What's new

Voxel Custom firmware build for R9000/R8900 v. 1.0.4.72HF

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Voxel

Part of the Furniture
Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-70hf.86329/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-71hf.87157/

New version of my custom firmware build: 1.0.4.72HF.

Changes (vs 1.0.4.71HF):

1. Toolchain: Go is upgraded 1.21.3->1.21.5.
2. Toolchain: gdb is upgraded to 13.2.
3. Toolchain: enable 'XATTR' for uClibc (needed to compile 'libcap-ng').
4. samba36: add patches to fix CVE:
CVE-2015-5330, CVE-2017-11103, CVE-2017-2619, CVE-2018-14629, CVE-2018-16841,​
CVE-2018-16851, CVE-2018-16860, CVE-2019-10218, CVE-2019-3880, CVE-2020-10745,​
CVE-2020-14303​
5. jq package is upgraded 1.7->1.7.1 (fixing CVE-2023-50246, CVE-2023-50268).
(score 5.5, Medium)​
(score 5.5, Medium)​
6. OpenVPN is upgraded 2.5.9->2.6.8.
7. Add 'libcap-ng' package (needed to compile OpenVPN 2.6.x).
8. OpenVPN server: set default cipher to 'CHACHA20-POLY1305' for client config ('download' script).
9. net-cgi: change messages 'OpenVPN 2.5.x'->'OpenVPN 2.6.x'.
10. proftpd package is upgraded 1.3.8a->1.3.8b.
11. ethtool package is upgraded 6.5->6.6.
12. curl package is upgraded 8.4.0->8.5.0.
13. sysstat package is upgraded 12.7.4->12.7.5.
14. iperf3 package is upgraded 3.15->3.16.
15. ubus package is upgraded 2023-06-05->2023-11-28.
16. libubox package is upgraded 2023-05-23->2023-12-04.1.
17. unbound package (used in stubby) is upgraded 1.18.0->1.19.0.
18. libgcrypt package is upgraded 1.10.2->1.10.3.
19. libnl-tiny package is upgraded 2023-07-27->2023-12-05.
20. ffmpeg (minidlna) package is upgraded 6.0->6.1.
21. libid3tag (minidlna) package is upgraded 0.16.2->0.16.3.
22. iproute2: change the 'ip' utility from 'full' to 'tiny' to save space.
23. Remove 'dni-openvpn-client' package (unused).
24. Host tools: upgrade mkimage/u-boot to 2023.10.
25. Host tools: upgrade xz to 5.4.5.
26. Host tools: upgrade UPX to 4.2.1.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Merry Xmas,
Voxel.
 
Smooth update from v 1.0.4.71.1HF. Running Windows 10 and Firefox from an Ethernet connected desktop.

Looking forward to testing out the VPN server update.

Thank you for your work and Merry Christmas.
 
Looking forward to testing out the VPN server update.
Yes, this is the most important item in the update. You're right. I hope everything will work as intended. Of course, I don't release at the last minute without testing beforehand. I've been testing this OpenVPN update for about three weeks now. I hope everything works as intended.

Here are the most potentially problematic changes in the pp:

3. Toolchain: enable 'XATTR' for uClibc (needed to compile 'libcap-ng').

and in:

7. Add 'libcap-ng' package (needed to compile OpenVPN 2.6.x).

For example, libcap-ng version 0.8.4 is not even included in the packages of OpenWRT and other developers of embedded systems yet.

But @kamoj will help everyone to test it :).

Thanks for the congratulations and best wishes to you and your family.

Merry Christmas,
Voxel.
 
Update went smoothly, configured the VPN and tested everything went well except for OpenVPN for Android, normally I would think I can whitelist my SSID so VPN is not activated but the developer choose not to do so. If OpenVPN is running all Internet traffic is blocked while inside the Home Network. Is it possible to configure the Firmware to recognize that it is trying to connect back through VPN, deny and push and allow traffic from the Internet? Is there another Android OpenVPN client you can recommend that allows me to whitelist my SSID?

Thank you
 
Update went smoothly, configured the VPN and tested everything went well except for OpenVPN for Android, normally I would think I can whitelist my SSID so VPN is not activated but the developer choose not to do so. If OpenVPN is running all Internet traffic is blocked while inside the Home Network. Is it possible to configure the Firmware to recognize that it is trying to connect back through VPN, deny and push and allow traffic from the Internet? Is there another Android OpenVPN client you can recommend that allows me to whitelist my SSID?

Thank you
So you want to block access from WiFi to the OpenVPN server on your router, so that your OpenVPN client cannot connect and thus will fall back to using WiFi directly??
Don't think it is very secure if the OpenVPN client would behave in that way.

Why not configure this option "Clients will use this VPN connection to access" = "All sites on the Internet & Home Network" in the OpenVPN server settings?
(at least I have that option enabled on my R7800, so I assume the R9000 has a similar setting)
 
So you want to block access from WiFi to the OpenVPN server on your router, so that your OpenVPN client cannot connect and thus will fall back to using WiFi directly??
Don't think it is very secure if the OpenVPN client would behave in that way.

