Snapshot Build Webpage

Snapshot Build Direct Download

The correct version is: openwrt-mvebu-armada-xp-linksys-mamba-squashfs-factory

Thx man gonna flash now and tell you how it goes

still going strong with the adjusted fan script... (previous record was just shy of 13 days with stock script/temps):

Firmware Version OpenWrt Chaos Calmer r45771 / LuCI (git-15.146.55931-1dada8c) 
Kernel Version 3.18.14
Local Time Wed Jun 10 09:27:27 2015
Uptime 13d 14h 50m 17s
Load Average 0.00, 0.01, 0.05

root@WRT1900AC-P:~# sensors
tmp421-i2c-0-4c
Adapter: mv64xxx_i2c adapter
temp1:        +38.1 C
temp2:        +39.4 C

armada_thermal-virtual-0
Adapter: Virtual device
temp1:        +47.2 C

Will not upgrade until it hangs....

Cheers

(Last edited by doITright on 10 Jun 2015, 14:30)

No. I should have been more specific. With stock, the connection drops and the unit reboots (without fail). I keep an eye on uptime  (http://192.168.1.1/sysinfo.cgi) but that's all I can do. I've been looking for leads on cause and effect, but I'm stumped. Up for two weeks and then bork.

Edit: now rebooting every few hours.

(Last edited by grimley on 12 Jun 2015, 21:38)

@grimley

my second unit running stock gives no problems (in wireless bridge mode over 5 GHz)

UpTime:
14:32:45 up 20 days, 21:33, load average: 1.24, 1.31, 1.26

Firmware Version: 1.1.9.166760
Firmware Builddate: 2015-04-22 01:53

can't find a way to look at sensors info on it though

willing to bet that it is running much hotter than wrt (based on the load)

Cheers

(Last edited by doITright on 10 Jun 2015, 15:49)

Yeah. Thanks a lot ;-)
I have the most basic setup (regular router mode) - no storage, no parental, no media prioritization, blah-blah.
OpenWRT AND stock are succumbing to something, but I can't hang my hat on a lead to a cause.

This may not be the correct forum for this question... If I connect to the VPN utilizing udp, which is running on openwrt, then ssh into openwrt via tcp, does the firewall rule created for ssh need to allow both tcp & udp?

Flow of Traffic
VPN --udp--> WAN --> OpenWRT VPN Server --> SSH --tcp--> DropBear

(Last edited by JW0914 on 10 Jun 2015, 17:05)

The Wrt1900ac wiki should be updated  >> http://wiki.openwrt.org/toh/linksys/wrt1900ac

Reverting to the latest Linksys stock image does not work (options are greyed out). One must revert to the previous flash image, and then upgrade to the latest.

This has been experience by several people on the forum.

I could go ahead and do it, but does anyone have any issues what that statement?

Also, the latest image is provided by Linksys, but not previous releases. I do have the previous image that does work. Thought it should come from a more 'official' site than one of my own servers.

Thoughts?

(Last edited by davidc502 on 10 Jun 2015, 19:18)

That's probably a good idea... especially since new users that haven't followed the thread for quite a while aren't going to know that.

I personally have never had that issue, then again, the only time I reflashed stock was after bricking when I wasn't paying attention and flashed the wrong image.  I do know when I've had to reflash stock, I was never able to do it successfully from uci or luci and had to flash via uboot (which I'm assuming would probably work in the above situation, but isn't that convenient to do so).

(Last edited by JW0914 on 10 Jun 2015, 19:31)

I wonder if one of the admins, Kaloz for example, might be willing to put the original OEM firmware on their portion of the FTP server.  I can upload it to OneDrive and provide a link (something I don't mind), however I think most would feel more secure having it come from a verifiable source.

(Last edited by JW0914 on 10 Jun 2015, 19:34)

Normally you'd have different firewall rules.  I don't run OpenVPN on the router; it runs on a server behind the router.  However generally once you connect to OpenVPN, on the OpenVPN server the outbound connections come out of the "tun" interface.  In my case, firewall rules which are applied to my wan interface aren't the same as those applied to my "tun" interface.  I don't restrict my tun interface via firewall (although you can).  Anything coming out of the interface has already been authenticated through the VPN. 

So a better model might be:

VPN --udp--> WAN --> OpenWRT VPN Server --> TUN Interface
SSH --tcp-->TUN Interface of VPN client ---> (through VPN Magic) ---> Out TUN interface of router ---> DropBear

Thanks a bunch, much appreciated =]  I was firewalling tun0 as an extra layer of precaution, as I only use it to access my server, however your setup makes more sense logically. 

I've had issues trying to get ssh traffic through if the tun0 interface is selected instead of wan (it's not a firewall issue within fw3/iptables, as disabling the firewall still wouldn't allow a connection to vpn0)... I'm not sure why this is occurring, but my assumption is it's a similar issue to why I've never been able to use the local directive within my OpenVPN config (which you should be able to do).  I worked for about a week with two extremely knowledgeable individuals on the OpenVPN forums to try and narrow down why my VPN was set up perfectly, but I was unable to connect to it... it was finally discovered the local directive was the culprit, but no one within this forum or OpenVPN's knew why this was occurring.

