Custom firmware build for R9000

71 posts / 0 new
Last post
Voxel
Voxel's picture
Custom firmware build for R9000
Voxel
Voxel's picture
Just FYI:

Just FYI:
 

https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-...

Second release with hardware acceleration of OpenSSL.

Voxel.

johnathonm
johnathonm's picture
Voxel,

Voxel,

Some constructive criticism of your work. Your firmware and development efforts are greatly appreciated by both myself and the community, however I have to call attention to a discontinuity in your work. You have, in addition to the firmware, written a 10 page plus guide to your firmware, which is great, However, you neglected or refuse (in my experience), to include what would be no more than maybe a dozen bullet points the steps to clearly setup and configure ssh. The outsourcing to an incomplete forum post does not address the issue long term, further the instructions are unclear and missing steps. I am sure you have people who know how to do this without hand holding but unfortunately I am a user who comes from firmware’s where ssh was configured as part of the build. That shouldn’t be the users job when it can be part of the compiling and solve it once and for all. I am sure it would not be a leap of faith for me to assume that you could configure your firmware to work with ssh clients out of the box like every other major firmware distribution, if not, your instructions as they stand are abysmal and reflect utterly poorly on what is stellar work. It’s not Eliz82’s job to do your job and her instructions had very sizeale gaps. You took the time to write a manual, to compile the firmware in special ways, why cut this corner? It is an important one and your cutting corners here leaves me befuddled.

I am sure you are not happy right now but understand this is constructive criticism and not destructive. I am a professor and would be as direct with them as I am you but I fail to grasp this discontinuity.

 

Dr. J

Voxel
Voxel's picture
Dear Dr. J,
Dear Dr. J,
 
I accept any constructive criticism of course. It is just common sense to do not close eyes on drawbacks if any in my firmware. I am sorry if you feel that your request for a help was refused by me. As you can see here and in SNB forums I always try to help people. But I am not Netgear support service, I am private person and these custom builds of firmware are my hobby. Hobby started because of dissatisfaction of stock firmware. So I cannot provide 24/7/365 support for people who ask me for a help: my job (scientific job, colleague) requires a lot of my time too.  When you published your questions in SNB forums I was abroad w/o any access to computer and with only mobile phone and very poor Internet connection, i.e. my possibility to just type a message were almost nullified. So it is why I suggested you to press BROWSE button being on my site to get setssh.tar and to contact Eliz82, when other community members liked her instruction re: how to setup ssh access vs instruction in my README.
 
Regarding your disappointment of SSH setup in my build: please take into account that I do use GPL source codes from Netgear to keep all advantages of a stock firmware, such as hardware accelerated NAT, Plex, etc. adding my own improvements (hardware acceleration of OpenSSL, OpenVPN client, bug corrections, closing security holes, renewal of obsolete packages etc). And I have to use some from Netgear’s components “as-is” because they are distributed by Netgear in prebuilt form, w/o source codes. One of this component is WebGUI. So I am practically unable to add such stuffs as “Set SSH” dialog into GUI. And I have to use such tricks you dislike.
 
On the other hand, 95 per cents of  users of my firmware do not need any SSH access to router, but rest 5 per cents (in my supposition) are advanced users who are in touch with Linux and it’s console management so such basic stuffs as setting SSH authorization by keys, keys generation, etc. should be known for them. When I involve my students and postgraduates to my work I imply they have some knowledge of basic stuffs needed for our common research. If not, I require them as a homework to study first what they miss using material available in Internet (google, Wikipedia, man pages). For example if they need an access to supercomputer I require them self-studying such SSH specific as authorization by keys, but I do not refuse to help in every concrete case.
 
OK, if you still have problems with getting ssh access to your router, you can contact me in P.M. Better in SNB forum, because this forum has limited number of messages and my mailbox is almost full.
 
Voxel.
 
johnathonm
johnathonm's picture
Voxel,

Voxel,

 

Will do, and please, understand tone is lost on here. I think what you are doing is awesome and your guide is fantastic. I will send you a  PM over on SNB.

 

-JM

MyOpenRouter Team
MyOpenRouter Team's picture
Hi everyone -- we increased

Hi everyone -- we increased the private message limit for everyone.  Voxel and JM, let me know if this helps!

