I tested but not working ,does it possible how it working for you and what setting you do to working ?
all discussed 1/4 - 1/3 the way down this thread...
the two key issues are limited channels / modes and country selection... ( there was a third with proto init / device state hangup on settings change that required manual re-init commands... this is what I think has likely been improved most via the recent patches )
basically keep minimising / de-tuning everything... and knowing your DFS / country channels a little... with an optional first country select via raspbian / openwrt + specific iw command...
i'm not in your country... so I can't really speak for what settings will work for you...
but this really belongs in it's own thread... so please start a new one for broader assistance with this...
when new build is coming?
1 Like
i'm building often... it's a fine line between;
- getting anything new such as package updates ( mwan, openvpn is another recent one )... bug fixes...
- avoiding possible bugs
so I only really 'push' something that is not labelled 'beta/testing' ( which is something i'll run at home for a while to test ) when;
- the tree looks pretty clean / there a some good benefits / it's been a long time ( 1+ months without a build 'refresh' )...
- the 'custom build' features have bugfixes or new features... in these cases i'll often push a 'rebuild' of a known 'ok'/previous build... but not always...
- new packages are added to the build package selection/s
at present... there is alot of work in the tree... so there is very little benefit for alot of risk...
was there something new that's been pushed that you need?
2 Likes
no i was just checking 
on the top of status page now it says update unavailable
and simple ad block is giving some error of unable to download list
1 Like
i'm glad you checked because it would be good to give some warning / get some consensus / strategies on how we all should handle the likely soon to be update to openvpn (2.5)... ( ref1 )
edit: i reread the commit and it doesn't seem as problematic as I first thought... likely only the script issues in the ref above or incompatible / missing ciphers on servers which probably wouldn't be too common...
most likely to effect users connecting to third party vpn servers pre-2.4 ( thus you have no control over serveropts )... or incompatible ciphers...
this is also relevant below @ r15199 ...
i'll make a build available within 24hrs... ( probably wise to remove the effected builds too )
( i'll be removing the opkg-repos for all prev builds also to encourage updating... I don't think many of you are really using them much so that should not be too much of an issue )
openssl vulnerability pre r15199
Revision 882ca13d923796438fd06badeb00dc95b7eb1467
Comments
openssl: update to 1.1.1i
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.
1 Like
i updated to current build.
neither this
ssh root@192.168.1.2 sysupgrade -R /tmp/latest.tar.gz
nor this
worked.
i install manually the packages using these commands
1 Like
or
sysupgrade -R /tmp/realimagename.img.gz
just used them... and they worked fine for me... thanks for letting me know... guess well have to wait for more feedback to find out if it's something specific on my side or yours...
is there anything in
cat /autorestore.sh
?
this is also useful... to see what happened in dmesg
dmesg | grep -E '(99\-tap|restorepackages|checkinternet)'
( or LUCI > status > kernellog [from 99-kickit] onwards... )
yes
cat /autorestore.sh
opkg install --force-checksum attr
opkg install --force-checksum avahi-dbus-daemon
opkg install --force-checksum igmpproxy
opkg install --force-checksum kmod-nft-bridge
opkg install --force-checksum kmod-nft-core
opkg install --force-checksum kmod-nft-netdev
opkg install --force-checksum libavahi-client
opkg install --force-checksum libavahi-dbus-support
opkg install --force-checksum libcap
opkg install --force-checksum libdaemon
opkg install --force-checksum libgnutls
opkg install --force-checksum libnftnl12
opkg install --force-checksum libpam
opkg install --force-checksum libtasn1
opkg install --force-checksum luci-app-nft-qos
opkg install --force-checksum luci-app-samba4
opkg install --force-checksum luci-app-simple-adblock
opkg install --force-checksum nft-qos
opkg install --force-checksum nftables-nojson
opkg install --force-checksum samba4-libs
opkg install --force-checksum samba4-server
opkg install --force-checksum simple-adblock
opkg install --force-checksum vsftpd
opkg remove --force-removal-of-dependent-packages adblock
opkg remove --force-removal-of-dependent-packages luci-app-adblock
1 Like
i went a bit crazy with my last install;
opkg install --force-checksum attendedsysupgrade-common
opkg install --force-checksum bc
opkg install --force-checksum coreutils-split
opkg install --force-checksum coreutils-stat
