Cleanup

docs/adg.md

@@ -1,3 +1,5 @@
+###Due to popular request and leak-proof DNS, ADGH is the default DNS server.
+
 ##AdGuard Home is a local network-wide advertising blocker
 
 *How to enable adblocking*
@@ -10,4 +12,3 @@
 - You can change password in the configuration tab.
 
 
-###Due to popular request and leak-proof DNS, ADGH is the default DNS server.

docs/assets/engarde/user-data.txt

@@ -12,6 +12,10 @@ runcmd:
   - systemctl disable ssh
   - systemctl stop ssh
   - ufw disable
+  - iptables -P INPUT ACCEPT
+  - iptables -P OUTPUT ACCEPT
+  - iptables -P FORWARD ACCEPT
+  - iptables -F
   - SERVER_PUB_NIC=$(ip route | awk 'NR==1{print$5}') #Default route is first line _usually_
   - printf $Password | openssl dgst -binary -sha256 | openssl base64 -A > /root/private-key
   - ckey=$(cat /root/private-key | openssl dgst -binary -sha256 | openssl base64 -A)

docs/assets/tinyfec/user-data.txt

@@ -10,6 +10,10 @@ runcmd:
   - systemctl disable ssh
   - systemctl stop ssh
   - ufw disable
+  - iptables -P INPUT ACCEPT
+  - iptables -P OUTPUT ACCEPT
+  - iptables -P FORWARD ACCEPT
+  - iptables -F
   - SERVER_PUB_NIC=$(ip route | awk 'NR==1{print$5}') #Default route is first line _usually_
   - ip address add dev wg0 10.202.0.1 peer 10.202.0.2
   - wget https://github.com/SmoothWAN/tinyfecVPN/releases/download/master/tinyvpn_amd64 -O /usr/bin/tinyvpn

docs/devl.md

@@ -7,8 +7,9 @@ _**Quick build hints**_
     - Compiled image is in `bin/...` 
 
 
-??? note "Gl.iNet Slate AX / Flint"
+??? note "Gl.iNet Slate AX / Flint (no longer possible - repo is down)"
 
+    - For v1.0 and above follow the the Pi/PC instructions instead.
     - `git clone https://github.com/gl-inet/gl-infra-builder.git` 
     - `sudo apt install build-essential clang flex g++ gawk gcc-multilib gettext \
     git libncurses5-dev libssl-dev python3-distutils rsync unzip zlib1g-dev \
@@ -25,44 +26,21 @@ _**Quick build hints**_
     - `make -j20 V=sc` 
     - Compiled image is in `bin/targets/ipq...` 
 
-
-??? note "NanoPi R6S"
-    - Replace ~/build with a directory of your choice (builds outside docker)
-    - `docker run --name ubuntu18 --privileged -it -v ~/build:/work ubuntu:18.04 bash`
-    - Note! to resume after exit do:
-    - `docker start ubuntu18`
-    - `docker exec -it ubuntu18 bash`
-    - Continue:
-    - `apt update && apt install git python build-essential clang flex bison g++ gawk gcc-multilib g++-multilib gettext git libncurses5-dev libssl-dev python3-distutils rsync unzip zlib1g-dev file wget`
-    - `cd /work && mkdir friendlywrt21-rk3588`
-    - `git clone https://github.com/friendlyarm/repo --depth 1 tools`
-    - `git config --global user.email "[email protected]"`
-    - `git config --global user.name "anon"`
-    - `tools/repo init -u https://github.com/friendlyarm/friendlywrt_manifests -b master-v21.02 -m rk3588.xml --repo-url=https://github.com/friendlyarm/repo  --no-clone-bundle`
-    - Press Enter
-    - `tools/repo sync -c  --no-clone-bundle`
-    - `cd friendlywrt && git clone https://github.com/SmoothWAN/SmoothWAN.git && mkdir smoothwan-feeds`
-    - `cd SmoothWAN && git checkout npi-r6s && cp -rP devconfigs/npir6s/. .. && cp -rP packages/. ../smoothwan-feeds && cd ..`
-    - `sh sideload-glibc.sh`
-    - `./scripts/feeds update -a`
-    - `./scripts/feeds install -a`
-    - `FORCE_UNSAFE_CONFIGURE=1 make -j16` (reduce -j16 to -j8 for <10GB RAM)
-    - Run on fresh start only:
-    - `./build.sh uboot && ./build.sh kernel`
-    - Create the image, use emmc-img for flashable EMMC.
-    - `cd .. && ./build.sh sd-img` 
-    - Compiled image is in `out` folder, you can use your file browser to access the folder assigned in the first step.
 
