Divested-WRT: No-nonsense hardened builds for Linksys WRT series

@SkewedZeppelin Thank you so much for your swift reply!

Tested with LuCi as you suggested - Downloaded

divested-wrt-snapshot-r15882+11-4b37e3bc2b-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin

On validation I got:

Device linksys,shelby not supported by this image Supported devices: linksys,wrt1900acs armada-385-linksys-shelby linksys,shelby - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA Image check failed.

The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform.

I stopped there. Lost my nerve forcing this update without checking with you first. This should be the right firmware?

@steinmb
Yes that is correct.
You are running an old version.
These devices received a name change, and the DSA migration happened.
keep settings unchecked and force checked and you will be good.

Great, thank you.

Yes. You should restart from scratch. "Force" install without your config. Start from the beginning.

steinmb; how did it play out for you? I'm thinking about upgrading from davids and I got the same hardware as you. I have a dumb ap connected with cable, its providing wifi in a part of my home. Will this work on first boot after sysupgrading? Wifi is turned off on the router, but should be useable from my dumb ap?

edit: I can answer myself because I just upgraded without keeping config and forcing to the latest 5.10 version. Dumb AP came back in a minute or so :slight_smile: I'm a happy man so far!

Confirm that forced install with keep settings unchecked worked. My router came up at the default 192.168.1.1 - I am currently configure it but so far so good. No benchmarks yet.

@SkewedZeppelin Just installed latest snapshot with 5.10.16 on my Linksys WRT32X. No issues yet. Looks rock solid again. Thank you!

1 Like

I also just installed r15927+11 on my mamba and it looks stable, however when I refreshed the folder it was emptied. Not even 20 minutes later a new build was up (r15949+10). @SkewedZeppelin any reason you pulled r15927+11 and what does r15949+10 fix?

TIA

Maybe you can check the changelog

Not updated yet, latest entry still points to the build I have installed

Nothing is wrong with r15927+11.
I refreshed my patches after the DSA fix was merged upstream.
Then made r15949+10.
Then I realized I had 10+GB of builds, and deleted all the old ones.

1 Like

That's reassuring, many thanks!

It was in the changelog

Changelog shows 20210223-00-RESIZED while latest is 20210223-01-RESIZED

regarding recent resized updates for wrt1900ac v1:

generally - working great. this is a major advance for these devices.

minor issue: 5gz channel analysis has been hit-or-miss. most builds faild to show anything but local interface.
specific:
in -r15889 this was working fine.
in -r15949 this only shows local interface again

my 5g performance reaches about 340 mbit/sec (local limit) in all recent builds

Ok.
I thought you had 0222

Changelog shows both, maybe your browser cached it.

Great Firmware I've been following this project since January 2021.

I am a long term user of Untangle NG Firewall and recently reverted back to Stock Firmware.

I would like to know your opinions on:
Untangle NGFW
Untangle SD WAN Router
DavidC502 Builds
OPENWRT Insomnia
& Finally your Builds

From the change log I can see your builds are updated frequently I would like to know the benefits and if you plan on including WireGuard & OpenVPN in future releases

Thanks

1 Like

@micpro

Untangle

Lots of buzzwords, and you have to signup to download?
Mainly adds "enterprise" features like unified management and VPN setup.
Likely not suitable to home users.
Seems OpenWrt based.

Davidc502 builds

Outdated and very insecure.
Includes too many packages imo.
Also no sources or configs from what I could find.
Doesn't provide GPG sigs.
Has a massive forum thread (with questionable info).

Insomnia

Requires JavaScript to download.
Why would I want to run node on my router? My router is for routing.
The git repository is automated commit soup. Can't make head for tails.
Based off of 19.07.
Provides a big opkg repo.
Does provide configs.
Does at least provide GPG sigs.
Provides a fair bit of documentation.

your builds

I try to keep them vanilla, arguably to a fault.
These are routers and access points, not home servers imo.
Enabled some security features that are usually default disabled.
The download page works without JavaScript, provides GPG signatures, is available via onion.
Since it uses snapshot opkg feeds, compatibility isn't the best for extras.

including WireGuard & OpenVPN in future releases

WireGuard is in the 20210221 build, and is pending upstream fix for the 5.10 builds.
OpenVPN will not be included as repeatedly mentioned in this thread.

4 Likes

Hi!

I was using Davidc502 builds for some years. Now I want use No-nonsense builds, with basic use it works great, but i'm having some problems with IPv6 addresses, and guest wifi, i copied the same config i was using on Davidc502 builds but it is not working.

I tried this [OpenWrt Wiki] Guest Wi-Fi basics and this script:

NETWORKID=guest;FIREWALLZONE=guestzone;\
uci batch <<EOF
  set network.${NETWORKID}=interface
  set network.${NETWORKID}.ifname=${NETWORKID}
  set network.${NETWORKID}.proto=static
  set network.${NETWORKID}.ipaddr=192.168.3.1
  set network.${NETWORKID}.netmask=255.255.255.0
  set network.${NETWORKID}.ip6assign='60'
  set dhcp.${NETWORKID}=dhcp
  set dhcp.${NETWORKID}.interface=${NETWORKID}
  set dhcp.${NETWORKID}.start=100
  set dhcp.${NETWORKID}.leasetime=12h
  set dhcp.${NETWORKID}.limit=150
  set dhcp.${NETWORKID}.dhcpv6=server
  set dhcp.${NETWORKID}.ra=server
  set firewall.${FIREWALLZONE}=zone
  set firewall.${FIREWALLZONE}.name=${FIREWALLZONE}
  set firewall.${FIREWALLZONE}.network=${NETWORKID}
  set firewall.${FIREWALLZONE}.forward=REJECT
  set firewall.${FIREWALLZONE}.output=ACCEPT
  set firewall.${FIREWALLZONE}.input=REJECT 
  set firewall.${FIREWALLZONE}_fwd=forwarding
  set firewall.${FIREWALLZONE}_fwd.src=${FIREWALLZONE}
  set firewall.${FIREWALLZONE}_fwd.dest=wan
  set firewall.${FIREWALLZONE}_dhcp=rule
  set firewall.${FIREWALLZONE}_dhcp.name=${FIREWALLZONE}_DHCP
  set firewall.${FIREWALLZONE}_dhcp.src=${FIREWALLZONE}
  set firewall.${FIREWALLZONE}_dhcp.target=ACCEPT
  set firewall.${FIREWALLZONE}_dhcp.proto=udp
  set firewall.${FIREWALLZONE}_dhcp.dest_port=67-68
  set firewall.${FIREWALLZONE}_dns=rule
  set firewall.${FIREWALLZONE}_dns.name=${FIREWALLZONE}_DNS
  set firewall.${FIREWALLZONE}_dns.src=${FIREWALLZONE}
  set firewall.${FIREWALLZONE}_dns.target=ACCEPT
  set firewall.${FIREWALLZONE}_dns.proto='tcp udp'
  set firewall.${FIREWALLZONE}_dns.dest_port=53
EOF
uci commit

Both work on Davidc502 builds, but i don't know why it doesn't anymore.

About IPv6, just by setting Router Advertisement-Service, DHCPv6-Service, NDP-Proxy to Relay mode on DHCP server and IPv6 assignment length to 64 make it work. Now i haven't IPv6 address.

Any advice?

Thanks!