Divested-WRT: No-nonsense hardened builds for Linksys WRT series

No downside in removing radio2 (as it is not connected to any antenna). It is speculated it was meant to be used for DFS channels scanning for weather radio etc. but it is unused in that sense in openwrt.
Why it is not default setting is beyond me. Reportedly, some people use it for connection for some ESP / Embedded devices that fail to connect to the normal 2.4Ghz Radio (radio1). See: https://openwrt.org/toh/linksys/wrt_ac_series#esp_chip_devices_won_t_connect

kmod-mwifiex-sdio = Kernel modules for Marvell 802.11n/802.11ac SDIO Wireless cards (the third radio only -- radio2)
kmod-btmrvl = Kernel support for Marvell SDIO Bluetooth Module
mwifiex-sdio-firmware = Marvell 8887/8997 firmware (the third radio only -- radio2)

2 Likes

I am responding to my own post.

Snapshot r22706 installed OK. Missing packages from r22702 are present here. Everything is OK.

Alright, so I did this, and 160Mhz now works. Thanks!

  1. opkg remove kmod-mwifiex-sdio kmod-btmrvl mwifiex-sdio-firmware
  2. remove the radio2 section from /etc/config/wireless [I commented it out]
  3. keep both radio0 and radio1 country set to FR [had it set to "driver default", change to FR was required]
  4. reboot

Then I enabled "force" for 5ghz and changed from 80Mhz -> 160Mhz. For 2.4Ghz I can still use both 20Mhz and 40Mhz, and I do not need to have "force" enabled on that band.

I'm on WRT32X (r22497)

1 Like

Yea I've always removed mwifiex as per the doc page with good results on my WRT32X. It should probably not be included by default and be an optional package. Most of my house wifi comes from a wifi 6 AP at this point (U6-Lite).

With mwlwifi driver 10.3.9.1-20230429 merged today time to revisit wifi again on these aging routers. Will try a build later this weekend.

1 Like

@phinn it's already included (patch 12500) and enabled by default in this build https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/20230430-00/

1 Like

The latest version of openwrt creates problems!
https://forum.openwrt.org/t/linksys-wrt1900acs-v2-openwrt-snapshot/157825/20?u=oli

i'm having a weird problem cant login again unless i reboot the router, i got this problem whilst trying to access the real time graphics > connections
it shows nothing and crashes

any ideas?!

@devilzeyez
can't reproduce, any packages installed? any weird browser or extensions?

I also can't replicate this issue.

Ever since using the Divested-WRT (due to stock Open-WRT no longer supporting Linksys 1900ACS), I am unable to watch Paramount Plus. I do not have banIP enabled and have even removed this package with no effect. I only changed the DNS servers to Cloudflare.

Any ideas? This behavior is the same across many devices on my network. I'd prefer to not have to Wireshark what connection is being blocked, but there should be nothing blocked as far as I know.

@j0nnyf1ve
divblock is probably breaking it, you can /etc/init.d/divblock disable && /etc/init.d/divblock stop and try again

or check for what domains it wants and add them to exclusion list /etc/config/divblock-exclusions:

tcpdump -i br-lan udp port 53

and report them here and I'll add them to the exclusion list for next list update

3 Likes

Yes! That was it! Thank you.

I'll check what domains Paramount needs and report back here.

Thanks again!

This what I saw when filtering for my IP

root@OpenWrt:~# tcpdump -i br-lan udp port 53
19:09:07.011994 IP OpenWrt.lan.53 > 192.168.1.219.53424: 8471 NXDomain 0/0/0 (44)
19:09:07.015989 IP OpenWrt.lan.53 > 192.168.1.219.15533: 8240 NXDomain 0/0/0 (44)
19:09:07.028612 IP OpenWrt.lan.53 > 192.168.1.219.3764: 29000 4/0/0 CNAME vod62c350g.airspace-cdn.cbsivideo.com., CNAME vod62c350g.as.ns1.cbsivideo.com., CNAME cs18599.wpc.nucdn.net., A 152.195.13.103 (179)

Thanks for creating this build! I installed it last weekend after trying to update to the latest mainline release and encountering the MV88E6176 switch problems and it's working great.

I have encountered 1 problem though. I have created a VLAN bridge to segregate my network. This bridge is on the same interface as my wifi. 3 of my switch ports are on this bridge, 2 are untagged, 1 is tagged.

