Feel free to ask me any questions about it, i will answer them here
I can also do any tests you wonder about
Is it still running QSDK vs. current OpenWRT?
opkg update && opkg install openssl-util
Can you share the output:
openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc aes-192-cbc aes-256-cbc rsa2048 dsa2048 | tee /tmp/sslspeed
echo "|" `awk 'match($0,/r[0-9]+/) {print substr($0,RSTART,RLENGTH)}' /etc/banner` `awk -v FS=": " -v ORS="" '/(Processor|BogoMIPS|Hardware|machine|cpu model|system type)/ { print "| " $2 " " } END { print "" }' /proc/cpuinfo` `awk -v ORS="" '$1 ~ /OpenSSL/ {print "| " $2 " |"} $1 ~ /(md5|sha)/ {print " " $5 " |"} $1 ~ /(des|aes)/ {b = b " " $6 " |"} $1 ~ /(rsa|dsa)/ {print b " " $6 " | " $7 " | ";b=""} END { print "" }' /tmp/sslspeed | sed 's/\.\(..\)k/\10/g'`
echo
cat /etc/os-release
| | ARMv7 Processor rev 5 (v7l) | 96.00 | ARMv7 Processor rev 5 (v7l) | 96.00 | ARMv7 Processor rev 5 (v7l) | 96.00 | ARMv7 Processor rev 5 (v7l) | 96.00 | Qualcomm (Flattened Device Tree) | 1.0.2h | 46658660 | 13379580 | 11157120 | 4876800 | 6699840 | 2375410 | 9896380 | 8599890 | 7431020 | 11.8 | 475.1 | 46.4 | 38.6 |
cat: can't open '/etc/os-release': No such file or directory
Your commands are broken there bud, so here is the output of the crypto test:
OpenSSL 1.0.2h 3 May 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(ptr)
compiler: arm-openwrt-linux-uclibcgnueabi-gcc -I. -I.. -I../include -fPIC -DOPE NSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_ DLFCN_H -I/home/han/item/open53/qsdk/staging_dir/target-arm_cortex-a7_uClibc-1.0 .14_eabi/usr/include -I/home/han/item/open53/qsdk/staging_dir/target-arm_cortex- a7_uClibc-1.0.14_eabi/include -I/home/han/item/open53/qsdk/staging_dir/toolchain -arm_cortex-a7_gcc-4.8-linaro_uClibc-1.0.14_eabi/usr/include -I/home/han/item/op en53/qsdk/staging_dir/toolchain-arm_cortex-a7_gcc-4.8-linaro_uClibc-1.0.14_eabi/ include -DOPENSSL_SMALL_FOOTPRINT -DHAVE_CRYPTODEV -DOPENSSL_NO_ERR -DTERMIOS -O s -pipe -march=armv7-a -mtune=cortex-a7 -fno-caller-saves -fhonour-copts -Wno-er ror=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=soft -Wl,-z,now -Wl,-z,relro -fpic -I/home/han/item/open53/qsdk/package/libs/openssl/include -f omit-frame-pointer -Wall
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 2663.52k 8394.88k 25628.79k 46658.66k 58443.60k
sha1 1974.81k 5289.45k 10372.83k 13379.58k 15274.38k
des cbc 6387.06k 6390.92k 6678.52k 6699.84k 6408.39k
des ede3 2333.75k 2377.36k 2309.29k 2375.41k 2388.88k
aes-128 cbc 9182.28k 9604.50k 9864.48k 9896.38k 9583.25k
aes-192 cbc 8351.01k 8499.91k 8172.65k 8599.89k 8581.05k
aes-256 cbc 7074.45k 7498.57k 7583.17k 7431.02k 7441.52k
sha256 2152.09k 4829.54k 8932.33k 11157.12k 11504.66k
sha512 610.29k 2436.98k 3466.95k 4876.80k 5544.72k
sign verify sign/s verify/s
rsa 2048 bits 0.084407s 0.002105s 11.8 475.1
sign verify sign/s verify/s
dsa 2048 bits 0.021562s 0.025911s 46.4 38.6
And cpuinfo
processor : 0
model name : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 67.03
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc07
CPU revision : 5
processor : 1
model name : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 67.03
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc07
CPU revision : 5
processor : 2
model name : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 67.03
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc07
CPU revision : 5
processor : 3
model name : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 67.03
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc07
CPU revision : 5
You can see the banner a few posts up, i guess you wanted the release version:
OpenWrt Chaos Calmer 15.05.1 r48067 / LuCI allpkg branch (git-18.315.33550-0179119)
Cool thanks for sharing!
