up for a few hours to a few days. The behaviour exactly matches what's reported (and extensively discussed) in this thread.
I'm running build 7581 on a WRT32X. Not upgraded as I've experienced no other issues until noticing this yesterday...
Hey andyxzyk,
The mac address is hard coded on the NIC, so I'm not sure how it could assign a mac address?
When you issue the command ipconfig /all you see a different mac address than what was assigned by the manufacturer?
I think wps is possible, but think you will need to remove wpad-mini and install two other packages wpad and hostapd-utilities.
You can read more about it here -> https://wiki.openwrt.org/doc/uci/wireless#wps_options
Hi david and all,
im expeiriencing sometimes after router reboot mount failures (of my external usb hdd) with the below messages in syslog:
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: [2018/09/20 10:19:42.038765, 0] ../source3/smbd/service.c:774(make_connection_snum)
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: canonicalize_connect_path failed for service entertainment, path /mnt/sda1/entertainment
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: [2018/09/20 10:19:42.044346, 0] ../source3/smbd/service.c:774(make_connection_snum)
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: canonicalize_connect_path failed for service entertainment, path /mnt/sda1/entertainment
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: [2018/09/20 10:19:42.048905, 0] ../source3/smbd/service.c:774(make_connection_snum)
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: canonicalize_connect_path failed for service entertainment, path /mnt/sda1/entertainment
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: [2018/09/20 10:19:42.053157, 0] ../source3/smbd/service.c:774(make_connection_snum)
Thu Sep 20 10:19:42 2018 daemon.err smbd[4444]: canonicalize_connect_path failed for service entertainment, path /mnt/sda1/entertainment
usually if i unplug and plug or reboot again it can be solved , so just wanted to mention it here ...
ive noticed the logs before indicate the reason , but i dont know why it happens :
Thu Sep 20 10:17:59 2018 daemon.err block: /dev/ubiblock0_0 is already mounted on /rom
Thu Sep 20 10:17:59 2018 daemon.err block: /dev/ubi0_1 is already mounted on /overlay
Thu Sep 20 10:17:59 2018 daemon.notice procd: /etc/rc.d/S40fstab: /dev/sda1 is in use.
Thu Sep 20 10:17:59 2018 daemon.notice procd: /etc/rc.d/S40fstab: e2fsck: Cannot continue, aborting.
Thu Sep 20 10:17:59 2018 daemon.notice procd: /etc/rc.d/S40fstab:
Thu Sep 20 10:17:59 2018 daemon.notice procd: /etc/rc.d/S40fstab:
Thu Sep 20 10:17:59 2018 daemon.err block: check_filesystem: /usr/sbin/e2fsck returned 8
Thu Sep 20 10:17:59 2018 daemon.err block: mounting /dev/sda1 (ext4) as /mnt/sda1 failed (16) - Resource busy
btw: the problem is now persistent it stopped working , i will continue check.
@davidc502 @eduperez mwlwifi has been updated (10.3.8.0-20180920).
One interesting commit: Changed the way to destroy BA (For 88W8864 and 88W8997).
I've been running it for an hour or so, no issues so far.
1 Like
Thanks ListerWRT
Good deal... I should have time for a new build this weekend.
Make sure the path has not changed -- Looks like smb can't mount due to bad path.
Also, make sure the permissions are correct -- +x - need for all folders in path
Thanks david , seems like after some while it automatically resolves ... weird though in the boot i get many errors but after a while the issue resolves by itself....tnx in any case david !
Hi, hope this mwlwifi version will be available on eduperez github for download so i can try it out on my WRT32xx running david's R7938 ? the latest on there is 20180906.
davidc502, your FAQ page which shows how to update this driver is out of date since the link show just takes you to the snapshot builds not the mwlwifi driver.
thanks.
Hi,
I'm trying to make igmpproxy work to forward my multicast local br-lan (not wan) across other subnets (my openvpn tun0). I struggled for weeks but no luck. I'm too newbie to fully debug and get an idea. It could be faulty igmpproxy or (likely) faulty firewall rules for igmp or udp. BTW I've read several times that to make igmpproxy work correctly I need a package called kmod-bridge installed. Now I have the r5917-36f1978a70 and I checked in the packages repo but this package is not there. Actually I wasn't able to find it in none of David's repos for all releases . Is that because it's not needed anymore or it's just missing and wuthout it igmpproxy will never work as I wish?
Thanks.
Pino.
kmod-bridge is no longer available because it is now built into the kernel.
Do you have a different subnet for each LAN port?
To update the wifi driver, in place, the kernel versions must match exactly.
Thanks for reply.
Basically I have the default /etc/config/network configuration so eth0 / eth0.1 for my lan and the default switch0 setting. My eth1 / eth1.2 points to my modem which gets wan from my ISP. Basically I'd like (among other things) to forward my LENKENG HDMI streamer's traffic ( https://blog.danman.eu/new-version-of-lenkeng-hdmi-over-ip-extender-lkv373a/#comment-80877 Great and cheap device! I really suggest to get one) to my openvpn and be able to see from office (openvpn client) my home's Nvidia Shield Chromecast server. Not sure if everything is possible. I read that for these purpose I should give up igmpproxy and use instead smcroute but still trying.
hi davidc502,
i run the script dnscrypt-proxy V2 first time everything went ok
and i try to check DNSSEC resolver test it always fail http://dnssec.vs.uni-due.de/
unless i manually go to the setting Network>Interfaces>Wan>Advanced Setting and uncheck the option Use DNS servers advertised by peer then DNSSEC resolver test passed just letting you know may be need to alter the script to work.
thanks for your hard work, regards.
thanks madbad,
I'll check to see if this option over-rules the DNS forwarding configuration. If it does, I'll need to have the script uncheck this option.
Thanks,