1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Just picked up the R7800 (installed Voxel f/w) and Have Some ?s

Discussion in 'NETGEAR AC Wireless' started by Poseidon, Sep 18, 2019.

  1. Poseidon

    Poseidon Senior Member

    Joined:
    Jul 3, 2012
    Messages:
    253
    I just purchased the R7800 router and installed Voxel's latest firmware. I''m coming from Asus routers where I have used them for the past several years and I'm trying to get accustomed to the Netgear GUI and settings.

    1) Does Stubby and DNSCrypt-Proxy-2 come "baked in" the latest Voxel firmware?

    2) Is it recommended to use Stubby or DNSCrypt-Proxy-2?

    3) Can I get STEP-By-STEP instructions on how to install Stubby or DNSCrypt-Proxy-2?

    4) I set-up ipv6 (Cloud Flare) and I'm gettimg the following message when running an "ipv6 test":

    1. Reconfigure your firewall
    Your router or firewall is filtering ICMPv6 messages sent to your computer. An IPv6 host that cannot receive ICMP messages may encounter problems like some web pages loading partially or not at all.

    How do I fix this? Is it a settings adjustment/issue or is this not fixable???

    Thanks in advance.
     
  2. Sizzlechest

    Sizzlechest Regular Contributor

    Joined:
    Nov 30, 2017
    Messages:
    85
    Voxel and Poseidon like this.
  3. Poseidon

    Poseidon Senior Member

    Joined:
    Jul 3, 2012
    Messages:
    253
    Thanks Sizzlechest. I entered the command "
    nvram show | grep dnscrypt2" and it spits back "dnscrypt2=1"

    Does it mean that DNSCrypt-Proxy-2 is ENABLED?

    Also do I need to do anything else or is it pretty much set it and forget it?
     
  4. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,253
    Yes. After reboot of your router check that it is working. Enter to:

    https://www.perfect-privacy.com/en/tests/dns-leaktest

    it should show you the list of DNS servers you are using now. Not DNS of your ISP.

    If your DNS requests are fast enough just use it (set and forget). If not fast you may change the file /etc/dnscrypt-proxy-2.toml to setup the DNSCrypt provider close to you. Maps of locations:

    https://dnscrypt.info/map

    NOTE: your setting ("dnscrypt2=1") should be kept after flashing new firmware. But you have to restore your /etc/dnscrypt-proxy-2.toml if you changed it.

    Usually cloudflare (set by default in firmware) is fast enough.

    Voxel.
     
    Last edited: Sep 19, 2019
  5. Sizzlechest

    Sizzlechest Regular Contributor

    Joined:
    Nov 30, 2017
    Messages:
    85
    I have a thumbdrive with an autorun post-mount.sh script that edits the /etc/dnscrypt-proxy-2.toml file after it's plugged into the R7800:

    Code:
    #!/bin/sh
    
    if [ ! -f "/root/firewall-start.sh" ]
    then
      cp /tmp/mnt/$1/firewall-start.sh /root/.
    fi
    
    if [ ! -f "/root/.ssh/authorized_keys" ]
    then
      cp /tmp/mnt/$1/authorized_keys /root/.ssh/authorized_keys
    fi
    
    sed -i -r "s/^(server_names[[:space:]]*=[[:space:]]*).*/\1['cisco']/" /etc/dnscrypt-proxy-2.toml
    I use OpenDNS because it filters harmful sites, so I need to change the server list to only use cisco. The sed command does that for me.
     
    Voxel likes this.
  6. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,253
    Nice. Thanks for sharing your experience.

    I'd suggest only a slight improvement:

    Code:
    . . .
    if [ ! -f "/overlay/etc/dnscrypt-proxy-2.toml " ]; then
          sed -i -r "s/^(server_names[[:space:]]*=[[:space:]]*).*/\1['cisco']/" /etc/dnscrypt-proxy-2.toml
    fi
    
    to save internal flash memory of your router, otherwise it will write to it after every reboot.

    /overlay keeps your changes.

    It's up to you of course.

    Voxel.
     
  7. Sizzlechest

    Sizzlechest Regular Contributor

    Joined:
    Nov 30, 2017
    Messages:
    85
    I don't leave the thumbdrive in the router, but you just made me realize that I could. That way on a firmware update it could auto-install, yes?
     
  8. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,253
    Yes. Some kind of auto-restore from backup after firmware update. I was sure that you have organized this scheme exactly for this.

    Voxel.
     
  9. CrystalLattice

    CrystalLattice Regular Contributor

    Joined:
    Jan 9, 2017
    Messages:
    150
    Nobody uses this crap. this site is dead anyway!
     
  10. Sizzlechest

    Sizzlechest Regular Contributor

    Joined:
    Nov 30, 2017
    Messages:
    85
    Yes, but I would only plug it in after I upgraded the firmware, then I'd remove it after I reboot the router to ensure all the changes are active. I didn't think of just leaving the thumbdrive in there so it would do it automatically. So the only time /overlay/etc/dnscrypt-proxy-2.toml will be non-existant is right after a firmware upgrade and the USB device will be unmounted before the upgrade and remounted when it's done?
     
  11. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,253
    Yes. Until you change the file /etc/dnscrypt-proxy-2.toml after flashing new fw it will be non existent in /overlay/etc/

    USB is mounted after each reboot (including the case when new fw is flashed). And autorun post-mount.sh is executed after reboot or every time when USB is attached.

    OK, let us stop confusing topic starter. All this is out-of-topic. Welcome to P.M. or to the new thread if you wish.

    Voxel.
     
  12. Poseidon

    Poseidon Senior Member

    Joined:
    Jul 3, 2012
    Messages:
    253
    Is there a solution/fix for #4 - where ICMP is being filtered by the router when IPV6 is enabled?

    Happening with both stock and Voxels firmware. Any help in regards to this is greatly appreciated. Thanks