 **Notes:**  
 
 - For compiling SmoothWAN packages, compile `smoothwan-feeds` with OpenWRT build system.
-- Pre-compiled packages are included for easy customization, quick builds and imagebuilder-only setup.<br>  
+
+- Pre-compiled packages are included for easy customization, quick builds and imagebuilder-only setup.
+
 - GL.iNet builds are full-builds and require comprehensive setup. More at: https://github.com/gl-inet/gl-infra-builder   
-* `glibc` is included from Debian Buster for running Speedify on `musl` built OpenWrt. Lib included: `libc6_2.31-13+deb11u2`, and `libgcc1_8.3.0-6_armhf` for armv7. 
+
+- `glibc` is included from Debian Buster for running Speedify on `musl` built OpenWrt. Lib included: `libc6_2.31-13+deb11u2`, and `libgcc1_8.3.0-6_armhf` for armv7. 
 Binaries are sideloaded during build. Check `sideload-glibc.sh` for sources.
+
 - All binaries are generated on Github Actions
     - Engarde : <https://github.com/SmoothWAN/engarde>
     - TinyFEC : <https://github.com/SmoothWAN/tinyfecVPN>
     - ntopng : <https://github.com/SmoothWAN/SmoothWAN-chroot-imagebuilder>
-- SmoothWAN images GH Actions builds TBD
+
 

docs/faq.md

@@ -1,30 +1,29 @@
-<h1>Work in progress</h1>
-<h2>I'm currently collecting frequently asked questions...</h2>
 
 ## Common issues
 
 ### Unable to save changes - "Restart Speedify" visible - "Login button" invisible
+
 Make sure to add the web address to your ad-blocker whitelist.
+Speedify may have crashed or stopped working.
 
 ### Speedify did not detect internet/WAN not visible
+
 An interface name that starts with "br-" prefix is ignored.
 
 ### Speedify bypass (domain based) not working with PPPoE interfaces
-As of 12.6, Speedify seems to use the gateway of each WAN as the DNS resolve for bypass, this issue is common with PPPoE and providers offering alternate DNS servers   
-No workarounds yet.  
-Use VPN Policy Based Routing in the meantime.
+
+As of Speedify version 12.6, Speedify seems to use the gateway of each WAN as the DNS resolver for bypass.
+No workarounds yet, this may have been fixed in future versions.
+You can use VPN Policy Based Routing as an alternative.
 
 ### Speedify installer issues
-Possible remedies:  
 
 - Wait around a minute on fresh start or after plugging in single WAN to synchronize date/time  
+- Reboot after first boot or check the date/time in System
 - Use the best quality WAN during installation  
-- Reboot after first boot  
-- Submit an issue.  
 
-### Internet connectivity issue on PC/x86 build
+### Internet connectivity issue on Intel/AMD build
+
 Depending on the hardware and how interfaces are brought up, OpenWRT may create a default WAN interface on first boot as `WAN` and `WAN_6`.
 Delete these interfaces in _Network -> Interfaces_ and restart.
 
-### SQM QoS affecting performance
-Unequal link bonding adds artificial latency and buffer, it's recommended to disable SQM or add 20% of total aggregated speed in shaper for QoS related functions only such as per-host distribution, diffserv, and etc.

docs/features.md

@@ -1,7 +1,7 @@
 [-> Upcoming features <-](https://github.com/TalalMash/SmoothWAN/projects/1)  
 
 - Preset network configuration for various hardware
-- Use [your own VPN](https://smoothwan.com/vpn/) on top of Speedify/Engarde/TinyFEC.
+- Use [your own VPN](vpn) on top of Speedify/Engarde/TinyFEC.
 - Unique interface naming for USB network devices to preserve data caps and statistics.
 - Speedify installer, auto-update and version selection
 - Bypass Speedify with selective WAN for local devices/ports/domains using [Split-tunnling](wanbyp), or using Speedify's internal bypass function with a web app for adaptive WAN selection using data caps and other conditions, utilizing `speedify_cli`
@@ -17,6 +17,6 @@
 - One-click cloud-init script for setting up Engarde & TinyFEC VPN in cloud
 - BitTorrent detection log showing client IP addresses (needed for non-P2P Speedify servers)
 - Per-client (LAN) bandwidth limiter [EQoS](https://github.com/Huangjoe123/luci-app-eqos)
-- Auto expand storage to physical free space on PC/Pi/BPi
-- Working Speedify captive portal login per WAN (locked resolv.conf)
+- Auto expand storage to physical free space on PC/Pi
+- Working Speedify captive portal login per WAN
 - IPv6 ready

docs/flint.md

@@ -2,5 +2,5 @@
 ![](assets/flintports.png)
 