Voxel
Voxel's picture
Hi everyone -- we increased

Hi everyone -- we increased the private message limit for everyone.  Voxel and JM, let me know if this helps!
 

Thanks, much better. Could you please also think over possibility of editing already published posts?

Voxel.
 

 

MyOpenRouter Team
MyOpenRouter Team's picture
Thanks Voxel, we appreciate

Thanks Voxel, we appreciate the feedback on this. We can't turn this on for all members at this time but we're always looking at ways to improve the experience for everyone.

semiazas
semiazas's picture
Hi Voxel, awesome stuff.

Hi Voxel, awesome stuff.  Thanks so much for your skull sweat making this possible.  You've got at least one more fan that understands that doing this for us, for free, in no way obligates you.  In the words of an open-source mentor of mine, if it breaks I get to keep both pieces.

Voxel
Voxel's picture
;-)
Voxel
Voxel's picture
Just FYI:
Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.46HF/1.0.2.46HF-HW).

Changes (vs 1.0.2.45HF):
1. OpenSSL is upgraded 1.0.2l->1.0.2m. Fixes (OpenSSL changelog):
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736).
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735).
2. Changes in OpenVPN client:
* Now Power LED is blinking if router fails to connect to OpenVPN server.
* "--cd $OPENVPN_CONF_DIR" option is added to startup script.
3. Bug in openvpn-easy-rsa package is fixed (cert files regeneration, OpenSSL 0.9.8->1.0.0).
4. e2fsprogs package is upgraded 1.43.6->1.43.7.
5. curl package is upgraded 7.55.1->7.56.1.
6. ethtool package is upgaded 4.11->4.13.
7. wget package is upgraded 1.19.1->1.19.2.
8. iperf package is upgraded 2.0.9a->2.0.10.
9. libubox package is upgraded 2017-09-29->2017-10-06.
10. ubus package is upgraded 2017-02-18->2017-11-06.
11. libxml package is upgraded 2.9.6->2.9.7.
12. sqlite package is upgraded 3200100->3210000.
13. expat package is upgraded 2.2.4->2.2.5.
14. dnscrypt-resolvers.csv is updated.
15. Host tools: three components are upgraded.
16. Toolchain: Patch is added to compiler (to support compilation by gcc 6.3.0).

The link is:

https://www.voxel-firmware.com 


No reset is needed to upgrade from my previous versions.

Difference 1.0.2.46HF-HW vs 1.0.2.46HF: “HW” version means hardware acceleration of OpenSSL.

P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).

Voxel.

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.46HF/1.0.2.46HF-HW).

Changes (vs 1.0.2.45HF):
1. OpenSSL is upgraded 1.0.2l->1.0.2m. Fixes (OpenSSL changelog):
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736).
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735).
2. Changes in OpenVPN client:
* Now Power LED is blinking if router fails to connect to OpenVPN server.
* "--cd $OPENVPN_CONF_DIR" option is added to startup script.
3. Bug in openvpn-easy-rsa package is fixed (cert files regeneration, OpenSSL 0.9.8->1.0.0).
4. e2fsprogs package is upgraded 1.43.6->1.43.7.
5. curl package is upgraded 7.55.1->7.56.1.
6. ethtool package is upgaded 4.11->4.13.
7. wget package is upgraded 1.19.1->1.19.2.
8. iperf package is upgraded 2.0.9a->2.0.10.
9. libubox package is upgraded 2017-09-29->2017-10-06.
10. ubus package is upgraded 2017-02-18->2017-11-06.
11. libxml package is upgraded 2.9.6->2.9.7.
12. sqlite package is upgraded 3200100->3210000.
13. expat package is upgraded 2.2.4->2.2.5.
14. dnscrypt-resolvers.csv is updated.
15. Host tools: three components are upgraded.
16. Toolchain: Patch is added to compiler (to support compilation by gcc 6.3.0).

The link is:

https://www.voxel-firmware.com 


No reset is needed to upgrade from my previous versions.

Difference 1.0.2.46HF-HW vs 1.0.2.46HF: “HW” version means hardware acceleration of OpenSSL.

