
OpenWrt 19.07 - zdw
https://openwrt.org/releases/19.07/notes-19.07.0
======
IntelMiner
How hard is it to get devices included into OpenWRT's Table of Hardware, or
official releases?

I have an End-Of-Life'd SG-1000 from PFsense developer NetGate
[https://www.netgate.com/solutions/pfsense/sg-1000.html](https://www.netgate.com/solutions/pfsense/sg-1000.html)

The thing no longer gets updates as of October 2019 and was never particularly
well supported, but feels like an absolutely perfect OpenWRT target

I've poked at it on and off with regard to getting Linux running, as it seems
to be heavily based off a standard, old Ti SoC "evaluation board" and it
/mostly/ works

The problem I've run into though with the upstream kernel is the ethernet
NIC's appear to be linked. If you unplug either interface, they both stop
responding until they are both reconnected to active devices. I'm not well-
versed enough with ARM DeviceTree to figure out what the issue is, nor do I
want to buy the Ti hardware SDK to test it with

The old 4.4.3-yocto files Netgate sent me do appear to work with it, and the
DeviceTree even works up to 4.19-LTS with minimal modification
[https://intelminer.com/pflin.zip](https://intelminer.com/pflin.zip)

~~~
softblush
Maybe it would be easier to get help when you ask this on the OpenWRT mailing
list or IRC [https://openwrt.org/contact](https://openwrt.org/contact)

~~~
moomin
It might be, but most people’s experience of mailing lists involves them
getting their head blown off for daring to ask a question without three year’s
solid experience in the area.

(I have no idea if OpenWRT in particular is like this, but there’s enough out
there that people don’t make them their first port of call.)

~~~
HarryHirsch
OpenWRT has communication problems. Sometime ago I tried to report a bug in
the build system. It took them about two weeks to recognize that there's
indeed a problem and went over like this:

/me: Bug in the build system. This is how to reproduce.

/they: Bug in Linux kernel. Not our problem.

/they: Bug is closed, upstream issue.

/me: No, toolchain bug. Here is proof.

/they: need logs

/me: here's logs

/me: here's a clumsy fix

/they: that's so stupid

/they: and your linux installation is broken

/me: no it's not, see here, working as intended

/they: you don't understand cross-compiling

/me: look here, you are setting up the cross-compilation all wrong

/they: kernel bug, fixed upstream

/me: not that again

/me: here's build logs, cross-compilation issue

/they: you are stupid, your linux installation is broken

/me: linux installation is just fine, but you are relying on a debian-ism

/me: here's patch

/they: ok, send to mailing list for review

/they: IRC says patch stupid

/they: we've merged our patch

They really need to work on being not hostile and clannish. Never had any
issue on other mailing lists, and those weren't the Kumbaya-required kind with
a code of conduct.

~~~
milankragujevic
I mirror your experience. People are hostile and always interpret in the worst
possible way. It is very difficult to defuse a situation, it's like walking on
eggshells while blindfolded with a heavy backpack. I don't like their
community at all.

~~~
HarryHirsch
The persistent unwillingness to engage and the inclination to dismiss was
remarkable. Rachelbythebay had something somewhere about patches kept private
and not submitted because no one wants to put up with an unreasonable or
arrogant maintainer. All her observations apply here. Who would put up with
the concentrated obnoxiousness?

------
slau
Please note that the popular TP-Link Archer C7 v2 is affected by a bug or two
which drops 5Ghz WiFi performance significantly. Some people are reporting the
link quality is so bad even SSH is unusable.

As always, back up your config, and make a note of your working firmware
before upgrading. I’m going to sit this one out for a bit :).

~~~
dzhiurgis
My short story with router above:

> Get one for my parents, flash it with OpenWRT - 200mbps down - not crazy but
> enough for them

> One year later, update with an "optimized" version - 600mbps down - amazed

> One year later, update with latest - down to 200mbps and can't find the
> build I've used previously!

~~~
klingonopera
Always, always, always save those ROMs. Same for BIOS/UEFI updates for your
mobos.

You won't regret it.

