@davidc502 - How to download this patched "dropbear" package/patch to test this?
@solidus1983 - certainly seems to be a good idea to build own firmware. Any pointers to get this compiled on my own? Have required machines/infrastructure as needed.
Thanks
If you can run Debian 9 and install sudo after, I can give you my scripts I use to rebuild my VM each time. Have it for both v19.07 and master branch.
I can make the patched dropbear available on the website. However, there is likely to be a kernel version difference as this is a snapshot from r12215.
@solidus1983 - Thanks - would get this Debian 9 setup by tomorrow.
@davidc502 - should I wait for another version to be released or any other way for me to test the dropbear patch that I can install?
Thanks
I have no issues dropping a build on the server if you'd like to test.
I installed it via Lucy and connected via SFTP without issue. Did you verify your ports are open?
Check you DM's from me i have linked you to scripts and instructions.
No need to apologize. I'm happy to just have an answer. I hate unanswered questions and unsolved problems.
I appreciate what you do here, and I'm interested in helping if there's any way that I can. I haven't compiled my own firmware as of yet, but I'd like to. I've worked in the IT industry for years; am comfortable with basic and intermediate programming, scripting, etc., and have a long history as a Linux and FreeBSD user, so I don't think I'd struggle too much.
Anyway, let me know if I can be a test-dummy or help in any way. I've got a couple Linksys WRT3200ACM routers, and an ASUS RT-AC3200 (which I know isn't supported yet or maybe ever...). I also have half of a dozen servers in my home lab that are pretty beefy. Happy to spin up VMs and whatever, if needed.
Cheers 
I use openssh exclusively for all "exposed" ssh ports... but it does require an openssl config patch on David's builds... here's the diff on the current 12121 build:
--- a/openssl.cnf 2020-01-24 09:52:41.000000000 -0800
+++ b/openssl.cnf 2020-02-04 21:34:26.000000000 -0800
@@ -22,6 +22,8 @@
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
+# FIX: set DIGESTS=NONE
+# See: https://github.com/openwrt/packages/pull/8272
openssl_conf=openssl_conf
[openssl_conf]
@@ -29,7 +31,7 @@
[engines]
# To enable an engine, install the package, and uncomment it here:
-#devcrypto=devcrypto
+devcrypto=devcrypto
#afalg=afalg
#padlock=padlock
@@ -56,7 +58,7 @@
# only be used for PRNG, in small blocks, where performance is poor,
# and there may be problems with apps forking with open crypto
# contexts, leading to failures. The CBC ciphers work well:
-#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
+CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
# enable [default=NONE]
@@ -64,7 +66,7 @@
# is poor, and there are many cases in which they will not work,
# especially when calling fork with open crypto contexts. Openssh,
# for example, does this, and you may not be able to login.
-#DIGESTS = NONE
+DIGESTS = NONE
[padlock]
default_algorithms = ALL
Cheers,
Scott
Hi! I made clean install. How to run dnscrypt on this firmware? What I need to edit, what values need to be changed? Maybe @davidc502 short manual on https://dc502wrt.org/dnscrypt/ ?
THX
Here is a build with the patch to disable weak ciphers. Please report back your findings if it works as expected or not.
https://dc502wrt.org/snapshots/r12230/targets/mvebu/cortexa9/
Has there been any progress with getting esp devices like smart plugs working with the standard radios without having to rely on using the third radio?
That is a negative. Wifi drivers have not been worked on in over a year. We do have a firmware update currently being tested, but do not expect any impact on IOC devices. I have a printer that refuses to connect, and the new firmware changes nothing in that regard at least for this printer. I use a separate wifi AP to solve the issue.
@solidus1983 - Thank you much for the instructions. Appreciate it.
@sshambar - Thank you much for the ssh fix. @davidc502 - wondering if you could include this fix as part of the your build (If it doesn't have an impact to other components).
In the meantime - I would get started with the own compile - after going through instructions from solidus1983.
Thanks
@solidus1983 - Thanks for the instructions. Had to make subtle changes about the scripts (shell location and unix format) but compile is going on. Fingers crossed on how it goes 
THANK YOU !!!
@davidc502 - thanks for the build. Going through the scan in current state to get the weak ciphers list. Would use the latest test build you did and scan one more time. Would update you on how it goes.
Thanks
I never had problems with port forwarding in any build of david...
I'm currently not using the latest build so all I can say is that portforwarding with r11829 works fine. I've just added a test rule via Luci and option src '' + option dest '' were added correctly. Hopefully this will get sort out with the next build so I can upgrade without any headaches.
+1
A short manual would be quite nice. It's very easy to change servers and enable ipv6 servers for example but there is no manual on davids website so ppl have to google it or search the forum for infos....
My pleasure, if you made some changes that was to improve the scripts please DM me them so I can look them up and add them.
Certainly solidus. So far superficial changes rather than any substantial/productive changes. I am reasonably good at unix scripting. Just that very new to the firmware builds and trying to get my feet wet in this field Would certainly update you on how it goes. Initial hurdle ran out of space with the default partitions that came with one of the debian vm images. Getting it fixed and re-initiated.