P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).

Voxel.
 

kpence73
kpence73's picture
Voxel,   I just ordered the

Voxel,   I just ordered the R9000 because I wanted a whole home VPN client, but at the same time wanted the PLEX server (my Raspi3 is terrible as transcoding).  I found your firmware after about 2 hours of reading forums and I want to make sure I understand one of the comments you made about using Netgear source code to allow for Netgear features.  You mentioned Plex in that list and I just wanted to verify that your firmware has both the added feature of OpenVPN client and the default Plex server capability.   

Voxel
Voxel's picture
Plex is included into my

Plex is included into my firmware. I know that people are using it, but I do not. My tests with Plex were just to see it is started and I can see its GUI in my browser. So I cannot say is it better than e.g. your Raspi3 or not ;-)

OpenVPN client is available too, right. But I have to warn that its installation is a bit unusual. You should read this nice article to get impression how to setup it:
 

https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r900...

Voxel.

Voxel
Voxel's picture
New version of my custom
New version of my custom firmware build: 1.0.2.47HF/1.0.2.47HF-HW). 

Changes (vs 1.0.2.46HF):
1. haveged package is added to feed the kernel entropy pool.
2. OpenSSL is upgraded 1.0.2m->1.0.2n. Major changes (OpenSSL changelog):

Read/write after SSL object in error state (CVE-2017-3737)
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)​

3. ubus package is upgraded 2017-11-06->2017-11-13.
4. curl package is upgraded 7.56.1->7.57.0.
5. alsa-lib package is upgraded 1.1.4.1->1.1.5.
6. ReadyCLOUD version is downgraded 20170711->20170214 (problem reported by tech960).
7. default congestion control is changed to yeah, rmem_max/wmem_max values are increased.
8. dnscrypt-resolvers.csv is updated.
9. Several packages are optimized to minimize resulting size.

The link is:

https://www.voxel-firmware.com

No reset is needed to upgrade from my previous versions.

Difference 1.0.2.47HF-HW vs 1.0.2.47HF: “HW” version means hardware acceleration of OpenSSL.

P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).

Voxel.

 

 

kpence73
kpence73's picture
Voxel, I need your help.   I

Voxel, I need your help.   I installed the firmware and everything seemed fine.  I even posted in the OpenVPN topic it was working great.  Well, I am not sure what happened.  Two days after installing the firmware and using a VPN, I suddenly lost internet.  I checked the router admin page and discovered that the admin page was saying there was no internet connection (the top left of the 6 boxes you get after you log into the router).  But when I went directly to the Internet information, I had a green check for the WAN connection.   I thought it had to do with the OpenVPN set up so I removed the VPN files and rebooted.   I am still getting the no connection warning.   I flashed back to the Netgear firmware and everything was fine and my service was restored.  Thinking it was just a fluke, I re-flashed your firmware and again I got the no connection warning.   With your firmware installed, I have rebooted the modem, the router, unplugged everything and plugged it back in...the whole typically gambit of troubleshooting steps.  

What I don't get it that it worked fine for 2 days, and now no matter what I try, there just is no connection.  I even tried DD-WRT and it worked with no issues (couldn't get VPN working).  I am currently back on the Netgear firmware so I have a working router.  I even tried the previous version of your firmware as well as the hardware acceleration version.  What could be the issue?  All this is happening without the VPN active so it isn't he OpenVPN client that is doing it.

Voxel
Voxel's picture
Well, it's hard to say what's

Well, it's hard to say what's wrong. Even if your OpenVPN client fails to connect, the router should restore orogonal connection.

Let's step by step. First, your need just to have original connection (w/o OpenVPN client). BTW I do suggest to use HW version even if you do not use OpenVPN. 

So flash latest HW version, then telnet to router and check that there are no files in /etc/openvpn/config/client:

rm -rf /etc/openvpn/config/client

then reboot your router and make hard reset. Restore your settings manually.

After this if you have ordinary connection proceed again with OpenVPN client. It is next step. Note: remove OpenVPN manually is just "rm -rf /etc/openvpn/config/client" and reboot.