Why not configure this option "Clients will use this VPN connection to access" = "All sites on the Internet & Home Network" in the OpenVPN server settings?
(at least I have that option enabled on my R7800, so I assume the R9000 has a similar setting)
Apologizes I was not clear, Everything works as expected when I am connected to Cellular or an outside Network, when I am in house on the Home Network I lose Internet Access unless I disconnect manually from the OpenVPN Client (I keep forgetting), Ideally the OpenVPN Client I could Whitelist my SSID on my Mobile Phone. I use OpenVPN to connect when I am traveling to my home network.
 
I guess I overlooked the fact that you mentioned everything works when traveling.

So basically the VPN client is still set to active, but for some reason cannot connect? And thus the phone/openvpn client is blocking direct access to internet?

in that case, the OpenVPN client is doing what it should. nothing you can do on the router to override that client behaviour. (other than figuring out why it won't let you connect)
And I have no clue why it doesn't work. As mentioned on R7800 it is working fine.

Perhaps you could troubleshoot from a computer?
(try to ping the DNS-name that is in the ovpn configuration; try to connect to the openvpn port via "telnet" / test-netconnection o.i.d. (both probably only work if you configured openvpn to use tcp).
And you could try looking in the OpenVPN client logs to see where it tries to connect.

EDIT:
just wondering: I assumed you are using the R9000 as the main router and that it is "directly" connected to the internet.

Otherwise, potentially your main router is not supporting NAT loopback.

EDIT 2:
or you could try putting the dns-name that is in your ovpn config in the hosts file of the R9000, but with the internal IP-address of your R9000.
i.e. you come home, phone connects to wifi -> tries to start vpn -> does dns-lookup for your openvpn url -> router should respond with the internal IP that you put inside the hosts file. -> this way you don't need to rely on nat-loopback.

(not sure how the hosts file is generated -> this change might not persist a reboot, unless you edit some script.)
 
Last edited:
I guess I overlooked the fact that you mentioned everything works when traveling.

So basically the VPN client is still set to active, but for some reason cannot connect? And thus the phone/openvpn client is blocking direct access to internet?

in that case, the OpenVPN client is doing what it should. nothing you can do on the router to override that client behaviour. (other than figuring out why it won't let you connect)
And I have no clue why it doesn't work. As mentioned on R7800 it is working fine.

Perhaps you could troubleshoot from a computer?
(try to ping the DNS-name that is in the ovpn configuration; try to connect to the openvpn port via "telnet" / test-netconnection o.i.d. (both probably only work if you configured openvpn to use tcp).
And you could try looking in the OpenVPN client logs to see where it tries to connect.

EDIT:
just wondering: I assumed you are using the R9000 as the main router and that it is "directly" connected to the internet.

Otherwise, potentially your main router is not supporting NAT loopback.

EDIT 2:
or you could try putting the dns-name that is in your ovpn config in the hosts file of the R9000, but with the internal IP-address of your R9000.
i.e. you come home, phone connects to wifi -> tries to start vpn -> does dns-lookup for your openvpn url -> router should respond with the internal IP that you put inside the hosts file. -> this way you don't need to rely on nat-loopback.

(not sure how the hosts file is generated -> this change might not persist a reboot, unless you edit some script.)
Correct using the R9000 Router, i will do troubleshooting as you suggested with DNS thank you for the ideas.
 
Update: Issue resolved I had to manually use the switch '--float' under custom commands. The GUI switch did not work. Discovered this after I found and reviewed the logs. Thank you R. Gerrits for the responses and the ideas.
 
Last edited:
Using the snapshot update v 1.0.4.72.2HF, on my R9000. In the user interface, under the Advanced tab, Advanced Home page there is a Connection Status link under the internet port. This button usually shows a status window with connection IPv4 information. All of the fields are populated with 0.0.0.0. I am using Windows 10, from an admin terminal window, ipconfig /all shows the connection is working fine with the information I would normally see in the status window. See attached.

I have not reverted to the previous firmware version to confirm, I believe this issue came about with the snapshot update.
 

Attachments

  • Screenshot 2024-02-25 094821.jpg
    Screenshot 2024-02-25 094821.jpg
    198.1 KB · Views: 39
Using the snapshot update v 1.0.4.72.2HF, on my R9000. In the user interface, under the Advanced tab, Advanced Home page there is a Connection Status link under the internet port. This button usually shows a status window with connection IPv4 information. All of the fields are populated with 0.0.0.0. I am using Windows 10, from an admin terminal window, ipconfig /all shows the connection is working fine with the information I would normally see in the status window. See attached.

I have not reverted to the previous firmware version to confirm, I believe this issue came about with the snapshot update.

Maybe you need to clean out the cache. It works for me:

1709360205455.png


(I removed concrete IP info in screenshot above).

Voxel.
 
Maybe you need to clean out the cache. It works for me:


(I removed concrete IP info in screenshot above).

Voxel.

I normally run Firefox, cleared the cache and had the same results. I also checked on Chrome and Edge (clean vanilla out of the box installs), and had the same results.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top