Kamoj Kamoj Add-on Beta testing

[R. Gerrits]

@kamoj
I just installed Adguard for the first time (v0.105.0) and currently use Quad9's quad9-dnscrypt-ip4-filter-pri sdns stamp on Upstream Servers with DNSSEC enabled and all green blocklists found here https://firebog.net/.

1. Some URLs (even youtube sometimes) often do not open on first ENTER. When immediately pressed second time (or refreshed) they do. Any thoughs?
2. How can I verify that my DNS queries & answers are indeed encrypted? Do i also need to Enable Encryption on Encryption Settings or this is only if i want secure certificate on my Adguard server webpage? Also what IPs do I need to input on DNS Address of Internet Setup menu of Netgear? Quad9 pri and sec?

1:
If pages do not open on the first attempt, then it usually means that the DNS query timed out. Perhaps AdGuard shows this in the query log? (look at response time on the queries that you know failed.)
Or check the adguard log files.

I think DNScrypt support in AdGuard Home is new since 0.105 -> perhaps it has some bugs??
Or you could try a another provider to see if those also have the timeouts?

2:
via the netgear debug page, you could create a packet capture (best to usb-disk) -> if you open the WAN capture with WireShark, then you can see all the traffic that left the router.
If there is still some unencrypted traffic, it should show as port 53; check with filter (udp.port == 53 or tcp.port == 53)
I think DNScrypt uses tcp port 8443 -> check those packages also with filter tcp.port == 8443
And if you can still see your queries /answers in plain text, then it is not encrypting.

Afaik, the Encryption on the Encryption page is only needed if you want to access the GUI over HTTPS OR if you also want to use DNS-over-HTTPS or DNS-over-TLS between clients on your LAN and the AdGuard Home instance.

DNS servers on the internet page:
Once Adguard Home is stopped (DNS filter set to None in addon), then the DNS servers on the internet page will be used again.
Also, if AdGuard Home is active, the router itself will still use DNS servers from the internet page. (for instance when connecting to a time-server.)

 

[Warlord1981]

1:
If pages do not open on the first attempt, then it usually means that the DNS query timed out. Perhaps AdGuard shows this in the query log? (look at response time on the queries that you know failed.)
Or check the adguard log files.

I think DNScrypt support in AdGuard Home is new since 0.105 -> perhaps it has some bugs??
Or you could try a another provider to see if those also have the timeouts?

2:
via the netgear debug page, you could create a packet capture (best to usb-disk) -> if you open the WAN capture with WireShark, then you can see all the traffic that left the router.
If there is still some unencrypted traffic, it should show as port 53; check with filter (udp.port == 53 or tcp.port == 53)
I think DNScrypt uses tcp port 8443 -> check those packages also with filter tcp.port == 8443
And if you can still see your queries /answers in plain text, then it is not encrypting.

Afaik, the Encryption on the Encryption page is only needed if you want to access the GUI over HTTPS OR if you also want to use DNS-over-HTTPS or DNS-over-TLS between clients on your LAN and the AdGuard Home instance.

DNS servers on the internet page:
Once Adguard Home is stopped (DNS filter set to None in addon), then the DNS servers on the internet page will be used again.
Also, if AdGuard Home is active, the router itself will still use DNS servers from the internet page. (for instance when connecting to a time-server.)

Thank you for your reply.

1. I will test and revert. The only thing i noticed additionally the last few hours and at certain times, is that addresses are not resolved at all on pc and at the same moment my android phone reports no internet on the wifi connection. Only Solution is to go on DNS Privacy/Ad-Blocking and select none and then Adguard back.

2. Just captured a dns query to twitter.com directly with Wireshark on my PC's eth port and the whole negotiation happens on tcp:53 and everything is visible. When i filter with tcp.port == 8443 i get no results. Therefore the queries are not encrypted.

I have only the below Upstream Server, which is the stamp of Quad9 anycast ip4-dnssec-nofilter taken from dnscrypt.info:

sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0

Also the following Bootstrap Servers:

9.9.9.9
149.112.112.9
2620:fe::9
2620:fe::fe:10

And of course DNSSEC enabled.