opkg install --force-checksum coreutils-test
opkg install --force-checksum coreutils-vdir
opkg install --force-checksum git
opkg install --force-checksum git-gitweb
opkg install --force-checksum git-http
opkg install --force-checksum grep
opkg install --force-checksum inotifywatch
opkg install --force-checksum kmod-iio-core
opkg install --force-checksum kmod-iio-dht11
opkg install --force-checksum libacl
opkg install --force-checksum libcap
opkg install --force-checksum libdb47
opkg install --force-checksum libdbi
opkg install --force-checksum libgdbm
opkg install --force-checksum libinotifytools
opkg install --force-checksum libmosquitto-nossl
opkg install --force-checksum libsqlite3-0
opkg install --force-checksum luci-app-attendedsysupgrade
opkg install --force-checksum mosquitto-client-nossl
opkg install --force-checksum mosquitto-nossl
opkg install --force-checksum perl-cgi
opkg install --force-checksum perl-html-parser
opkg install --force-checksum perl-html-tagset
opkg install --force-checksum perlbase-cwd
opkg install --force-checksum perlbase-digest
opkg install --force-checksum perlbase-encode
opkg install --force-checksum perlbase-file
opkg install --force-checksum perlbase-filetest
opkg install --force-checksum perlbase-i18n
opkg install --force-checksum perlbase-if
opkg install --force-checksum perlbase-integer
opkg install --force-checksum perlbase-locale
opkg install --force-checksum perlbase-mime
opkg install --force-checksum perlbase-params
opkg install --force-checksum perlbase-re
opkg install --force-checksum perlbase-storable
opkg install --force-checksum perlbase-unicore
opkg install --force-checksum perlbase-utf8
opkg install --force-checksum python3
opkg install --force-checksum python3-asyncio
opkg install --force-checksum python3-base
opkg install --force-checksum python3-cgi
opkg install --force-checksum python3-cgitb
opkg install --force-checksum python3-codecs
opkg install --force-checksum python3-ctypes
opkg install --force-checksum python3-dbm
opkg install --force-checksum python3-decimal
opkg install --force-checksum python3-distutils
opkg install --force-checksum python3-email
opkg install --force-checksum python3-gdbm
opkg install --force-checksum python3-light
opkg install --force-checksum python3-logging
opkg install --force-checksum python3-lzma
opkg install --force-checksum python3-multiprocessing
opkg install --force-checksum python3-ncurses
opkg install --force-checksum python3-openssl
opkg install --force-checksum python3-pydoc
opkg install --force-checksum python3-sqlite3
opkg install --force-checksum python3-unittest
opkg install --force-checksum python3-urllib
opkg install --force-checksum python3-xml
opkg install --force-checksum rpcd-mod-rpcsys
opkg install --force-checksum syslog-ng
i think issue is because of dns https proxy not working properly.
i ran opkg update command after updating and i got these errors
opkg update
Downloading https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/core/Packages.gz
*** Failed to download the package list from https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/core/Packages.gz
Downloading https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/base/Packages.gz
*** Failed to download the package list from https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/base/Packages.gz
Downloading https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/luci/Packages.gz
*** Failed to download the package list from https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/luci/Packages.gz
Downloading https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/kmods/5.4.82-1-9c8ae92a7cae5c0da821e5ef6f3edb59/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/kmods/5.4.82-1-9c8ae92a7cae5c0da821e5ef6f3edb59/Packages.gz
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/freifunk/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/freifunk/Packages.gz
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/Packages.gz
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/routing/Packages.gz
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/telephony/Packages.gz
Collected errors:
* opkg_download: Failed to download https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/core/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/base/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/luci/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/kmods/5.4.82-1-9c8ae92a7cae5c0da821e5ef6f3edb59/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/freifunk/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/routing/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/telephony/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
then i manually started the dns proxy over https from luci
1 Like
that makes sense... must be a timing thing... maybe with ppp + ntp... needs some more time...
