Divested-WRT: No-nonsense hardened builds for Linksys WRT series

It didn't worked. I will do everything from the beginning.

Thank you!

I installed the libraries for debia/ubuntu without any problem:

[OpenWrt Wiki] Build system setup

running maje -j1 -V=sc shows this:

$ make -j1 V=sc
make[1]: Entering directory '/mnt/c/Users/Carlos/openwrt'
make[2]: Entering directory '/mnt/c/Users/Carlos/openwrt'
+ mkdir -p /mnt/c/Users/Carlos/openwrt/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi
+ cd /mnt/c/Users/Carlos/openwrt/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi
+ mkdir -p bin lib stamp usr/include usr/lib
mkdir -p /mnt/c/Users/Carlos/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/stamp
touch /mnt/c/Users/Carlos/openwrt/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/.prepared
+ mkdir -p /mnt/c/Users/Carlos/openwrt/staging_dir/host
+ cd /mnt/c/Users/Carlos/openwrt/staging_dir/host
+ mkdir -p bin lib stamp usr/include usr/lib
mkdir -p /mnt/c/Users/Carlos/openwrt/build_dir/host/stamp /mnt/c/Users/Carlos/openwrt/staging_dir/host/include/sys
install -m0644 /mnt/c/Users/Carlos/openwrt/tools/include/*.h /mnt/c/Users/Carlos/openwrt/staging_dir/host/include/
install -m0644 /mnt/c/Users/Carlos/openwrt/tools/include/sys/*.h /mnt/c/Users/Carlos/openwrt/staging_dir/host/include/sys/
ln -snf lib /mnt/c/Users/Carlos/openwrt/staging_dir/host/lib64
touch /mnt/c/Users/Carlos/openwrt/staging_dir/host/.prepared
make[3]: Entering directory '/mnt/c/Users/Carlos/openwrt/tools/flock'
make[3]: Leaving directory '/mnt/c/Users/Carlos/openwrt/tools/flock'
time: tools/flock/compile#0.11#0.05#0.64
make[3]: Entering directory '/mnt/c/Users/Carlos/openwrt/tools/xz'
(cd /mnt/c/Users/Carlos/openwrt/build_dir/host/xz-5.2.5/; if [ -x configure ]; then cp -fpR /mnt/c/Users/Carlos/openwrt/scripts/config.{guess,sub} /mnt/c/Users/Carlos/openwrt/build_dir/host/xz-5.2.5// && CC="gcc" CFLAGS="-O2 -I/mnt/c/Users/Carlos/openwrt/staging_dir/host/include " CXX="g++" CPPFLAGS="-I/mnt/c/Users/Carlos/openwrt/staging_dir/host/include " LDFLAGS="-L/mnt/c/Users/Carlos/openwrt/staging_dir/host/lib " CONFIG_SHELL="/usr/bin/env bash"  bash ./configure --target=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --program-prefix="" --program-suffix="" --prefix=/mnt/c/Users/Carlos/openwrt/staging_dir/host --exec-prefix=/mnt/c/Users/Carlos/openwrt/staging_dir/host --sysconfdir=/mnt/c/Users/Carlos/openwrt/staging_dir/host/etc --localstatedir=/mnt/c/Users/Carlos/openwrt/staging_dir/host/var --sbindir=/mnt/c/Users/Carlos/openwrt/staging_dir/host/bin --enable-static=yes --enable-shared=no --disable-doc --disable-nls --with-pic ; fi )
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory
cat: -: No such file or directory

