Custom firmware build for R9000

71 posts / 0 new
Last post
Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.34HF.

Changes (vs 1.0.4.33HF):

1. proftpd package is upgraded from specific version with NG changes to 1.3.6 + CVE-2019-12815 security patch.
(Plus some changes in its behavior. Issue alarmed by kamoj)​
2. DNSCrypt Proxy v.2 is upgraded 2.0.25->2.0.27 (Firefox workaround).
3. OpenSSL v. 1.0.2 package is upgraded 1.0.2s->1.0.2t.
(see https://www.openssl.org/news/openssl-1.0.2-notes.html for details)​
4. OpenSSL v. 1.0.2 package: patch to strip cflags from resulting binary is added.
5. OpenSSL v. 1.1.1 package is upgraded 1.1.1c->1.1.1d.
(see https://www.openssl.org/news/openssl-1.1.1-notes.html for details)​
6. haveged package is upgraded 1.9.4->1.9.6.
7. uci package is upgraded 2019-05-17->2019-09-01.
8. unbound package (used in stubby) is upgraded 1.9.2->1.9.3.
9. libgcrypt package is upgraded 1.8.4->1.8.5.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.

 

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.35HF.

Changes (vs 1.0.4.34HF):

1. minidlna package is upgraded 1.2.1->1.2.1-2018-04-10.
2. (minidlna) ffmpeg package configuration is changed (to provide more stable support of the FLAC files).
3. (minidlna) ffmpeg compilation flag conflict is fixed (now it is pure Cortex-A15 target).
4. (minidlna) libogg package is upgraded 1.3.3->1.3.4.
5. (minidlna) sqlite package is upgraded 3290000->3300100.
6. expat package is upgraded 2.2.7->2.2.9 (CVE-2019-15903).
7. unbound package (used in stubby) is upgraded 1.9.3->1.9.4 (CVE-2019-16866).
8. DNSCrypt Proxy v.2 is upgraded 2.0.27->2.0.28.
9. dnsmasq package is upgraded 2.78->2.80.
10. curl package is upgraded 7.65.3->7.66.0.
11. haveged package is upgraded 1.9.6->1.9.8.
12. libubox package is upgraded 2019-06-16->2019-10-21.
13. transmission-web-control package is upgraded 2019-04-16->2019-07-24.
14. dropbear package is changed: to allow ssh forwarding.
15. e2fsprogs package: optimization for a size.
16. patch package is added (kamoj add-on, replacement of a busybox analog).
17. coreutils sort package is added (kamoj add-on, replacement of a busybox analog).
18. etherwake package is added (kamoj add-on).
19. busybox: sort and patch are disabled.
20. OpenSSL 1.0.2/1.1.1: make an order with patches.
21. Host tools (mtd-utils): Add: glibc >= 2.28 compatibility patch.
22. Host tools (m4): Add: glibc >= 2.28 compatibility patch.
23. Host tools (squashfs4): Add: glibc >= 2.28 compatibility patch.
24. Toolchain: gdb is upgraded.
25. Development platform is changed (Debian9->Debian10: glib 2.24->2.28; gcc 6.3.0->8.3.0; etc).
26. Support of new certificates for https.
27. QoS could be updated to v1.64 Oct 23, 2019 (press [Update Now] button in GUI).
28. Plex could be updated to v.1.18.0.1913-e5cc93306 Jul 16, 2019.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.

PureLoneWolf
PureLoneWolf's picture
Hi

Hi

I hope this hasn't been covered, searching didn't bring much, but does this firmware support Local DNS Resolution so that I can access devices on my local network by name?

Many thanks

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.36HF.

Changes (vs 1.0.4.35HF):

1. WireGuard v. 20191212 is added (kernel module + "wg" utility).
2. libmnl package version 1.0.4 is added (used in WireGuard).
3. OpenVPN is upgraded 2.4.7->2.4.8.
4. curl package is upgraded 7.66.0->7.67.0.
5. DNSCrypt Proxy v.2 is upgraded 2.0.28->2.0.35.
6. stubby config is changed (not so strict requirements to the server).
7. unbound package (used in stubby) is upgraded 1.9.4->1.9.5.
8. e2fsprogs: CVE-2019-5094 patch is added.
9. libubox package is upgraded 2019-10-21->2019-11-24.
10. uci package is upgraded 2019-09-01->2019-11-14.
11. net-wall script is fixed to support IPv6.
12. Host tools (e2fspogs): is upgraded to 1.45.4.
WireGuard (everything from console, for advanced users):

To use it you should first load the kernel module:

insmod /lib/modules/3.10.20/wireguard.ko
After this you should use the commands: ip, route, iptables, wg. See:

https://www.wireguard.com/quickstart/

NOTE: Your iptables rules for WireGuard should be included into /opt/scripts/firewall-start.sh script​

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.
 

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.38HF.