if you have not rebooted yet...
dmesg | grep checkinternet
this is what mine says;
[root@dca632 /usbstick 42°]# dmesg | grep checkinternet
[ 55.449430] checkinternet.sh> checkinternet firstboot [init]
[ 55.475762] checkinternet.sh> getting gw> attempts remaining: 5 every 3
[ 55.517909] checkinternet.sh> gw-v4> [ok]
[ 55.561313] checkinternet.sh> gw-v6> [ok]
[ 55.594743] checkinternet.sh> checking internet connection
[ 55.913266] checkinternet.sh> dns-ping downloads.openwrt.org [ok]
[ 55.951026] checkinternet.sh> opkg-update...
[ 66.112262] checkinternet.sh> opkg-check[ok]
[ 66.146157] checkinternet.sh> result:0 wanaddr-ok dnsping-ok[1] opkg-check[ok]
[ 66.171357] restorepackages.sh> /bin/checkinternet.sh checkopkg firstboot [ok] .internetok ok
probably failed... otherwise we'll check it next time... you can also just run...
ssh root@IP opkg update
ssh root@IP /autorestore.sh
when it's back online...
yes not rebooted so far
dmesg | grep checkinternet
[ 51.976454] checkinternet.sh> checkinternet firstboot [init]
[ 51.998002] checkinternet.sh> getting gw> attempts remaining: 5 every 3
[ 52.039785] checkinternet.sh> gw-v4> [ok]
[ 52.086317] checkinternet.sh> no wan gw
[ 121.922232] checkinternet.sh> checkinternet firstboot [init]
[ 121.948622] checkinternet.sh> getting gw> attempts remaining: 5 every 3
[ 121.998481] checkinternet.sh> gw-v4> [ok]
[ 122.047501] checkinternet.sh> no wan gw
if i remeber correctly, i read somewhere
adblock will not work with dns over https proxy.
adblock was in running condition and dns over https was stopped
Thats why i started using simple ad block.
I think there is conflict between these two.
1 Like
hmmm... that looks a bit buggy... I will check it out... and add a bit more delay... for next time... thanks again for the valuable input...
yeah your probably right... lemme think about it a little...
have you setup ENABLEDSERVICES="https-dns-proxy" (or whatever the service name is)?
( LUCI > Services > banip > advanced > wrt.ini )
[root@dca632 /usbstick 41°]# dmesg | grep '15\-'
[ 11.367442] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
[ 22.353438] 15-services> odhcpd stop [bug]
[ 22.407378] 15-services> mwan3 lock workaround
[ 22.436178] 15-services> > disabling default services .............
[ 22.457340] 15-services> Stopping and disabling irqbalance
[ 22.532695] 15-services> Stopping and disabling open-iscsi
[ 22.581889] 15-services> Stopping and disabling vpn-policy-routing
[ 22.673445] 15-services> Stopping and disabling quagga
[ 22.762676] 15-services> Stopping and disabling darkstat
[ 22.838254] 15-services> Stopping and disabling modemmanager
[ 22.927941] 15-services> Stopping and disabling watchcat
[ 22.976280] 15-services> Stopping and disabling ntop
[ 23.027001] 15-services> Stopping and disabling alpine1
[ 23.082160] 15-services> Stopping and disabling rssileds
[ 23.133899] 15-services> Stopping and disabling pservice
[ 23.211203] 15-services> Stopping and disabling netserver
[ 23.261531] 15-services> Stopping and disabling atftpd
[ 23.312408] 15-services> Stopping and disabling mwan3
[ 23.512690] 15-services> Stopping and disabling acme
[ 23.592665] 15-services> Stopping and disabling ddns
[ 23.741245] 15-services> Stopping and disabling travelmate
[ 23.848369] 15-services> Stopping and disabling dbus
[ 23.890808] 15-services> Stopping and disabling adblock
[ 24.088725] 15-services> Stopping and disabling banip
[ 24.353312] 15-services> Stopping and disabling snmpd
[ 24.424432] 15-services> Stopping and disabling atd
[ 24.506059] 15-services> Stopping and disabling quagga
[ 24.600322] 15-services> Stopping and disabling socat
[ 24.671800] 15-services> > enabling default services .............
