**** BEGIN LOGGING AT Thu Jul 05 03:00:02 2018 Jul 05 03:27:13 If I want to use my laptop as a router, do I need to add another wireless card to it? Jul 05 03:27:35 I need a travel router that will run 10Mbps wireguard at very least. Jul 05 03:27:57 I can't buy a random router and benchmark it. Jul 05 03:30:18 if you use the laptop's eth port as the uplink, and if its wifi card supports AP mode, then technically you do not need a second wireless card for your laptop to be a wifi router Jul 05 03:34:06 Thanks. Jul 05 03:34:20 I need to be able to do WISP though. Jul 05 03:34:33 So I need to buy a USB WNIC, right? Jul 05 03:34:46 Or tether some device to it? Jul 05 03:35:36 some cards will do AP+STA at the same time Jul 05 03:36:21 I would like to somehow run OpenWRT in a VM and dedicate a WLAN card to it. Jul 05 03:36:30 Because I can't do WG and similar on Windows. Jul 05 03:37:03 you can do that only if your bios supports it Jul 05 03:38:20 Maybe KVM could work to passthru a device to OpenWRT? Jul 05 03:38:36 you can do that only if your bios supports it Jul 05 03:39:08 I guess it's limited to high-end, server and enterprise stuff then. Jul 05 03:39:24 I need pcie passthru I guess. Jul 05 03:39:33 And good luck finding a laptop that can do that. Jul 05 03:39:34 it's mix&match Jul 05 03:44:22 So, I guess for a real travel router I will need a mini-ITX PC with WNICs to carry additionally to a laptop. Jul 05 03:44:47 Because I'm not sure if regular routers can do WISP. Jul 05 03:45:32 generally, they can, but they wouldn't have stellar vpn performance Jul 05 03:48:29 Most homes in first world countries have 100Mbps already I think. Jul 05 03:48:57 So if I rent an Airbnb I need at least 50Mbps (chacha20). Jul 05 03:49:20 100Mb/s is not that common in the usa, for one Jul 05 03:49:54 in australia it's nonexistent Jul 05 03:50:03 wow. Jul 05 03:51:22 it's not common in canada, either Jul 05 03:52:01 I live in Russia in a small town and I have 100Mbps lol. Jul 05 03:52:41 over PPTP? Jul 05 03:52:42 fast.com shows 60Mbps, and when Shadowsocks is on 80Mbps. Jul 05 03:52:47 no. PPPoE. Jul 05 03:52:53 dang Jul 05 03:53:02 Shadowsocks bypasses all this DPI crap lol. Jul 05 03:53:22 so it's faster. Jul 05 03:53:40 maybe wireguard would be faster because of kernel implementation. Jul 05 03:53:53 Russia currently doesn't try to DPI block VPNs. Jul 05 03:54:04 so Shadowsocks isn't strictly required. Jul 05 03:54:16 well that's pretty neat; pays to be prepared, right? :/ Jul 05 03:54:44 wireguard is so much faster than openvpn precisely because it's a kernel implementation Jul 05 03:54:56 i definitely get >10mbps just using openvpn on a travel router (gl-ar150) but haven't tested wireguard yet Jul 05 03:55:00 SS is fast because it's so SIMPLE. Jul 05 03:55:32 it doesn't have handshakes or control packets, it simply encrypts packets and that's all. Jul 05 03:55:42 WG may be fast because it's kernelspace. Jul 05 03:56:12 apparently, after the ban on Telegram, john mcafee tweeted "the russian government is bad at blocking things" Jul 05 03:56:43 actually they are good. It stopped working but at cost of most cloud providers being blocked. Jul 05 03:56:47 wow, had totally missed this crap: >>On 22 August 2015, "clowwindy" announced in a GitHub thread that they had been contacted by the police and could no longer maintain the project.