Custom firmware build for R7800 v. 1.0.2.23SF & v. 1.0.2.24SF
- Thread starter Voxel
- Start date
This firmware is really great!
I am currently on 23SF, but I think I will wait to upgrade to 24SF since 23 is working very well for me.
I have a lot of stuff set up in "Access Control" and I always do a reset to factory after I upgrade(This seems to make the install "Cleaner".
I am just a little Leary about reloading from a backup cause all the guys in the RMerlin thread advise against it on the Asus(Which I use as a bridge on RT-3100.). It does seem to work ok on the R7800 so far, but I am just a worrier. So I try to be as careful as I can.
Voxel is great! He has held my hand in setting up SSH access and I can't express my gratitude enough!
My Linux knowledge is limited. So I need to be coached like a kid learning to play football.
If I can. I will try to put together a guide on how to do this. Something like, "Voxel's firmware for dummies" or similar.
Using only Windows makes it a lot harder to do, but it can be done thanks to Voxel's patients and willingness to help.
I am currently on 23SF, but I think I will wait to upgrade to 24SF since 23 is working very well for me.
I have a lot of stuff set up in "Access Control" and I always do a reset to factory after I upgrade(This seems to make the install "Cleaner".
I am just a little Leary about reloading from a backup cause all the guys in the RMerlin thread advise against it on the Asus(Which I use as a bridge on RT-3100.). It does seem to work ok on the R7800 so far, but I am just a worrier. So I try to be as careful as I can.
Voxel is great! He has held my hand in setting up SSH access and I can't express my gratitude enough!
My Linux knowledge is limited. So I need to be coached like a kid learning to play football.
If I can. I will try to put together a guide on how to do this. Something like, "Voxel's firmware for dummies" or similar.
Using only Windows makes it a lot harder to do, but it can be done thanks to Voxel's patients and willingness to help.
Last edited:
staticfree
Regular Contributor
Okay Voxel, I will load your new 24SF probably tonight when I can get some down time. I am still worried about Netgear not fixing their terrible openvpn certificate and key generation though. From what I can see in their firmware implementation, they have the certificates and keys all embedded in their firmware and when you reboot or restart their openvpn, it just extracts the configs from their firmware into a .tar file and then untars their hard coded config keys into place in the /tmp/openvpn directory. If those keys are not generated uniquely each time the Netgear router starts openvpn, then it seems to me that everyone with this Netgear R7800 router will have the same exact configs, certificates and keys!
I can't believe Netgear management is not concerned about this security exposure enough to fix it. All these years it has been like this. Most casual users won't be aware of this exposure when they enable their openvpn. Wow!
Voxel
Part of the Furniture
You can restore your settings from backup. No problems if you upgrade from my 1.0.2.23SF to my 1.0.2.24SF.
Voxel.
Voxel
Part of the Furniture
IMO it is not so dangerous to use generated by firmware keys/ca/certs. I did not investigate this in deep, but logically if you do not share such generated CA, then it cannot not be used by third party to sign their client cert/keys. And your VPN will not accept alien clients.
(But I’m using my own
Paranoia )Voxel.
staticfree
Regular Contributor
Okay, better safe than sorry.IMO it is not so dangerous to use generated by firmware keys/ca/certs. I did not investigate this in deep, but logically if you do not share such generated CA, then it cannot not be used by third party to sign their client cert/keys. And your VPN will not accept alien clients.
(But I’m using my own
Voxel.
I'm not sure how exactly that Netgear CA is generated or working for sure but it looks like the CA file is hard coded in their firmware and if so, it will be exactly the same CA for everybody who uses it. No? Anyway, I hope you are right on that. Regardless, Thanks for your great work!
staticfree
Regular Contributor
Voxel, okay, I loaded the new 24SF firmware tonight and it is working just fine now. Netgear openvpn is working again with its own certificate keys.IMO it is not so dangerous to use generated by firmware keys/ca/certs. I did not investigate this in deep, but logically if you do not share such generated CA, then it cannot not be used by third party to sign their client cert/keys. And your VPN will not accept alien clients.
(But I’m using my own
Voxel.
I see now in their script that there is a re-generate CA, keys and certificates routine that I suppose will make each Netgear router CA unique. But I am not for sure either on it. But the fact that each router generates the same CA and keys over and over again is still a concern for distributed client keys on devices that you might want to revoke but can't using Netgears openvpn. Generating new CA, dh and keys and stuff is difficult and beyond most folks to do and install!
Voxel
Part of the Furniture
You know, if there are any doubts, how do you say: "better safe than sorry". I added possibility of using own keys/certs. I use my own to do not think about it: just set up and forget.
OK, Now everything is OK with OpenVPN. I'll update my initial post in this thread: not so many changes to start new thread.
Voxel.
staticfree
Regular Contributor
Okay, sounds good. Your customized firmware is working solid for me now. I don't use all the extra fancy stuff like traffic metering, QOS or anything, so I can't speak to that area. But for my basic reliability internet and LAN connections use, it is solid. I also like that I can just load and use the same exact configuration files from the original Netgear v1.0.2.20 firmware without any resetting or wipes. It just works. Thank You!
Hello Voxel or any other expert,
Is this as easy 2 install as kong/dd-wrt, just reset settings and upgrade in gui etc? Can't find a guide..
I'm back on stock now from dd-wrt.. is it just to upgrade in netgear gui with R7800-V1.0.2.24SF.img from netgear stock? How do I rewert 2 stock?
Can I use openvpn/client in router after upgrade?
Cheers
Is this as easy 2 install as kong/dd-wrt, just reset settings and upgrade in gui etc? Can't find a guide..
