Padavan's Custom Firmware

[Serious Seb]

Hi everyone,

first i want to thank the developer(s) for this amazing work !

now to the problem i have, ive set up a openvpn client on ac51u and it works like a charm, but when i turn the router off and later back on i allways have to reenter the certificate to reconnect to vpn service. I dont know what to do, if theres a way to upload the certificate as a file maybe this could work ?!

greetings Seb

 

[ryzhov_al]

Another question: what happens when I activate "Enable Energy Saving Green AP"?

This is just energy saving trick: just one antenna is transmitting if no client are connected.

now to the problem i have, ive set up a openvpn client on ac51u and it works like a charm, but when i turn the router off and later back on i allways have to reenter the certificate to reconnect to vpn service. I dont know what to do, if theres a way to upload the certificate as a file maybe this could work ?!

Reboot router from WebUI or save storage partition manually at Administration > Settings > Router Internal Storage (/etc/storage) > Save.

 

[Mr. Tao]

I have RT-N56U A1 running 3.4.3.9-099_d8caca7 and I would like to install IKEv2 VPN server.

After installing necessary strongSwan packages I’ve realized that the kernel was compiled without features needed by IPsec.

After spending some quality time reading iXBT forum I found out that there are people who managed to run IPsec on B1 and also that there is a patch with strongSwan support for RT-N56U.

Therefore I would like to ask you if there is an image with IPsec support available anywhere or if I need to go through the path of building one myself.

TIA

 

[ryzhov_al]

There's no any IPsec-enabled images, so you have to compile it from sources.
Also, you may include strongswan to firmware using this branch of my fork.

 

[Serious Seb]

What would be the script when i want to connect/disconnect VPN Client with the WPS button ?

 

[Serious Seb]

On rt-n56u B1 padavan is there support for crypto engine, and if there is does it only apply to ipsec esp or ssl/tls too.

 

[ryzhov_al]

As for MT7621A, there is hardware crypto engine EIP93 with closed sourced driver, so it will never be there for free. This engine can accelerate md5/sha1/sha256/null hashes and/or des/3des/aes ciphers with most popular ciphers lengths. Mediatek says we could reach 400mbps with it. Some "real life" tests shows ~270mbps on one TCP stream.

Most of users wants to use EIP93 for OpenVPN acceleration, I presume. And there is a catch: OpenVPN operates with quite small packets (tens of bytes), so crypto acceleration benefits gets washed out because of bunch of context switch between CPU and crypto. Every packet should be pushed to crypto engine and pulled from it which cause great overhead. ZyXEL (where @Padavan works now) tests shows just +20% benefit for OpenVPN with crypto engine turned on.

 

[Serious Seb]

i was hoping for this to be more Imrovement. So this means on Zyxel its not closed source ?

My Problem is i have a ac51u which ist too slow for my connection (50/10Mbit), cpu peaks at 98% with just 15Mbit transfer rate with AES256. I was hoping that n56u B1 with crypto engine is fast enough for 50mbit rate.

 

[gingerbeardman]

WikiDevi says N56U-B1 possibly has one USB 2.0 and one USB3.0 - is this true?

If so, which is which?

I do not have any USB 3.0 device to test but I will buy one if this is true.

https://wikidevi.com/wiki/ASUS_RT-N56U_B1

USB: 2x 2.0 (1x USB 3.0 ??)

 

[gingerbeardman]

Maybe the PCB supports USB3 but the ports are only wired for USB2?

Further info about N56U-B1 maybe having USB3:

T: Bus=02 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=5000 MxCh= 1
B: Alloc= 0/800 us ( 0%), #Int= 0, #Iso= 0
D: Ver= 3.00 Cls=09(hub ) Sub=00 Prot=03 MxPS= 9 #Cfgs= 1
P: Vendor=1d6b ProdID=0003 Rev= 3.04
S: Manufacturer=Linux 3.4.110 xhci-hcd
S: Product=xHCI Host Controller
S: SerialNumber=xhci-hcd
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr= 0mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub ) Sub=00 Prot=00 Driver=hub
E: Ad=81(I) Atr=03(Int.) MxPS= 4 Ivl=256ms

T: Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=480 MxCh= 2
B: Alloc= 0/800 us ( 0%), #Int= 0, #Iso= 0
D: Ver= 2.00 Cls=09(hub ) Sub=00 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=1d6b ProdID=0002 Rev= 3.04
S: Manufacturer=Linux 3.4.110 xhci-hcd
S: Product=xHCI Host Controller
S: SerialNumber=xhci-hcd
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr= 0mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub ) Sub=00 Prot=00 Driver=hub
E: Ad=81(I) Atr=03(Int.) MxPS= 4 Ivl=256ms

 

[CaesarI]

IPV6 fix.
So to get IPV6 to work with Comcast (it stopped working for me after some time):
1. Disable hardware NAT acceleration.
2. disable IPV6
3. enable IPV6
4. wait to get IPV6 address.
5. re-enable hardware NAT acceleration.

