Custom firmware build for R9000/R8900 v. 1.0.4.36HF

[Voxel]

Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-34hf.59011/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-35hf.59904/

New version of my custom firmware build: 1.0.4.36HF.

Changes (vs 1.0.4.35HF):

1. WireGuard v. 20191212 is added (kernel module + "wg" utility).
2. libmnl package version 1.0.4 is added (used in WireGuard).
3. OpenVPN is upgraded 2.4.7->2.4.8.
4. curl package is upgraded 7.66.0->7.67.0.
5. DNSCrypt Proxy v.2 is upgraded 2.0.28->2.0.35.
6. stubby config is changed (not so strict requirements to the server).
7. unbound package (used in stubby) is upgraded 1.9.4->1.9.5.
8. e2fsprogs: CVE-2019-5094 patch is added.
9. libubox package is upgraded 2019-10-21->2019-11-24.
10. uci package is upgraded 2019-09-01->2019-11-14.
11. net-wall script is fixed to support IPv6.
12. Host tools (e2fspogs): is upgraded to 1.45.4.


WireGuard (everything from console, for advanced users):

To use it you should first load the kernel module:

insmod /lib/modules/3.10.20/wireguard.ko

After this you should use the commands: ip, route, iptables, wg. See:

https://www.wireguard.com/quickstart/

NOTE: Your iptables rules for WireGuard should be included into /opt/scripts/firewall-start.sh script​

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.

 

[Heriberto Silva Alves]

Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-34hf.59011/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-35hf.59904/

New version of my custom firmware build: 1.0.4.36HF.

Changes (vs 1.0.4.35HF):

1. WireGuard v. 20191212 is added (kernel module + "wg" utility).
2. libmnl package version 1.0.4 is added (used in WireGuard).
3. OpenVPN is upgraded 2.4.7->2.4.8.
4. curl package is upgraded 7.66.0->7.67.0.
5. DNSCrypt Proxy v.2 is upgraded 2.0.28->2.0.35.
6. stubby config is changed (not so strict requirements to the server).
7. unbound package (used in stubby) is upgraded 1.9.4->1.9.5.
8. e2fsprogs: CVE-2019-5094 patch is added.
9. libubox package is upgraded 2019-10-21->2019-11-24.
10. uci package is upgraded 2019-09-01->2019-11-14.
11. net-wall script is fixed to support IPv6.
12. Host tools (e2fspogs): is upgraded to 1.45.4.


WireGuard (everything from console, for advanced users):

To use it you should first load the kernel module:

insmod /lib/modules/3.10.20/wireguard.ko

After this you should use the commands: ip, route, iptables, wg. See:

https://www.wireguard.com/quickstart/

NOTE: Your iptables rules for WireGuard should be included into /opt/scripts/firewall-start.sh script​

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.

You have done an amazing job! Keep up with your excellent work!

 

[Heriberto Silva Alves]

Hello Voxel,

I have a question. After I installed version 36 the router did not recognize my USB drivers.

I downgraded and everything worked fine again.

Is there anything I have to set in this new version? "Enable any USB Device connected to the USB port" was enabled all the time.

 

[nsx]

Hi Voxel,

Thank you for this great firmware!

can you help me with 2 things?
- I cannot set a custom IPv4 DNS ending in .255 (works in factory firmware)
- Is there a way to set custom IPv6 DNS addresses? force them while using pass-through?

cheers

 

[Voxel]

Hello Voxel,

I have a question. After I installed version 36 the router did not recognize my USB drivers.

I downgraded and everything worked fine again.

Is there anything I have to set in this new version? "Enable any USB Device connected to the USB port" was enabled all the time.

No, USB settings were not changed. I am still using my USB drive, no reset to factory after flashing to 36HF.

Maybe something was changed because your Plex (if you are using it). It is better to remove the file (from telnet console):

rm -f /tmp/plexmediaserver/.usb_map_table

remove your drive(s) and reboot your router. After that attach your USB again.

