Custom firmware build for R7800 v. 1.0.2.63SF

[cordezz]

is a problem and it would be good to perform intermediate update to say 1.0.2.62SF. BTW, what was your previous version: my or stock?

Before the 1.0.2.63SF I had installed your 1.0.2.53SF or even an older firmware (I am not sure, some older than 1.0.2.59SF), but not stock.
So I guess I have to do a default reset...

 

[Sizzlechest]

I tried to get dnscrypt to work and now I cannot connect to the Internet. I tried doing a factory reset, but it didn't work. I'm not convinced it truly wiped out all the settings. My son keys were still there.

EDIT: Geez! I ended up doing factory resets, downgrades and upgrades and I got the router to connect to the Internet again. It's working, but I cannot log in and I cannot reset the password. I'm back on Voxel 63F

EDIT 2: One last factory reset and restore and I am back to where I was. Curious... Do you think messing with the DNSCrypt settings somehow messed with my lease from my ISP? I have Verizon. It may be a coincidence that I've been offline for about 2 hours.

Voxel: I'm afraid to start messing with these settings again. I got the cisco family one to work, but when I tried cisco again, all hell broke loose.

 

[kamoj]

Did you try Voxels DNSCrypt v1 ? It also has cisco and cisco-familyshield, both working as per today.

Fri Feb  8 00:38:44 2019 [INFO] - [cisco] does not support DNS Security Extensions
Fri Feb  8 00:38:44 2019 [WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
Fri Feb  8 00:38:44 2019 [NOTICE] Starting dnscrypt-proxy 1.9.5
Fri Feb  8 00:38:44 2019 [INFO] Generating a new session key pair
Fri Feb  8 00:38:44 2019 [INFO] Done
Fri Feb  8 00:38:44 2019 [INFO] Server certificate with serial #1546469149 received
Fri Feb  8 00:38:44 2019 [INFO] This certificate is valid
Fri Feb  8 00:38:44 2019 [INFO] Chosen certificate #1546469149 is valid from [2019-01-02] to [2020-01-02]
Fri Feb  8 00:38:44 2019 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Fri Feb  8 00:38:44 2019 [INFO] Server key fingerprint is BAA0:C019:D8B6:9E9F:E529:542D:C8F2:EC22:5056:D2A2:3B68:F7DF:A40A:8394:3250:C02A

Whichever DNSCrypt version or servers you use, I recommend you to have more than one resolver/server defined.

If you install this add-on, you can get some information about your DNSCrypt v1/v2 status: https://www.snbforums.com/threads/k...800-x4s-and-r9000-x10-temperatures-a-o.49907/

DNSCrypt v1 Servers    v1.9.5. DNSCrypt v2 is prioritized. dnscrypt.eu-nl dnscrypt.org-fr ipredator     (Date of: dnscrypt-resolvers.csv: 2018-01-11 16:49:20. Servers:106, Ok:35, Expired:2, No Certificate:69)

DNSCrypt v2 Servers    OK: v2.0.19. Servers:136. Fastest:ipredator (rtt 17ms), Used:5, Forced:5: [cloudflare, ipredator, scaleway-fr, dnscrypt.eu-nl, dnscrypt.eu-dk]     (Date of: /etc/public-resolvers.md: 2019-02-07 19:12:21)

If you still have problems, and want help, please post the output from this add-on.
http://192.168.1.1/debug.htm

I tried to get dnscrypt to work and now I cannot connect to the Internet. I tried doing a factory reset, but it didn't work. I'm not convinced it truly wiped out all the settings. My son keys were still there.

EDIT: Geez! I ended up doing factory resets, downgrades and upgrades and I got the router to connect to the Internet again. It's working, but I cannot log in and I cannot reset the password. I'm back on Voxel 63F

EDIT 2: One last factory reset and restore and I am back to where I was. Curious... Do you think messing with the DNSCrypt settings somehow messed with my lease from my ISP? I have Verizon. It may be a coincidence that I've been offline for about 2 hours.

