Router: Netgear R7000
Firmware: v3.0-r32170M kongac (06/03/17)
Kernel: Linux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Status: Up and running for just over 1 1/2 days
Reset: Soft boot before ddup
Errors: None
Upgraded via 'ddup --flash-latest' from r31980M. No 'erase nvram' this time.
The temperatures are good: CPU 59.7 °C / WL0 48.2 °C / WL1 48.9 °C (My R7000 is wall-mounted.)
Current basic R7000 setup (subject to change of course):
- Static WAN IP
- LAN DHCP Enabled
- IPv4 only
- No VLANS
- Encrypt DNS enabled / Cisco OpenDNS
- Wireless: Regulatory Domain = UNITED_STATES, wl0 NG-Mixed (ch. 7 + 5), wl1 NA-Mixed (ch. 161 + 159), AES
- SNMP enabled, SSH enabled, Telnet disabled
- Firewall enabled, Log Level high
- Syslog: remote to Logentries
- YAMon 3.1
- USB Flashdrive mounted as JFFS, adblocking via pixelserv
- NO: ttraf, VNC, Zabbix, VPN, Radius
- NO: Port forwarding, UPnP, DMZ, QoS
- NO: Samba, CIFS, JFFS2, miniDLNA, Entware, Optware _________________ Netgear R7000: v3.0-r54248 std (11/29/23)
EdgeRouter-X: EdgeOS v2.0.9-hotfix 7
Router: Netgear R8000
Firmware: v3.0-r32170M kongac (06/03/17)
Kernel: Linux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Status: Up and running for just over 1 1/2 days
Reset: No
Errors: Connection between R8000 and extender have improved but there is still a difference when Core USB Support is enabled.
Using the same configuration for my Dedicated HE Tunnel IPv6 R7000 from build 31870, I Get DNScrypt Errors and no Internet access. I'm using resolver Cisco OpenDNS over IPv6.
Not working DNSCrypt Log with Build 32170M...
Jun 5 10:51:31 HE-IPv6 daemon.notice dnscrypt-proxy[1513]: Starting dnscrypt-proxy 1.9.5
Jun 5 10:51:31 HE-IPv6 daemon.info dnscrypt-proxy[1513]: Generating a new session key pair
Jun 5 10:51:31 HE-IPv6 daemon.info dnscrypt-proxy[1513]: Done
Jun 5 10:51:46 HE-IPv6 daemon.err dnscrypt-proxy[1513]: Unable to retrieve server certificates
Jun 5 10:51:47 HE-IPv6 daemon.info dnscrypt-proxy[1513]: Refetching server certificates
Jun 5 10:52:02 HE-IPv6 daemon.err dnscrypt-proxy[1513]: Unable to retrieve server certificates
Jun 5 10:52:05 HE-IPv6 daemon.info dnscrypt-proxy[1513]: Refetching server certificates
Jun 5 10:52:20 HE-IPv6 daemon.err dnscrypt-proxy[1513]: Unable to retrieve server certificates
Working DNSCrypt Log with Build 31870M...
Jun 5 11:03:17 HE-IPv6 user.info : - [cisco-ipv6] does not support DNS Security Extensions
Jun 5 11:03:17 HE-IPv6 user.warn : - [cisco-ipv6] logs your activity - a different provider might be better a choice if privacy is a concern
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: Generating a new session key pair
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: Done
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: Server certificate with serial #xxxxxxxxxx received
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: This certificate is valid
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: Chosen certificate #xxxxxxxxxx is valid from [2017-03-24] to [2018-03-24]
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Jun 5 11:03:17 HE-IPv6 daemon.info dnscrypt-proxy[1548]: Server key fingerprint is AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:0000:1111:2222:3333:4444:5555:6666:7777:8888:9999
Jun 5 11:03:17 HE-IPv6 daemon.notice dnscrypt-proxy[1548]: Proxying from 127.0.0.1:30 to [2620:0:ccc::2]:443
Update...
I changed resolvers and back to Cisco OpenDNS over IPv6 and it started up with Build 32170M. Also did a power cycle and DNSCrypt started up fine....
Jun 6 07:14:18 HE-IPv6 user.info : - [cisco-ipv6] does not support DNS Security Extensions
Jun 6 07:14:18 HE-IPv6 user.warn : - [cisco-ipv6] logs your activity - a different provider might be better a choice if privacy is a concern
Jun 6 07:14:18 HE-IPv6 daemon.notice dnscrypt-proxy[1557]: Starting dnscrypt-proxy 1.9.5
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: Generating a new session key pair
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: Done
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: Server certificate with serial #xxxxxxxxxx received
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: This certificate is valid
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: Chosen certificate #xxxxxxxxxx is valid from [2017-03-24] to [2018-03-24]
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Jun 6 07:14:18 HE-IPv6 daemon.info dnscrypt-proxy[1557]: Server key fingerprint is AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:0000:1111:2222:3333:4444:5555:6666:7777:8888:9999
Jun 6 07:14:18 HE-IPv6 daemon.notice dnscrypt-proxy[1557]: Proxying from 127.0.0.1:30 to [2620:0:ccc::2]:443
UPDATE....
