Voxel Custom firmware build for Orbi RBK50/RBK53 (RBR50, RBS50) v. 9.2.5.2.5SF-HW & v. 9.2.5.2.5.1SF-HW

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Voxel

Very Senior Member
Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-v-2-5-0-42sf-hw.60308/
. . .
https://www.snbforums.com/threads/c...50-rbk53-rbr50-rbs50-v-9-2-5-1-19sf-hw.64782/
https://www.snbforums.com/threads/c...50-v-9-2-5-1-33sf-hw-v-9-2-5-1-34sf-hw.65137/

New version of my custom firmware build: 9.2.5.2.5SF-HW.

Changes (vs 9.2.5.1.34SF-HW):

1. Integration of changes from the stock v. 2.5.2.4.
2. Toolchain: Go is upgraded 1.14.6->1.14.7.
3. Toolchain: binutils is upgraded 2.34->2.35.
4. wireguard package is upgraded 1.0.20200712->1.0.20200729.
5. wireguard-tools package is upgraded 1.0.20200513->1.0.20200820.
6. unbound package (used in stubby) is upgraded 1.10.1->1.11.0.
7. net-lan init script is fixed (thanks to kamoj).
8. qcawifi.sh: Fix for guest Wi-Fi allowing DNS over TCP (thanks to R. Gerrits).
9. nano package is upgraded 4.9.3->5.1.
10. curl package is upgraded 7.71.1->7.72.0 (fixing CVE-2020-8231).
11. SAMBA: update config generation.
12. sysstat package is upgraded 12.2.2-12.4.0.
13. util-linux package is upgraded 2.35.2->2.36.
14. Host tools (bison): is upgraded to 3.7.1.
15. Host tools (mpfr): is upgraded to 4.1.0.

[Edited]

Version 9.2.5.2.5.1SF-HW.

Changes (vs 9.2.5.2.5SF-HW):

1. Toolchain: GCC is changed 10.2.0->9.3.0 (issue with IPv6 when using GCC 10.2.0).
2. wireguard-tools package is upgraded 1.0.20200820->1.0.20200827.
3. nano package is upgraded 5.1->5.2.
4. ethtool package is upgraded 5.4->5.8.
5. Host tools (mpc): is upgraded to 1.2.0.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

P.S.

Some ORBI users issue not quite correct answers to others. So to clarify, just FYI:

1. My firmware does support OpenVPN client (i.e. OpenVPN secure connection for all gadgets connected to RBR/RBS). Not only OpenVPN server.
2. My firmware does support WireGuard client (i.e. WireGuard VPN secure connection for all gadgets connected to RBR/RBS).
3, My firmware does supports USB LTE modem (if modem is in CDC/RNDIS mode).
4. My firmware does support file server feature (something like NAS, i.e. SMB protocol).

Voxel.
 
Last edited:

cellardoor

New Around Here
This latest update took me 3 minutes on the satellite and 3 minutes on the router.

Orbi's stock firmware has been terribly poor for me for over a year

- Single-floor, furnished brick & mortar apartment (~2800 sq.ft.)
- noisy wifi (2.4 and 5Ghz) in the neighborhood
- 10 devices at peak, multiple Zoom calls in parallel
- 100M Fiber connection
- Powerline Gigabit Ethernet backhaul, between the satellite and the router, to minimize wifi interference

I have toyed with placement, signal strength, splitting the SSIDs (not recommended), and most other tricks the other forum members have tried.

Decided to try Voxel's firmware 3 weeks ago. I haven't had a single dropped WhatsApp call or "slow internet connection" warning on Zoom ever since. Ping times to 8.8.8.8 are remarkably stable (the odd ping spike appears, but not as regularly as the stock firmware). Zero complaints.

Thank you Voxel for this amazing substitute for Netgear's stock firmware. Donation made for saving hours of productivity for so many of us.
 

ten24bytes

New Around Here
Just thinking, not sure if it's possible or not:

Is it possible to modify the Automatic update functionality by modifying the update server URL in the build, so that it can directly fetch the latest build from Voxel's server?
 

theoak

Regular Contributor
With 9.2.5.2.5, first day of school yesterday, my wife and I work at home, 3 kids essentially streaming their classes all day ... no one complained a peep.

