Custom firmware build for Orbi RBK50/RBK53 (RBR50, RBS50) v. 9.2.5.1.18SF-HW & v. 9.2.5.1.18.1SF-HW

  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

Voxel

Very Senior Member
Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-v-2-5-0-42sf-hw.60308/
. . .
https://www.snbforums.com/threads/c...-rbk53-rbr50-rbs50-v-9-2-5-1-13-1sf-hw.62987/
https://www.snbforums.com/threads/c...50-rbk53-rbr50-rbs50-v-9-2-5-1-17sf-hw.63554/

New version of my custom firmware build: 9.2.5.1.18SF-HW.

Changes (vs 9.2.5.1.17SF-HW):

1. net-wall script is fixed for ppp0 connection and modifyed to provide more safety (OpenVPN/WireGuard client, thanks to R. Gerrits).
2. DNSCrypt Proxy v.2 init script is fixed (time synchronization, thanks to kamoj).
3. Support of custom SAMBA config is added (see QuickStart.txt).
4. Automatic custom script execution after reboot is added (for ORBI RBK V2 owners, no USB port, see QuickStart.txt).
5. wireguard package is upgraded 1.0.20200413->1.0.20200520.
6. wireguard-tools package is upgraded 1.0.20200319->1.0.20200513.
7. ipset package is upgraded 7.4->7.6+ [2020-03-09].
8. iptables package is upgraded 1.4.21->1.8.4.
9. curl package is upgraded 7.69.1->7.70.0.
10. dbus package is upgraded 1.12.12->1.13.12.
11. unbound package (used in stubby) is upgraded 1.9.6->1.10.1.
12. yaml package (used in stubby) is upgraded 0.2.2->0.2.4.
13. util-linux package is upgraded 2.35.1->2.35.2.
14. libreadline package is upgraded 6.3->8.0.
15. nano package is upgraded 4.9.2->4.9.3.
16. Toolchain: Go is upgraded 1.14.1->1.14.3.
17. Host tools (findutils): is upgraded to 4.7.0.

[Updated]

9.2.5.1.18.1SF-HW.

Changes (vs 9.2.5.1.18SF-HW):


1. "Reset to factory settings" option is temporary disabled in WebGUI.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.
 
Last edited:

alceasan

Occasional Visitor
4. Automatic custom script execution after reboot is added (for ORBI RBK V2 owners, no USB port, see QuickStart.txt).
Great Voxel! Thank you! Now I'll start doing some playing with Entware without losing all on reboot :)

Is only necessary to put my own script on /mnt/ntgr/rc.user? No nvram parameter needed?

Oh, I almost forgot to ask: will this script be wiped on new firmware flash?
 

kalpik

Occasional Visitor
Thanks for this firmware!

A request: could we have the ability to push custom DNS servers to clients via DHCP? This is currently not possible, as DHCP pushes the router's IP as DNS to all clients.

Thanks
 

digital10

Regular Contributor
is it possible if you release a new update the firmware will tell us a new update is available like with stock firmware?
 

Voxel

Very Senior Member
A request: could we have the ability to push custom DNS servers to clients via DHCP? This is currently not possible, as DHCP pushes the router's IP as DNS to all clients.
It should be possible right now. There was a thread

https://www.snbforums.com/threads/selective-parental-control-in-my-build-of-firmware.54815/

for R7800/R9000. But the same should work with Orbi. Just custom iptables rules. Above thread is using redirection of DNS port 53 only for concrete MAC addresses but you can redirect all devices...

Voxel.
 

Toony

New Around Here
Hi

I've installed this on my satellites and router and all looks good apart from dropbear wasn't set in nvram so SSH didn't work, I just set it manually be using nvram set dropbear=1 and then nvram commit.

I'am also trying to get Wireguard to work but am having some issues, I wonder if anyone could help.

I've created the wireguard.conf file as below,(Note: I've replaced the actual Endpoint, Private and Public key) -

EndPoint="YYYYYYYYY"
LocalIP="192.168.1.1"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXX"
PublicKey="XXXXXXXXXXXXXXXXXXXXXXX"
Port="51821"

I've then done nvram set wg-client=1 and nvram commit and rebooted. However the router can't then connect to the Internet. When I look in to the wireguard-client.log in /var/log I only see the below -

Start WireGuard client. Please wait.
IP of EndPoint XXXXXXXX XXX.XXX.XXX.XXX.
Restart firewall to apply iptables rules for WireGuard client.
Generating Rules...
Done!
Starting Firewall...
Done!

