XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Tue Jul 16, 2019 6:53 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 119 posts ]  Go to page Previous  1, 2, 3, 4, 5
Author Message
PostPosted: Thu Apr 13, 2017 12:17 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
The nerve of that guy!

Some people think the new Mrs. Shibby might not be too keen on his "hobby." :lol:

I just switched to one of the latest Toastman builds tonight. Went a little bumpier than expected. But the quirks I was having before (router going into a weird limbo state for 3-5 minutes after changing settings) seem to have been nixed.

I'll have to try it out on an N12D1. Or, at least, what should be a compatible build... the no USB ports on the N12, so I shouldn't use the exact same file...

Or, at least I will after I get some sleep. Wasn't expecting it to take this long... (yawn)


Top
 Profile  
 
PostPosted: Thu Apr 13, 2017 12:51 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16245
You're up late again!


Top
 Profile  
 
PostPosted: Thu Apr 13, 2017 4:45 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6584
Location: NYC
Quote:
But the quirks I was having before (router going into a weird limbo state for 3-5 minutes after changing settings) seem to have been nixed.

Yeah, noticed that on this new N12. Not after any change, but often enough will get "the page was reloaded...," and have to wait until I don't know what to get back in. If installing the latest Toastman is "bumpier than expected" for you who know your way around this stuff, I'll probably pass. I can live with the zombie state when it happens, since it always comes back from zombie to alive...eventually.


Top
 Profile  
 
PostPosted: Thu Apr 13, 2017 2:27 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
I got the same zombie state with the new Toastman firmware but that went away after I did a long nvram erase and set it up from scratch. I think the new firmware versions don't cooperate with the default nvram values.

Toastman's been merging his code base with Shibby for a while now, so there's fewer duplicated nvram values created, which is why i stopped upgrading for a while. Then I switched to an AC build of Shibby since it supports the N66 with a different wireless driver, but there are quirks and eventually the quirks drove me back to the N builds which had the zombie problem, so then I looked into Toastman and this long circuitous tale is at an end.

I tried upgrading without using recovery mode and cabling directly into port 1 on the router which was half my trouble. Once I gave in and did it the "right" way everything worked pretty much as expected. I tried to cheat by cabling the switch my system was connected to into port 1.


Top
 Profile  
 
PostPosted: Thu Apr 13, 2017 4:39 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6584
Location: NYC
How are things dnscrypt-proxy in that firmware?


Top
 Profile  
 
PostPosted: Thu Apr 13, 2017 4:42 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
I'll have to take a closer look tonight. My only real impression was there were more dnscrypt providers in the dropdown list. Once I got it working I went to bed.


Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 7:19 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
Just noticed DNSCrypt is 1.6.1 in the version I'm running.

Unfortunately the website still does the zombie thing occasionally, goes away for about 3-5 minutes and then comes back after saving some settings.

Hmm. Wonder if it's dnscrypt related. Might just be the new multiwan stuff, there's a ton of stuff logged during the zombie period about deleting vlan interfaces, restarting dnsmasq, restarting most of Tomato...

I decided to give adguard a try. I liked opendns's malware filtering. The familyguard stuff is for porn, don't care about that, just want malware blocked, which is what adguard-dns does.


Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 10:27 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6584
Location: NYC
MonkeyBoy wrote:
Just noticed DNSCrypt is 1.6.1 in the version I'm running.

Unfortunately the website still does the zombie thing occasionally, goes away for about 3-5 minutes and then comes back after saving some settings.

Hmm. Wonder if it's dnscrypt related. Might just be the new multiwan stuff, there's a ton of stuff logged during the zombie period about deleting vlan interfaces, restarting dnsmasq, restarting most of Tomato...

I decided to give adguard a try. I liked opendns's malware filtering. The familyguard stuff is for porn, don't care about that, just want malware blocked, which is what adguard-dns does.

When it does its zombie thing, I can usually get back in by putting the URL in another tab.
Looking into adguard at https://adguard.com/en/adguard-dns/overview.html. Wonder if they're also non-logging and dnssec resolving? Is that a direct dnscrypt option in the Toastman build?

Adguard servers appear to be located near Moscow. Wonder about that? EDIT:"DNS servers are located in NJ, SF and Moscow, so for some locations ping may be huge." https://www.wilderssecurity.com/threads ... ta.387403/

I'm now at dnscrypt.eu-dk, after both the French and Dutch ones became quite flaky. Don't know how long this one will stay good.

A new issue: in order to keep the vz.net mail address, Verizon is forcing all its email customers to use the servers at AOL (thank god for mergers and acquisitions--not ready to send out five zillion emails notifying everyone on the planet of a change to a new email address, so keeping the current one.) After a full day of quite a lot of hassle, everything is now working quite well for Mac Mail at all three clients--hope it lasts.

