Kamoj Kamoj Addon 5.5 Beta for Netgear R7800/R8900/R9000 with Voxel FW

[Thang]

I tried with dnsmasq but it doesn't seem to respond either !!!??? In the dnsmasq entry I don't see a checkbox to allow it to run as other dns services but maybe it's allowed.

 

[semsem]

Can I use this add on without being a beta teste? Thanks!

 

[L&LD]

@semsem, see post 1 of this thread.

 

[jberry]

Updated new Voxel Firmware from last month:
Router Firmware Version (Voxel) V1.0.4.68HF and Kamoj Add-on V5.5b27

 

[Nagusia]

1. Go to the Kamoj Addon: "OpenVPN Client" menu.
2. Locate "Create/Edit an OpenVPN Client Configuration manually",
3. and select "uk-east-london-ca-version-2.expressnetw.com-1195.ovpn" from the drop-box,
4. and click "Read configuration".
5. Fill in "User Identity/Name" and "Password".
6. Click on "Create/Save VPN configuration".
7. Locate "Select and Run OpenVPN Client Configuration",
8. and select "uk-east-london-ca-version-2.expressnetw.com-1195.ovpn" from the drop-box,
9. and click the green "Start VPN with this" button.

Your connection should be ok within 20 seconds or so.
Check the logs, and provide to me if it's still not working for you.
PS
Your configurations are not lost when you update the kamoj addon.
You can insert a USB-stick in the router and get automatic backup/restore.
"OpenVPN Client - General settings" + "Synchronize configurations with USB-device"

Hi there,
I have an R7800 with Voxel's latest firmware and I just installed Kamoj's addon yesterday (many thanks Kamoj). I have found you need to make some changes to the ovpn file contents for it to work in Kamoj's addon. The following works.
1- Download the ovpn file from ExpressVPN and open in a text editor.
2- Add and make the following changes (in bold):
client
dev tun
fast-io
persist-key
persist-tun
nobind
proto udp
port 1195
remote spain-barcelona-ca-version-2.expressnetw.com
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
remote-cert-tls server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
data-ciphers AES-256-CBC
auth SHA512
sndbuf 524288
rcvbuf 524288
.......
3. Paste the modified text into the 'Create/Edit an OpenVPN Client Configuration manually' section. Fill in the other fields: configuration name, identity, password and click 'create/save' configuration.
4. Then follow instructions 7-10 as above.
I don't know if all the changes are necessary but I simply followed the clues given in the OpenVPN log, and with these changes there don't seem to be any warning or errors given. The OpenVPN client in Kamoj's addon seems to be stricter about the parameters than in other clients I have used (Windows and Android).
Anyway, hope this helps @jrbmw.
Edit: Just realised that the issue dates back to December 21 so was probably sorted out back then. Coincidentally it was the first post I saw in this forum and as I had just been looking at the the problem I jumped the gun. No harm done I guess!

 

[Sean Sauve]

Can anyone help me check swap? I want to make sure that it is still useful after (uninstall Kamoj, update to .27 Voxel and reinstall Kamoj). I can see:

root@R7800-main:/$ ls –l /opt/*
ls: –l: No such file or directory
/opt/bolemo /opt/set-debian.sh

/opt/bin:
ash find localedef.new sh
egrep grep netstat xargs
fgrep locale.new opkg

/opt/etc:
entware_release ld.so.conf profile
fping.conf netdata shadow
group nsswitch.conf shells
group.1 opkg.conf shells.1
health_alarm_notify.conf passwd skel
init.d passwd.1 tc-qos-helper.sh

/opt/home:

/opt/kamoj:
addons

/opt/lib:
ld-2.27.so libmnl.so.0 librt.so.1
ld-linux-armhf.so.3 libmnl.so.0.2.0 libssp.so.0
ld-linux.so.3 libnsl-2.27.so libssp.so.0.0.0
libanl-2.27.so libnsl.so.1 libstdc++.so.6
libanl.so.1 libnss_dns-2.27.so libstdc++.so.6.0.28
libc-2.27.so libnss_dns.so.2 libutil-2.27.so
libc.so.6 libnss_files-2.27.so libutil.so.1
libcidn-2.27.so libnss_files.so.2 libuuid.so.1
libcidn.so.1 libpcprofile.so libuuid.so.1.3.0
libcrypt-2.27.so libpcre.so libuv.so
libcrypt.so.1 libpcre.so.1 libuv.so.1
libdl-2.27.so libpcre.so.1.2.13 libuv.so.1.0.0
libdl.so.2 libpcreposix.so.0 libz.so
libgcc_s.so.1 libpcreposix.so.0.0.7 libz.so.1
libjson-c.so.5 libpthread-2.27.so libz.so.1.2.13
libjson-c.so.5.2.0 libpthread.so.0 netdata
libm-2.27.so libresolv-2.27.so opkg
libm.so.6 libresolv.so.2 upgrade
libmemusage.so librt-2.27.so

