What's new

Kamoj Kamoj Add-on 5.1 Beta testing poll

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Do you want to beta test Kamoj add-on v5.1b1?

  • No, I don't trust 3rd party software

    Votes: 0 0.0%
  • No, I don't use the Voxel firmware

    Votes: 0 0.0%
  • No, I don't like your add-on

    Votes: 0 0.0%

  • Total voters
    207
Thank you for reporting.
My life is a bit "strange" now, and I'm not able to test the 5.3b10 and 5.3b11 - hence the information/warnings in the release notes.
If you suspect DNS issues, you could tell the forum what kind of DNS you use etc

Kamoj-addon 5.3b10 seemed like killswitch/bypass wasn't working for OpenVPN (?). I had intermittent issues with losing "internet connection" on bypassed devices. When this happened, an existing connection like a download would finish but then the next download (DNS call?) would fail and give a no internet message.

Shutting off the OpenVPN killswitch fixed the problem. OpenVPN stayed connected the entire time and there was nothing in its log to indicate a problem. I will try 5.3b11 and see if I have the same issues.

Thanks,
BL
 
Last edited:
If i get a disconnect (24 hour disconnect from my internet service provider) my r9000 automatically trys to reconnect to the internet but for some reason the internet wont work for all my devices (even bypassing devices) until i reboot my r9000.

This issue only happens if i use wireguard, if i use openvpn the internet works great after disconnect.
I could also kind of reproduce this yesterday during my work to improve the wireguard init-script.
(pull the coax out of my cable modem, wait some minutes, put it back)
The main cause I saw: the moment the router reconnects to internet, it resets the wan interface.
This causes the route to the wireguard provider to disappear and thus wireguard can no longer connect to the wireguard provider.

Anyways, I'll see if I can improve this behavior.

The reason why also bypassed devices lose their internet -> they don't actually lose internet, but they lose dns.
(dns server on the router cannot connect to internet, because router is not bypassing vpn)
 
Good findings from you (@R. Gerrits @masta_orc)!
Can you explain why it works with OpenVPN Client?
Can we suspect that Wireguard (R9000) and Wireguard-Go (R7800) to behave differently from each other?

I've implemented supervision of DNSCrypt/OpenVPN/Wireguard clients with automatic restart of service,
for a future release. I have it in my router and will look at the logs and see how it seems to work.
 
  • Like
Reactions: KW.
I'll test the same thing with OpenVPN tonight.
but main differences -> OpenVPN process itself is creating and removing the routes. And OpenVPN process itself is checking whether it can still reach its endpoint. So if the tunnel does break, it can remove the routes and restart the tunnel.

Also OpenVPN leaves the original routing intact, but only adds a few routes. (this is one of things I'm fixing in the new wireguard-init script.)

Wireguard spec demands that all userland implementations behave idential to the kernel implementation.
so aside from creating the wg0 interface, they should behave identical.

Should we have "restart" option in wireguard init-script, that you can call from your "supervision" scripts??

And I'm curious to hear how you plan to check if WG client is still healthy.
(do you excute wg, and then parse latest handshake time?)
I'll also give it a thought. And if I have my improved wg-client, I'll mail it to you.
 
Thank you for reporting.
My life is a bit "strange" now, and I'm not able to test the 5.3b10 and 5.3b11 - hence the information/warnings in the release notes.
If you suspect DNS issues, you could tell the forum what kind of DNS you use etc

I made a mistake ... it doesn't look like this was a DNS issue after all. I have a machine that was downloading a file at the time other devices lost internet access. When I checked the R9000 VPN it was down for some reason but the one machine kept downloading so I thought it may be DNS related. I failed to remember that machine now runs on its own VPN software.

The R9000 VPN did not restart because of problems with the VPN configs pulled from /"usb"/openvpn-client. I have the configs and auth files stored there, but perhaps the way I've done it is incorrect. I found that I have to manually load the configs in the addon and save them (without changes) using the "Create/Save" button, in order for the VPN to restart after a router reboot. I did not do that after the last addon install. Is this the way it is supposed to work - and if not can someone please tell me the proper way to set up my VPN configs?

