thanks as always David
@davidc502, i bring a bad news for us.
libssh have critical security issue - https://www.libssh.org/security/advisories/CVE-2018-10933.txt?fbclid=IwAR0VHV4fN7-mJJ0oxjW8u5i9-ahnjR3vfbBD6crwz-GOERcI4nAzUO_91mY
Please, update it (and dependent) to 0.7.6 (now i see 0.7.5 in repo).
1 Like
I had my 5Ghz stuttering too on wrt 1900ac v2 , not sure what's wrong, last evening my iphone can't even connect to the 5Ghz network, till a reboot of the router
Thanks. Please please make sure the devs know about this so trunk can be updated asap.
I read github and openssh are unaffected so is the concern here dropbear?
Already confirmed as a non-issue for OpenWRT (from an actual SSH vulnerability point of view). Neither dropbear or openssh make use of libssh: Is OpenWrt affected by CVE-2018-10933?
2 Likes
Thank you for researching
Btw.. I'm not seeing minidlna in the daily snapshots.
Woo, hoo!! 
about ssh
1 Like
Interesting... Yet the luci app and translations are there. Wonder what the upstream issue is?
David,
We lost the statistics graphs in the r8289 build (at least on the WRT1900ACS v2) and had a little bit of a discussion about that on this thread. Did we come up with a solution to getting the statistics graphs back, or are we just waiting for the next build in hopes they will return?
Thanks
What did you install and how? I am still learning all this, thanks
Hi, I did it the David way, described on his website here ->
https://davidc502sis.dynamic-dns.net/dnscrypt/
Then, I went to GitHub ->
and dled the prebuild binaries for my LinksysWRT 32X -> Linux/arm (may differ, if you have another router, so be sure to check your platform!) version of DNSCrypt 2.017 and replaced Davids version/binary with the binary from the prebuild version form GitHub in the directory /usr/sbin/dnscrypt-proxy binary to the one from GitHUB I dled, simply by replacing Davids version to v 2.0.17, works perfect, but, depending on your Router Modell, you must check first which platfrom is your Router, mine is Linux/ARM ...
The prebuild binaries are avaible for these platforms:
Android/arm
Android/arm64
Android/x86
Android/x86_64
Dragonfly BSD
FreeBSD/arm
FreeBSD/x86
FreeBSD/x86_64
Linux/arm
Linux/arm64
Linux/mips
Linux/mipsle
Linux/mips64
Linux/mips64le
Linux/x86
Linux/x86_64
MacOS X
NetBSD/x86
NetBSD/x86_64
OpenBSD/x86
OpenBSD/x86_64
Windows
Windows 64 bit
The prebuild binarys you can find here:
Most important is, that you choose the right Platform, so be sure, to dl the one, for the Router CPU you have...in my case, as I said, Linux/ARM ...but if you have another router...could be other platform CPU
Just follow the instructions by Davids Website, and then dl from GitHub the binary for your platfrom, and only replace The binary file, that is in the directory of OpenWRT directory /usr/sbin/dnscrypt-proxy with the Binary you dled from GitHub
You can find out, your platform this way, beeing logged in your router with the command cat /proc/cpuinfo look my example:
cat /proc/cpuinfo
processor : 0
model name : ARMv7 Processor rev 1 (v7l)
BogoMIPS : 1866.00
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpd32
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x4
CPU part : 0xc09
CPU revision : 1
processor : 1
model name : ARMv7 Processor rev 1 (v7l)
BogoMIPS : 1866.00
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpd32
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x4
CPU part : 0xc09
CPU revision : 1
Hardware : Marvell Armada 380/385 (Device Tree)
Revision : 0000
Serial : 0000000000000000
Good Luck!
This appears to be an issue specific to the build. I need to set aside some time to solve.
does your build support the Xbox version of the WRT series, the WRT32XB? I'm seeing some pretty cheap prices for them online. According to Linksys they are based on the same hardware, just not sure about partition layout, etc. https://www.linksys.com/us/support-article/?articleNum=270536
Thanks!
I just experienced the same issue too with 5Ghz all of a sudden failing; 5ghz wireless is not associated. I'm using my own build r8313-71865200c9 with most recent available config.seed
Router had been up for just over 24hrs
Hi davidc502,
Thanks so much for responding so quickly. I didn't have a chance to revisit this until today, and it was 100 percent my stupidity for not getting it to work. I overlooked the change to the port for the dns forward. Works great again! I really appreciate everything you've done here!