~~~
klingonopera
...and also your phone ROMs, if you flash them. And drivers. And everything
else you need to operate your devices.

I have a Moto G2 a.k.a. "Titan" (2014), flashed it to LineageOS, bricked it
three years ago, got another phone, recently checked it out again, and
couldn't download LineageOS for it anymore.

Luckily, MicroG still had a ROM for it, and now it works fine, but I'd've
preferred the pure LOS version, as it runs Android 7, on which Google Play
Services is not an absolute necessity (with Android 8, you need it to get push
notifications).

I believe I can still get the source code for it and compile it myself, but
I've never done that for an Android ROM before, and I'm not particularly keen
on trying that out now.

My point being: Your devices could, in theory, live forever, but the files for
it (ROMs and drivers) may not always be available, and knowing the internet,
won't.

In my field (industrial IT), it's not uncommon to still have PCs running on
Intel Core2 systems, but more and more vendors are dropping the product pages
and driver files for them. Pentium 4s are also still being used, but good luck
finding drivers for them.

------
daneel_w
Interesting bug observed in 19.07 by users of some routers: the unit will
perpetually boot into failsafe mode despite not being triggered to do so.
Recompiling with the failsafe module removed from the build solves the
problem, but exposes what is possibly the root cause - configuration changes
remain only as long as the router is powered on despite being saved, nothing
persists through a reboot of the router, and the unit will always start up
with the default config.

I had to test it on my (deprecated) Netgear EX2700 and could confirm the exact
same problem. Other than the lack of configuration persistence, 19.07 performs
just great and I was pleased with many of the new features and changes.
Unfortunately I'll have to stick with 18.06.6 as I have power outtages every
now and then.

~~~
sam42
Sounds like this known issue, mentioned in the release notes:

 _Images for some device became too big to support a persistent overlay,
causing such models to lose configuration after a reboot. If you experience
this problem, please report the affected device in the forum and consider
downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller
custom image._

------
josteink
OpenWRT is great.

This release brings all devices up to the same (mostly) unpatched Linux
kernel, 4.14.

For the popular Tp-link Archer C7 routers (and family?) you finally get soft
off-loading with the new ath79 device-tree, meaning the device can now handle
routing 600mbps+ where it before would only route 350mbps+. That’s massive!

The new client-side GUI is noticeably snappier on slow routers.

I’ve already upgraded all the 5 units I have in my home network, and I’m
feeling it. I’ve kept settings despite recommendations against doing so, and
I’ve had zero problems. Super-smooth!

Props to the team and everyone involved. Despite their modesty this was quite
a release!

~~~
mikepurvis
I have an old C7v2 to that was the basis of my household's network until I
upgraded to an EdgeRouter + Unifi APs.

The C7 was fine for a while but in the end got extremely unreliable, even in
partial roles as only a router (with wifi disabled) and then later as only a
an AP (with the DHCP server disabled). Currently it's unplugged because any
time it was turned on, devices would roam to it and get stuck there with no
connectivity.

I should try upgrading it to the latest OpenWRT and see if things are any
better.

------
rshnotsecure
How does everyone feel about the security of OpenWRT? vs Tomato?

What about say configuring my own OpenBSD server to act as a router? I am out
of my intellectual depth here but I feel like that would be more secure than
Linux in general if we are going for max security.

As governments and private equity groups continue to buy out whatever hosting
provider, VPN, Registrar, etc they can find...I feel like Open Source is a
pretty soft target in the grand scheme of things. I am trying to become
somewhat ruthless in analyzing my dependencies when it comes to software.