 

If your OpenVPN client fails, check its log: 

more /var/log/openvpn-client.log
Voxel.

kpence73
kpence73's picture
Ok, I will try.  I am out of

Ok, I will try.  I am out of my house for a few days while I have my floors refinished.   I can tell you that once I realized the issue, I removed the OpenVPN files to test various firmwares and didn't even mess when them, but I was still getting the issues.   But when I get back, I will post log/screen shots for what I was getting without the VPN files present.   

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.54HF/1.0.2.54HF-HW).

Changes (vs 1.0.2.47HF):

1. Integration of changes from the stock v. 1.0.2.52:

Security fixes:
 

Plus other changes including new versions of QCA drivers and TM QoS.​

2. CVE-2017-15275 patch is added to samba.
3. Small improvements in samba config to increase the speed.
4. net-wall script is corrected to add possibility using own /root/firewall-start.sh script.
5. cron table potential problem is corrected (/etc/crontabs is now symlink to /tmp/etc/crontabs).
6. libsodium package is upgraded 1.0.15->1.0.16.
7. tar pckage is upgraded 1.29->1.30.
8. uci package is upgraded 2017-09-29->2018-01-01.
9. libubox package is upgraded 2017-10-06->2018-01-07.
10. e2fsprogs package is upgraded 1.43.7->1.43.8.
11. dnscrypt-resolvers.csv is updated.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Important:
No reset is needed to upgrade from my previous versions. But: most probably you will need to do reset if upgrading from stock firmware 1.0.2.52 and above.

Difference 1.0.2.54HF-HW vs 1.0.2.54HF: “HW” version means hardware acceleration of OpenSSL.

Voxel.
 

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.3.8HF/1.0.3.8HF-HW.

Changes (vs 1.0.3.7HF):

1. WIGIG firmware (AD driver) is reverted back to previous version (fixing problems with 802.11ad).
2. Bug in ReadySHARE GUI (Advanced Settings, Apply button) is fixed, problem reported by tech960.
3. ubus package is upgraded 2017-11-13->2018-01-16.
4. HW version: cryptodev-linux package is upgraded 1.9.git-2017-05-29->1.9.git-2017-10-04.

 

Changes (1.0.3.7HF vs 1.0.2.54HF):


1. Integration of changes from the stock v. 1.0.3.6.
2. Several bugs in the stock v. 1.0.3.6 are fixed (ReadyCLOUD link in WebGUI, aws-iot, etc.).


The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Important:
No reset is needed to upgrade from my previous versions. But: most probably you will need to do reset if upgrading from stock firmware 1.0.2.52 and above.

P.S. It is recommended to disable Router Auto Firmware Update. Otherwise your router might be upgraded suddenly by stock version.

Difference 1.0.3.8HF-HW vs 1.0.3.8HF: “HW” version means hardware acceleration of OpenSSL.

Voxel.

mitko25
mitko25's picture
hello. i was updated my

hello. i was updated my router with yours latest FW 1.0.3.8 HW, but PLex APP wont start. it's say :

Plex has some issues, please click Apply button to enable the Plex again.

​​I have try'd evrything but PLEX wont start, untili when upgrade on offiicial FW again.

 

Voxel
Voxel's picture
mitko25

mitko25
I checked right now with 1.0.3.8HF-HW: I was able to install and start Plex. IMO you should remove Plex and install it anew. How (some manual job).

1. Disable Plex from WebGUI

2. Enable telnet from //routerlogin.net/debug.htm page.

3. Enter by telnet to your router.

4. Run the command from telnet console:
 

rm -rf /tmp/plexmediaserver/*

After that try to enable Plex in GUI and wait some time.

It works for me.

Voxel.

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.3.11HF/1.0.3.11HF-HW.

Changes (vs 1.0.3.9HF):

1. Integration of changes from the stock v. 1.0.3.10.

NOTE: reset is needed!
2. Some NG bugs are corrected.
3. OpenVPN client is optimized.
4. OpenSSL configuration is changed to provide compatibility with ReadyCLOUD 20170711.
5. OpenVPN is upgraded 2.4.4->2.4.5.
6. dropbear package is upgraded 2017.75->2018.76.
7. util-linux package is upgraded 2.30.2->2.31.1.
8. iperf package is upgraded to iperf3 2.0.10->3.4.
9. Beta support of R8900.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Important: reset to factory settings is needed after flasing.

