Page 2 of 16

Simultaneous dual wan access and bind app (pyload, transmission) on interface to ip on Asus Router

Asus routers has builtin DualWan in two modes. First one, Failover disables second WAN until first one stop works so you cannot use it. Loadbalancing – no one know what it is doing, it has closed sources and you do not know when do you connect which interface. First disable builtin DualWAN and leave as main WAN.

I will describe dual wan with dual default gateways: First cable WAN and second USB hilink modem. We want use main WAN but some apps just bind to second WAN. It is called Source Based Routing. We will use iproute2 and routing tables. Basically we will set rule: if source address is from app using second wan interface use other table rule with other default gateway/router. You can create much more than two.

Check that you have routing tables, if not create one:

cat /etc/iproute2/rt_tables

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
200 wan1

We will use wan1, if it is empty:

ip route list table wan1

My second WAN is USB Modem HiLink so I have to manually turn on the modem on Asus Router via command line. Router has preinstalled drivers. So just look in dmesg which interface it brings:

dmesg | grep usb
dmesg | grep USB

cdc_ether 2-2:1.0: eth3: register 'cdc_ether' at usb-0000:00:0a.1-2, CDC Ethernet Device
My interface for 3G usb modem is eth3. Bring it up:

ifconfig eth3 up

We have to assign ip address, mask and subnet to this interface. Asus has dhcp client called: udhcpc. It works but you have to create script:

touch /jffs/scripts/udh.sh
chmod +x /jffs/scripts/udh.sh
nano /jffs/scripts/udh.sh

Content of udh.sh

#!/bin/sh
 
#set route table for second wan
TABLE="wan1"
 
[ -n "$1" ] || { echo "Error: should be called from udhcpc"; exit 1; }
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"
 
IFS=. read -r i1 i2 i3 i4 <<EOF
$ip
EOF
IFS=. read -r m1 m2 m3 m4 <<EOF
$subnet
EOF
SUBIP=$(printf "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
 
lip=`ip addr show br0 | grep -o "inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"`
lsubnet=`ifconfig br0 | grep Mask | cut -d":" -f4`
IFS=. read -r i1 i2 i3 i4 <<EOF
$lip
EOF
IFS=. read -r m1 m2 m3 m4 <<EOF
$lsubnet
EOF
LOCSUBIP=$(printf "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
 
 
mask2cidr() {
    nbits=0
    IFS=.
    for dec in $1 ; do
case $dec in
    255) let nbits+=8;;
    254) let nbits+=7;;
    252) let nbits+=6;;
    248) let nbits+=5;;
    240) let nbits+=4;;
    224) let nbits+=3;;
    192) let nbits+=2;;
    128) let nbits+=1;;
    0);;
    *) echo "Error: $dec is not recognised"; exit 1
    esac
    done
    printf "$nbits"
}
CIDR=$(mask2cidr $subnet)
 
case "$1" in
    deconfig)
        echo "Clear existing config"
        ifconfig $interface 0.0.0.0
        ip addr flush dev $interface
    ;;
    renew|bound)
        echo "Setting interface IP $interface $ip $BROADCAST $NETMASK"
        #ip addr add $ip/$CIDR broadcast $BROADCAST dev $interface
        ifconfig $interface $ip $BROADCAST $NETMASK
 
        echo "Route adding for $SUBIP/$CIDR"
		#route in table
		ip route add $SUBIP/$CIDR dev $interface table $TABLE
		#LAN br0
		ip route add $LOCSUBIP/$CIDR dev br0 table $TABLE
		#route in default
		ip route add $SUBIP/$CIDR dev $interface
		#route localhost
		ip route add 127.0.0.0/8 dev lo table $TABLE
 
 
        echo "Setting default gateway"
        if [ -n "$router" ] ; then
            echo "Deleting routers"
            while ip route del default dev $interface table $TABLE  ; do
                :
            done
 
            while ip route del default dev $interface ; do
                :
            done
 
            metric=0
            for i in $router ; do
                echo "Adding gateway $i"
				ip route add $i dev $interface metric $metric table $TABLE
				ip route add default via $i dev $interface metric $metric table $TABLE
				ip route add $i dev $interface metric $metric
                : $(( metric += 1 ))
            done
        fi
        #from and to
        echo "IP Rule"
		ip rule add from $SUBIP/$CIDR lookup $TABLE
		ip rule add from all to $SUBIP/$CIDR lookup $TABLE
 