[7] Jul 05 03:57:03 I'm lucky to have one of last unblocked IPs. Jul 05 03:57:11 actually, telegram still works just fine in russia to this day Jul 05 03:57:14 on DigitalOcean. Jul 05 03:57:20 Not the desktop client. Jul 05 03:57:53 Apparently something important is on this IP range since it's not blocked unlike the rest. Jul 05 03:58:26 139.59.211.0/8 Jul 05 03:59:17 most VPS are already blocked on creation on DO. Jul 05 03:59:30 because of IP ranges. Jul 05 04:00:21 Poor clowwindy, most likely killed by the Chinese government. No news from him anymore. Jul 05 04:00:40 No github activity even shadowsocks unrelated Jul 05 04:01:06 still forkable, though Jul 05 04:03:08 ShadowVPN is even better than SS, it was able to route any IP traffic, but there is no active fork of that. Jul 05 04:03:36 Wireguard really needs to add obfuscation based on SS one. Jul 05 04:04:33 I guess the only difficult part is obfuscating the handshake. Jul 05 04:04:54 it can be encrypted by a pre-shared key but packet lengths and timing still leak. Jul 05 04:08:54 Censor that doesn't care about collateral damage will always win, game theory wise, so that encourages censors to basically block everything. Jul 05 04:09:27 so probably look-like-nothing protocols like SS are not a correct strategy. Jul 05 04:10:19 whatever telegram's strategy is, it's apparently working Jul 05 04:10:24 And meek-like protocols can be blocked by mitming every connection. Jul 05 04:10:34 so yeah, censor always wins eventually. Jul 05 04:10:50 You either migrate out of censorious regime or dismantle it from inside. Jul 05 04:11:41 To dismantle it, you need the people to be on your side. Jul 05 04:11:56 For that they need access to uncensored information. Jul 05 04:12:09 So yeah, developing censorship bypass is always good. Jul 05 04:12:23 i'm quite aware Jul 05 04:12:28 but the only ways out are mass migration, revolution or mass suicide. Jul 05 04:12:33 neither are good. Jul 05 04:12:55 having been part of the previous mass migration, i know Jul 05 04:13:01 mass migration can be stopped by the government. Jul 05 04:13:14 BUT THEY CAN'T STOP PEOPLE FROM KILLING THEMSELVES LOL. Jul 05 04:13:43 I'm considering killing myself in a really fucked up way to attract attention and possibly cause copycats tbh. Jul 05 04:13:57 self-immolation in front of censor organization. Jul 05 04:14:01 basically. Jul 05 04:14:05 that didn't help matters back then, nor would it now Jul 05 04:14:18 and there was quite a bit of it Jul 05 04:14:22 I can't really persuade myself to not do that tbh. Jul 05 04:14:32 I understand it's wrong but I don't see another option. Jul 05 04:14:54 migrate myself and fuck other people maybe? Jul 05 04:15:04 that's selfish. Jul 05 04:15:33 I wanted to buy telegram t-shirt, some gasoline and a lighter lol. :-( Jul 05 04:15:52 sad af but true. Jul 05 04:16:37 and store them hidden in case I won't be able to keep on living. Jul 05 04:16:52 always can sacrifice myself for the good of others. Jul 05 04:17:19 or maybe just be more organized Jul 05 04:19:42 Am I morally bankrupt if I want people to become copycats and to burn themselves in front of censors' office too? Jul 05 04:20:42 you're frustrated Jul 05 04:20:58 and a bit self-absorbed Jul 05 04:21:46 but that is not how communism was defeated Jul 05 04:22:02 communism is alive and well, sadly. Jul 05 04:22:54 Israeli medics are good at treating mental issues like PTSD, which makes sense. I will try treating my mental state, if it fails, then I will send myself to Sovngarde I guess. Jul 05 04:25:47 yes communism is alive and well today, but in a past iteration, it was defeated, and there were lessons to be learned from it, for both sides Jul 05 04:26:24 https://systemspace.link/ Jul 05 04:26:41 I'm still reverse engineering all these cool effects they made on this website. Jul 05 04:27:09 I found out more about HTML5 than from a few months of reading on it. Jul 05 04:27:42 I found out reversing other people's programs is better than reading about programming. Jul 05 06:07:54 hello there Jul 05 06:18:10 good morning! Jul 05 06:23:39 I'm not sure if it's ok to ask beginner questions in here, I apologize in advance. I've currently set up my WZP-600DHP as a switch and now trying to run opkg update but it doesn't want to go my way. any