NG has some over complicated logic in mapping USB drives for Plex.

Voxel.

 

[Voxel]

can you help me with 2 things?
- I cannot set a custom IPv4 DNS ending in .255 (works in factory firmware)
- Is there a way to set custom IPv6 DNS addresses? force them while using pass-through?

I am sorry, I am far of my R9000 to check/test. And will be far during 10 days or so.

P.S.
IPv6 DNS: maybe stubby is OK for you?

Voxel.

 

[Paul Connolly]

Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-34hf.59011/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-35hf.59904/

New version of my custom firmware build: 1.0.4.36HF.

Thanks Voxel for all your efforts with the R9000 firmware.
Is it possible to install Openwrt packages like Luci on your firmware?
I apologise if this is a silly newbie question,.

 

[dsyates]

Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-34hf.59011/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-35hf.59904/

New version of my custom firmware build: 1.0.4.36HF.

Voxel.

Thank you Voxel!

 

[pepperoni]

Voxel ... Thank you for your knowledge and continued support of the R9000. This new version, V1.0.4.36HF installed and runs flawlessly.

 

[Voxel]

Thanks Voxel for all your efforts with the R9000 firmware.
Is it possible to install Openwrt packages like Luci on your firmware?
I apologise if this is a silly newbie question,.​

OpenWrt: no. There is Entware: https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html

But not such packages as Luci (WebGUI).

Voxel.

 

[Heriberto Silva Alves]

No, USB settings were not changed. I am still using my USB drive, no reset to factory after flashing to 36HF.

Maybe something was changed because your Plex (if you are using it). It is better to remove the file (from telnet console):

rm -f /tmp/plexmediaserver/.usb_map_table

remove your drive(s) and reboot your router. After that attach your USB again.

NG has some over complicated logic in mapping USB drives for Plex.

Voxel.

Thanks for your reply.
I upgraded again and USB worked. I was not necessary to execute tha command you suggested.

No, USB settings were not changed. I am still using my USB drive, no reset to factory after flashing to 36HF.

Maybe something was changed because your Plex (if you are using it). It is better to remove the file (from telnet console):

rm -f /tmp/plexmediaserver/.usb_map_table

remove your drive(s) and reboot your router. After that attach your USB again.

NG has some over complicated logic in mapping USB drives for Plex.

Voxel.

Thanks for your reply.

I upgraded again and USB worked. It was not necessary to execute the command you suggested.

 

[sullen_dreams]

Can I get an example setup for wireguard? Maybe a simple one with only 1 client? I'm having trouble with nat and iptables stuff. Also, do I need to insert the kernel module every reboot? I'm thinking I'll need to create a script on boot that inserts the module and can run the iptables commands (or use firewall-start.sh). Does that sound correct?

Also thank you for making such an awesome product for my R9000!

Thanks!

 

[Voxel]

Also, do I need to insert the kernel module every reboot?

Yes.

I'll need to create a script on boot that inserts the module and can run the iptables commands (or use firewall-start.sh). Does that sound correct?

firewall-start.sh: it is better to have separate script. E.g. in your USB.

/mnt/optware/autorun/scripts/post-mount.sh

Example... I am still using it in manual mode and to access my remote WG server. I.e. R9000 as a client. Just for testing yet. So something like:

#!/bin/sh
insmod /lib/modules/3.10.20/wireguard.ko
ip link add dev wg0 type wireguard
ip address add dev wg0 10.9.200.1/24
wg setconf wg0 /mnt/optware/wireguard/wg0.conf
ip link set up dev wg0
route add -net 192.168.100.0/24 gw 10.9.200.100

where 10.9.200.1 is and IP set for my R9000 wg0. 192.168.100.0/24 is LAN where my remote server resides.

Plus something in firewall-start.sh. Something like:

iptables -I OUTPUT -o wg0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i wg0 -o brwan -j ACCEPT
iptables -A FORWARD -i brwan -o wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

Voxel.