 

[R. Gerrits]

2. Just captured a dns query to twitter.com directly with Wireshark on my PC's eth port and the whole negotiation happens on tcp:53 and everything is visible. When i filter with tcp.port == 8443 i get no results. Therefore the queries are not encrypted.

if you use WireShark directly on your pc, you only see the traffic between PC and AdGuard -> this indeed is normal unencrypted dns. (unless you install a cerficate in Adguard and configure your PC to also use DoH or DoT.)

Only the traffic from AdGuard to the upstream DNS server would be encrypted.
Hence you need to do the packet capture on the router.

 

[Warlord1981]

if you use WireShark directly on your pc, you only see the traffic between PC and AdGuard -> this indeed is normal unencrypted dns. (unless you install a cerficate in Adguard and configure your PC to also use DoH or DoT.)

Only the traffic from AdGuard to the upstream DNS server would be encrypted.
Hence you need to do the packet capture on the router.

Thank you for your help!

Regarding Point 1.

Used DoT server of Cloudflare this time and I get the same behavior. Random pages do not open at random times but do open on directly next refresh, and sometimes Adguard gets unresponsive, does not resolve anytrhing and requires disable/enable.
I even left only one Blocklist active (Adguard default) with the same result.
Maybe Adguard is too much for our Router's power? All router stats seem ok though. No congestion anywhere.

EDIT: Using top2 while Adguard got unresponsive once more just now, I noticed 90+% CPU0 Usage of process AdGuardHome ..



Regarding Point 2.

I figured since Cloudflare is faster for me than Quad9 and since all the filtering/adblocking/malware blocking is performed on Adguard-side with the help of blocklists, I do not need the default filtering of Quad9 so I used Cloudflare's DoT server as Upstream DNS server and testing with Clouflare's ESNI checker at https://www.cloudflare.com/ssl/encrypted-sni/ I get below results, which mean dns negotiation is indeed encrypted? Do I need ESNI as well?

 

[R. Gerrits]

Regarding ESNI, I guess it depends on what you try to achieve / from whom you try to hide stuff... Anyways it would be a browser setting and have nothing to do with the router.

When it hangs, can you then also see something in the adguard log? (/tmp/log/AdGuardHome.log or check via kamoj addon)
If you don't see anything useful there, then you could also try enabling enhanced logging.

I've never experienced the lookup timeouts. But I'm also not using the DNScrypt function. I just have Adguard use my ISP DNS-servers (I trust my ISP). I use it solely for the Adblocking purpose.

I think I do might have the occasional hang, because in /var/log/adguard_home.log I see this:

root@R7800:~$ cat /var/log/adguard_home.log 
[2021-02-10 21:57:14] [ADGUARD] [RESTART] 2485: 43963.53:ADGUARD supervision: restarting
[2021-02-11 10:42:14] [ADGUARD] [RESTART] 15783: 89864.15:ADGUARD supervision: restarting
[2021-02-11 22:47:14] [ADGUARD] [RESTART] 12163: 133364.73:ADGUARD supervision: restarting
[2021-02-12 10:48:14] [ADGUARD] [RESTART] 2072: 176624.35:ADGUARD supervision: restarting

So it suggests that Kamoj's supervision about every 12 hours thinks that Adguard is hanging or is stopped, and restarts it.
But all these times, I didn't notice it.

 

[OcramSagev]

I'm having a problem with the mobile app (IOS) not being able to "see" the router after installing the latest add-on. I'm running the R7800 in AP mode. I saw a previous post that recommends to logon/logout of the app but that did not work for me.
Latest Voxel fw has a bug that can make the R7800 reboot in AP mode. I posted the problem in another thread and Voxel mentioned that Kamoj had reported the bug already and the fix will be in the next release.
In the meantime, he recommends that I turn off the readycloud this way:
nvram set nocloud=1
nvram set nokwilt=1
nvram commit

Any ideas on how I can get the mobile app to see the router with Kamoj add-on installed?
(Without the kamoj add-on I have no problem seeing the router in AP mode, even with the settings recommended by Voxel)

 

[sppmaster]

Thank you for the interesting report. Well done.

What I would like is the output from console of the commands: ps2 and ps -www

Changes between b19 and b20 are minimal and should not cause these kind of issue.

Make sure to switch off QoS.

PS
The full oisd block list contains >1.1 million entries, so quite much more than you might expect.

After just checking several times the options in System Information page of @kamoj add-on I've got no information from any field/command there and the CPU usage ramp up to 60-70%.