Voxel: I'm afraid to start messing with these settings again. I got the cisco family one to work, but when I tried cisco again, all hell broke loose.

 

[Sizzlechest]

If you install this add-on, you can get some information about your DNSCrypt v1/v2 status: https://www.snbforums.com/threads/k...800-x4s-and-r9000-x10-temperatures-a-o.49907/

DNSCrypt v1 Servers    v1.9.5. DNSCrypt v2 is prioritized. dnscrypt.eu-nl dnscrypt.org-fr ipredator     (Date of: dnscrypt-resolvers.csv: 2018-01-11 16:49:20. Servers:106, Ok:35, Expired:2, No Certificate:69)

DNSCrypt v2 Servers    OK: v2.0.19. Servers:136. Fastest:ipredator (rtt 17ms), Used:5, Forced:5: [cloudflare, ipredator, scaleway-fr, dnscrypt.eu-nl, dnscrypt.eu-dk]     (Date of: /etc/public-resolvers.md: 2019-02-07 19:12:21)

If you still have problems, and want help, please post the output from this add-on.
http://192.168.1.1/debug.htm

Thank you for this. I did set up dnscrypt the same way as I did before, but this time I had no problems changing to cisco. Maybe I needed the factory resets?

Here's the debug log output for dnscrypt:

v2.0.19. Servers:134. Fastest:cisco (rtt 4ms), Used:1, Forced:1: [cisco]     (Date of: /etc/public-resolvers.md: 2019-02-08 06:29:13)

I had the DNS server settings set to the OpenDNS servers in the "Internet Setup" settings page. I changed that setting to "Get Automatically from ISP" and rebooted. I'm still using the OpenDNS servers and my normal blocking profile works, but I'm not sure I'm passing the leak test here: https://www.perfect-privacy.com/dns-leaktest/

That looks the same as it was when I was using the OpenDNS servers without DNSCrypt.

EDIT: I suspect the above is good news since the dns requests are supposed to be going through OpenDNS. I found a command that checks whether or not the requests are encrypted:

C:\> nslookup -type=txt debug.opendns.com

Server:  R7800
Address:  192.168.XXX.XXX

Non-authoritative answer:
debug.opendns.com       text =

        "server m33.nyc"
debug.opendns.com       text =

        "flags 20 0 8050 180000000000000000003950C00000000000000"
debug.opendns.com       text =

        "originid 2654635"
debug.opendns.com       text =

        "actype 2"
debug.opendns.com       text =

        "bundle 1855347"
debug.opendns.com       text =

        "source XXX.XXX.XXX.XXX:42628"
debug.opendns.com       text =

        "dnscrypt enabled (716D496B684B3766)"

(root)  ??? unknown type 41 ???

I'm going to guess the "dnscrypt enabled (716D496B684B3766)" means it works.

 

[cordezz]

I checked this right after I flashed my 63SF on my router. I was able to see my files. And register/unregister. Regarding register/unregister: now it is stored in nvram in encrypted form. Maybe because of this. Probably

Unfortunately I have to say, that I can't get Readycloud running with your 1.0.2.62SF or 1.0.2.63SF. With stock 1.0.2.62 it works.
I always performed a factory default after flashing the fw. Then switched into AP-Mode and entered a manual IP/Gateway/DNS corresponding to my network. After that I have tested the readycloud option. There is no error message but the readycloud config page just appaers again as if the account was not registered. With the 1.0.2.54SF readycloud was working.
Perhaps the combination of AP-mode and readycloud is problematic.
Edit: No, it does not work in Router mode either.

 

[Voxel]

Unfortunately I have to say, that I can't get Readycloud running with your 1.0.2.62SF or 1.0.2.63SF. With stock 1.0.2.62 it works.
I always performed a factory default after flashing the fw. Then switched into AP-Mode and entered a manual IP/Gateway/DNS corresponding to my network. After that I have tested the readycloud option. There is no error message but the readycloud config page just appaers again as if the account was not registered. With the 1.0.2.54SF readycloud was working.
Perhaps the combination of AP-mode and readycloud is problematic.

