Develop your Cybersecurity Framework
Supply chain attacks, ransomware attacks, phishing, data breaches; all these types of attacks are on the rise, thanks to the expansion of the connected world. With greater expansion comes greater security risk.Recent comments
- After the initial Kong Mod 1 month 1 week ago
- Working the EXACT same 1 month 1 week ago
- While the "5 Easy Steps" 1 month 2 weeks ago
- R8000P would be grate to see. 1 month 2 weeks ago
- Have a R8000 but ordered a 1 month 2 weeks ago
Thank You for Your help! Also thank You for this firmware, it is perfect for me, it is so much better than stock.
Thank You for Your help! Also thank You for this firmware, it is perfect for me, it is so much better than stock.
HI Voxel,
is there a way to keep the authorized_keys SSH access, OpenVPN config files, crontab and other custom scripts when updating from one version of your firmware to the next?
There are quite a few changes I made after installing the FW and I just updated from 1.0.2.36SF to 1.0.2.38F because of the new OpenVPN client version, but it erased everything and I had to reconfigure everything from scratch, creating a USB stick with the authorized keys to access the router and then copy and edit lots of files.
Since this takes some time, I'd love to somehow be able to update the FW without this extra work. Is this possible?
Best
Martin
Hi Martin,
I use tarball and external USB disk for backup/restore. Something like:
Backup (once):
cd /
tar cf /mnt/sda1/backup.tar etc/dropbear/ etc/openvpn/config/ root/.ssh/
Restore entering by telnet (after every flashing):
cd /
tar xf /mnt/sda1/backup.tar
reboot
So having backup.tar on USB I can restore all my specific settings after flashing.
Voxel.
New version of my custom firmware build: 1.0.2.39SF.
Changes (vs 1.0.2.38SF):
1. Most important: samba write speed is imporved (thanks to RMerlin for his tip (affinity)).
2. Changes in OpenVPN servers startup script (first is now using core0, second: core1).
3. Changes in OpenVPN client (now it is using core1).
4. taskset utility is added.
5. e2fsprogs package is upgraded 1.43.6->1.43.7.
6. curl package is upgraded 7.55.1->7.56.1.
7. ethtool package is upgaded 4.11->4.13.
8. wget package is upgraded 1.19.1->1.19.2.
9. Host tools: three components are upgraded.
10. Toolchain: Patch is added to compiler (to support compilation by gcc 6.3.0).
The link is:
https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).
No reset is needed to upgrade from my previous versions.
P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).
Voxel.
Hi Voxel,
I would like to ask another question about Transmission 2.92+git. What exactly was changed compared to 2.92? Is that a sort of candidate release of official version or something else?
2.92+ git is some bugs/problems fixing in 2.92. It is supposed to be added to next release.
You can check:
https://github.com/transmission/transmission/pull/134
Voxel.
Hi Voxel,
Today I switched from ddwrt to your firmeware on my R7800.
Can you indicate how I can install and use the Openvpn client on my router? Thx for your tips ands suggestions!
Sorry, found the manual
Hi Voxel, back again
with a small question.
I read the manual. I read that, at this time, it isn't possible to use the Openvpn-server and the Openvpn-client at the same time. I must say I like you firmware very mutch because it's quite easy to handle. What I liked in the ddwrt software was the option to use both server and client functionality at the same time.
Are you planning to make it possible to use both functions at the same time. Would be very appreciated over here... Although, keep up the good work!
Are you planning to make it possible to use both functions at the same time. Would be very appreciated over here... Although, keep up the good work!
In general, no problems. Just I need some time for this. OK, I need some feedbacks rom my users to know their needs.Maybe in the next release.
Voxel.
Hi Voxel, I have some automation based on whether certain device is connected to wireless network. With DD-WRT firmware, I can get the mac address for all devices on wireless network using wl command. With your firmware, what is the most efficient way to get the mac address on wireless network? Thanks.
Hi siapi,
Most probably it is enough for you to use "wlan stainfo" command from console?