[ 24.692172] 15-services> Starting and enabling collectd
[ 24.741010] 15-services> Starting and enabling luci_statistics
[ 24.788819] 15-services> Starting and enabling uhttpd
[ 24.831853] 15-services> > ENABLEDSERVICES: sqm adblock [/root/wrt.ini] [enable+start]
[ 24.854214] 15-services> Starting and enabling sqm
[ 24.898207] 15-services> Starting and enabling adblock
no
i only have this in the wrti.ini
################################################################################### DEFAULT ENABLED/DISABLED OPTIONS
####################################################SAMPLEOPTIONSET
# ENABLEDSERVICES="sqm banip adblock"
1 Like
dmesg | grep '15\-'
[ 9.150063] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
[ 17.537885] 15-services> odhcpd stop [bug]
[ 17.590197] 15-services> mwan3 lock workaround
[ 17.621617] 15-services> > disabling default services .............
[ 17.642491] 15-services> Stopping and disabling irqbalance
[ 17.717696] 15-services> Stopping and disabling open-iscsi
[ 17.768170] 15-services> Stopping and disabling vpn-policy-routing
[ 17.855422] 15-services> Stopping and disabling quagga
[ 17.944141] 15-services> Stopping and disabling darkstat
[ 18.031397] 15-services> Stopping and disabling modemmanager
[ 18.120421] 15-services> Stopping and disabling watchcat
[ 18.168920] 15-services> Stopping and disabling ntop
[ 18.219698] 15-services> Stopping and disabling alpine1
[ 18.267832] 15-services> Stopping and disabling rssileds
[ 18.320066] 15-services> Stopping and disabling pservice
[ 18.401328] 15-services> Stopping and disabling netserver
[ 18.449329] 15-services> Stopping and disabling atftpd
[ 18.498329] 15-services> Stopping and disabling mwan3
[ 18.692457] 15-services> Stopping and disabling acme
[ 18.763840] 15-services> Stopping and disabling ddns
[ 18.905375] 15-services> Stopping and disabling travelmate
[ 19.014056] 15-services> Stopping and disabling dbus
[ 19.057526] 15-services> Stopping and disabling adblock
[ 19.209585] 15-services> Stopping and disabling banip
[ 19.465125] 15-services> Stopping and disabling snmpd
[ 19.538364] 15-services> Stopping and disabling atd
[ 19.612815] 15-services> Stopping and disabling quagga
[ 19.700202] 15-services> Stopping and disabling socat
[ 19.770792] 15-services> > enabling default services .............
[ 19.796202] 15-services> Starting and enabling collectd
[ 19.846960] 15-services> Starting and enabling luci_statistics
[ 19.894458] 15-services> Starting and enabling uhttpd
[ 19.939295] 15-services> > ENABLEDSERVICES:[/root/wrt.ini empty]
1 Like
I can't see Switch tab inside Network, I want to put my PlayStation on DMZ and all the guides I come across online want me to create VLAN through Switch tab. Any way to workaround it?
Also, can I use DNS over HTTPS along with Adblock at the current state it is in?
the pi behaves much like an x86... so there is no underlying switch topology...
one can;
- add eth0.N and use a managed switch... ( or unmanaged if the client tags on the wire )
- or use brctl/bridge to 'merge' two interfaces for true basic switch functionality... ( but in the case of DMZ... routed is generally better i.e a separate usbnic + switch )
- in theory, one can also run a DMZ on a logically (alias/subinterface) separated L3 subnet over a shared L2 switched medium... but that kinda defeats the purpose of the DMZ... and with openwrt it can be tricky also...
if you dont have spare switches/nics laying around the 'advisable' option is to get a cheap managed switch ( 8 port but I generally upsize all my switches )
@neil1 is the authority on DoH + adblock... word is that simple-adblock should be used instead...
1 Like