ideas? current setup is isp pppoe router - switch - openwrt routerswitch Jul 05 07:29:25 Are you sure you have internet connection? Jul 05 08:49:02 quiet today! Jul 05 08:54:27 what do you guys think of wireguard? Jul 05 08:56:02 pheoxy: lots of people use it Jul 05 08:57:49 has the been any flaws noticed yet or does it seem to be okay? Jul 05 08:58:30 it's received a fair amount of attention and seems to be fairly solid Jul 05 09:00:19 thinking of using it over openvpn so that I can move my vpn server from my server because its annoying to remember to turn it on Jul 05 09:00:52 ive heard it uses less cpu wbecuase i'm worried about a bottleneck happening on high loads Jul 05 09:06:53 openvpn passes traffic up to userspace and back down Jul 05 09:06:58 wireguard does it all in the kernel Jul 05 09:07:51 ah Jul 05 09:08:21 is the wireguard packet structure compatible with ipsec? Jul 05 09:08:44 no, I'm fairly sure it's completely different Jul 05 10:01:02 pheoxy: I am very happy with wireguard. It is simple and fast but also a pain if it does not work. Jul 05 10:04:44 It does not realy have a log/debug log. But that is also the design, wireguard only replies to the "right" encrypted packets. Jul 05 10:42:58 * karlp smiles at seeing unicode explosions in the gitlog. Jul 05 10:44:57 which one ? Jul 05 10:46:48 https://github.com/openwrt/packages/commit/de9f3656c79565085edddc9da42fd7629aef5b74 Jul 05 10:47:33 oh heh :) Jul 05 10:53:21 nbd: how do nf-flow-table hw offload and XDP interact, if at all? Jul 05 11:10:04 i don't think they interact Jul 05 11:10:36 flow offload bypasses the normal network stack processing. XDP might be able to capture packets even earlier, not sure Jul 05 11:10:45 I haven't done anything with XDP yet Jul 05 11:13:06 XDP captures packets before they even get turned into SKBs Jul 05 11:13:21 can send them back out again the same NIC. Not sure if it can send them out *another* Jul 05 11:15:08 in those cases there is no interaction Jul 05 11:15:18 i was thinking more about soft XDP where the driver has no explicit XDP support Jul 05 11:26:14 choose to build lua-mysql. get all of postgres compiled as well, just so it can be ignored. awesome Jul 05 11:49:55 nbd: is there some overview over all the different offloading mechanisims supported by Linux like XDP, flow offloading, ..? Jul 05 12:51:02 Hauke: not that i'm aware of Jul 05 14:24:45 morning Jul 05 14:26:44 has someone tried wifi roaming (802.11r) on actual OpenWRT? Jul 05 14:58:38 ultito: if you are looking for people who to the testing for you, don't do it Jul 05 14:58:53 ultito: if you have a problem, tell us about it Jul 05 15:00:20 In 18.06 I plan to use that, so I am asking if anyone has it now working and if there are some issues to solve Jul 05 15:04:54 ultito: please do the testing on your own. check bugs.openwrt.org for known issues Jul 05 15:09:39 :-) Jul 05 15:19:32 dwmw2_gone: plodding on with the atm skb questions, slowly :-) ltq atm rx uses dev_alloc_skb and I checked there's 64 bytes of headroom. There *are* calls to pskb_expand_head for 64 bytes but these appear to be from vlan/bridged interfaces https://pastebin.com/1gDT6DYX Jul 05 15:20:36 are you seeing one of those for *every* incoming ATM packet which ends up being sent out on vlan? Jul 05 15:21:01 platforms which vlan everything and have a built-in switch would see that for every incoming packet? Jul 05 15:27:18 not sure - am not actaully connected via a wired interface (ie the switch) lemme try something... Jul 05 15:48:35 it seems mt7603 wifi-disconnect is a common issue across the board Jul 05 15:48:55 hi all Jul 05 15:49:16 only low-end routers are using mt7603 still, nowadays mtk routers are moving to mt7615 Jul 05 15:50:01 someone please say release date 18.06 ? Jul 05 15:51:25 but mt7615 is not supported in openwrt Jul 05 15:52:09 la3y: When it's done Jul 05 15:52:46 DonkeyHotei: which is sad, not sure if mt76 can accomdate 7615 sometime Jul 05 15:52:49 dwmw2_gone: it looks like I am :-( how to fix ? Jul 05 15:53:33 searched more these days it seems mt7603 has really bad reputation, i mean super low speed and worse, disconnection are beyond tolerable Jul 05 15:54:18 Monkeh, "The expected release date is around 1 July 2018" have some troubles with new release? Jul 05 15:54:29 best option might still be ath9k for 11n, and ath10k for 11ac these days, both with good driver support Jul 05 15:56:13 find new info from openwrt website 6 July 2018 - Final release binaries available for v18.06.0 Jul 05 16:20:55 ausjke: yep Jul 05 16:21:26 there's a reason there's masskve ath79 development Jul 05 16:21:57 mmm, guess ER-6P (maybe) or clear fog it is Jul 05 16:22:56 ausjke: ath10k's 802.11w support is totally broken though Jul 05 16:23:17 someone should probably add a note on the device page Jul 05 16:23:57 more like someone should write a patch to handle it in software Jul 05 16:23:59 mangix: eh, not really, it's all still "legacy" platforms being converted :) Jul 05 16:24:25 yeah but a lot of people use them Jul 05 16:24:28 mangix: a patch for what? :D Jul 05 16:24:43 802.11w Jul 05 16:24:58 mangix: yeah, but not a lot of new platforms coming out, it's kinda "mature" now Jul 05 16:25:23 oh, heh Jul 05 16:25:28 it still performs well Jul 05 16:25:36 isn't ath10k still pretty shady anyway? Jul 05 16:25:54 no better alternative Jul 05 16:26:12 Can Jul 05 16:26:31 Can't wait to see how bad the next Wi-Fi standard is gonna be like Jul 05 16:27:43 Puny mortals are not to even know of the existence of radios. It is arcane magic kept secret for the security of all. Jul 05 16:28:00 lol Jul 05 16:28:09 lol Jul 05 16:29:14 anyway, nevermind wireless Jul 05 16:29:25 i need to find a supported target Jul 05 16:29:35 INB4 the new standards are gonna require the OEM firmwares to be signed and have the keys embedded in the CPU lol. Jul 05 16:29:40 obviously I want a clear fog but they're kinda spendy Jul 05 16:29:44 because securityzzz! Jul 05 16:30:00 jwh: what you looking for? Jul 05 16:30:12 some copper and sfp ports Jul 05 16:30:18 ah Jul 05 16:30:30 yeah mvebu is your bet Jul 05 16:30:32 I got rb2011 which ticks all the boxes (sfp, copper, reasonably cheap) Jul 05 16:30:40 all works apart from the sfp and I can't figure it out Jul 05 16:30:54 maybe different hardware revision Jul 05 16:31:10 external converter + ? Jul 05 16:31:17 no Jul 05 16:31:30 media converters are unacceptable for a couple of reasons Jul 05 16:31:36 no visibility, yet another box Jul 05 16:31:59 Because we all like more boxes and more wires Jul 05 16:32:31 alright, cisco switch with SFP capabilities and Jul 05 16:32:31 :P Jul 05 16:32:40 shame the sfp port doesn't work, ~100GBP for 2011 with sfp + 5gige, 5 fe ports Jul 05 16:32:44 At least you'll have lifetime warranty Jul 05 16:32:47 and support Jul 05 16:32:48 lol Jul 05 16:32:48 pretty ideal for multiple services Jul 05 16:33:20 I fiddled with the sgmii setup but its nothaving it Jul 05 16:33:25 wonder how those fe ports are wired Jul 05 16:33:27 usb? Jul 05 16:33:33 internal switch Jul 05 16:33:44 its uh, an AR9344 Jul 05 16:33:50 so it has the internal 5 port fe switch Jul 05 16:33:57 and they have an AR8337N on the other gig port Jul 05 16:34:07 sfp is wired to one of the sgmii ports Jul 05 16:34:28 hmm ok Jul 05 16:34:30 *sigh* and it took me two hours to find out that something changed in OpenVPN between 17.04 and 18.06 that required me to set tun-mtu and mssfix. Jul 05 16:34:38 that was fun. Jul 05 16:34:39 so like, in this case I was going to use it where theres a gig fibre uplink, and a couple of 100meg downstream circuits Jul 05 16:35:00 you using ath79? Jul 05 16:35:04 but I can't convince the