Custom firmware build for R9000

[ejschenck]

NG 1.0.4.12 is very unstable (permanent dropping Wi-Fi and WAN). And users of 1.0.4.12 report significant problems with this version. So they even have to disable these options to improve Wi-Fi stability, e.g.

Thanks for letting me know that... it explains a lot of the issues I was having with the WiFi kicking out.

Your latest firmware is working fine, but I noticed with Stubby running my DNS lookups were pretty slow - which I'm assuming is due to encryption? I went from anywhere of 2-16ms for a lookup to 60-70ms.

Today, for some reason, Facebook and Instagram weren't loading at all until I turned Stubby off then everything was fine. Do you have any ideas as to what this could be?

 

[kamoj]

I have same problems with Stubby in my R7800.
I changed to DNSCrypt Proxy 2.
https://www.snbforums.com/threads/dnscrypt-proxy-version-2-and-stubby-add-ons-for-r7800-r9000.48445/
All problems gone!

Thanks for letting me know that... it explains a lot of the issues I was having with the WiFi kicking out.

Your latest firmware is working fine, but I noticed with Stubby running my DNS lookups were pretty slow - which I'm assuming is due to encryption? I went from anywhere of 2-16ms for a lookup to 60-70ms.

Today, for some reason, Facebook and Instagram weren't loading at all until I turned Stubby off then everything was fine. Do you have any ideas as to what this could be?

 

[kamoj]

Please check the log file;

cat /var/log/openvpn-client.log

 

[kamoj]

Try to change the .ovpn file:
- Remove the first "auth-user-pass" line
- Change "auth-user-pass /etc/openvpn/config/client/auth.txt" to "auth-user-pass auth.txt"
- Change "ca /etc/openvpn/config/client/ca.crt" to "ca ca.crt"
- Change "cipher AES-256-CBC " to "cipher AES-256-GCM"
- Remove "comp-lzo"

See if there is a change.

 

[kamoj]

Thanks
I will try tomorrow after work now, gone to bed now have work early morning.
Any reason why i couldn’t disable it?

run this to see if it is killed or not:

ps w | grep -v grep | grep vpn

 

[kamoj]

There is no output if it is not running.

I get no output when i run that command, is that normal?

 

[kamoj]

Is everything working OK now?
What does the log-file show?

(What happened after you removed "ca ca.crt" as well?)

The .ovpn file already has the ca.crt embedded within it along with the ta.key

 

[kamoj]

You should try to get the compression ok, try e.g. one of these parameters:
comp-lzo adaptive
comp-lzo lzo

log continued:

Sat Nov 24 10:42:12 2018 Initialization Sequence Completed
Sat Nov 24 10:42:15 2018 write to TUN/TAP : Invalid argument (code=22)
Sat Nov 24 10:42:17 2018 write to TUN/TAP : Invalid argument (code=22)

 

[lateparty]

Hi Voxel, got to say thanks for months of smooth sailing with your custom firmware. But now I've hit some rough winds.

I am running Plex on another server in the house now and when I manually port forward anything to internal 32400 (tried multiple internal IPs) it just doesn't work. External access tests fail.

One server (slow old nas) supports gateway UPnP and it maps fine. But the server I want to run Plex on can't, it gets a "NAT: PMP, got an error: Not Supported by gateway." error in the Plex logs.

I strongly suspect this is because of Plex existing on the R9000 and an unusual port/service reservation existing.

Have you (or anyone else reading) got any advice? Would really appreciate it. Getting to a point where I hate more than I like about this router and this is just one more thing in the hate bucket.

Edit: UPnP is a firewalld issue on the server (ugh) but any kind of manual port forward still fails, regardless of the target address. Seems definitely like some kind of reservation. Would love to know more / how to bypass it.

Edit 2: Needed to allow udp 1900 as a source port in my server firewall settings for anyone wondering how I fixed it. Really easy to do in the GUI but likewise in a shell. “sudo firewall-cmd —add-source-port=1900/udp—permanent && firewall-cmd —reload”

 

[BigWhoop]

root@R9000:/$ cat/var/log/openvpn-client.log
/bin/ash: cat/var/log/openvpn-client.log: not found
root@R9000:/$

you did a misstyping in this. you need a space after cat.

 

[primitivo]

@Voxel, in OpenWRT there is a VPN package / client for Cisco AnyConnect. Any chance to have it added to your custom FW?