Quickly Rolled Back to my last working configuration with Build 31870M, No Time to troubleshoot....
Quick-up update: I was having intermittent Internet connect issues which became a big problem at home. I know that OpenVPN video streaming would cause pausing (not buffering) every couple of minutes. Also problems with DNSCypt which caused sites to be down. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 14 Jan 2009 Posts: 406 Location: AB, Canada
Posted: Tue Jun 06, 2017 2:40 Post subject:
ZacWolf wrote:
Router: Netgear R8000
Firmware: DD-WRT v3.0-r32170M kongac (06/03/17)
Previous: DD-WRT v3.0-r31980M kongac (05/11/17)
Kernel: Linux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Previous: Linux 4.4.67 #317 SMP Thu May 11 12:58:51 CEST 2017 armv7l
Status: ok
Reset: no (ddup --flash-latest)
Errors: yes
Connecting to www.desipro.de (212.227.247.157:80)
fw.bin 100% |*****************************************************************************************************| 24120k 0:00:00 ETA
Connecting to www.desipro.de (212.227.247.157:80)
fw.bin.sig 100% |*****************************************************************************************************| 256 0:00:00 ETA
Error relocating /usr/sbin/openssl: EVP_aes_512_cbc: symbol not found
Error relocating /usr/sbin/openssl: EVP_ripemd160: symbol not found
Error: Signature does not match. Aborting flash.
I'm using Entware-ng as well and had no such error. Are you fully up to date? _________________
Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Tue Jun 06, 2017 13:52 Post subject: Re: VPN status not there
LiskoFINAL wrote:
mindraid wrote:
HI guys
Just flashed the latest R7800 firmware: DD-WRT v3.0-r32170M kongat.
I had the previous version but in that version and in this version Open VPN status is empty:
Status-> OpenVpn...everything here is empty.
The OpenVpn works so this is just a minor problem for me but I thought I should mentioning it.
Otherwise: Great work.
Strange, here on r7000 openvpn status broke until last build but fixed in this. Maybe the fix is model-dependent...
That comes from a third party openssl lib, guess in the future I have to prevent usage of any third party apps, that are not part of my package repo.
Not sure how many times I told you guys, that entware etc. is not compatible and creates all sort of issues.
No need to go to that extreme it was my fault, as I modify PATH to put my /opt before /.
I completely deleted my entware-ng install, and re-ran your bootstrap.
Re-ran: ddup --flash-latest
No errors, completed successfully.
I had modified PATH to point to /opt before /, as I was trying to build a new version of samba directly on the router, which as you say, since entware-nt isn't really compatible it wouldn't work anyway.
Can you opensource your opkg repo?
If it already is, what's the svn/git repo url?
I'm trying to learn how this all works. If I use the correct DDWRT toolchain, can I build software for my router that I can deploy to /opt?
If so, might I make one request/suggestion; would you mind modifying the "Supported Models" file, where you host your firmware bins, and add the name of the DDWRT toolchain that you use to build each router firmware with?
I'm using Entware-ng as well and had no such error. Are you fully up to date?
I had modified my path to put /opt before /, as I was trying to build some new packages directly on the router, but as Kong noted, the entware build tools (gcc, binutils, etc) don't actually generate binaries that will run on the router. I wiped entware, re-ran bootstrap, and rebooted the router to reset path, and all was well.
Router: 3x R7000
Firmware: 31870M -> 32170M
Kernel: Linux Linux 4.4.61 #300 SMP -> Linux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Status: All 3 Working & Monitoring
Reset: Erase NVRAM & Manual Configure
Errors: None so far
UpTime: +3H
#1 R7000 (WAN + OpenVPN Client#1)
- IPv4 Only
- USB Custom Startup Script for Route Tables, OpenVPN Client & Cron Scripts
- GUI Firewall & Startup Scripts
- WiFi Disabled
- SPI with non-filtered Multicast
- WAN port -> Cable Modem
- DNSCrpyt with Cisco OpenDNS
- NTP with Static IP
- Cron Job - Monitor WAN & OpenVPN Connections
- QoS HFSC/FQ_CODEL
- DDNS Custom with DNSoMatic
- 6 BRs, 8 VLANS & 6 Assignments
- SSH (WAN Access), Telnet & Syslog
- WAN Traffic Disabled
- USB Storage with Auto Mount
- YaMON 3.1
#2 R7000 (WiFi + OpenVPN Client#2)
- IPv4 Only
- USB Custom Startup Script for OpenVPN Client
- GUI Firewall Script
- 2.4Ghz Radio with 3 SSIDs (BW 40Mhz)
- 5Ghz Radio with 2 SSIDs (BW 80Mhz)
- SPI with non-filtered Multicast
- WAN Port (static IP) Assignment to vlan8 -> Vlan Switch
- DNSSEC via GUI
- NTP with Static IP
- Cron Job - Monitor OpenVPN Connection
- 5 BRs, 7 VLANS & 11 Assignments
- SSH (local only), Telnet & Syslog
- WAN Traffic Disabled
- USB Storage with Auto Mount
#3 R7000 (HE IPv6)
- IPv6 Only (with Limited IPv4)
- 6in4 Static Tunnel with HE
- IPv6 via DNSMasq
- GUI Firewall & Startup Scripts
- WiFi Disabled
- SPI with non-filtered Multicast
- WAN Port -> #1 R7000 LAN Port
- DNSCrypt with Cisco OpenDNS IPv6
- 4 BRs, 4 VLANS & 4 Assignments
- SSH (local only), Telnet & Syslog
- WAN Traffic Disabled
UPDATE....
