What's new

Kamoj Kamoj Add-on Beta testing II

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

They show how many times the flash memory blocks have been written to.
Thanks for the links I've checked some of them previously but just wonder because on another R7800 I have seen this.
1628847986775.png

Basically 2/1 is what?
Does firmware update (flash) wear out the flash memory.
 
As a continuation to my previous post I can say that after playing with another R7800 I've observed the following:
I've used the configuration file with settings from my R7800 (@Voxel firmware and @kamoj add-on) router to transfer the settings to another R7800.
Then I received the above info (picture from my previous post) from the plugin - Flash memory chip - Micron.
I've noticed initially (before the configuration transfer) that the add-on said Flash memory chip was - SkyHigh/Cypress/AMD/Spansion S34MS01G2.
I've uninstalled the add-on, reset the R7800 settings and then installed the add-on again and then got this
1628855887284.png

So I assume that using the backup file from one R7800 to transfer the settings to another R7800 (which may have another Flash memory chip type) is not good/compatible.
Is this so?
And the value 2/1 means nothing to me.
 
Last edited:
As a continuation to my previous post I can say that after playing with another R7800 I've observed the following:
I've used the configuration file with settings from my R7800 (@Voxel firmware and @kamoj add-on) router to transfer the settings to another R7800.
Then I received the above info (pictire from my previous post) from the plugin - Flash memory chip - Micron.
I've noticed initially (before the configuration transfer) that the add-on said Flash memory chip was - SkyHigh/Cypress/AMD/Spansion S34MS01G2.
I've uninstalled the add-on, reset the R7800 settings and then installed the add-on again and then got this
View attachment 35687
So I assume that using the backup file from one R7800 to transfer the settings to another R7800 (which may have another Flash memory chip type) is not good/compatible.
Is this so?
And the value 2/1 means nothing to me.
2/1 means that the mean wear of the flash is "1" writing,
and the most weared block has "2" in wear, i.e. written to twice as many times..

The add-on get the flash type once only, to not wear nvram.

To install/restore a backup from another router is a "dangerous thing" that I would never do.
(Not all info is stored in nvram, so there will be mismatch between nvram and other "hidden" settings, e.g. region, serial number, passwords a.o.)

If you read the links, you will find there are wrongs ways to handle the router that "resets" the built-in flash wear protection.
Possibly changing between DD-Wrt/Voxel/Netgear/OpenWRT can zero the counters etc. Depends on the Firmware write scheme tools.
I e.g. the dd command is used, the flash wear counter will be lost and you can get unexpected bad blocks and router failures.
PS
You are a "good"/"advanced" beta-tester!
Have added more to "flash info" in next version for you! :cool:
 
And of course there is no way to read the content of the R7800 .cfg file that is encrypted. So at least I would know what the file contained and what was probably messed with.
I found there are tools on github for Orbi. Does anyone know such a tool for R7800?
I love to read readmes but I think this should be clearly mentioned elsewhere, because if anyone have a configuration backup of the router settings and take a new router (maybe because the old router just failed) and decide to restore the settings to the new router, he/she risks to mess the things. In this case this kind of backup is almost useless.
It is the most stupid thing if the .cfg backup file contains anything different (as you say "hidden" settings, e.g. region, serial number, passwords) from just configuration files of the services and that may hinder the normal router work, settings, etc.
 
Last edited:
And of course there is no way to read the content of the R7800 .cfg file that is encrypted. So at least I would know what the file contained and what was probably messed with.
I found there are tools on github for Orbi. Does anyone know such a tool for R7800?
I love to read readmes but I think this should be clearly mentioned elsewhere, because if anyone have a configuration backup of the router settings and take a new router (maybe because the old router just failed) and decide to restore the settings to the new router, he/she risks to mess the things. In this case this kind of backup is almost useless.
It is the most stupid thing if the .cfg backup file contains anything different (as you say "hidden" settings, e.g. region, serial number, passwords) from just configuration files of the services and that may hinder the normal router work, settings, etc.
I've tried a few tools for decrypting the R7800 .cfg file - without success.
You can manually create a text-file with all nvram parameters:

Code:
#Create readable nvram backup:
nvram show | grep -v "^size:" >/tmp/nvram.txt

#Create readable sorted nvram backup:
nvram show | grep -v "^size:" | sort >/tmp/nvram.txt

#Create restorable nvram backup:
nvram backup /tmp/nvram.cfg

#List backup files:
ls -l /tmp/nvram.*
-rw-r--r--    1 root     root        42436 Aug 14 11:56 /tmp/nvram.cfg
-rw-r--r--    1 root     root        42420 Aug 14 11:56 /tmp/nvram.txt
The size of the readable and encrypted file differs only 16 bytes.
Probably someone like @Voxel could figure out how the encryption/decryption is done.
 
I wonder if there is any step by step guide on how to easily configure DOH or DOT having DNS domain URL from non famous provider? I have Synology router rt2600ac in another place and it is a breeze, custom DOH setting can be configured on LAN page with 2 clicks.... But it doesn't have Wireguard client.

To be precise I started using controld.com which I highly recommend to try out - 1 month free full trial. It is a very customizable DNS provider which offers pre-defined filters such as: ad blocking etc (15 filters in total), it can also unblock geo blocked content and allows for custom DNS redirection rules to unblock a service which they don't unblock yet. They have a DNS query log, so it is very easy to build your own "recipe".

Anyway, any help with how to setup DOH and DOT would be appreciated as controld.com only provided DOT and DOH urls, nothing else.
 
I've tried a few tools for decrypting the R7800 .cfg file - without success.
You can manually create a text-file with all nvram parameters:

Code:
#Create readable nvram backup:
nvram show | grep -v "^size:" >/tmp/nvram.txt

#Create readable sorted nvram backup:
nvram show | grep -v "^size:" | sort >/tmp/nvram.txt

#Create restorable nvram backup:
nvram backup /tmp/nvram.cfg

#List backup files:
ls -l /tmp/nvram.*
-rw-r--r--    1 root     root        42436 Aug 14 11:56 /tmp/nvram.cfg
-rw-r--r--    1 root     root        42420 Aug 14 11:56 /tmp/nvram.txt
The size of the readable and encrypted file differs only 16 bytes.
Probably someone like @Voxel could figure out how the encryption/decryption is done.
A command-line tool built from the source code found at this link is able to decrypt the R7800 .cfg file. It was meant for Orbi configuration backups, but works on the R7800 (and probably other models) .cfg files as well.
 
Ver 4b.35 seems to be buggy with device selection bypassing the vpn tunnel. I have tried many times but mostly error, sometimes it works but usually error, I can't select the device that needs to bypass the VPN tunnel for a long time.
P/s:i went back to ver b32 and everything is back to normal. In ver b32, i try to use surfshack vpn but cant, i hope the latest update will help me but it seems things are getting worse. I'm back with Nord vpn and kamoj ver .b32 !
 