NOTE: another commenter mentioned a TP-Link product. Those devices are
absolutely insecure to the core of their firmware for the time being. 7 days
ago I discovered their completely open _production_ Elasticsearch API server
for their entire camera and IOT platform in the United States. It has now been
remediated but that event puts under suspicion anything else the company deals
with via the TP-Link brand out of Shenzhen.

~~~
chousuke
I can recommend building your own OpenBSD router. Installing OpenBSD is easy,
and once you have it installed the base system contains everything you need to
set up a router along with _excellent_ documentation for everything. OpenBSD
people also take security seriously, so if you stick with the base system,
you'll be fine. That said, you'd be fine on Linux too, depending on the
distribution; it's not like Linux-based systems are somehow fundamentally
insecure.

I really can't stress enough how good the documentation is; in the Linux world
I'm used to googling and wikis and whatnot because most man pages for the
components of a distro are either nonexistent or incomplete, but with OpenBSD,
you'll do fine with just man and apropos. It's considered a bug if the
documentation is missing something.

OpenBSD is a fantastic OS for learning about all kinds of UNIX and networking
stuff if you're not opposed to spending some time reading good quality
documentation.

~~~
ac29
Any recommendations for hardware to run an OpenBSD router on? Support for ARM
and MIPS devices seems pretty limited, leaving x86 stuff like Protectli or PC-
Engines (which are both pretty expensive for what you get).

~~~
__turbobrew__
PCEngines is the way to go from what I have seen.

I installed OpenBSD on an APU2C4 and it has been rock solid for the last year
and a bit.

In terms of cost you will be hard pressed to find a x86 SOC with 4 I tel NICs
and a serial port at a cheaper price.

~~~
ac29
I'd imagine its plenty enough for a home internet router, but it stings a bit
to pay ~$150 for a system with a 2013 CPU (and a very low end one, at that).

~~~
kjs3
OpenBSD will run fine in this role on sub-US$50 refurb Core 2 PC or a sub-$100
Atom box if power is an issue. Even a P2/P3 can keep up with anything but the
highest end broadband.

------
nolok
While we're on an OpenWrt thread: what's the best way if any to get a view of
"who's using the bandwidth right now" on it ?

Not the process, not the remote host, not the monthly agreggate, but which
connected device wifi or lan is using what, total or by host.

(use case; figuring out whose phone/laptop/tablet/tv/whatever is suddenly
eating all the bandwidth in my home from time to time)

I'm using 18.06.05. A nice view in LuCI would be perfect but something that
need to ssh is fine too.

~~~
flas9sd
On openwrt I like small utils. As ssh is fine: having a look adhoc who is a
bandwith hog, I check with iftop and press "t" to cycle to one-line-sent view
and "s" to aggregate to the receiver see [https://openwrt.org/docs/guide-
user/services/network_monitor...](https://openwrt.org/docs/guide-
user/services/network_monitoring/bwmon#using_iftop) \- there's no key yet to
toggle per item total amount, but this can be had by using "show-totals" in an
.iftoprc file:

    
    
        line-display: one-line-sent
        hide-source: yes
        dns-resolution: yes
        show-totals: yes
        show-bars: yes
        use-bytes: yes
        sort: 10s
    

downside is: iftop as far as I know can't filter multiple interfaces, so you'd
need to check them separately with -i eth0 / -i wlan0. If you're mainly
concerned about latency, give the package "sqm-scripts" a try. You're
sacrificing a bit of bandwith for active queue management. So a VoIP session
is not affected by a download.

~~~
nolok
Thanks, that seems to be exactly what I wish !

Already using sqm (and I love it) but it's for use cases like when a laptop
that hasn't been used in a while is started by someone to charge before
watching a movie and steam/dropbox/windows on said laptop start hogging
everything. In a residential area where we're still depending on ~10 Mbps
adsl, identifying the device can be a need.

> downside is: iftop as far as I know can't filter multiple interfaces, so
> you'd need to check them separately with -i eth0 / -i wlan0.

Since I care only about lan <=> wan, doesn't that mean I just need to check on
wan ? And all clients would be there, no matter if they're connected to the
router through lan or by wifi ?

------
GiorgioG
I’ve been disappointed with every consumer grade router out there. Countless
bugs from annoying hiccups to a daily reboot. I feel like I’ve replaced my
router every couple of years, never spending less than $150, up to $250.

Finally I splurged for a UniFi Dream Machine a couple of months ago and I
could not be happier.

Nothing against the OpenWrt folks of course, but the reason these projects
exist is the router vendors just suck. I won’t give them any more of my $
(Linksys, Netgear, ASUS in my case.)

