Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds

davidc502 · August 1, 2018, 9:53pm

Correct, there isn't a Luci for Version 2. Unknown if anyone is working on one at this time. I'm not sure the value of having Luci-app for Version 2... There are a lot more options other than selecting dns servers, so maybe?

Kherby · August 1, 2018, 9:59pm

Well i dont want it to auto select any server for me, i want to use my old ones...
So i'll stick with v1 for now and wait for a Luci-app for v2.

A Luci-app where i can select my old servers would be useful for me... Hopefully there will be a Luci-app in the future for v2.

davidc502 · August 1, 2018, 10:03pm

Which servers do you point to?

Kherby · August 1, 2018, 10:07pm

edit:

dnscrypt.eu-nl (176.56.237.171)
d0wn-nl-ns4 (31.220.43.105)

davidc502 · August 1, 2018, 10:38pm

I checked both one at a time, and are available for Version 2. After installing version 2, you need to edit the .toml file, and where it says "server_names = ['cloudflare']", replace cloudflare with your 2 dns servers, and you're ready to go.

Version 2 using dnscrypt.eu-nl
root@lede:/etc/config# tcpdump -nni eth0 host 176.56.237.171
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:33:58.004899 IP x.x.x.x.56562 > 176.56.237.171.443: UDP, length 256
17:33:58.035640 IP x.x.x.x.44269 > 176.56.237.171.443: UDP, length 256
17:33:58.116290 IP 176.56.237.171.443 > x.x.x.x.56562: UDP, length 368

Version 2 using d0wn-nl-ns4
root@lede:/etc/config# tcpdump -nni eth0 host 31.220.43.105
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:35:23.959187 IP x.x.x.x.38966 > 31.220.43.105.443: UDP, length 256
17:35:23.989312 IP x.x.x.x.43812 > 31.220.43.105.443: UDP, length 256
17:35:24.082502 IP 31.220.43.105.443 > x.x.x.x.38966: UDP, length 368
17:35:24.097643 IP 31.220.43.105.443 > x.x.x.x.43812: UDP, length 368
17:35:33.859569 IP x.x.x.x.59814 > 31.220.43.105.443: UDP, length 256

EDIT
Wait a moment... I just watched the output and assumed... The output is UDP... I don't think this is encrypted.

davidc502 · August 1, 2018, 10:51pm

I pulled a pcap of the UDP DNS traffic, and looked at it in Wireshark.... the traffic isn't recognized as DNS traffic, and from what I can tell is encrypted or at least obfuscated.. lol I'm joking about the obfuscated part

Apparently Version 2 is able to negotiate with those 2 servers... I haven't dug into it to find out exactly what it's doing, but looks good if you want to use it.

Kherby · August 1, 2018, 11:04pm

Wait a moment... I just watched the output and assumed... The output is UDP... I don't think this is encrypted.

You kinda scared me a little bit in the first place because i'm using these servers for quite a while...

Apparently Version 2 is able to negotiate with those 2 servers... I haven't dug into it to find out exactly what it's doing, but looks good if you want to use it.

Thank you for testing these server real quick!
At the moment it's just not clear to me what advantages v2 will give me with my selected servers. So i'll read a little bit more about v2 now and then decide if it's already worth for me to migrate to v2. To be honest i do like the Luci-app of v1.

davidc502 · August 2, 2018, 1:15am

Updated dnscrypt-proxy2 shell script.

Version 1.2 Now checks to see if there is an existing dnscrypt-proxy.toml file. If it exists, don't overwrite.

After reading the post from @Kherby, I realized people may have a custom configuration file, so I needed to check for an existing file before copying.

slim0287 · August 2, 2018, 2:48am

David,
When I download the script I get a very different sha256 sum than what is listed on the webpage. Did you not update the sha256?
Thanks

davidc502 · August 2, 2018, 12:19pm

Thanks... I forgot to update the page.

Page updated with new sha256sum --

threedaysatsea · August 4, 2018, 1:21pm

David, excellent work as always. New build + dnscrypt script working well, thanks!

Andy2244 · August 4, 2018, 11:54pm

Yeah the luci package got merged before the samba4 package, both are in master now, but should also compile for 18.06, some PR are still outstanding to fix the failing targets and timemachine support.

