Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds

literally just retested - and yes, everything works fine now.
I feel like a complete dolt....thanks as always to you and solevi for helping me with this!!
(and ive copied down the correct config for storage offline too!)

all the best

1 Like

Take a look at -> Services -> uHTTPd in LuCi.

Thanks for being responsive.. By the way, on the next upgrade, the configuration will follow, so you don't have to worry about going through this again :slight_smile:

1 Like

it was my own stupid fault for not taking care!

@davidc502

Does your build suppress AEAD Decrypt error: bad packet ID (may be a replay) in the logs? I never had them with your build, but I'm getting them all the time now. Same thing with dnsmasq's Maximum concurrent DNS requests reached (150), another one I never had.

Essentially I just installed the latest stable OpenWRT build without preserving settings, then manually compared and set the settings like how they were on your build by comparing the config with the backup I made. I installed openvpn, vpn-policy-routing and adblock.

I'm getting to the point where I'm tempted to just install your build again and see what happens.

No customization's there, so you might just try re-installing and seeing what happens.

Just to be clear, when going from OpenWRT to your build, I can still use the sysupgrade package but without keeping any settings, and when upgrading your build to a later version I can keep the settings?

EDIT:
Funny thing. When I installed OpenWRT on your build, my router put it in the alternate partition. After that all I have done is reset to defaults. So when I booted into the alternate partition, I was greeted by your Lede SNAPSHOT r8289 (guess why I figured it was time to update?). This is actually interesting, since that means I can (as long as I am careful) have your build on one partition and the official one on the other partition.

I took the opportunity to test it. Turns out the same errors happened on that build, but they lost in a spam-contest against hostapd: Station AA:BB:CC:DD:EE:FF not allowed to authenticate. But now I saw that whenever I push the bandwidth the errors appear. A small amount when using HTTP, and a massive tsunami when using a popular torrent like Ubuntu.

Question to self: have I always been limited in my VPN throughput because of this???

I may still try out your build and see what's new and improved though. The old one unfortunately was so old I couldn't even do an opkg update anymore.

Thanks for replying!

Is there an option when flashing the 3200acm to only overwrite a specific partition and not flip flop?I'd like to keep 1 partition as the "stock side" if possible.

yes, from stock side flash openwrt factory.img, than install luci-app -advanced reboot, go back on stock partition, and flash sysupgrade.bin
basically evrytime you flash a new openwrt version, you need make sure to flash it from stock partition.

2 Likes

That's the normal procedure now, was wondering if there was an alternative step.

I've heard of a few savvy few who figured out how to flash the partition they are on. Not recommended or supported though.

I see.

So, try some steps for experiment:

  1. Remove (or comment) txpower, distanance and wpa_disable_eapol_key_retries, macfilter
  2. Set country EXACTLY as in iw reg get, or just comment it.
  3. (just for check, it MAYBE helps) add option legacy_rates '0' into radio and option disassoc_low_ack '0', option short_preamble '0' into hostapd block.
  4. You can also add option log_level 0 to see more detailed stats in systlog

Then try.

BTW, you can try to use channels 149-161 if you have mess in lower part, but it decrease coverage (especially with you EU regulations).

With respect, you're taking the wrong approach. If security isn't working for you, removing it is the wrong thing to do, you should be fixing it.

Replace the self-signed SSL cert with a free one from LetsEncypt. Your users will no longer have to accept/ignore a self-signed cert, the traffic to the admin pages (passwords!) will be encrypted, and the certificate will prove to users that they're connecting to the host they think they are.

Please, please, please don't turn off SSL for usability reasons. Make it work for you.

1 Like

I hear you. But you said it yourself: Usability reasons.

This is a fatal flaw of the linux community, we are willing to go through endless configuration minutiae.

Why is it reasonable to distribute a router image that my browser won't let me connect to by default?

Special pleading aside, it isn't. To jump through this many hoops just to establish baseline router config is just not practical.

At this point what seems practical (at least in terms of time consumption) is to flash the firmware to stock and externalize the services I was hoping OpenWrt could provide to other more 'out-of-the-box' solutions (e.g. Pi-Hole for Ad-block, Plex for DLNA, etc).

I know open source projects don't need to compete with commercial products per se, but they ought to have some practical usability considerations...

I kind of look at it this way... I got FAR more complaints that we weren't using TLS than those folks complaining that we do. Over the past couple years, maybe a dozen people complained about the self signed certificate, and usually after walking them through importing the certificate into the trusted store, they are happy. So, if we have the rare person who understands the risks, but chooses to accept them, I'm totally ok with that if they are.

3 Likes

Hi, I just flashed one of your builds on my wrt1900acs but I'm having an issue, when I try to add an ip address to DNS forwarding using LuCL I get the error "Expecting: valid hostname". Is there any way to fix this?

not sure, but you say here:

for me stock partition is a stable and well configured openwrt.

Hi, Have a look at davidc502's post 4561.

Nice anecdote, but don't mistake loudness for quantity.

I suspect a lot of curious parties like myself try it out, and move on when they meet complications rather than hit up the forums at all.

The features you roll directly into LuCI is what makes your distros so appealing.

Too bad those intermediate-users who find SSH & SSL intimidating will never see that beautiful GUI.

Successful open source projects I know about (Ubuntu, React, TensorFlow, Kubernetes, VSCode, etc.) chose to make Usability a priority. It's a great way to grow your audience and educate novice users.

It's your project so package and distribute as you see fit. To whatever audience you want to cultivate, even if it's only going to be hardcore super-users....

1 Like

Anecdotally, if you have users incapable of clicking through a security exception, then PEBKAC

That's my opinion though.

2 Likes