Anyway, maybe the latest VPN issues I've seen have been caused by me?

I do notice however, that the "No Killswitch for Bypassed Devices" button will uncheck itself after each reboot. I know it has been discussed about having a default value at start-up, so I am not sure if that is intentional. My router is set to do automatic reboots, so it would seem best for each of the check boxes to maintain their state once changed from the defaults (?).

Thanks,
BL
 
Hello,

I use DNSCrypt on my "work" network and would like to use the same configuration for the home network that runs on my R9000/Kamoj-addon. I assume there is a dnscrypt-proxy-2.toml settings file in the Kamoj addon. Can someone tell me where I can find the base. toml file that I need to edit so I am using my desired servers and settings?

Thank you,
BL
 
/etc/dnscrypt-proxy-2.toml
Hello,

I use DNSCrypt on my "work" network and would like to use the same configuration for the home network that runs on my R9000/Kamoj-addon. I assume there is a dnscrypt-proxy-2.toml settings file in the Kamoj addon. Can someone tell me where I can find the base. toml file that I need to edit so I am using my desired servers and settings?

Thank you,
BL
 
If you want to have your configs on both usb and in router you should copy all changes to the usb after each change.
USB takes precedence to internal.
E.g.
Code:
\cp /etc/openvpn/config/client/*   /tmp/mnt/sda1/openvpn-client
..I found that I have to manually load the configs in the addon and save them (without changes) using the "Create/Save" button, in order for the VPN to restart after a router reboot. I did not do that after the last addon install. Is this the way it is supposed to work - and if not can someone please tell me the proper way to set up my VPN configs? ..

Thank you for reporting this bug, my fault not yours!
..I do notice however, that the "No Killswitch for Bypassed Devices" button will uncheck itself after each reboot. I know it has been discussed about having a default value at start-up, so I am not sure if that is intentional. My router is set to do automatic reboots, so it would seem best for each of the check boxes to maintain their state once changed from the defaults (?). ..
 
hello,

got another issue.. if i reboot my r9000 wireguard does not automatically start, i need to start it manually using: 'Start Wireguard Client with this' at webgui.

full WG log after reboot:

Code:
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.74:=============================================================
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.76:Information: Check that WireGuard Client is installed
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.79:Information: Check that WireGuard Client is enabled
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.81:ERROR: WireGuard Client is disabled in nvram: kamoj_wireguard_client_disabled
 
This happens if you enable both openvpn and wireguard at the same time.
Should never happen unless you try to fiddle with settings yourself without the GUI.
So how does the openvpn log look when this happens?
hello,

got another issue.. if i reboot my r9000 wireguard does not automatically start, i need to start it manually using: 'Start Wireguard Client with this' at webgui.

full WG log after reboot:

Code:
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.74:=============================================================
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.76:Information: Check that WireGuard Client is installed
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.79:Information: Check that WireGuard Client is enabled
2020-06-19 00:02:00 [OpenVPN] WireGuard Client 21779: 82.81:ERROR: WireGuard Client is disabled in nvram: kamoj_wireguard_client_disabled
 
Code:
2020-06-19 13:11:22 [OpenVPN] S99openvpn-clie 21632: 75.64:======== rc.common : /etc/rc.common =====================================================
2020-06-19 13:11:22 [OpenVPN] S99openvpn-clie 21632: 75.72:INFO: NO OpenVPN configuration given. Searching for .ovpn files...
2020-06-19 13:11:22 [OpenVPN] S99openvpn-clie 21632: 75.73:Error: No *.ovpn file in /etc/openvpn/config/client directory.

how can i fix that? I only want to use Wireguard.

This happens if you enable both openvpn and wireguard at the same time.
Should never happen unless you try to fiddle with settings yourself without the GUI.
So how does the openvpn log look when this happens?
 
