OpenWrt Forum Archive

Topic: davidc502 1900ac 3200acm builds

The content of this topic has been archived between 26 Feb 2018 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Post #4201
davidc502
7 Dec 2017, 04:45
makedir wrote:

So I want to do a sysupgrade from r5297 to newest build. What do I have to know. Should it work normally? Just download lede-mvebu-linksys-wrt1200ac-squashfs-sysupgrade.bin to /tmp and do a sysupgrade lede-mvebu-linksys-wrt1200ac-squashfs-sysupgrade.bin ? What about the /etc/sysupgrade.conf to keep stuff. What is necessary to add? I have so far:

/etc/iproute2
/etc/crontabs
/etc/openvpn
/etc/tinyp
/root

Are single files also necessary to add? Like /etc/passwd or /etc/sysupgrade.conf itself ect? Or /etc/config ? Is there a list on what will be copied over and what not? What about ipks I have installed manually? Will they be gone or still there after a sysupgrade? What about packages which I have added? Will they be reinstalled or are they gone?

All of your settings will come over in the sysupgrade, but will still need to re-add any ipks or other packages that have been installed by you. 

I would recommend backing up anything custom like scripts, and then move them back over after the upgrade. If this is your first sysupgrade, you can do the upgrade, but always go back to the other partition if something didn't come over. From there just download what didn't get copied and then boot to the other partition and upload it back into place. Just take note, and then the next sysupgrade will go smoother.

Post #4202
makedir
7 Dec 2017, 05:48

The sysupgrade worked I guess. But what about the wifi driver, is the one in the 5422 build ( 4.9.65+10.3.4.0-20170810-1 ) working properly for the wrt1200ac? I actually was curious about the latency issues, and noticed, I have those too I guess, but just for devices which use 80mhz on the 5ghz band. I have a <1ms ping on my laptop which uses 40mhz 5ghz, but 2-3ms and random ping jumps to 40-60ms or even package loss on a tablet of mine which uses 80mhz 5ghz, when I download or have for example a video stream opened next to the ping. So I guess the 5422 wifi driver hasnt this option disabled?

(Last edited by makedir on 7 Dec 2017, 05:52)

Post #4203
AddRemover
7 Dec 2017, 08:07

richjeanes, I have no issues with PPTPd running on all David's builds ever.
I am not iptables guru, but here is what I've add into firewall config:
1) added "virtual" or "dummy" interface named PPTP_VPN with Ethernet Adapter: "ppp+"
Note plus "+" here. It's a interface mask, so several connections will match this interface simultaneously.
2) Since I need my pptp clinets able to connect to internal network and to internet in same time, I've add new firewall zone called same PPTP_VPN (Covered networks is PPTP_VPN only, thus any pppX interface), where all input\output\forward by default is accepted, forwarding to wan and lan accepted also, and forwarding from source zone lan also accepted.
3) FW traffic rule : Any tcp, From any host in wan, To any router IP at port 1723 on this device
that will allow incoming request to TCP port 1723 (pptpd port)
4) FW traffic rule: Any gre, From any host in wan, To any router IP on this device
that rule allow incoming Protocol 47 (GRE).

(Last edited by AddRemover on 7 Dec 2017, 08:09)

Post #4204
richjeanes
7 Dec 2017, 14:08

AddRemover, I'm not trying to run a PPTP server (I'd use OpenVPN if I wanted to run a VPN). I'm trying to connect to an outside PPTP VPN from a client on my network. I've said that in my previous posts on the issue, but I guess I forgot to reiterate that. Sorry.

Edit: a word

(Last edited by richjeanes on 7 Dec 2017, 14:11)

Post #4205
davidc502
7 Dec 2017, 14:11
makedir wrote:

The sysupgrade worked I guess. But what about the wifi driver, is the one in the 5422 build ( 4.9.65+10.3.4.0-20170810-1 ) working properly for the wrt1200ac? I actually was curious about the latency issues, and noticed, I have those too I guess, but just for devices which use 80mhz on the 5ghz band. I have a <1ms ping on my laptop which uses 40mhz 5ghz, but 2-3ms and random ping jumps to 40-60ms or even package loss on a tablet of mine which uses 80mhz 5ghz, when I download or have for example a video stream opened next to the ping. So I guess the 5422 wifi driver hasnt this option disabled?

