Custom firmware build for R9000 v. 1.0.4.27HF/1.0.4.27HF-HW

[Voxel]

Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-4-16hf-1-0-4-16hf-hw.54919/

New version of my custom firmware build: 1.0.4.27HF/1.0.4.27HF-HW.

Changes (vs 1.0.4.16HF/1.0.4.16HF-HW):

1. Integration of changes from the stock v. 1.0.4.26 including:

• a login password enhancement in the router web interface to support a more secure password (no saving passwords in NVRAM in plain text form).
• fixing the issue where the speed test in the QoS page always fails.
• Dynamic QoS database v1.46 update.

2. tar package is upgraded 1.30->1.31.
3. curl package is upgraded 7.63.0->7.64.0.
4. unbound package (used in stubby) is upgraded 1.8.3->1.9.0.
5. libvorbis package is upgraded 1.3.5->1.3.6.
6. ffmpeg package is upgraded 3.2.12->3.4.5.
7. libsodium package is upgraded 1.0.16->1.0.17.
8. busybox package: patch command is added.
9. Host tools: two components are upgraded.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Difference 1.0.4.27HF-HW vs 1.0.4.27HF: “HW” version means hardware acceleration of OpenSSL.

Voxel.

 

[Robert Laverty]

I've been obsessively flashing your firmware on my R7800 since way back on `myopenrouter` and I just want to thank you for providing me with a router I feel confident that my privacy is protected and general online safety is higher. =]

I've begun to feel the wrath of my ISP (RCN) without the net-neutrality shield and can no longer stream my 4K movies off Plex/Kodi on my Nvidia Shield TV so I got an ExpressVPN client running on my R7800 (your firmware, obviously lol) but the openssl decryption can't keep up with the video playback so I'm capped at about `9.0Mb/s` and I need to be at around `22.0Mb/s` for smooth playback. I have a 1.0Gbps line-in and my desktop streams at about 43.0Mb/s bypassing the router client VPN, so I'm wondering, would upgrading to the R9000 be able to handle 22.0Mb/s with the VPN client?

Absolutely astounding work you've done with all this! Thank you!!!

 

[kamoj]

Didn't know ExpressVPN had a client for the R7800! Where can I find that?

I guess you mean MB/s?
I use an R7800 and get 90-115 Mb/s using AES-256-CBC with Voxel v.63SF.
Still too slow for you.

I have been looking at the Asus RT-AC86U, and it would probably perform near your needs:
https://www.snbforums.com/threads/vpn-recommendations.20958/page-2#post-418623
https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/
https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-2#post-351407
https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-8#post-405398
https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-11#post-439130
https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-13#post-466758

I've been obsessively flashing your firmware on my R7800 since way back on `myopenrouter` and I just want to thank you for providing me with a router I feel confident that my privacy is protected and general online safety is higher. =]

I've begun to feel the wrath of my ISP (RCN) without the net-neutrality shield and can no longer stream my 4K movies off Plex/Kodi on my Nvidia Shield TV so I got an ExpressVPN client running on my R7800 (your firmware, obviously lol) but the openssl decryption can't keep up with the video playback so I'm capped at about `9.0Mb/s` and I need to be at around `22.0Mb/s` for smooth playback. I have a 1.0Gbps line-in and my desktop streams at about 43.0Mb/s bypassing the router client VPN, so I'm wondering, would upgrading to the R9000 be able to handle 22.0Mb/s with the VPN client?

Absolutely astounding work you've done with all this! Thank you!!!

 

[Voxel]

I've been obsessively flashing your firmware on my R7800 since way back on `myopenrouter` and I just want to thank you for providing me with a router I feel confident that my privacy is protected and general online safety is higher. =]

I've begun to feel the wrath of my ISP (RCN) without the net-neutrality shield and can no longer stream my 4K movies off Plex/Kodi on my Nvidia Shield TV so I got an ExpressVPN client running on my R7800 (your firmware, obviously lol) but the openssl decryption can't keep up with the video playback so I'm capped at about `9.0Mb/s` and I need to be at around `22.0Mb/s` for smooth playback. I have a 1.0Gbps line-in and my desktop streams at about 43.0Mb/s bypassing the router client VPN, so I'm wondering, would upgrading to the R9000 be able to handle 22.0Mb/s with the VPN client?

Absolutely astounding work you've done with all this! Thank you!!!

I guess you mean MB/s?

I hope so... Otherwise it is too bad for R7800 (9Mbps).

kamoj is right. Asus RT-AC86U' CPU is ARMv8 i.e. it has AES encryption acceleration on the CPU level. R9000 has crypto device (used in my HW version), but it is PCI device. Some specific things RAM<->PCI memory; i.e. AC86U will be faster for VPN. Using RMerlin firmware.

