1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Custom firmware build for R7800 v. 1.0.2.67SF & 1.0.2.67.1SF

Discussion in 'NETGEAR AC Wireless' started by Voxel, Jun 4, 2019.

Tags:
  1. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,315
    Continuation of
    . . .
    https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-65sf.55917/
    https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-66sf.56631/

    New version of my custom firmware build: 1.0.2.67SF.

    Changes (vs 1.0.2.66SF):

    1. OpenSSL v. 1.1.1c package is added.
    2. OpenSSL v. 1.0.2 package is upgraded 1.0.2r->1.0.2s.
    3. OpenVPN package is changed to use OpenSSL v. 1.1.1.
    4. OpenVPN server(s) is(are) slightly optimized.
    5. OpenVPN client now could be used simultaneously with OpenVPN server(s) (no necessity to disable server(s) from GUI).
    6. unbound package (used in stubby) is changed to use OpenSSL v. 1.1.1.
    7. getdns package (used in stubby) is changed to use OpenSSL v. 1.1.1.
    8. Because of "6." and "7.": stubby is set to support TLSv1.3 with cloudflare (DoT).
    9. wget package is changed to use OpenSSL v. 1.1.1.
    10. transmission package is changed to use OpenSSL v. 1.1.1.
    11. curl package is upgraded 7.64.1->7.65.0.
    12. curl package is changed to use OpenSSL v. 1.1.1.
    13. opkg package is changed to use OpenSSL v. 1.1.1.
    14. uci package is upgraded 2018-08-11->2019-05-17.
    15. openssh-client add-on is changed to use OpenSSL v. 1.1.1.

    [updated]

    New version of my custom firmware build: 1.0.2.67.1SF.

    Changes (vs 1.0.2.67SF):

    1. curl package: revert to OpenSSL 1.0.2 (to provide compatibility with ReadyCLOUD).
    2. opkg package: revert to OpenSSL 1.0.2 (because of using libcurl p.1).
    3. curl package is upgraded 7.65.0->7.65.1.
    4. libubox package is upgraded 2019-02-27->2019-06-16.
    5. DNSCrypt Proxy v.2 is upgraded 2.0.23->2.0.25.
    6. ReadyCLOUD startup script is simplified to avoid potential problems from NG updates.

    The link is:

    https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

    Voxel.
     
    Last edited: Jun 28, 2019
    atom, xingcoo, Gar and 25 others like this.
  2. kamoj

    kamoj Senior Member

    Joined:
    May 12, 2017
    Messages:
    409
    :DImpressing job Voxel - again::)
     
    OllieNZ, Bendon and Voxel like this.
  3. Gar

    Gar Senior Member

    Joined:
    Aug 26, 2018
    Messages:
    425
    Location:
    US
    Here goes, hoping I can make it work this time:

    I never did get past the test version issues I had.

    How do you test Dnscrypt?
     
  4. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,315
    Yeah: there was such request. Recorded in my 2do list. And more comfortable for me, because I have to test both functionalities... Now w/o permanent clicking in GUI :confused:.

    Voxel.
     
  5. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,315
    Usually:

    Code:
    nvram set dnscrypt2=1
    nvram set stubby=0
    nvram commit
    
    then changing /etc/dnscrypt-proxy-2.toml file, string with server_names:

    Code:
    server_names = ['ipredator', 'scaleway-fr', 'dnscrypt.eu-nl', 'dnscrypt.eu-dk']
    
    and reboot. BTW it works :).

    P.S.

    Currently I do use stubby (5 days). For me it is faster a bit vs dnscrypt. Testing TLSv1.3 (OpenSSL 1.1.1). Back to dnscrypt: later, after testing.

    Voxel.
     
    GaselK and Gar like this.
  6. Gar

    Gar Senior Member

    Joined:
    Aug 26, 2018
    Messages:
    425
    Location:
    US
    I didn't know to change this entry so didn't work for me. Thanks.

    Had DoT set up correctly so will see how it goes. Maybe my ISP made some changes I didn't know about so it wouldn't work.
     
  7. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,315
    Perhaps DoT (stubby) is faster for me because of I've changed my ISP (to faster speed). Well, it is also useful because of OpenVPN testing...

    P.S.

    Funnily. My current ISP could not setup (some time) my speed. I had (two days) 100/1000 speed :confused:... I.e. 100 downloading and gigabit upload... Now 200/200 and external IP.

    Voxel.
     