I presume this will need to be repeated whenever the IPV6 WAN address is lost. From the posts on BitBucket recently it appears to be an IP6Tables problem.

-Morgan

 

[Serious Seb]

is there any way to get a "kill switch" for vpn connection running with padavan ? I tried iptables -I FORWARD ! -o tun0 -j DROP in console and in script section and in Openvpn Client "run after connect/disconnect " script, but it isnt working.

greetings Seb

 

[kristlu]

Hi folks, I realize this might be a beginner's question and probably some rookie mistake by me, but I have not been able to find a solution elsewhere, so I'm out of options where to look for it.

I have installed the firmware on my secondary router, an RT-N56U and set up VPN client using HMA!. This worked until today, when it just stopped working for some reason. This made me question the different options I have used, since I haven't been able to find a how-to/tutorial for this combination.

When I try to apply the VPN settings, my log shows the following:
Feb 13 22:22:40 xl2tpd[634]: Connecting to host x.x.x.x, port 1701
Feb 13 22:23:11 xl2tpd[634]: Maximum retries exceeded for tunnel 37232. Closing.
Feb 13 22:23:11 xl2tpd[634]: Connection 0 closed to x.x.x.x, port 1701 (Timeout)

Does anybody know how this should be setup correctly? I am using the defaults on pretty much every option, as viewed on the following pictures. Notable changes from default:
- WAN DNS set to not get server address automatically
- set 8.8.8.8 / 8.8.4.4 / 208.67.222.222 as the DNS servers

VPN Client: http://i.imgur.com/6WqEb79.png (I have of course provided server, user and pass as well, just removed it for the sake of screenshot)
WAN: http://i.imgur.com/WbG9NJu.png

Are there other settings in this firmware that might be a cause of me not being able to connect to VPN? Appreciate any help or tips, I am slowly descending into madness.

 

[bmn1]

Hi!
I'm using Padavan firmware on my RT-N56U and it is has been a great experience.
I have only two minor problems/questions:

- By default, it seems that all my USB drives are being shared on Network Neighborhood (Samba). Is it possible to use the WebUI to disable sharing of some files/folders? (I looked for it, but it seems that relevant options are greyed out... It is required to enable accounts for shared content?)

- Some hidden (dot) files are auto generated at the root of all mounted USB drives (".___var.txt", ".__admin_var.txt", ".__folder_list.txt", etc.). Is there any way to disable the creation of these files? What is their purpose? (Looking at the source code, it seems they are created by libdisk, but I have no clue about anything else...)

Thanks!

 

[fernando56]

I am able to successfully route specific ports through VPN configured on my router but as I have transmission & aria2 installed on my router, the downloads go through the VPN. Is it possible to make transmission download using my ISP instead of VPN

Edit: Solved by using "route-noexec" in openvpn extended configuration
Created a new routing table with vpn as gateway
Added iptables rules to forward only specific ports/ipaddress through this table.

 

[cstamas]

Hi and many thanks for great FW!

I'd like to ask for an advice/help how to tune this FW for best performance w/ RT-N56UB1. And sorry for lengthy description, just wanted to share all the details.

Situation: in my kid's school, there were some old netbooks (Acer Aspire One D257 w/ Atom N455) that were lying unused, as Win7 installed on them made them screech and cry, and were literally unusable. Luckily, the teachers were agile, and with my help we installed Xubuntu 16.04 LTS on all of them. They work great now, are usable, and the whole class has laptops now (22 pupils). There are also two Android tablets and one "teacher" laptop, all of them are wireless clients (I believe all of them are 2.4G), so it's around 25 devices, just to get a rough number.

School has great wired internet access, I measured 120 Mbit/s with speedtest.net.

For wireless, I donated to class one ASUS RT-N56UB1. Initially, I left "factory" firmware on it, and it was a mistake: The "factory" firmware failed: w/ defaults (just WPA2-Personal auth was set on wireless), network was collapsing when ASUS UI showed around ~20 clients. My MacBook was also failing to hold connection, wireless icon went away and returned on it, ASUS WEB UI was unresponsive, even via cable connection to router.

Since I have at home two RT-N56U (A1) with Padavan FW, I installed yesterday Padavan FW on donated RT-N56U (B1) router and the first day with it went well. True, only half of the student laptops were used today (group work), but wireless was stable. I plan to gather device logs after a week of use, to look for any peculiarities.