        #set firewall
        echo "Firewall set"
		iptables -t nat -A POSTROUTING ! -s $SUBIP/$CIDR -o $interface -j MASQUERADE
    ;;
esac
 
exit 0

Now run test of udhcpc:

udhcpc -i eth3 -s /jffs/scripts/udh.sh

If everything works and interface has IP address you can add it to autostart. But do not forget add -b switch for udhcpc to work in background for renew the dhcp leases. I will add autostart to post-mount because i has USB modem so i have to wait until it is initialized. Edit post-mount

nano /jffs/scripts/post-mount

add :
ifconfig eth3 up
udhcpc -i eth3 -b -s /jffs/scripts/udh.sh

Now you can bind pyload to second wan interface. Open Config > Menu > General > Download > Download interface to bind (ip or Name)
Enter your interface name for example eth3:

Now check it is works. Add download job with URL to html web page which shows your ip (it cannot be js/html5) for example http://www.whatismyip.net. Open downloaded html file and check it is second wan ip adress.

List of commands without script:
IP ADDR: 192.168.8.100
GATEWAY: 192.168.8.1
MASK: 255.255.255.0 or /24
BROADCAST: 192.168.8.255
SUBNET: 192.168.0
INTERFACE: eth3

ifconfig eth3 up
ifconfig eth3 0.0.0.0
ifconfig eth3 192.168.8.100 192.168.8.255 255.255.255.0
ip route add 192.168.0/24 dev eth3 src 192.168.8.100 table wan1
ip route add 192.168.0/24 dev eth3
ip route del default dev eth3 table wan1
ip route del default dev eth3
ip route add default via 192.168.8.1 dev eth3 metric 0 table wan1
ip rule add from 192.168.8.100/32 table wan1
ip rule add to 192.168.8.100/32 table wan1
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE

There is much more routes because i want to access second gateway config page on 192.168.1 from local subnet.
Use MASQUERADE on last step only if you enabled firewall in router settings. If you disabled you have to create forward rule. You can check iptables for correct one:

iptables -t nat -vL
iptables -vL

You can change DNS servers by adding in script:

RESOLV_CONF="/etc/resolv.conf"
echo "Recreating $RESOLV_CONF"
# If the file is a symlink somewhere (like /etc/resolv.conf
# pointing to /run/resolv.conf), make sure things work.
realconf=$(readlink -f "$RESOLV_CONF" 2&gt;/dev/null || echo "$RESOLV_CONF")
tmpfile="$realconf-$$"
&gt; "$tmpfile"
[ -n "$domain" ] &amp;&amp; echo "search $domain" &gt;&gt; "$tmpfile"
for i in $dns ; do
	echo " Adding DNS server $i"
	echo "nameserver $i" &gt;&gt; "$tmpfile"
done
mv "$tmpfile" "$realconf"

Of course you can built your own dual wan script and switch to second wan in failover:

ip route change default via 192.168.8.1 dev eth3 metric 0

LoadBalancing is much more complicated.

Sources:
mask2cidr – https://www.linuxquestions.org/questions/programming-9/bash-cidr-calculator-646701/#post3173472
subnet ip from ip and mask: https://stackoverflow.com/questions/15429420/given-the-ip-and-netmask-how-can-i-calculate-the-network-address-using-bash
script for udhcpc simple.script – https://github.com/brgl/busybox/tree/master/examples/udhcp

Aria2 on Asus Router with AsusWRT Merlin

Built-in Download Master from Asus is not very good. So you can install Entware and Aria2 Download manager on your router. You have to connect USB hard drive but first create and Linux partition on it (recommended ext4). On Windows you can use MiniTool Partition Wizard on linux just use GParted. You can shrink main partition and create second with ext4 or ext3 file system.