 ## 802.11k/v/s/r Support
-GL.iNet `wpad` is stripped, force update from OpenWrt official server after installation and reboot:  
+For versions below 0.99.9 GL.iNet `wpad` is stripped, force update from OpenWrt official server after installation and reboot:  
 `opkg update && opkg remove wpad-openssl && opkg install wpad-openssl --force-overwrite`

docs/hostqos.md

@@ -6,7 +6,8 @@
 1. In ingress textbox add `diffserv4 nat dual-dsthost ingress` & in egress: `diffserv4 nat dual-srchost ack-filter`
 1. _Save & Apply_, changes are effective immediately.
 
-Tip: 
+## Tips
+
 * Reduce the additional 20% added if there is no effect in small increments, test the results by downloading a large file with parallel sockets (download accelerator or speed test) on two clients with a 10 second delay before starting the download on the second client, both should show the speed each at ~50% of the total aggregate speed.   
 
 * Without this setup, the delayed client will use 1/4th or so without host isolation shaping unless both clients (TCP) start at the same time due to bursty throughput, the effect is less noticable with near servers (less than 30ms delay).  

docs/index.md

@@ -1,3 +1,6 @@
+**[Donate to Parrot Rescue Lebanon 🦜](https://gofund.me/63163a6c)**  
+
+
 <img src="https://user-images.githubusercontent.com/96490382/185179903-4cbac04d-d0f7-47e2-b81a-167803205d33.png" width="800"/>
 
 ## Internet bonding router with seamless failover using Speedify 

docs/intinstall.md

@@ -1,7 +1,7 @@
 ## Description
 Install SmoothWAN to an internal (non-removable) disk such as a laptop.
 
-Warning: All data will be lost.
+*Warning: All data will be lost.*
 
 ## Instructions
 After running SmoothWAN with the [Quick Setup](rpi4.md) instructions using a USB flash drive with a working internet connection, log-in to the Web UI:

docs/macvlan.md

@@ -1,4 +1,4 @@
-<img src="https://raw.githubusercontent.com/TalalMash/SmoothWAN-web/main/macvlan.svg">  
+<img src="https://raw.githubusercontent.com/TalalMash/SmoothWAN-web/main/macvlan.svg" >  
 
 - Device type: MACVLAN
 - Base device: br-lan
@@ -15,6 +15,7 @@
 
 **Diagnostics:**  
 * (Simple) Microsoft Rogue DHCP Checker should show one DHCP server:    
-<img src="https://user-images.githubusercontent.com/96490382/167432465-d0816b39-ddb1-43fd-9925-916f05284f67.png" width=300px/>    
+<img src="https://user-images.githubusercontent.com/96490382/167432465-d0816b39-ddb1-43fd-9925-916f05284f67.png" style="border:6px solid #d2ccf1;max-height:300px"/>    
+
 
 * (Advanced) For Linux/MacOS, disconnect SmoothWAN, disconnect client from network, listen on broadcast with Wireshark, connect client to network, observe for any DHCP message, there should be a single source.

docs/modemtethr.md

@@ -1,6 +1,6 @@
 ## USB Modems
 
-Modems using RNDIS or "virtual Ethernet adapter" are supported. 
+Modems using RNDIS or "virtual Ethernet adapter" are easier to setup. 
 
 Suggested models:
 

docs/proxmox.md

@@ -1,5 +1,5 @@
 ## Installation using Proxmox
-### Using Proxmox in VMware as a demo
+
 Application: Running SmoothWAN alongside Ubuntu/Windows or containers.
 
 - Download the VMDK image from the [release](https://github.com/TalalMash/SmoothWAN/releases) page.

docs/rpi4.md

@@ -5,13 +5,13 @@
 ### Troubleshooting
 
 ## Restarting on large downloads or livestream test
-Indicates poor power supply, use the official RPi power supply or a 5.3V adapter and a USB-PD Type-C cable.**
+Indicates poor power supply, use the official RPi power supply or a 5.3V adapter and a USB-PD Type-C cable.
 