XZ Utils 5.2.5

System type:
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu

Configure options:
checking if debugging code should be compiled... no
checking which encoders to build... lzma1 lzma2 delta x86 powerpc ia64 arm armthumb sparc
checking which decoders to build... lzma1 lzma2 delta x86 powerpc ia64 arm armthumb sparc
checking which match finders to build... hc3 hc4 bt2 bt3 bt4
checking which integrity checks to build... crc32 crc64 sha256
checking if external SHA-256 should be used... no
checking if assembler optimizations should be used... x86_64
checking if small size is preferred over speed... no
checking if threading support is wanted... yes, posix
checking how much RAM to assume if the real amount is unknown... 128 MiB
cat: -: No such file or directory
checking if library symbol versioning should be used... yes
checking if sandboxing should be used... maybe (autodetect)

checking for a shell that conforms to POSIX... /bin/sh

Initializing Automake:
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... cat: -: No such file or directory
no
checking whether make supports nested variables... yes
cat: -: No such file or directory
cat: -: No such file or directory
checking whether ln -s works... yes
checking whether make supports the include directive... cat: -: No such file or directory
no
checking for x86_64-pc-linux-gnu-gcc... gcc
cat: -: No such file or directory
checking whether the C compiler works... no
configure: error: in `/mnt/c/Users/Carlos/openwrt/build_dir/host/xz-5.2.5':
configure: error: C compiler cannot create executables
See `config.log' for more details
make[3]: *** [Makefile:37: /mnt/c/Users/Carlos/openwrt/build_dir/host/xz-5.2.5/.configured] Error 77
make[3]: Leaving directory '/mnt/c/Users/Carlos/openwrt/tools/xz'
time: tools/xz/compile#0.61#0.29#3.24
    ERROR: tools/xz failed to build.
make[2]: *** [tools/Makefile:159: tools/xz/compile] Error 1
make[2]: Leaving directory '/mnt/c/Users/Carlos/openwrt'
make[1]: *** [tools/Makefile:155: /mnt/c/Users/Carlos/openwrt/staging_dir/host/stamp/.tools_compile_yyynyynnyyynyyyyyynyynnyyyynyyyyyyyyyyyyyyyynynnyyyyyyy] Error 2
make[1]: Leaving directory '/mnt/c/Users/Carlos/openwrt'
make: *** [/mnt/c/Users/Carlos/openwrt/include/toplevel.mk:230: world] Error 2

So I will start from scratch to see if something went wrong before this.

Thank you!

@sunchar
Are you using the Windows Subsystem for Linux?

Yes, im using WSL2.

I'll check this post and comment later, now i'm at work.

Thanks!

Silly question incoming..

Is IPv6 disabled by default? Noticed that DHCPv6/WAN6 doesn't have a network device present.

If so, how could one go about enabling it?


Also was wondering how the resized builds are going (I have a venom).. the warning scared me a bit since I don't have a way to do a serial recovery if necessary haha

Thanks

@digital_mystik
You are the second person to report IPv6 issues.
IPv6 is not disabled by default.
I have it working and fully functional on both my mamba and caiman.
I am not too sure what is happening there.
See No-nonsense Linksys WRT builds - #148 by SkewedZeppelin for my config

As for the resized builds, they seem A-OK.
Still not merged upstream yet.

hmm.. interesting. No biggie since IPv4 is still functional. Not sure why it doesn't work either :man_shrugging:

The resized builds will be nice since 5.10 is the new LTS and will allow for the extra goodies that have been merged.

There is now a testing build with Linux 5.10 thanks to @nitroshift.
It does not include the critical DSA/FDB sync fixes.
It also lacks WireGuard.
I briefly tested it on my caiman.

3 Likes

Hi @SkewedZeppelin I'm also having IPv6 "issues" but different from what's reported here. My ISP provides a /56 prefix, and my network is split as follows (each has its own firewall zone):

  • default LAN (192.168.10.x)
  • 3 more LANs - OPT4 (192.168.40.x), OPT5 (192.168.50.x) and OPT6 (192.168.60.x)

Each of the router's interfaces facing the above has "Advanced Settings - Use built-in IPv6 management" checked. Also all router interfaces are identically configured for IPv6 (IPv6 assignment length = 64, IPv6 assignment hint = 10, 40, 50 and 60 respectively and IPv6 suffix = ::1)

In the Interface - DHCP Server - IPv6 settings I have:

  • Router Advertisement Service - server mode
  • DHCPv6-Service - server mode
  • NDP-Proxy - disabled
  • DHCPv6-Mode - stateless+stateful

Despite all the above seemingly identical, only clients in the the default LAN have proper IPv6 connectivity - the other 3 OPTx don't. I just wonder if you have any thoughts for whether I need to add firewall rules to enable IPv6 on OPTx (given they're all in different firewall zones) while LAN perhaps has it by default.

