Custom firmware for R7800 to extend its functionality

382 posts / 0 new
Last post
d3n3b
d3n3b's picture
Thank You for Your help! Also

Thank You for Your help! Also thank You for this firmware, it is perfect for me, it is so much better than stock.

d3n3b
d3n3b's picture
Thank You for Your help! Also

Thank You for Your help! Also thank You for this firmware, it is perfect for me, it is so much better than stock.

kinakuta
kinakuta's picture
HI Voxel,

HI Voxel,

is there a way to keep the authorized_keys SSH access, OpenVPN config files, crontab and other custom scripts when updating from one version of your firmware to the next?

There are quite a few changes I made after installing the FW and I just updated from 1.0.2.36SF to 1.0.2.38F because of the new OpenVPN client version, but it erased everything and I had to reconfigure everything from scratch, creating a USB stick with the authorized keys to access the router and then copy and edit lots of files.

Since this takes some time, I'd love to somehow be able to update the FW without this extra work. Is this possible?

Best
Martin

Voxel
Voxel's picture
Hi Martin,

Hi Martin,

I use tarball and external USB disk for backup/restore. Something like:

Backup (once):
cd /
tar cf /mnt/sda1/backup.tar etc/dropbear/ etc/openvpn/config/ root/.ssh/

Restore entering by telnet (after every flashing):
cd /
tar xf /mnt/sda1/backup.tar
reboot
 

So having backup.tar on USB I can restore all my specific settings after flashing.
Voxel.

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.39SF.

Changes (vs 1.0.2.38SF):
1. Most important: samba write speed is imporved (thanks to RMerlin for his tip (affinity)).
2. Changes in OpenVPN servers startup script (first is now using core0, second: core1).
3. Changes in OpenVPN client (now it is using core1).
4. taskset utility is added.
5. e2fsprogs package is upgraded 1.43.6->1.43.7.
6. curl package is upgraded 7.55.1->7.56.1.
7. ethtool package is upgaded 4.11->4.13.
8. wget package is upgraded 1.19.1->1.19.2.
9. Host tools: three components are upgraded.
10. Toolchain: Patch is added to compiler (to support compilation by gcc 6.3.0).

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

No reset is needed to upgrade from my previous versions.

P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).


Voxel.
 

d3n3b
d3n3b's picture
Hi Voxel,

Hi Voxel,

I would like to ask another question about Transmission 2.92+git. What exactly was changed compared to 2.92? Is that a sort of candidate release of official version or something else?

Voxel
Voxel's picture
2.92+ git is some bugs

2.92+ git is some bugs/problems fixing in 2.92. It is supposed to be added to next release.

 

You can check:
 

https://github.com/transmission/transmission/pull/134

Voxel.
 

vmb
vmb's picture
Hi Voxel,

Hi Voxel,

Today I switched from ddwrt to your firmeware on my R7800

Can you indicate how I can install and use the Openvpn client on my router? Thx for your tips ands suggestions!

 

vmb
vmb's picture
Sorry, found the manual

Sorry, found the manualcheeky

vmb
vmb's picture
Hi Voxel, back again with a

Hi Voxel, back againsmiley with a small question.

I read the manual. I read that, at this time, it isn't possible to use the Openvpn-server and the Openvpn-client at the same time. I must say I like you firmware very mutch because it's quite easy to handle. What I liked in the ddwrt software was the option to use both server and client functionality at the same time.

Are you planning to make it possible to use both functions at the same time. Would be very appreciated over here... Although, keep up the good work!

Voxel
Voxel's picture
Are you planning to make it

Are you planning to make it possible to use both functions at the same time. Would be very appreciated over here... Although, keep up the good work!

 

In general, no problems. Just I need some time for this. OK, I need some feedbacks rom my users to know their needs.Maybe in the next release.

Voxel.

siapi
siapi's picture
Hi Voxel, I have some

Hi Voxel, I have some automation based on whether certain device is connected to wireless network. With DD-WRT firmware, I can get the mac address for all devices on wireless network using wl command. With your firmware, what is the most efficient way to get the mac address on wireless network? Thanks.

Voxel
Voxel's picture
Hi siapi,

Hi siapi,

Most probably it is enough for you to use "wlan stainfo" command from console?

Voxel.

 

Davidden119
Davidden119's picture
I didn't try it and but you

I didn't try it and but you may need pptp first

kentchristopher
kentchristopher's picture
Does this firmware add

Does this firmware add functionality for setting up scheduled reboots and for Wake On Lan from the GUI? 

Voxel
Voxel's picture
Does this firmware add

Does this firmware add functionality for setting up scheduled reboots and for Wake On Lan from the GUI? 

Functionality: yes, GUI: no.