 

[marka2k]

Voxel really appreciate your continuous support and updates! Please keep it up

 

[Charlie Sanz]

Great, Thanks!

 

[Starrbuck]

Yes.

firewall-start.sh: it is better to have separate script. E.g. in your USB.

/mnt/optware/autorun/scripts/post-mount.sh

Example... I am still using it in manual mode and to access my remote WG server. I.e. R9000 as a client. Just for testing yet. So something like:

#!/bin/sh
insmod /lib/modules/3.10.20/wireguard.ko
ip link add dev wg0 type wireguard
ip address add dev wg0 10.9.200.1/24
wg setconf wg0 /mnt/optware/wireguard/wg0.conf
ip link set up dev wg0
route add -net 192.168.100.0/24 gw 10.9.200.100

where 10.9.200.1 is and IP set for my R9000 wg0. 192.168.100.0/24 is LAN where my remote server resides.

Plus something in firewall-start.sh. Something like:

iptables -I OUTPUT -o wg0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i wg0 -o brwan -j ACCEPT
iptables -A FORWARD -i brwan -o wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

This is great! What if we wanted to use a WireGuard VPN provider and run everything thru the router and WireGuard?

 

[Voxel]

This is great! What if we wanted to use a WireGuard VPN provider and run everything thru the router and WireGuard?

Everything is possible. When I asked what to do next with WireGuard if it is working I've got:

"make-yourself kit" is good enough.
Thanks for your work.

So... I do not have any example of WG provider config or something like that. I can use it (WG) for my needs, but I am not aware what could be expected by you, guys.

Voxel.

 

[Starrbuck]

Everything is possible. When I asked what to do next with WireGuard if it is working I've got:

So... I do not have any example of WG provider config or something like that. I can use it (WG) for my needs, but I am not aware what could be expected by you, guys.

I saw that, and I agree, it's great that you took this step to make it available for us to tinker with. I've checked in to a few providers and none of them seem to provide a step-by-step that can be easily followed. I would just want to make the router 192.168.1.1, route all traffic through it, and do some speed and security tests before I committed too much. I'm just afraid I'll break everything.

I think a wiki with some configuration examples for various setups would help.

 

[ZephyrFox]

I'm a new user of the firmware (for a Nighthawk X10 R9000) and I'm trying to solve a couple recurring issues that occur in both the latest original firmware and this version of the Voxel firmware.

The first problem is that after about 5-6 days of uptime, my connection slows down dramatically. This is almost always resolved by rebooting the router.

The second problem I discovered after trying to track down the first. I have dynamic QoS enabled so I can see bandwidth usage by device in the 'Attached Devices' screen. However, this screen will get 'stale' after a while (it doesn't seem consistent- sometimes is goes stale in a matter of hours, sometimes days). Meaning that it will now longer show current usage, but will have frozen to show data from some point in the past. Disabling dynamic QoS and then re-enabling it will resolve the issue, as will a reboot of the router.

It's possible that something on the network is causing the first problem (ex. maybe someone has a bitorrent client active; or a device is getting updated) but every time I've tried to check, I've found that the 'Attached Devices' screen is in a stale state so I can't track what's going on in the network.

Any ideas on what could be causing the issues? Failing that, is there a way to automate reboots on the router?

Thanks so much for any help and especially to Voxel to devoting his time and effort to this project.

 

[kamoj]

You can install this add-on:
https://www.snbforums.com/threads/kamoj-add-on-v5-for-netgear-r7800-x4s-and-r9000-x10.60590/

It gives you direct access to top command, system log files and metrics about CPU and memory load, as well as possibility to schedule automatic reboots
(look for "Cron jobs" in Kamoj Menu: Settings).
For help on how to create the cron-command "when" string:
https://crontab.guru/

Any ideas on what could be causing the issues? Failing that, is there a way to automate reboots on the router?