Custom firmware build for R9000

[Voxel]

UPDATE: Got it to work, thank you Voxel for making this possible and everyone that contributed to the thread page 6 was very hopeful for my situation.

Mark

It is good that you were able to solve the problem yourself. My congratulations.

BTW, it is recommended to use something like dnscrypt proxy or stubby for OpenVPN. Instead of DNS resolver from your ISP or OVPN provider. So see e.g. how to enable Dnscrypt Proxy 2 in latest FW for R9000.

Voxel.

 

[Voxel]

below is the OPVN file generated.

By the way, I would suggest you to remove your OVPN file details (just edit your post). Security reasons. Keep it in secret.

Voxel.

 

[marka2k]

It is good that you were able to solve the problem yourself. My congratulations.

BTW, it is recommended to use something like dnscrypt proxy or stubby for OpenVPN. Instead of DNS resolver from your ISP or OVPN provider. So see e.g. how to enable Dnscrypt Proxy 2 in latest FW for R9000.

Voxel.

I will read up and see what I can break on my end Thank you for pointing this out.

 

[marka2k]

By the way, I would suggest you to remove your OVPN file details (just edit your post). Security reasons. Keep it in secret.

Voxel.

Done again thank you

 

[saki2fifty]

So i've been using Voxel's firmware on my R9000 for a while now, along with all the known mods. I am using the OpenVpn client talking to one of my servers to tunnel all our devices in the house out...

I am wanting to use the SoftEther VPN client, and I have it installed via Entware out to /opt/libexec/softethervpn/. I do know that after the client has been configured, you still have to modify/add routes to redirect your gateway through the tunnel as the gateway. However, here is the problem i'm trying to address first:

First off, I know the server is ok as I have installed the SoftEther VPN client on my Windows machine, and am able to establish a connection. Seems really quick compared to IPVanish/OpenVpn.

I have created the tunnel via the SoftEther client named "vpn_tun0", and you can see in the screenshot that I am using udhcpc to get a lease from the remote VPN server. Done, it gets a lease.

I then run an ifconfig on the interface, and i'm not see that it has an ip address assigned to it (not gonna blur anything else, it'll all change):

So at this point, we know the client is talking to the remote VPN server, as that is where its getting its ip. Again, if i do an ifconfig on that adapter, it still doesn't show an IP, yet its communicating.

The server manager does show it has a new session:

If I assign the IP manually, it sticks, but I dont want to do that. I would like DHCP to function properly:
(yeah, I need to clean it up)

So I guess my questions are, what is the proper way to assign a dhcp ip? Is udhcpc the proper way to do it? is there another method?

My other question is related to the way my "vpn_tun0" interface was created. I created it via "Entware/SoftEther --> ./vpncmd". ./vpncmd --> menu --> "niccreate", and it creates the virtual adapter. However, when I look at the nic properties within ./vpncmd, it errors out with an error;33. When researched, they are saying that I have to modprobe tun in order to enable Tunneling. However, modprobe has been removed and cant use it. Is this even needed at all? OpenVpn worked fine without modprobe'ing anything:

I don't suppose there many who use this, but do appreciate any feedback. (I'm thinking it may have something to do with my new routes not set up yet)

Going to bed now...

 

[Voxel]

Well, it is difficult to say. I know that Zyxmon played with SoftEther VPN. Try to ask him

https://www.snbforums.com/threads/e...86u-with-asuswrt-merlin-firmware.44393/page-6

Voxel.

 

[saki2fifty]

Well, it is difficult to say. I know that Zyxmon played with SoftEther VPN. Try to ask him

https://www.snbforums.com/threads/e...86u-with-asuswrt-merlin-firmware.44393/page-6

Voxel.

Yeah, my main problem was simply trying to grab an ip... nothing really to do with EtherVPN. It would grab an ip, but when I immediately did an ifconfig, it did not show any ip assigned. So I was wondering if udhcpc was even the proper method of assigning an ip.

I think I got it corrected, will find out when I get off of work.

Xia Xia / Thanks / Gracias,

 

[saki2fifty]

Ahhhhhh............


"only TUN client are supported".

SoftEther uses TAP. Awesome...

 

[Wesleyrpg]

hey voxel, just wanted to let you know Netgear have released some new base firmware 1.04.26 for you to play with!

