Custom firmware build for R7800 v. 1.0.2.45SF

[Razor512]

There is one think that I wonder, Why does netgear disable 802.11k by default on the R7800?

 

[e38BimmerFN]

Maybe something end users don't have a need for or something that doesn't work well with some devices or services...

 

[Voxel]

No fix, unfortunately...

Could you check your connection with new stock 1.0.2.44? I see that there are some changes in L2TP.

Voxel.

 

[Temchenko]

Could you check your connection with new stock 1.0.2.44? I see that there are some changes in L2TP.

Voxel.

Will do first thin today.

 

[bodean]

What’s the procedure to flash back to Netgear official firmware? Simply flash over voxels version?

 

[Temchenko]

Tried new NG 1.0.2.44 and no luck with L2TP. Everything works on 1.0.2.41SF and lower versions.
Voxel, can you port L2TP past from 1.0.2.41SF to new versions of your firmware? Appreciate your answer.

 

[Killhippie]

What’s the procedure to flash back to Netgear official firmware? Simply flash over voxels version?

Yes that should be fine, if you have any issues you could do a hard reset but it should be okay, I had no issues doing that, or updating to Voxels. Saying that the issues with stock at this time is appalling. The finally fixed Krack but didn't even put that in the notes. If you scroll down the list you can see Krack is patched on R7800 now it looks like 1.0.2.38 and upwards fixed it by what they have put.

https://kb.netgear.com/000049498/Se...ies-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837

 

[Voxel]

Tried new NG 1.0.2.44 and no luck with L2TP. Everything works on 1.0.2.41SF and lower versions.
Voxel, can you port L2TP past from 1.0.2.41SF to new versions of your firmware? Appreciate your answer.

It is problematic for me, sorry. I do not have L2TP (just Ethernet cable from ISP with DHCP) so I cannot check/test. IMO you should again issue alarm to NG support, that latest version of firmware does not fix L2TP problem.

Voxel.

 

[e38BimmerFN]

Something to consider Voxel,
When and if you have the resources, you could compile a private build for Temchenko to test for you. If this is the only modification that is done, he could be your test point for L2TP. Again, if you have the updated resources, compile a private build for him to test and he can report finds to you. Some thing to discuss with him.

Just a suggestion.

It is problematic for me, sorry. I do not have L2TP (just Ethernet cable from ISP with DHCP) so I cannot check/test. IMO you should again issue alarm to NG support, that latest version of firmware does not fix L2TP problem.

Voxel.

 

[Temchenko]

Something to consider Voxel,
When and if you have the resources, you could compile a private build for Temchenko to test for you. If this is the only modification that is done, he could be your test point for L2TP. Again, if you have the updated resources, compile a private build for him to test and he can report finds to you. Some thing to discuss with him.

Just a suggestion.

I am ready to be beta tester for Voxel anytime =)

 

[ulaganath]

will there be another release with 1.0.2.44 changes.

I dont know which is screwing my QOS. But it was stable for a while and not sure when it crashes

 

[e38BimmerFN]

Would need more details here. What do you mean "crashes"?

Please be more specific?

will there be another release with 1.0.2.44 changes.

I dont know which is screwing my QOS. But it was stable for a while and not sure when it crashes

 

[Voxel]

When and if you have the resources, you could compile a private build for Temchenko to test for you. If this is the only modification that is done, he could be your test point for L2TP. Again, if you have the updated resources, compile a private build for him to test and he can report finds to you. Some thing to discuss with him.

Just a suggestion.

I am ready to be beta tester for Voxel anytime =)

Well guys... Maybe. But not right now, sorry. I cannot promise, really. I am very overloaded now with hot project in my main job. Plus I have to release at least intermediate version with changes from stock 1.0.2.44. NG currently releases fw too often. And there are yet some unpleasant bugs in the stock 1.0.2.44 what I have to fix to do not include .

Anyway I suggest to push NG again with this L2TP problem. I myself dislike very much that I have to release my builds with such significant problem. Correction of such problem having no L2TP to test with real live connection requires some kind of "debugging in my mind" by walking through tonnes of codes, and the last requires a lot of time and concentration

So Temchenko I am sorry. Not right now.

BTW I really see that latest stock has some changes exactly for L2TP. So pushing NG would be useful IMO. At least some movements.

Voxel.

 

[Voxel]

will there be another release with 1.0.2.44 changes.

Yes.

Voxel.

 

[e38BimmerFN]

Thanks Voxel. This was a suggestion and I presumed you had other higher priority work that pushes this work to the side.

I would recommend that if you need some help with L2TP and debugging, if you could talk with Tempchenko, maybe he could help you debug since he has that protocol and maybe easy for him to gather data and logs and such for these occasions when L2TP could be diagnosed by him to help you make changes where needed. Something to consider is all. If all all possible and when you get more time to share for your FW developments. I don't have L2Tp however can help when needed as well in other areas.

