Rpi4 < $(community_build)

Community Builds, Projects & Packages
804

I wasn't kidding when I created my forum name. You a guys are just so much more knowledgeable than I. Learning a lot building this little thing. Thank you for letting me participate and responding to my silly comments.

This one kmod-usb-net-asix rings a bell but silly me didn't take a screenshot when I installed it....

EDIT: I followed this post https://forum.archive.openwrt.org/viewtopic.php?id=69475

1 Like
805

3.1.9-11+ Added superbasic snort3...

fwiw with an uber-basic config ~2-300MBram and cpu-negligable

damn chromedome cast and google home really like to touch base with home!

Thu Apr 29 01:47:47 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.205 -> 8.8.8.8
Thu Apr 29 01:47:47 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.205
Thu Apr 29 01:48:35 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.167 -> 8.8.8.8
Thu Apr 29 01:48:35 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.167
Thu Apr 29 01:48:39 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.167 -> 8.8.8.8
Thu Apr 29 01:48:39 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.167
Thu Apr 29 01:48:51 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.205 -> 8.8.8.8
Thu Apr 29 01:48:51 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.205
Thu Apr 29 01:48:51 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.205 -> 8.8.8.8
Thu Apr 29 01:48:51 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.205
Thu Apr 29 01:49:42 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.167 -> 8.8.8.8
Thu Apr 29 01:49:42 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.167
Thu Apr 29 01:49:42 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.167 -> 8.8.8.8
Thu Apr 29 01:49:42 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.167
Thu Apr 29 01:49:51 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.205 -> 8.8.8.8
Thu Apr 29 01:49:51 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.205
Thu Apr 29 01:49:52 2021 auth.info snort[32658]: [1:29456:3] "PROTOCOL-ICMP Unusual PING detected" [Classification: Information Leak] [Priority: 2] {ICMP} 10.2.3.205 -> 8.8.8.8
Thu Apr 29 01:49:52 2021 auth.info snort[32658]: [1:408:8] "PROTOCOL-ICMP Echo Reply" [Classification: Misc activity] [Priority: 3] {ICMP} 8.8.8.8 -> 10.2.3.205

1 Like
806

Screenshot 2021-04-29 032131
Screenshot 2021-04-29 032131962×123 4.79 KB

will this button flash the new image? with current settings?

update it did

but there was no indication after pressing the button whether it was downloading new image or not

1 Like
807

I think here it said "initializing" or something like that.

2 Likes
808

yup... with the current version ( only when you click on other pages~ no ajax ) it will go through

  • initiliazing [~2secs]
  • downloading [~12secs]
  • flashing [~lights on board start flashing and luci times out]

the version in neils screenshot didn't have status I think...

1 Like
809

if anyone is running homeassistant or some other mqqt based iot api there is a sample openwrt toggle service based on this if you are interested

you can use it to turn on or off stuff like firewall rules or wifi... ( any uci section that supports 'name' and 'enabled' ) from your automation server...

would also be pretty easy to make an ESP based 'wifi remote' based on this...

810

I hear mqqt and I'm interested :slight_smile:

1 Like
811

suppose would be best to move most of the discission to the linked thread above... it's pretty generic so the only thing that is build specific ( in future builds ) is the;

  • 'auto-installer/tar downloader@/bin/mqqtoggle-setup.sh'
812

Snort crashed on me, any wishes what exactly i should collect from the logs?

813

if it crashed after some time... could be some sort of memleak or something.... you can comment out some or all of the includes at the top of /etc/snort/rules/local.rules

I think mine also had issues after several hours... the other thing to try is adding different interfaces to the initscript where is disables gro with ethtool...

instead of;

ethtool -K ${SIFACE} gro off 2>/dev/null; ethtool -K ${SIFACE} lro off 2>/dev/null

(br-lan)

should probably be

ethtool -K eth0 gro off 2>/dev/null; ethtool -K eth0 lro off 2>/dev/null
1 Like
814

A little overdue, but update from attempting the change to the official image:

The backup feature and the steps outlined in your guide were perfect to get things up and running, but as @Thebroughfamily said, the official build still lacked a few features that were necessary for me. Luci gui did come preinstalled, but I don't believe it came ready to use with the usb adapters (there was an error about a missing eth interface), and it wasn't ready to use with my network WG interfaces without additional package installation/config. With those issues, I've jumped back onto your community build for now - unfortunately I just can't really afford to fiddle around with the official and keep the internet down for an undefined period of time.

I imagine for someone without the need for a WG interface and is willing to load some packages for usb adapters, the official build should be working well, but I'll be sticking around here until it really is as easy as flashing a new image over and restoring a backup. Thanks again for your help wulfy23, and to Thebroughfamily for the heads up!

