@lukano

Read up on extroot.

@MidGe

You say you have a real problem, but what are the symptoms? How did you troubleshoot? Is DNS not working? What does your log say? I wouldn't be so quick to jump to conclusions about dnscrypt when it's working well for so many others using the same build.

https://wiki.openwrt.org/doc/uci/dhcp

Start reading, that page tells you everything about how to configure DNS. 127.0.0.1#5300 is dnscrypt, you may change it to any DNS server you like.

@carpenoctem

Most likely due to a kernel module, which needs to be installed from the same build as you are running. I build most modules but you need to download them manually, look at the packages directory for your build.

Hi! I'm running r48717 on Archer C7V2, and I have a crashing dropbear problem. Here's what I found in dmesg:
Wed Feb 17 12:18:04 2016 authpriv.info dropbear[18086]: Early exit: Bad buf_getptr
Wed Feb 17 12:18:12 2016 authpriv.info dropbear[18305]: Early exit: Bad buf_getptr
Wed Feb 17 12:18:56 2016 authpriv.info dropbear[19181]: Early exit: Bad buf_getptr
Wed Feb 17 12:19:01 2016 authpriv.info dropbear[19184]: Early exit: Bad buf_getptr
Wed Feb 17 12:19:06 2016 authpriv.info dropbear[19271]: Early exit: Bad buf_getptr
Wed Feb 17 12:19:11 2016 authpriv.info dropbear[19272]: Early exit: Bad buf_getptr
Wed Feb 17 12:19:16 2016 authpriv.info dropbear[19363]: Early exit: Bad buf_getptr
Wed Feb 17 12:19:21 2016 authpriv.info dropbear[19364]: Early exit: Bad buf_getptr
Wed Feb 17 12:19:21 2016 daemon.info procd: Instance dropbear::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Could you please help me with that?

Is that on a clean flash? Sounds like the host key hasn't been generated yet. Look at /etc/dropbear.

(Last edited by arokh on 17 Feb 2016, 12:07)

Is there a way to generate it via web ui? I can put a command to startup script and reboot, for example. I kept my config when flashing, and expected some weird stuff to happen, but everything works just fine - so I wanted to save it.

It looks like I have some keys there. ls /etc/dropbear :

Wed Feb 17 17:56:17 2016 user.notice : authorized_keys
Wed Feb 17 17:56:17 2016 user.notice : dropbear_dss_host_key
Wed Feb 17 17:56:17 2016 user.notice : dropbear_ecdsa_host_key
Wed Feb 17 17:56:17 2016 user.notice : dropbear_rsa_host_key

Use -l so I can see the size.

Sorry. And sorry for the formatting - I don't have a better idea how to run something instead of putting into startup and rebooting.

Wed Feb 17 18:49:08 2016 user.notice : -rw-------    1 root     root           381 Feb 17 12:51 authorized_keys
Wed Feb 17 18:49:08 2016 user.notice : -rw-------    1 root     root           458 Mar 30  2015 dropbear_dss_host_key
Wed Feb 17 18:49:08 2016 user.notice : -rw-r--r--    1 root     root             0 Feb 12 22:55 dropbear_ecdsa_host_key
Wed Feb 17 18:49:08 2016 user.notice : -rw-------    1 root     root           805 Mar 30  2015 dropbear_rsa_host_key

And there's your problem, the ecdsa host key file exists but has size 0. Either remove it or generate a proper key.

Great, thanks for help! To whom it may concern - I put "rm -f /etc/dropbear/dropbear_ecdsa_host_key" to startup and rebooted.

9teen, as opposed to putting commands in your startup and rebooting, use something like putty (or ssh from a command line in osx or linux or what-have-you) to your router's address.  Username is 'root' and password is your webadmin gui password.

You can then run the commands from the command line interface / shell, and save yourself having to reboot, not to mention the risk of forgetting to take something out of your startup that can muck things up.

He did that because there was no way to ssh in

One more question - I can't install package kmod-nf-nathelper-extra (for gre pass-through), it fails with segmentation fault on configure. I used openwrt trunk repo for packages - it seems to me that kernel version is equal on both of releases (4.1.16-1), so I didn't expect that. What could be the problem?
The second question - I don't want to ask you to include that package in all builds, so I'd like to build my fw by myself. Do you have a github repo? I would like to fork it and push my changes, to be able to stay close to the upstream source.

Only install kernel modules from the same build. Sorry, no github repo as of yet. I'll build that module for the next build though.

That's really nice, thanks! Still, I hope you'll find some time to push your code to github - I would be pleased to star that repo Openwrt has a github mirror https://github.com/openwrt/openwrt - so you can fork it to start.

My two cents to the discussion:
@arokh,
is the ecdsa key verification routine ok?
This line looks suspicious to me in http://luci.subsignal.org/~trondah/diff … enwrt.diff

@@ -108,7 +108,7 @@ keygen()
...
-    [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
+    [ -s /etc/dropbear/dropbear_rsa_host_key -o -s /etc/dropbear/dropbear_rsa_host_key ] || keygen

Should the second one be ..._ecdsa_host_key instead of _rsa_ ?
Currently there are two identical checks for _rsa_ key file length...