  PID USER     STATUS   RSS  PPID %CPU %MEM COMMAND
32188 root     R N     1296 31368 26.7  0.2 kamoj.sh
24434 root     SW         0     2  1.7  0.0 kworker/0:0
6050 root     S        572     1  0.2  0.1 addon_info_upda
4906 root     S N      444     1  0.2  0.0 top
8116 root     S N      444     1  0.2  0.0 top
1895 root     S        956     1  0.1  0.1 haveged
1377 root     S        496     1  0.1  0.1 datalib
28525 root     S N      448     1  0.1  0.0 top
2660 root     S N      444     1  0.1  0.0 top
2716 root     S N      444     1  0.1  0.0 top
31712 root     S N      444 31368  0.1  0.0 top
5488 root     R        440  4870  0.1  0.0 top
5681 root     RW         0     2  0.1  0.0 kworker/u:4
4491 root     DW         0     2  0.1  0.0 kworker/u:0
20760 root     S      12368     1  0.0  2.5 dnscrypt-proxy-
31368 root     S N     1324     1  0.0  0.2 kamoj.sh
5034 root     S       1176     1  0.0  0.2 avahi-daemon
5718 root     S        964     1  0.0  0.1 hostapd
5024 root     S        964     1  0.0  0.1 hostapd
20845 guest    S        908     1  0.0  0.1 dnsmasq
4961 root     S        756     1  0.0  0.1 dbus-daemon

Lots of Top processes.

I've sent you a PM with a link to check the ps2 and ps -www output.

 

[kamoj]

I don't know anything about your IOS app not seeing the router.
I don't use mobile apps or iPhone, so I can not help.

So please be systematic and try to find out which settings that causes this - if any:
Make a factory reset and do not restore saved settings.
Install the add-on without making any settings. Switch off Bandwidth Monitor.

The bug you talk about is corrected in the kamoj add-on since long time ago.

I'm having a problem with the mobile app (IOS) not being able to "see" the router after installing the latest add-on. I'm running the R7800 in AP mode. I saw a previous post that recommends to logon/logout of the app but that did not work for me.
Latest Voxel fw has a bug that can make the R7800 reboot in AP mode. I posted the problem in another thread and Voxel mentioned that Kamoj had reported the bug already and the fix will be in the next release.
In the meantime, he recommends that I turn off the readycloud this way:
nvram set nocloud=1
nvram set nokwilt=1
nvram commit

Any ideas on how I can get the mobile app to see the router with Kamoj add-on installed?
(Without the kamoj add-on I have no problem seeing the router in AP mode, even with the settings recommended by Voxel)

 

[kamoj]

The "high cpu load" is caused by your measurements and running multiple simultaneous top+ps show from the add-on GUI.
So there is really no high cpu load in your case.

I'll PM you more details, and make some changes to next release, making your add-on experience better.

After just checking several times the options in System Information page of @kamoj add-on I've got no information from any field/command there and the CPU usage ramp up to 60-70%.

  PID USER     STATUS   RSS  PPID %CPU %MEM COMMAND
32188 root     R N     1296 31368 26.7  0.2 kamoj.sh
24434 root     SW         0     2  1.7  0.0 kworker/0:0
6050 root     S        572     1  0.2  0.1 addon_info_upda
4906 root     S N      444     1  0.2  0.0 top
8116 root     S N      444     1  0.2  0.0 top
1895 root     S        956     1  0.1  0.1 haveged
1377 root     S        496     1  0.1  0.1 datalib
28525 root     S N      448     1  0.1  0.0 top
2660 root     S N      444     1  0.1  0.0 top
2716 root     S N      444     1  0.1  0.0 top
31712 root     S N      444 31368  0.1  0.0 top
5488 root     R        440  4870  0.1  0.0 top
5681 root     RW         0     2  0.1  0.0 kworker/u:4
4491 root     DW         0     2  0.1  0.0 kworker/u:0
20760 root     S      12368     1  0.0  2.5 dnscrypt-proxy-
31368 root     S N     1324     1  0.0  0.2 kamoj.sh
5034 root     S       1176     1  0.0  0.2 avahi-daemon
5718 root     S        964     1  0.0  0.1 hostapd
5024 root     S        964     1  0.0  0.1 hostapd
20845 guest    S        908     1  0.0  0.1 dnsmasq
4961 root     S        756     1  0.0  0.1 dbus-daemon

Lots of Top processes.