Difference 1.0.3.8HF-HW vs 1.0.3.8HF: “HW” version means hardware acceleration of OpenSSL.

P.S. It is recommended to disable Router Auto Firmware Update. Otherwise your router might be upgraded suddenly by stock version.

Voxel.

Voxel
Voxel's picture
New version of my custom
 

New version of my custom firmware build: 1.0.3.12HF/1.0.3.12HF-HW.

Changes (vs 1.0.3.11HF):

1. Some yet another minor NG bugs are corrected.
2. OpenSSL is upgraded 1.0.2n->1.0.2o.
3. curl package is upgraded 7.58.0->7.59.0.
4. ffmpeg package is upgraded 3.2.9->3.2.10.
5. libubox package is upgraded 2018-02-08->2018-03-21.
6. uci package is upgraded 2018-01-01->2018-03-24.
7. ncurses package is upgraded 6.0->6.1.
8. util-linux package is upgraded 2.31.1-2.32.
9. libxml2 package is upgraded 2.9.7->2.9.8.
10. iperf3 package is upgraded 3.4->3.5.
11. Host tools: three components are upgraded.
12. Toolchain: binutils version is upgraded to 2.30

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

No reset to factory is needed after flasing from 1.0.3.11HF/1.0.3.11HF-HW.

Difference 1.0.3.12HF-HW vs 1.0.3.12HF: “HW” version means hardware acceleration of OpenSSL.

P.S. It is recommended to disable Router Auto Firmware Update. Otherwise your router might be upgraded suddenly by stock version.

Voxel.

 

 

 

 

cybersade
cybersade's picture
Thanks Voxel this firmware is

Thanks Voxel this firmware is exactly what I have been looking for and works like a charm

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.3HF/1.0.4.3HF-HW.

Changes (vs 1.0.3.12HF):

1. Integration of changes from the stock v. 1.0.3.16/1.0.4.2.
2. NG version of OpenVPN client is removed (use my version if necessary).
3. Several NG bugs are corrected.
4. New samba CVE patches.
5. OpenVPN is upgraded 2.4.5->2.4.6.
6. liblz4 package is upgraded 1.8.1.2->1.8.2 (general speed improvements, see https://github.com/lz4/lz4/releases).
7. at package is upgraded 3.1.13->3.1.20.
8. libubox package is upgraded 2018-03-21->2018-04-12.
9. ca-certificates package is upgraded 20170717->20180409.
10. sqlite package is upgraded 3210000->3230100.
11. wget package is upgraded 1.19.2->1.19.5.
12. curl package is upgraded 7.59.0->7.60.0.
13. ethtool package is upgaded 4.15->4.16.
14. cifs-utils package is upgraded 6.6->6.8.
15. Host tools: several components are upgraded.


The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

No reset to factory is needed after flasing from 1.0.3.12HF/1.0.3.12HF-HW.

Difference 1.0.4.13HF-HW vs 1.0.4.13HF: “HW” version means hardware acceleration of OpenSSL.

P.S. It is recommended to disable Router Auto Firmware Update. Otherwise your router might be upgraded suddenly by stock version.

Voxel.

ITnerd117
ITnerd117's picture
Has anyone figued out yet how

Has anyone figued out yet how to fix the LAN connection dropping issue?  Every few days all my LAN ports just die and I have to reboot the router to get them communicating again.  Wireless is not affected.

gbgogs
gbgogs's picture
Same issue here. Just moved

Same issue here. Just moved to DD-WRT to see if that'll solve it

farenheit
farenheit's picture
Hi Voxel

Hi Voxel

I have tried every combination to get my VPN working but i have had no luck whatsoever.

I cannot connect wirelessly with it enabled. I have all certificated in openvpn-client directory in root of usb containing 4 files:

auth.txt, ca.rsa.2048.crt, crl.rsa.2048.pem and manchester.ovpn.

I have followed the guide here:

https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r900...

Please advise?

Voxel
Voxel's picture
So it is resolved, right? SNB

So it is resolved, right? SNB forums.

 

Voxel.

Pages