Last edited:
A command-line tool built from the source code found at this link is able to decrypt the R7800 .cfg file. It was meant for Orbi configuration backups, but works on the R7800 (and probably other models) .cfg files as well.
Thanks for trying it.
I've looked earlier exactly at this one but didn't have time to try it.
After reading your post I've immediately compiled the tool and can confirm a successful decryption of the R7800 .cfg file. Now we will have a better understanding what's under the hood.
Below are the @kamoj add-on values backed up in the .cfg file
Code:
kamoj_adblock_adaway=1
kamoj_adblock_autoupdate=1
kamoj_adblock_nocoin=1
kamoj_adblock_oisdlight=1
kamoj_adblock_own_whitelist=1
kamoj_adblock_update_time=30 5 * * *
kamoj_adblock_yoyo=1
kamoj_addon_version_reg=5.4b33
kamoj_block_netgear_ngxcld=1
kamoj_congestion_control=yeah
kamoj_cronaegis_command=[ -x /opt/bolemo/scripts/aegis ] && /bin/sh /opt/bolemo/scripts/aegis refresh
kamoj_cronaegis_time=40 13 * * *
kamoj_debug=1
kamoj_disable_NG_Downloader=1
kamoj_disable_ReadyCLOUD=1
kamoj_disable_traffic_meter=1
kamoj_disable_Transmission=1
kamoj_disable_usb_printers=1
kamoj_disable_wps_button=1
kamoj_flash_chip=MT29F1G08ABBEAH4
kamoj_hide_basic_home_wifi_password=1
kamoj_openvpn_client_disabled=1
kamoj_openvpn_rcvbuf=1048576
kamoj_openvpn_sndbuf=786432
kamoj_show_enable_rae_form=1
kamoj_supervision_update_time=0 0 1 1 *
kamoj_top_60G_antennas_temp=0
kamoj_top_60G_radio_temp=0
kamoj_top_cpu_temp=70
kamoj_top_wifi0_temp=69
kamoj_top_wifi1_temp=78
kamoj_ubi_erase_counters=18/4
kamoj_ubi_max_erase_counter=18
kamoj_wireguard_client_disabled=1
Probably kamoj_flash_chip=MT29F1G08ABBEAH4 explains what I got restoring the .cfg file to another router.
kamoj_ubi_erase_counters=18/4 and kamoj_ubi_max_erase_counter=18 are different though.
 
Last edited:
Thanks for trying it.
I've looked earlier exactly at this one but didn't have time to try it.
After reading your post I've immediately compiled the tool and can confirm a successful decryption of the R7800 .cfg file. Now we will have a better understanding what's under the hood.
Below are the @kamoj add-on values backed up in the .cfg file
Code:
kamoj_adblock_adaway=1
kamoj_adblock_autoupdate=1
kamoj_adblock_nocoin=1
kamoj_adblock_oisdlight=1
kamoj_adblock_own_whitelist=1
kamoj_adblock_update_time=30 5 * * *
kamoj_adblock_yoyo=1
kamoj_addon_version_reg=5.4b33
kamoj_block_netgear_ngxcld=1
kamoj_congestion_control=yeah
kamoj_cronaegis_command=[ -x /opt/bolemo/scripts/aegis ] && /bin/sh /opt/bolemo/scripts/aegis refresh
kamoj_cronaegis_time=40 13 * * *
kamoj_debug=1
kamoj_disable_NG_Downloader=1
kamoj_disable_ReadyCLOUD=1
kamoj_disable_traffic_meter=1
kamoj_disable_Transmission=1
kamoj_disable_usb_printers=1
kamoj_disable_wps_button=1
kamoj_flash_chip=MT29F1G08ABBEAH4
kamoj_hide_basic_home_wifi_password=1
kamoj_openvpn_client_disabled=1
kamoj_openvpn_rcvbuf=1048576
kamoj_openvpn_sndbuf=786432
kamoj_show_enable_rae_form=1
kamoj_supervision_update_time=0 0 1 1 *
kamoj_top_60G_antennas_temp=0
kamoj_top_60G_radio_temp=0
kamoj_top_cpu_temp=70
kamoj_top_wifi0_temp=69
kamoj_top_wifi1_temp=78
kamoj_ubi_erase_counters=18/4
kamoj_ubi_max_erase_counter=18
kamoj_wireguard_client_disabled=1
Probably kamoj_flash_chip=MT29F1G08ABBEAH4 explains what I got restoring the .cfg file to another router.
kamoj_ubi_erase_counters=18/4 and kamoj_ubi_max_erase_counter=18 are different though.
Nice and fast action by you!
Can you share the compiled orbicfg ?
FYI: I changed the add-on to re-read the flash type at each boot.
 
Ver 4b.35 seems to be buggy with device selection bypassing the vpn tunnel. I have tried many times but mostly error, sometimes it works but usually error, I can't select the device that needs to bypass the VPN tunnel for a long time.
P/s:i went back to ver b32 and everything is back to normal. In ver b32, i try to use surfshack vpn but cant, i hope the latest update will help me but it seems things are getting worse. I'm back with Nord vpn and kamoj ver .b32 !
I'm sorry you experience some issues.
Since I have no such issues myself, and not have access to surfshark, you need to provide more and specific information on the art of errors.
E.g. contents of the vpn log file.
 