Current B1300 is on 4.4.60 - still QSDK CC15.05.1 r48067… which makes sense, as the QSDK Wave2 WiFi drivers have all the Mesh stuff sorted - the FOSS drivers for Wave1/Wave2 are still under heavy development on Openwrt-master.
Performance should be very similar between B1300 and S1300 - key differences are that S1300 has the hooks for BT and Zigbee with the IPQ4029
Anyways - nice little AC1200 box (both the S and B models) at a great price point.
Try…
cat /proc/version
I got mine too and found your thread because of the “can’t open ‘/etc/os-release’: No such file or directory”
Feel free to shoo me into making my own thread, but I’m having issues getting my vpn client working with internal dns.
It looks like it’s correctly getting the right information from my openvpn server and placing it in /tmp/resolv.conf.vpn
it’s also properly setting this file as the active resolver in /etc/config/dhcp
option resolvfile ‘/tmp/resolv.conf.vpn’
but it’s still not resolving anything. I received this error “can’t open ‘/etc/os-release’: No such file or directory”
after trying to restart dnsmasq from /etc/init.d/dnsmasq restart.
I’m assuming that dnsmasq is not properly restarting and that’s why the resolv.conf.vpn is not being utilized. Any idea of what this may be related to?
I’ve read nearly every OpenWRT/ GLinet thread on internal DNS with the open vpn client, but can’t for the life of me figure this out. It seems like everything is working as it should, but I can’t verify that dnsmasq is currently using /tmp/resolv.conf.vpn. Is there any command I can type to see what is being used similar to nslookup on windows?
Also, can you confirm that when you connect/disconnect to a VPN that your wifi SSID’s go down? It happens every time for me. This is my first GLInet router and I haven’t experienced something like this before, so I’m not sure it’s intended. It’s like the WiFi is cycled every time you connect/disconnect to VPN.
Sorry for the mouthful/possible hijack, but it seemed like it might be a good spot considering how new the S1300 is.
Thanks in advance for reading!
Yes sorry - it appears it is only in newer OpenWRT. It is there on 18.06. For reference, it looks like this on a 300M
NAME=“OpenWrt”
VERSION=“18.06.1”
ID=“openwrt”
ID_LIKE=“lede openwrt”
PRETTY_NAME=“OpenWrt 18.06.1”
VERSION_ID=“18.06.1”
HOME_URL=“http://openwrt.org/”
BUG_URL=“http://bugs.openwrt.org/”
SUPPORT_URL=“http://forum.lede-project.org/”
BUILD_ID=“r7258-5eb055306f”
LEDE_BOARD=“ar71xx/nand”
LEDE_ARCH=“mips_24kc”
LEDE_TAINTS=“”
LEDE_DEVICE_MANUFACTURER=“OpenWrt”
LEDE_DEVICE_MANUFACTURER_URL=“http://openwrt.org/”
LEDE_DEVICE_PRODUCT=“Generic”
LEDE_DEVICE_REVISION=“v0”
LEDE_RELEASE=“OpenWrt 18.06.1 r7258-5eb055306f”
Is there any command I can type to see what is being used similar to nslookup on windows?
Yes actually nslookup is the same, as windows took it from unix
root@GL-AR300M:~# nslookup 1.1.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53Non-authoritative answer:
1.1.1.1.in-addr.arpa name = one.one.one.one
Here you can see mine is using 192.168.1.1 (dnsmasq in this case) to resolve 1.1.1.1
You can do this and see if it fixes your problem - if it does you should report back.
echo 15.05 > /etc/os-release
then reboot.
Thanks for your response. nslookup confirmed that it isn’t using my internal dns to resolve.
Server: 127.0.0.1
It’s still using what is in resolv.conf even though /etc/config/dhcp specified resolv.conf.vpn
I tried creating the /etc/os-release like you said. Now I can restart dnsmasq with ‘/etc/init.d/dnsmasq restart’ without an error displayed, but even after restarting the service, it’s still using resolv.conf for whatever reason.