After installing Padavan FW I opted for "Factory Default/Reset" and "/etc/storage Reset", and applied SSID change and WPA2-Personal auth only, so all the settings beside SSID and auth are on default. Is there any wiki or info how to tune settings for this or similar scenario? Is "tuning" needed at all?

My goal is NOT transfer rate, but to have stable wireless for those 25 (relatively slow) clients, as kids would go to some educational site, read wikipedia, etc, they are NOT playing youtube videos on all of the 25 netbooks simultaneously nor use any P2P apps

So, I have a few questions regarding "tuning" and in general:

1. is my expectation to have one RT-N56U(B1) to serve ~25 clients in a (typical) classroom correct? Did not found any definitive answer what the max clients are under these circumstances for "home appliance" routers...
2. Any specific parameter? For example I spotted that ASUS firmware used "long" preamble, while this FW uses "short". For my case, as I googled, the latter is better I guess?
3. "Fragmentation Threshold", "RTS Threshold", "Beacon Interval" etc all looks somehow related to my goals, but unsure should I even touch them.
4. Any other advice?

Thanks in advance
~t~

 

[ryzhov_al]

Is there any wiki or info how to tune settings for this or similar scenario? Is "tuning" needed at all?

Wireless > Professional settings doesn't include any firmware-specific settings, so we leave it outside of project Wiki.

Not sure those settings need to be changed if all goes fine. As for me, I'm using old RT-N14U with 20+ wireless clients on some local office. No issues so far.

So, I have a few questions regarding "tuning" and in general:

1. is my expectation to have one RT-N56U(B1) to serve ~25 clients in a (typical) classroom correct? Did not found any definitive answer what the max clients are under these circumstances for "home appliance" routers...
2. Any specific parameter? For example I spotted that ASUS firmware used "long" preamble, while this FW uses "short". For my case, as I googled, the latter is better I guess?
3. "Fragmentation Threshold", "RTS Threshold", "Beacon Interval" etc all looks somehow related to my goals, but unsure should I even touch them.
4. Any other advice?

1. Depends on your needs. Mailing or web surfing looks fine for such number of clients. AFAIK, "home appliance/SOHO" is defined just by common sense. We have to keep in mind that Wi-Fi stays (in 99% cases) half-duplex connection, where transmission available for one client at time and to one direction at time only. So, while ~25 classmates shares access point fair, there's no any performance impact for class work. But if there's a "black cheep" with active torrents... other guys may suffer from it. Business (or top home) solutions may offer MU MIMO and/or traffic shaping for clients which is lack on RT-N56U, but still we can something to do On Padavan's firmware you can limit Wi-Fi speed on Guest Wi-Fi network by "Fixed TX Rate Link Mode:" option, just make sure chosen modulation is compatible for clients (see Wireless Info for details).
2. AFAIK, long preamble works for any legacy 802.11bg clients while short preamble brings more performance for 802.11n clients because access point doesn't fall to 1(2)MBps speed for that. I see you set WPA2 settings which means your clients is not too old for 802.11n.
   
3. In my opinion, we must follow the old engineer's "Not broken? Don't fix it!" rule. Leave default settings in "Professional" page while there's no any problems.
4. Sure RT-N56U B1 is preferable for class room. As for logs, you may gather them on some remote machine. It's really easy to set up any Debian/Ubuntu based server and set its IP as "Remote log server" on Administration > System page.

 

[cstamas]

Hi there,

first, thanks for prompt reply!

Just as I hoped, am leaving it as is for now then. Am still waiting for a confirmation from teachers (but they are not "tech" folks, this is grade school 3rd grade, so kids are not so techie either) does it "work" or "not work".

Those netbooks are old (2010 or so) but they do have 802.11b/g/n wireless support, so it seems fine.

Re logs, there is no way to put a server in there, I meant just "download" the logs from router (is it just "rolling" them I guess) as usually, when the laptop classes are held, am not present in classroom Meaning, if there is something that Padavan FW screams about, it should be in log I believe.

Btw, factory FW was full of strange entries:
https://gist.github.com/cstamas/db42b9c333d0edd0172555a0abb27653

 

[Terry Inge]

A bit of topic but any ideas on whether Asus is retiring N56U and if so, what would be its replacement? I recommended the router to some friends looking for an upgrade but lo and behold, it's out of stock in most shops (Eastern Europe) we looked at. Is there another version in the works, some type of upgrade that folks are aware about?
As a rant, I wish the Zyxel would make the Keenetic line international and restrict it only to RU.

 

[markanini]

How do I properly carry out this type of script?

ifconfig `nvram get wan_ifname`:0 196.168.1.2 netmask 255.255.255.0

iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE

Reference: https://www.dd-wrt.com/wiki/index.php/Access_To_Modem_Configuration