/opt/root:

/opt/sbin:
ifconfig netdata route

/opt/scripts:
firewall-start-firewall.sh startscript.sh
firewall-start.sh

/opt/share:
netdata terminfo zoneinfo

/opt/tmp:
opt

/opt/usr:
lib share

/opt/var:
cache lib lock log opkg-lists run

This seems good but on the other hand;

root@R7800-main:/tmp/mnt/sda$ swapon -a
swapon: /etc/fstab: No such file or directory

root@R7800-main:/tmp/mnt/sda$ vmstat
procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 8 24584 233628 53768 0 0 0 0 18 65 3 9 87 0
root@R7800-main:/tmp/mnt/sda$ cat /proc/swaps
Filename Type Size Used Priority
/tmp/mnt/sda/swap file 1048572 8 -1

Disk /dev/sda: 119.24 GiB, 128035676160 bytes, 250069680 sectors
Disk model: Voyager GTX
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

I think I have done something to damage it. Can I mend it somehow ? Also how come even when utilizing Kamoj mount point reset protocol from FAQ one of my r7800's makes the external storage sda1. Yet on another completely seperate unit I receive sda and no protocol can make the standard desired sda1 mount point for the external drive on that specific unit. Whereas on the other one no problem. Maybe it doesn't matter. Maybe it does.

 

[kamoj]

Changes in kamoj-addon beta version 2023-05-12 5.5b28
---------------------------------------------------------------
- DNS Privacy/Ad-Blocking: Added: Aegis. Firewall blocklist. (@HELLO_wORLD)
- Settings: Added: Disable Apple Filing Protocol (AFP) / Netatalk / Time Machine (@Voxel)
- OpenVPN Client : Added again: ExpressVPN (after inspiration and good feedback from @Nagusia)
- OpenVPN Client : Fixed to work again: Azire
- OpenVPN Client : Fixed to work again: Mullvad
- OpenVPN Client : Fixed to work again: PureVPN
- OpenVPN Client : Fixed to work again: TorGuard
- DNSCRYPT: Added Backup/Restore from USB-device (/dnscrypt) for:
Own Blocklist, Own Ip-Blocklist, Own Allowlist
- DNSCRYPT: When Own Whitelist was used, it's content was merged with the Public lists.
- DNSCRYPT: "Delete Own Blacklist" did not always work.
- Router Information: Updated to get correct Netgear release info. (Netgear changed URL)
- Settings: Changed "DHCP DNS Options" to "LAN DNS Options"
- Fixed values that could not be changed: (@jberry)
Supervision: BOOT SETTINGS: Max wait time for Internet: Addon start/Router boot
Supervision: BOOT SETTINGS: Max wait time for Internet: AdGuard Home
- Changed text color to green for some dnscrypt2 logs.
- Changed text color to red for some OpenVPN logs.
- Changed directory for temporary/log files
- Preparations for logrotate
- Minor editorials, e.g.
Changed occurrences of "Blacklist" to "Blocklist" and
Changed occurrences of "Whitelist" to "Allowlist"
(in addon_settings.htm
addon_dnsprivacy.htm
kamoj.sh
dnscrypt-proxy-2)
- FAQ.txt updated

 

[LeKeiser]

Thanx a lot for your new Add-On Mr @kamoj
I'll install it as soon as I get home and let you know how it went

 

[LeKeiser]

Add-On installed, and my 7800 rocks as usual
All the information I look at using your firmware is there, as you surely expected
Great Work Mr @kamoj

 

[Sean Sauve]

Changes in kamoj-addon beta version 2023-05-12 5.5b28
---------------------------------------------------------------
- DNS Privacy/Ad-Blocking: Added: Aegis. Firewall blocklist. (@HELLO_wORLD)
- Settings: Added: Disable Apple Filing Protocol (AFP) / Netatalk / Time Machine (@Voxel)
- OpenVPN Client : Added again: ExpressVPN (after inspiration and good feedback from @Nagusia)
- OpenVPN Client : Fixed to work again: Azire
- OpenVPN Client : Fixed to work again: Mullvad
- OpenVPN Client : Fixed to work again: PureVPN
- OpenVPN Client : Fixed to work again: TorGuard
- DNSCRYPT: Added Backup/Restore from USB-device (/dnscrypt) for:
Own Blocklist, Own Ip-Blocklist, Own Allowlist
- DNSCRYPT: When Own Whitelist was used, it's content was merged with the Public lists.
- DNSCRYPT: "Delete Own Blacklist" did not always work.
- Router Information: Updated to get correct Netgear release info. (Netgear changed URL)
- Settings: Changed "DHCP DNS Options" to "LAN DNS Options"
- Fixed values that could not be changed: (@jberry)