Hello,

Just got into this beta mainly to run AdGuard Home. I was running PiHole but I thought it was time to move th AdGuard straight on the router.
I read all 19 pages here and it seems a lot of debugging has been done already. That's probably why it's running pretty stable already. So thanks to all the bug slashers in here. ;)

Now I seem to have some issues, maybe not all directly related to this beta addon but I dare to shoot them here also....

- After a reboot of the router, Adguard starts up but with an empty config and on port 3000. My flow was the following:
1. remove old addon
2. update to latest voxel
3. install addon
4. activate AdGuard as described in the FAQ
5. play around
6. save AdGuard config to USB
7. reboot from ssh

When router was back online, adguard was started but with empty config. I restored from USB backup and all was fine. I do not know if this is expected.


- As I was running pihole in the past, pihole was also my DHCP server. With that came the option to specify the domain name in the DHCP options. As thus, I was able to ping all my devices on their hostname (or FQDN) instead of IP.
Now I have moved back to the default DHCP server in the router. But this DHCP server does not have the option to specify the domain name. So now, all my devices are only known by IP and not on hostname.
I was wondering if you could add an option in Kamoj Addon to add the domain name in the DHCP scope. I saw there are already quiet some settings about DHCP, but not the domain name.

Alternatively: does somebody know where exactly I can add dhcp options for the default DHCP server over CLI? I find a lot of files but I do not know which one is the persistent one.
On my Pihole, it was part of dnsmasq.conf.

Edit: Seems I need to edit /tmp/udhcpd.conf, but I don't know if that file survives a reboot.

Edit2: I also notices that /tmp/udhcpd.leases is completely empty. Wondering where the leases are saved??
Edit2a: seems that the leases are in /tmp/dhcpd_hostlist while the /etc/inint.d/net-lan seems to point to /tmp/udhcpd.leases.
I don't know where /tmp/dhpcd_hostlist is coming from...?

Edit3: Think I got it. I will need to change /etc/init.d/net-lan to include the"domain" option.
But this will probably not survive a firmware upgrade?


Hope somebody can help me out.

KR
 
Last edited:
Hello,

Thank you for the help. I tried to update /etc/dnscrypt-proxy-2.toml earlier but must have made an error when saving it - I was in a hurry at the time. I did get the file modified and it is now using the servers and relays I've specified.

I also saved the modified OpenVPN configs per your instructions and those are now loading and starting up after reboots!

A couple of things I've noticed today:

1. I have several OpenVPN configs. The Router Information page "OpenVPN client name" shows the name of the one that is connected, unless it is the CyberGhost config. When I connect to that VPN the name area is blank. I don't see anything really different with that VPN config, Its not a big deal, but I mention it only in case it may point to some other issues...

2. I still get loss of internet if I have the VPN Killswitch checked. This happens with every provider/config I've tried. Things will run fine but eventually within several hours I will lose connection. The only things out of the ordinary I see in the log is:

2020-06-19 16:50:32 [OpenVPN] openvpn-client 21425: 28865.14:eek:penvpn_kill_switch=
Fri Jun 19 16:50:54 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Fri Jun 19 16:50:54 2020 SIGUSR1[soft,ping-restart] received, process restarting
Fri Jun 19 16:50:59 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jun 19 16:50:59 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]107.161.xx.xx:443
Fri Jun 19 16:50:59 2020 UDP link local: (not bound)
Fri Jun 19 16:50:59 2020 UDP link remote: [AF_INET]107.161.xx.xx:443
2020-06-19 16:51:10 [OpenVPN] Client 12619: 28902.74:Connection is DOWN:
Fri Jun 19 16:51:10 2020 event_wait : Interrupted system call (code=4)
route: SIOC[ADD|DEL]RT: No such process

At this point I stopped and restarted the VPN with the Killswitch left unchecked and things appear to be OK. I don't think I've ever had a loss of connection with the Killswitch off.

Thanks,
BL


If you want to have your configs on both usb and in router you should copy all changes to the usb after each change.
USB takes precedence to internal.
E.g.
Code:
\cp /etc/openvpn/config/client/*   /tmp/mnt/sda1/openvpn-client


Thank you for reporting this bug, my fault not yours!
 