You are right: there are problems with ReadyCLOUD in AP mode. I cannot say right now what is a reason. Most probably it is because ReadyCLOUD was changed in October to the version 20180619 (NG downloads site). I have to trace/debug/fix it. It could be re-installed and started manually in AP mode (from console) and is working until next reboot. But fails after reboot.

Edit: No, it does not work in Router mode either.

However it is working in router mode. For example right now I can Register/Unregister and access my files on R7800 USB in router mode. Most probably if you are changing AP->router mode ReadyCLOUD files are already spoiled. So it is necessary to uninstall ReadyCLOUD in router mode if you are in AP mode. Command “cloud uninstall” and reboot.

Voxel.

 

[Rebaser]

Any idea why I can not access the router page (using 192.168.1.1 or www.routerlogin.net) with Edge via WiFi (laptop) but I am able to with Ethernet (pc) or just using chrome.

I can telnet to router from my laptop, just wondering where to start. ..

 

[mayday1050]

Continuation of
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-62sf.50417/

New version of my custom firmware build: 1.0.2.63SF.

Changes (vs 1.0.2.62SF):

1. Integration of changes from the stock v. 1.0.2.62 including:

• a login password enhancement in the router web interface to support a more secure password (no saving passwords in NVRAM in the plain text form).
• fixing the issue where the speed test in the QoS page always displays a zero number.
• 22 QoS packages are changed to provide synchronization with a latest version (so even if your QoS page displays "Release Date: October 23, 2017": de facto there are a lot of changes in the QoS internals).

2. dropbear: security issue CVE-2018-15599 is fixed, see:

https://nvd.nist.gov/vuln/detail/CVE-2018-15599​

for details.
3. curl package is upgraded 7.62.0->7.63.0.
4. dbus package is upgraded 1.12.10->1.12.12.
5. e2fsprogs package is upgraded 1.44.4->1.44.5.
6. jansson package is upgraded 2.11->2.12.
7. libgpg-error package is upgraded 1.32->1.34.
8. libxml2 package is upgraded 2.9.8->2.9.9.
9. sqlite package is upgraded 3250300->3260000.
10. wget package is upgraded 1.20->1.20.1.
11. dnsmasq: synchronization of codes with stock 1.0.2.62 (R9000 codes were used in my previous version).
12. OpenSSL: old libraries 0.9.8 are added to fix NG bug (/bin/fbwifi).
13. NG Downloader: ftp/http downloading issue is fixed.
14. NG bugs corrections fixed in my previous versions are included.
15. NG version of OpenVPN client is removed (conflicting with my version of OpenVPN client).
16. Funjsq service is removed:

Guys from China: I am really sorry, please use a stock version if you need exactly this version of OpenVPN client, my knowledge of Chinese is close to zero to understand this service description/features from this: https://www.funjsq.com/​

17. Toolchain: gdb is upgraded to 8.2.1.
18. Host tools: two components are upgraded.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Thanks to percy3 for his help with testing.

P.S.

There are several opinions found by me in Internet that Voxel’s FW is just a stock firmware with a bit more attractive icons. I cannot provide full statistics but FYI: stock firmware is using third party GPL packages, about 143 of them are used in my version. And about 105 of them are upgraded/changed/added/bugfixed. So I think that at least 73 per cents of firmware internals is different. This is w/o accounting specific changes such as different toolchain/host-tools or optimized for IPQ806x compiler options, -O2, boosting OpenSSL etc. Just FYI. My version is my vision re: what I’d like to have from a stock firmware.

P.P.S.

Especial thanks to NETGEAR Guy for his help of getting GPL sources from NG engineering team. I really think that NG should appreciate this Gentleman and encourage him.

Also a lot of thanks to kamoj who provides significant support of my fw users.

Voxel.

Had issues with T-Mobile iPhone wifi calling. Went back to 60SF

Continuation of
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-62sf.50417/

New version of my custom firmware build: 1.0.2.63SF.