I've sent you a PM with a link to check the ps2 and ps -www output.

 

[kamoj]

Thank you for your attitude!
Since you have been very helpful and active here in the forum, I'll give you oisd (Wildcard variant(s)) in next release.

Guyz after a small research I see that one of the best dns blocklists is dbl.oisd.nl.

So i left all default Kamoj lists de-selected and pressed Get Own Blacklist and put the url there and pressed Save own blacklist and then Submit. However I see no blocking of ads as well as no space takin on system disk (this list is big). I tried either as dbl.oisd.nl or https://dbl.oisd.nl/ with the same result. Any advice?

 

[Warlord1981]

Thank you for your attitude!
Since you have been very helpful and active here in the forum, I'll give you oisd (Wildcard variant(s)) in next release.

Much appreciated dear Kamoj, the reason I propose this list is that despite being big it does not have false positives. However still it is not for our Router as it takes all RAM.

Regarding my Adguard issue above, I think I found the solution, will keep testing and if all goes well I will post my findings.

 

[R. Gerrits]

Regarding my Adguard issue above, I think I found the solution, will keep testing and if all goes well I will post my findings.

I'm very curious what you think you found.

Here Adguard keeps continuing the twice per day restart by supervision:

root@R7800:~$ cat /tmp/log/adguard_home.log
[2021-02-10 21:57:14] [ADGUARD] [RESTART] 2485: 43963.53:ADGUARD supervision: restarting
[2021-02-11 10:42:14] [ADGUARD] [RESTART] 15783: 89864.15:ADGUARD supervision: restarting
[2021-02-11 22:47:14] [ADGUARD] [RESTART] 12163: 133364.73:ADGUARD supervision: restarting
[2021-02-12 10:48:14] [ADGUARD] [RESTART] 2072: 176624.35:ADGUARD supervision: restarting
[2021-02-12 22:52:15] [ADGUARD] [RESTART] 30791: 220065.05:ADGUARD supervision: restarting
[2021-02-13 10:53:14] [ADGUARD] [RESTART] 23723: 263324.76:ADGUARD supervision: restarting
[2021-02-13 22:54:14] [ADGUARD] [RESTART] 7451: 306584.53:ADGUARD supervision: restarting
[2021-02-14 10:55:15] [ADGUARD] [RESTART] 31297: 349845.11:ADGUARD supervision: restarting

I supect that at the same time also my ssh session gets kicked with a broken pipe. I'll try watching it more closely tonight.

 

[sppmaster]

I have currently this observation. When I start a bittorrent client from Windows PC (not downloading anything but just seeding several torrents with very low speed of 512KBps) then I have high CPU usage 50-60% to 100%. At this stage continuing between 10-15 minutes and maybe hours I'm unable to open the Router Information page (The CGI script took too long to produce a response), I cannot view anything using Top from System Information page. Last night I was unable to open even a single web page. At the same time I couldn't login to the Web GUI and I lost connection to the 5GHz WLAN. Router recovered around 10 minutes later. As I write this message finally I successfully opened the router information page (trying for 15 minutes) and still see 60% CPU load and a minute later I cannot open the page.

After a few hours tried the same pattern with torrent client - same result 100% CPU usage more than 15 minutes. Not a single command from System Information page works - all blank fields. Slow opening of web pages. Top from console shows nothing useful.
Second checking 15 minutes later (torrent client closed 10 minutes before that) gives kamoj.sh with 40% CPU usage with high CPU temperature.
Tried all of this 3 more times during the last 2 hours and the situation is the same. From the last attempt I can hardly use 5 GHz - Ookla speedtest very slow connection from Android phone just 4 meters from router, ping above 100ms and ridiculously slow down/up (30/6 Mbps) speeds.
Closing the torrent at least resolves this after 5 minutes but I never had such a problem with routers that have really low specs compared to R7800 hardware.

 

[n1llam1]

Hello everyone,

I am new to the Kamoj add-on V5.4b20. I was previously using the 5.00 beta with Voxel V1.0.2.82.1SF for an R7800 operating in AP mode.

I uninstalled the 5.00 beta, rebooted, installed V5.4b20 and then rebooted.

I am able to go into Advance->Kamoj Menu->Router Information page to display information about the router.