 

[saki2fifty]

I have camera's that I do not want to go over the VPN and in the documentation regarding "Bypassing OpenVPN client tunnel", I had to do the following to get it to work.

The script in the docs add the route:

/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan

However, when I look at all gateway variables:

root@MyAwesomeVoxelRouter:~$ config show | grep "gateway"
bridge_dhcp_gateway=0.0.0.0
bridge_gateway=0.0.0.0
extender_gateway=0.0.0.0
wan_dhcp_gateway=22.22.22.1
ap_dhcp_gateway=0.0.0.0
lan_gateway=0.0.0.0
wan_gateway=10.0.0.1
ap_gateway=0.0.0.0

... 10.0.0.1 doesn't exist for "wan_gateway", and when ./ovpnclient-up.sh runs, it would not update the table and just errors out with a "netmask 000000ff" error.

The fix was to make 2 changes. Change the WAN_GWAY var, and well as adding "metric 100" to the route:

/etc/openvpn/ovpnclient-up.sh:

#!/bin/sh

/sbin/ledcontrol -n power -c green -s on

# Don't forget to reserve the list of IPs for exclusion devices on the DHCP server
# Edit the following IP list to bypass the VPN. Seperate individual IP's using a single space between them.

NO_VPN_LST="192.168.1.xx 192.168.1.xx 192.168.1.xx"
WAN_GWAY=`nvram get wan_dhcp_gateway`
for excludeip in $NO_VPN_LST; do
   /usr/sbin/ip rule add from $excludeip table 200
done
/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan metric 100
/usr/sbin/ip route flush cache
exit 0

Anyways, it may or may not help others... helped me!

 

[kamoj]

I have camera's that I do not want to go over the VPN and in the documentation regarding "Bypassing OpenVPN client tunnel", I had to do the following to get it to work.

The script in the docs add the route:

/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan

However, when I look at all gateway variables:

root@MyAwesomeVoxelRouter:~$ config show | grep "gateway"
bridge_dhcp_gateway=0.0.0.0
bridge_gateway=0.0.0.0
extender_gateway=0.0.0.0
wan_dhcp_gateway=22.22.22.1
ap_dhcp_gateway=0.0.0.0
lan_gateway=0.0.0.0
wan_gateway=10.0.0.1
ap_gateway=0.0.0.0

... 10.0.0.1 doesn't exist for "wan_gateway", and when ./ovpnclient-up.sh runs, it would not update the table and just errors out with a "netmask 000000ff" error.

The fix was to make 2 changes. Change the WAN_GWAY var, and well as adding "metric 100" to the route:

/etc/openvpn/ovpnclient-up.sh:

#!/bin/sh

/sbin/ledcontrol -n power -c green -s on

# Don't forget to reserve the list of IPs for exclusion devices on the DHCP server
# Edit the following IP list to bypass the VPN. Seperate individual IP's using a single space between them.

NO_VPN_LST="192.168.1.xx 192.168.1.xx 192.168.1.xx"
WAN_GWAY=`nvram get wan_dhcp_gateway`
for excludeip in $NO_VPN_LST; do
   /usr/sbin/ip rule add from $excludeip table 200
done
/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan metric 100
/usr/sbin/ip route flush cache
exit 0

Anyways, it may or may not help others... helped me!

I dont know what "documentation" you are refering to,
but have you read and tried this?:
https://www.snbforums.com/threads/voxel-vpn-connection-problem.50078/page-2#post-446788

(The internal gateway variables are not correct in eg AP mode)

 

[saki2fifty]

I dont know what "documentation" you are refering to,

Voxel has replied numerous times with "Have you read my documentation?", "There's some really good docs here..", etc. So, his docs. Maybe I should had said "readme".

have you read and tried this?:
https://www.snbforums.com/threads/voxel-vpn-connection-problem.50078/page-2#post-446788

No, but I will. Thx!

I'm glad I didn't see that post, i've learned a lot about my router. (been reading everything I can on his various posts on the various forums)

 

[saki2fifty]

Ah, this is how you are getting the true WAN_GWAY. Gonna read through it a bit more and make the change...

WAN_GWAY=`ip route | awk '/^default/{print $3}'`

 

[kamoj]

Bypassing the OpenVPN client tunnel using the Kamoj add-on:
https://www.snbforums.com/threads/k...7800-x4s-and-r9000-x10-temperatures-a-o.55063