  • Enable SSH in Administration > System > Enable SSH > LAN Only
  • Log in with Putty on Windows or terminal on Linux toy your router via SSH and run script and put number of tour partition (remember to create ext4). Login and password is the same for admin in web panel.
    entware-setup.sh

  • Install Aria2, lighttpd and certificates to support SSL and php (not necessary for this gui)
    opkg install aria2 ca-bundle ca-certificates lighttpd lighttpd-mod-fastcgi php7-fastcgi
  • Install WEB GUI for Aria2:
    wget -c -O /opt/tmp/webui-aria2.zip https://github.com/ziahamza/webui-aria2/archive/master.zip --no-check-certificate
    unzip /opt/tmp/webui-aria2.zip -d /opt/tmp/
    rm /opt/tmp/webui-aria2.zip
    mv /opt/tmp/webui-aria2-master /opt/share/www/aria2
  • Configure lighttpd for php and port 81:
    sed -i 's/#server.port = 81/server.port = 81/g' "/opt/etc/lighttpd/lighttpd.conf"
    sed -i "/server.upload-dirs*/cserver.upload-dirs = ( \"/opt/tmp\" )" "/opt/etc/lighttpd/lighttpd.conf"
    cat &gt;&gt; /opt/etc/lighttpd/conf.d/30-fastcgi.conf &lt;&lt; EOF server.modules += ( "mod_fastcgi" ) fastcgi.server = ( ".php" =&gt;
    ( "localhost" =&gt;
    ( "socket" =&gt; "/tmp/php-fcgi.sock",
    "bin-path" =&gt; "/opt/bin/php-fcgi",
    "max-procs" =&gt; 1,
    "bin-environment" =&gt;
    ( "PHP_FCGI_CHILDREN" =&gt; "2",
    "PHP_FCGI_MAX_REQUESTS" =&gt; "1000" )
    )
    )
    )
    EOF
  • Edit configuration of Aria2 in /opt/etc/aria2.conf. If you create a small partition with ext4 you should change download directory to main partition (it should be sub-directory for example Downloads):
    dir=/mnt/Partition/Downloads
  • Run aria2 and lighttpd:
    /opt/etc/init.d/S81aria2 start
    /opt/etc/init.d/S80lighttpd start
  • Open in web browser (replace your router address): 192.168.1.1:81/aria2/
  • Configure Secret Token in Settings > Connection Settings > Enter the secret token default token is Passw0rd. Save settings on the bottom.
  • Done. You can download via http(s), ftp(s) and torrents.

Windows 10 black screen and cannot boot after windows update 11.2017 – November 2017

Yesterday i’ve got system updates:

KB4048951
KB4048954
KB4049011

I shut down my computer. Today when i turn it on i’ve got error 0xc0000225. One of them killed my system.
My Windows 10 is 1703 Creators Update.

There is a new version 1709 Fall Creators Update.

To solve it you have to boot computer from usb or cd.
You can download newest image from Microsoft:
https://www.microsoft.com/software-download/windows10
If you have problem you can go to english version, then you can choose language for the iso:
https://www.microsoft.com/en-us/software-download/windows10ISO
For older compilations you have to search in the web.

First try to System Restore point

If that not help you have to run run command line and backup current system registry and thenrestore registry.
Copy from:
C:\Windows\System32\config\RegBack\system
to
C:\WINDOWS\system32\config\system
Commands:
ren C:\WINDOWS\system32\config\system system.bak
cp C:\Windows\System32\config\RegBack\system C:\WINDOWS\system32\config\

Reboot the PC.