 ## Red LED flashing erratically
-Indicates poor power supply.**
+Indicates poor power supply.
 
 ## Unable to connect to "SmoothWAN Setup" SSID
 Setup in close proximity to the Pi, signal is not an indicator to use.  
 Cause: RPi's internal Wi-Fi "ACK-drop" interval is very short and not adjustable.
 
-** For stability, you can reduce power consumption as well as performance (~180-Mbit) by editing `config.txt` in SD and adding `arm_freq=1000` at the end of the file.
+For maximum stability, you can reduce power consumption as well as performance (~180-Mbit) by editing `config.txt` in SD and adding `arm_freq=1000` at the end of the file.

docs/slate.md

@@ -9,8 +9,8 @@ Make sure that you have installed the Slate AX image, the Flint image works with
 
 ## Slate AX Wi-Fi scan results empty (Only in version 0.99.8)
 Disable existing AP/configurations (click Disable buttons) before scanning.  
-This issue was fixed in v0.99.
+This issue was fixed in version 0.99.x
 
 ## 802.11k/v/s/r Support
-GL.iNet `wpad` is stripped, force update from OpenWrt official server after installation and reboot:  
+For versions below 0.99.9 GL.iNet `wpad` is stripped, force update from OpenWrt official server after installation and reboot:  
 `opkg update && opkg remove wpad-openssl && opkg install wpad-openssl --force-overwrite`

docs/sponsors.md

@@ -1,9 +1,9 @@
 
+- Testing, feedback & donations from users 
 - OpenWRT and LuCI  
-- Speedify for providing cross-platform static binaries with almost no dependencies  
-- GL.iNet for providing complete and functional build environment  
-- Engarde and TinyFEC VPN!
-- Testing and feedback from users 
+- Speedify support
+- [Engarde (by porech)](https://github.com/porech/engarde)
+- [TinyFEC VPN (by wangyu-)](https://github.com/wangyu-/tinyfecVPN)
 
 ***
 

docs/tail.md

@@ -1,15 +1,15 @@
 **Access to devices connected to your home network remotely (e.g old security system, automation, NAS)**
 ## Setup after installing Speedify or setting up a WAN
-<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/1.webp"/>  
+<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/1.webp" style="border:6px solid #d2ccf1;max-height:300px"/>  
 
 Log result should be similar to:  
-<img src="https://user-images.githubusercontent.com/96490382/156564555-812292a4-2932-47f4-b2bb-10f652cd2e01.png"/>  
+<img src="https://user-images.githubusercontent.com/96490382/156564555-812292a4-2932-47f4-b2bb-10f652cd2e01.png" style="border:6px solid #d2ccf1;max-height:300px"/>  
 Visit: http://172.17.17.2:8088/ to login/signup to Tailscale.  
 
-After a successful login, visit: https://login.tailscale.com/admin/machines and toggle settings as the following:  
-<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/3.webp" width="600"/>  
-<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/4.webp"/>  
-<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/5.webp" width="600"/>  
+After a successful login, visit: [Tailscale admin page](https://login.tailscale.com/admin/machines) and toggle settings as the following:  
+<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/3.webp" style="border:6px solid #d2ccf1;max-height:300px"/>  
+<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/4.webp" style="border:6px solid #d2ccf1;max-height:300px"/>  
+<img src="https://github.com/TalalMash/smoothwan-feeds/raw/main/luci-app-tailscaleconf/root/www/luci-static/resources/view/tailscaleconf/5.webp" style="border:6px solid #d2ccf1;max-height:300px"/>  
 
 ***
 

docs/tinyfec.md

@@ -2,10 +2,9 @@
 - [TinyFEC VPN (by wangyu-)](https://github.com/wangyu-/tinyfecVPN): A VPN Designed for Lossy Links, with built-in Forward Error Correction (FEC). Improves your network quality on a high-latency lossy link.
 - Corrects a single internet source (WAN) only.
 - Improves network speed on lossy internet connections by sending redundant packets.
-- Low goodput on high throughput connections due to the redundancy, however dynamic adjustment is tuned.
+- Low goodput on high throughput connections due to the redundancy, however dynamic adjustment is enabled.
 - Dynamic adjustment increases/decreases redundant packets on packet loss levels to reduce bandwidth waste.
-- Latency variations and high latency is a side effect of correcting packet loss.
-- Significant performance improvements are noticeable with TCP connections and DNS queries.
+- Significant performance improvements are noticeable with single TCP connections and browsing responsiveness.
 - Processing intensive, requiring 3.0Ghz Intel/AMD router and server for >100Mbit speeds.
 