Have I missed something out, is there somewhere I can get more details or more logging? I'm also not sure what the LocalIP should be set to, should it be the IP of the router, or should it be a different IP on the same subnet or even on a different subnet?

Thanks for any help you can give.
 

Voxel

Very Senior Member
I've created the wireguard.conf file as below,(Note: I've replaced the actual Endpoint, Private and Public key) -

EndPoint="YYYYYYYYY"
LocalIP="192.168.1.1"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXX"
PublicKey="XXXXXXXXXXXXXXXXXXXXXXX"
Port="51821"
Have you replaced LocalIP as well? It looks as wrong (192.168.1.1). It should be taken from config of your provider, it is not IP of your ORBI.

Check this post (WireGuard client, example).

https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-38hf.61402/

Voxel.
 
Last edited:

Toony

New Around Here
Have you replaced LocalIP as well? It looks as wrong (192.168.1.1). It should be taken from config of your provider, it is not IP if your ORBI.

Check this post (WireGuard client, example).

https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-38hf.61402/

Voxel.

Oops thanks Voxel, I replaced it with the one from the provider and it's working perfectly now, I'm going to run some tests for speed etc and I'll let you know how I get on.

And thanks fr all your hard work making the firmware.
 

e38BimmerFN

Very Senior Member
Just curious if the reset button/Erase function in this version of FW works like stock FW or do we still have to TFTP or revert back to stock FW to do a factory reset?
 

Skippy Bosco

Regular Contributor
Just curious if the reset button/Erase function in this version of FW works like stock FW or do we still have to TFTP or revert back to stock FW to do a factory reset?
You can flash stock firmware normally through the web admin. You only need to TFTP if it gets soft bricked.
 

Skippy Bosco

Regular Contributor
I'm seeing this error in the log after a clean flash of .18 from a stock factory reset:

[2020-05-29 07:03:04] [DNSCRYPT] 11171: 60.26: DNSCrypt-Proxy-2 is not enabled in nvram. Exit.
Is anyone else that has flashed .18 seeing this? If I'm not using DNSCrypt-Proxy-2 is there a way to disable it to prevent this error?

This perhaps?

nvram set dnscrypt2=0; nvram commit
 
Last edited:

iNeusch

Occasional Visitor
Hey all

@Voxel thanks for the great work, would love to have this working on my setup :(

Unfortunately still have the same issues I had with previous build
Ethernet devices (ie connected to my ISP router work fine), but all devices connected to wifi cannot load websites

"Unable to establish secured connection" (translated from French)
When I try to consult the certificate used it points to the routerlogin.net certificate (NG's I presume ?)

I do not use the router mode of the Orbi, need to use my ISP router to get TV and phone

Here is what I did :
  • Factory reset and Complete re-setup from latest official firmware
  • Installation of Voxel's latest firmware Satellite then Router
  • Waited for full reboot and settle down (everything is green)
  • Rebooted my ISP router
  • Forgot wifi network on iPhone and iPad, reselected it
  • Cannot load any website via safari and apps (tested with reddit, outlook,...)
  • Same on all WiFi connected devices
https://imgur.com/a/w5y0eRD
https://imgur.com/a/r9pJXlY

Any suggestion highly appreciated :D
Thanks
 

Skippy Bosco

Regular Contributor
1. Set your Orbi to AP mode and reboot the Orbi network.

2. Forget the network on your wifi device. Reboot the device.

3. Reconnect and try again.
 

iNeusch

Occasional Visitor
1. Set your Orbi to AP mode and reboot the Orbi network.

2. Forget the network on your wifi device. Reboot the device.

3. Reconnect and try again.
Thanks for you message
1- As stated I can only use in AP mode... router mode has never been activated
2/3 - already tried that ont 3 devices (all iOS)
 

alceasan

Occasional Visitor
It should be possible right now. There was a thread

https://www.snbforums.com/threads/selective-parental-control-in-my-build-of-firmware.54815/

for R7800/R9000. But the same should work with Orbi. Just custom iptables rules. Above thread is using redirection of DNS port 53 only for concrete MAC addresses but you can redirect all devices...

Voxel.
This is what I do: in file /etc/net-lan replace the line with
Code:
option dns $($CONFIG get lan_ipaddr)
with your own DNS, you can also put a second DNS external just in case
Code:
option dns 192.168.x.x
option dns 8.8.8.8
. You can make a copy of this file, and overwrite it on every reboot with an script.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top