Changes (vs 1.0.2.62SF):

1. Integration of changes from the stock v. 1.0.2.62 including:

• a login password enhancement in the router web interface to support a more secure password (no saving passwords in NVRAM in the plain text form).
• fixing the issue where the speed test in the QoS page always displays a zero number.
• 22 QoS packages are changed to provide synchronization with a latest version (so even if your QoS page displays "Release Date: October 23, 2017": de facto there are a lot of changes in the QoS internals).

2. dropbear: security issue CVE-2018-15599 is fixed, see:

https://nvd.nist.gov/vuln/detail/CVE-2018-15599​

for details.
3. curl package is upgraded 7.62.0->7.63.0.
4. dbus package is upgraded 1.12.10->1.12.12.
5. e2fsprogs package is upgraded 1.44.4->1.44.5.
6. jansson package is upgraded 2.11->2.12.
7. libgpg-error package is upgraded 1.32->1.34.
8. libxml2 package is upgraded 2.9.8->2.9.9.
9. sqlite package is upgraded 3250300->3260000.
10. wget package is upgraded 1.20->1.20.1.
11. dnsmasq: synchronization of codes with stock 1.0.2.62 (R9000 codes were used in my previous version).
12. OpenSSL: old libraries 0.9.8 are added to fix NG bug (/bin/fbwifi).
13. NG Downloader: ftp/http downloading issue is fixed.
14. NG bugs corrections fixed in my previous versions are included.
15. NG version of OpenVPN client is removed (conflicting with my version of OpenVPN client).
16. Funjsq service is removed:

Guys from China: I am really sorry, please use a stock version if you need exactly this version of OpenVPN client, my knowledge of Chinese is close to zero to understand this service description/features from this: https://www.funjsq.com/​

17. Toolchain: gdb is upgraded to 8.2.1.
18. Host tools: two components are upgraded.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Thanks to percy3 for his help with testing.

P.S.

There are several opinions found by me in Internet that Voxel’s FW is just a stock firmware with a bit more attractive icons. I cannot provide full statistics but FYI: stock firmware is using third party GPL packages, about 143 of them are used in my version. And about 105 of them are upgraded/changed/added/bugfixed. So I think that at least 73 per cents of firmware internals is different. This is w/o accounting specific changes such as different toolchain/host-tools or optimized for IPQ806x compiler options, -O2, boosting OpenSSL etc. Just FYI. My version is my vision re: what I’d like to have from a stock firmware.

P.P.S.

Especial thanks to NETGEAR Guy for his help of getting GPL sources from NG engineering team. I really think that NG should appreciate this Gentleman and encourage him.

Also a lot of thanks to kamoj who provides significant support of my fw users.

Voxel.

 

[masktao]

please! who can tell me? where is this option?
1.0.2.59SF:
dnsmasq: dnsmasq.conf options optimized.

i can't find in about dnsmasq option on webgui and readme.docx

 

[jsmiddleton4]

For now I went back to NG's own .62 firmware. Didn't have time to track down why but was having DNS lookup stalls with .63. Not sure if it was cloudfire, DNSCRYPT, Stubby or what. Something though was taking longer than normal for the DNS information and so it stalled.

With NG's .62 not one stall.

Interestingly the display for attached devices I have to install kamoj's mod so that all show in .63, with NG's .62 attached devices works perfectly.

 

[kamoj]

I have run all all different DNS possibilities in 63SF and only had problems with Stubby and multiple resolvers.
But if you only use one resolver you have no redundancy, so..
..that's why I don't recommend Stubby with more than one resolver.

About attached devices: I just tried it with stock v.62.
It gave me 11 visible devices.
Installed Kamoj add-on and got 23 visible devices.

For now I went back to NG's own .62 firmware. Didn't have time to track down why but was having DNS lookup stalls with .63. Not sure if it was cloudfire, DNSCRYPT, Stubby or what. Something though was taking longer than normal for the DNS information and so it stalled.

With NG's .62 not one stall.

Interestingly the display for attached devices I have to install kamoj's mod so that all show in .63, with NG's .62 attached devices works perfectly.

