March 5

SophosXG Customization

Mount filesyustem RW,

mount -no remount,rw /

Use vi to edit /scripts/system/clientpref/ and add the lines. This should then look like:

iptables -t mangle -D POSTROUTING -d -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 900
exit 0;

Save the changes and exit vi
Write protect the startup script again:
mount -no remount,ro /

October 6

SophosXG IPsec OpenWrt site-to-site


This post assumes that you have installed all required packages on router.


config conn ‘CONNECTION_NAME’
option enabled ‘1’
option keyexchange ‘ikev2’
option ipsec_type ‘tunnel’
option auto ‘start’
option leftfirewall ‘yes’
option auth ‘psk’
option right ‘REMOTE_VPN_PUBLIC_IP’
option rightfirewall ‘yes’
# option allow_webui ‘1’
option ike_authentication_algorithm ‘sha1’
option ike_dh_group ‘modp1024’
option ikelifetime ‘28800s’
option esp_encryption_algorithm ‘aes128’
option esp_hash_algorithm ‘sha1’
option esp_pfs_group ‘modp1024’
option keylife ‘28800s’
option ike_encryption_algorithm ‘aes256’
option forceencaps ‘yes’
option my_identifier ‘LOCAL_ID’
option rightid ‘REMOTE_ID’
option dpdaction ‘restart’
list leftsubnet ‘LOCAL_LAN/24’
list rightsubnet ‘REMOTE_LAN/24’
# option keep_enabled ‘1’
# option ping_ipaddr ‘’
# option ping_period ’15’

config preshared_keys
option psk_key ‘VERY_LONG_PSK_UP_TO_32_CHARS’
list id_selector ‘LOCAL_ID’
Edit /etc/conf/firewall and add the last line to zone WAN
config zone
option name ‘wan’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option masq ‘1’
option mtu_fix ‘1’
option network ‘wan wan6’
list masq_dest ‘!REMOTE_LAN/24’

Enable and start IPsec

/etc/init.d/ipsec enable

/etc/init.d/ipsec start

Sophos XG



IPsec Policy (low security for low end devices)


September 10

OpenWRT ( +Linux) Bandwith limit per IP

Limit traffic from/to interface named “wl0” for specific IPs.

Replace 10kbit /20kbit according to your needs.


tc qdisc add dev wl0 root handle 1: htb default 12
tc class add dev wl0 parent 1: classid 1:1 htb rate 1000mbit ceil 1000mbit
tc class add dev wl0 parent 1:1 classid 1:10 htb rate 10kbit ceil 20kbit
tc filter add dev wl0 protocol ip parent 1:0 prio 1 u32 match ip src CLIENT IP/32 flowid 1:10
tc filter add dev wl0 protocol ip parent 1:0 prio 1 u32 match ip dst CLIENT/32 flowid 1:10

Limit for the interface

tc qdisc add dev wl0 handle 1: root htb default 11
tc class add dev wl0 parent 1: classid 1:1 htb rate 50kbit
tc class add dev wl0 parent 1:1 classid 1:11 htb rate 50kbit
October 24

Laptop (HP, ASUS etc) high pitch noise.

I tried the solution below and it worked on my HP 450 G4 laptop,

Certain lines of Asus laptops emit an intermittent high-pitched noise resembling an electronic signal.  

The lines affected include the following:
eee PC 1201T

This noise has been variously described as a whirling noise, a chirping noise, a whiney noise, and a screeching noise akin to fingernails on a chalkboard.
This noise can be very irritating and have been the subject of numerous complaints to the company.  The company has not been very responsive to these complaints.
The good news is that there is a fix for this problem.  The process takes less than five minutes.  I’m no expert, but the following is what worked for me.  Follow these directions at your own risk!  If you have a better fix, please let them in the comments for everyone’s benefit.

Step 1.

Click the Windows Start icon, and in the “Search Programs and Files” field type regedit

Step 2.