This driver has it disabled.  https://davidc502sis.dynamic-dns.net/re … _vfpv3.ipk

Post #4206
agelwarg
7 Dec 2017, 15:27

I have a Linksys WRT1900AC v1 and am currently using LEDE straight from the project:

LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)

I am investigating improving my OpenVPN performance (router as a server, iOS clients), and trying to understand the openssl crypto engine piece -- and I'm struggling to find the best source of info.  In order to get hardware acceleration, my understanding is that userspace programs (such as openvpn via openssl) would utilize /dev/crypto, which is provided by either cryptodev or ocf.  I read this in the Cryptographic Hardware Accelerators wiki on the openwrt.org site.

Here's my question -- I don't see cryptodev or ocf available as a package.  I've read all kinds of reports about patches, enabling/disabling hardware crypto support in openssl, etc and I can't make sense of what's accurate / current.  Am I missing something?

Additionally, I see references to this in my kernel log:

.241887] marvell-cesa f1090000.crypto: CESA device successfully registered

Is that relevant?

I'm asking on THIS forum thread because I wonder if this is something that has been specifically addressed in your custom build.

Post #4207
AjkayAlan
7 Dec 2017, 16:06
moore.dwayne wrote:

Repeat Post.

How does one configure LEDE to use alternative public DNS servers such as Google's 8.8.8.8 and 8.8.4.4 ?

I tried (under Network - Interfaces - WAN - Advanced Settings), unchecking "Use DNS servers advertised by peer" and adding 8.8.8.8 and 8.8.4.4 in the "Use custom DNS servers" section. This works fine until the router is restarted
When the router is restarted it seems that the DHCP server fails to assign IP addresses to the DHCP clients on my network. The only way I could connect to the router was to change my Windows Network settings so that the computer would use a static IP address rather than a DHCP assigned address.

Reverting the changes above (i.e. check "Use DNS servers advertised by peer") resolved the problem immediately as I could see the DHCP clients being added to the DHCP leases section on the Overview page of the router.

Here is the way I did it:
1. Add your custom DNS servers for DNSMasq in the Network - DHCP and DNS - DNS Forwardings section I believe (I don't have LEDE installed right now so I can't look)
2. Uncheck the "Use DNS servers advertised by peer" for Network - Interfaces - WAN - Advanced Settings, and do the same for Network - Interfaces - WAN6 - Advanced Settings.

This should get the DNS servers the way you want them. I did have to flush my dns resolver cache on my computer to verify (cmd -> ipconfig/flushdns). Let me know if this works.

Post #4208
AjkayAlan
7 Dec 2017, 16:09

@davidc502 First of all, thank you for everything you do.

Do you have a time-frame on when you are planning to do a full build again? I know we can replace the wireless driver, but I typically like to wait for full releases if possible.

Post #4209
davidc502
7 Dec 2017, 16:39
AjkayAlan wrote:

@davidc502 First of all, thank you for everything you do.

Do you have a time-frame on when you are planning to do a full build again? I know we can replace the wireless driver, but I typically like to wait for full releases if possible.

I'm rebuilding my media server this weekend (Motherboard and RAM replacement), and if my RAID 5 array works correctly after the swap and everything goes well..... I should be able to start on a new build later in the day or Sunday.

I'll be starting on the hardware swap out Saturday morning.

Post #4210
davidc502
7 Dec 2017, 16:45
agelwarg wrote:

I have a Linksys WRT1900AC v1 and am currently using LEDE straight from the project:

LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)

I am investigating improving my OpenVPN performance (router as a server, iOS clients), and trying to understand the openssl crypto engine piece -- and I'm struggling to find the best source of info.  In order to get hardware acceleration, my understanding is that userspace programs (such as openvpn via openssl) would utilize /dev/crypto, which is provided by either cryptodev or ocf.  I read this in the Cryptographic Hardware Accelerators wiki on the openwrt.org site.

Here's my question -- I don't see cryptodev or ocf available as a package.  I've read all kinds of reports about patches, enabling/disabling hardware crypto support in openssl, etc and I can't make sense of what's accurate / current.  Am I missing something?

Additionally, I see references to this in my kernel log:

.241887] marvell-cesa f1090000.crypto: CESA device successfully registered

Is that relevant?

I'm asking on THIS forum thread because I wonder if this is something that has been specifically addressed in your custom build.