TIA

Wireguard was / is not a priority as I never used it but I know Wireguard needs some attention upstream.

nitroshift

1 Like

@nitroshift

There is work on fixing WireGuard here

@wally_walrus and others re: IPv6
Can you all try to comment the ipv6 lines in /etc/sysctl.d/60-restict.conf and reboot?
See if that makes a difference.

Hi, I am having trouble with the wifi on my wrt32x. I have tried wpa2 and wpa3 (even though as far as ive understood wpa3 is not really supported by these drivers) but the results seem to be very similar where it "might" work for a little bit but majority of the time it doesnt. What is the best settings for these builds? I have been using Davids builds for many years and only recently have tried to build my own image. Using the near enough stock config by @SkewedZeppelin. I have made a few small changes like add some additional packages and removed some but system wide is still the same. Wired network is stable and I dont have any issues with that. Just the wireless.
Ive noticed if I connect to the wireless, then disconnect, the web interface still shows as if im connected. The web gui hangs when the wireless fails (when im on the wire).
Any help would be greatly appreciated.

Hello,

Is the 5.10 build released today the test build mentioned earlier that doesn't have the DSA/FDB sync fixes?

Thanks

@digital_mystik
Correct.
They are there for testing other aspects of functionality.
I recommend using 20210217-00-RESIZED.

@skitts24
I do not have a WRT32*, so I cannot say.
My mamba and caiman have been flawless.
Can easily reach 500+Mbps up/down over Wi-Fi.

2 Likes

Just flashed 2/17, and everything works great! no more IPv6 issue on my end (even installed stubby, don't tell anyone :wink:)

I'm sure it has been said plenty of times, but just to reiterate, thank you for the contributions to the community!

2 Likes

How is Kernel 5.10 is it stable in terms of like Kernel 5.4?
Also @SkewedZeppelin what patches do i need to remove going to Kernel 5.10? , I also noticed there are two patches for mamba for resize are they the same or is there a dedicated on to use.

So.. currently on:
SNAPSHOT r15836+10-5408399fcb
Kernel Version 5.4.98
wrt-32x

Wifi is now working and has been stable all night. Its like these drivers are really sensitive to what channel is being used. These are my settings if anyone is interested:

:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
        option htmode 'VHT80'
        option country 'AU'
        option cell_density '0'
        option channel '144'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option macaddr '**:**:**:**:**:**'
        option ssid '****'
        option key '****'
        option wpa_disable_eapol_key_retries '1'
        option encryption 'psk2'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
        option htmode 'HT20'
        option country 'AU'
        option cell_density '0'
        option channel '5'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option macaddr '**:**:**:**:**:**'
        option ssid '****'
        option key '****'
        option wpa_disable_eapol_key_retries '1'
        option encryption 'psk2'

Tried to test a mix of wpa3 | wpa2/3 but anything related to wp3 seems to just break my wifi.

802.11w be borked on mwlwifi

1 Like

Hi @SkewedZeppelin, these are probably system-wide settings affecting all LANs. I'm just curious why one LAN still has connectivity while the other 3 don't. I still wonder if an explicit firewall rule is required that the regular LAN has by default

Has anyone had any issues with their Android phones dropping connection? Looking for a bit of advice on how to troubleshoot this.

My device is able to connect and works for a little while, then inevitably drops connection while remaining on the network (I cannot even ping anything in termux so it's not a resolution error unless I'm wrong about that). If I leave and then rejoin the connection comes back until it drops again eventually. My laptops remain connected and work as expected, any ideas? Not sure why it would be any different.

The lease is active as well.. I'll have to look into it more when I get back home later.