Voxel.

 

[Olivier]

Just installed et running smoothly after few minutes I will be back with remarks if necessary.
Thanks a lot again for this great work and support!

 

[Robert Laverty]

So I've tried installing ExpressVPN directly and manual config using ics-openvpn but the Shield TV device itself was unable to keep up. I would run a speed test `wget -O /dev/null http://cachefly.cachefly.net/100mb.test` and have `htop` running beside it and saw the openvpn process cap out at 100% CPU usage :/

 

[multicast]

@Voxel THANK YOU for all your effort on this, is very appreciated!

I have a quick question for you, I am running V1.0.4.15HF-HW in my R9000, but I've created custom configuration like adding a VLAN in port 1 to separate my IPTV traffic from the rest using a different IP class from my internet devices, if I do upgrade to this last release will I lose my custom configuration? I've installed some Entware apps too, like last igmpproxy

Thanks in advance for your reply.

 

[Voxel]

I've created custom configuration like adding a VLAN in port 1 to separate my IPTV traffic from the rest using a different IP class from my internet devices, if I do upgrade to this last release will I lose my custom configuration?

All custom modifications in the router memory (overlay) will be lost when flashing new firmware. Check this:

https://www.snbforums.com/threads/e...xel-routers-for-sky-uk-etc.41720/#post-353344

re: how to backup/restore your custom settings. Usually backup is performed once. Restore: after each new flashing.

Entware apps: they are kept on external USB, right? So it will not be erased after flashing new firmware.

Voxel.

 

[multicast]

All custom modifications in the router memory (overlay) will be lost when flashing new firmware. Check this:

https://www.snbforums.com/threads/e...xel-routers-for-sky-uk-etc.41720/#post-353344

re: how to backup/restore your custom settings. Usually backup is performed once. Restore: after each new flashing.

Entware apps: they are kept on external USB, right? So it will not be erased after flashing new firmware.

Voxel.

Thanks @Voxel

 

[Baracuda_LA]

Hi @Voxel Thank you for your work. Do I need to factory reset my router after installing this firmware? Currently my router is running firmware 1.0.4.16HF-HW.

 

[Voxel]

Hi @Voxel Thank you for your work. Do I need to factory reset my router after installing this firmware? Currently my router is running firmware 1.0.4.16HF-HW.

I did not do a reset to factory when upgrading 16->27 and everything is fine. As a rule: reset is needed only if you have a problem after flashing. And usually it happens when upgrading from the stock. Or if I do stress the necessity of the reset it in my publishing new fw.

Voxel.

 

[Olivier]

I did not do a reset to factory when upgrading 16->27 and everything is fine. As a rule: reset is needed only if you have a problem after flashing. And usually it happens when upgrading from the stock. Or if I do stress the necessity of the reset it in my publishing new fw.

Voxel.

Ditto. Running fine without issue for few days!

 

[xTe22-pT]

Hiya Voxel,

Have been using your firmware for a long time (an wonderful job let me tell you) and recently decided to playing with some of the features not available at GUI page.

First tried DNSCrypt and actually everything seemed to be working good, however, I am struggling to edit the "dnscrypt-proxy-2.toml" file using "vim" command, because can not get anything readable on my end. Also tried to extract the file with WinSCP tool, but also router comes up with an error.
- Is there any other editor available from BusyBox ?

--> Update: changing ".toml" permissions using "chmod" solved that issue for me. Now I am able to read and edit file using "vim" editor.


I am trying to SSH using PuTTY, but it comes up with this same error everytime:
"Disconnected: No supported authentication methods available (server sent: publickey)"

- What exactly I need to do in order to enable SSH ?


Ended up disabling DNSCrypt by "nvram set dnscrypt2=0" and "nvram commit" but after many reboots, I realised router was refusing to disable it.

Found this command which helped me to completely stop it by:
"/etc/init.d/dnscrypt-proxy-2 stop" and then "/etc/init.d/dnscrypt-proxy-2 disable"

Just wondering if this is normal ? As far as I read, it should be disabled by running only the first command ?


Cheers,
A

 

[kc6108]

Hi Voxel,

I have been running your firmware on my R9000 for a few days now. I have found it to be quite stable, and I have noticed each CPU now levels out around 5% each vs 10-11% with the stock firmware.

I have used DD-WRT in the past on other routers. Although I liked all the cool bells and whistles, stability was always a problem for me.

I like that you use the stock firmware as your base code in order to take advantage of all the optimizations that come with it, yet update all the packages and compile with all the additional optimizations that you safely can. I greatly admire your work and appreciate that you seem to be conservative in your changes to achieve stability instead of focusing more on optimizations and adding all the bells and whistles which often lead to complexity and thus instability in my experience.

