1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Custom firmware build for R9000

Discussion in 'NETGEAR AC Wireless' started by Voxel, Jul 13, 2017.

Tags:
  1. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    Sorry, no. GUI is enclosed part of codes from Netgear, I cannot change it. You can check what is going only from telnet or ssh. Checking ovpn client log.

    Voxel.
     
  2. XRV

    XRV New Around Here

    Joined:
    Sep 3, 2017
    Messages:
    9
    At last I've succeeded. I want to thank Voxel for all the help. I had to change a bit in .ovp file and it looks the following.

    client
    dev tun
    proto udp
    remote sweden.privateinternetaccess.com 1198
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    cipher aes-128-cbc
    auth sha1
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    reneg-sec 0
    auth-user-pass /etc/openvpn/config/client/auth.txt
    crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
    ca /etc/openvpn/config/client/ca.rsa.2048.crt
    disable-occ
     
    Voxel likes this.
  3. Invisibleman

    Invisibleman New Around Here

    Joined:
    Sep 17, 2017
    Messages:
    5
    Hello Voxel,

    I just bought this Netgear R9000 and I am looking for a VPN Client in the firmware. And it seems you're the man to talk to :)

    I want to try your firmware, but I have 2 "stupid" questions;

    1 - I see that some versions have HW behind the name and others don't. Is there a difference or which should I then take?
    2 - I saw you mentioned it is Netgear's firmware with some extra's and fixes / optimizations. Does this mean, that I can directly go back to Netgear's official firmware, or do I then still need to do the steps as it is (I thought DD_WRT) that you need to do with help from a 3rd party software?

    Thanks,
    Hans
     
  4. psychopomp1

    psychopomp1 Senior Member

    Joined:
    Sep 5, 2012
    Messages:
    299
    Location:
    UK
    Hi Hans

    1) 'HW' means Hardware Acceleration of OpenSSL, so for certain tasks you will find this version works better. However for general router use, there will be no difference between the 2 - i have the HW version installed and it works like a dream :)

    2) Correct, you can easily go to/from stock firmware without any special steps.

    Re: setting up OpenVPN client on Voxel's firmware follow the steps here

    https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r9000-voxels-firmware
     
    Voxel likes this.
  5. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    Add-on to psychopomp1 answer: if you intend to use OpenVPN client, HW is your version (hardware acceleration of encryption).

    Voxel.
     
  6. Invisibleman

    Invisibleman New Around Here

    Joined:
    Sep 17, 2017
    Messages:
    5
    Hello psychopomp1 & Voxel,

    Thank you both for your answers. I will going to try today.

    Regards,
    Hans
     
  7. XRV

    XRV New Around Here

    Joined:
    Sep 3, 2017
    Messages:
    9
    Hello Voxel
    I nead a help to bypassing the VPN and restoring Plex Media Server remote access behind the VPN.
    Regards
    Laslo
     
  8. Lord_Vader

    Lord_Vader Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    34
    Having the same problem, I have followed your example (lives in Sweden as well).
    How should the folder structure in Windows Explorer (or Finder for MacOS) look like? Something is wrong...!
    Straight on USB-flash drive is "openvpn-client", and in that folder 4 files. Have tried "/openvpn-client" on my Mac (Explorer dosen't allow "/").
    Using this also:
    auth-user-pass /etc/openvpn/config/client/auth.txt
    crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
    ca /etc/openvpn/config/client/ca.rsa.2048.crt
     
    Last edited: Dec 15, 2017
  9. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    Something like:

    [​IMG]

    if your USB disk is G: and your OVPN file name is sweden-aes128-udp.ovpn

    Note: openvpn-client folder is lowercase.

    G:\openvpn-client\sweden-aes128-udp.ovpn
    G:\openvpn-client\ca.rsa.2048.crt
    G:\openvpn-client\crl.rsa.2048.pem
    G:\openvpn-client\auth.txt

    Voxel.
     
  10. Lord_Vader

    Lord_Vader Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    34
    I'm so glad that you answered me, thank you.

    Unfortunately for me, everything looks like the picture you enclosed.

    I did a factory reset, but that resulted in losing internet connection at frequent intervals.

    I have tried different approaches to the VPN not connecting half day, but nothing seems to work.

    When I connect USB to my R7800 the indicator for internet turns white after a while, resulting in lost internet.

    Any suggestions??

    Sent from my SM-G955F using Tapatalk
     
  11. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    R7800? Or R9000 (this thread)?


    You have to check your OpenVPN client log to get a picture: what is wrong.

    My README (check it again):


    Log file for OpenVPN client is /var/log/openvpn-client.log, check it if you have problems.

    I.e. telnet to your router (R7800 or R9000) and run:

    Code:
    /etc/init.d/openvpn-client start
    more /var/log/openvpn-client.log
    
    What it says?