port to come up, I know nothing Jul 05 16:35:10 its still ar71xx Jul 05 16:35:29 couldn't work out how to port it eithr Jul 05 16:35:31 either Jul 05 16:35:41 maybe time to port :). it might be some kernel config that's disabled. no idea Jul 05 16:35:58 well, there was a commit last year that supposedly made it work Jul 05 16:36:03 *sigh²* and it took me half an hour to find out that wireguard would not set routes if the octet for whole subnets would not end in .0 Jul 05 16:36:09 but no idea if this is yet another hardware revision or whether it never workd Jul 05 16:36:25 it claims to be the same rev. 4 that was fixed Jul 05 16:37:16 jwh: have you tried the exact revision/commit that claimed to have fixed it? Jul 05 16:37:57 yeah Jul 05 16:38:14 would have been to easy :-) Jul 05 16:38:22 heh thats what I thought :D Jul 05 16:39:05 I can put the console on the end of an ssh session if someone wants to have a tinker :D Jul 05 16:40:35 Hello mkresin! o/ Jul 05 16:43:11 Redfoxmoon: o/ Jul 05 16:44:36 How goes?:-) Jul 05 16:46:23 fine so far. hunting my own bugs as usual Jul 05 16:46:32 Hehe:-) Jul 05 16:48:33 mm, will have to just deploy it with routeros on for now, maybe replace it later (but these things always end up being there forever heh) Jul 05 16:48:38 for* Jul 05 16:54:36 heh, even without the enclosure the clearfog pro is twice the price Jul 05 16:58:21 base is +50%, not enough ports though Jul 05 17:00:01 er-x would be nice but afaik sfp doesn't work on that either Jul 05 17:00:10 but its pretty cheap and blogic made it fast :D Jul 05 17:02:47 mangix: has anyone tried the sfp port on the clearfog? Jul 05 17:06:42 obviously need supported and checked/tested tables on the device pages :D Jul 05 17:08:50 jwh: should work Jul 05 17:09:18 yeah thats what I thought about the rb2011 heh Jul 05 17:09:28 kinda hard to make a business case for might :( Jul 05 17:09:50 when it impacts service delivery people get upset Jul 05 17:10:56 mm, availability for the clearfog is pretty terrible anyway Jul 05 17:11:43 there's also the turris omnia Jul 05 17:13:03 355EUR, ouch Jul 05 17:13:50 not far off an SRX heh Jul 05 17:14:48 there are actually more devices with sfps than I thought though Jul 05 17:15:09 just with varying levels of support Jul 05 17:18:40 although some of that will go away hopefully when ubnt release their 4.9 sources Jul 05 17:21:39 is it possible to specify write capabilities for only certain options in a UCI config with rpcd acl? (rather than giving write access to the entire config) Jul 05 18:03:27 hi Jul 05 18:58:32 hi Jul 05 19:43:46 riproute: if you take a look at https://git.openwrt.org/?p=project/rpcd.git;a=blob;f=uci.c;h=a1b83117abaed2823193ab110bfd4d211cf02d38;hb=HEAD#l644 Jul 05 19:43:48 it seems access check is performed only for a given UCI config file Jul 05 19:44:19 it seems it isn't possible to use rpcd ACL to specify access to selections UCI sections or options only Jul 05 19:44:32 jow: what do you think about adding that? would that be easy/possible? Jul 05 19:45:08 i can see use cases for that, admin could e.g. allow user to change WiFi password without changing encryption Jul 05 19:45:26 or something more nasty, like hwpath or country Jul 05 19:46:08 i could also imagine admin allowing user to change user/password for something like http/ftp/whatever, without user to e.g. changing shared directories Jul 05 22:49:44 Has anybody here dealt with a PCBA manufacturer before? Is there a usual cost for making minor changes to an existing design + prototype fabrication? The prototype is a relatively straight forward wireless router Jul 05 22:57:30 Hi all, has anyone tried to flash a RAVpower RP-WD03 router? Jul 05 22:57:54 I tried to flash it from a tftp server on my laptop (10.10.10.254 for the server, over ethernet) but nothing happened Jul 05 22:58:24 I