Supervision: BOOT SETTINGS: Max wait time for Internet: Addon start/Router boot
Supervision: BOOT SETTINGS: Max wait time for Internet: AdGuard Home
- Changed text color to green for some dnscrypt2 logs.
- Changed text color to red for some OpenVPN logs.
- Changed directory for temporary/log files
- Preparations for logrotate
- Minor editorials, e.g.
Changed occurrences of "Blacklist" to "Blocklist" and
Changed occurrences of "Whitelist" to "Allowlist"
(in addon_settings.htm
addon_dnsprivacy.htm
kamoj.sh
dnscrypt-pro

root@R7800-main:/$ /bin/opkg install -V1 --force-overwrite \kamoj-addon_220910-135011-5.5b28_ipq806x.ipk
Collected errors:
* deb_extract: kamoj-addon_220910-135011-5.5b28_ipq806x.ipk: invalid magic
* pkg_init_from_file: Failed to extract control file from kamoj-addon_220910-135011-5.5b28_ipq806x.ipk.
root@R7800-main:/$

Thank you so much Kamoj !!! I can't install yet though ...

What did I do wrong this time ? Feel like such a stooge .. haha

 

[LeKeiser]

Have you tried downloading it again ? What's the exact size of the file ?

 

[Sean Sauve]

Curl'd it wrong my bad ...

Still cant fix my USB swap file .. it's stuck and memory is full if you can help..

 

[jberry]

Using Router Firmware Version (Voxel) V1.0.4.68HF and Kamoj Add-on V5.5b28
values for
Supervision: BOOT SETTINGS: Max wait time for Internet: Addon start/Router boot
Supervision: BOOT SETTINGS: Max wait time for Internet: AdGuard Home
Can be changed via GUI
Thanks @kamoj !!

 

[Sean Sauve]

@kamoj I have finally figured out what causes Adguard to fail. if you use Show idle devices in device lists (Reboot router to enable) option Kamoj settings it breaks adguard and causes 404 and adguard cannot be accessed. This has been my nightmare. Perhaps prevent them both from being used at once ?

Thank you

 

[R. Gerrits]

also curious what @kamoj has to say about this.

I myself cannot think of any reason for Adguard Home to fail with this option.

The only thing that this effectively seems to do, is continuously doing this loop:
- delete /tmp/addons/showidledevices.txt
- try to ping all IP-addresses in your network ( .1 till .254), one after the other, with a small usleep in between;
- dump the results into /tmp/addons/showidledevices.txt
- sleep 401 seconds

Ping (on the router) would not do anything with AGH
That file /tmp/addons/showidledevices.txt also should not become so big to fill up the /tmp ram-disk.

Also wonder why the text has "(Reboot router to enable)"; it seems that the "loop" for show_idle_devices is always running. But it will not do anything if the option is disabled.
(I have it disabled, but /var/run/addon_show_idle_devices.pid is created)

And I wonder why the option even exists. Because it seems that showidledevices.txt is only created. But I could find any script/binary that is ever reading from that file.

 

[kamoj]

also curious what @kamoj has to say about this.

I myself cannot think of any reason for Adguard Home to fail with this option.

The only thing that this effectively seems to do, is continuously doing this loop:
- delete /tmp/addons/showidledevices.txt
- try to ping all IP-addresses in your network ( .1 till .254), one after the other, with a small usleep in between;
- dump the results into /tmp/addons/showidledevices.txt
- sleep 401 seconds

Ping (on the router) would not do anything with AGH
That file /tmp/addons/showidledevices.txt also should not become so big to fill up the /tmp ram-disk.

Also wonder why the text has "(Reboot router to enable)"; it seems that the "loop" for show_idle_devices is always running. But it will not do anything if the option is disabled.
(I have it disabled, but /var/run/addon_show_idle_devices.pid is created)

And I wonder why the option even exists. Because it seems that showidledevices.txt is only created. But I could find any script/binary that is ever reading from that file.

You are right, the text "(Reboot router to enable)" is not needed!
The trick with this ping-loop is to keep the ARP table updated, to not time out.
The 401 seconds was chosen to not make the arp table time out.
This is all because Netgear code uses (used?) the arp to find all devices.
( showidledevices.txt is - as the code comments says - only for debugging, to be used if there is a problem)

I've tried to repeat the error with AGH many times, but not succeeded.
I hope@Sean Sauve can bring more information, at least the extended Adguard log when this happens,
and a screen dump of the kamoj "Router Information" screen. Also information about Router model, Firmware version, and Addon version is needed.