Navigate to the following folder:

HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Power \PowerSettings \54533251-82be-4824-96c1-47b60b740d00 \5d76a2ca-e8c0-402f-a133-2158492d58ad

Step 3.


Step 4.

On the top of the dialog box it should say DWORD

Step 5.

Change the 1 to a 0

Step 6.

Click on the Windows Start icon.

Go to Control Panel –>Hardware and Sound –>Change Plan Settings (for each plan that you use) –>POWER OPTIONS –>
Advance Power Settings –>Processor Power Management –>Processor Idle Disable

Set both of them to Disable Idle


March 20

VPD is corrupted or Invalid (IBM & Cisco)

Since Lenovo FTP is having issues every now and then, I add here the script(s) to repair the VPD.


Original IBM/Cisco solution


This script must be executed under linux enviroment, for Windows 10 you can also use WSL (Debian)


Note also that the user (default  USERID) has to have S(upervisor) privileges and not O(Operator) under the MM config.



  • ensure you can access the AMM in question via ssh by opening an ssh connection,  ssh [email protected] (where AMMUSER is a user id on the AMM, and x.x.x.x is the ip of the AMM)
  • run the script,  ./SCRIPTNAME (for ex – ./expect-fix-vpd-2014-08-22-release-servo.exp)
  • Follow prompts
  • Open a terminal to the Bladecenter Chassis AMM with the affected switch (telnet or ssh) run info -reload all -T switch[x] where x is the slot number of the switch with the corrupted VPD
  • This should cause the error to go away, but in the event that it does not, you may need to reboot the AMM. If there are 2 Management Modules, pull the secondary, reboot the primary, and then check on the status of the switch again once the AMM is finished refreshing all its information (usually about 2-3 mins after it is available via http or pingable).
  • Upload logfile if the issue is not resolved

If the script seems to exit abnormally, the check to see if VPD values were corrected. If not, re-run script
before opening a support request.



February 6

aDSL-vDSL moder/router for OpenWRT

Λοιπόν μετά από δοκιμές και ελέγχους 3+ μηνών, μπορώ να πω ότι η συσκευή με το Lede δουλεύει μια χαρά και ήδη βρίσκεται από τα Χριστούγεννα στην θέση της λειτουργώντας αδιαλείπτως.

Το αρχικό TD-W8970B που αγοράσθηκε καινούργιο, δεν κατέστη δυνατόν (ότι κι αν δοκίμασα) να δουλέψει σε ADSL από αστικό κέντρο. Μόνο από DSLAM καμπίνας έχει δυνατότητα, όπως αναφέρουν οι πληροφορίες στο διαδίκτυο, εφόσον το DSLAM αυτής εξαρχής υποστηρίζει ταυτόχρονα ADSL/VDSL στην ίδια κάρτα*. Την θέση του πήρε το TD-W8980 που έχει ίδια ακριβώς τεχνικά χαρακτηριστικά και δυνατότητες με επιπλέον την χρήση των 5GHz, που ωστόσο σε Lede/OpenWRT ακόμη (γίνονται προσπάθειες) δεν λειτουργεί το Lantiq WAVE 300 (παρομοίως ισχύει και στο TD-W9980), παρά μόνο το Atheros AR9287 στους 2,4GHz.

Παρόλο που έχει μικρή σχετικά μνήμη 8/64 (Flash/Ram) εν τούτοις πήρε όλες τις επιπλέον εφαρμογές που χρειαζόμουν (DDNS, OpenVPN, SQM QoS και p910nd). Φυσικά δεν μένει χώρος, σε περίπτωση που χρειασθεί αναβάθμιση των πακέτων που έχει, οπότε είτε θα γίνεται αναβάθμιση του image (όταν υπάρχει νέο) είτε χρήση extroot κι εξωτερικού USB.


