@arokh you can download the patch for NetGear R8000 clock:
https://www.geekstreet.fr/download/publ … devi.patch
You need to fix feeds\packages\net\strongswan\Makefile in your source because the MD5 is the one of version 5.4.0 instead of 5.3.5 or update strongswan to package 5.4.0. I did it, it build without error, but I think I did it dirty. My updated files:
https://www.geekstreet.fr/download/publ … ixes.patch
https://www.geekstreet.fr/download/publ … 0-Makefile

My squashfs with clock fix and strongswan 5.4.0:
https://www.geekstreet.fr/download/publ … uashfs.chk

For information the clock driver is integrated in Kernel 4.5 for the R8000.
I hope Kernel 4.5 will be quickly integrated in OpenWRT.

@all

i have a very strange issue tried clean installation of latest build.
As soon I install some luci related stuff like luci-app-openvpn the permissions for folder /etc and /config are changed from 755 to 700, maybe some other folders too.
I can reproduce this every time.
Anyone else have seen this problem?

My router is a WRT 1900 ACS

Also I have problems to get Statistics to work still, I cant see any Tabs in the statistic--> Graphs Menu.
I tried this on a clean 15.05.1 version and this worked fine.
Anyone who can help?

I also have a WRT 1900 ACS and have been experiencing issues part maybe due to opkg using the default openwrt snapshots trunk.

But biggest issue is that when I try to enable VLAN dhcp and a few other services fail, and I think its because I need the switch kernel module ( kmod-switch-mvsw61xx ) and snapshot version does not like the kernel version we are using can we get a version for our kernel added to the package repository please?

Run an "opkg update" and upgrade the available packages. They released new packages earlier today that fixed this issue on my WRT1900 ACS.

@arokh - Thanks a lot for everything you have done to create this build!

Upgrade of packages solved the problems :-)

I'm trying to figure out a way to have DNSCrypt Proxy work for two of my devices (only) but at the same time be able to change DNS servers on my PC's IPv4 DNS servers settings to have a different DNS than the resolver2.dnscrypt.eu server used via DNSCrypt Proxy...

My problem is resolver2.dnscrypt.eu is forced on all my devices, but I do not want it for all, but I do want it for 2 devices.

Can you please help me?

(Last edited by A6ix on 3 Jun 2016, 15:19)

@A6ix

I'm still a bit of a noob so my advice may be wrong but perhaps you can use iptables to make the dnscrypt-proxy only for the 10.1.1.1 vpn subnet and then manually set the ip (or dns resolver) for those two devices in 10.1.1.1.

@arokh
I've been using OpenVPN for quite a while and the performance has been reasonably good but i'm thinking of switching over to IKEv2 because it has stock compatibility with android. Should I expect to get the same performace as OpenVPN and which out of the two do you personally prefer.

Also big thanks and appreciation for the work you put into these builds

(Last edited by cognitiveliberty on 9 Jun 2016, 14:28)

@max-q how did you update all the packages?

@A6ix There's some documentation on  lede's page on uci-dnsmasq that might be helpful: https://www.lede-project.org/docs/uci_dnsmasq.html

Basically, you can define which dns records to each client individually, and arokh's firewall only covers port 53, so you don't have to disable that either, if you can configure a different dns port. I personally use `luci-app-commands` to change the resolvers easily with uci because I have some services that integrate better with different resolvers. But you should probably ask in a general thread for more advice.

@all fyi using the pi-hole list with adblock - I'm running close to 100,000 sites in the 'bad_list' - not only can this build handle it (tplink-wdrxxxx) it's using less memory than with 60,000, or so it seems. And the wdrxxx set has less features than  the general builds because of memory constraints. I'm also not using any external storage, it just works, and I assume it should work for most. Here's the config:

config adblock config
    option 'enabled' '1'
    option 'pixel_server_ip' '192.168.3.254'
    option 'hosts_file' '/tmp/hosts/hosts.bad'
    list whitelist_domains 'ads.hulu.com tc.tradetracker.net www.econda-monitor.de'
    list bad_hosts 'http://adblock.gjtech.net/?format=unix-hosts'
    list bad_hosts 'http://mirror1.malwaredomains.com/files/justdomains'
    list bad_hosts 'http://hosts-file.net/.\ad_servers.txt'
    list bad_hosts 'http://sysctl.org/cameleon/hosts'
    list bad_hosts 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist'
    list bad_hosts 'https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt'
    list bad_hosts 'https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt'
    list bad_hosts 'https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt'

https://github.com/pi-hole/pi-hole is the source, I love the gui, but i just have a bad feeling about piholes security model (aka doesn't have one). It was fun to watch the graphs, and it blocked more than this build or the other adblock, but then i looked at the source of all three, and I realized simplicity is really powerful, and the router can handle blocking way more sites than I anticipated, without a noticeable performance decrease on my end. Can't promise it'll be as graceful with everyone's setup, but it's pretty cool.

