Custom firmware build for R7800 v. 1.0.2.61SF

[Voxel]

Continuation of
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-60sf.48805/

New version of my custom firmware build: 1.0.2.61SF.

Changes (vs 1.0.2.60SF):

1. stubby package is added to provide DNS-over-TLS support:

to enable stubby run the commands from telnet/ssh console:

nvram set stubby=1
nvram commit​

and reboot your router; to disable stubby run the commands from telnet/ssh console:

nvram set stubby=0
nvram commit​

and reboot your router.​

2. getdns, unbound, yaml, ca-certificates packages are added (stubby dependences).
3. sqlite3 package is upgraded 3230100->3240000.
4. liblz4 package is upgraded 1.8.2->1.8.3.
5. sysstat package is upgraded 11.0.4->11.6.4.
6. ubus package is upgraded 2018-07-26->2018-10-06-221ce7e7.
7. libevent2-pthreads packages is removed (not used).
8. Toolchain: binutils version is upgraded to 2.31.1.
9. Host tools: two components are upgraded.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

So important notes:

1. stubby (DNS-Over-TLS) is already included into firmware (not necessary to install add-on). To enable stubby run the commands from telnet/ssh console:

nvram set stubby=1
nvram commit​

and reboot your router; to disable stubby run the commands from telnet/ssh console:

nvram set stubby=0
nvram commit​

and reboot your router. Currently it is configured to use Cloudflare servers (DoT). You may customize your config file:

/etc/stubby/stubby.yml

2. dnscrypt-proxy (v. 1) is left in firmware (will be removed in the next release). If both (dnscrypt-proxy and stubby) are enabled, stubby has higher priority and dnscrypt-proxy will be stopped.

Voxel.

 

[pege63]

Nice work Voxel, thanks.

 

[cdysthe]

This is my first upgrade. Should I factory reset and restore backed up settings, or can I just upgrade as is?

Otherwise, works like a charm. Thank you so much!

 

[Voxel]

This is my first upgrade. Should I factory reset and restore backed up settings, or can I just upgrade as is?

Just upgrade "as is".

There could be problems when upgrading from the version prior to 1.0.2.53SF (or 1.0.2.52 stock) when GUI could reject flashing with a message something like "wrong firmware file". Remedy is to use intermediate flashing: 1.0.2.60SF and then 1.0.2.61SF.

Voxel.

 

[cdysthe]

Just upgrade "as is".

There could be problems when upgrading from the version prior to 1.0.2.53SF (or 1.0.2.52 stock) when GUI could reject flashing with a message something like "wrong firmware file". Remedy is to use intermediate flashing: 1.0.2.60SF and then 1.0.2.61SF.

Voxel.

Thanks. That's the easiest quickest update I've ever had on a Nighthawk!

 

[RamboUnchained]

So, I've been thinking about getting an R7800 for a while and I have a few questions for you, Voxel.

1. Can the R7800 handle QOS of a 400/20 connection without neutering my download speed like the ER-X does? I cant get more than 225Mbps with the Edge Router with QOS enabled.
2. Is there a way to prioritize traffic by packet type in your FW? (i.e prioritizing ICMP traffic on a gaming console)
3. Are there any manual bandwidth control options available?

 

[MinkyMomo]

Another fantastic update, Voxel. Upgraded from 1.0.2.60SF, enabled stubby (using stock settings for now), and all's well. Thanks!

 

[Voxel]

So, I've been thinking about getting an R7800 for a while and I have a few questions for you, Voxel.

1. Can the R7800 handle QOS of a 400/20 connection without neutering my download speed like the ER-X does? I cant get more than 225Mbps with the Edge Router with QOS enabled.
2. Is there a way to prioritize traffic by packet type in your FW? (i.e prioritizing ICMP traffic on a gaming console)
3. Are there any manual bandwidth control options available?

QoS: to say true I do not use it. It is handled by NG and QCA and is used almost "as-is" in my fw (== QoS in the stock fw). With only some upgrades of obsolete packages such as redis, etc.

IMO your download speed does not require QoS, Anyway, maybe I am mistaken:

1. I think "yes".
2. Rather "no".
3. It is possible to limit manually download/upload speed. Nothing more.

Voxel.

 

[RamboUnchained]

Cool. Is it still possible to install your DumaOS "hack" on the R7800? If so, can you PM me the link?

 

[Killhippie]

Cool. Is it still possible to install your DumaOS "hack" on the R7800? If so, can you PM me the link?

Voxel did not provide a DumaOS 'hack' and hacks that are illegal are not welcome on this forum. DumaOS is proprietary software of Netduma, its stealing.

 

[Voxel]

Thanks Gary.

Cool. Is it still possible to install your DumaOS "hack" on the R7800? If so, can you PM me the link?

Probably it is necessary to prepare FAQ re: Voxel and Voxel's FW. Please read this:

https://www.snbforums.com/threads/d...by-add-ons-for-r7800-r9000.48445/#post-429364

Hacking binary firmware for XR500 to use it on R7800 is illegal activity. It assumes loses of profits for honest developers such as DumaOS people, NETGEAR and even my own (this man extracted some of my pre-built packages such as samba, dropbear and put them into his hack). Anybody is free to use source codes to build own version by compilation. It is legal. But such hacks are violation of laws and rules and moreover is dangerous for you too:

https://www.snbforums.com/threads/n...ces-with-this-router.45569/page-8#post-401463

Voxel.