Yes we are waiting for a new version however looking at the NG Nighthawk forums, other users seem to be pointing to some issues. One is QoS and another is some PW encryption issues.

Look forward to your next release, when that arrives.

Have a great weekend.

Well guys... Maybe. But not right now, sorry. I cannot promise, really. I am very overloaded now with hot project in my main job. Plus I have to release at least intermediate version with changes from stock 1.0.2.44. NG currently releases fw too often. And there are yet some unpleasant bugs in the stock 1.0.2.44 what I have to fix to do not include .

Anyway I suggest to push NG again with this L2TP problem. I myself dislike very much that I have to release my builds with such significant problem. Correction of such problem having no L2TP to test with real live connection requires some kind of "debugging in my mind" by walking through tonnes of codes, and the last requires a lot of time and concentration

So Temchenko I am sorry. Not right now.

BTW I really see that latest stock has some changes exactly for L2TP. So pushing NG would be useful IMO. At least some movements.

Voxel.

 

[Voxel]

I would recommend that if you need some help with L2TP and debugging, if you could talk with Tempchenko, maybe he could help you debug since he has that protocol and maybe easy for him to gather data and logs and such for these occasions when L2TP could be diagnosed by him to help you make changes where needed. Something to consider is all.

Well, if you would find the concrete place of bug i.e. where concretely L2TP fails (in what program/script/etc) this would mean that 75 per cents of job for fixing is already done by you

Voxel.

 

[e38BimmerFN]

Is this something you could work with Temchenko in getting him information on how to maybe collect this and help narrow down the issue? There any simple tools or test processes, like wireshark maybe, to help gather some data?

 

[pege63]

Why would ppl run L2TP?

In short, ppl should always use OpenVPN, even on mobile devices, wherever possible. Otherwise, IKEv2 is a good option. L2TP is an acceptable protocol if you need to get started quickly, but in view of the growing range of mobile OpenVPN apps, we prefer to use OpenVPN in front of all other protocols.

Benefits L2TP
Seems to be safe
Available to all of today's devices and operating systems
Easy to configure

Drawbacks L2TP
Slower than OpenVPN
Threatened by NSA and has been cracked by the NSA
May be problematic if used with restrictive firewalls
It is likely that the NSA has deliberately weakened the protocol totaly

 

[e38BimmerFN]

Possible that L2TP is required for some users or configurations.

Why would ppl run L2TP?

In short, ppl should always use OpenVPN, even on mobile devices, wherever possible. Otherwise, IKEv2 is a good option. L2TP is an acceptable protocol if you need to get started quickly, but in view of the growing range of mobile OpenVPN apps, we prefer to use OpenVPN in front of all other protocols.

Benefits L2TP
Seems to be safe
Available to all of today's devices and operating systems
Easy to configure

Drawbacks L2TP
Slower than OpenVPN
Threatened by NSA and has been cracked by the NSA
May be problematic if used with restrictive firewalls
It is likely that the NSA has deliberately weakened the protocol totaly

 

[sfx2000]

Why would ppl run L2TP?

In short, ppl should always use OpenVPN, even on mobile devices, wherever possible. Otherwise, IKEv2 is a good option. L2TP is an acceptable protocol if you need to get started quickly, but in view of the growing range of mobile OpenVPN apps, we prefer to use OpenVPN in front of all other protocols.

Benefits L2TP
Seems to be safe
Available to all of today's devices and operating systems
Easy to configure

Drawbacks L2TP
Slower than OpenVPN
Threatened by NSA and has been cracked by the NSA
May be problematic if used with restrictive firewalls
It is likely that the NSA has deliberately weakened the protocol totaly

erm... respectfully, you are wrong in your dissertation here...

L2TP is just as secure as any other VPN tech - same with OpenVPN, SSL-VPN and other approaches. L2TP is generally faster than OpenVPN as it doesn't need to do the double hop between userland and kernelspace - OVPN has to by design.

The double hop with OVPN, and that the generic TUN driver is single threaded, there is a significant performance impact compared to LT2P - and we should not go into the code paths there with OpenSSL...

NSA has no insight into L2TP - ciphers for auth and encryption are just the same as any other VPN tech.

Current work these days for me - SDWAN/VXLAN - we're building an overlay that presently punches thru the GFW amongst other things... since this is layer 3, it's efficient, we have both kernel (general purpose) and userland (10Gb and faster) - and we have layer 2 if present, we take advantage of it - e.g. if one has an MPLS pipe, we can encrypt it as well... at the same time, we can efficiently do layer 3 traffic.