Hello,

Just got into this beta mainly to run AdGuard Home. I was running PiHole but I thought it was time to move th AdGuard straight on the router.
I read all 19 pages here and it seems a lot of debugging has been done already. That's probably why it's running pretty stable already. So thanks to all the bug slashers in here. ;)

Now I seem to have some issues, maybe not all directly related to this beta addon but I dare to shoot them here also....

- After a reboot of the router, Adguard starts up but with an empty config and on port 3000. My flow was the following:
1. remove old addon
2. update to latest voxel
3. install addon
4. activate AdGuard as described in the FAQ
5. play around
6. save AdGuard config to USB
7. reboot from ssh

When router was back online, adguard was started but with empty config. I restored from USB backup and all was fine. I do not know if this is expected.


- As I was running pihole in the past, pihole was also my DHCP server. With that came the option to specify the domain name in the DHCP options. As thus, I was able to ping all my devices on their hostname (or FQDN) instead of IP.
Now I have moved back to the default DHCP server in the router. But this DHCP server does not have the option to specify the domain name. So now, all my devices are only known by IP and not on hostname.
I was wondering if you could add an option in Kamoj Addon to add the domain name in the DHCP scope. I saw there are already quiet some settings about DHCP, but not the domain name.

Alternatively: does somebody know where exactly I can add dhcp options for the default DHCP server over CLI? I find a lot of files but I do not know which one is the persistent one.
On my Pihole, it was part of dnsmasq.conf.

Edit: Seems I need to edit /tmp/udhcpd.conf, but I don't know if that file survives a reboot.

Edit2: I also notices that /tmp/udhcpd.leases is completely empty. Wondering where the leases are saved??

Edit3: Think I got it. I will need to change /etc/init.d/net-lan to include the"domain" option.
But this will probably not survive a firmware upgrade?


Hope somebody can help me out.

KR

I don't know anything about that. I've assumed you can modify DNSMasq (maybe in /etc/dnsmasq-reolv.conf) but I've never looked at it. However, I am sure someone will be along that can help you...

Thanks,
BL
 
fixed it using following commands:

Code:
nvram set kamoj_vpn_client_disabled="1"
nvram comit
nvram unset kamoj_wireguard_client_disabled
nvram comit
right after reboot the wireguard client starts automatically.

Code:
2020-06-19 13:11:22 [OpenVPN] S99openvpn-clie 21632: 75.64:======== rc.common : /etc/rc.common =====================================================
2020-06-19 13:11:22 [OpenVPN] S99openvpn-clie 21632: 75.72:INFO: NO OpenVPN configuration given. Searching for .ovpn files...
2020-06-19 13:11:22 [OpenVPN] S99openvpn-clie 21632: 75.73:Error: No *.ovpn file in /etc/openvpn/config/client directory.

how can i fix that? I only want to use Wireguard.
 
Thank you for reporting and showing the log-file.
The log shows clearly that your vpn connection fails and disconnects.
The Voxel firmware or my add-on is not involved in this disconnection.
The killswitch is working, doing it's job as expected!

I don't know why you have VPN problems, maybe you can contact your VPN provider and ask them for tips?

If you run with killswitch=off, you will not lose internet, but you miss the whole idea with using VPN,
since you are not protected by the encrypted vpn-tunnel.

I'm currently testing a VPN supervision function that will restart the VPN automatically if it fails.
That will probably help you, but I advice you to understand why you get disconnected at OpenVPN-level.

