Custom firmware for R7800 to extend its functionality

390 posts / 0 new
Last post
beepdotpw59
beepdotpw59's picture
hello I do not understand my

hello I do not understand my Nordvpn does not connect more via the router? you have an idea thank you

vladlenas
vladlenas's picture
New version of my custom

New version of my custom firmware build: 1.0.2.47SF.

Changes (vs 1.0.2.46SF):

1. Latest QoS DB is included into firmware (23 Oct 2017).
2. Disk mount scheme is changed to correct problems with folder browser in NETGEAR Downloader (reported by cordezz).
3. e2fsprogs package is upgraded 1.43.8->1.43.9.
4. ethtool package is upgaded 4.13->4.15.
5. libubox package is upgraded 2018-01-07->2018-02-08.
6. netatalk package is upgraded 2.2.1->2.2.6
7. Some "clip-art" changes in WebGUI.

The link is:

https://www.voxel-firmware.com

P.S. Voxel is still terribly busy, and there is no time to read and answer questions.
Thank you for understanding!!!

alaattinturyan
alaattinturyan's picture
Hi,

Hi,

I know people are busy here but I cannot figure out HFS+ disk issue.

I have read that router supports it  https://kb.netgear.com/24059/What-are-the-USB-drive-requirements-for-my-...

Basically I can read but cannot write. I am planning to use it with TimeMachine

Do you have any solution for that?

Thanks

alaattinturyan
alaattinturyan's picture
By the way, let me clarify

By the way, let me clarify one thing about issue above about HFS+ disk.

1-If I connect to router via SSH, I can write and move some files via CLI under /mnt/..

2-If I connect to router via SMB or APT, I cannot write anything..

 

e38BimmerFN
e38BimmerFN's picture
I presume the R7800 is

I presume the R7800 is included. 
That linked article says:

"This article applies to:

Wireless AC Router NightHawk (9)
R6700v2
R6900
R6900v2
R7900
R7900P
R8000P"
 
Can you test a dirve with NTFS formatting to see if same thing happens? 
 
Voxel
Voxel's picture
New version of my custom
New version of my custom firmware build: 1.0.2.50SF.

Changes (vs 1.0.2.49SF):

1. OpenVPN client additional speed up (thanks to kamoj for his help).
2. WebGUI: syncronization of lang version with stock 1.0.2.46.
3. OpenSSL is upgraded 1.0.2n->1.0.2o.
4. curl package is upgraded 7.58.0->7.59.0.
5. ffmpeg package is upgraded 3.2.9->3.2.10.
6. libubox package is upgraded 2018-02-08->2018-03-21.
7. uci package is upgraded 2018-01-01->2018-03-24.
8. ncurses package is upgraded 6.0->6.1.
9. util-linux package is upgraded 2.31.1-2.32.
10. Toolchain: binutils version is upgraded to 2.30

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

NOTE: Most probably no reset is needed to upgrade from my previous versions. But if you face problems it is better to perform reset.

Voxel.

 

 

gallo
gallo's picture
hello Voxel and everone else,

hello Voxel and everone else, popped .50 onto my R7800 first restart ssh stopped accepting my key figured maybe another reboot would clear it up but it went into bootloop. Never got a chance to read the logs. Cleared it up by putting .49 back on while in recovery mode. Havent tried to put .50 back on will do that later tonight but i had to redo my ssh from scratch to get it to work, all is fine now. Has there been any hiccups that anyone else has seen?

Voxel
Voxel's picture
ssh authorization_keys,

ssh authorization_keys, dnscrypt.conf and all other changes what was done are alive untill next flashing. Such changes had to be stored in backup, in tarball. See e.g.
 

https://www.snbforums.com/threads/enabling-dhcp-auth-options-60-and-61-o...
Voxel.

gallo
gallo's picture
Hey Voxel, well i just tried

Hey Voxel, well i just tried to install the update 3 times including a fresh download. It boots becomes unresponsive then goes into a bootloop, and my ssh access is botched requiring me to do it from scratch. Cant get any logs after the update. Same problem as yesterday. I havent serialed into it yet cause of the warranty. Just curious if someother ppl might be experiencing something also.

gallo
gallo's picture
oh and btw i understand what

oh and btw i understand what your saying about the backup and restore after a flash. I did that but the backup for some reason gets rejected from the server thats why i had to start over.

 

Voxel
Voxel's picture
 
 

New version of my custom firmware build: 1.0.2.53SF.