ENG: Bottom line, TD-W8980 can work for both aDSL and vDSL, but TD-W8970B wil work on vDSL and in some cases in aDSL if its connected to DSLAM cabin .


Για όποιον ενδιαφέρεται παρακάτω έχω τις ρυθμίσεις του Network και των Interfaces, ώστε να δουλεύει η συσκευή ανάλογα την επιθυμητή κατάσταση:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config globals 'globals'
	option ula_prefix 'XXXX:XXXX:XXXX::/48'

config atm-bridge 'atm'
	option encaps 'llc'
	option payload 'bridged'
	option vci '35'
	option vpi '8'

config dsl 'dsl'
	option xfer_mode 'atm'
	option line_mode 'adsl'
	option firmware '/lib/firmware/lantiq-vrx200-a.bin'
	option annex 'a'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask ''
	option ip6assign '60'
	option ipaddr ''

config interface 'wan'
	option proto 'pppoe'
	option _orig_bridge 'false'
	option ifname 'nas0'
	option username 'ΧΧΧΧΧΧ'
	option password 'ΧΧΧΧΧΧ'
	option ipv6 'auto'
	option mtu '1492'

config device 'wan_dev'
	option name 'nas0'
	option macaddr 'ΧΧ:ΧΧ:ΧΧ:ΧΧ:ΧΧ:ΧΧ'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 2 4 5 6t'

Στο ADSL τα Annexes A/Β, αναφέρονται σε συνδέσεις πάνω από τηλεφωνική γραμμή POTS και ISDN αντίστοιχα. Σε αυτά έχουμε:
α. Στο Annex A, η τηλεφωνία χρησιμοποιεί τις χαμηλές συχνότητες έως 4kHz και το DSL σήμα τις υψηλότερες συχνότητες 25kHz-22MHz, χωρισμένες σε 2 περιοχές (από 1 σε US και DS).
β. Στο Annex Β, η τηλεφωνία χρησιμοποιεί τις χαμηλές συχνότητες έως 120kHz και το DSL σήμα τις υψηλότερες συχνότητες 138kHz-22MHz, χωρισμένες σε 2 περιοχές (από 1 σε US και DS).

Στο VDSL τα Annexes A/B, αναφέρονται στη φασματική περιοχή (US/DS) και τις μάσκες (PSD) που χρησιμοποιούνται στα διάφορα προφίλ σε Αμερική (Annex A) και Ευρώπη (Annex B). Υπάρχουν και άλλα Annexes, είτε ήδη καταχωρημένα σε άλλες περιοχές/χώρες, είτε δεσμευμένα για μελλοντική απόδοση.
Και στο VDSL μπορούμε να έχουμε τηλεφωνία POTS ή ISDN, με τις ανάλογες χαμηλές συχνότητες με του ADSL, αλλά εδώ οι υψηλές συχνότητες του DSL (έως 35MHz) χωρίζονται σε 6 περιοχές (από 3 σε US και DS).
Επομένως το Annex του VDSL είναι άσχετο με την τηλεφωνία και από τις καμπίνες έχουμε συγχρονισμό πάντα σε Β (δεν συμβαίνει πάντα το ίδιο από αστικό κέντρο), ανεξάρτητα το είδος τηλεφωνίας που λαμβάνουμε.

Source (
Credits (jkoukos)
September 18

OpenWRT on TD-W8970B v1

Initial installation

Part #1 Enable root access

Steps to access the linux shell using telnet for the TD-W8970 v1 firmware version0.6.0 2.12 v000c.0 Build 140613 Rel.31066n. Without opening the router physically.

  1. Login to the router web ui at Take backup of the router configuration conf.bin(Keep one copy safely incase you screw up things!)