 

[R. Gerrits]

The trick with this ping-loop is to keep the ARP table updated, to not time out.
The 401 seconds was chosen to not make the arp table time out.

Oke, so it is for devices that are still connected to the network and are still powered on, but aren't generating any network-traffic?
And because they generate no network traffic, the ARP entries get removed, thus they disappears from the device-list.
makes sense now.

The writing to the showidledevices.txt put me on wrong foot.
I guess you might as well comment-out those lines in a next release.

(because even for debug purposes, it is not really useful, as the file gets wiped at the start of the loop. So if you look at the file shortly after wipe, then it contains almost nothing.
It would only be useful if you loop the iterations into a tmp-file, at the end off the loop delete the showidledevices.txt and rename the tmp-file to showidledevices.txt. Then at least showidledevices.txt always shows the last full ping round)

 

[kamoj]

Changes in kamoj-addon beta version 2023-06-08 5.5b29
---------------------------------------------------------------
- Settings: Added: "Extra DDoS (distributed denial-of-service) protection firewall rules" (@HELLO_wORLD)
See: https://www.snbforums.com/threads/aegis-simple-yet-effective-protection.67351/post-666117
- Settings: Reworked "Show idle devices in device lists" (@R. Gerrits)
Don't run process when not used. Removed "(Reboot router to enable)".
Don't create the log-file unless nvram parameter kamoj_show_idle_devices_debug is set.
- Some debugging of AdGuardHome done and some minor code changes involving that.
Result: R9000 is working OK with latest AdGuardHome BETA v0.108.0-b.35 only.
Result: R7800 is NOT working with latest AdGuardHome, not even BETA.
Gives error(s) of the type "setting SO_REUSEPORT: protocol not available":
"[error] POST 192.168.1.1:3000 /control/install/configure: couldn't start forwarding DNS server: starting listeners: listening on udp addr 0.0.0.0:5300: listening to udp socket: listen udp 0.0.0.0:5300: setting SO_REUSEPORT: protocol not available"
"[fatal] couldn't start forwarding DNS server: starting listeners: listening on udp addr 0.0.0.0:5300: listening to udp socket: listen udp 0.0.0.0:5300: setting SO_REUSEPORT: protocol not available"
All was working OK with v0.107.12.
So:
WARNING all AdGuardHome users:
If your AdGuardHome is working, DON'T update it.

I hope there are some AdGuardHome users out there, that can do some fault finding to find out what is going,
and report back here.

 

[R. Gerrits]

All was working OK with v0.107.12.
So:
WARNING all AdGuardHome users:
If your AdGuardHome is working, DON'T update it.

I hope there are some AdGuardHome users out there, that can do some fault finding to find out what is going,
and report back here.

I'm still using kamoj add-on 5.5b28, with the latest Stable AGH (v0.107.31)
Perhaps the issue only exists in the beta of 0.108 ??
(I.e. if you uncheck "Use Beta" it might be oke to update??)

I'll try to do some more checks tomorrow.

 

[jberry]

Changes in kamoj-addon beta version 2023-06-08 5.5b29
---------------------------------------------------------------
- Settings: Added: "Extra DDoS (distributed denial-of-service) protection firewall rules" (@HELLO_wORLD)
See: https://www.snbforums.com/threads/aegis-simple-yet-effective-protection.67351/post-666117
- Settings: Reworked "Show idle devices in device lists" (@R. Gerrits)
Don't run process when not used. Removed "(Reboot router to enable)".
Don't create the log-file unless nvram parameter kamoj_show_idle_devices_debug is set.
- Some debugging of AdGuardHome done and some minor code changes involving that.
Result: R9000 is working OK with latest AdGuardHome BETA v0.108.0-b.35 only.
Result: R7800 is NOT working with latest AdGuardHome, not even BETA.
Gives error(s) of the type "setting SO_REUSEPORT: protocol not available":
"[error] POST 192.168.1.1:3000 /control/install/configure: couldn't start forwarding DNS server: starting listeners: listening on udp addr 0.0.0.0:5300: listening to udp socket: listen udp 0.0.0.0:5300: setting SO_REUSEPORT: protocol not available"
"[fatal] couldn't start forwarding DNS server: starting listeners: listening on udp addr 0.0.0.0:5300: listening to udp socket: listen udp 0.0.0.0:5300: setting SO_REUSEPORT: protocol not available"
All was working OK with v0.107.12.
So:
WARNING all AdGuardHome users:
If your AdGuardHome is working, DON'T update it.

I hope there are some AdGuardHome users out there, that can do some fault finding to find out what is going,
and report back here.

I am an Aguard Home User, but I have the R9000 router, so I think I am okay with the latest beta. I will test soon!