Changes (vs 1.0.2.50SF):

1. Integration of changes from the stock v. 1.0.2.52.
2. Several NG bugs are fixed.
3. NG version of OpenVPN client is removed (use my version if necessary).
4. Changes from kamoj for OpenVPN client are included (speed improvements/stability, thanks to kamoj).
5. ntpclient init script is changed (setting date for OpenVPN client).
6. OpenVPN is upgraded 2.4.5->2.4.6.
7. liblz4 package is upgraded 1.8.1.2->1.8.2 (general speed improvements, see https://github.com/lz4/lz4/releases).
8. New samba CVE patches.
9. dnsmasq package is upgraded 2.39->2.78 (with NG specific changes).
10. at package is upgraded 3.1.13->3.1.20.
11. libubox package is upgraded 2018-03-21->2018-04-12.
12. sqlite package is upgraded 3210000->3230100.
13. wget package is upgraded 1.19.2->1.19.5.
14. curl package is upgraded 7.59.0->7.60.0.
15. ethtool package is upgraded 4.15->4.16.
16. haveged package is upgraded 1.9.1->1.9.2.
17. libusb package is upgraded 1.0.21->1.0.22.
18. transmission package is upgraded 2.93->2.94.
19. Host tools: several components are upgraded.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

NOTE: Most probably no reset is needed to upgrade from my previous versions. But if you face problems it is better to perform reset.

Voxel.

 

 

 

 

sunmenone
sunmenone's picture
Hello,

Hello,

I have troubles setting up the VPN client? With the previous version of the Voxel firmware everything works fine and I used the same *ovpn file. Is anybody aware of any issues? Does the new release improve the OVPN client, or is there no need to upgrade?

Thanks

kamoj
kamoj's picture
Exactly what is the problem?

Exactly what is the problem?
I have used exactly the same *.ovpn as before, and it worked as before.
Have you inserted the same USB-stick as before to install it?
Is the openvpn client started at all?
Can you log in to the router with e.g. telnet to makes some tests?
E.g. give the command: ps -w | grep vpn

 

sunmenone
sunmenone's picture
Hello,

Hello,

could someone let me the content of the file  ovpnclient-up.sh know? I modified the wrong file and I need the original one

Thanks

kamoj
kamoj's picture
#!/bin/sh
#!/bin/sh
 
/sbin/ledcontrol -n wan -c green -s on 
kamoj
kamoj's picture
or get the original back with

or get the original back with:
\cp -f /rom/etc/openvpn/ovpnclient-up.sh /etc/openvpn/ovpnclient-up.sh

sunmenone
sunmenone's picture
Thank you kamoj. I tried

Thank you kamoj. I tried yesterday with the new firmware and it worked for a moment. I added the excluded IPs in this file, and afterwards of course it did not work anymore

I will try again

sunmenone
sunmenone's picture
Hello,

Hello,

I took a look a the file and it is fine. I managed it to start the VPN. Could you please tell me which file needs to be changed for the Bypassing OpenVPN client tunnel. In the readme it is the /etc/openvpn/ovpnclient-up.sh. After the change the VPN does not work like I wrote yesterday

Could someone please post me the right file and the content?

 

 

kamoj
kamoj's picture
#!/bin/sh

OK, sure I can help - no problem, hope you get it working!
Try this file content:

#!/bin/sh

/sbin/ledcontrol -n wan -c green -s on

NO_VPN_LST="192.168.1.7 192.168.1.3"
WAN_GWAY=`ip route | awk '/^default/{print $3}'`
while [ $(ip route list table 200 default | grep "default" | wc -l) != "0" ]; do ip route del table 200 default 2>/dev/null; done
while [ $(ip route list table 200 | grep "default" | wc -l) != "0" ]; do ip route del table 200 2>/dev/null; done
while [ $(ip rule list | grep "lookup 200" | wc -l) != "0" ]; do ip rule del table 200 2>/dev/null; done
ip route flush cache
sleep 1
for excludeip in $NO_VPN_LST; do
[ $(ip rule list | grep "${excludeip} lookup 200" | wc -l) = "0" ] && ip rule add from ${excludeip} table 200
done
ip route add table 200 default via $WAN_GWAY dev `ip route | awk '/^default/{print $NF}'`
ip route flush cache
exit 0

kinakuta
kinakuta's picture
Hi Voxel, Hi everyone,

Hi Voxel, Hi everyone,

my VPN service (NordVPN) now supports IPSec IKEv2 and I'm considering switching from OpenVPN to L2TP/IPSec IKEv2, because it's very secure, very fast (Netflix etc.) and has keepalive functionality.

Is there a way to configure a L2TP/IPSec IKEv2 client on Voxel's firmware? Can I use Entware to install StrongSwan, like this: https://nordvpn.com/tutorials/linux/ikev2ipsec/ ?
 
Best
Kinakuta
 
 
 
desuka
desuka's picture
Hi Voxel and all.  Thanks so

Hi Voxel and all.  Thanks so much for creating this custom firmware!  I recently purchased an R7800 on sale and was disappointed to find the OpenVPN functionality was server only, so definitely appreciate the added OpenVPN client support!

I have been running into an issue, however, when using auth-user-pass in the OVPN config file.  When I leave "auth-user-pass" as-is in the ovpn file, openvpn-client start will work fine after prompting for credentials.  But when I include a credentials file, such as "auth-user-pass /etc/openvpn/config/client/auth.txt" (and create auth.txt with the username and password) I get the following error when using openvpn-client start:

Please wait...
Error: OpenVPN client start failed.
/etc/rc.common: kill: 90: (3273) - No such process
I have tried both the relative file name and the full path file name and get the same result.  Of course, the username and password in the file are correct.  I've also tried using chmod to grant a+rwx permissions in case there was some permissions issue reading auth.txt, but that didn't help either.  Any idea what I could be missing here?
 