You can use cron from Entware to schedule reboots and etherwake/wakeonlan from the same Entware. But all this is executed from console (telnet or ssh).

https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html
Voxel.

 

danciucul
danciucul's picture
Hi Voxel, thank you very much

Hi Voxel, thank you very much for the firmware.

One improvement, if possible, for next versin (using R7800), in the Web management, Donwload manager: over remote management, transmission iframe does not use the dns address (but rather hardcoded local ip). This is of course no problem with VPN, but without it does not work.

 

Thanks!

kentchristopher
kentchristopher's picture
Thanks for your reply. Isn't

Thanks for your reply. Isn't cron included in the stock firmware? Poking around via telnet I see crontab. 

Voxel
Voxel's picture
I did notquite understand. I

I do not quite understand. I use for transmission frame not IP but:

 

http://routerlogin.net:9091

 

It does not work for you?

Voxel.

Voxel
Voxel's picture
Crontab:

Crontab:

 

IMO it is better to do not use cron/crontab from firmware. It is used for internal needs such as checking QoS working, its update, update of firmware etc. And if you intend to use this cron you should somehow add your own job, right? E.g. reboot. So you should  store somehow your own script which adds your job to cron or something similar. To add it after each reboot.

Entware is using USB drive where you can create your own job and it will be stored on USB drive. Entware is not so difficult ;-) I prepared simplified initial version which should be unpacked on your USB (formated as ext2/3/4) and after reboot just add cron package 

/opt/bin/opkg install cron

and use it for your needs.

You can use even telnet for this. 
Voxel.

VasiliyM6
VasiliyM6's picture
Hi Voxel, 

Hi Voxel, 

But how  Wake On Lan is working without GUI in you firmawre? Should I remotely telnet to router and run some command? 

Regards, Vasiliy

danciucul
danciucul's picture
Hi Voxel,
danciucul
danciucul's picture
Hi Voxel,
Voxel
Voxel's picture
Hi Vasiliy,

Hi Vasiliy,

Use of telnet over Internet (i.e. telnet to router remotely) would be bad thing. I use ssh.

Well, more details re: how I do that. I do use ssh enabled on this router with opening ssh port 22 to external world. And I have remote Linux server with my own Web-page. ssh key from server is added to allowed client on my router so I can run something like:

ssh -y root@my-IP-address /mnt/sda1/wake-on-lan.sh

from my server console. And after this I force my home computer to wake up.

Usually I do not run this script manually, I just have special page in my Web-server which run this command when I click corresponding link.

But of course I can run this manually.

But allowing access to router (remotely over Internet) by telnet or e.g. enabling remote access of its GUI (access to any firmware GUI) is bad thing. Security.

Voxel.

VasiliyM6
VasiliyM6's picture
Hi Voxel, 

Hi Voxel, 

Thanks for reply. 

I found some solution but it works quite unstable.....   https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-Telnet-C.... It requires static ARP entry in router for particular MAC address.  And then I simply send WOL command from Android application from Google Play via forwarded port 9. It looks for me that this static ARP entry is disappeared after while or after router reboot.  I previously used Asus N56 router and it has WOL feature in router management GUI.

Regards,    Vasiliy 

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.43SF.

Changes (vs 1.0.2.41SF):

1. Integration of changes from the latest stock v. 1.0.2.38.
2. Correction of new bugs in the stock 1.0.2.38.

* Bug in WebGUI: BASIC->ReadySHARE->ReadyCLOUD (404 page not found).
* Bug in WebGUI: ADVANCED->ReadySHARE->Media Server (iTunes server control exists, but package itself is removed).
* avahi service: lack of adisk.service template.
* etc. (several repeated in each release of stock firmware)​

3. forked-daapd package (iTunes Server) is removed, the same removal as in the stock 1.0.2.38.
4. libconfuse, libmxml, libantlr3c, libplist, libasound are removed (were used solely by forked-daapd, not needed now).
5. haveged package is added to feed the kernel entropy pool.
6. QoS: redis server/client package is upgraded 2.6.13->2.6.17 (i.e. to latest stable 2.6.x), its memory management scheme is changed.
7. OpenSSL is upgraded 1.0.2m->1.0.2n. Major changes (OpenSSL changelog):

Read/write after SSL object in error state (CVE-2017-3737)
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)​

8. ubus package is upgraded 2017-11-06->2017-11-13.
9. ffmpeg package is upgraded 0.11.2->3.2.9.
10. curl package is upgraded 7.56.1->7.57.0.
11. default congestion control is changed back to yeah, rmem_max/wmem_max values are increased.
12. dnscrypt-resolvers.csv is updated.
13. Several additional packages are optimized to minimize resulting size.

 

Thanks to Jeanmi and Tommaso for their help in testing beta version.
Also thanks to e38BimmerFN for testing ookla speed test from firmware.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

No reset is needed to upgrade from my previous versions.