Nice and fast action by you!
Can you share the compiled orbicfg ?
FYI: I changed the add-on to re-read the flash type at each boot.
Of course. Here it is.
Usage - from Author's Github
./orbicfg <config backup (e.g. NETGEAR_Orbi.cfg)>

I've checked and compared all MAC values of the "new" R7800 I've transferred the settings to and the original MAC values are correct (I hoped it was so, at least after resetting to factory defaults) although the .cfg file was created on another R7800 and contained its MAC values.
I think there is nothing wrong if your add-on reads the flash type at boot because reading doesn't wear out the flash memory.
 

Attachments

  • R7800 cfg decrypt tool.tar.xz.txt
    3.7 KB · Views: 90
Last edited:
Of course. Here it is.
Usage - from Author's Github
./orbicfg <config backup (e.g. NETGEAR_Orbi.cfg)>

I've checked and compared all MAC values of the "new" R7800 I've transferred the settings to and the original MAC values are correct (I hoped it was so, at least after resetting to factory defaults) although the .cfg file was created on another R7800 and contained its MAC values.
I think there is nothing wrong if your add-on reads the flash type at boot because reading doesn't wear out the flash memory.
One way to get the "harder" MAC values is to use the artmtd tool, e.g.:
Code:
 artmtd -r mac

Thank you for the compiled orbicfg, but it's probably for an x86 Linux system, and not possible to run in the router ?
 
Hello dear Kamoj. Let's take a look at the VPN client settings in order.
1) In the latest version (Add-on V5.4b35), all connected devices immediately go through the VPN tunel. There is no way to create a priority menu for the required devices. Since VPN providers limit the number of active devices, I suggest that you make a function that will be active for selected devices, regardless of their connection method (or 2.4 GHz or 5 GHz or LAN). After creating and fixing the list of priority devices, you can start editing other devices, according to the type of their connection to the router.
2) After activating Bypass VPN, devices that do not go through the VPN are not displayed in the brown, right window.
3) The (Move selected devices) function does not work, that is, it does not move devices to the right window.
The rest of the functions work great!
Thanks a lot for your work !!!
Best regards to you.
Baursak.
 
Hello dear Kamoj. Let's take a look at the VPN client settings in order.
1) In the latest version (Add-on V5.4b35), all connected devices immediately go through the VPN tunel. There is no way to create a priority menu for the required devices. Since VPN providers limit the number of active devices, I suggest that you make a function that will be active for selected devices, regardless of their connection method (or 2.4 GHz or 5 GHz or LAN). After creating and fixing the list of priority devices, you can start editing other devices, according to the type of their connection to the router.
2) After activating Bypass VPN, devices that do not go through the VPN are not displayed in the brown, right window.
3) The (Move selected devices) function does not work, that is, it does not move devices to the right window.
The rest of the functions work great!
Thanks a lot for your work !!!
Best regards to you.
Baursak.
Actually, if you are using your Router for VPN, it just counts as one device, since the router will just have one connection to the VPN provider. It doesn't matter how many devices that connects via the router, to receive VPN services.
 
I wonder if someone experienced similar to mine behaviour running Wireguard on R9000. I had a little drop out from ISP, where the PPPoE connection has been restarted. Wireguard Client was showing 2x green icon (client on, VPN tunnel status green). There was however no internet connectivity. I checked all the logs and there was no drop in WG session, it is like the WG client did not even know there was no PPPoE connection for a while. When PPPoE connection came back, nothing was working (both ping DNS or IP failed). The moment I unticked the green box to turn off the WG client manually, the internet came back. Enabling it again has restored the VPN connection. I don't have kill switch enabled.

So the question is why is the WG client not monitoring if the internet is up or not? Is this a bug? I do have PersistentKeepalive = 25 in WG config but it seems to be irrelevant. The proper behaviour should be that the moment internet activity is gone, WG client status becomes red and the connection is being re-tried until re-established.