EDIT
Re-reading your post, I saw I misunderstood something...

VPN --udp--> WAN --> OpenWRT VPN Server --> TUN Interface

So, if I'm interpreting this right, I should forward all traffic on the VPN port to the TUN interface:

From any host in wan
To any host in vpn0

then

From IP range 10.*.*.0/27 in tun0 with source MAC ************
To any host, port **** in any zone

(Last edited by JW0914 on 10 Jun 2015, 21:57)

CRAP.....  at exactly 14 days (seems like to the minute) it died...

lights solid, no access, and noisy (fan at full speed)

going to upgrade and repeat the experiment

Cheers

(Last edited by doITright on 10 Jun 2015, 23:10)

I uploaded the stock image of 1.1.8 to on my ISP's site.  It's the earlier version of 1.1.8

http://personalpages.tds.net/~davidc502 … ock_Image/

Let me know if you have it and I'll delete the directory and image off the server.

By the way.... I've been running the latest stock image 1.1.9 for around 12 days straight... It just so happens the 5ghz band locked up today (2nd time it's happened).. My FireTV's and iphones wouldn't connect until I rebooted the router.

Since it locks up with the stock image, I wonder if there isn't a deeper problem, and that this router just needs to be re-booted weekly regardless of what's running on it.

Maybe a script is in order to check for error logging (dealing with wireless), and when it happens, just automatically restart wireless.

(Last edited by davidc502 on 10 Jun 2015, 22:39)

Deeper problem indeed. Mine (on stock) borked after about 15 days as well. I've now hoisted it a couple of inches off the surface of the  shelf to see if increased air flow will improve things. (I've run out of things to try).

No, I wouldn't think that's the case but honestly I don't know the OpenWRT specific bits that well.  I don't really like UCI and the configuration system OpenWRT uses so I tend to only use it a fairly stock configuration.  When I have a full featured Linux server 4 inches from the router, it's just easier to use that. 

I've had a look at the OpenWRT OpenVPN setup guide and it seems a bit confusing.  Normally if a protocol doesn't work after the VPN tunnel is established it is either firewalled or a routing issue (ie, the VPN client doesn't know that the server you want to connect to is on the other side of the VPN tunnel).  You have to push the routes to make that happen usually but that is in the wiki directions. 

I gave up on all of this long ago and my home server runs OpenVPN.  That way, I only have to forward the UDP port for OVPN to the server and then the server takes care of everything.  This does leave the VPN clients doubled-NATed to the internet, but I only use the VPN when I need to access home from away.  If I need to secure communication, I have a OpenVPN service which I can use instead and doesn't use my home bandwidth.

Someone please run the following command on a v1 and v2 WRT1900AC:

for i in 3des-cbc aes128-cbc aes128-ctr aes128-gcm@openssh.com aes192-cbc aes192-ctr aes256-cbc aes256-ctr aes256-gcm@openssh.com arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc chacha20-poly1305@openssh.com rijndael-cbc@lysator.liu.se; do dd if=/dev/zero bs=1000000 count=1000 2> /dev/null | ssh -c $i localhost "(time -p cat) > /dev/null" 2>&1 | grep real | awk '{print "'$i': "1000 / $2" MB/s" }'; done

Dropbear doesn't support half those ciphers so that command isn't going to go very far at all. If you're looking for performance running a "raid 5 array" over USB isn't what you're looking for.

Question about 5Ghz Wireless

I'm only seeing 17dbm (50mW) as a drop-down option (Wifi configuration in Gui). Wireless seems to always show 52%..  Is this a known issue?

I'm looking for AES cipher performance since encryption is typically the bottleneck... I'd like to know if the Marvell 88F6820 supports AES encryption acceleration.

You can take the extra ciphers out of the benchmark command, in fact the command will run successfully even if the cipher isn't available:

for i in aes128-cbc aes128-ctr aes128-gcm@openssh.com aes192-cbc aes192-ctr aes256-cbc aes256-ctr aes256-gcm@openssh.com; do dd if=/dev/zero bs=1000000 count=1000 2> /dev/null | ssh -c $i localhost "(time -p cat) > /dev/null" 2>&1 | grep real | awk '{print "'$i': "1000 / $2" MB/s" }'; done

Never mind... I know why this is happening... Power is based on frequency in the 5Ghz range...    I've changed to a higher frequency, and 1000mW shows up in the drop down.

Still wlan1 5Ghz shows 52% or so... I'm not quite understanding what's going on here.

OpenWrt 1900ac wiki has been updated  ---  Someone should provide a (official) link to the previous image of 1.1.8.  Currently the instruction say to flash with 1.1.8 first, but I did not provide a link. So, there may be some users who will be searching for it, since Linksys no longer provides previous flash version.

Best Regards,

WRT1900AC V1
http://www.protechs-online.com/download … 1_prod.img

Can the source be trusted?