Cryptodev is available in this custom build........ However, there's no difference is throughput after enabling it in the OpenVPN configuration. What kind of speeds are you currently getting and what model of Linksys router do you own?

Currently, I'm getting around 130mbps Up/Down using the 3200acm. during download 1 processor will max at 100%, whilst the other processor loafs.

In the past I've tried including several cryptodev patches, but none worked correctly or as expected.

Post #4211
agelwarg
7 Dec 2017, 17:12

I've got a Linksys WRT1900AC v1 and am paying for 50mbps down/up.

Testing without VPN, I got 57/44 (down/up)
Testing with VPN, I got 20/17 (down/up)

A few questions:

  • Are you saying that cryptodev is NOT in stock LEDE builds, but it IS in yours?

  • Is that marvell-cesa message I posted relevant?  Is that cryptodev is supposed to interface with that?

  • How are you monitoring the CPUs ?

  • I've played with tun-mtu, mssfix, comp-lzo/compress, and more.  What did you find was the biggest help for your OpenVPN performance?  As a side note, I don't think the 'fragment' setting is supported by the iOS OpenVPN app.

davidc502 wrote:
agelwarg wrote:

I have a Linksys WRT1900AC v1 and am currently using LEDE straight from the project:

LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)

I am investigating improving my OpenVPN performance (router as a server, iOS clients), and trying to understand the openssl crypto engine piece -- and I'm struggling to find the best source of info.  In order to get hardware acceleration, my understanding is that userspace programs (such as openvpn via openssl) would utilize /dev/crypto, which is provided by either cryptodev or ocf.  I read this in the Cryptographic Hardware Accelerators wiki on the openwrt.org site.

Here's my question -- I don't see cryptodev or ocf available as a package.  I've read all kinds of reports about patches, enabling/disabling hardware crypto support in openssl, etc and I can't make sense of what's accurate / current.  Am I missing something?

Additionally, I see references to this in my kernel log:

.241887] marvell-cesa f1090000.crypto: CESA device successfully registered

Is that relevant?

I'm asking on THIS forum thread because I wonder if this is something that has been specifically addressed in your custom build.

Cryptodev is available in this custom build........ However, there's no difference is throughput after enabling it in the OpenVPN configuration. What kind of speeds are you currently getting and what model of Linksys router do you own?

Currently, I'm getting around 130mbps Up/Down using the 3200acm. during download 1 processor will max at 100%, whilst the other processor loafs.

In the past I've tried including several cryptodev patches, but none worked correctly or as expected.

Post #4212
davidc502
7 Dec 2017, 17:55

#1 I do know that cryptodev is = Y in the .config in the custom build. This was something I changed, and I don't know if it has been changed in the .config in the LEDE stock build. The config.seed might say if it is enabled or not on the stock LEDE build.
#2 Unknown or I don't remember. I do remember marvell-cesa being discussed, but it's been well over a year since I've looked at it.
#3 the command  htop  will give you % utilized for each CPU core.
#4 Those settings really didn't make a marked difference when I tested.. However it's been well over a year since I played with those settings.

Are you setting up the router as a VPN client?  OR is the router the VPN server and are connecting to it using workstations/laptops as clients? 

David

agelwarg wrote:

I've got a Linksys WRT1900AC v1 and am paying for 50mbps down/up.

Testing without VPN, I got 57/44 (down/up)
Testing with VPN, I got 20/17 (down/up)

A few questions:

  • Are you saying that cryptodev is NOT in stock LEDE builds, but it IS in yours?

  • Is that marvell-cesa message I posted relevant?  Is that cryptodev is supposed to interface with that?

  • How are you monitoring the CPUs ?

  • I've played with tun-mtu, mssfix, comp-lzo/compress, and more.  What did you find was the biggest help for your OpenVPN performance?  As a side note, I don't think the 'fragment' setting is supported by the iOS OpenVPN app.

davidc502 wrote:
agelwarg wrote:

I have a Linksys WRT1900AC v1 and am currently using LEDE straight from the project:

LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)

I am investigating improving my OpenVPN performance (router as a server, iOS clients), and trying to understand the openssl crypto engine piece -- and I'm struggling to find the best source of info.  In order to get hardware acceleration, my understanding is that userspace programs (such as openvpn via openssl) would utilize /dev/crypto, which is provided by either cryptodev or ocf.  I read this in the Cryptographic Hardware Accelerators wiki on the openwrt.org site.

