Custom firmware build for R9000 v. 1.0.4.31HF & 1.0.4.31.1HF

[bandit2142]

Im also waiting to hear if HW is in or out so i can make up my mind to update or wait. Thanks for the firmware Voxel!

 

[Voxel]

HW version: it is (at least temporary) frozen. Reasons are following:

1. HW version is incredible unstable with OpenSSL 1.1.1. Router is crashing very often when using /dev/crypto (kernel panic->reboot). E.g. every 20th execution of OpenSSL test. So I cannot release such unstable version.
2. The only reason of using HW version is possibility to accelerate the OpenVPN server/client. But in spite of very good results of OpenSSL tests for large enough blocks (blocks with size of more than 2k for AES-CBC) its practical appliance for OpenVPN leads to lower results (vs non-HW version, the last is using assembler acceleration only, w/o /dev/crypto, but NEON/SIMD and Cortex-A15 instruction extensions only). I did intensive testing about months ago with iperf on the test stand with 1Gbps connection of my OpenVPN server to R9000 WAN port. And non-HW version is faster. The reason of this I think is specific of R9000 crypto device (it is PCI device, so bottleneck is RAM<->PCI).

So: HF version is a winner at least temporary. Stability and speed.


Voxel.

 

[Voxel]

- I want to run rclone on my R9000. I got the binary on my system but I can't mount drive since I need "fusermount". Any change you can add that to the firmware?

Probably you have to try Entware:

rclone is available in Entware.

fusermount is a part of fuse-utils package from Entware.

- I use the PlexServer a lot, but it seems we are forgotten and it's not updated anymore. I know there are builds floating around on plex forums etc for all sorts of systems. Do you know if (and how) we can upgrade the PlexServer on our router without having to wait for an "official build"?

There are some articles re: how to install Plex manually on ARM router. E.g.

https://hqt.ro/plex-media-server-through-debian-arm/

But I do not think that it is legal. And a lot of manual job in console. Sorry but I think it is necessary to push NG to get more fresh official Plex.

Voxel.

 

[Arnout Verbeken]

Probably you have to try Entware:

rclone is available in Entware.

fusermount is a part of fuse-utils package from Entware.



There are some articles re: how to install Plex manually on ARM router. E.g.

https://hqt.ro/plex-media-server-through-debian-arm/

But I do not think that it is legal. And a lot of manual job in console. Sorry but I think it is necessary to push NG to get more fresh official Plex.

Voxel.

Voxel, thank you for your quick answer.

I already had Entware installed, but it seems I also have some "default" optware installed. So I was checking with "opkg list |grep rclone" and it did not return rclone, since I was apparently using the wrong opkg...
So looked around and found the good opgk in /opt/bin, but I am now wondering if my system is OK....? Where is this default opkg coming from? Is that installed by default and should I just leave it and always use /opt/bin/opkg?
Just run that one with the correct options?

So I am a bit confused and I am hoping you can explain a bit the difference between optware and entware....

Next to that, I always used your HW-firmware, but my vpn-client connection on the router always hung after a couple of days. It seems that the no-HW firmware is indeed better on that since I did not have one hang until now.

Kind Regards,

 

[kamoj]

To see used opkg:

which opkg
type opkg

For important settings:
https://www.snbforums.com/threads/having-troubles-installing-entware-on-r7800.55918/#post-477999

Voxel about Entware, see chapter 11:
https://www.voxel-firmware.com/Downloads/Voxel/readme.docx

For more info:
https://oldwiki.archive.openwrt.org/doc/techref/opkg


Package Management Systems:

• dpkg is a package management system in the free operating system Debian.
  https://en.wikipedia.org/wiki/Dpkg
  
• ipkg is a package management systems for embedded systems, that resembles dpkg.
  https://en.wikipedia.org/wiki/Ipkg
• opkg is a modern ipkg fork
  https://en.wikipedia.org/wiki/Opkg

Software repositories: (ng = new generation)

• Optware
  https://en.wikipedia.org/wiki/Optware
  
• Optware-ng is an Optware fork
  https://github.com/Optware/Optware-ng
  
• Entware is a modern alternative to Optware
  Entware will have all package repositories from Entware-3x (armv5, armv7, aarch64, mips, mipsel, x64) and a repo for armv7 (Linux kernel 2.6.36) from Entware-ng.
  https://www.snbforums.com/threads/entware-ng-entware-3x-merge.45098/
  https://github.com/Entware/Entware/wiki
  
• Entware-ng is an Entware fork for for x86, x64, MIPS, ARMv5 and ARMv7, but not PowerPC.
  Today it is merged back into Entware and is maintained by the same team as Entware.
  https://github.com/Entware/Entware-ng
• Entware-3x is an Optware replacement for ARM, MIPS, MIPSEL & x64 NASes and routers,
  using kernel 3.x.
  Voxel have an optimized Entware-3x repository:
  https://www.voxel-firmware.com/Downloads/Voxel/Entware/

Voxel, thank you for your quick answer.

