Custom firmware build for R9000

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Voxel

Very Senior Member
Hello
When i restarted the router with the USB stick, I got a new ip number, but it's still ip from my ip provider. I tried to change from sweden.privateinternetaccess.com to us-newyorkcity.privateinternetaccess.com
just to see if the IP number changes, but it does not.
Can i see that openvpn client is active in routers gui?
Sorry, no. GUI is enclosed part of codes from Netgear, I cannot change it. You can check what is going only from telnet or ssh. Checking ovpn client log.

Voxel.
 

XRV

New Around Here
Sorry, no. GUI is enclosed part of codes from Netgear, I cannot change it. You can check what is going only from telnet or ssh. Checking ovpn client log.

Voxel.
At last I've succeeded. I want to thank Voxel for all the help. I had to change a bit in .ovp file and it looks the following.

client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ
 

Invisibleman

New Around Here
Hello Voxel,

I just bought this Netgear R9000 and I am looking for a VPN Client in the firmware. And it seems you're the man to talk to :)

I want to try your firmware, but I have 2 "stupid" questions;

1 - I see that some versions have HW behind the name and others don't. Is there a difference or which should I then take?
2 - I saw you mentioned it is Netgear's firmware with some extra's and fixes / optimizations. Does this mean, that I can directly go back to Netgear's official firmware, or do I then still need to do the steps as it is (I thought DD_WRT) that you need to do with help from a 3rd party software?

Thanks,
Hans
 

psychopomp1

Senior Member
Hello Voxel,

I just bought this Netgear R9000 and I am looking for a VPN Client in the firmware. And it seems you're the man to talk to :)

I want to try your firmware, but I have 2 "stupid" questions;

1 - I see that some versions have HW behind the name and others don't. Is there a difference or which should I then take?
2 - I saw you mentioned it is Netgear's firmware with some extra's and fixes / optimizations. Does this mean, that I can directly go back to Netgear's official firmware, or do I then still need to do the steps as it is (I thought DD_WRT) that you need to do with help from a 3rd party software?

Thanks,
Hans

Hi Hans

1) 'HW' means Hardware Acceleration of OpenSSL, so for certain tasks you will find this version works better. However for general router use, there will be no difference between the 2 - i have the HW version installed and it works like a dream :)

2) Correct, you can easily go to/from stock firmware without any special steps.

Re: setting up OpenVPN client on Voxel's firmware follow the steps here

https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r9000-voxels-firmware
 

XRV

New Around Here
Hello Voxel
I nead a help to bypassing the VPN and restoring Plex Media Server remote access behind the VPN.
Regards
Laslo
 

Lord_Vader

Regular Contributor
At last I've succeeded. I want to thank Voxel for all the help. I had to change a bit in .ovp file and it looks the following.

client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ
Having the same problem, I have followed your example (lives in Sweden as well).
How should the folder structure in Windows Explorer (or Finder for MacOS) look like? Something is wrong...!
Straight on USB-flash drive is "openvpn-client", and in that folder 4 files. Have tried "/openvpn-client" on my Mac (Explorer dosen't allow "/").
Using this also:
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
 
Last edited:

Voxel

Very Senior Member
How should the folder structure in Windows Explorer
Something like:



if your USB disk is G: and your OVPN file name is sweden-aes128-udp.ovpn

Note: openvpn-client folder is lowercase.

G:\openvpn-client\sweden-aes128-udp.ovpn
G:\openvpn-client\ca.rsa.2048.crt
G:\openvpn-client\crl.rsa.2048.pem
G:\openvpn-client\auth.txt

Voxel.
 

Lord_Vader

Regular Contributor
I'm so glad that you answered me, thank you.

Unfortunately for me, everything looks like the picture you enclosed.

I did a factory reset, but that resulted in losing internet connection at frequent intervals.

I have tried different approaches to the VPN not connecting half day, but nothing seems to work.

When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.

Any suggestions??

Sent from my SM-G955F using Tapatalk
 

Voxel

Very Senior Member
When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.
R7800? Or R9000 (this thread)?


I have tried different approaches to the VPN not connecting half day, but nothing seems to work.

When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.

Any suggestions??

You have to check your OpenVPN client log to get a picture: what is wrong.

My README (check it again):


Log file for OpenVPN client is /var/log/openvpn-client.log, check it if you have problems.

I.e. telnet to your router (R7800 or R9000) and run:

Code:
/etc/init.d/openvpn-client start
more /var/log/openvpn-client.log

What it says?

Voxel.
 

Lord_Vader

Regular Contributor
Sorry, I have to leave now. Will not comment until tomorrow.

Voxel.
Thanks, looking forward to your reply and help. Have a nice friday evening!
 

Lord_Vader

Regular Contributor
FYI this is my settings in .ovpn file (also attached screenshot of USB structure):
client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ
 

Attachments

  • screenshot.jpeg
    screenshot.jpeg
    35 KB · Views: 413

Lord_Vader

Regular Contributor
This is a part of the log:
------------------------------------------
Thu Jan 1 00:01:32 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:32 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:32 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:32 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:32 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:37 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:37 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 UDP link local: (not bound)
Thu Jan 1 00:01:37 1970 UDP link remote: [AF_INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796
Thu Jan 1 00:01:37 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:37 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:37 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:37 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:37 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:42 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:42 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.162:1198
:
 

Attachments

  • log.JPG
    log.JPG
    30.1 KB · Views: 379
Last edited:

Voxel

Very Senior Member
This is a part of the log:
------------------------------------------
Thu Jan 1 00:01:32 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:32 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:32 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:32 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:32 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:37 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:37 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 UDP link local: (not bound)
Thu Jan 1 00:01:37 1970 UDP link remote: [AF_INET]91.108.183.34:1198
Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796
Thu Jan 1 00:01:37 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
Thu Jan 1 00:01:37 1970 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jan 1 00:01:37 1970 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 1 00:01:37 1970 TLS Error: TLS handshake failed
Thu Jan 1 00:01:37 1970 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 1 00:01:42 1970 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 1 00:01:42 1970 TCP/UDP: Preserving recently used remote address: [AF_
INET]91.108.183.162:1198
:

There are two things I do not like:

1. You have incorrect date set in your router. 1970. Means NTP does not work. You should solve this or at least set for test correct date from console before manual start of OpenVPN client:

Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796

2. You have two strings in you OVPN:

auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt

leave only second with auth.txt

And try to start OpenVPN client manually from console after setting correct date (which is valid). See README how to start manually.

Voxel.
 

Lord_Vader

Regular Contributor
Voxel! I LOVE you! It works! :D I'm happy again!

Short question vad does the bold line below do? I got XRV (forum member from Sweden) files yesterday, and that line wasn't there before?

client
dev tun
proto udp
remote sweden.privateinternetaccess.com 1198
resolv-retry infinite
keepalive 10 60
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
auth-user-pass /etc/openvpn/config/client/auth.txt
crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
ca /etc/openvpn/config/client/ca.rsa.2048.crt
disable-occ
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top