Divested-WRT: No-nonsense hardened builds for Linksys WRT series

Does anyone know any tricks for speeding up wifi?

I'm running 20210217-00-RESIZED build on my WRT1900ACS. I get decent ethernet speedtest performance to my ISP 860Mbps down / 460Mbps up. But poor 5GHz wifi performance direct line of sight 2 metres at most, 320 down / 300 up.
I have enabled irqbalance.

My wireless config


config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option country 'AU'
	option cell_density '0'
	option htmode 'VHT80'
	option txpower '20'
	option channel '60'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr 'XX:XX:XX:XX:XX:XX'
	option ssid 'MySSID1'
	option encryption 'psk2+ccmp'
	option key 'mykey1'
	option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option country 'AU'
	option txpower '20'
	option cell_density '0'
	option htmode 'HT20'
	option channel '5'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option macaddr 'XX:XX:XX:XX:XX:XX'
	option ssid 'MySSID2'
	option encryption 'psk2+ccmp'
	option key 'mykey2'
	option wpa_disable_eapol_key_retries '1'

1 Like

Hi guys.

I don't compile code since many years but it's time to restart again :rofl:
I've a 1900ACSv1 (Shelby) used for years with Davidc502 images and now I'm configuring a real VM (Virtualbox) with Xubuntu 20.04 LTS so I can start to play again with make and gcc.

Before start with make in next days, I've two very stupid questions.
I wish to try a precompiled image found here https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/

  1. For a simple test with my 1900ACS which is the more stable version ? I want to test for a week but 1900ACS is in my home and my wife works there and I need to be sure that LAN/WAN (IPv4) and wifi are working. Or my wife kill me :sweat_smile:
  2. Can I upgrade directly from Davidc502 web interface (which subversion version do I use ? kernel.bin, factory.img or sysupgrade.bin ?) ? Or I need to transfer with ssh and run sysupgrade ?

Thanks :slight_smile:

Please read

I compiled Kernel 5.10 for Venom, I have the DSA Roaming fix patch included on it, should I remove it for Kernel 5.10.16?

So far no issues with Kernel 5.10 WiFi is working without issue and I am getting full speed on both 2.4 and 5ghz WiFi AP's.

I have also removed the O2 patch and thumb patch as I was having issues with DNSCrypt-Proxy V2 segfaulting and traceroute erroring out with XOR! X with them enabled.

Recompiling a Kernel 5.4.99 Build now though as backup.

Edit: Found the DNSCrypt-proxy v2 issue to be caused by the ARM-Cortex-A9-build-the-userspace-with-Thumb-2-instr.patch patch. Removing it resolved the issue.

Just for fun I try my first build. All works fine without any errors. SkewedZeppelin great works ! Thanks.

This is my setup if someone else is interested (PS I'm a newbie):

  1. Install and run Xubuntu 20.04 LTS 64bit into a new Virtual Machine (I use Virtualbox 6.1 and my host system is a Windows 10 64bit 20H2, 16GB RAM, 512GB SSD, CPU Intel I7-2600 3.40GHz with 8 logical cores). My VM is configured with 6144MB RAM, 4 logical CPU, 60GB virtual HDD. 4096MB RAM and 30-40GB virtual HDD can be enough (after build, occupied disk space is 23GB). If you wish, install VboxLinuxAddition (share clipboard and other).

  2. Login with a normal unprivileged account (not root)

  3. Update Xubuntu:
    sudo apt update
    sudo apt upgrade
    (first time take a long time due to 'snap' package installation. more or less 5-10m. take a cup of coffee)

  4. Install openwrt dependencies:
    sudo apt install build-essential ccache ecj fastjar file g++ gawk \
    gettext git java-propose-classpath libelf-dev libncurses5-dev \
    libncursesw5-dev libssl-dev python python2.7-dev python3 unzip wget \
    python3-distutils python3-setuptools rsync subversion swig time \
    xsltproc zlib1g-dev
    sudo apt install asciidoc-base flex help2man intltool libusb-dev
    I love VIM: sudo apt install vim

  5. Get divested config file and patches:
    cd ~/
    mkdir divested
    cd divested
    wget -nd https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/latest/config
    wget -r -l 1 -nd -np -A "0*.patch" https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/patches/
    cd ~/