PS: My feed has the latest changes: https://github.com/Andy2244/openwrt-extra

gu3d3s · August 5, 2018, 1:12am

Hi,

This option exist in WRT3200 anda WRT 1900ACS ?

i dont see im may configs ....

my /etc/config/firewall

onfig defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

thx for help

Davis last build instaled in all routers

anomeome · August 5, 2018, 2:05am

What you are showing is the default that should be on an image OOTB I believe. My config looks a little different at the moment, at least on a mamba, currently:

config defaults
	option synflood_protect '1'
	option synflood_rate '25'
	option synflood_burst '50'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option flow_offloading '1'
	option drop_invalid '1'

xmijo · August 5, 2018, 4:24pm

Hi @davidc502, regarding dnscrypt-proxy v2, may I ask how you managed to get Go to compile it for mvebu, or are any of the other available releases on the dnscrypt-proxy github page compatible with mvebu and if so which architecture would that be? I'm new to mvebu and OpenWRT so just asking for future reference.

Either way, I want to thank you for making it available and also for the script that made installation a breeze. There's btw a newer version out now in case you might be interested (2.0.16)

When I found your installation script I also stumbled upon your build. Is there any information available regarding the differences between your build and vanilla OpenWRT? I couldn't find it on your webpage.

Thanks

Jruuu · August 5, 2018, 4:35pm

Hi everyone, I just upgraded to the latest WRT3200ACM build. As I was re-installing all of my additional software with opkg, I just noticed that none of the strongswan packages are there. Has strongswan been dropped?

andyxzyk · August 5, 2018, 4:52pm

Hi all, need some help please.
I have partition1 with linksys and partition2 with Lede SNAPSHOT, wrt32x r7360-e15565a01c. I would like to sysupgrade to latest davidc502 (29July18) but don't want to overwrite partition1 (linksys). I also would like to keep downtime as low as possible.
Q1) if i update through luci with 'keep settings' will that update the partition i'm currently on (in my case it will be partition2) or will it round-robin and overwrite my partition1 ?
Q2) if boot to partition1 and use command line 'sysupgrade' will that upgrade my current LEDE on partition2, since again it should round-robin.
I want to make sure i upgrade only my current LEDE partition2 whilst not touching the linksys on partition1. I also want to try and carry settings over.
Can someone suggest best (hopefully tried and tested) how to do it ?
thanks.

davidc502 · August 5, 2018, 5:32pm

No it hasn't been dropped. I checked the build configuration and strongswan is configured to build. However, when I check the repository it isn't there. I will mark this to investigate on the next build. It looks like they failed to build for one reason or another. Also, doing a little digging I found the last time they completed successfully was in build r7360 (my reference).

Here is what you can do as a work around. The day the next build is released (if it still isn't available in the repository), go to the following link and download the packages you need from the snapshot repository for lede. If you wait more than a few days it is likely not to be compatible anymore as kernel versions change rapidly.
https://downloads.openwrt.org/snapshots/packages/arm_cortex-a9_vfpv3/packages/

davidc502 · August 5, 2018, 5:41pm

Q1) if i update through luci with 'keep settings' will that update the partition i'm currently on? No, it will round robin.

The work around is to export all of your current configurations/settings to file (which is easy to do). Then boot to Linksys firmware, and then install using the .img (Not sysupgrade). From the new install Import all of your configuration/settings and you should be good to go. Importing takes seconds and not long at all.

As to installing to the partition being worked from, I've heard of a few people being able to do it, but seem to recall it isn't recommended or might be risky (Memory is cloudy there).

Q2) if boot to partition1 and use command line 'sysupgrade' will that upgrade my current LEDE on partition2, since again it should round-robin. <<< Unknown -- I don't have the answer to that question.

hnyman · August 5, 2018, 5:47pm

David already answered your questions , but some clarifications.

both Linksys original firmware and Openwrt firmware always flash the other partition, in a round-robin fashion, as David said.
if you want to keep the Linksys partition intact, you need to flash the new Openwrt version from the Linksys firmware. Then you naturally can not use "sysupgrade" as that is Openwrt-specific.

The easiest workflow for you is:

backup Openwrt config. Store it on your PC.
switch boot to Linksys firmware. (e.g. via advanced-reboot package). Boot Linksys
use Linksys firmware to flash new Openwrt. Systems boots to Openwrt
In Openwrt, restore config from backup archive. Install add-on packages

EDIT:
I read David's response weakly. The answers were already there