OpenWrt/LEDE v17.01.5 service release

openwrt/target/linux/generic/patches-4.4/001-Revert-sit-reload-iphdr-in-ipip6_rcv.patch

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index dec4e7b..11282ff 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -692,7 +692,6 @@ static int ipip6_rcv(struct sk_buff *skb)
 
 		if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6)))
 			goto out;
-		iph = ip_hdr(skb);
 
 		err = IP_ECN_decapsulate(iph, skb);
 		if (unlikely(err)) {

Don't forget to remove it when kernel updates. But if you stay on 17.01.5 source, you can leave it.

Some clients would not stay connected to 5 GHz AC on WRT3200ACMv1 running 17.01.5.

I've since moved on to 18.06.0rc2 on both WRT1900ACSv1 and WRT3200ACMv1. Seems stable and clients do not drop connection.

@elvisimprsntr Then, 18.06.0rc2 is stable totally?

@elvisimprsntr do you use OpenVpn and tunnelbroker? Because that is gone wrong. The others are stable.

I've noticed something curious in my C7 v2. I have one device connected 24h/365d to my wifi (mobile phone).

Mon Jul 23 23:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)

And every 10 minutes is "handshaking".
In previous firmware versions I never saw something like that. It's not a problem because everything works fine.

The same is happening with other wifi devices, every 10 minutes handshake.

Thanks,

That "group key handshake" is part of the WPA protocol, and is a security feature, those messages are completely normal. You can change the interval, and 10 minutes is the default value. You probably did not notice those messages before, of your previous firmware was silent about that feature, or perhaps it was disabled for some reason.

1 Like

I've changed this value to 24 hours; under your wifi-iface:

    option wpa_group_rekey '86400'

This fixed a lot of rekeying issues I experienced in areas with a highly-congested 2.4 GHz WiFi band.

1 Like

Thanks @eduperez and @lleachii for your info!!!

I'll change the default value indeed.

I wonder if increasing this value some how makes KRACK easier, or is the patch on 17.x solid enough?

Tunnelbroker is still broken in 18.06.0rc2 ??

Changing the rekeying intervalls to long intervalls (10 minutes are chosen for a reason, if you make it 5, 15 or 20 minutes would be fine), orders of magnitude beyond its defaults, you do make cracking the encryption significantly easier.

Why is the Wiki still referring everyone to the 17.01.4 version? https://openwrt.org/toh/start

Group keys are only for multicast; but I do agree.

dunno, still waiting until it is stable

Because 18.06.0 is scheduled for 27.07.2018, see https://openwrt.org/releases/18.06/start#roadmap

I think he may be referring to 17.01.5 vs 17.01.4, currently get no results when filtering for 17.01.5

I think that tmomas was trying to indicate that it makes no sense to mass-update all links for 17.01.5 for just a few days before 18.06.0 gets released.

2 Likes

I think it does as there will be devices which will not be supported by 18.06 anymore. Otherwise, if updating the micro versions is deemed too much effort then we should drop them as they provide little value. A mere 17.01.x or 17.01 might be more useful then.

But surely it must have been a lot more work making 17.01.5 than updating the links for it? I think most people will assume 17.01.4 is the newest and use that one without them. Personally I will probably use 17 for a while longer on my main router until the 18 branch is more stable. 18.06.1 is scheduled in August already.

Exactly.

I will take care of that and set those devices to 17.01.5.

1 Like