  6. from https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/#selfBuild :
    cd ~/
    git clone https://git.openwrt.org/openwrt/openwrt.git
    cd openwrt
    git config pull.rebase true
    ./scripts/feeds update -a -f
    ./scripts/feeds install -a -f
    #copy in the config from the latest build here, name it .config
    cp ~/divested/config .config
    #git am the .patches from /patches
    git am ~/divested/*.patch
    #make any changes you want, then save and exit
    make nconfig
    make -j4 download # run in 3m
    make -j4 # run in 1h50m

  7. build files are in ~/openwrt/bin/ (firmware and packages)

2 Likes

Hi, I'm thinking of doing a upgrade and keeping settings.
I've edited my network, system and sqm file with what was said in post 149.
My new configfiles look like this, if anyone wants to double-check (don't want to mess it up while upgrading)..
Anything to do with openvpn server before doing a move to this build? Thanks again

Network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdfe:8179:1be0::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option ifname 'wan'
        option proto 'dhcp'
        option peerdns '0'
        list dns '127.0.0.1#5300'

config device 'wan_wan_dev'
	option name 'wan'
	option macaddr 'Hidden in this post'

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option auto '0'
        option reqaddress 'try'
        option reqprefix 'auto'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'

config route
        option interface 'lan'
        option netmask '255.255.255.0'
        option target '192.168.228.0'
        option gateway '192.168.1.128'

System


config system
        option ttylogin '0'
        option urandom_seed '0'
        option zonename 'Europe/London'
        option log_proto 'udp'
        option cronloglevel '8'
        option hostname 'Router'
        option log_size '256'
        option conloglevel '7'
	option compat_version '1.1'

config timeserver 'ntp'
        list server '0.openwrt.pool.ntp.org'
        list server '1.openwrt.pool.ntp.org'
        list server '2.openwrt.pool.ntp.org'
        list server '3.openwrt.pool.ntp.org'

config led 'led_wan'
        option name 'WAN'
        option sysfs 'pca963x:shelby:white:wan'
        option trigger 'netdev'
        option mode 'link tx rx'
        option dev 'wan'

config led 'led_usb1'
        option name 'USB 1'
        option sysfs 'pca963x:shelby:white:usb2'
        option trigger 'usbport'
        list port 'usb1-port1'

config led 'led_usb2'
        option name 'USB 2'
        option sysfs 'pca963x:shelby:white:usb3_1'
        option trigger 'usbport'
        list port 'usb2-port1'
        list port 'usb3-port1'

config led 'led_usb2_ss'
        option name 'USB 2 SS'
        option sysfs 'pca963x:shelby:white:usb3_2'
        option trigger 'usbport'
        list port 'usb3-port1'

config watchcat
        option period '6h'
        option mode 'ping'
        option pinghosts '8.8.8.8'
        option forcedelay '30'

SQM


config queue 'eth1'
        option enabled '0'
        option interface 'wan'
        option download '85000'
        option upload '10000'
        option qdisc 'fq_codel'
        option script 'simple.qos'
        option qdisc_advanced '0'
        option ingress_ecn 'ECN'
        option egress_ecn 'ECN'
        option qdisc_really_really_advanced '0'
        option itarget 'auto'
        option etarget 'auto'
        option linklayer 'none'
1 Like

Make a backup of everything first, that way you won't loose anything but that looks ok.

@solidus1983

How is Kernel 5.10 is it stable in terms of like Kernel 5.4?

It should be reasonably stable, assuming it has been updated correctly. It does however lack the DSA fixes, which are from 5.12, only been backported to 5.4.

Also @SkewedZeppelin what patches do i need to remove going to Kernel 5.10?.

All of the patches in my repo (aside from the unused/work folder) you can keep applied whether you are building 5.4 or 5.10

I also noticed there are two patches for mamba for resize are they the same or is there a dedicated on to use.

The first is for 5.4, the second for 5.10.

I have the DSA Roaming fix patch included on it, should I remove it for Kernel 5.10.16?

No need to remove it, it won't conflict.
I am in no rush for 5.10.
And will still recommend use of 5.4 builds until everything is ironed out upstream.

also removed the O2 patch and thumb patch as I was having issues with DNSCrypt-Proxy V2 segfaulting and traceroute erroring out with XOR! X with them enabled.

That is strange, O2 should always be safe. Maybe make dirclean? Backup your config first.

@anomeome

802.11w be borked on mwlwifi

I did have it working for a while, I have it off currently because some of my devices don't support PMF.
NetworkManager also doesn't seem to fully expose WPA3 just yet, even on latest Fedora.