tried with RP-WD03 2.000.020 and 2.000.066 (and 2.000.052, I think) firmware, but nothing happened Jul 05 22:58:50 It seems the flashing procedure works with firmware 2.000.040. Does anyone have an archive with that firmware version? Jul 05 22:59:45 https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=5ef79af4f80f772772e44e38478f2b3b78d40732 Jul 05 23:02:06 pkgadd: I've seen that, but the directions don't seem to work. The RP-WD03 doesn't seem to reach the tftp server. Jul 05 23:02:31 I also contact the OpenWRT developer (Matthias Badaire) about it Jul 05 23:03:48 check with wireshark what's actually happening, next step, serial console access; I don't know anything about that device (or even the whole target arch) Jul 05 23:04:07 I see - wireshark? Jul 05 23:05:06 http://www.wireshark.org/ Jul 05 23:05:38 putting an unmanaged switch between router and your tftp server also increases the chances for success Jul 05 23:06:44 OK thanks Jul 05 23:09:39 Morning, does anyone know if its possible to query what the current wireless channel that the router is currently operating is? Jul 05 23:10:08 What i mean by this is, if i set a DFS channel (say 100) and it gets forced to a different channel, how can i find out what channel it is now on? Jul 05 23:10:36 iwinfo Jul 05 23:12:35 so I spent a whole lot of time today on inserting mtu-related settings in OpenVPN on a 18.06-rc1 install. is anyone aware of what has changed between 17.04 and 18.06 that made that necessary? Jul 05 23:12:58 I mean, I know what to do now, but I would be really interested what has changed. Jul 05 23:16:37 the changelog between openvpn 2.4.4 (in 17.04) and 2.4.5 (in 18.06) is not really ... useful. Jul 05 23:18:31 mmm, you should only need fragment option (for udp, tcp should be ok on its own) Jul 05 23:19:01 yup. that's what it boiled down to in the end. Jul 05 23:19:04 pkgadd: new scenario, i'm using a 160MHz wide channel beginning at 36 and ending at 64 (i.e. 52-64 are in the DFS range). It gets forced to reduce to 80MHz width. Can i tell this anywhere? Jul 05 23:19:06 mangling the inner mtu is horrible, fragment will keep it sensible Jul 05 23:19:10 I think the answer might be no. Jul 05 23:19:14 always been needed for udp though Jul 05 23:19:22 tcp is slightly better Jul 05 23:19:45 jwh: really? I had no problems on 17.04 with the same config files (I don't configure through UCI) Jul 05 23:20:01 but yeah, tcp sounds like a good idea by now. Jul 05 23:20:33 problem with udp is because its connectionless, if you don't get a reply back saying packet too large (which you rarely do these days), it just won't get through Jul 05 23:20:34 Lantis: you should see a notice in dmesg, maybe even something more from hostapd in logread (you may have to bump the loglevel); keeping hostapd_cli running might also give some further insight Jul 05 23:20:39 (otoh, I moved all my permanent point-to-point VPNs to wireguard, which opened its own can of worms.) Jul 05 23:20:48 although, the kernel should probably inform openvpn of that if the link mtu isn't great enough Jul 05 23:20:55 however, once there is a dfs event, it's game over - the router has no other chance than to obey Jul 05 23:21:09 but it still won't do anything about it, it'll just drop packets on the floor Jul 05 23:21:38 pkgadd: understood. Not asking it to behave otherwise, just trying to have some informative information for a user in a GUI. "hey you requested channel 52 but its currently operating on 32 due to DFS" Jul 05 23:21:38 heh, I like wireguard coz it seems fast Jul 05 23:21:43 but its not really flexible enough :( Jul 05 23:21:55 only works with /32s, for a start Jul 05 23:22:22 jwh: so far I pretty much love it. but as both ends of the tunnel are on dynamic DNS, I had to write a watchdog because wireguard interfaces _never_ go down. Jul 05 23:22:31 