I will add my upgrade process is to the effect:

1. Upgrade Satellite 1.
2. Leave Satellite 1 alone for a good 10 minutes.
3. Turn off and unplug Satellite 1 for a minute and plug back in and turn on.
4. Wait until Satellite 1 is blue.
5. Upgrade Satellite 2.
6. Leave Satellite 2 alone for a good 10 minutes.
7. Turn off and unplug Satellite 2 for a minute and plug back in and turn on.
8. Wait until Satellite 2 is blue.
9. Upgrade Router.
10. Leave Router alone for a good 10 minutes.
11. Turn off and unplug Router for a minute and plug back in and turn on.
12. Wait a good 10 minutes.
13. Turn off and unplug Satellite 1 for a minute and plug back in and turn on.
14. Wait until Satellite 1 is blue.
15. Turn off and unplug Satellite 2 for a minute and plug back in and turn on.
16. Wait until Satellite 2 is blue.
17. Validate Network.

The general gist is at least with Windows when there is an upgrade, some portions of the upgrade can actually only happen during the next boot. I am not sure if the Orbi behaves the same but that is essentially what I am accounting for. Let the upgrade happen and give it time to complete then reboot for any residual upgrade/cleanup that might happen. Rinse and repeat for all satellites with the router last. Finally, after the router is upgraded, give the satellites a final reboot. Done.

With Voxel I NEVER NEVER NEVER hit the pin for factory reset or attempt it via the admin GUI. NEVER!
 
Last edited:

ausomecasey

New Around Here
With the Voxel firmware, is it possible to use a separate/different DNS for the Guest network? I would like to create an "Ad-Free" network using the Guest SSID by pointing the Guest network to the Pi-Hole DNS. Thanks!
 

R. Gerrits

Senior Member
With the Voxel firmware, is it possible to use a separate/different DNS for the Guest network? I would like to create an "Ad-Free" network using the Guest SSID by pointing the Guest network to the Pi-Hole DNS. Thanks!
Not out of the box.

But you could probably use ebtables rules and iptables rules to do this.

In ebtables you could use this to catch all DNS packets coming from 2.4 GHz GuestWifi:
-p IPv4 -i ath11 --ip-proto udp --ip-dport 53
-p IPv4 -i ath11 --ip-proto tdp --ip-dport 53

And these from the 5 GHz GuestWifi:
-p IPv4 -i ath01 --ip-proto udp --ip-dport 53
-p IPv4 -i ath01 --ip-proto tdp --ip-dport 53

Question is: do they need to sit in the INPUT chain or the FORWARD chain (or both) of the filter table?
(If DHCP provides them with a DNS server on the router itself, then it should be in the INPUT. If the DNS server sits on your LAN then FORWARD)
Or do they go in the BROUTING chain in the broute table?

And question is what to do in the ebtables rule
One possibility could be to DNAT the traffic to the mac-address of your PiHole (this would then have to be done in broute table, or somewhere in the nat table)
Or an alternative could be to MARK the traffic and then have a separate iptables rule to redirect those marked packets to the IP address of your PiHole.

But this is as far as my knowledge and time goes. You'd probably need to experiment a bit with my pointers if you want it to work.

(and the above is assuming you only use IPv4; if you also have IPv6, then you need additional rules.)
 

ausomecasey

New Around Here
Not out of the box.

But you could probably use ebtables rules and iptables rules to do this.

In ebtables you could use this to catch all DNS packets coming from 2.4 GHz GuestWifi:
-p IPv4 -i ath11 --ip-proto udp --ip-dport 53
-p IPv4 -i ath11 --ip-proto tdp --ip-dport 53

And these from the 5 GHz GuestWifi:
-p IPv4 -i ath01 --ip-proto udp --ip-dport 53
-p IPv4 -i ath01 --ip-proto tdp --ip-dport 53

Question is: do they need to sit in the INPUT chain or the FORWARD chain (or both) of the filter table?
(If DHCP provides them with a DNS server on the router itself, then it should be in the INPUT. If the DNS server sits on your LAN then FORWARD)
Or do they go in the BROUTING chain in the broute table?

And question is what to do in the ebtables rule
One possibility could be to DNAT the traffic to the mac-address of your PiHole (this would then have to be done in broute table, or somewhere in the nat table)
Or an alternative could be to MARK the traffic and then have a separate iptables rule to redirect those marked packets to the IP address of your PiHole.

But this is as far as my knowledge and time goes. You'd probably need to experiment a bit with my pointers if you want it to work.

(and the above is assuming you only use IPv4; if you also have IPv6, then you need additional rules.)
Thanks! This is exactly the information that I was looking for to help me get started!
 

thedeebs

New Around Here
Thanks very much for your work Voxel, I've found your firmwares to be a great improvement over stock.