Voxel.
I didn't try it and but you may need pptp first
Does this firmware add functionality for setting up scheduled reboots and for Wake On Lan from the GUI?
Does this firmware add functionality for setting up scheduled reboots and for Wake On Lan from the GUI?
Functionality: yes, GUI: no.
You can use cron from Entware to schedule reboots and etherwake/wakeonlan from the same Entware. But all this is executed from console (telnet or ssh).
https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html
Voxel.
Hi Voxel, thank you very much for the firmware.
One improvement, if possible, for next versin (using R7800), in the Web management, Donwload manager: over remote management, transmission iframe does not use the dns address (but rather hardcoded local ip). This is of course no problem with VPN, but without it does not work.
Thanks!
Thanks for your reply. Isn't cron included in the stock firmware? Poking around via telnet I see crontab.
I do not quite understand. I use for transmission frame not IP but:
http://routerlogin.net:9091
It does not work for you?
Voxel.
Crontab:
IMO it is better to do not use cron/crontab from firmware. It is used for internal needs such as checking QoS working, its update, update of firmware etc. And if you intend to use this cron you should somehow add your own job, right? E.g. reboot. So you should store somehow your own script which adds your job to cron or something similar. To add it after each reboot.
Entware is using USB drive where you can create your own job and it will be stored on USB drive. Entware is not so difficult ;-) I prepared simplified initial version which should be unpacked on your USB (formated as ext2/3/4) and after reboot just add cron package
/opt/bin/opkg install cron
and use it for your needs.
You can use even telnet for this.
Voxel.
Hi Voxel,
But how Wake On Lan is working without GUI in you firmawre? Should I remotely telnet to router and run some command?
Regards, Vasiliy
Hi Voxel,
Thanks for quick reply, indeed you use http://routerlogin.net:9091 for the address, but that is a problem when accessing the router Remote Management On mode over: https://customdns.com:8443 - then transmission is not accessible, would work if I open the port 9091 and have the frame poiting to https://customdns.com:9091..
Thanks,
danciucul
Hi Voxel,
Thanks for quick reply, indeed you use http://routerlogin.net:9091 for the address, but that is a problem when accessing the router Remote Management On mode over: https://customdns.com:8443 - then transmission is not accessible, would work if I open the port 9091 and have the frame poiting to https://customdns.com:9091..
Thanks,
danciucul
Hi Vasiliy,
Use of telnet over Internet (i.e. telnet to router remotely) would be bad thing. I use ssh.
Well, more details re: how I do that. I do use ssh enabled on this router with opening ssh port 22 to external world. And I have remote Linux server with my own Web-page. ssh key from server is added to allowed client on my router so I can run something like:
ssh -y [email protected]-IP-address /mnt/sda1/wake-on-lan.sh
from my server console. And after this I force my home computer to wake up.
Usually I do not run this script manually, I just have special page in my Web-server which run this command when I click corresponding link.
But of course I can run this manually.
But allowing access to router (remotely over Internet) by telnet or e.g. enabling remote access of its GUI (access to any firmware GUI) is bad thing. Security.
Voxel.
Hi Voxel,
Thanks for reply.
I found some solution but it works quite unstable..... https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-Telnet-C.... It requires static ARP entry in router for particular MAC address. And then I simply send WOL command from Android application from Google Play via forwarded port 9. It looks for me that this static ARP entry is disappeared after while or after router reboot. I previously used Asus N56 router and it has WOL feature in router management GUI.
Regards, Vasiliy
New version of my custom firmware build: 1.0.2.43SF.
Changes (vs 1.0.2.41SF):
1. Integration of changes from the latest stock v. 1.0.2.38.
2. Correction of new bugs in the stock 1.0.2.38.
* Bug in WebGUI: ADVANCED->ReadySHARE->Media Server (iTunes server control exists, but package itself is removed).
* avahi service: lack of adisk.service template.