1 Like
815

thanks for the report... I probably should have mentioned in the steps I gave you;

  • pre download the network kmod ipk from the 21.02 downloads... ( to your pc )

  • post config restore... you can then proceed to install the above ipk get online and start adding the packages you desire on top of a vanilla official image...

1 Like
816

eeprom updater (next build@3.1.9-63+)... you can run from luci with (system>custom commands);
eepromluci

or commandline;

rpi4_eeprom.sh
3 Likes
817

This is an awesome feature. It's been a real pain having to swap cards to run a firmware update.

Just tried the cli version in 3.1.9-63 and it seems there's a missing dependancy:

root@PiRouter /43# rpi4_eeprom.sh
pre-requisites-missing:  coreutils-od

edit: Just to add, the update notifications are excellent, and the one click flash has saved me a bunch of time. These little UX details are really adding up! - Maybe an idea to check if there's a new eeprom and prompt for an update similar to the build?

2 Likes
818

cheers!

added those to full new (major) future build versions... looks like a glitch in the auto-installer...

opkg install coreutils-od (for the time being...)

in the works :wink: for now there is;

rpi4_eeprom.sh dumphashes

which will alert you if a new firmware springs up...

1 Like
819

Worked great. Firmware updated.

BOOTLOADER: up to date
   CURRENT: Thu Apr 29 16:11:25 UTC 2021 (1619712685)
    LATEST: Thu Apr 29 16:11:25 UTC 2021 (1619712685)
   RELEASE: stable (/lib/firmware/raspberrypi/bootloader/stable)

     VL805: [bootloader-EEPROM] [up-to-date]
   CURRENT: 000138a1
    LATEST: 000138a1

That just saved me some downtime and a trip downstairs into the wiring cupboard.

in the works :wink:

V nice!

1 Like
820

What should i use if i have eth1 and eth2 as br-lan.

821

i'm no expert on snort... but we are just trying to eliminate this being a factor in the crashes so duplicating the line...

and having additonal lines for eth1 and eth2 wont hurt... short term... ( at a low level capture perspective )...

actually there is also a section in /etc/snort/snort.lua about 'appid'... of the two things above.... this would actually be the most likely if time is a factor in the crashes... so that would be the third thing to try with it off...

822

Ah yes I do believe those would have helped! I'll give these a try sometime when I am actually able to experiment a bit..

With regard to your original questions (I received a few questions from email notification) in order asked:

may I ask which guide?

The short write up you wrote me on post 764.

by backup... did you use the 'top-bar' update check -> backup link?

I used the generate backup archive button in luci>system>backup. Are these two links going to generate a different backup archive?

then you restored that backup into a booted-factory-official(21.02)?

yes, specifically into the ext 4 factory image (dunno if that's important)

did you need to / reboot to apply all those settings? (or did you just restart services manually?)

yes, the whole thing needed a reboot (but I believe this may have been mostly due to my configs making the router at a different ip (192.168.0.1 instead of 192.168.1.1)

And finally,

when you went back to the community build... did you flash a factory and restore using the same .tar.gz by any chance? (if so did you reboot to apply or just manually restart services?)

I had an older snapshot of yours (specifically rpi4.64-snapshot-25261-2.7.15-2-r15599-ext4-sys.img.gz) that I flashed first. After flashing this old snapshot, I restored configs then rebooted to get the ip updated to 192.168.0.1 and everything working again. This version was the first version where everything I needed was working properly, so didn't want to take any chances on the first restore.

After I was sure everything worked on the r15599 version, I downloaded the latest community build (rpi-4_snapshot_3.1.9-25_r16595_extra/rpi4.64-snapshot-26226-3.1.9-25-r16595-ext4-sys.img.gz) and used the sysupgrade button in luci>system>backup. Upgrade worked perfectly and network back up pleasing the family haha.. although I did notice sqm was enabled after sysupgrade without that being in my old configs. Easy fix there for me, just uncheck box and everything's working as expected.

1 Like
823

wow...

slightly... mine excludes cmdline.txt and a few other less critical files...

in principle... the chef image builder site should allow you to create official-ish iimages realatovy easily that include wireguard and your wan network driver...

(i.e. click 'customize' and add)

kmod-wireguard luci-app-wireguard luci-proto-wireguard wireguard-tools kmod-usb-net kmod-usb-net-rtl8152 kmod-usb-net-asix kmod-usb-net-asix-ax88179

the driffernt partition sizes are what create the need to flash facotry... and also limit the amount of packages its ultimately possible to install.

my experiences with it have been mixed at best tho... so i'm hesitant to ffully recommand it as a viable option...

1 Like