The reason why you would erase nvram ( before and ) after a firmware upgrade, is because not all router models clear their configuration areas properly.
Some believe it to be waste of time to erase the nvram....others, like me, tend to have the attide of being "better safe than sorry".
And for now, it seems like it have helped me. So I will continue to erase nvram before and after firmware upgrade,
until I get other ideas
I see that erase nvram and then manually re-configuring might make sense -- the things the firmware staores in nvram might have been re-organised.
However some people recommend erasing the nvram and then re-loading your saved configuration.
This seems like nonsense. The saved file looks to be the entire nvram in binary format so erasing and re-loading it makes ZERO sense.
Incidentally I would love it if the format of the saved configuration file could be changed to human readable. Hint hint devs - do you read this?
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Mon Dec 14, 2015 0:45 Post subject:
the whole erasing nvram thing before &/or after upgrading is a complete garbage myth that went wild for whatever reason despite being proved time & time again its not going to fix ur incorrectly set wifi settings, or ur aweful isp modem's dhcp issues, or the broken language translation.
its just tossed around & some believe it as much as some believe earth is flat, if i had to pick a part thats the worst about it, is the do it BEFORE updating part, brains, logic & common sense is out the window there..some broadcoms even BRICK when doing it but nope some still live & breathe triple 30 reset that nvram twice per upgrade all day every day, hilarious..even the developers laughed at those who believe this already, called it "bullshit", exactly what it is.
u can even save a config from router a & put it on router b thats a different unit, works? yes. but that sparks a bunch of people on the "not supposed to do that" bandwagon to jump on u, when most probably never even tried it..there was lots of work done a ways back specifically for making that now a doable thing.
beliefs & myths..like how wifi is "radiating us sick" & more..thats another thing floating around too that thankfully, much less are onboard about. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Joined: 16 Nov 2015 Posts: 6440 Location: UK, London, just across the river..
Posted: Mon Dec 14, 2015 5:53 Post subject:
well i believe that erase ram does the good thing prior to 30/30/30 reset, there is a logic if there is still some leftovers, in the nvram, and i had a problems with too many updates in row and not clearing the nvram, so far its working fine 28493, but it bricked my router after i upgraded to it so i had to erase nvram and redo it again so far so good im happy chappy running 28493 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Mon Dec 14, 2015 11:54 Post subject:
Router: WZR-HP-G300NH
Firmware: 28493 (from 28444)
Kernel:
Status: OK
Reset: erased nvram before and after TFTP'ing 28493
Errors: none that concern my normal use.
IPv6 address isn't properly formed and shown in the GUI (top right). Windows shows a properly formed address, but 'No Internet Access' for IPv6; it used to work with the IPv6 settings I use in dd-wrt, but maybe the ISP doesn't like me enabling and disabling IPv6 repeatedly.
The following may be Windows (7) related:
When IPv6 is enabled, DNS lookup of devices in my own domain doesn't work; I have to use IP(v4) addresses instead; at the same time on my iPhone (iOS9.2) LAN device names (with or w/o domain name) do get interpreted properly.
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Mon Dec 14, 2015 15:12 Post subject:
ArjenR49 wrote:
Router: WZR-HP-G300NH
The following may be Windows (7) related:
When IPv6 is enabled, DNS lookup of devices in my own domain doesn't work; I have to use IP(v4) addresses instead; at the same time on my iPhone (iOS9.2) LAN device names (with or w/o domain name) do get interpreted properly.
With Chromium in Ubuntu 15.10 DNS lookup with IPv6 enabled on the router works fine, too. Just Windows 7 seems to have a problem there.
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Mon Dec 14, 2015 15:27 Post subject:
ArjenR49 wrote:
Router: WZR-HP-G300NH
IPv6 address isn't properly formed and shown in the GUI (top right).
I should have written:
The IPv6 address shown in the GUI doesn't look right to me, because it looks very different from the IPv6 for my notebook, but I can easily be quite wrong ... It's much longer (8 parts) than the one for my notebook (6 parts).
I would like to keep IPv6 enabled, but it was suggested somewhere on this forum there is no firewall protection for IPv6 in DD-WRT that can be activated in the GUI, so I'm afraid to keep it enabled for long.
Just checking if I can find IPv6 settings that work for this seemingly ever more elusive moment when the ISP finally takes the IP bull by the horns ...
Router: WZR-HP-G300NH
IPv6 address isn't properly formed and shown in the GUI (top right).
I should have written:
The IPv6 address shown in the GUI doesn't look right to me, because it looks very different from the IPv6 for my notebook, but I can easily be quite wrong ... It's much longer (8 parts) than the one for my notebook (6 parts).
