Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds

Problems with Luci -- For example, I've tried adding a vlan to Material, bootstrap, and Openwrt, and none of them work. The work around is to create a vlan manually via command line.

To try bootstrap, all you have to do is remove luci-app-material.

Everyone just hang on a while longer and it will be fixed by the developers. Too bad QA hasn't been a little better as issues like this would have been caught prior to release. Another problem is some of these issues have been going on for more than a few weeks, so fixing known issues is going a bit slow. On the positive, I see these types of complications less and less over time which is good.

Dear Dave & Community,
Hello and I hope that all is well with everyone. Does anyone here ( or elsewhere ) know how to setup luci-app-acme acme - let's encrypt with duckdns. It has driven me crazy as I find little to no documentation. The " well known challenge" is where everything hangs. I tried to use Neilpang but all to no avail. https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT
So, if I am not too far off topic - I sure would appreciate all the help I can get - preferably step by step instructions.
Thanks in advance and God Bless In Peace,

directnupe

First you have to install the acme-dnsapi package

opkg install acme-dnsapi

Then issue certificate with this command:

DuckDNS_Token="your_token" /usr/lib/acme/acme.sh --issue -d your.domain --dns dns_duckdns

You can locate the certificate and key files in ./.acme.sh/your.domain/, in uHTTPd settings point the certificate and key path to them respectively

Btw, there is a ongoing performance issue with the Marvel Open Source driver and Intel AC8260 adapters.
So if your Notebook has an Intel 8260 wifi card you can check out the following thread @github: https://github.com/kaloz/mwlwifi/issues/307

Hopefully it will be fixed soon, it already cost me two days with testings to make sure my wifi card or my WRT3200acm isn't faulty... :confused:

Damm, I knew it was not just me :slight_smile:

Saludos,
Mariano

As pointed out on github there was a recent fix for the 9260s in the Linksys firmware. Hopefully there can be a similar fix with the 8260s etc. I'm not using either of those chipsets currently and wifi is working very well on my WRT32X with both Linksys firmware and OpenWrt (Davidc502 build).

Yeah, hopefully yuhhaurlin will be able to fix it...
A Dell notebook with Qualcomm QCA61x4A AC wifi also works fine with the latest driver, for me it's just the Intel 8260 adapter having these kind of problems.

The latest official Linksys firmware works fine with the Intel 8260 wifi but i haven't bought the device to use it with official firmware! :wink:

1 Like

Omg, nevermind, found the faq page.

Hey, somewhat of a noob question, but if I want to try this build on my wrt3200acm and I'm running 17.01.4 now, do I install the sysupgrade.bin or the factory.img file version? And what are the manifest and seed files, anything I need? Thanks. I really hope the new version improves some issues I'm having on the 5ghz band.

I'm looking here btw:

https://davidc502sis.dynamic-dns.net/releases/#3200acm

@KronMeister Just use sysupgrade.bin. Factory.img is to load OpenWRT/LEDE directly from stock firmware GUI

I hope this helps

Quick question: is it possible to turn off all the front panel LEDs (and maybe easily re-enable when I need them for whatever reason)? I'm experimenting with the physical position of the router in the house, pursuant to SO approval, and the blinken lights on the WRT32X are a little distracting when it's sat under the TV as it currently is.

I notice that the default in LUCI is for control of WAN and a load of USB ports. Do I have to add in all the additional "LED Name" entries and set them to no trigger or is there a simpler way to disable them all?

edit

Okay, done some tinkering:

  • WAN and Power respond well to setting to no trigger and can be turned off
  • USB1 corresponds to pca963x:venom:blue:usb2, USB2 corresponds to pca963x:venom:blue:usb3_1. Both can be turned off with "no trigger"
  • WPS amber and blue LEDs can be turned on or off manually, but both cannot be on simultaneously
  • LAN/switch LEDs cannot be controlled
  • eSATA I couldn't get this to manually turn on (I don't have an eSATA device to test with)
  • 2.4GHz and 5GHz - HERE BE DRAGONS - I can't seem to turn these off and selecting some of the trigger mechanisms seems to break the wireless altogether. I had to plug in an ethernet cable to my laptop to get back into the router and reset the configuration for these. Most likely related to this bug

Looks like I'll be going the tried and trusted route of sticking some black insulation tape over the front panel :rofl:

Hi @directnupe,
For now you can use the DNSCrypt protocol or just use a vpn.

Well you can turn off the LEDs on the stock Linksys firmeware, so there has gotta be a way with OpenWrt. I guess it's just not implemented here.

Dear antonsamoziv,
Thanks for getting back to me and your feedback. I always run a VPN so I imagine I am safe. I even advise in the tutorial at the very end:
Now all you need to do is run is a properly configured VPN Service. By doing so, running DNS over TLS with Stubby and GetDns will keep your VPN provider from spying on your encrypted DNS look ups - and also your DNS providers both the ISP ( replaced by encrypted Stubby ) and your Encrypted TLS DNS Service Provider will see your IP as the one from your encrypted tunneled VPN provider.
I am convinced this setup is the right strategy for both security and privacy. I think it to be the best practice for all those most serious about multi-layered cyber security.
So, I am glad that I seem to have been correct in that assessment .
God Bless and Peace,

directnupe

Dear LGA1150,
Thanks for your feedback and advice. I can issue the certificates following your advice. However, I still do not see the green padlock on the Luci uHTTPd login page. Also, how do I use luci-acme-app?
Another member says that I need to open port 80. I am trying to run Neilpang acme.sh - I do appreciate your help. Any further help will be greatly appreciated.
Peace and God Bless,

directnupe

This would be great. Hopefully someone finds a way to do this with LEDE

To enable https(only), you should install luci-ssl package and enable the redirect_https option in uhttpd config