Here's my question -- I don't see cryptodev or ocf available as a package.  I've read all kinds of reports about patches, enabling/disabling hardware crypto support in openssl, etc and I can't make sense of what's accurate / current.  Am I missing something?

Additionally, I see references to this in my kernel log:

.241887] marvell-cesa f1090000.crypto: CESA device successfully registered

Is that relevant?

I'm asking on THIS forum thread because I wonder if this is something that has been specifically addressed in your custom build.

Cryptodev is available in this custom build........ However, there's no difference is throughput after enabling it in the OpenVPN configuration. What kind of speeds are you currently getting and what model of Linksys router do you own?

Currently, I'm getting around 130mbps Up/Down using the 3200acm. during download 1 processor will max at 100%, whilst the other processor loafs.

In the past I've tried including several cryptodev patches, but none worked correctly or as expected.

Post #4213
agelwarg
7 Dec 2017, 19:48

I'm setting it up as a VPN server for now -- I may wind up connecting it as a client as well, but this is for a server setup now, so that I can connect to my home lan when travelling.

davidc502 wrote:

#1 I do know that cryptodev is = Y in the .config in the custom build. This was something I changed, and I don't know if it has been changed in the .config in the LEDE stock build. The config.seed might say if it is enabled or not on the stock LEDE build.
#2 Unknown or I don't remember. I do remember marvell-cesa being discussed, but it's been well over a year since I've looked at it.
#3 the command  htop  will give you % utilized for each CPU core.
#4 Those settings really didn't make a marked difference when I tested.. However it's been well over a year since I played with those settings.

Are you setting up the router as a VPN client?  OR is the router the VPN server and are connecting to it using workstations/laptops as clients? 

David

agelwarg wrote:

I've got a Linksys WRT1900AC v1 and am paying for 50mbps down/up.

Testing without VPN, I got 57/44 (down/up)
Testing with VPN, I got 20/17 (down/up)

A few questions:

  • Are you saying that cryptodev is NOT in stock LEDE builds, but it IS in yours?

  • Is that marvell-cesa message I posted relevant?  Is that cryptodev is supposed to interface with that?

  • How are you monitoring the CPUs ?

  • I've played with tun-mtu, mssfix, comp-lzo/compress, and more.  What did you find was the biggest help for your OpenVPN performance?  As a side note, I don't think the 'fragment' setting is supported by the iOS OpenVPN app.

davidc502 wrote:

Cryptodev is available in this custom build........ However, there's no difference is throughput after enabling it in the OpenVPN configuration. What kind of speeds are you currently getting and what model of Linksys router do you own?

Currently, I'm getting around 130mbps Up/Down using the 3200acm. during download 1 processor will max at 100%, whilst the other processor loafs.

In the past I've tried including several cryptodev patches, but none worked correctly or as expected.

Post #4214
InkblotAdmirer
7 Dec 2017, 20:17

@agelwarg

The HW crypto engine is enabled by default in LEDE.  If pure speed is your goal it depends on the problem size, see the results in:

https://forum.openwrt.org/viewtopic.php … 37#p335137

TL;DR: HW engine almost always reduces CPU load (interrupt servicing vs. solving a computationally hard problem).  Speed depends on the amount of data being encrypted -- small problems = SW faster, large problems = HW faster.

Post #4215
agelwarg
7 Dec 2017, 21:11

@InkblotAdmirer -- how do I know that the HW crypto engine is enabled by default in LEDE?  I don't see any /dev/crypto device, nor do i even see a kmod-cryptodev package available.

When running on stock LEDE, I get:

root@route:~# openssl engine
(dynamic) Dynamic engine loading support

But on David's build, I get:

root@route:~# openssl engine
(cryptodev) BSD cryptodev engine
(dynamic) Dynamic engine loading support

(BTW, I'm new to this forum -- how come I can't post anything with a url in it?  It won't let me re-quote your link from below)

InkblotAdmirer wrote:

@agelwarg

The HW crypto engine is enabled by default in LEDE.  If pure speed is your goal it depends on the problem size, see the results in:

XXX

TL;DR: HW engine almost always reduces CPU load (interrupt servicing vs. solving a computationally hard problem).  Speed depends on the amount of data being encrypted -- small problems = SW faster, large problems = HW faster.