Also curious, is there any way to create exceptions for certain destination domains (netflix and a few others that block VPNs) rather than exceptions for all connections made by a certain source IP?   (Alternately - Kinakuta's recent post about L2TP/IPSec IKEv2 working for Netflix might work for me too, so interested to learn if that's possible to setup instead)
 
Thanks again for your time and hard work on this.
desuka
desuka's picture
Ugh, I'm dumb... False alarm.

Ugh, I'm dumb... False alarm.  There was actually a character from the username somehow missing once pasted with vi (but oddly wasn't missing when pasting it into the credentials prompt without using a cred file)  I didn't notice since the username is so randomized.

I have noticed something else though.  Even though I have set up /etc/dnscrypt.conf to use adguard-dns and have rebooted the router, I am getting tons of Google DNS leaks when using DNS leak tests at various sites.  At first I was using adguard-dns-ns1, adguard-dns-ns2, and cs-uswest per the recommendation in the readme to use 3-4 servers.  Then tried changing it to adguard-dns based on another forum post.  I ensured the router is set to use OpenDNS instead of the automatic ISP DNS.  This also happens with any browser, and happens after flushing DNS.  Is there any way to validate that dnscrypt is working, besides using DNS leak test?

kamoj
kamoj's picture
Run: ps w | grep dns

Run:
ps w | grep dns

kamoj
kamoj's picture
Test like this:
Test like this:
dnscrypt-proxy -R "adguard-dns" --test=0
Thu Jul  5 19:21:28 2018 [ERROR] No resolver named [adguard-dns] found in the [/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv] list
 
adguard-dns is not working, but the others work for me, eg:
 
dnscrypt-proxy -R "cs-uswest" --test=0
Thu Jul  5 5:22:45 2018 [INFO] - [cs-uswest] does not support DNS Security Extensions
Thu Jul  5 5:22:45 2018 [INFO] + Namecoin domains can be resolved
Thu Jul  5 5:22:45 2018 [INFO] + Provider supposedly doesn't keep logs
Thu Jul  5 5:22:45 2018 [NOTICE] Starting dnscrypt-proxy 1.9.5
Thu Jul  5 5:22:45 2018 [INFO] Generating a new session key pair
Thu Jul  5 5:22:45 2018 [INFO] Done
Thu Jul  5 5:22:45 2018 [INFO] Server certificate with serial '0001' received
Thu Jul  5 5:22:45 2018 [INFO] This certificate is valid
Thu Jul  5 5:22:45 2018 [INFO] Chosen certificate #80846433 is valid from [2018-07-05] to [2018-07-06]
 
 

 

desuka
desuka's picture
Thanks.  Tried this and

Thanks.  Tried this and confirmed adguard-dns wasn't working, but adguard-dns-ns1 and ns2 seem OK.  I checked another PC after changing it back to that setting and it appears to be working.

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.54SF.

 

Changes (vs 1.0.2.53SF-KF):

 

1. dnsmasq: dnsmasq.conf options are changed (compliance with v. 2.78, use of /etc/hosts).

2. OpenVPN client optimization (thanks to kamoj).

3. miniupnpd is corrected to avoid its startup is disabled.

4. ethtool package is upgaded 4.16->4.17.

5. dbus package is upgraded 1.10.4->1.12.8.

6. curl package is upgraded 7.60.0->7.61.0.

7. avahi version is upgraded 0.6.32->0.7.

8. libubox package is upgraded 2018-04-12->2018-06-07.

9. jansson package is upgraded 2.10->2.11.

10. libgcrypt package is upgraded 1.6.6->1.8.3.

11. libogg packages is upgraded 1.3.2->1.3.3.

 

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

NOTE: Most probably no reset is needed to upgrade from my previous versions. But if you face problems it is better to perform reset.

 

Voxel.

 

Niglooze
Niglooze's picture
Hello Voxel,

Hello Voxel,

Thank you for your hard work !! I just got a brand new R7800 and installed your firmware immediately. works perfectly

I was wondering if there would be a way to install a plex media server ?

 

Voxel
Voxel's picture
I was wondering if there

I was wondering if there would be a way to install a plex media server ?

 

Theoretically yes. There are some attempts to do that for ASUS routers:

https://hqt.ro/plex-media-server-on-asuswrt-armhf-routers/

Something similar should be with R7800. But I am not sure that it is legal.

Voxel.

 

Niglooze
Niglooze's picture
I've seen it's available on

I've seen it's available on Netgear Firmware for R9000, so assumed that would be possible (and not illegal ^^), even if the transcoding part would be unavailable/not advised 

owencool
owencool's picture
Hi Voxel,

Hi Voxel,

Is there a way to have multiple ssid? I searched entware package but I found nothing about creating multiple ssid.

I need it since I subscribed to triple play service and I need to create another ssid in which it will be used for connecting the STB to the particular ssid using VLAN. 

Or is there any alternative of doing this kind of thing to make the IPTV work using wireless?

I’m quite a noob at this stuff

Thanks

Pages