I already had Entware installed, but it seems I also have some "default" optware installed. So I was checking with "opkg list |grep rclone" and it did not return rclone, since I was apparently using the wrong opkg...
So looked around and found the good opgk in /opt/bin, but I am now wondering if my system is OK....? Where is this default opkg coming from? Is that installed by default and should I just leave it and always use /opt/bin/opkg?
Just run that one with the correct options?

So I am a bit confused and I am hoping you can explain a bit the difference between optware and entware....

Next to that, I always used your HW-firmware, but my vpn-client connection on the router always hung after a couple of days. It seems that the no-HW firmware is indeed better on that since I did not have one hang until now.

Kind Regards,

 

[Arnout Verbeken]

To see used opkg:

which opkg
type opkg

For important settings:
https://www.snbforums.com/threads/having-troubles-installing-entware-on-r7800.55918/#post-477999

Voxel about Entware, see chapter 4:
https://www.voxel-firmware.com/Downloads/Voxel/readme.docx

For more info:
https://oldwiki.archive.openwrt.org/doc/techref/opk
.....

Thanks! Found most of it in the meantime also. Added the path to /opt/bin and /opt/sbin, and running rclone fine now.

Just one last question....VPN
I use the vpn client on my R9000. In there I know how to exclude certain IP's from using the VPN. I was wondering if there is also I way to exclude certain "ports" from using the VPN.
Use case: Plex is running on R9000, but is not accessible from the WAN when the VPN-client is running. So I would like that port 32400 is exposed to my WAN address and not to the VPN-address.

Basically, all Plex data should not go over the VPN. But I don't know if that's possible...

Thanks!

 

[Mark M]

Thanks! Found most of it in the meantime also. Added the path to /opt/bin and /opt/sbin, and running rclone fine now.

Just one last question....VPN
I use the vpn client on my R9000. In there I know how to exclude certain IP's from using the VPN. I was wondering if there is also I way to exclude certain "ports" from using the VPN.
Use case: Plex is running on R9000, but is not accessible from the WAN when the VPN-client is running. So I would like that port 32400 is exposed to my WAN address and not to the VPN-address.

Basically, all Plex data should not go over the VPN. But I don't know if that's possible...

Thanks!

I was in the same predicament. If it is possible, you'd probably be the first person to attempt. Other issue is: Plex Server has become so outdated at a fast pace on the routers and Netgear isn't providing timely updates.

FWIW in case you're curious, I ended up doing the following (been doing it this way for years with no issues):
1) Host "Server" with plain-access (non VPN). This is where Plex would be installed considering there's no VPN
2) a Virtual Machine with Windows of your choice on it. Use Bridged mode so the Virtual Machine gets its own IP.
3) Either use your VPN Client on the R9000 to throw that Virtual Machine into the VPN pool of IP's, or install your VPN Client on the Virtual Machine.

In this case, you have your Virtual Machine going over VPN, and your Host machine without VPN. And you'd only need 1 PC to do all of this. You'd also be able to use TeamViewer (or remote desktop of your choice) to access the Host and the Virtual Machine when necessary if wanted.

This is assuming you have an extra computer to spare, windows licenses, whatnot.

 

[Voxel]

Where is this default opkg coming from? Is that installed by default and should I just leave it and always use /opt/bin/opkg?

Default opkg i.e. /bin/opkg is used in firmware for internal needs (e.g. for QoS DB installation if it is upgraded or to install add-on).

To use Entware:

2. Info for Entware users. /etc/profile default profile is changed (no PATH for Entware is set by default, i.e. /opt/bin:/opr/sbin). Set the PATH for Entware in /root/.profile file, something like:

export PATH=/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin

Voxel.

 

[bandit2142]

Woot! looks like a new R9000 version is out 4.32, not sure whats in it but uploading it now lol

 

[Voxel]

Woot! looks like a new R9000 version is out 4.32, not sure whats in it but uploading it now lol

Changes log:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-4-32hf.57647/

Voxel.

 

[John McLearn]

Voxel perhaps removing the stock transmission web-ui and using this sick replacement which also allows for the default ui along with 2 more options I have attached some pictures (I am running your firmware just modded it a little bit to include it but its a pain losing it when updating =P)

 

[Arnout Verbeken]

Voxel,

OpenVPN client now could be used simultaneously with OpenVPN server(s) (no necessity to disable server(s) from GUI).

Does this work? Or how does this work? When I have the client enabled (from terminal "/etc/init.d/openvpn-client start") and alos have the server enabled (from GUI), my clients can't connect to the server.
Once I stop the client on the R9000 itself (so only server still running), my other clients connect immediately...

So I am wondering what I am missing..

TIA

 

[Voxel]

Voxel,

OpenVPN client now could be used simultaneously with OpenVPN server(s) (no necessity to disable server(s) from GUI).

Does this work? Or how does this work? When I have the client enabled (from terminal "/etc/init.d/openvpn-client start") and alos have the server enabled (from GUI), my clients can't connect to the server.
Once I stop the client on the R9000 itself (so only server still running), my other clients connect immediately...

So I am wondering what I am missing..

TIA

Should work. But it is better to use latest release.

Voxel.