Kamoj Kamoj Add-on 5.1 Beta testing poll

[kamoj]

I'm home now and can test some.

I had 2219 rules in iptables, many dupes.

Switched off bandwidth monitoring => 166 rules
I added the mutex lock and restarted => 248 rules
Restarted 10 parallell processes =>
loads of "Another app is currently holding the xtables lock. Perhaps you want to use the -w option?" and => 280 rules

Voxel mentioned something about " E.g. uClibc for R7800/R9000 do not have spawn functions (used in iptables)"
Don't know if it's important or not.
When I have power I'll try an R7800-V1.0.2.76.1SF or older to rule out that affects my bugs.

I'll report back what happens again when I understand something more.
Maybe not today then...

Sorry for trouble for everyone, but I'm grateful for all support and user attitude!
Thank you all!

 

[kamoj]

Found one bug already... Missing if-statement
Thank you for your attention and patience!

 

[R. Gerrits]

in the meantime, I tried it a bit with this code:

   iptables -nL RRDIPT | sed 's/[[:space:]]*$//' > /tmp/RRDIPT_$$.tmp
   cat /tmp/addons/ip_mac_file >>/tmp/ip_mac_tmp.txt
   cat /tmp/ip_mac_tmp.txt | sort -u | while read IP MAC
   do
      #Add iptable rules (if non existing).
      if [ -s /tmp/RRDIPT.tmp ] && ! grep -E "${IP}$" /tmp/RRDIPT.tmp >/dev/null; then
         iptables -I RRDIPT -d "${IP}" -j RETURN
         iptables -I RRDIPT -s "${IP}" -j RETURN
      fi
   done

this also seems to drastically improve the situation.
(if iptables cannot get a lock while wanting to dump the table, then the file is empty. so later only start adding entries if the file is not empty)

But still if the cronjob and net-wall firewall script incidently get started almost at the same time, then we'd still get duplicates.

 

[kamoj]

New beta available!

Changes in kamoj-addon beta version 5.3b5
-------------------------------------------------
- Bandwidth Usage: Fixed ugly bug causing Bandwidth meter to fail and iptables to become flooded by dupes.
Thank you for reporting: @Droidrat @blueliner @R. Gerrits
- AdGuard Home: Changed filter https://hosts.oisd.nl to https://abp.oisd.nl (as AdGuard Home supports ABP). @R. Gerrits

 

[kamoj]

Thx!
I'll have to look more at this later.
But for now fixed the obvious and the mutex lock.
More to come later. (Still to many calls to iptables - but the mutex manages it for now)

in the meantime, I tried it a bit with this code:

   iptables -nL RRDIPT | sed 's/[[:space:]]*$//' > /tmp/RRDIPT_$$.tmp
   cat /tmp/addons/ip_mac_file >>/tmp/ip_mac_tmp.txt
   cat /tmp/ip_mac_tmp.txt | sort -u | while read IP MAC
   do
      #Add iptable rules (if non existing).
      if [ -s /tmp/RRDIPT.tmp ] && ! grep -E "${IP}$" /tmp/RRDIPT.tmp >/dev/null; then
         iptables -I RRDIPT -d "${IP}" -j RETURN
         iptables -I RRDIPT -s "${IP}" -j RETURN
      fi
   done

this also seems to drastically improve the situation.
(if iptables cannot get a lock while wanting to dump the table, then the file is empty. so later only start adding entries if the file is not empty)

But still if the cronjob and net-wall firewall script incidently get started almost at the same time, then we'd still get duplicates.

 

[blueliner]

Hello,

As requested, I installed Voxel 1.0.4.41HF and Komoj-addon 5.3b3. I had to reinstall OpenVPN configs and had a heck of a time getting them to save...finally got one out of the four I use to work so I gave up on the others. These are all manually loaded configs, is there something that should be done other than hitting "save"?

Anyway, so far, so good...everything regarding OpenVPN / bypass appears to be working. If it stays that way through the day, I will try Kamoj-addon 5.3b4 again and report back.

Thanks,
BL

Thank you for the reports!

