Divested-WRT: No-nonsense hardened builds for Linksys WRT series

@ninjanoir78
https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/#selfBuild

Use git am *.patch

1 Like

@SkewedZeppelin

May I ask if you can create a link to the latest builds? (I'm specifically interested in the config file)

wget -O .config https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/latest/config

1 Like

@lamelogin

A latest symlink has been added.

1 Like

thanks,

btw, what about make menuconfig and the one you wrote on your page ; make nconfig?
thanks

If you have the requisite bits installed in your environs
make menuconfig == make nconfig == make xconfig
just a different interface, nconfig harkens back a few decades to ncurses, the follow up to curses; them were the days.

2 Likes

@SkewedZeppelin

Thank you for providing this information. I was trying to build on my own and I wasn't able to get the performance that I was getting on the Davidc502 builds. I didn't have the knowledge to get where you are at and your sharing and openness is so greatly appreciated. Now with your documentation and patches my custom builds are working great. I have 24 hours in and all is good, I am maxing out my ISP bandwidth over wireless with no problems 500 down 30 up on my WRT3200ACM.

An added bonus is that the https://github.com/jerrykuku/luci-theme-argon I was using on older builds didnt load the login pages correctly and now they do.

1 Like

I was able to update my kernel to 5.4.93 by running a make kernel_menuconfig after my make nconfig using directions available at https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/

Dear @SkewedZeppelin,
Hello and I hope that you are safe and well. I have a simple request. I am getting ready to take my first spin with your No-nonsense Linksys WRT builds. I ran the command openssl engine -t -c
in order to check if Crypto accelerator is enabled. It was not. If at all possible, would you please enable the

(devcrypto) /dev/crypto engine

I really would appreciate it and I think that this issue has been resolved in the new kernels. Thanks in advance - and I look forward to being an active member of the Community.
Peace and God Bless - Stay Safe All

1 Like

@directnupe
I did not realize mvebu had any such hardware accel. Thanks!
I have enabled OpenSSL devcrypto support in the 20210131-00 release.
Please make sure you uncomment it in /etc/ssl/openssl.cnf under the [engine] block.
Further documentation is here

4 Likes

Hi @SkewedZeppelin and many thanks for continuing to provide this! I noticed in today's build you included "bmon" - I'm just curious what made you select it compared with other bandwidth monitoring packages?

I think I tried bmon recently and found screen wasn't very well laid out and a little difficult to read, ended up installing bwm-ng instead...

Also iperf3 is now included - are you using it to test your LAN or WAN performance (or both)? Just curious about the use case that made you include it permanently

Cheers,

1 Like

Is it related to usb drive ?

It is about getting the CESA cryptographic engine in play, check:

root@bsaedgy:~# dmesg | grep -i crypt
[    0.013616] cryptd: max_cpu_qlen set to 1000
[    1.680464] marvell-cesa f1090000.crypto: CESA device successfully registered
[   11.525081] cryptodev: driver 1.11 loaded.

should be some old threads to be found in forum. But I suppose if you encrypt things on your drive...

ok, I got that

root@OpenWrt:~# dmesg | grep -i crypt
[    0.010425] cryptd: max_cpu_qlen set to 1000
[    1.597886] marvell-cesa f1090000.crypto: CESA device successfully registered

Not quite, the CESA unit is found, but you are missing the actual use of the device via cryptodev, configuration to be found in the openssl configuration(menuconfig) and setup. And for the sake of completeness, you can also get to it via afalg, but cryptodev still seems to be the more performant of the two.

I enabled kmod-cryptodev and libopenssl-devcrypto. via my .config so I guess in my next compilation, both will be available

@wally_walrus

I've always likely the simplicity of bmon for quick stats/graphs.
And here is a lot of unused space (15+MB), no reason not to keep iperf3 handy.

Dear SkewedZeppelin,
Hello and I want to thank you for (devcrypto) /dev/crypto engine support as I requested on your builds. Now, I am having a problem with OpenVPN on your builds. I have tried to install openvpn-mbedtls and later on openvpn-openssl neither installs correctly. One major problem is there is no kmod-tun package installed on your current build ( or the previous build either ). When I go to install kmod-tun this is the readout below:

Collected errors:
 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-tun found, but incompatible with the architectures configured
 * opkg_install_cmd: Cannot install package kmod-tun.
 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-udptunnel4 found, but incompatible with the architectures configured
 * opkg_install_cmd: Cannot install package kmod-udptunnel4.
 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-udptunnel6 found, but incompatible with the architectures configured
 * opkg_install_cmd: Cannot install package kmod-udptunnel6.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for openvpn-openssl:
 *      kernel (= 5.4.94-1-5bd5b086c05f1d73c0d67477796a6f5a)
 * opkg_install_cmd: Cannot install package openvpn-openssl.

There are similar error logs when attempting to install openvpn-mbedtls
So - this is obviously an issue that needs to be addressed when you compile your next image.
This is particularly problematic as many folks routinely run OpenVPN service on their routers.
Peace and God Bless - and always stay safe

1 Like

New builds are up.
They include a proper in-kernel fix for the DSA roaming issue.
Fixes by Vladimir Oltean and Tobias Waldekranz and backported to 5.4 by DENG Qingfang.
Big thanks to them!
I have tested them working quite well.

Email here
https://lists.openwrt.org/pipermail/openwrt-devel/2021-February/033620.html

Patch here
https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/patches/0010-DSA_roaming_fix_for_Marvell_Link_Street_switch_series.patch

Please test roaming with it!

@directnupe
I have no intention of including OpenVPN support.

2 Likes

Running stable. Thanks for the DSA roaming fix notice. (I did not know what happened before but i did encounter certain glitches like this.)

Here for testing, enjoying your builds. Currently no issues.

Well does anyone here ( regular users of these No-nonsense Linksys WRT builds ) have any insight as to how to deploy OpenVPN successfully on this firmware. ? Just asking - thanks in advance

1 Like