David et al,

I'm trying to run dnscrypt-proxy V2 per the instructions given on https://davidc502sis.dynamic-dns.net/dnscrypt/. I've followed the instructions and the check is successful and the resolve command works, as follows:

root@OpenWrt:~# dnscrypt-proxy -config /etc/config/dnscrypt-proxy.toml -check 
[2018-07-11 00:44:27] [NOTICE] Source [public-resolvers.md] loaded
[2018-07-11 00:44:27] [NOTICE] Configuration successfully checked

root@OpenWrt:~# dnscrypt-proxy -resolve google.com 
Resolving [google.com]

Domain exists:  yes, 4 name servers found
Canonical name: google.com.
IP addresses:   2607:f8b0:4007:80d::200e, 172.217.5.78
TXT records:    v=spf1 include:_spf.google.com ~all docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95
Resolver IP:    172.68.45.184

However, when I enter 127.0.0.1#5353 as the sole DNS forwardings address in the DHCP and DNS Server Settings, none of my clients can resolve IPs. The dnscrypt-proxy.toml file contains listen_addresses = ['127.0.0.1:5353'] and the process is running. The only way I can resolve IPs is by adding additional DNS servers into DNS forwardings so I presume those DNS servers are being used rather than dnscrypt-proxy.

What am I doing wrong or what else should I investigate?

PS for what its worth I was running unbound for a while, but the look up times were getting annoying so I figured I'd go the dnscrypt-proxy.

Go ahead and put the 127.0.0.1#5353 back into dns forwarding and remove the other dns server addresses.

For a test, from one of your Windows or Linux clients, run the following command.

Substitute your router IP for the IP address below if using something different.
nslookup - 192.168.1.1

then do a simple query from the following prompt >

cnn.com

See if the name cnn.com is resolved. I'm assuming it won't be but I just want to confirm the client is initiating the request.

Also, run the following command from command line on the router.

netstat -an |grep 5353

You should get something like the below output.

root@lede:~# netstat -an |grep 5353
tcp 0 0 127.0.0.1:5353 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:5353 0.0.0.0:*

David,
Ok, I put 127.0.0.1#5353 back into dns forwarding and remove other DNS servers. From my iMac client, I ran nslookup:

iMac:~ owner$ nslookup - 192.168.1.1
> cnn.com
;; connection timed out; no servers could be reached
>

And then from the router, I ran netstat:

root@OpenWrt:~# netstat -an | grep 5353
tcp        0      0 127.0.0.1:5353          0.0.0.0:*               LISTEN      
udp        0      0 127.0.0.1:5353          0.0.0.0:*                           
root@OpenWrt:~#

And also from the router, dnscrypt-proxy -resolve cnn.com still is able to resolve the address:

root@OpenWrt:~# dnscrypt-proxy -resolve cnn.com
Resolving [cnn.com]

Domain exists:  yes, 4 name servers found
Canonical name: cnn.com.
IP addresses:   2a04:4e42:600::323, 2a04:4e42::323, 2a04:4e42:200::323, 2a04:4e42:400::323, 151.101.65.67, 151.101.193.67, 151.101.1.67, 151.101.129.67
TXT records:    MS=ms66433104 ms=ms97284866 126953328-4422040 133461244-4422058 178953534-4422001 186844776-4422028 228426766-4422034 267933795-4422004 287893558-4422013 294913881-4422049 299762315-4422055 321159687-4422031 349997471-4422043 353665828-4422052 528183251-4422019 553992719-4400647 598362927-4422061 667921863-4422007 688162515-4422037 691244352-4422022 714321471-4421998 754516718-4422064 755973593-4422016 764482256-4422025 782989862-4417942 826218936-4422046 882269757-4422010 facebook-domain-verification=xszi21kow2trmw3xt3ph6s631zyu3i adobe-idp-site-verification=279ead95-3581-42b7-82f4-73c97f8cebfa google-site-verification=_0t0_4y4tyxU4UjDTPDbBapzyvPk4uRjK61v-KZlPTs globalsign-domain-verification=-Q7umwx2mj164XwLa0PsoUaWe2HBhta50GjggsT98f globalsign-domain-verification=2lI5pahhCu_jg_2RC5GEdolQmAa4K7rhP7_OA-lZBK _globalsign-domain-verification=5ckEJ4VIhQ6weCdCfmfzQPVP6ED1LtCX9jw1OKX5Mv _globalsign-domain-verification=yTw3T3KnyIyTB1xG2GvVhl1zWJlFp-WqmNskdVI_65 d1xTs9+kADZZSz3bPphLpkMXXxBGjqn5vsQHhi2M6lo0r8AdIbm6j8LfQXPujsywVgeGSP+AXWX0vO9Iep5cUg== v=spf1 include:cnn.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all
Resolver IP:    172.68.45.130

Does that give a better idea of what may be wrong?

Thanks.

That helps to confirm that either dnscrypt-proxy is listening and not accepting connections, or the forward to port 5353 isn't working.

I think the following is stupid due to bad design, but you are using the # sign in the forward to the correct port? 127.0.0.1#5353 ? The reason why I ask is because initially for me I put in a : which you would think would be correct, but isn't.

Also, just to make sure, are you using the .toml config it was bundled with?