Hi @SkewedZeppelin, at some point you mentioned you wanted to add SELinux to your build. Is that still a goal for the near future?
Thanks again for doing this!
1 Like
@wally_walrus
When SELinux support is ready, these builds will utilize it.
I've made a few test builds, but upstream is not yet there.
1 Like
Thank you again for your work on these - once I figure out how to get DSA VLANs working as per my ISP I look forward to using your builds - but that is a topic for another thread.
Question - DoH?
I see you have banip and adblock, but don't have DoH or DoT included - curious as to your thoughts.
Cheers.
hi guys, sorry for noob question but i can't find switch tab to set vlans under network menu...someone can help me. thanks
seems that they are moving away from that to something called "DSA"
there are versions that still have the "switch" menu
So now the question is how can I disable dsa and reactivate the old swconfig? If there is a patch I can recompile the software.
You can’t disable it. DSA is now upstream Linux solution for controlling switches on the mvebu platform (among others).
Ok but the 19.07.7 build have the old switch method so something in the kernel has changed..btw there's some guide that help me to create two vlans with new dsa?
If you want to stick with swconfig just flash an older build to the other partition and keep it separate. 19.07.7 or the final Davidc502 builds both use it. 19.07.x will be maintained for a while so you'll be ok.
Long-term you definitely want to embrace DSA though, it's built into Linux kernel upstream, and that's how everything has moved to years ago.
Thanks but I want learn how to configure switch with dsa because sooner or later I will have to use it
1 Like
I don’t have any need for vlans, but this may have some relevance if you haven’t come across it yet.
I recreated (ie not converted) my configuration from a swconfig- to DSA-based and it was not difficult. Basically from a standard no-nonsense configuration you do the following (all from within LuCI):
- disable the bridge associated with "lan" interface (uncheck "Physical Settings - Bridge interfaces")
- add new virtual network interface(s) named "lan1.x" (for 1st switch port) so all become VLANs on top of "lan1"
- configure these interfaces as they were physical interfaces (ie assign IP address, enable and configure DHCP, IPv6, etc)
- add more virtual network interfaces as "lan2.x" for 2nd switch port if you need to, and so on (I did not do this)
- in Network - Firewall add firewall zones for each newly created interface, so you can control inter-VLAN IP traffic (follow the forwarding rule for LAN). You will need to create explicit firewall rules if you want certain hosts to access services on a different VLAN
1 Like
Dear Zeppelin ( maybe Robert Plant - just a little humor / Jimmy Page ),
Any feedback on this here - DNSPRIVACY FOR ALL REDEUX
Happy Easter - if you observe and Peace - and thanks for the updated KMODS
BTW - I was inspired by your example to include videos for DOT on OpenWRT in the aforementioned link above - so thanks for you being so thorough in all your endeavours
@SkewedZeppelin -
latest build (r16405+8) on wrt1900v1 - sysupgrade via gui does not work. the firmware upload progress bar finishes, but then nothing. the file does flash from the command line.
Dear, in this firmware is same as stock firmware 21.02 regarding the LAN speed if is connected on router a 10mbps device?
So, with 21.02-SNAPSHOT if on my WRT1900ACS is connected a device with 10mbps LAN I have the upload fixed to 10mbps...
PS C:\Users\Andrea\Downloads\iperf-3.1.3-win64> .\iperf3.exe -c 192.168.181.1
Connecting to host 192.168.181.1, port 5201
[ 4] local 192.168.181.159 port 50593 connected to 192.168.181.1 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.01 sec 384 KBytes 3.12 Mbits/sec
[ 4] 1.01-2.01 sec 640 KBytes 5.26 Mbits/sec
[ 4] 2.01-3.01 sec 1.12 MBytes 9.35 Mbits/sec
[ 4] 3.01-4.01 sec 1.12 MBytes 9.52 Mbits/sec
[ 4] 4.01-5.01 sec 1.12 MBytes 9.41 Mbits/sec
[ 4] 5.01-6.00 sec 1.12 MBytes 9.50 Mbits/sec
[ 4] 6.00-7.00 sec 1.12 MBytes 9.46 Mbits/sec
[ 4] 7.00-8.00 sec 1.12 MBytes 9.41 Mbits/sec
[ 4] 8.00-9.01 sec 1.12 MBytes 9.40 Mbits/sec
[ 4] 9.01-10.01 sec 1.12 MBytes 9.44 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.01 sec 10.0 MBytes 8.38 Mbits/sec sender
[ 4] 0.00-10.01 sec 9.81 MBytes 8.23 Mbits/sec receiver
iperf Done.