 

[Wesleyrpg]

Greetings all, hope you're all fine and dandy!

What's with HT160 and the Intel 9260 AC Wifi card, i can't for the life of me get that card to connect at 1733. (866 max for me)

From my experience with routers over the years its probably something like 5 different companies trying to implement their own version of 1733 (HT160) and none of them are compatible? Would i be roughly correct?

Oh and Voxel, nice firmware man, expect a donation for me in the coming weeks........(maybe an even bigger donation if you could give us a very detailed technical reason on why the Intel 9260 and Nighthawk X10 don't play well together.)

Oh and i don't know if you guys have noticed, but Netgear have realeased a new gaming router The Netgear XR700 with exactly the same chipset/ports etc as our beloved X10 but it has a new blood red interface and OS which looks pretty cool! i wonder if we could 'port' the firmware across to this router, as the XR700 might have a newer OS/Drivers etc.....

https://www.netgear.com/npg/xr700/

https://www.pccasegear.com/products/44731/netgear-xr700-nighthawk-pro-gaming-router

 

[Charlie Sanz]

Dear All,

Thank you to Voxel and all others contributors for putting this software together. I have very little experience and following the instructions, reading on the forums and after a lot of google, I was able to install the firmware on my Netgear R9000.


I am a completely newbie so, must of this linux and vpn things are literally a different language to me. I still have 4 questions which I have not been able to find out the answers.

If someone can point me in the right direction it will be appreciated.

1. My ISP speed is 250MB down and 50up (which I get when the VPN is off)

While using a PIA (UDP/1198 AES 128CBC) gateway in my same city the performance goes down to about 70MB down and 20 up. Is that an acceptable performance for the R9000 with voxel?

(as tested with /bin/ookla --configurl=http://www.speedtest.net/api/embed/trial/config.php)

2. Crontab (using crontab –e) and adding */5 * * * * /usr/bin/vpncmon.sh

the line gets removed after rebooting the router. Any suggestions on how to keep it in and the vpncmon.sh running?

3. Also, I have access via telnet to the router from my Mac. But I have not been able to transfer files directly from my computer to the router. Using SCP I received the following error,

"Connection to root@R9000:22 exited: No auth methods could be used.
lost connection
root@R9000:/$ "

4. Any tweak I should do to improve my PIA openvpn performance?

Thank you all for your time and suggestions.

cs

 

[Voxel]

1. IMO it should be faster. BTW, do you use HW version?

2. Crontab: for simplification you can use Entware cron. Or modify /etc/rc.local (force it to add you cron job). /etc/rc.local is called after reboot.

3.

"Connection to root@R9000:22 exited: No auth methods could be used.
lost connection
root@R9000:/$ "

It seems that you try to use SCP from your Mac using user/password. But it should use authentication by key. The same as SSH There is Appendix A in my README re: how to do this on router.

4. Try to use HF-HW version of you do not use it. Or vice versa if you are using HF. In general OpenVPN client is enough optimized.

Voxel.

 

[Voxel]

@Voxel, in OpenWRT there is a VPN package / client for Cisco AnyConnect. Any chance to have it added to your custom FW?

There is a package in Entware:

openconnect A VPN client compatible with Cisco's AnyConnect SSL VPN, ocserv and Juniper (Pulse secure).

So maybe it has sense for you to try it. FYI: I did not try it myself, sorry.

Voxel.

 

[Voxel]

if you could give us a very detailed technical reason on why the Intel 9260 and Nighthawk X10 don't play well together.

Sorry, IMO it is rather QCA/NG internals...

Voxel.

 

[Wesleyrpg]

Greetings all, hope you're all fine and dandy!

What's with HT160 and the Intel 9260 AC Wifi card, i can't for the life of me get that card to connect at 1733. (866 max for me)

From my experience with routers over the years its probably something like 5 different companies trying to implement their own version of 1733 (HT160) and none of them are compatible? Would i be roughly correct?

Oh and Voxel, nice firmware man, expect a donation for me in the coming weeks........(maybe an even bigger donation if you could give us a very detailed technical reason on why the Intel 9260 and Nighthawk X10 don't play well together.)