Then i’ve got error 0xc0000001
\Windows\system32\drivers\acpi.sys

So boot again from USB and copy the acpu.sys or another file(be sure you have booted from correct version of windows x64 or x86):
Run command line in troubleshoting.
Copy acpi.sys from drive X – this is booted partition image from pendrive. (Or you can grab needed file from antoher computer and copy it from pendrive)
cp X:\Windows\System32\drivers\acpi.sys C:\WINDOWS\system32\drivers\

My computer is working. Enjoy if it helps you.

Windows 7 cannot run apps as admin by UAC prompt

I had a problem with running apps as admin on the administrators accounts (users in group administrators). But not only as admin, nothing happen on every UAC prompt when i click Yes to run. I cannot run any elevated application.

Some time ago i had set auto login on non admin user account via netplwiz.exe and when i disable auto login everything works fine!

Solution is: in netplwiz check box user must enter login and password.

LEDE / OpenWRT NAT and OpenVPN performance on TP-Link TL-WR1043ND V4

Results measured with iperf 3.1.3.
LuCI lede-17.01 branch (git-17.152.82987-7f6fc16)
LEDE Reboot 17.01.2 r3435-65eec8bd5f
WiFi: 40MHz, channel 1, client: Broadcom 802.11ac
WAN connected to 1GBit switch.

TP-Link TL-WR1043ND V4:

  • Chip: Qualcomm Atheros QCA9563
  • CPU Frequency: 750MHz
  • Flash: 16MB
  • RAM: 64MB
  • WiFi: QCA9563 [bgn 3×3:3]
  • LAN Switch: QCA8337N

Stock firmware TL-WR1043ND(EU) V4 3.16.9 Build 20160607 Rel.58297n

WiFi speed is the same on LEDE and stock firmware. To much networks nearby to measure it properly.

WAN to LAN redirected port

[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 40.2 MBytes 337 Mbits/sec
[ 5] 1.00-2.00 sec 42.5 MBytes 356 Mbits/sec
[ 5] 2.00-3.00 sec 42.9 MBytes 360 Mbits/sec
[ 5] 3.00-4.00 sec 42.2 MBytes 354 Mbits/sec
[ 5] 4.00-5.00 sec 40.0 MBytes 335 Mbits/sec
[ 5] 5.00-6.00 sec 42.1 MBytes 354 Mbits/sec
[ 5] 6.00-7.00 sec 43.0 MBytes 360 Mbits/sec
[ 5] 7.00-8.00 sec 42.8 MBytes 359 Mbits/sec
[ 5] 8.00-9.00 sec 41.6 MBytes 349 Mbits/sec
[ 5] 9.00-10.00 sec 43.1 MBytes 361 Mbits/sec
[ 5] 10.00-10.05 sec 1.88 MBytes 349 Mbits/sec

LAN to WAN via NAT

[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 34.2 MBytes 286 Mbits/sec
[ 5] 1.00-2.00 sec 35.4 MBytes 298 Mbits/sec
[ 5] 2.00-3.00 sec 35.2 MBytes 295 Mbits/sec
[ 5] 3.00-4.00 sec 35.8 MBytes 300 Mbits/sec
[ 5] 4.00-5.00 sec 35.8 MBytes 300 Mbits/sec
[ 5] 5.00-6.00 sec 35.8 MBytes 301 Mbits/sec
[ 5] 6.00-7.00 sec 35.7 MBytes 300 Mbits/sec
[ 5] 7.00-8.00 sec 34.8 MBytes 292 Mbits/sec
[ 5] 8.00-9.00 sec 35.7 MBytes 300 Mbits/sec
[ 5] 9.00-10.00 sec 35.6 MBytes 299 Mbits/sec
[ 5] 10.00-10.05 sec 1.78 MBytes 300 Mbits/sec

LEDE 17.01.2 r3435-65eec8bd5f

On the LEDE Reboot 17.01.2 r3435-65eec8bd5f i ve got better results from WAN to LAN and reverse option in iperf:

WAN to LAN redirected port

via nat is ~370Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 51.6 MBytes 432 Mbits/sec
[ 4] 1.00-2.00 sec 53.5 MBytes 449 Mbits/sec
[ 4] 2.00-3.00 sec 52.4 MBytes 439 Mbits/sec
[ 4] 3.00-4.00 sec 53.1 MBytes 445 Mbits/sec
[ 4] 4.00-5.00 sec 51.4 MBytes 432 Mbits/sec
[ 4] 5.00-6.00 sec 52.8 MBytes 443 Mbits/sec
[ 4] 6.00-7.00 sec 52.2 MBytes 438 Mbits/sec
[ 4] 7.00-8.00 sec 50.6 MBytes 425 Mbits/sec
[ 4] 8.00-9.00 sec 49.9 MBytes 418 Mbits/sec
[ 4] 9.00-10.00 sec 50.5 MBytes 424 Mbits/sec

LAN to WAN via NAT

[ 5] 0.00-1.00 sec 37.4 MBytes 314 Mbits/sec
[ 5] 1.00-2.00 sec 39.8 MBytes 334 Mbits/sec
[ 5] 2.00-3.00 sec 39.5 MBytes 331 Mbits/sec
[ 5] 3.00-4.00 sec 40.3 MBytes 338 Mbits/sec
[ 5] 4.00-5.00 sec 39.0 MBytes 327 Mbits/sec
[ 5] 5.00-6.00 sec 40.1 MBytes 336 Mbits/sec
[ 5] 6.00-7.00 sec 39.1 MBytes 328 Mbits/sec
[ 5] 7.00-8.00 sec 39.9 MBytes 334 Mbits/sec
[ 5] 8.00-9.00 sec 39.0 MBytes 328 Mbits/sec
[ 5] 9.00-10.00 sec 40.4 MBytes 339 Mbits/sec
[ 5] 10.00-10.06 sec 2.28 MBytes 341 Mbits/sec

WiFi (LAN) to WAN via NAT

[ 4] 0.00-1.00 sec 6.88 MBytes 57.7 Mbits/sec
[ 4] 1.00-2.01 sec 6.25 MBytes 52.2 Mbits/sec
[ 4] 2.01-3.01 sec 6.62 MBytes 55.1 Mbits/sec
[ 4] 3.01-4.01 sec 6.75 MBytes 56.9 Mbits/sec
[ 4] 4.01-5.01 sec 6.50 MBytes 54.5 Mbits/sec
[ 4] 5.01-6.01 sec 5.88 MBytes 49.1 Mbits/sec
[ 4] 6.01-7.01 sec 5.88 MBytes 49.3 Mbits/sec
[ 4] 7.01-8.01 sec 5.88 MBytes 49.3 Mbits/sec
[ 4] 8.01-9.01 sec 6.25 MBytes 52.6 Mbits/sec
[ 4] 9.01-10.01 sec 6.00 MBytes 50.2 Mbits/sec

WAN to WiFi (LAN) redirected port

[ 5] 0.00-1.00 sec 7.30 MBytes 61.3 Mbits/sec
[ 5] 1.00-2.00 sec 7.62 MBytes 63.8 Mbits/sec
[ 5] 2.00-3.00 sec 7.53 MBytes 63.1 Mbits/sec
[ 5] 3.00-4.00 sec 7.15 MBytes 60.0 Mbits/sec
[ 5] 4.00-5.00 sec 7.01 MBytes 58.8 Mbits/sec
[ 5] 5.00-6.00 sec 6.95 MBytes 58.3 Mbits/sec
[ 5] 6.00-7.00 sec 7.46 MBytes 62.4 Mbits/sec
[ 5] 7.00-8.00 sec 6.50 MBytes 54.7 Mbits/sec
[ 5] 8.00-9.00 sec 7.25 MBytes 60.8 Mbits/sec
[ 5] 9.00-10.00 sec 7.21 MBytes 60.4 Mbits/sec
[ 5] 10.00-10.07 sec 498 KBytes 58.2 Mbits/sec