Can you try install todays version v. 1.0.4.41HF of Voxel's R9000 firmware, and then previous working Kamoj add-on 5.3b3?
(The changes in bypassing could hardly be the problem but quite big changes in firewall changes (for OpenVPN and Wireguard),
that are the same as in the latest Voxel release v. 1.0.4.41HF. )
(The bypassing change was only for Wireguard, not OpenVPN)

If this combo is working I must have slipped on the keyboard and apologize.
If you still have the problem, the iptables maestro himself must come to help!

For DNS issue, you can try Stubby or AdGuard Home or None.

Since my time and stamina is limited, that would be good if you could test this, I need help to help you.

 

[kamoj]

For next time:
Read Voxels readme and follow instruction to save the openvpn configuartions (.ovpn and .auth files) to an attached USB.
Then they will be reinstalled automatically after update of firmware!
Also, don't use 5.3b4 again, but try 5.3b5 instead.

Thank you so much for helping and testing and reporting!!!

Hello,

As requested, I installed Voxel 1.0.4.41HF and Komoj-addon 5.3b3. I had to reinstall OpenVPN configs and had a heck of a time getting them to save...finally got one out of the four I use to work so I gave up on the others. These are all manually loaded configs, is there something that should be done other than hitting "save"?

Anyway, so far, so good...everything regarding OpenVPN / bypass appears to be working. If it stays that way through the day, I will try Kamoj-addon 5.3b4 again and report back.

Thanks,
BL

 

[seecoolguy]

does anyone know if any of the kamoj ad filters (dnscrypt) help to block Youtube ads? if so is there a how-to to enable this feature? sorry for the nub question I'm new to voxel firmware

 

[nsx]

Hello I just upgraded to V1.0.4.41/V5.3b5 (R9000) and DNS seems to be broken when OpenVPN is active? (Stubby or DNSCrypt same problem) Is it just me?

 

[kamoj]

https://adguard.com/en/article/how-to-block-ads-on-youtube.html

does anyone know if any of the kamoj ad filters (dnscrypt) help to block Youtube ads? if so is there a how-to to enable this feature? sorry for the nub question I'm new to voxel firmware

 

[kamoj]

All ok for me on R7800. Wish I had an R9000...

Hello I just upgraded to V1.0.4.41/V5.3b5 (R9000) and DNS seems to be broken when OpenVPN is active? (Stubby or DNSCrypt same problem) Is it just me?

 

[seecoolguy]

Where is the beta area? I can't seem to find it here: https://www.voxel-firmware.com/Downloads/Voxel/html/index.html

There is unfortunately no User's Guide for the add-on.
There is some documentation in the beta download area. Read that!

Installing new Firmware will delete the add-on.
If you update the add-on, you MUST uninstall the previous one before installing the new version.

Don't be afraid of creating your own thread in this forum, there are many helpful people here!

 

[seecoolguy]

for my mac / ios I use the brave browser which has been doing a decent job, but I was thinking more in terms of blocking at the router level for smart tv's & apple tv etc.

https://adguard.com/en/article/how-to-block-ads-on-youtube.html

 

[seecoolguy]

Thanks I've updated my DNS to use AdGuard, Thanks

for my mac / ios I use the brave browser which has been doing a decent job, but I was thinking more in terms of blocking at the router level for smart tv's & apple tv etc.

 

[KW.]

Using kamoj-addon beta version 5.3b5 with Voxel latest firmware update now 1.41 on r9000.

The new addon for me is VPN bypass on wireguard. It works very good and neat.

Thanks

 

[kamoj]

I've run the 5.3b5 all night and it has been working good:

• Bandwidth usage monitor is working
• AdGuard Home is working:
  Handled: 27,199,
  Blocked by filters: 1,033,
  Blocked malware/phishing: 1,
  Blocked adult websites: 0
• No internet loss
• Number iptables stable
• No strange xtables logs
• No strange net-wall logs

So please report if you still have problems with 5.3b5!