Oh and i don't know if you guys have noticed, but Netgear have realeased a new gaming router The Netgear XR700 with exactly the same chipset/ports etc as our beloved X10 but it has a new blood red interface and OS which looks pretty cool! i wonder if we could 'port' the firmware across to this router, as the XR700 might have a newer OS/Drivers etc.....

https://www.netgear.com/npg/xr700/

https://www.pccasegear.com/products/44731/netgear-xr700-nighthawk-pro-gaming-router

hi voxel, do you think a port of this new OS/firmware is possible from the new XR700?

Thank you for your time.....

 

[Voxel]

hi voxel, do you think a port of this new OS/firmware is possible from the new XR700?

Thank you for your time.....

Theoretically it is possible. But sorry I think it is illegal and immoral. First, NG does not publish full source codes for XR700. So such porting is something like cracking binary firmware for XR700. Second, it would be just an action against of DumaOS developers and NG business plans.

It is why I do not plan any support for XR500/XR700 (clones of R7800/R9000): there are a lot of hackers around to hack my binary builds and to "port" them to R7800/R9000.

Voxel.

 

[marka2k]

Admitted noob here

I have the Netgear R9000 Router and installed Voxel Firmware, I use the VPN Unlimited service and generated the OPVN file from their website, copied it to a thumb drive and rebooted. When Open VPN is active I have no DNS, for example I can ping 8.8.8.8 but not www.mtv.com below is the OPVN file generated.

client
dev tun
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo no
remote-random
remote-cert-tls server
auth-nocache
route-metric 1
<ca>
-----BEGIN CERTIFICATE-----

-----END PRIVATE KEY-----
</key>
remote us-sl.vpnunlimitedapp.com
proto udp

Log Screen Shot:

Thu Jan 10 12:57:26 UTC 2019 Voxel: OpenVPNclient stop run: ip route del:
default via 12.5.228.10 dev ppp0
12.5.228.10 dev ppp0 proto kernel scope link src 12.19.118.237
172.16.62.0/24 dev br0 proto kernel scope link src 172.16.62.1
239.0.0.0/8 dev br0 scope link
Thu Jan 10 12:59:47 UTC 2019 Voxel: OpenVPNclient stop run: ip route del:
default via 12.5.228.10 dev ppp0
12.5.228.10 dev ppp0 proto kernel scope link src 12.19.118.237
172.16.62.0/24 dev br0 proto kernel scope link src 172.16.62.1
239.0.0.0/8 dev br0 scope link
Thu Jan 10 13:00:02 2019 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Jan 10 13:00:02 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Thu Jan 10 13:00:02 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan 10 13:00:02 2019 nice -20 succeeded
Thu Jan 10 13:00:02 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]129.232.219.195:1194
Thu Jan 10 13:00:02 2019 UDP link local: (not bound)
Thu Jan 10 13:00:02 2019 UDP link remote: [AF_INET]129.232.219.195:1194
Thu Jan 10 13:00:03 2019 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Jan 10 13:00:03 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Thu Jan 10 13:00:03 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan 10 13:00:03 2019 nice -20 succeeded
Thu Jan 10 13:00:03 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]129.232.134.122:1194
Thu Jan 10 13:00:03 2019 UDP link local: (not bound)
Thu Jan 10 13:00:03 2019 UDP link remote: [AF_INET]129.232.134.122:1194
Thu Jan 10 13:00:04 2019 [openvpn2.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]129.232.219.195:1194
Thu Jan 10 13:00:05 2019 [openvpn2.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]129.232.134.122:1194
Thu Jan 10 13:00:15 2019 TUN/TAP device tun0 opened
Thu Jan 10 13:00:15 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jan 10 13:00:15 2019 /sbin/ifconfig tun0 10.200.0.18 pointopoint 10.200.0.17 mtu 1500
Thu Jan 10 13:00:15 2019 /etc/openvpn/ovpnclient-up.sh tun0 1500 1553 10.200.0.18 10.200.0.17 init
Thu Jan 10 13:00:15 2019 Initialization Sequence Completed
Thu Jan 10 13:00:42 2019 [openvpn2.vpnunlimitedapp.com] Inactivity timeout (--ping-exit), exiting
Thu Jan 10 13:00:42 2019 SIGTERM[soft,ping-exit] received, process exiting

Sorry for all the information :/

Thank you!

 

[marka2k]

UPDATE: Got it to work, thank you Voxel for making this possible and everyone that contributed to the thread page 6 was very hopeful for my situation.

Mark