@SkewedZeppelin I take it with
0010-DSA_roaming_fix_for_Marvell_Link_Street_switch_series.patch that 0010-DNM-DSA_Bridge_FDB_Sync_Workaround.patch is no longer required?
@solidus1983
That is correct. The workaround is no longer needed in favor of the proper fix patchset.
Use git rebase -i HEAD~X to drop it
@directnupe and others
I have made a quick start video to compiling OpenWrt, or more specifically these builds.
https://divested.dev/index.php?page=videos#openwrt-compile_quick_start
Enjoy!
1 Like
I take it using that command will drop all the patches or just that one patch?
@solidus1983
Specify X as the number of commits added since HEAD, eg. 8.
-i is interactive
it'll let you choose which patches to keep, squash, drop, etc.
uncomment and change pick to drop for the old workaround patch.
Then your tree will be rebased and you can cleanly apply the new patch.
1 Like
I can see that there are fellow refugees from David's builds here 
Is it best practice to start completely fresh when coming from a pre-DSA build, or is it fine to just upgrade with previous configs intact?
@digital_mystik
I'd recommend you backup and start fresh.
You can extract the backup using normal tools (tar or file-roller) to reference your old changes.
However you are free to try in-place upgrade, you'll have to manually migrate to DSA and then flash via sysupgrade.
Please note, these really are recommended to be used as is, without installing anything else on them, unless you want to compile it in.
Best of luck!
2 Likes
sounds good.. from looking at the manifest it seems most packages that I would use are there.. the only thing that I would probably add myself is stubby for DoT support
1 Like
Please note, these really are recommended to be used as is, without installing anything else on them, unless you want to compile it in.
Just to clarify, would I be fine adding stubby and its dependencies or would I have to compile the whole shebang? As in the package feed is a snapshot of a given time, and shouldn't bring upon any issues? (I could be totally wrong and pardon my noobishness, I know a bit about linux etc, but openwrt/snapshots not so much)
I appreciate the input, and thanks for hosting these builds!
I am on the fence when it comes to including stubby.
I used it a lot in 2019.
My concerns with it were:
-
The limited selection of resolvers. Most were either big Co. or were sketchy.
-
The latency added for each lookup due to the TLS handshake.
Which was only made worse because there was no connection reuse/keepalive.
I think there is keep-alive now, I will look into it. -
My last issue was that the config would always get reset for some reason.
Other things:
- Encrypted DNS is still kinda useless without Encrypted SNI. You do obviously get the integrity checks, but accessed hosts still get leaked.
- Firefox had(/has?) ESNI support when you used its TRR, but it only actually worked when connected to Cloudflare hosts, due to how the signing is propagated.
- Firefox 73+? has DoH supported
- Android 9+ has DoT supported
- Android 4-8 can use my libre fork of Intra https://github.com/Divested-Mobile/libretra/commits/libre
Frankly I think it simply isn't ready yet.
Of hope, the working group is doing their best to make progress on this front from what I can see.
Maybe another year or two!
3 Likes
Thanks for your help earlier, running new build with new patch and man i have never seen a System Log so quite.
As for DNS using things like stubby etc i agree with you on it.
Personally running Pi-Hole Docker servers with a Dedicated Ubound Docker server for DNS queries. Works well, but also means i can change to just Pi-Hole.
However like you said SNI is still not encrypted even via that method.
1 Like
Dear SkewedZeppelin,
Hello and I hope that you are well. I really would like to use your builds. The only reservation which I have is your comment of :
@directnupe
I have no intention of including OpenVPN support.
I have a r7800 and use hnyman's Build for Netgear R7800. I mention that as he does support OpenVPN and all that is needed for you to do the same is to do what he does for his custom firmware.
The following is detailed on his thread under Network tools
kmod-tun, enables opkg install of OpenVPN (openvpn-openssl variant)
So, with all due respect - I do not think that it is too much to ask nor too heavy of a lift for you to compile your future builds with kmod-tun package installed / enabled so that end users may install and use OpenVPN. I for one would greatly appreciate you doing so and I am confident that others will also thank you for making this small addition to your otherwise excellent images.
Thank you for your time, dedication and attention to making No-nonsense Linksys WRT builds the best viable option available for us all.
Peace and God Bless - Stay Safe
Hi @directnupe !
Due to the extra security settings I have used to compile these builds even if I do include kmod-tun the OpenVPN packages from the OpenWrt snapshots are likely incompatible.
I also have no intention of including the full OpenVPN packages along with my images due to both technical concerns and philosophical reasons.
I likely will eventually include WireGuard support, but until we figure out how to repartition the 3MB kernel devices there is an inherent space limit that we must work within.
Kind regards,
Tad.
2 Likes
Is anyone seeing performance improvement when enabling irqbalance on this hardware? I imagine all it takes is change option enabled '0' to '1' then restart it in System - Startup)
I'm using both a 1900v1 (mamba) and a 1900v2 (cobra) and only using them in wired mode...
TIA
Dear SkewedZeppelin,
First - I looked at your video detailing how to compile OpenWRT - it was easy to follow - and well done. Thanks for doing that for all of us. Regarding your statement :
even if I do include kmod-tun the OpenVPN packages from
the OpenWrt snapshots are likely incompatible
when you say likely incompatible are we talking 50% / 60% or 20% - or no it simply will not work. If there is any chance - 1% say - I am willing to take a shot - so I am just asking - can you please kmod-tun in your next build so long as it does adversely impact the build in any other manner.
Just for my curiosity and understanding will you briefly explain your stance on OpenVPN when you say
due to both technical concerns and philosophical reasons -
especially the philosophical reasons piece
Thanks
Enabling irqbalance only helps slightly with the Wi-Fi performance due to those interrupts being the only supported ones.
See this forum thread here:
1 Like
Pm sent.
Thanks
Thank you!
I just wanted to add a comment for people who ask @SkewedZeppelin to include one thing or another... Please remember he is creating these builds for himself and graciously sharing with us. He is under no obligation, moral or otherwise to appease to other people's needs. There is a reason these are called "No-nonsense builds" if you want more - feel free to compile it yourself
I for one support his stance in keeping the number of packages and add-ons to a bare minimum, this helps with stability and also keeps the mamba devices on the supported list (unlike snapshots)
Keep It Simple!
4 Likes
Just wanted to add that I received a message from directnupe that I consider inappropriate. It looks like other members feel the same so his similar post here was flagged.
I will continue to support @SkewedZeppelin to keep these builds as "No-nonsense" and nothing else. And I won't "stay in my lane"...
1 Like
Hello again,
Sorry if this has been asked before, but I generated my own config with a few changes (wireguard + luci integration, stubby, wrt32x only) and noticed after running a diff that the original config's mwlwifi-firmware has 88w8864 and 88w8964 set. Is the older version better due to a performance regression, and was wondering how having both enabled works.. can they be toggled/switched?
I built a binary with the newer one only but haven't flashed it yet. Probably made a mistake and should have gone with how it was set originally, since newer doesn't always mean better.
Also great write up and video for the build process! Now I just need to pony up and buy a more powerful machine, since my current potato takes two hours to compile lol
2 Likes