LAN to LAN

[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 99.1 MBytes 831 Mbits/sec
[ 4] 1.00-2.00 sec 105 MBytes 880 Mbits/sec
[ 4] 2.00-3.00 sec 109 MBytes 911 Mbits/sec
[ 4] 3.00-4.00 sec 110 MBytes 925 Mbits/sec
[ 4] 4.00-5.00 sec 110 MBytes 921 Mbits/sec
[ 4] 5.00-6.00 sec 110 MBytes 922 Mbits/sec
[ 4] 6.00-7.00 sec 110 MBytes 920 Mbits/sec
[ 4] 7.00-8.00 sec 110 MBytes 924 Mbits/sec
[ 4] 8.00-9.00 sec 110 MBytes 922 Mbits/sec
[ 4] 9.00-10.00 sec 110 MBytes 925 Mbits/sec

WiFi (LAN) to LAN

[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.01 sec 8.88 MBytes 73.8 Mbits/sec
[ 4] 1.01-2.02 sec 9.00 MBytes 75.0 Mbits/sec
[ 4] 2.02-3.01 sec 9.62 MBytes 81.0 Mbits/sec
[ 4] 3.01-4.01 sec 9.00 MBytes 75.9 Mbits/sec
[ 4] 4.01-5.00 sec 9.50 MBytes 80.0 Mbits/sec
[ 4] 5.00-6.00 sec 8.88 MBytes 74.4 Mbits/sec
[ 4] 6.00-7.00 sec 9.38 MBytes 78.9 Mbits/sec
[ 4] 7.00-8.01 sec 9.00 MBytes 74.7 Mbits/sec
[ 4] 8.01-9.01 sec 9.75 MBytes 82.0 Mbits/sec
[ 4] 9.01-10.00 sec 8.62 MBytes 72.6 Mbits/sec

VPN

Cipher AES-256-CBC
dh2048
SSL Certs

WAN via VPN to LAN

[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 2.12 MBytes 17.8 Mbits/sec
[ 4] 1.00-2.00 sec 2.00 MBytes 16.8 Mbits/sec
[ 4] 2.00-3.00 sec 1.88 MBytes 15.7 Mbits/sec
[ 4] 3.00-4.00 sec 1.75 MBytes 14.7 Mbits/sec
[ 4] 4.00-5.00 sec 1.75 MBytes 14.7 Mbits/sec
[ 4] 5.00-6.00 sec 2.00 MBytes 16.8 Mbits/sec
[ 4] 6.00-7.00 sec 2.00 MBytes 16.8 Mbits/sec
[ 4] 7.00-8.00 sec 2.00 MBytes 16.8 Mbits/sec
[ 4] 8.00-9.00 sec 1.75 MBytes 14.7 Mbits/sec
[ 4] 9.00-10.00 sec 1.62 MBytes 13.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 18.9 MBytes 15.8 Mbits/sec sender
[ 4] 0.00-10.00 sec 18.8 MBytes 15.8 Mbits/sec receiver

LAN to VPN via WAN

[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 1.61 MBytes 13.5 Mbits/sec
[ 5] 1.00-2.00 sec 1.63 MBytes 13.7 Mbits/sec
[ 5] 2.00-3.00 sec 1.31 MBytes 11.0 Mbits/sec
[ 5] 3.00-4.00 sec 1.65 MBytes 13.8 Mbits/sec
[ 5] 4.00-5.00 sec 1.71 MBytes 14.3 Mbits/sec
[ 5] 5.00-6.00 sec 1.66 MBytes 13.9 Mbits/sec
[ 5] 6.00-7.00 sec 1.70 MBytes 14.3 Mbits/sec
[ 5] 7.00-8.00 sec 1.26 MBytes 10.6 Mbits/sec
[ 5] 8.00-9.00 sec 1.66 MBytes 13.9 Mbits/sec
[ 5] 9.00-10.00 sec 1.67 MBytes 14.0 Mbits/sec
[ 5] 10.00-10.12 sec 208 KBytes 14.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-10.12 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-10.12 sec 16.1 MBytes 13.3 Mbits/sec receiver