Custom firmware build for R9000

[Voxel]

Hello
When i restarted the router with the USB stick, I got a new ip number, but it's still ip from my ip provider. I tried to change from sweden.privateinternetaccess.com to us-newyorkcity.privateinternetaccess.com
just to see if the IP number changes, but it does not.
Can i see that openvpn client is active in routers gui?

Sorry, no. GUI is enclosed part of codes from Netgear, I cannot change it. You can check what is going only from telnet or ssh. Checking ovpn client log.

Voxel.

 

[XRV]

Sorry, no. GUI is enclosed part of codes from Netgear, I cannot change it. You can check what is going only from telnet or ssh. Checking ovpn client log.

Voxel.

At last I've succeeded. I want to thank Voxel for all the help. I had to change a bit in .ovp file and it looks the following.

client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ

 

[Invisibleman]

Hello Voxel,

I just bought this Netgear R9000 and I am looking for a VPN Client in the firmware. And it seems you're the man to talk to

I want to try your firmware, but I have 2 "stupid" questions;

1 - I see that some versions have HW behind the name and others don't. Is there a difference or which should I then take?
2 - I saw you mentioned it is Netgear's firmware with some extra's and fixes / optimizations. Does this mean, that I can directly go back to Netgear's official firmware, or do I then still need to do the steps as it is (I thought DD_WRT) that you need to do with help from a 3rd party software?

Thanks,
Hans

 

[psychopomp1]

Hello Voxel,

I just bought this Netgear R9000 and I am looking for a VPN Client in the firmware. And it seems you're the man to talk to

I want to try your firmware, but I have 2 "stupid" questions;

1 - I see that some versions have HW behind the name and others don't. Is there a difference or which should I then take?
2 - I saw you mentioned it is Netgear's firmware with some extra's and fixes / optimizations. Does this mean, that I can directly go back to Netgear's official firmware, or do I then still need to do the steps as it is (I thought DD_WRT) that you need to do with help from a 3rd party software?

Thanks,
Hans

Hi Hans

1) 'HW' means Hardware Acceleration of OpenSSL, so for certain tasks you will find this version works better. However for general router use, there will be no difference between the 2 - i have the HW version installed and it works like a dream

2) Correct, you can easily go to/from stock firmware without any special steps.

Re: setting up OpenVPN client on Voxel's firmware follow the steps here

https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r9000-voxels-firmware

 

[Voxel]

Add-on to psychopomp1 answer: if you intend to use OpenVPN client, HW is your version (hardware acceleration of encryption).

Voxel.

 

[Invisibleman]

Hello psychopomp1 & Voxel,

Thank you both for your answers. I will going to try today.

Regards,
Hans

 

[XRV]

Hello Voxel
I nead a help to bypassing the VPN and restoring Plex Media Server remote access behind the VPN.
Regards
Laslo

 

[Lord_Vader]

At last I've succeeded. I want to thank Voxel for all the help. I had to change a bit in .ovp file and it looks the following.

client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ

Having the same problem, I have followed your example (lives in Sweden as well).
How should the folder structure in Windows Explorer (or Finder for MacOS) look like? Something is wrong...!
Straight on USB-flash drive is "openvpn-client", and in that folder 4 files. Have tried "/openvpn-client" on my Mac (Explorer dosen't allow "/").
Using this also:
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt

 

[Voxel]

How should the folder structure in Windows Explorer

Something like:

if your USB disk is G: and your OVPN file name is sweden-aes128-udp.ovpn

Note: openvpn-client folder is lowercase.

G:\openvpn-client\sweden-aes128-udp.ovpn
G:\openvpn-client\ca.rsa.2048.crt
G:\openvpn-client\crl.rsa.2048.pem
G:\openvpn-client\auth.txt

Voxel.

 

[Lord_Vader]

I'm so glad that you answered me, thank you.

Unfortunately for me, everything looks like the picture you enclosed.

I did a factory reset, but that resulted in losing internet connection at frequent intervals.

I have tried different approaches to the VPN not connecting half day, but nothing seems to work.

When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.

Any suggestions??

Sent from my SM-G955F using Tapatalk

 

[Voxel]

When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.

R7800? Or R9000 (this thread)?

I have tried different approaches to the VPN not connecting half day, but nothing seems to work.

When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.

Any suggestions??

You have to check your OpenVPN client log to get a picture: what is wrong.

My README (check it again):


Log file for OpenVPN client is /var/log/openvpn-client.log, check it if you have problems.

I.e. telnet to your router (R7800 or R9000) and run:

/etc/init.d/openvpn-client start
more /var/log/openvpn-client.log

What it says?

Voxel.

 

[Voxel]

Sorry, I have to leave now. Will not comment until tomorrow.

Voxel.

 

[Lord_Vader]

Sorry, I have to leave now. Will not comment until tomorrow.

Voxel.

Thanks, looking forward to your reply and help. Have a nice friday evening!

 

[Lord_Vader]

FYI this is my settings in .ovpn file (also attached screenshot of USB structure):
client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ

 

[Voxel]

Thanks, looking forward to your reply and help. Have a nice friday evening!

Thank you. You too.

Just 1 min before leaving, there is very good article:

https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r9000-voxels-firmware

it is OK for both R9000 and R7800. Have a nice reading .

Buenas noches,
Voxel.

 

[Lord_Vader]

This is a part of the log:
------------------------------------------
Thu Jan 1 00:01:32 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:32 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:32 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:32 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:32 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:37 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:37 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 UDP link local: (not bound)
Thu Jan 1 00:01:37 1970 UDP link remote: [AF_INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796
Thu Jan 1 00:01:37 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:37 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:37 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:37 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:37 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:42 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:42 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.162:1198
:

 

[Voxel]

This is a part of the log:
------------------------------------------
Thu Jan 1 00:01:32 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:32 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:32 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:32 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:32 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:37 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:37 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 UDP link local: (not bound)
Thu Jan 1 00:01:37 1970 UDP link remote: [AF_INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796
Thu Jan 1 00:01:37 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:37 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:37 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:37 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:37 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:42 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:42 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.162:1198
:

There are two things I do not like:

1. You have incorrect date set in your router. 1970. Means NTP does not work. You should solve this or at least set for test correct date from console before manual start of OpenVPN client:

Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796

2. You have two strings in you OVPN:

auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt

leave only second with auth.txt

And try to start OpenVPN client manually from console after setting correct date (which is valid). See README how to start manually.

Voxel.

 

[Lord_Vader]

Voxel! I LOVE you! It works! I'm happy again!

Short question vad does the bold line below do? I got XRV (forum member from Sweden) files yesterday, and that line wasn't there before?

client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
keepalive 10 60
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ

 

[Voxel]

Voxel! I LOVE you!

Well, better no. I am heterosexual (Joke).

I'm happy again!

OK, it should be so.

keepalive 10 60

Keepalive in your case: ping every 10 sec and if no reply during 60 sec then restart.

Good luck,
Voxel.

 

[Voxel]

One remark for OpenVPN client users:

https://www.myopenrouter.com/comment/41894#comment-41894

You can try to tweak your ovpn file to get increase of the speed (kamoj experience).

Voxel.