Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds

Giving this some further thought, introducing a symlink would be a better solution in my case.
ln -s /var/run /run. This will put the socket in tmpfs (RAM) and there is no risk of destroying the flash memory.

Some further investigation shows that there is a fresh patch available in openwrt/packages to revert the problem introduced in Avahi v0.7. I guess this will reach davidc502 builds in the near future.

In many "modern" distributions, '/var/run' has been replaced by '/run' where '/run', mounted as tmpfs.
For backward compatibility, '/var/run' is created as symlink or bind mount.
@davidc502: For forward compatibility, consider introducing something similar to avoid problems in the future.

I'd like to know if anyone has used Unbound to set up a validating, recursive, caching DNS resolver combined with Dnsmasq for local address resolution on one of the WRTs per:
https://openwrt.org/docs/guide-user/services/dns/unbound

Using davidc502 build as a starting point. Before I give it a go, I thought I'd ask any other privacy minded aficionado out there if it has worked well and if it works per the instructions in the link above (I'd do it per example 2).

David,

Seems like I'm well behind with updates and need some assistance or direction on how to get up to speed with the latest build/release. When attempting to update my package list, I see a lot of failed statements.

Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/telephony/Packages.gz.
Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/telephony/Packages.sig.
Signature check failed.
Remove wrong Signature file.

and

Collected errors:
 * opkg_download: Failed to download http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/Packages.gz, wget returned 8.

Those are a couple of examples where I have errors on all packages. From what I can see, the path to the files has changed; but, I could be wrong. So, could I please get your advice on the best method to update my OS to the latest build?

Thank you.

Looks like you have not updated your build yet ( the screenshot reads that you're using Lede leviatan II r2695) . First, download and install his latest build.

Then, if you do so and don't change the repo pointer.... you will download the packages from the wrong repo ( snapshots/r2695/ ) . That is for your current old build for sure.

Update it to your new build number ( probably 7002 )

Go to Software --> configuration --> and replace all the , "snapshots/r2695/" by a "snapshots/r7093/"

Also, if you want to be on the "Bleeding edge", getting the new updates everyday from the actual LEDE repository (not David's ) , use the following:

src/gz lede_core https://davidc502sis.dynamic-dns.net/snapshots/r7093/targets/mvebu/cortexa9/packages
src/gz lede_darkmatter https://davidc502sis.dynamic-dns.net/snapshots/r7093/packages/arm_cortex-a9_vfpv3/darkmatter

src/gz reboot_base https://downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/base
src/gz reboot_luci https://downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/luci
src/gz reboot_packages https://downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/packages
src/gz reboot_routing https://downloads.lede-project.org/snapshots/packages/arm_cortex-a9_vfpv3/routing

Yep that's what I use for my setup. I switched to Unbound because of the ability to use DNS over TLS as a replacement to dnscrypt, and I use it with dnsmasq for local resolution. Everything works properly as far as I can tell, though one thing I am still trying to figure out is how to prevent DNS requests from bypassing Unbound. I have a bunch of firewall rules that are supposed to prevent that, but I still see request from network clients connecting to google DNS. When I run a DNS leak test, everything seems to resolve using Unbound.

bhlc, thanks I will give Unbound a try. I recognize I'll need to stop using dnscrypt-proxy V2 which I had installed for DNS-over-HTTPS with cloudflare. I also use adblock which ought to work just fine with unbound.

I'm surprised your clients still go to google DNS. Perhaps you need to reset them so they request a new DNS server from your router?

I just uploaded build r7360 to the server.

Wifi driver updated to the latest commit as of today -- 10.3.8.0-20180615
Kernel updated to 4.14.51

Changelog --

These two packages were removed because they were failing to download. However, I will attempt to add them back for the next build.

Remove usbip 30 June 2018 Packages not found
Remove usbutils 30 June 2018 Packages not found

Hi David,

My personal thanks for your work with regard to these WRT routers especially the WRT3200ACM. I come from many years of successfully using DD WRT on Linksys WRT54G routers only to find that my WRT3200ACM I purchased a few days ago has pretty low feature firmware. No VPN client!