2. I still get loss of internet if I have the VPN Killswitch checked. This happens with every provider/config I've tried. Things will run fine but eventually within several hours I will lose connection. The only things out of the ordinary I see in the log is:

2020-06-19 16:50:32 [OpenVPN] openvpn-client 21425: 28865.14:eek:penvpn_kill_switch=
Fri Jun 19 16:50:54 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Fri Jun 19 16:50:54 2020 SIGUSR1[soft,ping-restart] received, process restarting
Fri Jun 19 16:50:59 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jun 19 16:50:59 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]107.161.xx.xx:443
Fri Jun 19 16:50:59 2020 UDP link local: (not bound)
Fri Jun 19 16:50:59 2020 UDP link remote: [AF_INET]107.161.xx.xx:443
2020-06-19 16:51:10 [OpenVPN] Client 12619: 28902.74:Connection is DOWN:
Fri Jun 19 16:51:10 2020 event_wait : Interrupted system call (code=4)
route: SIOC[ADD|DEL]RT: No such process

At this point I stopped and restarted the VPN with the Killswitch left unchecked and things appear to be OK. I don't think I've ever had a loss of connection with the Killswitch off.
 
Last edited:
  • Like
Reactions: KW.
Thank you for reporting and showing the log-file.
The log shows clearly that your vpn connection fails and disconnects.
The Voxel firmware or my add-on is not involved in this disconnection.
The killswitch is working, doing it's job as expected!

I don't know why you have VPN problems, maybe you can contact your VPN provider and ask them for tips?

If you run with killswitch=off, you will not lose internet, but you miss the whole idea with using VPN,
since your are not protected by the encrypted vpn-tunnel.

I'm currently testing a VPN supervision function that will restart the VPN automatically if it fails.
That will probably help you, but I advice you to understand why you get disconnected at OpenVPN-level.

Thanks for checking Kamoj. I see the same things you do and it puzzles me. Especially since I have the same OpenVPN configs running on a Netgear R8000 / DD-WRT (and previously a Netgear R6300 / Fresh Tomato) on a different network connected to the same modem. I have not noticed any OpenVPN stops or issues on that network.

The v5 add-on was solid with these VPN configs, and that is what has seemed so odd about this. I have a satellite internet connection that is somewhat unreliable and if the VPN drops out I can see what you mean about the Killswitch then doing its job. I look forward to trying the auto OpenVPN reconnect feature. If the OpenVPN connection re-establishes, would the Killswitch then "reset" and allow internet access?

Because it appears that I am the only one with these issues, it certainly seems this is something to do with my system and not the add-on. I will stop reporting these particular instances and continue to investigate with the VPN providers as you suggest. If I do find something I will let you know in case it is of future benefit...

Thanks,
BL
 
I too have had the internet drop out on occasions.I have some devices on bypass and some through the tunnel.The kill switch is off on the router.I have an app for the vpn on my computer and the killswitch was on.I moved my computer from the tunnel to bypass on the gui with the router vpn on and lost all internet wireless and wired.Had to do a factory reset and and reload to get it all back before I summised what had happened.
Today my internet dropped out but the router leds said it was connected .The vpn app on my laptop said connected. The router gui said no internet.....To get it back this time I turned the vpn off on the router and internet came back on. I then turned the vpn back on and all was ok.So there is a conflict somewhere. the reason I have different devices with vpns is so I can go to different countries on whatever device
 
Changes in kamoj-addon beta version 5.3b12
-------------------------------------------------
INFORMATION/WARNING: This is a BETA release for the adventurous only.
It is tested very little, but I release it since I'll be away for some time,
and it's good to get early feedback.
- AdGuard Home: Supervision with restart option added
- DNSCrypt Proxy 2: Supervision with restart option added
- OpenVPN Client: Supervision with restart option added
- Stubby: Supervision with restart option added
- Wireguard Client: Supervision with restart option added
- OpenVPN Client: "No Killswitch for Bypass devices" was lost after reboot
- Wireguard Client: "No Killswitch for Bypass devices" was lost after reboot
- Wireguard Client: Restart now also works if WG is already down. (@R. Gerrits)
Removed the deleting of default route. (@R. Gerrits)
- By-passing cleaned-up and speeded-up. (@R. Gerrits)
- "net-wall rule" removed from most functions
- Many minor fixes
- FAQ.txt updated
The supervision functions "Restart at connection failure",
are meant to restart the "service" when it fails,
and when the DNS / Internet cease to work.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top