Divested-WRT: No-nonsense hardened builds for Linksys WRT series

http://lists.openwrt.org/pipermail/openwrt-devel/2021-May/035353.html

commit, was to overcome a migration issue.

Thanks @anon50098793. I recognized the changes were about DSA after reading the Mini tutorial a short while ago about the Simple ports bridging section and my network added a same config device section after the migration.

Thanks @anomeome I hadn't seen the commit and didn't hear any noise here about it.

1 Like

See netifd changes:

Maybe for better understanding see also:

LuCI uses the new syntax only so it offers users a migration.

Has anyone gotten a working Guest WLAN config working? I just upgraded from an old david build, and I'm trying to reconfigure everything as before.
I tried following the following guides:

but they don't work. When I tried connecting, the device doesn't get any connectivity. On windows ipconfig shows no IPv4 address assigned.

1 Like

I have noticed the exact issue (noticing the ipv4 failed assignment) and posted elsewhere about help with the config. Still no solution.

For those interested, I was able to fix my issue:

First I created a new network bridge br-lan2 with lan4, removing lan4 from br-lan. I had to assign the mac address to the same lan networks. Then I assigned this bridge as the base device on the "Guest" network interface. Next I had to fix undo a hardening customization in the Divested configuration by commenting the interface=br-lan line in /etc/dnsmasq.conf (aka add a # before the line of code). Then I rebooted my network (MUST reboot to take effect).

3 Likes

Did anyone have to do something special to get a network share setup with samba4 and block-mount up and running. I followed instructions I used to set up samba4 on my previous 19.07 David build, but I was unable to get it up and running. I have no idea where I went wrong. What are the required/necessary packages?

I couldn't get it working with this build either, maybe because of some missing kmods or security. If you need that install the newly released OpenWrt 21.02-rc2. Then just install them from there. I'm running that now it works great.

1 Like

Thanks @phinn ! I was killing myself trying to get Samba4 running. Do you have a recommended 21.02.0-rc2 package list or configuration mods required to support our routers (WRT1900ACS)? I've not built from the bottom up yet, so I have no idea what patching that might entail. I know I'll want at least OpenVPN, Block-Mount, Samba4, WatchCat, and SMQ/Cake

I'll need to remember to:

  • Change 'enabled' from '0' to '1' in '/etc/config/irqbalance' for improved Wi-Fi performance.
  • Uncomment 'devcrypto=devcrypto' under the '[engine]' block in '/etc/ssl/openssl.cnf' for improved OpenSSL performance.
1 Like

Didn't know about setting the irqbalance to 1, thanks. Yea I just ssh in and run these on a clean rc2, then I go in and configure everything in LuCI:

opkg update
opkg install nano irqbalance iperf3 luci-app-advanced-reboot luci-app-sqm luci-app-adblock luci-app-wireguard luci-app-upnp luci-app-samba4 block-mount kmod-usb-storage kmod-usb-storage-uas kmod-usb-ohci kmod-usb-ohci-pci kmod-usb-uhci kmod-usb3 kmod-ata-marvell-sata ntfs-3g fdisk luci-app-hd-idle luci-theme-material

The initial release had a broken Network Shares page from luci-app-samba4, that's now fixed, I posted about it on the rc2 thread. I won't discuss further on this, don't want to flood Divested builds they are great in their own right.

1 Like

Thanks for this nice build!

When installing dnsmasq-full or upnpd I get the following error.

Collected errors:
 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-nf-conntrack-netlink found, but incompatible with the architectures configured
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for miniupnpd:
 * 	kernel (= 5.4.123-1-8d9ce5e20a3c98329cc239cef8178c2f)

Do I need a different opkg feed?

@anomeome

Can you throw an old dog a bone?

I want to add this patch: https://patchwork.ozlabs.org/project/openwrt/patch/20201230220637.525822-1-me@irrelefant.net/ you referenced in the DSA Mini Tutorial.

I'm more than a little green when it comes to git, but I'm not coming up with exactly how to bring in this patch from above link. Can you expound a bit more?

I've already C/P it roundabout and into my buildroot/Files, and it's been quite useful to my understanding the tutorial.

For patchworks I just use the mbox button and apply with:

patch -p1 < file.patch

it is mbox format so if you want you can use the git -am command; I don't care about the semantics around that rxxxxx+y, where y is the patches you are ahead of whatever HEAD. I'm a ol'codger so old habits be hardly dying.

I think for this one I grabbed it and moved it into the files/usr/sbin of my builldroot with the other scripts I carry in the image I build, as it looks you have done.

Thank you very much! Exactly what i needed :grinning:

Nice to know - Thanks again.

Quick question for the knowledgeable guys here... What package(s) are needed to have a working Wireguard client on the router? I have a standard installation of the Divested build, and it looks like MOST wireguard-related software is installed except for "wg-installer-client". Should I just install it, and if so - why is it missing from the build?

What about configuration - anything "luci-proto-wireguard" can do to configure the service, or is it all text based config files?

TIA

You don't need the installer client.

Thank you! So configuration is command-line only, no LuCI GUI for it?

for wireguard?
comand line or Gui, in network, interface

Hi @SkewedZeppelin I applied the latest update (Jun 18) and it all seemed like smooth sailing (as it's been for a while now), except for when I went to Network - Interfaces in LuCI there was a warning that "ifname options will be changed and network restarted to apply the changes". Any idea what might have prompted this? Any change upstream that you're aware of?

I could probably extract the config from both latest and previous build (from their own partition) and diff them, but I thought I'd ask here first

TIA