DD-WRT :: View topic - New build <Kong> r33545M 10-18-2017

New build <Kong> r33545M 10-18-2017

DD-WRT Forum Index -> Atheros WiSOC based Hardware

Goto page 1, 2 Next

View previous topic :: View next topic

Author

Message

jerrytouille
DD-WRT Guru

Joined: 11 Dec 2015
Posts: 1304

Posted: Thu Oct 19, 2017 1:00 Post subject: New build <Kong> r33545M 10-18-2017

New build <Kong> r33545M 10-18-2017 is out:
http://desipro.de/ddwrt/K3-AC-IPQ806X/

<Kong> wrote:

Comes with https://w1.fi/cgit/hostap/commit/?id=a00e946c1c9a1f9cc65c72900d2a444ceb1f872e

To prevent krack attack fro unpatched clients

You have an option under wireless security settings in order to switch it on

Last edited by jerrytouille on Thu Oct 19, 2017 18:31; edited 1 time in total

Sponsor

jerrytouille
DD-WRT Guru

Joined: 11 Dec 2015
Posts: 1304

Posted: Thu Oct 19, 2017 1:01 Post subject:
R7500v2 up and stable. Yet another awesome build.

flakie
DD-WRT User

Joined: 23 Sep 2017
Posts: 229
Location: Swindon, UK

Posted: Thu Oct 19, 2017 8:57 Post subject:
Installed here. All OK. _________________ Router Model: Netgear R8000 Firmware: DD-WRT v3.0-r41813 std (12/29/19) Modem: Super Hub 3.0 ISP: Virgin Media 350/35 Mbps

<Kong>
DD-WRT Guru

Joined: 15 Dec 2010
Posts: 4339
Location: Germany

Posted: Thu Oct 19, 2017 9:00 Post subject:
Comes with https://w1.fi/cgit/hostap/commit/?id=a00e946c1c9a1f9cc65c72900d2a444ceb1f872e To prevent krack attack fro unpatched clients You have an option under wireless security settings in order to switch it on _________________ KONG PB's: http://www.desipro.de/ddwrt/ KONG Info: http://tips.desipro.de/

flakie
DD-WRT User

Joined: 23 Sep 2017
Posts: 229
Location: Swindon, UK

Posted: Thu Oct 19, 2017 9:14 Post subject:

<Kong> wrote:

Disable EAPOL Key Retries

Thanks for this Smile

Enabled on both.
_________________
Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps

Xeon2k8
DD-WRT Guru

Joined: 11 Feb 2016
Posts: 1288

Posted: Thu Oct 19, 2017 13:16 Post subject:

Maybe dumb question, why is it off by default?
_________________
R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS)
R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS)
R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS)
R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)

charly2k17
DD-WRT Novice

Joined: 17 Oct 2017
Posts: 3

Posted: Thu Oct 19, 2017 13:51 Post subject:
Thanks for this! We will wait for the next release then. Good work!

casualtester
DD-WRT User

Joined: 13 Dec 2015
Posts: 319

Posted: Thu Oct 19, 2017 13:52 Post subject:

Xeon2k8 wrote:

Maybe dumb question, why is it off by default?

Mentioned in New build <Kong> r33525M 10-16-2017,

<Kong> wrote:

... that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.

Xeon2k8
DD-WRT Guru

Joined: 11 Feb 2016
Posts: 1288

Posted: Thu Oct 19, 2017 14:02 Post subject:

casualtester wrote:

Xeon2k8 wrote:

Maybe dumb question, why is it off by default?

Mentioned in New build <Kong> r33525M 10-16-2017,

<Kong> wrote:

... that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.

You meant to say here I guess
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1099456#1099456
_________________
R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS)
R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS)
R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS)
R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)

0011010101
DD-WRT Novice

Joined: 14 Dec 2015
Posts: 25
Location: 192.168.1.1

Posted: Thu Oct 19, 2017 14:14 Post subject:

<Kong> wrote:

... that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.

interoperability issues?
an example?

casualtester
DD-WRT User

Joined: 13 Dec 2015
Posts: 319

Posted: Thu Oct 19, 2017 14:20 Post subject:

Xeon2k8 wrote:

... You meant to say here I guess
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1099456#1099456

Yes.

jerrytouille
DD-WRT Guru

Joined: 11 Dec 2015
Posts: 1304

Posted: Thu Oct 19, 2017 21:07 Post subject:

0011010101 wrote:

<Kong> wrote:

... that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.

interoperability issues?
an example?

# This workaround might cause interoperability issues and reduced robustness of
# key negotiation especially in environments with heavy traffic load due to the
# number of attempts to perform the key exchange is reduced significantly. As
# such, this workaround is disabled by default (unless overridden in build
# configuration).
# Ref.: https://lede-project.org/docs/user-guide/wifi_configuration#wpa_key_reinstallation_attack_workaround

husky55
DD-WRT User

Joined: 19 Nov 2008
Posts: 274
Location: Madison, CT, US

Posted: Thu Oct 19, 2017 23:09 Post subject:
Under wireless security, there is now CCMP and GCMP in addition to the standard AES, WEP ,TKIP. What is the best encryption which is compatible with a bunch of devices with older wifi adapters? I have been using AES. Not sure how to turn ON/OFF for the krackattack fix either. _________________ Netgear R7800(2), R7500v2(2) WDS, Asus RT-AC68R (2)

tatsuya46
DD-WRT Guru

Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

Posted: Thu Oct 19, 2017 23:14 Post subject:

ccmp-256/gcmp are part of 802.11ac spec, yet none of my ac devices connect with them on, probably another untested feature.. they are not for compatibility, for that u stay where u are, with wpa2 aes, its fixed already, we can all calm down about it now. except scream at shitty vendors that dont update their stuff.

it does seem like it applies to 5ghz only, when selecting on 2.4ghz, the radio wont even broadcast.
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:

we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55797 std
[QUALCOMM] DIR-862L --------------------------------> r55797 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std

Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

mrjcd
DD-WRT Guru

Joined: 31 Jan 2015
Posts: 6285
Location: Texas

Posted: Thu Oct 19, 2017 23:22 Post subject:
"Disable EAPOL Key Retries" Works fine both radios and on both VAPs ... EA8500 -r33551

Goto page 1, 2 Next

Display posts from previous:

Page 1 of 2

DD-WRT Forum Index -> Atheros WiSOC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

New build <Kong> r33545M 10-18-2017

Quick Links

Log in