 ***

docs/tips.md

@@ -3,16 +3,20 @@
 
 Connect the Type-C port on the Pi to your PC/Camera, it will automatically tether the internet over Speedify.
 
-Windows requires an [additional driver](https://github.com/dukelec/mb/raw/master/doc/win_driver/mod-duo-rndis.zip).
+For 0.99.9HF5 and below Windows requires an [additional driver](https://github.com/dukelec/mb/raw/master/doc/win_driver/mod-duo-rndis.zip).
 
 ### Identifying client using P2P or BitTorrent
 
 ![](assets/p2p.jpg){: style="max-height:700px;border:6px solid #d2ccf1;"}
 
-### Cannot connect to Wi-Fi 2.4Ghz client (Wireless WAN)
+### Issues with Wi-Fi 2.4Ghz clients (Wireless WAN)
 
 Check for connected USB 3.0+ devices as it's a [common issue with 2.4Ghz Wi-Fi](https://en.wikipedia.org/wiki/USB_3.0#Issues)
 
+## Bridging a Wi-Fi SSID to an ethernet port
+
+Create a new bridge, and move the port from LAN/WAN to the new bridge, then select the bridge in Interfaces -> Wireless -> Edit -> Network.
+
 ### Quick VLAN setup
 
 Assuming ISP modem is plugged at trunk #1 on the managed switch:  
@@ -28,14 +32,14 @@ Assuming ISP modem is plugged at trunk #1 on the managed switch:
 
 Set Firewall zone to RED, and gateway metric to `200` or more.
 
-### Reduce bufferbloat - Gaming (less bandwidth gain)
+### Reduceing bufferbloat for gaming
 * Set one WAN as "Primary", preferably the landline or the lowest latency, others as "Secondary".    
 * Set transport mode to UDP, and rate limit each to 70% of max speed.  
 * Optionally set mode to redundant.
-* Engarde may perform better than Speedify in this case but requires limiting the speed per WAN via SQM which may hinder throughput.
+* Engarde may perform better than Speedify in this case but will use significantly more bandwidth.
 
 *Ping (ICMP) is not a good measure, in "Streaming mode" detected flows are optimized and use a different path (redundant - low buffer). Use in-game latency indicators.*   
-*Speedify UDP mode is sensitive to software & hardware interrupts under load, requires a PC instead of Slate/Flint >30Mbit or Pi4 >80Mbit to control bufferbloat to a minimum (~10%)*
+*Speedify UDP mode seems to require powerful hardware to control bufferbloat to a minimum (~10%), use an Intel/AMD router.*
 
 ### Hide interface or WAN from Speedify
 

docs/tsthw.md

@@ -1,3 +1,4 @@
+*Note for PCs: USB flash drives are not recommended [#109](https://github.com/SmoothWAN/SmoothWAN/discussions/109), use SD card with USB reader if there is no internal storage.*
 
 ### USB Ethernet Adapter
 **Not recommended:**  
@@ -15,7 +16,6 @@
 * Unmanaged NETGEAR GS108UK
 * Unmanaged ~8 USD TOTOLINK S808G
 
-#### Note for PCs: USB flash drives are not recommended [#109](https://github.com/SmoothWAN/SmoothWAN/discussions/109), use SD card with USB reader if there is no internal storage.
 
 ***
 

docs/vpn.md

@@ -36,7 +36,7 @@ Setup your VPN as you would in any OpenWrt router, many VPN providers provide in
 7. *Save and Apply*, confirm that your IP address has changed from the bypassed clients.
 8. Done! For IPv6 users, you will have to use MAC addresses instead (TODO: Guide).
 
-To tunnel specific clients/IP addresses to the VPN, treat the VPN interface as a WAN, and follow the steps in ![Bypass clients to a specific WAN](wanbyp.md) instead of this guide.
+To tunnel specific clients/IP addresses to the VPN, treat the VPN interface as a WAN, and follow the steps in [Bypass clients to a specific WAN](wanbyp.md) instead of this guide.
 
 Never share the same routing table number `BYP` with other WANs/VPNs.
 Note that some VPN providers throttle multi-hop/cascading setups.