But AOL webmail is really hideous, crammed full of click bait, spam and other idiotic, very pushy crap. Found a way to remove all that crap from a setting at the main mail page, so at least that's taken care of. Don't need to login to AOL webmail very often, but what I still can't find a way of doing is to block two quite obnoxious https/JavaScript redirects after logging out at the main mail site. Neither Refresh Blocker (only deals with meta refresh), nor Redirect Remover (the one I got a personal "license" for from AMO after the developer abandoned it) seem to be able to do anything at all.

Would iptables at the router, or anything else that you can think of, be able to nuke the following? These are the URLs of the two pages that get loaded one after the other. Probably pointless trying to get an IP for aol.com. Must be thousands.

https://membernotifications.aol.com/not ... xxxxxxxxxx (crap advertising which I can block with Adblock Plus, but not the page itself.)

https://www.aol.com/?xxxxxxxxxxxxxxxxxxxxxxxxx ("news" and main site)

Could try blocking the second one, AOL.com/, but don't know if I'd still be able to login at the webmail site, https://my.screenname.aol.com/xxxxxxxxxxxxxxxxxxxxxx if I did that.

And maybe if I could at least block the first one, it would stop the second.

xxxxxxxxxxxxx entered for long strings, since I don't know how much any of that is personally identifiable--probably none.

EDIT: for what it's worth, from an nslookup:

Non-authoritative answer:
Name: aol.com
Address: 149.174.110.105
Name: aol.com
Address: 149.174.107.100
Name: aol.com
Address: 64.12.249.135
Name: aol.com
Address: 207.200.74.55
Name: aol.com
Address: 149.174.149.73


Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 11:27 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
I don't know of any way a DNS solution would be able to block them. If it was a host that was only used for one particular thing it could block that host but I imagine http://www.aol.com is going to be used for more than just crap content. I really like ublock's ability to create custom filters just by right-clicking on the item you don't like. I haven't quite mastered its syntax but it's really good at ripping out ads and frames from websites. Right click on ad, block it, if a block of space remains where the ad was, right click on that and you'll usually find the frame (or its web 2.0 equivalent) it was in and block that and thennnnnnn it usually rearranges the page to compensate for the extra space. There are add-ons for adblock that do similar things but ublock is pretty lean despite having that integrated seems like a big plus.


Last edited by MonkeyBoy on Wed Apr 19, 2017 11:28 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 11:28 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16245
Maybe Little Snitch to block 149.174.98.126 [memnotes.egslb.aol.com]?


Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 11:31 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
I'm noticing some annoying slowdowns with adguard, in particular some CDNs are slow as molasses. For the most part it's about 99% as fast as it used to be, but those CDNs are everywhere now.

I imagine that if you were in Australia and using adguard you'd be stuck back in the situation Australia was before OpenDNS built a server farm in their region. In the US using the east or west coast isn't too bad. Having everything you're visiting on the other end of either a satellite hop or a transpacific cable is bad.


Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 12:24 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6584
Location: NYC
Thinking now that probably the best is to simply close that first tab/redirect as soon as it loads--end of any further redirects. I have the annoying ad that appears there blocked, so at least only seeing an empty page when it loads.

My first ever experience with AOL (in fact, hadn't heard or thought about them in twenty years), and had no idea they were so loaded up with so much intrusive, pushy bullshit/spam. They actually have the total chutzpah to tell you that for $4.99/mo, they won't inflict the pleasure of any ads. (Actually, NoScript + Adblock Plus gets rid of a good deal of that, but nowhere enough.) Would never give them a vomit covered penny, especially when there's a very simple checkbox, in settings, to stop their "AOL Today" crap (where all that spam and junk resides) from loading. Can go directly to the mail page now and not have to see any of that garbage--end of story. No idea why anyone would voluntarily have anything to do with them.


Top
 Profile  
 
PostPosted: Wed Apr 19, 2017 12:59 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
Heh. If Verizon buys Yahoo they plan to merge AOL & Yahoo into one company. I think this is a great idea, since now you have only one entity to have no contact with whatsoever instead of two. Figure out what IP blocks are assigned to the merged company and reject them all. :coffee:


Top
 Profile  
 
PostPosted: Sun May 14, 2017 3:12 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
I've figured out that MultiWAN builds are slow to respond after some configuration changes. In addition to this dnscrypt introduces its own delays. Combine the two and sometimes you have to wait 4+ minutes before it finally reloads httpd and the website will respond to requests again. If you have an ssh or telnet connection open it will remain open and you can monitor the logs to see how things are progressing but... it gets crazy slow.


Top
 Profile  
 
PostPosted: Sun May 14, 2017 4:44 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6584
Location: NYC
Don't know for sure, but can always get right back in from another tab. But could be we're not talking about the same thing. For me, it's zombified when I get "Server not found," after making certain changes. Is my 1.28.0000 MIPSR2-132 K26 Max MultiWan?

Btw, after going through the French and Dutch servers, which became flaky, I've been getting fairly reliable latency, at around 97 ms, using dnscrypt.eu-dk 77.66.84.233. Been staying solid for the past few weeks, since I switched.