A question regarding this latest update. Has anything change relating to IPv6?
In previous versions I've had no issues, but in this one my router no longer picks up an IPv6 address from my ISP, simply saying 'not available'.
Reverting to stock firmware immediately fixes this, and installing Voxel Firmware again immediately results in the problem reappearing.
 

Skippy Bosco

Regular Contributor
Thanks very much for your work Voxel, I've found your firmwares to be a great improvement over stock.

A question regarding this latest update. Has anything change relating to IPv6?
In previous versions I've had no issues, but in this one my router no longer picks up an IPv6 address from my ISP, simply saying 'not available'.
Reverting to stock firmware immediately fixes this, and installing Voxel Firmware again immediately results in the problem reappearing.

(copy / paste from Reddit)


If you go to the advanced setup in the web dashboard to IP6, what are the settings on stock vs. Voxel:


It was disabled by default for me on Voxel
 

Blikkie

New Around Here
Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-v-2-5-0-42sf-hw.60308/
. . .
https://www.snbforums.com/threads/c...50-rbk53-rbr50-rbs50-v-9-2-5-1-19sf-hw.64782/
https://www.snbforums.com/threads/c...50-v-9-2-5-1-33sf-hw-v-9-2-5-1-34sf-hw.65137/

New version of my custom firmware build: 9.2.5.2.5SF-HW.

Changes (vs 9.2.5.1.34SF-HW):

1. Integration of changes from the stock v. 2.5.2.4.
2. Toolchain: Go is upgraded 1.14.6->1.14.7.
3. Toolchain: binutils is upgraded 2.34->2.35.
4. wireguard package is upgraded 1.0.20200712->1.0.20200729.
5. wireguard-tools package is upgraded 1.0.20200513->1.0.20200820.
6. unbound package (used in stubby) is upgraded 1.10.1->1.11.0.
7. net-lan init script is fixed (thanks to kamoj).
8. qcawifi.sh: Fix for guest Wi-Fi allowing DNS over TCP (thanks to R. Gerrits).
9. nano package is upgraded 4.9.3->5.1.
10. curl package is upgraded 7.71.1->7.72.0 (fixing CVE-2020-8231).
11. SAMBA: update config generation.
12. sysstat package is upgraded 12.2.2-12.4.0.
13. util-linux package is upgraded 2.35.2->2.36.
14. Host tools (bison): is upgraded to 3.7.1.
15. Host tools (mpfr): is upgraded to 4.1.0.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

P.S.

Some ORBI users issue not quite correct answers to others. So to clarify, just FYI:

1. My firmware does support OpenVPN client (i.e. OpenVPN secure connection for all gadgets connected to RBR/RBS). Not only OpenVPN server.
2. My firmware does support WireGuard client (i.e. WireGuard VPN secure connection for all gadgets connected to RBR/RBS).
3, My firmware does supports USB LTE modem (if modem is in CDC/RNDIS mode).
4. My firmware does support file server feature (something like NAS, i.e. SMB protocol).

Voxel.
Hi Voxel,
thank you for this firmware. I've installed it but I am not able to log in the web interface of my Orbi router anymore? I tried my former credentials and also the original standar password but nothing helps... Do you know what I do wrong? I am trying to get acces via http:\\192.168.1.1
Regards,
Blikkie
 

theoak

Regular Contributor

theoak

Regular Contributor
Folks on the Netgear forums are not liking 2.7.0.70 for performance reasons. Of course YMMV.

For me, I am going to camp out on 9.2.5.2.5 for a bit. It has been running well for me thus far.
 

Blikkie

New Around Here
Hi Voxel,
thank you for this firmware. I've installed it but I am not able to log in the web interface of my Orbi router anymore? I tried my former credentials and also the original standar password but nothing helps... Do you know what I do wrong? I am trying to get acces via http:\\192.168.1.1
Regards,
Blikkie
anyone who can help me?
 

Voxel

Very Senior Member
Hi Voxel,
thank you for this firmware. I've installed it but I am not able to log in the web interface of my Orbi router anymore? I tried my former credentials and also the original standar password but nothing helps... Do you know what I do wrong? I am trying to get acces via http:\\192.168.1.1
Regards,
Blikkie
@Skippy Bosco is right. Try to enter pointing in your browser the address:

http://orbilogin.net or http://routerlogin.net

and check IP of your Orbi. Also please try to clear the cache of your browser before these actions.

Voxel.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top