@wally_walrus

these are probably system-wide settings affecting all LANs. I'm just curious why one LAN still has connectivity while the other 3 don't

I added those settings, I would test with them removed.
I've seen them do weird things. Wouldn't be surprised if they are the cause.

@digital_mystik

Has anyone had any issues with their Android phones dropping connection? Looking for a bit of advice on how to troubleshoot this.

I've had constant drops of my phone to my XMPP server.
I have been blaming my ISP however, as it happens to SSH connections over wired.

@larrynz

Does anyone know any tricks for speeding up wifi?

Set legacy_rates '0'.

wifi performance direct line of sight 2 metres at most, 320 down / 300 up.

That could be the limit of your test device.

@ambrosa

To migrate in place you would need to use a sysupgrade image, but perform the DSA migration by hand first.
If you want to use one of the resized builds you need to use the factory image and follow the process detailed on the builds page.

Just for fun I try my first build. All works fine without any errors.

Awesome!

@frootloobs
That looks correct, however note that these builds do not have OpenVPN support.

@SkewedZeppelin

  1. In my 1900ACS from Davidc502 Luci interface I've loaded your
    divested-wrt-snapshot-r15831+10-5bb9954826-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin (kernl 5.4) without migrating my previous configuration (starting from scratch) and 'forcing' the new firmware installation due a system name mismatch (really, it's a shelby, it's only a problem about name).
    Well, it works without any problem. Great !

  2. So I've modified (with make nconfig) my build adding some feature. Loaded my sysupgrade and BINGO it works fine too.
    I'm very happy. Now I can play for sometimes ahahaha

BTW: it looks to run very fast

  1. I've a question: can you kindly explain to me the problem about 'RESIZED' images ?

Thanks.

Ah, I should've read about the build before jumping to conclusions (openvpn included), would adblock, banip, dnscrypt etc also have to be included in a custom build that I can build following the instructions?

Over a year back I had sae mixed working somewhat on a mamba, but the same config taken to a rango killed the device. Manifests in a somewhat interesting fashion. But there a numerous mwlwifi issues discussing the 801.11W issues on both radios.

@frootloobs
Please look at the configs to see what is included in my builds.
https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/latest-resized/config.buildinfo
adblock and banip are included.
you should be able to add dnscrypt or stubby via opkg

@ambrosa

problem about 'RESIZED' images

There is no problem, as long as you are careful flashing them the first time.
The resizing is necessary on mamba and venom because new kernels are too big for their 3MB partition.

@anomeome
yep, yep mwlwifi is a sad mess.

Thanks, I'm using wireguard on my Home Assistant VM, works very well, so I can live without openvpn and use wireguard on the router when I need access. :slight_smile:
I've generated a backup of davids build.
If I brick my router, how do I get back to david's?
And dynamic dns can also be added with opkg?

@frootloobs
For my 19000ACS Shelby I've rebuild this image without any problem including some other packages: openvpn, samba4, emailrelay, dynamic ddns
and removed adblock and banip (I don't use them so I save space)

Build was fine and installation in my 1900ACS is ok.
Samba4 works.
The other packages... I've not tested yet :slight_smile:

I've a very stupid question: port forward doesn't work for me.

I've simple added in /etc/config/firewall something like:

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp'
	option src_dport '80'
	option dest_ip '192.168.1.100'
	option dest_port '80'
	option name 'HTTP_SERVER'

taken form my Davidc502 config. But it doesn't work and I don't understand why. There is need to enable some extra routing ?
Any idea ?

Thanks.

@pr0nstache
Please post the error you receive.

@ambrosa
Does it work on another source port? I think luci/uhttpd bind to 80 on all interfaces by default, might be conflicting.

Got nervous when I had this message. Need to click force to go further. I have the wrt1900acs router so the sysupgrade.bin should be correct.. ?

Device linksys,shelby not supported by this image Supported devices: linksys,wrt1900acs armada-385-linksys-shelby linksys,shelby - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA Image check failed.

The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform.

You have to deal with the DSA switch as indicated by message.

1 Like

Sorry, I fixed it by going back to linksys firmware and installing factory-flash package again, no library error this time. I should have screenshotted it when it happened.

you previous build was swconfig?, you have to force it or flash from oem linksys

edit, I forgot to uncheck ''keep setting.