As soon as I remove this device...
PS C:\Users\Andrea\Downloads\iperf-3.1.3-win64> .\iperf3.exe -c 192.168.181.1 -R
Connecting to host 192.168.181.1, port 5201
Reverse mode, remote host 192.168.181.1 is sending
[ 4] local 192.168.181.159 port 50611 connected to 192.168.181.1 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 95.6 MBytes 802 Mbits/sec
[ 4] 1.00-2.00 sec 97.9 MBytes 821 Mbits/sec
[ 4] 2.00-3.00 sec 101 MBytes 847 Mbits/sec
[ 4] 3.00-4.00 sec 101 MBytes 850 Mbits/sec
[ 4] 4.00-5.00 sec 105 MBytes 884 Mbits/sec
[ 4] 5.00-6.00 sec 92.3 MBytes 774 Mbits/sec
[ 4] 6.00-7.00 sec 105 MBytes 877 Mbits/sec
[ 4] 7.00-8.00 sec 102 MBytes 849 Mbits/sec
[ 4] 8.00-9.00 sec 99.4 MBytes 836 Mbits/sec
[ 4] 9.00-10.00 sec 107 MBytes 894 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 1006 MBytes 844 Mbits/sec 23 sender
[ 4] 0.00-10.00 sec 1006 MBytes 844 Mbits/sec receiver
In 19.07.7 without DSA all is ok. Thanks and sorry for this small OT.
1 Like
WRT32X: No issues after updating to 20210403-00: divested-wrt-snapshot-r16405+8-438e88e672-mvebu-cortexa9-linksys_wrt32x-squashfs-sysupgrade.bin
THANK YOU!
Hi!
How did you made work dnscrypt-proxy2?
Building my own image, including dnscrypt-proxy2, it just won't start. No debugging info, nada.
If I install it after flashing image, it works fine.
What i'm missing?
Thank you!
May I ask for assistance on DSA and VLAN tagging? I want to fully use this build but am struggling with VLANs - which I may not even need.
I have to connect to my ISP on VLAN10 on wan and was able to do this simply by renaming wan to wan.10 through LuCI so all good there, however it seems if I try to change any bridging on lan the unit freaks out and 90secs later I am reverting my changes.
I have read so many things that I admittedly don't understand on DSA and VLANs however there seems to be a gap in bridging the two topics and what a configured /etc/config/network with VLANs and tagging should look like.
I appreciate LuCI has only been recently updated to somewhat enable a GUI config for DSA.
What I am trying to achieve...
Main LAN 192.168.1.1
- physical ports 1 & 3 (just how I happened to plug them in)
- Wifi 5ghz (ssid ~house5)
- Wifi 2.4ghz (ssid ~house2.4)
Kids LAN 192.168.x.x
- physical port 2
- Wifi 5ghz (ssid ~kids)
- Needs to cross to static IP on VLAN.home to access SMB share (this just a firewall rule?)
NB: I was hoping to run a separate DNS instance to enable safe browsing etc
Guest LAN 10.10.x.x (IP was chosen as it came from the tutorial I was following)
- physical port 3 (used for a work VPN connection)
- Wifi 5ghz (ssid ~guest5)
- Wifi 2.4ghz (ssid ~guest2.4)
Do I need 3 distinct VLANs?
Can I configure this thru LuCI?
I understand this image has a hardcoded dsnmasq.conf "interface=br-lan" that may need to be changed
What is the purpose of the local and primary options on VLAN in latest LuCI?
Any assistance, even just directing to a DSA and VLAN for Real Dumb Dummies, would be greatly appreciated.
Edited for clarity
Sounds as if you simply want to isolate some of the RJ45 ports into separate interfaces which are not part of the generic LAN bridge. For that you wouldn't need any specific VLAN configuration. Removing the corresponding ports (I guess "lan2" for kids and "lan3" for guest) from the br-lan bridge should be sufficient. You can then create two new interfaces (e.g. named "kids" and "guest") and assign "lan2" and "lan3" as physical interface to them respectively.
When reconfiguring the ethernet switch/ports of a device I usually connect via wifi to the unit, this way intermittent ethernet disruptions do not interfere with the apply process.
1 Like