Post #4216
Villeneuve
7 Dec 2017, 21:53

If crptodev is loaded by image you will see it in the openssl engine output. But, things are now in kernel, you can see:

egrep '^module|^name' /proc/crypto

and you should see the CESA unit as loaded in kernel log:

dmesg|grep -i cesa

You need to have a some # of post before(10?) before you can link(spam prevention).

Edit: by way of a comparison, run:

openssl speed -evp aes-256-cbc -elapsed
rmmod cryptodev
openssl speed -evp aes-256-cbc -elapsed

(Last edited by Villeneuve on 7 Dec 2017, 22:43)

Post #4217
agelwarg
7 Dec 2017, 22:33

Does that mean I need to install any of the kmod-crypto-XXX packages for specific type of acceleration.  For example, should I be installing this for OpenVPN:

kmod-crypto-gcm - 4.4.92-1 - GCM/GMAC CryptoAPI module

Villeneuve wrote:

If crptodev is loaded by image you will see it in the openssl engine output. But, things are now in kernel, you can see:

egrep '^module|^name' /proc/crypto

and you should see the CESA unit as loaded in kernel log:

dmesg|grep -i cesa

You need to have a some # of post before(10?) before you can link(spam prevention).

Post #4218
agelwarg
7 Dec 2017, 22:58

I'm still confused I am back to running the stock LEDE firmware (not David's), and although I do see the CESA reference:

root@route:~# dmesg|grep -i cesa
[    1.241647] marvell-cesa f1090000.crypto: CESA device successfully registered

I don't think there is a cryptodev module loaded (nor is there a kmod-cryptodev package available)

root@route:~# rmmod cryptodev
module is not loaded
root@route:~# lsmod|grep crypto
root@route:~# openssl engine
(dynamic) Dynamic engine loading support

When I was running David's firmware, i did see cryptodev in the openssl engine output -- not on stock LEDE firmware.

Villeneuve wrote:

If crptodev is loaded by image you will see it in the openssl engine output. But, things are now in kernel, you can see:

egrep '^module|^name' /proc/crypto

and you should see the CESA unit as loaded in kernel log:

dmesg|grep -i cesa

You need to have a some # of post before(10?) before you can link(spam prevention).

Edit: by way of a comparison, run:

openssl speed -evp aes-256-cbc -elapsed
rmmod cryptodev
openssl speed -evp aes-256-cbc -elapsed
Post #4219
makedir
7 Dec 2017, 23:19

My router crashed/rebooted for the first time I have it, the second I opened

https://10.0.0.199/cgi-bin/luci/admin/system/packages in web brower. This never happened before I upgraded to newest build 5422.

(Last edited by makedir on 7 Dec 2017, 23:56)

Post #4220
Villeneuve
8 Dec 2017, 01:08

@agelwarg, The assumption regarding the comparison was that you were starting with an image that included cryptodev. Since LEDE 17.01.4 does not have the module, you probably should expect the removal to fail.

Post #4221
T-Troll
8 Dec 2017, 06:49

@davidc502

Am i understand correctly there will be no more 4.4 kernel builds for 1900ac?

Post #4222
davidc502
8 Dec 2017, 14:08
T-Troll wrote:

@davidc502

Am i understand correctly there will be no more 4.4 kernel builds for 1900ac?

At this time it is unknown. It really depends on if one of the developers fixes the issue.

Post #4223
makedir
9 Dec 2017, 04:18

And another random crash/reboot. There is something not right with build r5422. r5297 was rock stable.

Post #4224
Zorr0x
9 Dec 2017, 05:49

r5422@3200acm seems to be stable for me. Im using Adblock, sqm qos, ntpserver, miniupnpd and pppoe.
The only weired thing is MAC-Address: 00:00:00:00:00:00 for pppoe-wan interface and I feel like ram usage is a bit high@~45%.
I started with a fresh config.

@makedir
Maybe your backup files are causing any problems ?

Post #4225
dreary_ennui
9 Dec 2017, 06:15
Zorr0x wrote:

r5422@3200acm seems to be stable for me. Im using Adblock, sqm qos, ntpserver, miniupnpd and pppoe.

same model and build, super stable with latest mwllwifi drivers. no adblock or pppoe, but using dnscrypt and sqm.