I would like to keep IPv6 enabled, but it was suggested somewhere on this forum there is no firewall protection for IPv6 in DD-WRT that can be activated in the GUI, so I'm afraid to keep it enabled for long.
Just checking if I can find IPv6 settings that work for this seemingly ever more elusive moment when the ISP finally takes the IP bull by the horns ...
It can send IPv6 packets to the IPv6 address of your computer and tell you if there was any response.
I find that using dd-wrt to provide IPv6 on my LAN using a tunnelbroker.net tunnel there is definitely a firewall somewhere in the system. But I don't know for sure if dd-wrt provides it or if something else is doing it.
Router: WZR-HP-G300NH
Firmware: 28493 (from 28444)
Kernel:
Status: OK
Reset: erased nvram before and after TFTP'ing 28493
Errors: none that concern my normal use.
IPv6 address isn't properly formed and shown in the GUI (top right). Windows shows a properly formed address, but 'No Internet Access' for IPv6; it used to work with the IPv6 settings I use in dd-wrt, but maybe the ISP doesn't like me enabling and disabling IPv6 repeatedly.
The following may be Windows (7) related:
When IPv6 is enabled, DNS lookup of devices in my own domain doesn't work; I have to use IP(v4) addresses instead; at the same time on my iPhone (iOS9.2) LAN device names (with or w/o domain name) do get interpreted properly.
You need to run and then save to firewall the script below
Quote:
iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT
If you are using DHCPv6 with prefix delegation, you need to enable radvd and disable Dhcp6c custom, Dhcp6s, and Dhcp6s
After you made all the changes, reboot your router from the management.
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Tue Dec 15, 2015 0:19 Post subject:
Thanks for your help!
I set IPv6 and firewall up as you suggested. Based on what information my isp gives on its IPv6 services I used a prefix length of 56.
My router now passed the tests of the test sites I have been using and what I had links for.
It's too late at night now to do more testing ...
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Tue Dec 15, 2015 9:59 Post subject:
Having enabled IPv6 with the settings (incl. firewall command) as advised per the above in this thread, I got an average loss of 100% for IPv4 as expected (setting in dd-wrt gui) from the ping test of http://ipv6-test.com/, but for IPv6 the average loss was 0,00% with a response time of 56 ms.
The score on the main test page (connectivity, browser & DNS) was very good at 18/20. The remaining problems weren't flagged and I couldn't figure out what they might be.
Is it possible to block pinging with IPv6 in dd-wrt build 28394?
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Tue Dec 15, 2015 12:30 Post subject:
ArjenR49 wrote:
Having enabled IPv6 with the settings (incl. firewall command) as advised per the above in this thread, I got an average loss of 100% for IPv4 as expected (setting in dd-wrt gui) from the ping test of http://ipv6-test.com/, but for IPv6 the average loss was 0,00% with a response time of 56 ms.
The score on the main test page (connectivity, browser & DNS) was very good at 18/20. The remaining problems weren't flagged and I couldn't figure out what they might be.
Is it possible to block pinging with IPv6 in dd-wrt build 28394?
It is normal to have ping loss of 100% for IPv4 when "Block Anonymous WAN Requests (ping)" is checked on Security/Firewall tab (DD-WRT firewall DROPs echo request on INPUT chain)...
About icmpv6: you do not want to block it because ipv6 heavily relays on icmpv6 maybe just filter it (limit number of echo replies per seconds) to stop DOS (denial of service) attack. If you block it, you will have some other issues... If I understand you, what concerns you is ipv6 security under ddwrt?
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Tue Dec 15, 2015 15:31 Post subject:
[quote="Mile-Lile"]
ArjenR49 wrote:
About icmpv6: you do not want to block it because ipv6 heavily relays on icmpv6 maybe just filter it (limit number of echo replies per seconds) to stop DOS (denial of service) attack. If you block it, you will have some other issues... If I understand you, what concerns you is ipv6 security under ddwrt?
Thanks for explaining. I have done a few online port scans both to my router's IPv6 address and that of a notebook on my LAN. I'm satisfied with the results.
I'm not expecting a dos attack since I'm not running any server.
I also checked the IPv6 addresses of a few devices on my lan and even though they differ widely in the last 4 parts of the address, they belong to the same subnet that my ISP assigned. It all seems to be quite ok.
In my earlier attempts I tried the dd-wrt gui setting for sequential IPv6-addresses with dhcp6s. It seemed to work, but it may also have had less desirable side-effects.
It is appealing to have addresses in sequence instead of vastly apart, although it should make no difference in how things work.
Sometimes it looked like the same address from the sequence was claimed by two devices on my LAN. Windows issued a warning on one of our notebooks, which is how I found out.