(Last edited by moxu on 10 Jun 2016, 06:50)

You can update all packages at once with

opkg list-upgradable | awk -F ' - ' '{print $1}' | xargs opkg upgrade

Hi Arokh, first off, thanks for the great work you do. Big fan.
Can you please update the release?
Thanks,

Can you please add more resolver in the dnscrypt-proxy configuration

atm there is only one in the config-file /etc/config/dnscrypt-proxy
today i had an issue, with the  resolver 'dnscrypt.eu-dk' and the following error

daemon.info dnscrypt-proxy[1567]: [ERROR] Unable to retrieve server certificates

no name resolution was working
after checking and adding some more resolver everything was ok

(Last edited by olivaar on 14 Jun 2016, 08:52)

This happened to me as well.  Was banging my head trying to figure out what was going on.

Me too, from 6 in the morning for 3,5 h
i think about an error at the internet provider
maybe the log message should be more precise -> ERROR, Unable to retrieve server certificates No DNS available

I've noticed dnscrypt.eu-dk has been unstable for the past few months so i've switched over to dnscrypt.eu-nl and been fine.
You need to edit the /etc/config/dnscrypt-proxy file and change from dk to nl or even to cisco (opendns) and then either restart the dnscrypt service or reboot the router.

Thanks @jamsandjax. That fixed my problem as well.

Me also. I was seriously confused with why my DNS queries were periodically failing, including most of today I switched to the cisco proxy, and everything is working again.

https://github.com/jedisct1/dnscrypt-pr … olvers.csv

That list is up to date - locally it's found in /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv - I usually swap it out with the latest list every few weeks. And editing the resolver is in the /etc/config/, I've even set up luci-app-commands to automate with uci

I've never been able to get the adblocking to work. Anyone have some tips? I ssh'd in and did this but I still see ads  around the web and also here: http://ads-blocker.com/testing/

root@OpenWrt ~# /etc/init.d/adblock enable
root@OpenWrt ~# /etc/init.d/adblock start

I did a vi /etc/config/adblock and looked at the config and left it alone because it looked fine. To further test later though I added the EasyList to the end "https://easylist-downloads.adblockplus.org/easylist.txt" and then restarted the service. Still did nothing.. I noticed that my /tmp/hosts/hosts.bad file is also 0 bytes which I would assume should have the lists downloaded into it?

EDIT: I've been going back through and I realized I asked this same thing back in March and arokh told me to do a clean install. I flashed a fresh install tonight before I did these things. Any other alternatives to get adblockign working?

(Last edited by pinion on 16 Jun 2016, 03:51)

So if you go to System>Startup, adblock is showing as enabled there?  Also, what is the system log saying when you enable/start the adblock service?

EDIT: I think I got this fixed now but I'm leaving all this below
------
It is enabled. When I click start and look at syslog it looks like it could be running out of memory:

Out of memory: Kill process 20661

EDIT: Tried a few other things like throwing a usb stick in there that I had used before. I then enabled swap on it, not sure if swap actually works with it already mounted with files on it because I can still cd to it and see the files. But it is formatted ext4 if I remember...

Here is a paste of the log after clicking start on adblock: https://ghostbin.com/paste/wm4s5

EDIT2: Further testing I decided that it's possible it can't handle all the block lists. I backed up the adblock config

root@OpenWrt ~# cp /etc/config/adblock /etc/config/adblock.old

and then I removed all the bad hosts lines except the first. Now I see that it loaded some bad hosts where as before it kept saying 0

daemon.info dnsmasq[4554]: read /tmp/hosts/hosts.bad - 2393 addresses

I'm going to assume this is fixed and I'm going to add the lists back in a few at a time. Posting this here for when I can't figure this out in the future. Thanks for the good questions that helped me get here!

EDIT3: A bit more info. As I was adding them in I noticed that one of them was giving me "Killed..." after the line with "Tidying up the hosts file..." When I removed this line from the config everything worked fine

    list bad_hosts 'http://hosts-file.net/.\ad_servers.txt'

And the best part is ads are being blocked finally!

(Last edited by pinion on 17 Jun 2016, 02:38)

@arokh are you going to make any build for tplink AC2600 with source from lede-project?

@arokh

You mentioned you lost a bit of interest in OpenWRT. I am curious what other projects are you working on. May be we can find one of your fine builds somewhere else.

@arokh

You mentioned you lost a bit of interest in OpenWRT. I am curious what other projects are you working on. May be we can find one of your fine builds somewhere else.

@starki

If I do make new builds, I'll probably rebase on lede-project as it seems most devs moved there.

@abunimeh

I'm still running the latest build on my router and it works perfectly. It does everything I want, so for the moment there is no motivation for me to do anything. At the moment I'm doing LibreELEC community builds, nothing router related

@starki

If I do make new builds, I'll probably rebase on lede-project as it seems most devs moved there.

@abunimeh

I'm still running the latest build on my router and it works perfectly. It does everything I want, so for the moment there is no motivation for me to do anything. At the moment I'm doing LibreELEC community builds, nothing router related