 

[Voxel]

Any idea why I can not access the router page (using 192.168.1.1 or www.routerlogin.net) with Edge via WiFi (laptop) but I am able to with Ethernet (pc) or just using chrome.

I can telnet to router from my laptop, just wondering where to start. ..

Logically there is a problem with Edge. Try to clear cache.

Voxel.

 

[Voxel]

please! who can tell me? where is this option?
1.0.2.59SF:
dnsmasq: dnsmasq.conf options optimized.

i can't find in about dnsmasq option on webgui and readme.docx

Sorry, it is not controlled by GUI. By telnet/ssh from console. You should edit manually /etc/dnsmasq-resolv.conf if you need your custom options.

Voxel.

 

[Voxel]

Not sure if it was cloudfire, DNSCRYPT, Stubby or what.

Either or and or. Not all together. If you do not enable dnscypt or stubby it should work like with stock.

Changed options are increased cache (speedupt) and allowing to process your custom entries in the hosts file (/etc/ directory).

Voxel.

 

[Kalipok]

Hi Voxel, thanks a lot for your great fw !

I experience a bug, from the very beginning I think (either with the original firmware or with your version) :
In the security / access control page, I wanted to use the "block every new peripheral" option, but actually, it has never been working properly.

When I check this option, I'm not able to authorize new peripherals, the "authorize" button seems to have no effect. A few versions ago, rebooting the router would bring this button back to life, but not anymore... The new peripherals I try to give acces to stays in the "refuse" state (or "non authorized" or whatever english terms are used).

In the meantime, I authorize all new peripherals to connect... Maybe I'm too paranaoïd after all

Edit : Anybody else has tried this option ? With success ?

 

[masktao]

Sorry, it is not controlled by GUI. By telnet/ssh from console. You should edit manually /etc/dnsmasq-resolv.conf if you need your custom options.

Voxel.

thank you very much.now i know what should i do

 

[jsmiddleton4]

"It gave me 11 visible devices.
Installed Kamoj add-on and got 23 visible devices"

Good for you. For me its just one device that does not show with Voxel requiring kamoj add in. With Netgear's .62 that one device, a Netgear Smart Switch, shows. Even without kamoj's add in Voxel's display is different. The GUI not the same as NG's .62. So something is different between the two FW's in this regards.

I didn't say I was running all those DNS add ins at once. Said I'm not sure which one is causing it. Something is. Given what we're talking about, a DNS issue that works otherwise, I'm not going to go through all the trouble shooting to figure out which. Its not a kidney transplant.

Passing on .63. Will give .64 a run for its money when its out.

 

[masktao]

Sorry, it is not controlled by GUI. By telnet/ssh from console. You should edit manually /etc/dnsmasq-resolv.conf if you need your custom options.

Voxel.

so sorry, i'm a r6300v2 ddwrt old user. ddwrt use dsnmasq so easy. i'm also linux stranger . ddwrt can use winscp to edit dnsmasq file or other file.
i try to use enbale telnet on debug.htm page and use putty .but stop for strange command. can u show more about dnsmasq operation . i search youtube no have match result.
ddwrt is very bad for r7800 wifi speed. can't back.

 

[Voxel]

can u show more about dnsmasq operation . i search youtube no have match result.

I am sorry but only changes from console. No GUI for that. You should know basic Linux commands (command line). DNSMASQ options e,g, here:

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Voxel.

 

[Voxel]

Hi Voxel, thanks a lot for your great fw !

I experience a bug, from the very beginning I think (either with the original firmware or with your version) :
In the security / access control page, I wanted to use the "block every new peripheral" option, but actually, it has never been working properly.

When I check this option, I'm not able to authorize new peripherals, the "authorize" button seems to have no effect. A few versions ago, rebooting the router would bring this button back to life, but not anymore... The new peripherals I try to give acces to stays in the "refuse" state (or "non authorized" or whatever english terms are used).

In the meantime, I authorize all new peripherals to connect... Maybe I'm too paranaoïd after all

Edit : Anybody else has tried this option ? With success ?

Well, I see. Thanks for reporting this bug.

Voxel.