I rebooted the device as well since you mentioned it, but no change.
I’m not sure why dnsmasq isn’t using the file specified in /etc/config/dhcp
See below. When connected to openvpn, this is my dhcp config
config dnsmasq
option domainneeded ‘1’
option boguspriv ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_localhost ‘1’
option local ‘/lan/’
option domain ‘lan’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option nonwildcard ‘1’
option localservice ‘0’
option rebind_protection ‘0’
option resolvfile ‘/tmp/resolv.conf.vpn’
/tmp/resolv.conf.vpn contains
nameserver 192.168.1.20
nameserver 8.8.8.8
domain domain.local
dhcp-option ADAPTER_DOMAIN_SUFFIX domain.local
the script that creates /tmp/resolv.conf.vpn and sets the setting for dnsmasq is in /etc/openvpn/update-resolv-conf
in that script it creates /tmp/resolv.conf.vpn and sets it in /etc/config/dhcp as seen above. then it does ‘uci commit dhcp’ and ‘/etc/init.d/dnsmasq restart’ which I assume is supposed to restart dnsmasq with the vpn dns.
but after all of that, when I do an nslookup, i’m still using 127.0.0.1, which is what’s in resolv.conf, which is the file dnsmasq is set to when the vpn is disconnected.
A side note: I can ping everything including the internal dns i’m trying to have it use ‘192.168.1.20’, dnsmasq just isn’t using it for some reason.
@Johnex Can you do a:
openssl speed -evp aes-128-cbc
The -evp mode causes possible optimizations to be used if available.
Doing aes-128-cbc for 3s on 16 size blocks: 1283451 aes-128-cbc's in 2.98s
Doing aes-128-cbc for 3s on 64 size blocks: 423921 aes-128-cbc's in 2.98s
Doing aes-128-cbc for 3s on 256 size blocks: 108947 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 1024 size blocks: 28835 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 8192 size blocks: 3607 aes-128-cbc's in 2.99s
OpenSSL 1.0.2h 3 May 2016
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(ptr)
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 6891.01k 9104.34k 9327.90k 9875.26k 9882.46k
that looks about right…
Similar to any other Cortex-A7 considering the clock speed.
A bit faster than AR300M, mostly due to clock speed - DMIPS/HZ for MIPS24k and Cortex-A7 are similar enough…
Hmm. The earlier post you had an incomplete output from the test including how openssl was complied. I think newer versions of openssl in openwrt include hand optimized assembly using the ARM NEON instructions on the A7 and will help tremendously. The openssl test with the -evp mode should highlight that.
If you are adventurous you may be able to install a newer openssl package from the openwrt repo.
Here are the compiler flags too
compiler: arm-openwrt-linux-uclibcgnueabi-gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-I/home/han/item/open53/qsdk/staging_dir/target-arm_cortex-a7_uClibc-1.0.14_eabi/usr/include
-I/home/han/item/open53/qsdk/staging_dir/target-arm_cortex-a7_uClibc-1.0.14_eabi/include
-I/home/han/item/open53/qsdk/staging_dir/toolchain-arm_cortex-a7_gcc-4.8-linaro_uClibc-1.0.14_eabi/usr/include
-I/home/han/item/open53/qsdk/staging_dir/toolchain-arm_cortex-a7_gcc-4.8-linaro_uClibc-1.0.14_eabi/include
-DOPENSSL_SMALL_FOOTPRINT -DHAVE_CRYPTODEV -DOPENSSL_NO_ERR -DTERMIOS -Os -pipe -march=armv7-a -mtune=cortex-a7
-fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=soft
-Wl,-z,now -Wl,-z,relro -fpic -I/home/han/item/open53/qsdk/package/libs/openssl/include -fomit-frame-pointer -Wall
Yeah - compare with the openwrt daily snapshot running on a pi3b+
OpenSSL 1.1.1c 28 May 2019 built on: Fri May 31 19:01:33 2019 UTC options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -Os -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_SMALL_FOOTPRINT
The assembly optimizations (all the ASM stuff in the compiler flags there) are manually turned on when compiling with CONFIG_OPENSSL_WITH_ASM in make config in more recent openwrt.
It could double the performance.
Does it mean you will buy an S1300 and do some coding on it?
I live out of a carry on. No room.
You can use it without the case, even smaller