When I click on the Auto Refresh checkbox, the router immediately prompts for the admin credentials again, even though my session has not expired.

It appears that the browser is requesting for this URL:

http://<router_address>/cgi-bin/kamoj.cgi?addon_auto_refresh=kamoj&auto_refresh_onoff=on&auto_refresh_time=10

but the admin password is not accepted.

After attempting to use the admin credentials 3 times, the browser gives up on the request for /cgi-bin/kamoj.cgi and then prompts for credentials one more time (accepting the admin credentials this time) before displaying the router information page.

Does anyone know why requests for scripts under /cgi-bin could end up not accepting the same admin credentials and how this issue can be resolved?

Thanks in advance.

P.S. I checked another R7800 still using the 5.00 beta with Voxel V1.0.2.82.1SF in router mode and it has the same issue. I have previously seen this issue with stock Netgear firmware when trying to display the list of Attached Devices while QoS was enabled. Both of my R7800 devices currently have QoS disabled.

 

[OcramSagev]

I don't know anything about your IOS app not seeing the router.
I don't use mobile apps or iPhone, so I can not help.

So please be systematic and try to find out which settings that causes this - if any:
Make a factory reset and do not restore saved settings.
Install the add-on without making any settings. Switch off Bandwidth Monitor.

The bug you talk about is corrected in the kamoj add-on since long time ago.

Kamoj: The error was fixed by Voxel in the .80 release but he forgot to add the fix after the .80 release. This means the fix is not "live" in the latest releases. Please see Voxel's answer #53 in this link

Voxel - Custom firmware build for R7800 v. 1.0.2.82SF & v. 1.0.2.82.1SF & v. 1.0.2.82.2SF

just flashed 82.1SF, working fine, thanks Voxel as always.

www.snbforums.com

I 'm being systematic and the IOS app does not work with all the Kamoj settings "erased" (Bandwidth monitor off). I'm reporting a bug in order to help the development. Of course it is your decision to accept or reject the issue for your project and I respect that.

 

[blueliner]

Hello,

Internet connection reliability is always an issue with my terrible internet service (only one available). The latest versions of the Kamoj Add-on have really helped that! However, I finally had an instance on 5.4b20 where I lost internet connection (for several minutes or more) and the router did not restart services to correct it. Typically when this happens, the VPN needs to be restarted and lately Kamoj Add-on has been doing that wonderfully. This time the Netgear /Basic / Home page connection monitor showed "error", yet the Add-on OpenVPN status was "connected". Router information showed numerous ping failures which is not unusual, and it appears that various restarts occurred earlier. Related or not, the other odd occurrence was DNSSEC failures reported on all servers in the DNSCrypt log - never seen those before. I did not have DNSMasq extended logging enabled.

This time was like some previous instances that I thought had gone away with since 5.4b19 (?). In these cases, the Add-on OpenVPN status shows green/connected, yet the Netgear / Basic / Home page connection monitor shows "error". A manual restart of the VPN has always corrected the problem (as it did this time). I can't recall if the Add-on looks at the Netgear connection status or if that inaccessible? It seems to be a highly accurate indicator of connection issues on my router as in the past it has always showed error when I loose non-VPN connections.

I assume this is some kind of DNS failure as some devices already connected via their own VPN (like phones with VPN apps) may still work when I have this type of connection failure. I assume that is true for other devices that do not bypass the router VPN but I don't interact with those a lot so can't say for certain. My router DNS is pointed to outside sources (9.9.9.9, etc.) instead of my PiHoles running DNSCrypt. Interestingly though, my NUC running its own VPN seems to have independent connection failures requiring a VPN restart too, and this is something new. It is the only device with those issues so I assume it is unrelated...

Anyway, I have attached OpenVPN, DNSCrypt and Supervision logs in case they may be of use.

Update: I checked the Netgear / Basic / Home page to make sure I had it properly identified before sending this... and the connection was down again. I was on a device with its own VPN and it still had internet. The connection was back up before I could try other devices. None of the logs showed anything...maybe I am barking up the wrong tree?

Thanks,
BL

 

[kamoj]

1). Read the FAQ.txt
2). Close the page/tab with Router Information.
3). Use a password without "special" characters, especially not "$" and "*".
4). Don't use Router Information and auto refresh until login is working.