~~~
jotm
They should just all adopt OpenWRT (with their custom UI) and invest in it.
Like Android for smartphones.

All router firmware is terrible in some ways, and has been for decades -_-

~~~
zantana
That was my thinking with going with MerlinWRT. I splurged and got an Asus
ax88u, then spent two weeks trying to get it to work before returning it. I do
think part of the issue is WiFi technology is diverse enough that the latest
and greatest are optimized around 5Ghz and newer specs whereas a lot of IOT
(which I use) is still old school 2.4. Anyway I tried OpenWRT for a while but
went back to DD-WRT on an Archer C9 which has been just about perfect for my
usage.

------
eddyg
It’s worth noting that OpenWRT doesn’t just run on “embedded”/“dedicated” OEM
router hardware: it works _great_ on any x86-based system (often sold as
“pfSense” boxes, etc.) as well and offers a lot of great functionality.

~~~
Dunedan
pfSense is a completely different product and not related to OpenWrt at all.
It even isn't based on Linux, but on FreeBSD.

~~~
auxym
I assume GP is aware of that, and from what I understand, he is pointing out
that OpenWRT also happens to run great on various x86 hardware/SBCs sold as
"pfsense boxes".

------
est31
Got WPA3 working with it, yaay!
[https://gist.github.com/est31/d92d17acbb4ea152296f9b38764cd7...](https://gist.github.com/est31/d92d17acbb4ea152296f9b38764cd791#gistcomment-3134561)

~~~
flas9sd
to encourage others.. wpa3 for me was install of one package (opkg install
--force-overwrite hostapd-openssl) and changing one config line (encryption =
'sae'). Client had no issue connecting (wpa_supplicant 2.9 on ubuntu 19.10,
though only nmcli shows the connection as wpa3). The various dragonblood
attacks are mitigated in current hostapd if I'm not mistaken.

~~~
est31
If you only have WPA3-capable devices on your network, setting encryption=sae
is fine. I have to support WPA3 incapable devices and thus need to use the
sae-mixed option (also the wpa_supplicant patch I use requires wpa2-psk
support).

------
manuelmagic
There was a time when I had the free time to install dd-wrt on a brand "new"
Linksys WRT54G and fiddle with tons of features but today I'm completely
satisfied by my FRITZ!Box(1) that requires near zero active maintenance. I
don't get thousand of features, but all the ones I need at home.

I'm honestly curious: why do you guys use OpenWRT, dd-wrt, tomato etc.? Re-
using old hardware? Flashing bugged cheap routers that work bad with official
firmware (that's never going to be fixed probably)? Need a specific feature
not normally available on home net devices? Just enthusiast about the project
or simply enjoying the hacking?

(1) I spent a few euros more on it than the typical home network appliances
but I gained them back in quality, reliability, active support and
development: no crappy hardware, no bugged software and zero issue with my 15+
WiFi devices in my house in a year.

~~~
nickysielicki
I updated my router to this release today. Then I setup:

1\. DNS over HTTPS to cloudflare so that my DNS doesn't leak.

2\. Hurricane Electric's tunnelbroker, so that I can access the IPv6 web.

3\. Dynamic DNS so that I can address my home connection anywhere, even if my
IP changes.

4\. Wiregaurd so that I can access everything on my home network.

I tend to agree that most people should just buy Ubiquiti SOHO gear and be
done with it, but at least for me, this is cheaper and a bit more fun.

~~~
Trias11
For #3 I use ZeroTier (but this of course won't let me access fridge of coffee
machine remotely because i can't install ZT on them :) )

but anything else goes, especially #4 WireGuard.

------
amq
I'm running 19.07 since the first release candidate on Ubiquiti gear, no
issues so far, with uptimes of weeks.