    Gar likes this.
  8. Gar

    Gar Senior Member

    Joined:
    Aug 26, 2018
    Messages:
    425
    Location:
    US
    I had DoT working with 30/3 and I think .62SF last year. Now I have 100/10. The US is so far behind in internet speeds.
     
  9. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,315
    Hmm... I have to use LTE connection with one from my R7800. Just USB LTE modem attached to USB port of R7800 (no WAN cable). Speed is (avg) 85/20... Well... your previous 30/3 is impressing. Price of LTE's ISP is about $9 per month (but total traffic is only 50GB).

    Voxel.
     
  10. Gar

    Gar Senior Member

    Joined:
    Aug 26, 2018
    Messages:
    425
    Location:
    US
    If Stubby is enabled do the pre-configured Cloudflare settings in stubby override other server settings you may have chosen without it?
     
  11. kamoj

    kamoj Senior Member

    Joined:
    May 12, 2017
    Messages:
    409
    Gar likes this.
  12. Sizzlechest

    Sizzlechest Regular Contributor

    Joined:
    Nov 30, 2017
    Messages:
    102
    Just wanted to share an issue due to my own stupidity that I just discovered...

    I created an automounting setup script that would restore my custom settings by plugging in a usb drive after an upgrade. It copies my custom firewall-start.sh to the root directory, adds an authoirized_users file with my public key to the .ssh directory with the proper rights, and edits the /etc/dnscrypt-proxy-2.toml to change the server names to just use cisco. I used a sed command with regex to do the search and replace for the last one. What I didn't realize is that the dnscrypt-proxy-2.toml file has ANOTHER server_names parameter for servers you wish to disable. The regex was simultaneously setting the server to cisco AND adding it to the disabled server list. :eek: I just needed a "^" at the beginning of the regex. :mad:

    Here's the fixed script:

    #!/bin/sh

    if [ ! -f "/root/firewall-start.sh" ]
    then
    cp /tmp/mnt/$1/firewall-start.sh /root/.
    fi

    if [ ! -f "/root/.ssh/authorized_keys" ]
    then
    cp /tmp/mnt/$1/authorized_keys /root/.ssh/authorized_keys
    fi

    sed -i -r "s/^(server_names[[:space:]]*=[[:space:]]*).*/\1['cisco']/" /etc/dnscrypt-proxy-2.toml
     
    Voxel and kamoj like this.
  13. eevanskiteboards

    eevanskiteboards Occasional Visitor

    Joined:
    Nov 17, 2018
    Messages:
    43
    hello,

    Quick question. When i log int to http://192.168.1.1/debug.htm with (kamoji script) to view the status of vpn it says ERROR: 185.245.86.21, ERROR is red in color. The weird part is that the vpn is working according to dnsleaktest etc. Does anybody know why? thanks
     
    Bendon likes this.
  14. bartj12

    bartj12 New Around Here

    Joined:
    Feb 23, 2019
    Messages:
    9
    Grazie mille!!
     
    Voxel likes this.
  15. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,315
    Sei il benvenuto,

    Voxel.
     
  16. kokishin

    kokishin Occasional Visitor

    Joined:
    Nov 16, 2013
    Messages:
    44
    Location:
    Silicon Valley
    Hi Voxel,

    I installed 67SF a few minutes ago. You're a release machine! :) Thx!

    [​IMG]

    [​IMG]
     
    Last edited: Jun 5, 2019
  17. kamoj

    kamoj Senior Member

    Joined:
    May 12, 2017
    Messages:
    409
    It's because the tun0 device doesn't exist anymore.
    Voxel changed device from tun0 to tun21 in this release!

    Run this to see:
    Code:
    grep tun /proc/net/dev
    You can patch the addon this way:
    Code:
    sed -i 's/tun0/tun21/g' /usr/bin/addon_info_update.sh
     
    Last edited: Jun 6, 2019
    Voxel, eevanskiteboards and Bendon like this.
  18. eevanskiteboards

    eevanskiteboards Occasional Visitor

    Joined:
    Nov 17, 2018
    Messages:
    43
    I will try tomorrow thanks.
     
  19. kokishin

    kokishin Occasional Visitor

    Joined:
    Nov 16, 2013
    Messages:
    44
    Location:
    Silicon Valley
    [​IMG]
     
    Voxel likes this.
  20. gobble

    gobble Occasional Visitor

    Joined:
    Oct 5, 2012
    Messages:
    29
    Not related to this firmware as I at least noticed it was happening on .66SF, but is anyone else's WiFi calling working? Not working for me and I know it has in the past