Hello everyone,

I am new to the Kamoj add-on V5.4b20. I was previously using the 5.00 beta with Voxel V1.0.2.82.1SF for an R7800 operating in AP mode.

I uninstalled the 5.00 beta, rebooted, installed V5.4b20 and then rebooted.

I am able to go into Advance->Kamoj Menu->Router Information page to display information about the router.

When I click on the Auto Refresh checkbox, the router immediately prompts for the admin credentials again, even though my session has not expired.

It appears that the browser is requesting for this URL:

http://<router_address>/cgi-bin/kamoj.cgi?addon_auto_refresh=kamoj&auto_refresh_onoff=on&auto_refresh_time=10

but the admin password is not accepted.

After attempting to use the admin credentials 3 times, the browser gives up on the request for /cgi-bin/kamoj.cgi and then prompts for credentials one more time (accepting the admin credentials this time) before displaying the router information page.

Does anyone know why requests for scripts under /cgi-bin could end up not accepting the same admin credentials and how this issue can be resolved?

Thanks in advance.

P.S. I checked another R7800 still using the 5.00 beta with Voxel V1.0.2.82.1SF in router mode and it has the same issue. I have previously seen this issue with stock Netgear firmware when trying to display the list of Attached Devices while QoS was enabled. Both of my R7800 devices currently have QoS disabled.

 

[kamoj]

Not sure what you want to say.
The add-on overrides/patches and adds a quite a lot of files (75+),

Hello,

Internet connection reliability is always an issue with my terrible internet service (only one available). The latest versions of the Kamoj Add-on have really helped that! However, I finally had an instance on 5.4b20 where I lost internet connection (for several minutes or more) and the router did not restart services to correct it. Typically when this happens, the VPN needs to be restarted and lately Kamoj Add-on has been doing that wonderfully. This time the Netgear /Basic / Home page connection monitor showed "error", yet the Add-on OpenVPN status was "connected". Router information showed numerous ping failures which is not unusual, and it appears that various restarts occurred earlier. Related or not, the other odd occurrence was DNSSEC failures reported on all servers in the DNSCrypt log - never seen those before. I did not have DNSMasq extended logging enabled.

This time was like some previous instances that I thought had gone away with since 5.4b19 (?). In these cases, the Add-on OpenVPN status shows green/connected, yet the Netgear / Basic / Home page connection monitor shows "error". A manual restart of the VPN has always corrected the problem (as it did this time). I can't recall if the Add-on looks at the Netgear connection status or if that inaccessible? It seems to be a highly accurate indicator of connection issues on my router as in the past it has always showed error when I loose non-VPN connections.

I assume this is some kind of DNS failure as some devices already connected via their own VPN (like phones with VPN apps) may still work when I have this type of connection failure. I assume that is true for other devices that do not bypass the router VPN but I don't interact with those a lot so can't say for certain. My router DNS is pointed to outside sources (9.9.9.9, etc.) instead of my PiHoles running DNSCrypt. Interestingly though, my NUC running its own VPN seems to have independent connection failures requiring a VPN restart too, and this is something new. It is the only device with those issues so I assume it is unrelated...

Anyway, I have attached OpenVPN, DNSCrypt and Supervision logs in case they may be of use.

Update: I checked the Netgear / Basic / Home page to make sure I had it properly identified before sending this... and the connection was down again. I was on a device with its own VPN and it still had internet. The connection was back up before I could try other devices. None of the logs showed anything...maybe I am barking up the wrong tree?

Thanks,
BL

e.g. is the fix I guess you write about covered by the add-on since long time ago (5.3b19, from 2020-07-27).
So its "live" if you use the add-on.

If I had an iPhone I could look into your problem - of course.
Maybe you can find someone else with IOS that can help with this "does not work" thing, and figure out what is wrong.

Thank you.

Kamoj: The error was fixed by Voxel in the .80 release but he forgot to add the fix after the .80 release. This means the fix is not "live" in the latest releases. Please see Voxel's answer #53 in this link

Voxel - Custom firmware build for R7800 v. 1.0.2.82SF & v. 1.0.2.82.1SF & v. 1.0.2.82.2SF

just flashed 82.1SF, working fine, thanks Voxel as always.

www.snbforums.com

I 'm being systematic and the IOS app does not work with all the Kamoj settings "erased" (Bandwidth monitor off). I'm reporting a bug in order to help the development. Of course it is your decision to accept or reject the issue for your project and I respect that.

