Hardware NAT For LEDE

I have added WDR3600 build in the link above
Check the PDF on the Hardware NAT Commands
I also switched to using OpenSSL for hostapd as OpenSSL contains MIPS optimized assembly for AES encryption at the cost of larger binaries
WPA2-CCMP should show a marked improvement in throughput compared to using Hostapd Internal Crypto

1 Like

Wireless Client Mode is not working in 5Ghz using this last version, yesterday version was working fine.

what does the term version pertain to?? is it a specific commit? his latest uploaded build? your latest build using the master? or the lede-17.01 branch? ie. just need some sort of reference as we don't have the background information you have

I'm talking about gwlim builds on github, yesterdays version worked, todays version has this problem.
Just "fixed" the 5ghz wireless client problem, by uninstalling wpad and installing wpad-mini.

Thanks gwlim, great job! I just installed it in one of my WDR3600, I'll let you know... thanks a lot!

Can you describe how to reproduce?
The only thing I changed was to switch to openssl for wpad/hostapd.
My WDR4300 Wireless 5GhZ is still working

its a simple setup, but both radios are clients of different networks, changiing wpad to wpadmini solves that

config wifi-iface
option network 'wwan2'
option ssid 'my_ssid'
option device 'radio1'
option mode 'sta'
option bssid 'XX:XX:XX:XX:XX:XX'
option key ''12345678'
option encryption 'psk2+ccmp'

After applying the latest patch - #065 - I personally saw that WPA_SUPPLICANT_INTERNAL was still selected and manually selected WPA_SUPPLICANT_OPENSSL manully via menuconfig - lmk if this was the case for anyone else - not a big problem since I was able to still enable it in the end

That is because my patch sets OpenSSL as default, if you used the oldconfig INTERNAL would have been already selected so the patch does nothing.
Usually I delete the whole directory and clone from scratch for each build.

Ooooo, thanks I learned something new - this makes sense

Sorry for the misreport, doesn't matter which version I use, the real problem is:
If 5ghz has a master network and a client network, the wireless can't initialize after a reboot. (thats why i only noticed when i updated firmware version)
If after boot I edit anything on the master network, ssid or maclist for example, the wireless initializes ok.

Anyone figured out how to do NAT?
I am still waiting for someone to try ssdk_sh nat blah blah to tell me the syntax.

examples in documentation are scarce, hope someone will save us.

I've just been playing around with the commands in the file below - haven't had time to actually run some tests - some else with time can try

Here's an excerpt

bond_switch_set() {
	sw_printconf_add_switch > $swconf
	$swconfig dev switch0 load $swconf

	$ssdk_sh vlan entry create 1
	$ssdk_sh vlan entry create 2
	$ssdk_sh vlan member add 1 0 tagged
	$ssdk_sh vlan member add 1 6 tagged
	$ssdk_sh vlan member add 2 0 tagged
	$ssdk_sh vlan member add 2 6 tagged
	$ssdk_sh vlan member add 1 1 untagged
	$ssdk_sh vlan member add 1 2 untagged
	$ssdk_sh vlan member add 1 3 untagged
	$ssdk_sh vlan member add 1 4 untagged
	$ssdk_sh vlan member add 2 5 untagged
	$ssdk_sh portVlan defaultCvid set 1 1
	$ssdk_sh portVlan defaultCvid set 2 1
	$ssdk_sh portVlan defaultCvid set 3 1
	$ssdk_sh portVlan defaultCvid set 4 1
	$ssdk_sh portVlan defaultCvid set 5 2
	$ssdk_sh misc cpuVid set enable
	$ssdk_sh portvlan ingress set 1 check
	$ssdk_sh portvlan ingress set 2 check
	$ssdk_sh portvlan ingress set 3 check
	$ssdk_sh portvlan ingress set 4 check
	$ssdk_sh portvlan ingress set 5 check
	$ssdk_sh trunk group set 0 enable 0x41
	$ssdk_sh trunk hashmode set 0xf
}

Another source I've been reading

Here's some tid bits


/**
 * Set a VLAN
 * @vid:	VLAN ID
 * @prio:	VLAN Priority
 * @mbr:	VLAN members
 * @untag:	VLAN members that need untag
 *
 * @return
 * 	0:	success
 *     -1:	invalid parameter
 */
int ipq40xx_vlan_set(int vid, int prio, int mbr, int untag)
{
	int vlan_idx, i;
	unsigned int m, u;

	if (vid > 4095 || prio > 7)
		return -1;

	doSystem("ssdk_sh vlan entry create %d", vid);
	for (i = 0, m = mbr, u = untag; i < 6; ++i, m >>= 1, u >>=1) {
		if (m & 1) {
			if (u & 1) {
				doSystem("ssdk_sh vlan member add %d %d untagged", vid, i);
				doSystem("ssdk_sh portVlan defaultCVid set %d %d", i, vid);
				doSystem("ssdk_sh qos ptDefaultCpri set %d %d", i, prio);
			}
			else {
				doSystem("ssdk_sh vlan member add %d %d tagged", vid, i);
			}
			doSystem("ssdk_sh portVlan ingress set %d secure", i);
			doSystem("ssdk_sh portVlan egress set %d untagged", i);
		}
	}

	return 0;
}

@gwlim, I noticed you are testing with the WDR4900.
Would it be an idea to load the latest firmware from TP-LINK, WINSCP into the router and look for the appropriate switch-settings in the files that are present on the router?

It is different for MIPS platform HNAT works pretty much out of box after modifying the package compilation but for WDR4900 it is a freescale, init code path looks different

That is what I mean: if you are missing information, look at the original router-software made by the manufacturer.
Unfortunately, the source-code is not available for most routers. The next best thing is to flash the original firmware and look at the contents of the files that are on the router. Probably there are configuration-files in the original firmware that contain the information that you are looking for.

We can't because binaries will not display init code.
I download TP-Link GPL but the switch code is actually a binary tarball.
A lot of vendors actually embed the ssdk into their custom binary there you can't see the switch commands

maybe binwalk can help here
https://github.com/devttys0/binwalk