Top
 Profile  
 
PostPosted: Mon May 15, 2017 9:59 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
I think dnscrypt introduces longer delays in the newer versions. However MultiWAN is a much longer delay. When it's "zombiefied" you'll be able to reach external sites that are already in your local DNS cache but not anything that requires DNS, since DNS takes a while to become functional in multiwan and httpd doesn't launch until after dns and other host-related services become available.

I'm back on 132. I turned off dnscrypt when I had trouble with newer versions and never got around to playing with it again.

Shibby came back from his honeymoon/vacation, he's working on 140 since someone else released their own 139 while he was away (some guys are crazy impatient).


Top
 Profile  
 
PostPosted: Thu Mar 29, 2018 5:22 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
Shibby is back on hiatus. I think he got 140 out. I don't blame the guy at all, its not like we're giving him a paycheck, and priorities have a way of changing. Toastman disappeared too. So there's very little firmware activity for MIPS CPU routers like the N12/N16/N66. The only developers interested in Tomato have ARM routers because zomg ARM is so cool so others have picked up the torch on that front.


Apparently the folks behind DNSCrypt decided to completely rewrite the software in the Go language.

The problem is that Go is unsuitable for embedded systems like routers since they typically don't have gobs of RAM, lots of storage, 64 bit processors, fast CPUs, the latest and greatest OS kernel, etc., etc. and the guys behind Go only care about desktop OSes and only then if they're absolutely bleeding edge current. They also embed all the libraries needed by the executable which bloats up the size of the executable. Because the libraries are embedded you have to push out an update any time any of the libraries are updated (e.g. frequently). If you don't update then your executable can (and murphy's law means it likely will) be vulnerable.

As a result there is virtually no chance, short of someone doing a lot of work to port the source from Go back to C for it to work on routers again. The old program will work as-is until it doesn't, at which point it can't be updated.

All hail our shortsighted "I want to work on something cool" developer overlords.


Personally I picked up a T-Mobile AC1900 router refurb from Amazon and flashed it back to an RT-AC68U. It was $60 when I bought it, apparently around the middle of last year they were in the $30 range. Also, if you can keep a secret, I just bought one for my sister for her birthday and flashed it tonight (in part because it was down to $43). Works great. Tomato builds are iffy on AC68s since it only supports A1 and B1 hardware revisions with C1 and up having issues. So I'm on Merlin, in part because ab solution is available. You need a drive attached, preferably one formatted ext2/ext3, but 16GB drives are ~$5 now so that's not a huge imposition. Comes with one USB 2.0 and one USB 3.0 port, obviously if you want more than two things connected you could buy a hub. There's some interesting third party support for Merlin.


Top
 Profile  
 
PostPosted: Fri Mar 30, 2018 10:58 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6584
Location: NYC
Thanks for the new information. My N12 is still doing fine. DNSCrypt to 176.56.237.171 (DNSCrypt.eu Netherlands) occasionally stalls and then I automatically revert to OpenDNS. But for the most part still OK. Will worry about all this the next time I need a new router, which, hopefully will last a few more years more than the first N12. We just passed the one year anniversary of this thread, 3/11/17, when the N12 died, so that's something.

Didn't know anything about Merlin. Will file that away for future reference.

This is where you previously discussed your experience with the certificate error using install media

https://x704.net/bbs/viewtopic.php?f=12 ... le#p107987


Top
 Profile  
 
PostPosted: Fri Mar 30, 2018 6:36 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10685
Location: Caught between the moon and NYC
Merlin is basically a modified/extended version of ASUS's OEM firmware. He only provides support for fairly recent routers, and with the latest branch I think he's limited to ARM models only. With his older branch he was still supporting the N66 which is MIPS, but I think that was the last one... apparently he moonlighted N16 support a couple years ago. Basically he supports the models that ASUS is actively supporting and up until KRACK they hadn't released a firmware for the N12 or N16 for ages (and even then the update only fixed N12s run in client mode, a router that joins another wifi network as a client to scam its internet connection).

I've actually had some pretty good luck with the OEM firmware on N12s. It's not all that wonderful in terms of features and I doubt it has any DNSCrypt support but it's stable and functional. I primarily use them as access points so the router aspect doesn't enter into the equation, but in theory the performance would be greater than Tomato since they can support hardware NAT acceleration (though if you enable incompatible features, like QoS, it gets disabled).

In case anyone else is interested in the AC1900, here's a link. Don't get them if you want to implement AiMesh though, ASUS is, uh, actively discouraging, I think that'd be a good euphemism for it, people from trying to run AiMesh on them. They'd rather you spend $150 on an actual RT-N68U. So far I've followed these instructions three times to convert an ac1900 to a 68u... sometimes you have to reset them to factory defaults as a first step and sometimes it doesn't start blinking the power light when it's in CFE mode (it just starts suddenly responding to pings at 192.168.29.1) but for the most part its been smooth. I cannot stress it in strongly enough terms, do not get them if you intend to just use them with the T-Mobile firmware. Oh my god the sheer number of things wrong is staggering. You can't change the network names. You can't change the WiFi password. And it just goes on from there.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 119 posts ]  Go to page Previous  1, 2, 3, 4, 5

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group