    Voxel.
     
  12. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    Sorry, I have to leave now. Will not comment until tomorrow.

    Voxel.
     
    Lord_Vader likes this.
  13. Lord_Vader

    Lord_Vader Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    34
    Thanks, looking forward to your reply and help. Have a nice friday evening!
     
  14. Lord_Vader

    Lord_Vader Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    34
    FYI this is my settings in .ovpn file (also attached screenshot of USB structure):
    client
    dev tun
    proto udp
    remote sweden.privateinternetaccess.com 1198
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    cipher aes-128-cbc
    auth sha1
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    reneg-sec 0
    auth-user-pass /etc/openvpn/config/client/auth.txt
    crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
    ca /etc/openvpn/config/client/ca.rsa.2048.crt
    disable-occ
     

    Attached Files:

  15. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
  16. Lord_Vader

    Lord_Vader Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    34
    This is a part of the log:
    ------------------------------------------
    Thu Jan 1 00:01:32 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
    Thu Jan 1 00:01:32 1970 TLS_ERROR: BIO read tls_read_plaintext error
    Thu Jan 1 00:01:32 1970 TLS Error: TLS object -> incoming plaintext read error
    Thu Jan 1 00:01:32 1970 TLS Error: TLS handshake failed
    Thu Jan 1 00:01:32 1970 SIGUSR1[soft,tls-error] received, process restarting
    Thu Jan 1 00:01:37 1970 NOTE: the current --script-security setting may allow
    this configuration to call user-defined scripts
    Thu Jan 1 00:01:37 1970 TCP/UDP: Preserving recently used remote address: [AF_
    INET]91.108.183.34:1198
    Thu Jan 1 00:01:37 1970 UDP link local: (not bound)
    Thu Jan 1 00:01:37 1970 UDP link remote: [AF_INET]91.108.183.34:1198
    Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
    S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
    CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796
    Thu Jan 1 00:01:37 1970 OpenSSL: error:14090086:lib(20):func(144):reason(134)
    Thu Jan 1 00:01:37 1970 TLS_ERROR: BIO read tls_read_plaintext error
    Thu Jan 1 00:01:37 1970 TLS Error: TLS object -> incoming plaintext read error
    Thu Jan 1 00:01:37 1970 TLS Error: TLS handshake failed
    Thu Jan 1 00:01:37 1970 SIGUSR1[soft,tls-error] received, process restarting
    Thu Jan 1 00:01:42 1970 NOTE: the current --script-security setting may allow
    this configuration to call user-defined scripts
    Thu Jan 1 00:01:42 1970 TCP/UDP: Preserving recently used remote address: [AF_
    INET]91.108.183.162:1198
    :
     

    Attached Files:

    • log.JPG
      log.JPG
      File size:
      30.1 KB
      Views:
      256
    Last edited: Dec 15, 2017
  17. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    There are two things I do not like:

    1. You have incorrect date set in your router. 1970. Means NTP does not work. You should solve this or at least set for test correct date from console before manual start of OpenVPN client:

    Thu Jan 1 00:01:37 1970 VERIFY ERROR: depth=0, error=CRL is not yet valid: C=U
    S, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access,
    CN=6461984daea8a5eecca6e10e089a9796, name=6461984daea8a5eecca6e10e089a9796

    2. You have two strings in you OVPN:

    auth-user-pass
    comp-lzo
    verb 1
    reneg-sec 0
    auth-user-pass /etc/openvpn/config/client/auth.txt

    leave only second with auth.txt

    And try to start OpenVPN client manually from console after setting correct date (which is valid). See README how to start manually.

    Voxel.
     
  18. Lord_Vader

    Lord_Vader Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    34
    Voxel! I LOVE you! It works! :D I'm happy again!

    Short question vad does the bold line below do? I got XRV (forum member from Sweden) files yesterday, and that line wasn't there before?

    client
    dev tun
    proto udp
    remote sweden.privateinternetaccess.com 1198
    resolv-retry infinite
    keepalive 10 60
    nobind
    persist-key
    persist-tun
    cipher aes-128-cbc
    auth sha1
    tls-client
    remote-cert-tls server
    comp-lzo
    verb 1
    reneg-sec 0
    auth-user-pass /etc/openvpn/config/client/auth.txt
    crl-verify /etc/openvpn/config/client/crl.rsa.2048.pem
    ca /etc/openvpn/config/client/ca.rsa.2048.crt
    disable-occ
     
  19. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487
    Well, better no. I am heterosexual :) (Joke).

    OK, it should be so.

    Keepalive in your case: ping every 10 sec and if no reply during 60 sec then restart.

    Good luck,
    Voxel.
     
  20. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,487