 

[kamoj]

If you use the add-on, you can chose to use AdGuard Home in the router.
Then it's easy to switch on to filter e.g. to block the whole YouTube or Facebook among others.
(Settings: Blocked services. Allows to quickly block popular sites and services.)
But blocking of YouTube adds is another thing...

does anyone know if any of the kamoj ad filters (dnscrypt) help to block Youtube ads? if so is there a how-to to enable this feature? sorry for the nub question I'm new to voxel firmware

 

[Droidrat]

Hello @kamoj ,

Bandwidth Usage appears to be fixed in 5.3b5. Thank you! I would still like to see a notation indicating at what time the measurement began. And I'm not clear how long it can run before it reaches capacity.

My other issues (non-funtional check boxes, "show" buttons that don't show, etc) remain unchanged. The workaround outlined in https://www.snbforums.com/threads/kamoj-add-on-5-1-beta-testing-poll.62315/page-7#post-577361 still works. And when coupled with the displayed html code (from the attachment to post https://www.snbforums.com/threads/kamoj-add-on-5-1-beta-testing-poll.62315/page-8#post-581892 ; specifically, the line "top.location.href="/multi_login.html"), it seems that my functionality problem is likely due to some sort of login/authentication/user validation issue.

While I can disable the GUI timeout (thus obviating the need for additional authentication), it doesn't solve the problem and, further, when I do that the workaround no longer works.

It would seem that the code "top.location.href="/multi_login.html" might be a promising clue as to where the overall code is glitching. I would be happy to attempt an analysis, but need guidance as to where to locate this code.

 

[kamoj]

Thank you too for reporting and reminding me.

The Bandwidth usage should handle 15 digits, so max with current code would be 999,999,999,999,999, i.e. 999 TB (not tested).
I don't know your data xfer rates so you have to calculate yourself "how long it can run...".
This could be extended if many need that.

Since you are one of very few having this problem , it's difficult to fix it. And time consuming.
But I can give you some tips on where to start looking:

When GUI problem:
Log out from router, Close all router tabs (all devices), open new tab and login again.
Never keep a router form/tab open until it times out.
Always go to router BASIC page when starting, never go directly to a sub-page.
Don't use the mobile app to connect to the router.

"top.location.href="/multi_login.html" comes from Netgear secret/not-open binary code uhttpd/net-cgi that I can not change or debug.
Maybe it checks if you are trying to login from more than one device without logging out the other one?

But you should think about yourself. What is different with your setup?
Long password (63 characters have been used by some and cause severe problems).

Password containing "strange" characters. The Netgear code is full of bugs concerning this.
You should try to not use any of these characters in the password: "Non-English-characters,$,!, <, >, @, %, *,?, .,+,-,/,|,\,&,=,',",`,´"
If it starts working then add "strange" characters one by one till you find out the "bad" one.

If nothing works for you, I suggest you just don't use that part of the add-on.
Or uninstall it, and check here now and then if someone come up with a solution.

Hello @kamoj ,

Bandwidth Usage appears to be fixed in 5.3b5. Thank you! I would still like to see a notation indicating at what time the measurement began. And I'm not clear how long it can run before it reaches capacity.

My other issues (non-funtional check boxes, "show" buttons that don't show, etc) remain unchanged. The workaround outlined in https://www.snbforums.com/threads/kamoj-add-on-5-1-beta-testing-poll.62315/page-7#post-577361 still works. And when coupled with the displayed html code (from the attachment to post https://www.snbforums.com/threads/kamoj-add-on-5-1-beta-testing-poll.62315/page-8#post-581892 ; specifically, the line "top.location.href="/multi_login.html"), it seems that my functionality problem is likely due to some sort of login/authentication/user validation issue.

While I can disable the GUI timeout (thus obviating the need for additional authentication), it doesn't solve the problem and, further, when I do that the workaround no longer works.

It would seem that the code "top.location.href="/multi_login.html" might be a promising clue as to where the overall code is glitching. I would be happy to attempt an analysis, but need guidance as to where to locate this code.

 

[R. Gerrits]

also you could try using Fiddler to inspect the traffic. And then compare a request from when it still works, with a request where it doesn't.