Hey @Bartvz, could create a new build with the WPA2 exploit fixed? This is the commit https://git.lede-project.org/?p=source.git;a=commit;h=bbda81ce3077dfade2a43a39f772cfec2e82a9a5
Thanks for your builds!
1 Like
If you aren't using SQM QoS, you should! It is the way to defeat bufferbloat. Sure QC SFE speeds up network traffic but it doesn't tackle the problem at it's source. Our router should be able to keep up with your internet speed.
OP = Opening Post
Yes, this is a barebones firmware. It's tailor made to how I use my router. If you want more functionality, that can be gained by using opkg. For example, with a few packages usb storage should work. But imo a router shouldn't be a storage device.
Awesome! That's good to hear!
Done!
Dear all, please update your firmware. New build uploaded to the OP with KRaCK fixes (and some more stuff)!
1 Like
Hi there!
I've just created an account to just say this:
The r5099 is the first build in this thread that gives me decent 5GHz WiFi performance (100Mbps+) and really stable connection. The 2.4GHz also works good, although I'm not using it much, cuz I have tons of interferences on this band.
They did some magic in mt76 driver and I highly recommend this build.
Thank you, @Bartvz! Keep it up 
1 Like
Love your builds, so first want to thank you, excellent work!
With that being said, I'm having an issue using ssh to connect to my router on 5099. Wanting to make sure it wasn't a bad flash, I re flashed 5099 with same results. So I went back to 5017 and ssh works great. At this time, I setup public-private key auth and disabled password auth in dropbear, thinking this might provide workaround. Worked great on 5017. Flashed to 5099 and same results. I get this message in putty log:
2017-10-21 09:33:11 Connecting to 192.168.1.1 port 22
2017-10-21 09:33:11 We claim version: SSH-2.0-PuTTY_Release_0.70
2017-10-21 09:33:11 Server version: SSH-2.0-dropbear
2017-10-21 09:33:11 Using SSH protocol version 2
2017-10-21 09:33:11 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
and this in system log, pulled through Luci:
Sat Oct 21 09:33:12 2017 authpriv.info dropbear[2336]: Child connection from 192.168.1.229:50273
and nothing more. Eventually it times out. Any ideas?
Strange new issue: I can't ssh into the router, even though I double-checked my port and IP address. Putty seems to just be waiting for the router to respond, and it doesn't seem to time out, etc?
I can still get in using Luci.
I'm going to reflash this firmware and see if that fixes this issue.
EDIT: this didn't fix the issue, possibly because I asked sysupgrade to retain all the settings.
Thanks for your kind words! 
Could you both try a clean flash? There have been some commits concerning dropbear and cryptography.
I backed up all my settings, then clean flashed. After clean flash, I tried SSH using Putty in Windows. It said connection refused, on default settings (192.168.1.1, port 22). I was still able to log into LuCi just fine at that IP address, and verified that port 22 is set for Dropbear.
I went ahead and restored my settings from backup, but the same behavior of unresponsive Putty persists. At least no connection refused error came up.
EDIT: In the system log pulled from LuCi, I see this warning:
Thu Oct 26 07:46:02 2017 authpriv.warn dropbear[947]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
This is when the router was rebooting, and not when I was trying to SSH. Is this the issue?
@Bartvz Is there a reason why you removed irqbalance from your build? I've skimmed the topic but cannot find it. Thanks!
On which interface was dropbear listening after the clean flash and before restoring your config?
The ecdsa host key error is probably due to restoring your config.
I had the same problem after upgrading to the latest build but for me a clean flash without restoring settings allows me to open an ssh terminal connection.
I've been planning to write a script to set the irq's manually but haven't got around to it. irqbalance will be back in the next build.
1 Like
How do I determine the dropbear listening interface? I cannot SSH in, so would need a way in LuCi to determine this.
EDIT: I saw the interface field under Dropbear in LuCi. It was always set to unspecified, after clean flash, as well as after restoring the config.
Unspecified is the default setting. I recommend setting it to the lan interface for security.
After a clean flash without restoring your config, you still cannot establish a ssh terminal connection and you get the same log entries?
Edit: testing new build, as in flashing it to the router and running a couple of speedtests. After work I'll be able to test SSH. Couple of new features in this build: OpenVPN and port knocking!
Edit 2: in the new build ssh is also not working, really strange
Thanks Bartvz and all involved in this!
I'm new to this community, have been reading for couple of years about dd-wrt, openwrt and recently lede, but I never had the need to mod my tp-link 1043nd since everything I care is wired and it does around 100mb/sec when coping files between my workstation and htpc (normal hdd with encrypted drives).
Got a good deal on a 860l and tried setting it up today, however i found that the default set of features is highly limited it, doesn't even have address reservation when using dhcp (i had another dlink which had such so this is strange), so back to the tp-link.
My top priorities are speed on wired connection and stability on wireless (don't care much about speed). And another thing I'm planning to do is dlna and samba sharing using the usb 3.0 port, hopefully with encryption (luks, ext4).
Does it make sense to use the default lede installation for stability or this one will be better ?
for me this build worked better, i had several problems with the default lede. only downside of this build is that you cant install some packages through the webinterface(but it works if you use opkg in ssh). i got an 200k connection and never had speed issues, wired and wireless.
just to confirm, fresh (factory) install of 5099, ssh is not working.
for me it worked after i restarted dropbear in luci.
I did a restart of dropbear in LuCi just now, but no effect.
I went into the software page in LuCi and removed dropbear. This still left the /etc/dropbear/dropbear_rsa_host_key there however, and I have no way of going in to remove that file to reinitialize the RSA key. WinSCP is in the same boat as Putty, in that it cannot connect.
Any ideas on how to remove that file through LuCI?
EDIT: Finally got it.
I removed dropbear package and installed luci-app-commands package. This then allowed me to run the following Linux commands:
rm /etc/config/dropbear
rm /etc/config/dropbear-opkg
rm /etc/config/dropbear_rsa_host_key
I then reinstalled LuCi and started a fresh Putty session. Finally can get back into my router on r5099.
This worked for me, thank you for the great instructions! I'm now on 5099 and able to SSH in.
Worked for me too, it is probably something wrong with /etc/config/dropbear since i didn't have the other two files.
However i hit another problem trying to install kmod-fs-ext4 but i get
- satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ext4:
- kernel (= 4.9.58-1-794a08a354d320319815570c95a4f015) * kernel (= 4.9.58-1-794a08a354d320319815570c95a4f015) * kernel (= 4.9.58-1-794a08a354d320319815570c95a4f015) *
I found "the build that the package was from does not match the build that you flashed", is there anything i can do?
Does r5099 have the KrAck vulnerability patched?
Yes and no. This is the bleeding edge of LEDE. Upside is updated versions of stuff like the kernel and the wireless driver. Also, some optimizations are applied to my builds which should increase router performance (newer version of GCC used to compile, optimized compiler flags, newer version of binutils used). Downside is that there may be bugs. However, I always test my builds before uploading them so basic router functions should work.
That is related to the kernel version. Kernel version is hardcoded so if the kernel is a version behind it won't install which is a safeguard. Mixing an incompatable kmod with a kernel may cause the kernel to crash. OP updated with a new build so you should be able to install the kmod.
Yes and so does build r5394 
Weirdly enough dropbear still doesn't work out of the box. Following your instructions it works again.
Edit: removing and reinstalling dropbear via system >> software also works!
Edit 2: My testing shows the latest build 5GHz WiFi is ~30% faster than previous builds.