 

[routine]

What is the difference between stubby and dnscrypt in addition to the programming language?
What is the best solution of the two? Which one has the best performances?

 

[RamboUnchained]

Ahhh sorry, guys.

 

[xBryan]

Not specific to this fw ver but I noticed after .60 I want to say.
About once a day I have the following on my firewall with the R7800 as the source. It is in AP mode fwiw so it's indeed that doing since nothing uses it as a GW and the source IP is it. I guess I could try to setup packet capture to snag what the data is but figured would ask too.

50.200.136.108:57599 - ET CINS Active Threat Intelligence Poor Reputation

My only thought is some package or something is doing.
I have all things in the GUI disabled on R7800 and being in AP mode that also disables a bunch. Autoupdate is off, NTP is pointing to an internal NTP server etc. so lost as to why it's making outside attempts.

 

[Sizzlechest]

I use OpenDNS, so I assume I'm "stuck" with choosing DNS Crypt. Are the instructions here still valid?

 

[Voxel]

What is the difference between stubby and dnscrypt in addition to the programming language?
What is the best solution of the two? Which one has the best performances?

Almost the same goal. Probably stubby is more preferable because it is a standard.

Voxel.

 

[Voxel]

I use OpenDNS, so I assume I'm "stuck" with choosing DNS Crypt. Are the instructions here still valid?

Yes sure.You can use it according to this instruction. But do not enable stubby. The last will shutdown dnscrypt-proxy if enabled.

Voxel.

 

[olavocastro]

Hi @Voxel, I just upgraded to your build (1.0.2.61SF) from stock firmware (1.0.2.58) on my R7800, I have 2 questions though.
1) Why is the VPN Client settings missing from the web UI, it is present on the original firmware. (I am not using this feature so it's fine for me, just curious)
2) I have an issue with the OpenVpn server. It was working correctly both for TAP and TUN before the upgrade. Now I am only able to connect using TAP, TUN is not connecting no matter what. I suspect this is a firewall/iptables issue but I have no idea. I tried to restore factory settings and even rollback to original firmware but it doesn't work anymore. I also tried to open the port manually using the instructions on your readme file but no luck so far.
The server log shows nothing and the client log is stuck on "Connecting to x.x.x.x:12973 via UDPv4" then timeout.

Can you help me to find out the issue?

 

[Voxel]

1) Why is the VPN Client settings missing from the web UI, it is present on the original firmware. (I am not using this feature so it's fine for me, just curious)

There is my own scheme with OpenVPN client, not limited to selected by NG subset. So there could be conflicts if I leave stock scheme.

2) I have an issue with the OpenVpn server. It was working correctly both for TAP and TUN before the upgrade. Now I am only able to connect using TAP, TUN is not connecting no matter what. I suspect this is a firewall/iptables issue but I have no idea. I tried to restore factory settings and even rollback to original firmware but it doesn't work anymore. I also tried to open the port manually using the instructions on your readme file but no luck so far.
The server log shows nothing and the client log is stuck on "Connecting to x.x.x.x:12973 via UDPv4" then timeout.

I checked right now. TUN: do you mean what is named [For Smart Phones]? Anyway I checked both: [For Windows] and [For Smart Phones], Advanced Configuration (*) UDP (2.4.x clients). When connected can ping LAN IP of my router and IP of other client in remote LAN.

Try to renew all:

1. Disable in GUI OpenVPN server
2. From telnet console run:

/etc/init.d/openvpn regenerate_cert_file

3. Reboot your router
4. Enable OpenVPN server in GUI
5. Download your client configs again.

Voxel.

 

[percy3]

Hi @Voxel, I just upgraded to your build (1.0.2.61SF) from stock firmware (1.0.2.58) on my R7800, I have 2 questions though.
1) Why is the VPN Client settings missing from the web UI, it is present on the original firmware. (I am not using this feature so it's fine for me, just curious)
2) I have an issue with the OpenVpn server. It was working correctly both for TAP and TUN before the upgrade. Now I am only able to connect using TAP, TUN is not connecting no matter what. I suspect this is a firewall/iptables issue but I have no idea. I tried to restore factory settings and even rollback to original firmware but it doesn't work anymore. I also tried to open the port manually using the instructions on your readme file but no luck so far.
The server log shows nothing and the client log is stuck on "Connecting to x.x.x.x:12973 via UDPv4" then timeout.

Can you help me to find out the issue?

I had some problems with persistent config as well. Here is info how to clean up all config: https://www.snbforums.com/threads/c...r-r7800-v-1-0-2-60sf.48805/page-7#post-438643
As for TAP/TUN issues I have the opposite. Connection with client.ovpn (TAP) is established but no traffic whatsoever. Have not investigated further but looks like I am connecting to Guest network. smartphone.ovpn (TUN) profile works perfectly.