* etc. (several repeated in each release of stock firmware)
3. forked-daapd package (iTunes Server) is removed, the same removal as in the stock 1.0.2.38.
4. libconfuse, libmxml, libantlr3c, libplist, libasound are removed (were used solely by forked-daapd, not needed now).
5. haveged package is added to feed the kernel entropy pool.
6. QoS: redis server/client package is upgraded 2.6.13->2.6.17 (i.e. to latest stable 2.6.x), its memory management scheme is changed.
7. OpenSSL is upgraded 1.0.2m->1.0.2n. Major changes (OpenSSL changelog):
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
8. ubus package is upgraded 2017-11-06->2017-11-13.
9. ffmpeg package is upgraded 0.11.2->3.2.9.
10. curl package is upgraded 7.56.1->7.57.0.
11. default congestion control is changed back to yeah, rmem_max/wmem_max values are increased.
12. dnscrypt-resolvers.csv is updated.
13. Several additional packages are optimized to minimize resulting size.
Thanks to Jeanmi and Tommaso for their help in testing beta version.
Also thanks to e38BimmerFN for testing ookla speed test from firmware.
The link is:
https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).
No reset is needed to upgrade from my previous versions.
P.S.
This version does not include the fix for the WPA2 Vulnerability in bridge mode (the last is not released by NETGEAR yet).
Voxel.
This version is released mainly for some tuning and correction of reported problems (I had no plans to release it before Christmas ;-) :
b. QoS DB. Too many people are reporting problems with latest QoS DB included into previous version. I am stressing again that QoS is used in my FW “as-is”, it was included into stock GPL sources in pre-built form and I do not change it. So now I reverted back to old version of QoS, the same is used in the stock firmware. You may upgrade it to newest one from WebGUI or use this version w/o upgrade.
c. Some people are feeling problems with OpenVPN client startup. Namely, they have some delay with setting date/time after reboot so certificates/keys/ca are not valid yet (1970 year). Two changes. First is setting date of firmware build in NTP client startup script, i.e. at least your certificates should be valid already and client should not wait setting proper date and time. Second: you can manually add delay before actual starting OpenVPN client. Command to add delay in e.g. 120 seconds from telnet/ssh console is
nvram set vpn_client_delay=120
nvram commit
To remove this delay set it to 0 or use the command “nvram unset vpn_client_delay”
d. Possibility to use your own iptables rules w/o modification of /usr/sbin/net-wall script. If you have /root/firewall-start.sh script (executable) with your iptable commands it will be called automatically at the end of “net-wall start” command.
Hi Zeljko,
Sorry for a silence. Short vacations.
I did factory reset, updated to the latest official fw and configured as a router/AP.
Could you provide more details: I do not use router in bridge mode. What version do you use, stock or my 44SF?
Voxel.
New version of my custom firmware build: 1.0.2.45SF.
Changes (vs 1.0.2.44SF):
1. Integration of changes from the latest stock v. 1.0.2.40:
https://kb.netgear.com/000053137/Se...on-on-Some-Routers-and-Gateways-PSV-2016-0131
1.0.2.40 Release Notes:
2. Correction of NG bug in cron setting for logrotate and QoS monitoring (bug is found by kamoj).
3. tar pckage is upgraded 1.29->1.30.
4. uci package is upgraded 2017-09-29->2018-01-01.
5. libubox package is upgraded 2017-10-06->2018-01-07.
6. e2fsprogs package is upgraded 1.43.7->1.43.8.
7. dnscrypt-resolvers.csv is updated.
The link is:
https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).
No reset is needed to upgrade from my previous versions.
P.S.
Known problems:
Problem reported by Killhippie :
https://www.snbforums.com/threads/netgear-firmware-update-for-x4s-r7800-1-0-2-40.42724/#post-364447
should be there too.
And most probably no correction of L2TP problem reported by Temchenko.
https://www.snbforums.com/threads/c...r-r7800-v-1-0-2-44sf.42882/page-5#post-369638
Voxel.
Pages