I think that this may lead into a failing "check for key exists and file length is longer than 0" and does not trigger the keygen like it should.  (inside the "keygen" the second check seems ok, but the initial check to trigger the keygen function fails.)

I guess the 9teen90nine has brought his config (including the rsa key) from a different build and the _ecdsa_ key is not used there.
A failing check for empty _ecdsa_ key here leads into the lockup, as the expected keygen never starts.

(Last edited by hnyman on 18 Feb 2016, 14:51)

Looks like my diffs haven't been put in the correct dir, fixed that. Here's how it looks in r48717:

--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -85,7 +85,7 @@ dropbear_instance()

 keygen()
 {
-       for keytype in rsa; do
+       for keytype in rsa ecdsa; do
                # check for keys
                key=dropbear/dropbear_${keytype}_host_key
                [ -f /tmp/$key -o -s /etc/$key ] || {
@@ -108,7 +108,7 @@ keygen()

 start_service()
 {
-       [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
+       [ -s /etc/dropbear/dropbear_rsa_host_key -o -s /etc/dropbear/dropbear_ecdsa_host_key ] || keygen

        . /lib/functions.sh
        . /lib/functions/network.sh

This should work, and it does for me. There has been a few reports about broken ssh though (I think only for the wrt1200 which is odd), so I guess there could be some condition where it's not being generated properly. If he upgraded from a build that didn't have ecdsa, it should have been generated when the initscript checks for a larger than 0 file.

Thanks for the input.

(Last edited by arokh on 18 Feb 2016, 15:34)

Looking even more closer to the code, I think that the second problem is "-o" instead of "-a". -o leads into it being enough that the rsa key has >0 length, thus "-a" is needed to ensure that both keys have >0 lengths. (My guess is that dropbear prefers ecdsa key (?) and finding a file tries to use it and fails.)

Looking back into history, it used to be "-a" when there still were dss keys, until https://dev.openwrt.org/changeset/46815/

(Last edited by hnyman on 18 Feb 2016, 16:04)

My config is from 15.05 stable clean installation. Then I have upgraded to trunk (it looks to me that the trunk builds are stuck since the one I used is still latest available and its timestamp is 8-feb-2016). I could not get 5Ghz wifi working on trunk as the ath10k driver kept crashing. I wanted to give this build a try and I got working wifi out of the box, and it works much better than on 15.05 stable.

Thanks for the reply Arokh.

When I try to download the package, this is the message I get:

root@FRODO ~# opkg install http://luci.subsignal.org/~trondah/wndr3x00_800mhz/r48479/packages/kernel/kmod-ipt-geoip_4.1.15%2b2.10-1_ar71xx.ipk
Downloading http://luci.subsignal.org/~trondah/wndr3x00_800mhz/r48479/packages/kernel/kmod-ipt-geoip_4.1.15%2b2.10-1_ar71xx.ipk.
Installing kmod-ipt-geoip (4.1.16+2.10-1) to root...
Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/kernel/kmod-ipt-geoip_4.1.16+2.10-1_ar71xx.ipk.
Multiple packages (kmod-ipt-core and kmod-ipt-core) providing same name marked HOLD or PREFER. Using latest.
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ipt-geoip:
 *      kernel (= 4.1.16-1-b7e8bc5d3fd4ea7d6943eeb98973740b) *
 * opkg_install_cmd: Cannot install package kmod-ipt-geoip.

Bear in mind this is my first time delving this deep into the build's core, but I'm really invested in adding GeoLocation to my router. Any pointers you could give me or resources where I can learn how to do this, will be much appreciated.

It looks like you're trying to install a package from another build. What build are you running now? You can find it on status page.

I'm running OpenWrt Designated Driver r48479  and I'm trying to install the iptables-mod-geoip. Any help you can provide so I can learn how to do it is appreciated.

PS: Something tells me that I might be better off building my own image with this modules included. Arokh, correct me if I'm wrong, and if that's the case, I can use your build and add to it with your permission, right?

(Last edited by carpenoctem on 18 Feb 2016, 17:30)

Will this firmware allow me to restrict bandwidth on WIFI users from within the GUI?  I have zero experience with WRT, I haven't even installed it on my WRT1900ACS as I am still uncertain if it will give me the control I need WITHOUT a command prompt

You should be able to do so via qos, however I've only been using sqm for a few days and am not sure how to configure it for this specifically.

@hnyman

Yes, you are right. Going over the logic again -a makes a lot more sense Thanks for pointing this out!

@carpenoctem

I could install on my router:

root@OpenWrt tmp# opkg install kmod-ipt-geoip_4.4.1\+2.10-1_mpc85xx.ipk
Installing kmod-ipt-geoip (4.4.1+2.10-1) to root...
Multiple packages (kmod-ipt-core and kmod-ipt-core) providing same name marked HOLD or PREFER. Using latest.
Configuring kmod-ipt-geoip.

You have multiple packages installed:
  --  Multiple packages (kmod-ipt-core and kmod-ipt-core) providing same name marked HOLD or PREFER. Using latest.
That's because you have openwrt trunk package sources in opkg config:
  --  Downloading http://downloads.openwrt.org/snapshots/ … r71xx.ipk.
It looks like opkg found more recent version there. I don't really know is it safe to remove kmod-ipt-core package, but you should remove and reinstall it from arokh's repo and install geoip package.