I am running the latest 5.4b35.
 
I wonder if someone experienced similar to mine behaviour running Wireguard on R9000. I had a little drop out from ISP, where the PPPoE connection has been restarted. Wireguard Client was showing 2x green icon (client on, VPN tunnel status green). There was however no internet connectivity. I checked all the logs and there was no drop in WG session, it is like the WG client did not even know there was no PPPoE connection for a while. When PPPoE connection came back, nothing was working (both ping DNS or IP failed). The moment I unticked the green box to turn off the WG client manually, the internet came back. Enabling it again has restored the VPN connection. I don't have kill switch enabled.

So the question is why is the WG client not monitoring if the internet is up or not? Is this a bug? I do have PersistentKeepalive = 25 in WG config but it seems to be irrelevant. The proper behaviour should be that the moment internet activity is gone, WG client status becomes red and the connection is being re-tried until re-established.

I am running the latest 5.4b35.
To me to NOT use killswitch is the same as not using VPN at all. Can you explain your reasoning, please?
Did you check the box for "Reboot router if Internet is down. May reboot every 150th sec. Use with caution"?
Maybe you have some logs to show (restart supervision, extended, wireguard)?
(I'm no oracle and can not guess what your issues come from. As a beta tester, please go deep, and at least show log-files.)

Also please report back in what version something was broken.
Thank you for your report!
 
I wonder if there is any step by step guide on how to easily configure DOH or DOT having DNS domain URL from non famous provider? I have Synology router rt2600ac in another place and it is a breeze, custom DOH setting can be configured on LAN page with 2 clicks.... But it doesn't have Wireguard client.

To be precise I started using controld.com which I highly recommend to try out - 1 month free full trial. It is a very customizable DNS provider which offers pre-defined filters such as: ad blocking etc (15 filters in total), it can also unblock geo blocked content and allows for custom DNS redirection rules to unblock a service which they don't unblock yet. They have a DNS query log, so it is very easy to build your own "recipe".

Anyway, any help with how to setup DOH and DOT would be appreciated as controld.com only provided DOT and DOH urls, nothing else.
Hello,

I had never thought of this! During the beta testing, I found Controld to be an excellent DNS service! After seeing your comment, I tried Controld using AdGuard Home on my R9000. Both DOH and TLS seem to be working (they are the only two DNS servers I am running). I haven't tried it yet using TLS in DNSCrypt... uncertain that it will work there but am going to try anyway.

As far as I know, only the legacy Controld DNS can be used for the main router settings(?).

Best wishes,
BL
 
I wonder if someone experienced similar to mine behaviour running Wireguard on R9000. I had a little drop out from ISP, where the PPPoE connection has been restarted. Wireguard Client was showing 2x green icon (client on, VPN tunnel status green). There was however no internet connectivity. I checked all the logs and there was no drop in WG session, it is like the WG client did not even know there was no PPPoE connection for a while. When PPPoE connection came back, nothing was working (both ping DNS or IP failed). The moment I unticked the green box to turn off the WG client manually, the internet came back. Enabling it again has restored the VPN connection. I don't have kill switch enabled.

So the question is why is the WG client not monitoring if the internet is up or not? Is this a bug? I do have PersistentKeepalive = 25 in WG config but it seems to be irrelevant. The proper behaviour should be that the moment internet activity is gone, WG client status becomes red and the connection is being re-tried until re-established.

I am running the latest 5.4b35.
I seem to recall something similar happening on an earlier add-on version. However my internet drops so often that I wasn't sure this was the case or not. Have you tried the addon_fast_openvpn_supervision.sh via setting kamoj_fast_openvpn_supervison=1?

Kamoj, I have tried that and it appears to work for both OpenVPN and WireGuard - is that correct?

One thing I noticed is that the addon_fast_openvpn_supervision.sh acts a little too aggressive (I think) for my situation. Is the ping timeout derived from kamoj_ping_timeout, or otherwise adjustable withing the script?

Best wishes,
BL
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top