  2. download tplink configuration encrypter/decrypter tool from the link below. (Thanks ejs1920 for making this tool)

  3. Launch the program StatPOSTer-20160306.jar

  4. Select the router as TD-w8970v1 and click on decrypt button in the program and select the config file you saved in the step1

  5. Save the decrypted conf.xml

  6. Open the the decrypted conf.xml in notepad(would suggest to keep backup of this file just in case)

  7. Add the xml tag  after the xml node SerialNumber and save it.

    <Description val="TD-W8970 v1`telnetd -p 1023 -l login`" />

  8. Click the encrypt button, select the modified config, save as conf_modified.bin

  9. Login to the router web ui at and upload the new conf_modified.bin. And let the router reboot.

  10. Router will reboot and have TD-W8970 v1`telnetd -p 1023 -l login` at the top, this is expected.

  11. Telnet to (using putty or something like it) at port 1023
  12. Enter the user name as admin and password as 1234 (Looks like some sort of backdoor, there goes my peace of mind!)
  13. You are ready to go and have access to linux shell.

Part #2 Install OpenWRT

(Filenames do not much, so download the firmware and rename it )


How to backup original firmware and install openwrt without opening the case

You will need:

1) a usb stick/thumb drive formatted as vfat/msdos
2) PC connected to TD-W8970 v 1 running original firmware either by wire or wireless
3) Telent and dd installed on the PC

Prepare the openwrt images on PC

Download the official 15.05 relese of openwrt-lantiq-xrx200-TDW8970-sysupgrade.image and run the following commnad:

dd if=openwrt-lantiq-xrx200-TDW8970-sysupgrade.image bs=1310720 skip=1 of=openwrt-lantiq-xrx200-TDW8970-sysupgrade-1.image

Create folder td-w8970 on your usb stick/thumb drive then copy these two files over the newly created folder. Unmount/eject the usb stick and plug it into the usb port on the back of TD-W8970.

Backup the original firmware
Open telnet and connect to with login/password both as admin. Type sh after logging successfully. Run the following command to backup:

cat /dev/mtd0 > /var/usbdisk/sda1/td-w8970/mtd0
cat /dev/mtd1 > /var/usbdisk/sda1/td-w8970/mtd1
cat /dev/mtd2 > /var/usbdisk/sda1/td-w8970/mtd2
cat /dev/mtd3 > /var/usbdisk/sda1/td-w8970/mtd3
cat /dev/mtd4 > /var/usbdisk/sda1/td-w8970/mtd4
cat /dev/mtd5 > /var/usbdisk/sda1/td-w8970/mtd5
cat /dev/mtd6 > /var/usbdisk/sda1/td-w8970/mtd6

Verify the size of mtd1 file on the usb stick by executing the following command:

ls -l /var/usbdisk/sda1/td-w8970/mtd1

If the size is 1310720 you can go ahead with installing openwrt otherwise go back to “Prepare the openwrt images on PC” and replace 1310720 by the actual size in the dd command.

Install openwrt
Run the following command

cat /var/usbdisk/sda1/td-w8970/openwrt-lantiq-xrx200-TDW8970-sysupgrade.image > /dev/mtdblock1
cat /var/usbdisk/sda1/td-w8970/openwrt-lantiq-xrx200-TDW8970-sysupgrade-1.image > /dev/mtdblock2

Reboot router afterwards.


On some ISPs (ex Greek Wind) you need to change the PPPoE dial interface from pto0 to pto0.835,

as 835 is the deault VLAN that Wind is using.



April 6

HP DV7 Series BIOS and PCID

If you come across a corrupted BIOS or a bad flash of an HP DV4/5/6/7, you may see the error System Board (00A)

Usually you can fix it with the HP DMI Tools from HP (HPBQ138.exe) , but in some cases the PCID is not 25 chars but 17. This come with the error below…

The input PCID is invalid





The tools here are the old versions which allows to edit the DMI to 17 chars

HP DMI Tools

P.S. You will need a MS/Free/Mini-DOS bootable USB disk, and then copy the files

to the flash drive.


HP reference documentation

HP Consumer Notebook EEPROM utility