1 (edited by amq 2017-02-25 02:21:43)

Topic: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

http://i.imgur.com/3xdOmT1.png

Sharing a custom build I've created for my own use:

  • LEDE Reboot

  • LuCI with https

  • IPv6 and PPPoE

  • MiniUPnP

  • OpenVPN with mbed TLS

  • QoS

  • DDNS

  • Wget with https

  • Reghack (WiFi channels 12 and 13)

  • Minified LuCI's CSS and JS

  • Compiled with GCC 6.3

  • Removed kernel debugging

  • Nothing else has been touched. Basically, it is a 'make defconfig' + profile + the mentioned above

  • Free ROM: 76 KB

  • OpenVPN AES-128-CBC speed: 12Mbs/12Mbs (measured on v8 downloading ubuntu via a torrent)

Download firmware:
dropbox

Build script:
github

Supported devices:
tl-wr841n-v1.5
tl-wr841n-v3
tl-wr841n-v5
tl-wr841n-v7
tl-wr841n-v8
tl-wr841n-v9
tl-wr841n-v10
tl-wr841n-v11

Changelog:

2017-02-25
- r3218-bf53a83 (17.01 branch)
- Added https for LuCI

2017-01-31
- r3198-74ea99b
- Added DDNS
- Added libustream-mbedtls (https support for wget)

2016-12-25
- r2672-9998bc5
- Added QoS
- Upgraded mbed TLS from 1.x to 2.x
- Compiled with GCC 6.3 instead of 5.4
- Increased squashfs4 block size from 256 to 1024
- Disabled debugfs
- Enabled sstrip to further reduce the size

2016-12-04
- r2400-abedd71
- Initial release

How to achieve the same build with the 'menu makeconfig' interface

1. rm .config .config.old
2. make defconfig
3. make menuconfig
(use space to select, make sure you see a star after a selection, not an M; use esc to go back)

_Target Profile - TP-LINK TL-WR841N/ND

Enable:
_LuCI - Collections - luci
_LuCI - Applications - luci-app-upnp
_LuCI - Applications - luci-app-openvpn
_LuCI - Applications - luci-app-qos
_Network - VPN - openvpn-mbedtls
_Advanced configuration options (for developers) - Toolchain options - GCC compiler Version - gcc 6.x
_Global build settings - Strip unnecessary exports from the kernel image, Strip unnecessary functions from libraries

Disable:
_Global build settings - Enable support for printk, Crash logging, Support for paging of anonymous memory (swap), Compile the kernel with debug filesystem enabled, Compile the kernel with symbol tables information, Compile the kernel with debug information, Compile the kernel with SysRq support, Enable printk timestamps
_Kernel modules - Wireless Drivers - kmod-ath9k - Support for Ubiquiti Unify Outdoor+
_Kernel modules - Wireless Drivers - kmod-mac80211 - Export mac80211 internals in DebugFS
_Kernel modules - Wireless Drivers - kmod-ath - Force Atheros drivers to respect the user's regdomain settings

OpenVPN setup guides:
https://blog.ipredator.se/howto/openwrt … enwrt.html
https://www.robertkehoe.com/2015/08/set … g-openwrt/

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Stable? Which are the main differences from the OpenWRT build?

3 (edited by amq 2016-12-04 19:02:45)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

marco_silva85, the only functional difference compared to my latest OpenWRT build is the removed DNSCrypt package (not enough space).

Everything else is the same, you can even upgrade while keeping your settings.

So far it is completely stable for me.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

amq wrote:

Sharing a custom build I've created for my own use:

  • OpenVPN with mbed TLS

How did you achieve this? I've been interested in OpenVPN-mbedtls for a while.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

OpenVPN with mbed TLS = openvpn-polarssl

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

amq wrote:

OpenVPN with mbed TLS = openvpn-polarssl

Uhm, no. There's a difference between mbedtls and polarssl.

7 (edited by slh 2016-12-05 22:59:05)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

mbedtls is the successor (== a newer (major-) version) of polarssl, as such polarssl needs to be phased out naturally, due to API changes, this will take a while until completion.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

slh wrote:

mbedtls is the successor (== a newer (major-) version) of polarssl

I'm perfectly aware of that. That's why I said mbedtls != polarssl. You should correct your original post.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

PKG_NAME:=polarssl
SRC_PKG_NAME:=mbedtls
PKG_VERSION:=1.3.18

https://github.com/lede-project/source/ … l/Makefile

So it *is* mbed TLS, just a previous branch (1.x vs the latest 2.x). There is no such thing as PolarSSL anymore.

OpenVPN seems to support 2.x already, so a package in OpenWRT / LEDE is probably not far away.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Thanks a lot, amq.

Installed yesterday on all my routers and everything is working.

11 (edited by julianocs 2016-12-08 15:22:27)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Hi amq.

It´s possible include SQM on your release?
Or there isn´t enough space on the router?

Thanks.

12

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

julianocs, there is not enough space for sqm or qos.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Hum, ok amq...

Another question: Do you know if i uninstall VPN, there will be enough space to install SQM or QoS?
Or it will be necessary to recompile a new "clean" build?

Thanks.
Juliano

14

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

You need to recompile the image to remove packages.

15 (edited by deuteragenie 2016-12-22 12:27:19)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Very nice!

Maybe you could have a look at the GCC initify plugin.
Also, GCC - Os might be helpful, as well as switching to GCC 6.x

I am not sure what parameters are used for squashfs.
lzma2 with block size of 1024 kb appear to be giving the best compression ratio.
Edit: I checked the LEDE source code and it recently switched to lzma2 - the patch seems to be trivial to apply.

Would love to see QoS back smile

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

deuteragenie wrote:

Would love to see QoS back smile

+1

vpn is useless for me.

17

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

New build is up, includes QoS smile

18 (edited by julianocs 2016-12-26 07:21:42)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Thanks a lot amq !

Installed now and everything is working 100% !
Can you tell me if it is possible to include or install luci ddns client in your build?

Regards.

19 (edited by julianocs 2016-12-26 21:54:02)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Hi.

Tried to install now using luci, not enough space. sad

Amq, I'm being much boring if i request to you include ddns in your next build? smile Or help-me how to install? 

Regards.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

Hi guys. You will see the firmware version of the 841 to change the memory up to 8 mb? Preferably with USB support? Maybe someone will make it? Thanks.

21

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

New build is up. 17.01 stable branch + https for LuCI

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

OPKG dont work? In the original version LEDE, at tl-841 v5, opkg do not install the packages.

23 (edited by KREAT0R 2017-02-27 22:56:06)

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

My 841nd v5 bricked with 2017-02-25 (sysupgrade) from 2017-01-31 (without "Keep settings")

=(

EDIT: unbricked via Serial console with RS232 TTL

i.imgur.com/Qpg70LP.png

EDIT2: im use 2017-02-25 factory.bin (from TPLINK firmware) and all ok.

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

841nd v9 bricked on sysupgrade with "Keep settings"
unbricked via firmware transfer in TFTP

upgrade r3218 squashfs-factory and all ok.

Thanks

Re: TP-Link TL-WR841N(D) Extended Build [all versions] LEDE Reboot

May I know how did you manage to add ht tp-proxy-option EXT1 in OpenVPN config? Other OpenVPN packages i've used does not support that option I am getting a Bad ht tp-proxy-option or missing parameter error. Thank you