I noticed you began including dnscrypt-proxy2 inside your firmware images, which removed the requirement of installing entware (and a USB drive). That's the feature I wanted most, but thought it wasn't ever going to be an option due to size, etc.

You are quite talented. More importantly, you seem to be quite passionate about your work, as well as, privacy and security in general. Thank you for all of your hard work.

Give me some more time to further test your firmware, but expect a donation from me. I have no interest in donating towards you buying another router (giving you more work lol). I'm thinking more of a case of beer, bottle of wine, or a nice dinner.

You're awesome!

P.S. I also admire your patience. I couldn't/wouldn't put up with some of the crap posts that are directed towards you.

 

[kc6108]

@Voxel

I believe I have found a bug in R9000-V1.0.4.27HF-HW.

I noticed my log was full of errors stating emails couldn't be sent to my email address. I verified all the email settings were correct in the GUI. Then attempted to send the logs to my email address, but it simply created additional errors in the logs.

I then tried deleting all the email information, disabling the email option, saving, re-entering all the email information again, and saving. It didn't solve the problem.

The errors in the logs look like this:

[email failed] Friday, March 08, 2019 12:22:43
[email sent to: xxxxxx_xxxxxx@yahoo.com] Friday, March 08, 2019 12:22:43

I masked my email address with x's, but notice I left the underscore (_) as there is one in my email address. Just in case that is significant.

My SMTP server requires authentication so not only do I enter those details, I am required to change the port to 587. Just in case that is significant.

FYI, I know the details I am using/entering are correct, because I use the exact same details in my R8500. It successfully sends emails using stock firmware. So did the R9000 using stock firmware.

Any suggestions? Can anyone else reproduce this issue?

 

[kc6108]

One last piece of information. The very next log entry always begins with a "0", but only to the very next log entry. For example:

[DHCP IP: 192.168.75.10][Device Name: HL-5170DN] to MAC address xx:xx:xx:xx:xx:xx, Friday, March 08, 2019 12:28:28
0[DHCP IP: 192.168.75.10][Device Name: HL-5170DN] to MAC address xx:xx:xx:xx:xx:xx, Friday, March 08, 2019 12:28:27
[email failed] Friday, March 08, 2019 12:22:43

 

[multicast]

@Voxel what version of igmpproxy comes with Entware tools? is the same like this link https://github.com/pali/igmpproxy/releases ?

If so, does this version supports IGMP v3?

thanks in advance for your reply

 

[JohnsonCar]

@Voxel

I believe I have found a bug in R9000-V1.0.4.27HF-HW.

I noticed my log was full of errors stating emails couldn't be sent to my email address. I verified all the email settings were correct in the GUI. Then attempted to send the logs to my email address, but it simply created additional errors in the logs.

I then tried deleting all the email information, disabling the email option, saving, re-entering all the email information again, and saving. It didn't solve the problem.

The errors in the logs look like this:

[email failed] Friday, March 08, 2019 12:22:43
[email sent to: xxxxxx_xxxxxx@yahoo.com] Friday, March 08, 2019 12:22:43

I masked my email address with x's, but notice I left the underscore (_) as there is one in my email address. Just in case that is significant.

My SMTP server requires authentication so not only do I enter those details, I am required to change the port to 587. Just in case that is significant.

FYI, I know the details I am using/entering are correct, because I use the exact same details in my R8500. It successfully sends emails using stock firmware. So did the R9000 using stock firmware.

Any suggestions? Can anyone else reproduce this issue?

I never used this function before, but I tried it and I'm having the same issue as you. Netgear recently released stock 1.0.4.28 and that worked fine, so you're gonna have to ask @Voxel about what changes he did from stock to this.

 

[Voxel]

I am trying to SSH using PuTTY, but it comes up with this same error everytime:
"Disconnected: No supported authentication methods available (server sent: publickey)"

You have to setup ssh access by authorization keys. Current settings of dropbear do no allow entering by the password. See Appendix A in my README.

Found this command which helped me to completely stop it by:
"/etc/init.d/dnscrypt-proxy-2 stop" and then "/etc/init.d/dnscrypt-proxy-2 disable"

Just wondering if this is normal ? As far as I read, it should be disabled by running only the first command ?

No, it is not normal. setting dnscryptproxy2 to 0 should work. Check it by

nvram get  dnscrypt2

after reboot. It works in my R9000.

Voxel.

 

[Voxel]

Give me some more time to further test your firmware, but expect a donation from me. I have no interest in donating towards you buying another router (giving you more work lol). I'm thinking more of a case of beer, bottle of wine, or a nice dinner.

Thanks, beer is what I like ;-)

Voxel.