 

[kamoj]

Thank you again for all information and descriptions!

The "Netgear / Basic / Home page" tries to connect to Netgear servers.
The add-on do more than that, and maybe outsmarts itself sometimes?
E.g. when "internet connection" (ping to selected servers) fails, (if reboot is enabled)
it pings the wan_dhcp_gateway , and if it reachable, logs "ERROR: INTERNET connection FAILED. But wan_dhcp_gateway xxx.xxx.xxx.xxx is reachable: rebooting.."
The idea is to not reboot if your ISP/Modem is not connectable either, as if the modem is off or you network wan-cable is out.
(Even when using VPN, the wan_dhcp_gateway is outside the tunnel).

In your logs I see the add-on restarts you VPN many times, and succeeds every time,
but since your log is over several days it's hard to know.
If the DNSCrypt fails to connect it's servers you should still be able to ping e.g. 8.8.8.8.
Did you try to do that from a router prompt?

Another thing:
I don't know what you mean with "the routers DNS is pointed...".
When you run DNSCrypt those settings are overruled, and DNSCrypts own fallback servers are used.
Also DNSMasq is not used for DNS at all when using DNSCrypt.

If you want to test "internet" connection the Netgear way, try this example:

if ! detcable show | grep -qc "WAN  : Plug off"; then echo DOWN;fi

Stay safe!

Hello,

Internet connection reliability is always an issue with my terrible internet service (only one available). The latest versions of the Kamoj Add-on have really helped that! However, I finally had an instance on 5.4b20 where I lost internet connection (for several minutes or more) and the router did not restart services to correct it. Typically when this happens, the VPN needs to be restarted and lately Kamoj Add-on has been doing that wonderfully. This time the Netgear /Basic / Home page connection monitor showed "error", yet the Add-on OpenVPN status was "connected". Router information showed numerous ping failures which is not unusual, and it appears that various restarts occurred earlier. Related or not, the other odd occurrence was DNSSEC failures reported on all servers in the DNSCrypt log - never seen those before. I did not have DNSMasq extended logging enabled.

This time was like some previous instances that I thought had gone away with since 5.4b19 (?). In these cases, the Add-on OpenVPN status shows green/connected, yet the Netgear / Basic / Home page connection monitor shows "error". A manual restart of the VPN has always corrected the problem (as it did this time). I can't recall if the Add-on looks at the Netgear connection status or if that inaccessible? It seems to be a highly accurate indicator of connection issues on my router as in the past it has always showed error when I loose non-VPN connections.

I assume this is some kind of DNS failure as some devices already connected via their own VPN (like phones with VPN apps) may still work when I have this type of connection failure. I assume that is true for other devices that do not bypass the router VPN but I don't interact with those a lot so can't say for certain. My router DNS is pointed to outside sources (9.9.9.9, etc.) instead of my PiHoles running DNSCrypt. Interestingly though, my NUC running its own VPN seems to have independent connection failures requiring a VPN restart too, and this is something new. It is the only device with those issues so I assume it is unrelated...

Anyway, I have attached OpenVPN, DNSCrypt and Supervision logs in case they may be of use.

Update: I checked the Netgear / Basic / Home page to make sure I had it properly identified before sending this... and the connection was down again. I was on a device with its own VPN and it still had internet. The connection was back up before I could try other devices. None of the logs showed anything...maybe I am barking up the wrong tree?

Thanks,
BL

 

[n1llam1]

1). Read the FAQ.txt
2). Close the page/tab with Router Information.
3). Use a password without "special" characters, especially not "$" and "*".
4). Don't use Router Information and auto refresh until login is working.

Thank you for the pointers Kamoj. I was able to follow your steps to resolve this issue.

That has also enabled me to use the Settings page functionality. Previously I was able to display the Setting page but was not able to use its features because it makes use of /cgi-bin requests.

As I was updating Settings in the "Set Programs & Services on / off" section, I noticed that when I clicked on the "Disable Transmission torrent client" checkbox, either to check or uncheck, my browser does not remain on Settings page , as compared to clicking on the other checkboxes. The browser refreshes to the /adv_index.htm instead. Not sure if this is intended behavior. I would have expected for the Settings page to remain.

Thanks again.