heh Jul 05 23:22:39 jwh: uhm ... wat? I'm connecting my two /24s no problem. Jul 05 23:22:47 on the link interface Jul 05 23:22:54 can't do a /31 or even a /30 Jul 05 23:23:15 unless its been added in recent versions Jul 05 23:23:28 "link interface"? Jul 05 23:23:38 yes, wg whatever Jul 05 23:23:48 but thats because its pure l3 Jul 05 23:24:53 uhm. I still don't understand ... the link interface has a single IP, yes. but ... OpenVPN does that too, no? Jul 05 23:25:41 it will also tunnel ethernet, so you can treat the interface as you would any other Jul 05 23:26:23 waiting for wireguard to do that before I try moving anything heh Jul 05 23:26:28 (fun little detail: if you allow peer IP "x.x.x.1/24", it won't create a route. it HAS to be "x.x.x.0/24") Jul 05 23:26:37 makes sense Jul 05 23:26:49 software *should* be strict Jul 05 23:26:51 :D Jul 05 23:26:52 mhh, somewhat. Jul 05 23:27:00 .1/24 isn't a valid subnet Jul 05 23:27:37 unfortunately software often works it out which just perpetuates misunderstanding or bad habits heh Jul 05 23:27:54 oh, I'm all for strictness. :) Jul 05 23:28:29 heh Jul 05 23:29:17 but it should be consistent then. not happily accept and display it as a setting, but not do the route. :) Jul 05 23:29:25 yeah quite Jul 05 23:29:30 it should definitely moan about it Jul 05 23:30:47 yeah, can't sleep anyway. moving openvpn from udp to tcp now, because why the heck not. Jul 05 23:31:00 do you want terrible performance? Jul 05 23:31:04 coz thats how you get terrible performance Jul 05 23:31:33 uhm. Jul 05 23:31:36 its a real shame exactly zero support for SCTP has appeared (its been years now) Jul 05 23:32:05 only really exists in mobile networks Jul 05 23:32:47 but theres a reason they moved from gre et al to it, because its much more useful Jul 05 23:33:31 and more importantly, its actually a standard rather than yet another protocol that has no interop Jul 05 23:35:58 all sorts of tricks you can do these days though, I mean theres FoU too Jul 05 23:39:56 I need to see if the vxlan acceleration on intel nics works under linux though Jul 05 23:40:29 just got a tplink C7 v4 archer 1750, and built a 1806r1, the first replacement openwrt image, should I use squashfs-sysupgrade.bin of squashfs-factory.bin? never understand the difference Jul 05 23:40:47 if its running stock, you need factory Jul 05 23:41:00 thats what factory images are for Jul 05 23:41:09 usually in a format the stock firmware will accept Jul 05 23:41:10 so first replacement is factory, then sysupgrade afterwards? Jul 05 23:41:29 depends on the method of flashing, if you can flash from factory then yes Jul 05 23:41:43 some devices require a two step process (initramfs, then sysupgrade) Jul 05 23:42:02 ic, let me try, hope not to brick this one, i have wasted too many routers to get one working, i probably should have just bought a high end cisco router as far as money goes Jul 05 23:42:14 :( Jul 05 23:42:21 heh Jul 05 23:42:30 SRX300 is only about 600 bucks :D Jul 05 23:42:31 also got the rbm33g+2 radios today, busy now, will test it in two weeks Jul 05 23:44:41 the c7 v4 from amazon is 64.99 USD, must be gold comparing to mtk7603 crappy 2.4G Jul 05 23:45:21 (jwh: thanks for the pointers, openvpn works sufficiently well now.) Jul 05 23:46:48 ausjke: heh Jul 05 23:50:18 i'm sure mt7615 will save the world, until there is an oss driver for it, that is Jul 06 00:27:56 with archer C7, 2.4G now is 120Mbps/udp, 80Mbps/tcp, 10-meter away it's 30Mbps, good enough Jul 06 00:28:24 for 11AC I tried channel 102, 110, 106, 122 etc none work except for the default 36? Jul 06 00:28:42 do a site survey Jul 06 00:28:45 under VHT80 that is, how should I select a channel, I follow the http://www.revolutionwifi.net/revolutionwifi/2013/03/80211ac-channel-planning.html Jul 06 00:29:15 DonkeyHotei: any good tool other