Thanks,
Sean
1 Like
Hello,
Been lurking for awhile but decided to post since I haven't seen anyone with a similar setup (request) as me. I have the WRT3200ACM version of David's build. 2.4ghz and 5ghz are running fine. My roommates and I would like to create separate networks on the 3200ACM router, one for encrypted Wireguard traffic and another for plain-jane traffic.
After a few days of tweaks, we have Wireguard running but it seems to pump all traffic through the Wireguard interface. We have been digging around in the OpenWRT wiki, older WRT3200 posts, and some other stuff on the forum but can't seem to figure out how to properly configure the router for this setup.
I have flashed and reset many many times. 
The farthest I can get it just piping all traffic through Wireguard. I am not a network wizard and neither is my roommate.
For simplicity sake, is there a way to get all traffic on, say 2.4ghz radio and from ethernet connected devices, to be plain-jane while all other traffic from the 5ghz radio to go through Wireguard pipe?
Thank you in advance for your assistance.
1 Like
Hi, I have a similar setup, and its great working, I have my LAN on 192.168.1.0/24 net, router sitting on 192.168.1.1 ..and created for WireGuard Interface the interface 192.168.200.1 using standard Port 51820, and told WireGuard to listen on 192.168.200.1 and also on 192.168.1.1 (IP of Router in LAN) ..also using Privoxy on Router on Port 8118 and Squid on my Workstations, all my Lan ethernet clients can connect via ethernet to the Wireguard interface, if setup right, with keys etc without any problem...Imprtant is, you make a forward from the WireGuard Interface 192.168.200.1 to Router IP 192.168.1.1 and allow create a FW UDP rule for Port 51820 can be reached in both directions.... if this is accomplished, you simply create a WLAN SPOT , 5Ghz or 2.4 GHZ, or both. Then setup for the WLAN Spot with a own DHCP server, I used 10.0.1.1 with a range of 10 (or more clients, as you like) IPs, the DHCP server gives to clients IPs, now....you WLan Clients can connect, and the only thing you have to do, is to make a Port Forward from that WLAN 5Ghz Zone and forward also from 10.0.1.1:51820 of your WLAN INterface to 192.168.1.1:51820 as Endpoint, your clients then can connect and surf the INternet with Wireguard, and if they dont use Wireguard...it will work too... then, you create your other WLan Spot, as you know yet how to do it, and just dont make a forwardrule from that other WlanSPOT to 192.168.1.1 to port 51820...so, Wireguard will not even listen on that other WLANSpot Interface/Zone (for example anothe DHCP server zone 10.0.2.1 with a Ip range of your choice, you want, without Wireguard encryption. I made myself a simple ShellScript, to FireUp Wireguard...or close it...manually, if I connect to my WLAN 2.4 GHZ, I just dont start that WG StartUpshellScript, it woudl anyway not work, as I havent made a port forward to WG to 192.168.1.1:51820...and is is plain traffic going to Router from that WlanSpot at 2,4 Ghz. if I connect to my 5 Ghz WlanSpot, where I have the Port forward to the WireguardInterface on 192.168.1.1 to port 51820 and I start my shell script, it uses Wireguard and passes all traffic through the WG Interface 192.168.200.1, if I shutdown my ShellScript for shutting down Wireguard, still then...I can browse the Internet...just without WG encryption. If I want WG ON, I start my WG On ShellScript, , or via Terminal command "wg-quick up wg0" ...and it opens a Tunnel to 192.168.200.1 ...and as it listen also on 192.168.1.1:51820...and I made the port forward from 192.168.200.1 to 192.168.1.1:51820 it passes all traffic passing through 192.168.200.1:51820 to 192.168.1.1:51820 Router IP, I hope that helps, a little bit..not easy to explain more easy...lol dont forget, to make FW rules for Wireguard can talk to 51820 in both directions from the difrent Zones.. in your case, from your WLAN SPot 5GHZ to Lan Zone to 192.168.1.1:52820
Maybe someone else has a better solution, or can explain better, Im happy with my solution, it works perfect... GoodLuck!
Sorry man, I'm not really following much of that. Like I said, I'm not a network wizard. I hope there's just a simple way to somehow get different networks or tunnels or whatever on this David build for WRT3200ACM so one antenna can be regular network internet stuff and another antenna the Wireguard/encrypted pipe....