~~~
ptsneves
As ubiquiti is the apple of routers and they do have very good routers and
software, what is the motivation for putting openwrt?

~~~
fignews
Run OpenWRT on some Edgerouter Xs in my house and for me it’s consistency of
the interface/configuration between all of my network devices and also full
control. Runs OpenWRT quite well.

~~~
tssva
I am considering doing the same. What kind of performance are you seeing
running OpenWRT? I know with EdgeOS performance is lackluster without using
the NAT offloading module.

------
ncmncm
Nothing is very clear, but I get the impression that:

\- targets labeled "ar71xx" can only use the old driver, and will probably not
be supported in future releases. Consider replacing such equipment.

\- targets labeled "ath79" have already been ported (or started out?) with the
new driver, and owners may ignore the whole topic.

\- targets labeled "ar71xx-to-ath79" have a commitment for support for the new
driver, so that all future releases should work with this hardware (even
though this latest release still uses the old driver).

Can somebody confirm whether this is an accurate understanding?

I have tp-link AC1750v5 routers, identified with the third bullet above. Can I
ignore this, or do I have to do something to switch it to the new driver?

~~~
jibiji
There is no driver change, only changes in the way the device is supported by
the kernel (mach files in ar71xx, Device Tree in ath79)

The "ar71xx-ath79" target is used in the wiki for devices that are supported
both in ar71xx and ath79, there should be 19.07.0 images for both.

In any case, use ath79 for new devices, and migrate from ar71xx to ath79 on
existing devices.

There is a guide here: [https://openwrt.org/docs/guide-
user/installation/ar71xx.to.a...](https://openwrt.org/docs/guide-
user/installation/ar71xx.to.ath79)

~~~
ncmncm
OK, so it appears that changing to the new "driver configuration" mainly
affects what names the devices have in /dev and /sys, which would make your
current router configuration not work, without some active translation, first.

So, when you install the new boot image, you choose which, and if you choose
the ath79 one, then when you restore the configuration, something runs to
translate it for the new names. Presumably, then, if everything seems to work,
you make a new backup with the new settings, and everybody can forget the old
names.

------
nemosaltat
I just installed this today and have been struggling with the WPA3 on my
Linksys all evening. I finally gave up for the evening, and opened HN, to find
these release notes at the top of the front page.

Some of my specific issues were addressed, if I had simply bothered to read
the release notes carefully. Instead, I found my update file, and updated.
When WPA3 didn’t show up, I poked around forums for workarounds and finally
found some answers that helped. Now my other clients couldn’t connect/stay
connected, even to the WPA2. These notes clearly mention this, as well as the
libup issue I solved via - -force-upgrading

~~~
mangix
Those linksys routers have a driver that has had its development killed by the
NXP buyout of Marvell.

------
h2odragon
Not that I've tried to make it do anything fancy, but I've been using it since
the -rc1 and it has been flawless for me. Just posted about it
[http://snafuhall.com/home-lan-2-openwrt-
router.html](http://snafuhall.com/home-lan-2-openwrt-router.html)

I really appreciate the effort the OpenWRT folks have put in to collecting
useful snippets of documentation for odd cases and uses. Sure it might could
be better organized but it's _there_ at least.

------
ncmncm
What is this about a LEDE / openwrt fork? Should I be looking at LEDE instead?

What about the FreeWRT fork? Is it alive / lively / up-to-date / running
ahead?

~~~
dddddaviddddd
LEDE merged back into OpenWRT
[https://en.m.wikipedia.org/wiki/OpenWrt#History](https://en.m.wikipedia.org/wiki/OpenWrt#History)

------
darkwater
Sooo... if I want to move my VPN (WireGuard) termination from my Raspbian to a
more dedicated device like a royter, what are the option at a reasonable price
(say, 100$ or €, as I am european) and reasonable power? Better if with
integrated wifi controller and antennae. And which distribution besides
OpenWRT? Thanks!

~~~
zymhan
You should start with the OpenWRT wiki.

~~~
darkwater
Had already a look at it but I asked here because I wanted some opinions from
the HN crowd. Nevermind...