than my cellphone's wifi signal analyzer for site survey? Jul 06 00:29:28 or wifipineapple, which i don't own Jul 06 00:29:57 80 MHz channel: 42, 58, 106, 122, 138, 155 Jul 06 00:30:42 i happen to use my cell phone (which can't see channels 120 to 128, but that means i won't want those anyway) Jul 06 00:34:40 30meg 10metres away? Jul 06 00:34:49 do you live in a cave? Jul 06 00:35:06 houses, not direct sight Jul 06 00:35:14 ah Jul 06 00:35:22 anyway tried all VHT80(42,58,106,122,138,155), iwinfo showed txpower 0 Jul 06 00:35:52 you use the vht20 channel numbers, even on vht80 Jul 06 00:36:19 that's why it's not working Jul 06 00:36:42 DonkeyHotei: this is black magic, how am I supposed know this, if you don't tell me? seriously Jul 06 00:36:46 try vht20 now Jul 06 00:37:35 you set the bandwidth to vht80 and use the vht20 channel numbers Jul 06 00:38:18 channel 108, iw list shows it's radio detection, iwinfo showed still: Signal: unknown Noise: -100 dBm Jul 06 00:38:55 guess I need avoid radar area, is 'radar detection' same as DFS Jul 06 00:39:35 yes chan44 works, so is 36, both out of radar in US Jul 06 00:39:44 dfs channels will scan for radar and jump to a different channel automatically Jul 06 00:40:50 marvell chipsets will descend the channel numbers while mediatek and qualcomm will ascend Jul 06 00:45:08 DonkeyHotei: so if i choose a channel inside 'radar detection' range it will automatically be DFS-ed? Jul 06 00:45:20 yes Jul 06 00:45:39 anyway 11ac VHT80 at channel 44, which is super clean here, only gave me 120mbps for various iperf3 tunings Jul 06 00:45:49 well, only if there's actually a radar transmitting on those frequencies Jul 06 00:46:02 true, which i doubt any these days, nearby that is Jul 06 00:46:38 120Mb/s at what distance? Jul 06 00:47:33 my phone does 250Mb/s when it's near the archer c7 Jul 06 00:48:34 half meter Jul 06 00:50:10 then you have a hardware limitation in either the AP or the client Jul 06 01:07:47 ausjke, what you're looking for is a spectrum analyzer Jul 06 01:08:00 metageek is a cheap one Jul 06 01:08:23 you can also use a SDR as a spectrum analyzer Jul 06 01:15:25 [Thu 2018-07-05 05:41:50 PM PDT] so, i installed perl on an openwrt device... Jul 06 01:15:26 [Thu 2018-07-05 05:42:14 PM PDT] but i need a module that's not packaged Jul 06 01:59:16 Mister_X: you mean after spent hundreds dollars trying then settling down on a $65 tp-link-c7 and still not enough :) Jul 06 02:02:34 oh, I remembered that ubiquiti stuff has built-in spectrum analyzer (airos) Jul 06 02:02:53 ausjke, if you use ath9k and some chipsets, look for ath_spectral Jul 06 02:02:58 3 zbt1326 unusable 2.4G for $150, smoked a AC2600 that's another $180, bought rbm33g+radios for experiments that's another $100 plus antennas/pigtails should be around $150, and this $65 C7, a RMA tplinkC5(broadcom, no openwrt support, was unware when ordering), in total it is about $550 now :( Jul 06 02:02:59 also work with ath10k Jul 06 02:03:50 you shouldn't smoke routers, they're not that tasty and smoking isn't gonna make it taste any better :) Jul 06 02:07:15 vaping is safer Jul 06 02:08:44 not when it comes to plastics and flame retardants Jul 06 02:14:33 actually $645 Jul 06 02:15:35 i plugged a routerstation pro power to it by mistake, they look identical and was in the same area, then smoke arose on ac2600, tore it down today, at least i can reuse its pigtals/antennas Jul 06 02:16:14 don't look at me, i recommended doing a site survey with a cell phone, not a friggin spectrum analyzer Jul 06 02:17:18 will test more with C7 and try rbm33g two weeks from now, maybe it can be a working horse who knows Jul 06 02:31:09 C7 11ac udp now is 380Mbps, good enough Jul 06 02:31:24 tried with a better phone Jul 06 02:32:07 running 18.06 master branch **** ENDING LOGGING AT Fri Jul 06 03:00:01 2018