P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).


Voxel.

Voxel
Voxel's picture
This version is released

This version is released mainly for some tuning and correction of reported problems (I had no plans to release it before Christmas ;-) :

 

a. Some speed degradation for speedtest in WebGUI. And sometimes in client’s Web browsers. As I found irqbalance was not so good for fine tuning. Now it is removed and I use manual spreading some interrupts between cores.

b. QoS DB. Too many people are reporting problems with latest QoS DB included into previous version. I am stressing again that QoS is used in my FW “as-is”, it was included into stock GPL sources in pre-built form and I do not change it. So now I reverted back to old version of QoS, the same is used in the stock firmware. You may upgrade it to newest one from WebGUI or use this version w/o upgrade.

c. Some people are feeling problems with OpenVPN client startup. Namely, they have some delay with setting date/time after reboot so certificates/keys/ca are not valid yet (1970 year). Two changes. First is setting date of firmware build in NTP client startup script, i.e. at least your certificates should be valid already and client should not wait setting proper date and time. Second: you can manually add delay before actual starting OpenVPN client. Command to add delay in e.g. 120 seconds from telnet/ssh console is

nvram set vpn_client_delay=120

nvram commit

To remove this delay set it to 0 or use the command “nvram unset vpn_client_delay

d. Possibility to use your own iptables rules w/o modification of /usr/sbin/net-wall script. If you have /root/firewall-start.sh script (executable) with your iptable commands it will be called automatically at the end of “net-wall start” command.​

 
 

New version of my custom firmware build: 1.0.2.44SF.

Changes (vs 1.0.2.43SF):

1. irqbalance package is removed.
2. Added manual spreading some interrupts between cores.
3. QoS DB included into firmware is downgraded to the version used in the stock firmware. You may update it from WebGUI.
4. Changes in OpenVPN cient startup script.
5. Changes in NTP client startup script.
6. avahi package is changed to use dbus.
7. libsodium package is upgraded 1.0.15->1.0.16.
8. CVE-2017-15275 patch is added to samba.
9. net-wall script is corrected to add possibility using own /root/firewall-start.sh script.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

No reset is needed to upgrade from my previous versions.

P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).

Voxel.

 

 

 

Zeljko1234
Zeljko1234's picture
My apologies for not coming
My apologies for not coming here for awhile, I had really busy year.
 
Anyway, thx Voxel for continues work on the new builds.
 
After long time of using R7800 in bridge mode (no complains in stability for almost a year without reboot), about a week ago I did factory reset, updated to the latest official fw and configured as a router/AP. 
 
GUI is really crapy and slow comparing with way cheaper TP-Link but that's not the issue. Issue is that in less than a week, clients lost Internet connection. Reason was that R7800 advertised itself as a DNS but didn't not forward request to the real one. I already manually configured DNSs in Internet settings of the router. Just re-applying was enough to fix the issue. For now...
 
Then I spent time looking into router GUI how to manually configure DNSs under DHCP but no such thing. Checking Internet, I've found that is not possible because Netgear wants to have http://www.routerlogin.com as login page (instead of good old IP). Also, I'm not only one with the issue.
 
Any solution? Voxel, can you extend you FW to add this function? And what a hell happened?
 
As dirty workaround, I manually configured DNSs in all my clients except camera which does not have such option.
Voxel
Voxel's picture
Hi Zeljko,

Hi Zeljko,

Sorry for a silence. Short vacations.

 

I did factory reset, updated to the latest official fw and configured as a router/AP. 

Could you provide more details: I do not use router in bridge mode. What version do you use, stock or my 44SF?

Voxel.

Voxel
Voxel's picture
New version of my custom

New version of my custom firmware build: 1.0.2.45SF.

Changes (vs 1.0.2.44SF):

1. Integration of changes from the latest stock v. 1.0.2.40:

2. Correction of NG bug in cron setting for logrotate and QoS monitoring (bug is found by kamoj).
3. tar pckage is upgraded 1.29->1.30.
4. uci package is upgraded 2017-09-29->2018-01-01.
5. libubox package is upgraded 2017-10-06->2018-01-07.
6. e2fsprogs package is upgraded 1.43.7->1.43.8.
7. dnscrypt-resolvers.csv is updated.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

No reset is needed to upgrade from my previous versions.

P.S.
Known problems:

Problem reported by Killhippie :

https://www.snbforums.com/threads/netgear-firmware-update-for-x4s-r7800-1-0-2-40.42724/#post-364447

should be there too.

And most probably no correction of L2TP problem reported by Temchenko.

https://www.snbforums.com/threads/c...r-r7800-v-1-0-2-44sf.42882/page-5#post-369638

 

Voxel.

Pages