Quickly Rolled Back to my last working configuration with Build 31870M, No Time to troubleshoot....
Quick-up update: I was having intermittent Internet connect issues which became a big problem at home. I know that OpenVPN video streaming would cause pausing (not buffering) every couple of minutes. Also problems with DNSCypt which caused sites to be down. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Router: Netgear R8000
Firmware: DD-WRT v3.0-r32170M kongac (06/03/17)
Previous: DD-WRT v3.0-r31980M kongac (05/11/17)
Kernel: Linux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Status: Flash was successful, everything looks good so far. Will update if any problems.
Reset: No reset done.
Errors: No errors.
I have a custom boot script for mounting jffs, as well as a cron job for custom ddns, static leases, DNSMasq with encryption on. All seem to be working just as before as can be seen in the logs:
Code:
Jun 6 23:37:43 R8000 user.info : + DNS Security Extensions are supported
Jun 6 23:37:46 R8000 user.info : + Provider supposedly doesn't keep logs
Jun 6 23:37:46 R8000 daemon.notice dnscrypt-proxy[1961]: Starting dnscrypt-proxy 1.9.5
Jun 6 23:37:46 R8000 daemon.info dnscrypt-proxy[1961]: Generating a new session key pair
Jun 6 23:37:46 R8000 daemon.info dnscrypt-proxy[1961]: Done
Jun 6 23:37:46 R8000 daemon.info dnscrypt-proxy[1961]: Server certificate with serial #149679xxxx received
Jun 6 23:37:46 R8000 daemon.info dnscrypt-proxy[1961]: This certificate is valid
Jun 6 23:37:46 R8000 daemon.info dnscrypt-proxy[1961]: Chosen certificate #149679xxxx is valid from [2017-06-07] to [2017-06-08]
Router: Netgear R7000
Firmware: DD-WRT v3.0-r32170M kongac (06/03/17)
Kernel: Linux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Status: Flashed using ddup
Reset: No reset done. Power cycled after flash
Errors: *
* I am just reporting my observation for my setup. I have a very basic setup. I have been using DD-WRT for years dating back to my ASUS asus wl 500gp v2. This is the first firmware that has hard locked my router more than once. When I wake up in the morning, all my wifi switches are RED meaning disconnected. When I look at the router, one of the LAN ports just keeps flashing even if there is no network activity. None of my devices wired or not can connect to the internet. I have to power cycle to get everything back up. It has happened for the past 3 days but always when I wake up in the morning. I did not erase NVRAM because I upgraded from Kong's last build and was running that with no issues whatsoever.
Router NameDD-WRT
Router ModelNetgear R6250
Firmware Version DD-WRT v3.0-r32170M kongac (06/03/17)
Kernel VersionLinux 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l
Reset: No reset done.
Errors: No errors.
Router: DIR-890L
Firmware: DD-WRT v3.0-r32170 std (06/01/17
Previous: A lot of them ...
Kernel: Linux 4.4.70 #1490 SMP Thu Jun 1 07:36:48 CEST 2017 armv7l
Status: Up
Reset: Yes
Errors: 'Apply' button when making configuration changes overwrites wl0_hwaddr with the wl1_hwaddr value
Looking at your build date, I believe you are running the BS 32170, not Kong's 32170M.
My 890L works fine.
Linux DD-WRT 4.4.70 #332 SMP Sat Jun 3 11:22:27 CEST 2017 armv7l DD-WRT _________________
Netgear R7800 kongpro 19.07 20190919 || Netgear R7000 36070M kongac (Client Bridge=5GHz, AP=2.4GHz with bridged VAP)
Linksys WRT32X davidc502 OpenWrt || Linksys WRT1200ACv1 Gargoyle 1.11.x
Linksys WRT1900ACSv2 dd-wrt 39956
What is currently the best Netgear Nighthawk series router you recommend to use your builds?
I am moving soon and will need to purchase a router to cover about 1800 square feet.
I have used the R7000 at my current town home, but it seems to have a few low signal areas.