My laptop is on the wifi, and I can ping all devices connected to the tagged port, but when I try and ping the device on one of the untagged ports only a single ping response is occasionally received when the command is first run, then the responses stop. When I plug the laptop into the other untagged port and disconnect from the wifi the ping works fine.

If I monitor tcpdump on the wireless interface for ICMP I see the ping requests but only the occasional single response from devices on the untagged port. If I ping devices on the tagged port, or if the laptop is on the other untagged port and I monitor the bridge I see both the request and response.

My config is below

/etc/config/network
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan.20'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:t'

/etc/config/wireless
config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr 'xx:xx:xx:xx:xx:xx'
	option ssid 'wifi'
	option key 'xxxx'
	option encryption 'psk2+ccmp'
tcpdump -i phy0-ap0 -f -v icmp
tcpdump: listening on phy0-ap0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:00:23.203513 IP (tos 0x0, ttl 64, id 34563, offset 0, flags [DF], proto ICMP (1), length 84)
    archLaptop.local > backup.local: ICMP echo request, id 17, seq 1, length 64
15:00:23.204144 IP (tos 0x0, ttl 64, id 11789, offset 0, flags [none], proto ICMP (1), length 84)
    backup.local > archLaptop.local: ICMP echo reply, id 17, seq 1, length 64
15:00:24.208709 IP (tos 0x0, ttl 64, id 34665, offset 0, flags [DF], proto ICMP (1), length 84)
    archLaptop.local > backup.local: ICMP echo request, id 17, seq 2, length 64
15:00:25.224206 IP (tos 0x0, ttl 64, id 34968, offset 0, flags [DF], proto ICMP (1), length 84)
    archLaptop.local > backup.local: ICMP echo request, id 17, seq 3, length 64

Is there any reason why there's only a single response here? Any ideas on how to fix this?

This sounds like the issue caused by the target/linux/generic/hack-5.15/600-bridge_offload.patch

Could it be that some or at least one of the dnsrm whitelists for divblock is currently ignored?
I checked https://divested.dev/hosts-dnsmasq and the URL I reported here some time ago r.appspot.com/# is in there again and gets blocked.
It got moved from the Google.txt file to Google-appspot.com file (maybe because it's not .txt?).

@Znrl

eek, good catch
give me a few minutes.

edit:
renamed to .txt and uploaded new lists
thanks again!

Hi, I'm trying to compile the lastest version but I'm having problems, I'm using an Ubuntu VM with all compiling requirements and dependencies like wiki says, my problem is about perl:

make[5]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.28.1'
echo @`sh  cflags "optimize='-O2'" opmini.o` -fPIC -DPERL_IS_MINIPERL -DPERL_EXTERNAL_GLOB opmini.c
@arm-openwrt-linux-muslgnueabi-gcc -c -DPERL_CORE -D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -mfloat-abi=hard -I/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-12.3.0_musl_eabi/usr/include -I/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-12.3.0_musl_eabi/include/fortify -I/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-12.3.0_musl_eabi/include -O2 -Wall -fPIC -DPERL_IS_MINIPERL -DPERL_EXTERNAL_GLOB opmini.c
In file included from op.c:163:
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
make[4]: *** [Makefile:304: opmini.o] Error 1
make[4]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.28.1'
make[3]: *** [Makefile:150: /home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.28.1/.built] Error 2
make[3]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/feeds/packages/lang/perl'
time: package/feeds/packages/perl/compile#11.70#3.02#14.08
    ERROR: package/feeds/packages/perl failed to build.
make[2]: *** [package/Makefile:120: package/feeds/packages/perl/compile] Error 1
make[2]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt'
make[1]: *** [package/Makefile:114: /home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt'
make: *** [/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/include/toplevel.mk:231: world] Error 2

I don't know what's happening, I've started from the beginning, deleting the buildroot, and compile like if this it was the first time, but each time that I tried, the same happens; I tried to update my VM too, but without succesfull results, can you point me in right direction please?

P.S.: If you need more info or something else, don't hesitate to tell me

@Raskaipika

caused by https://github.com/openwrt/openwrt/commit/fff878c5bcda6dea337c97a95721bf8cf73e4560

there is some churn happening, you can see other pakcages being fixed for that issue "fix compilation with musl 1.24": https://github.com/openwrt/openwrt/commits/master

maybe report it there, in case it hasn't already been noticed

Thanks for the answer, you're right about this, yesterday (before to delete the buildroot and start from the beginning), there were problems relate with musl.

But, I don't know how to report this problem at github, I didn't have to do this before, it's not that I don't want to do it, but I prefer to wait the problem will be fixed.