Changes (vs 1.0.4.37HF):

1. WireGuard client support is added (tested with Integrity VPN, thanks to KW.).
2. net-wall firewall is changed to support WireGuard client.
3. hotplug2 package is changed to support automatic WireGuard client config copy from USB drive.
4. wireguard package is upgraded 0.0.20191226->0.0.20200121.
5. wireguard-tools package is upgraded 1.0.20191226->1.0.20200121.
6. ubus package is upgraded 2019-12-27->2020-01-05.
7. e2fsprogs package is upgraded 1.44.5->1.45.5.
8. curl package is upgraded 7.67.0->7.68.0.
9. DNSCrypt Proxy v.2 build scheme is changed (compilation by Go, dynamic GCC libs). Should work faster.
10. libubox package is upgraded 2019-12-28->2020-01-20.
11. Default ReadyCLOUD version is upgraded to 20190805.
12. Host tools (e2fspogs): is upgraded to 1.45.5.
13. Host tools (bison): is upgraded to 3.5.

 

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).
WireGuard client:

To start its using you should

1. Prepare the text file with name wireguard.conf defining the following values: EndPoint, LocalIP, PrivateKey, PublicKey and Port of you WireGuard client config from WG provider.

Example:
------------------------- cut here ---------------------------------------
EndPoint="wireguard.5july.net"
LocalIP="10.0.xxx.xxx"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
PublicKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
Port="48574"
------------------------- cut here ---------------------------------------
NOTE: no spaces before/after "=" symbol in example above.
NOTE: the name of the file wireguard.conf is lowercase.

2. Place this wireguard.conf file to the root of USB flash drive (FAT or NTFS or EXT2/3/4).

3. Insert this flash drive into your R9000/R8900.

4. Enter by telnet to your router and set the nvram variable wg-client to 1

Code:
nvram set wg-client=1
nvram commit
5. Reboot your router.

NOTE: to disable WireGuard client starting just set wg-client to "0" and reboot the router.
NOTE: USB drive with the file wireguard.conf should not be left attached to your router. It will be copied again and again after every router reboot. Remove this file after you have WG client working.

P.S. Also you can just create the file /etc/wireguard.conf manually w/o USB drive...

Voxel.

 

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.38.1HF.

Changes (vs 1.0.4.38HF):

1. wireguard package is upgraded 0.0.20200121->0.0.20200215.
2. wireguard-tools package is upgraded 1.0.20200121->1.0.20200206.
3. DNSCrypt Proxy v.2 is upgraded 2.0.36->2.0.39.
4. QoS DB is updated to 1.74 (Dec. 2019).
5. util-linux package is upgraded 2.34->2.35.1.
6. coreutils package (sort) is upgraded 8.30->8.31.
7. sqlite package is upgraded 3300100->3310100.
8. minidlna package is upgraded 1.2.1-2018-04-10->1.2.1-2019-12-09.
9. uci package is upgraded 2019-12-12->2020-01-27.
10. libubox package is upgraded 2020-01-20->2020-02-27.
11. sysstat package is upgraded 12.0.5->12.2.1.
12. libgpg-error package is upgraded 1.36->1.37.
13. cifs-utils package is upgraded 6.9->6.10.
14. proftpd package is upgraded 1.3.6->1.3.6c.
15. libusb package is upgraded 1.0.22->1.0.23.
16. libusb-compat package is upgraded 0.1.5->0.1.7.
17. avahi package is upgraded 0.7->0.8.
18. ncurses package is upgraded 6.1->6.2.
19. fdisk utility is added.
20. tune2fs utility is added.
21. resize2fs utility is addded.
22. Host tools (quilt): is upgraded to 0.66.
23. Host tools (gmp): is upgraded to 6.2.0.
24. Host tools (sed): is upgraded to 4.8.
25. Host tools (bison): is upgraded to 3.5.1.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.

dibun
dibun's picture
Does it support VAP with VLAN

Does it support VAP with VLAN support?

dibun
dibun's picture
I have installed it but

I have installed it but remote management via HTTPS is not working as the SSL certificate is revoked. Netgear has solved it in their newer version. When will you release the fix?

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.4.42HF.

Changes (vs 1.0.4.41HF):

1. dropbear package is upgraded 2019.78->2020.79
(scp fix for CVE-2018-20685:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
support of ed25519 hostkeys and authorized_keys,
adding chacha20-poly1305 authenticated cipher etc).​
2. iptables package is upgraded 1.8.4->1.8.5.
3. ca-certificates package is upgraded 20190110->20200601.
4. DNSCrypt Proxy v.2 is upgraded 2.0.42->2.0.44.
5. haveged package is upgraded 1.9.8->1.9.12.
6. wireguard package is upgraded 1.0.20200520->1.0.20200611.
7. wireguard init script is changed (allowing to use LocalIP scope such as e.g. 10.0.xxx.xxx/24).
8. proftpd package is upgraded 1.3.6c->1.3.6d.
9. pciutils package is upgraded 3.4.1->3.7.0.
10. PCI ID's DB is updated to 2020.05.29
11. Toolchain: Go is upgraded 1.14.3->1.14.4.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

NOTE:

WG users: please pay your attention to p. 7

7. wireguard init script is changed (allowing to use LocalIP scope such as e.g. 10.0.xxx.xxx/24).​

I.e. probably you have to change your current wireguard.conf e.g.
. . .
LocalIP="10.0.xxx.xxx/24" instead of just LocalIP="10.0.xxx.xxx"
. . .

Voxel.

Robr
Robr's picture
So this firmware does not

So this firmware does not have the

hardware acceleration of OpenSSL.

R9000-V1.0.4.56HF

Pages