If there is a patreon or anything I can do to support your ongoing work on this router please share

Going to give it a go now to flash my router with your version of Open WRT!

More specifically, most DNS requests are resolved by Unbound as desired because DHCP is telling them to use the router to resolve. However, with the firewall rules:

iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1

I would expect a nslookup command using 8.8.8.8 as the resolver to get redirected to the router rather than being forwarded to Google, but when I audit connections I'm seeing the outbound connection to 8.8.8.8:53. My best lazy guess is that something about nslookup is tricking the firewall, but the begs many other questions about the integrity of my firewall that I don't want to think about. Please don't hack me!

Also I use Adblock with this setup and yeah everything seems to integrate perfectly there.

David,

I'm sorry i have to ask a newbie question. I came from the world of DD-WRT recently were I was very familiar with system upgrading. I used your 6-16 build, set up a bunch of things my way (installed VPN-Policy-routing, dnscrypt-proxy V2, and so forth). How do I upgrade to your latest 6-30 build without losing the packages I have installed and the settings I have made? For starters, I gather I use "sysupgrade" rather than "factory" but beyond that I don't know. Is there a guide for that?

Thanks
Slim

Hi Guys,

I also have a newbie question about this build. I just read this post about the latest WRT3200ACM Models using a different NAND flash which the Linksys Engineering team still has to release a patch for:
https://community.linksys.com/t5/Wireless-Routers/WRT3200ACM-How-to-check-u-boot-nand-version/m-p/1275685/highlight/false#M348078

My Serial # is: 19811601803373
Stock Firmware ver: 1.0.6.186168

Am I also affected by this? Can I use your latest builds David?

I appreciate the offer, but I am not accepting donations or payments. What I do is very simple. All the credit goes to the developers of OpenWrt/Lede, so be sure to make a donation to them.

Best Regards,

David

Here's the crux. All of your settings should be retained when doing a sysupgrade. However, you will need to re-download the packages. After the packages are downloaded, all should work normally (one exception with dnscryptproxy-version 2).

As a precaution, go ahead and backup your settings prior to doing the sysupgrade.

As for dnscrypt-proxy Version2. The configuration will be retained (/etc/config/dnscrypt-proxy.toml), but you will need to go through several steps to get it working again.

There shouldn't be any issues now. Feel free to download and install.

There are 2 partitions, so if it isn't working to your liking you can always revert back to stock.

EDIT

Download and install the image ending in .img.

For those who might be having issues with Androids using Wifi (Ether 5 or 2.4Ghz).

Try disabling "Allow legacy 802.11b rates" from the Wifi, Advanced Settings menu.

@davidc502 , if I point to the repositories of Lede, I get that this packages are newer than your current build r7360:

mwlwifi-firmware-88w8864 - 10.3.8.0-20180615-1 - 2018-06-15-8683de8e-1
mwlwifi-firmware-88w8964 - 10.3.8.0-20180615-1 - 2018-06-15-8683de8e-1
mwlwifi-firmware-88w8897 - 10.3.8.0-20180615-1 - 2018-06-15-8683de8e-1

Those are from June 15th , and you said all wifi drivers commit were in already?

Hi,
I just got the WRT32X after using ASUS RT-AC66U for the last couple of years.
I can't get the router to transmit more than 144mbps using 2.4ghz network, it uses only 20mhz width
although 40mhz selected in settings.
Never had such problem before, got 300mbps on 2.4ghz using the ASUS router.
Hope it's not a defective router.

BTW, I can't flash the stock firmware after flashing your build.
I get this error:
"The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform."

I want to try the stock again, hope you could tell me how to flash it.
Thanks

The advanced reboot menu shows my WRT32X doesn't have multiple partitions. Is this normal?

Thanks. The upgrade worked well and wasn't much effort. One important question. When I used "sysupgrade -v ' did I overwrite the existing partition or did I overwrite the other partition? I ask because I'd like to have kept the Linksys firmware on the other partition not because I used it, but as a backup if things go south.

Another bug I noticed, 5Ghz Network won't work after setting 160Mhz manually.
Change back to 80Mhz won't fix it.
Have to reset to factory settings to get it working again.