I'm back on stock now from dd-wrt.. is it just to upgrade in netgear gui with R7800-V1.0.2.24SF.img from netgear stock? How do I rewert 2 stock?
Can I use openvpn/client in router after upgrade?
Cheers
Voxel
Part of the Furniture
Most probably it is possible. I did not investigate this in deep. If you need also to setup your iptables rules then the only problem is Netgear's firewall (/usr/sbin/net-wall, no source codes) which spoils all iptables settings. I did some modification of /usr/sbin/net-wall, now it is script which sets also my settings and runs original precompiled net-wall (I renamed it as net-wall-bin). So you should modify this my script adding your rules for client after call of Netgear's firewall. See for example how kyle55555 did modification of this script adding TUN OpenVPN to R7500v1:
https://www.snbforums.com/threads/custom-firmware-build-for-r7800.36859/page-3
It is not your case, but explains how to modify /usr/sbin/net-wall script for own needs.
Check from console: run manually openvpn as a client to connect to OpenVPN server you plan to use. Not necessary to install Entware for this.
Voxel.
Voxel
Part of the Furniture
For those who use Entware:
New version of Entware-3x (my build optimized for IPQ806x) is available to download:
https://www.mediafire.com/folder/tyj61i5uc610w/voxel-firmware
Build 170221.
What’s new:
1. Synchronized with LEDE and OpenWRT.
2. New toolchain is used with GCC 6.3.0 and glibc 2.25.
In my build:
1. Optimized for IPQ806x (compiler options).
2. Kernel 3.4.103 is used in compilation.
3. Few packages are upgraded to more recent versions.
4. OpenSSL asm acceleration is used.
5. OpenVPN is compiled with use of external LZ4 library v.1.7.5 (the last is added to packages)
Voxel.
New version of Entware-3x (my build optimized for IPQ806x) is available to download:
https://www.mediafire.com/folder/tyj61i5uc610w/voxel-firmware
Build 170221.
What’s new:
1. Synchronized with LEDE and OpenWRT.
2. New toolchain is used with GCC 6.3.0 and glibc 2.25.
In my build:
1. Optimized for IPQ806x (compiler options).
2. Kernel 3.4.103 is used in compilation.
3. Few packages are upgraded to more recent versions.
4. OpenSSL asm acceleration is used.
5. OpenVPN is compiled with use of external LZ4 library v.1.7.5 (the last is added to packages)
Voxel.
I'm trying to figure out how to use Transmission instead of Netgear Manager. I followed the steps in readme.docx from Voxel Mediafire space.
I have a 2 TB HDD that is formatted as NTFS. I don't think I can create a swap file in root of drive and expect it to work. So I attached a 8 GB USB stick formatted as ext4 and created a 1GB swap file in it. Still can't get Transmission to work, it shows me a blank page in GUI with a small sad face diagram and "routerlogin.net is not responding" underneath.
Any help is appreciated
I have a 2 TB HDD that is formatted as NTFS. I don't think I can create a swap file in root of drive and expect it to work. So I attached a 8 GB USB stick formatted as ext4 and created a 1GB swap file in it. Still can't get Transmission to work, it shows me a blank page in GUI with a small sad face diagram and "routerlogin.net is not responding" underneath.
Any help is appreciated
Voxel
Part of the Furniture
Probably you use HTTPS connection to your router's WebGUI? Some browsers block HTTP inside HTTPS (Transmission in this firmware uses HTTP).
Try to enter to your router using HTTP, not secure HTTPS. Also make sure that:
1. You set download directory from Netgear Download manager
2. You disable Netgear Download manager
Transmission should be accessible even w/o setting swap.
If still problems, try to enter to Transmission GUI directly, using IP of your router and port 9091. I.e. if your router LAN IP is 192.168.1.1 then use:
http://192.168.1.1:9091
(it is to check that it is working)
Voxel.
Last edited:
Thanks Voxel. I'm not using HTTPS, just plain non secure protocol. I have already set the download directory to Easyshare default (I think it's called USB_share, mapped to U drive in my case), and I have Netgear Downloader disabled.
I could access Transmission at port 9091 as you pointed, but there is no control buttons, i.e. can't add a torrent. I'm using Chrome.
UPDATE: Now it's working at port 9091 after clearing Chrome cache. Thank you
Sent from my ONEPLUS A3003 using Tapatalk
I could access Transmission at port 9091 as you pointed, but there is no control buttons, i.e. can't add a torrent. I'm using Chrome.
UPDATE: Now it's working at port 9091 after clearing Chrome cache. Thank you
Sent from my ONEPLUS A3003 using Tapatalk
Last edited:
Similar threads
Similar threads
Similar threads
-
Voxel Custom firmware build for R9000/R8900 v. 1.0.4.77HF
- Started by Voxel
- Replies: 5
-
Voxel Custom firmware build for R7800 v. 1.0.2.111SF
- Started by Voxel
- Replies: 11
-
Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.46SF-HW
- Started by Voxel
- Replies: 5
-
Voxel Custom firmware build for R9000/R8900 v. 1.0.4.76HF
- Started by Voxel
- Replies: 7
-
Voxel Custom firmware build for R7800 v. 1.0.2.110SF
- Started by Voxel
- Replies: 15
-
Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.45SF-HW
- Started by Voxel
- Replies: 5
-
Voxel Custom firmware build for R9000/R8900 v. 1.0.4.75HF
- Started by Voxel
- Replies: 2
-
Voxel Custom firmware build for R7800 v. 1.0.2.109SF
- Started by Voxel
- Replies: 8