Kamoj Kamoj Add-on Beta testing II

[kamoj]

Hello! Thanks for getting back to me! I may try the DNScrypt not sure yet, but will think about it for sure.

Out of curiosity and frustration of trying to get my speed back through VPN, right away I flashed back to dd-wrt (by the way forums are back up, but GUI is super slow, many many others have been having problems since the big sur 11.3 and iOS 14.5 update). So slowly I put back my 2 VPN providers, I noticed on Voxel and your add on, I was getting 50mbps via wireguard, and with dd-wrt maxing out at 100mbps, I dont know how they do it, maybe faux newer linux kernal? like they are faking it some how.

So tonight in a couple of hours, I will flash back to Voxel and your addon, very curious to do the speed test and you are right, if I can hit 100mbps with OpenVPN why not just stick with that, until my ISP can provide a higher speed like 250mbps package then ill think about wireguard, good advice. Plus when I use Voxel and your add on I do feel at home Router just feels much smoother.

Just a thought, would the R9000 since it has a newer linux kernel I'm assuming, will provide faster wireguard speeds?? R9000 is actually overkill for my needs, live in a small condo and the R7800 is perfectly fine

Yes you are right in your assumptions!
It's "all" about the kernel integration.

The R7800 runs a wireguard-go application all user space program.
I've read some R9000 user had 250 Mbps with Wireguard.
For R9000, it´s got 4 cpu cores, vs 2 for the R7800.
Wireguard is multi-threaded so it uses all cores, while OpenVPN is single-threaded.
So 120 Mbps for the R7800 single core without HW-support is incredible! Bravo @Voxel.

PS
If you want a cheap but still very good router, look at the Asus RT-AC86U.
It performs as well as the R9000 to a fraction (1/3) of the cost.

 

[jberry]

Yes you are right in your assumptions!
It's "all" about the kernel integration.

The R7800 runs a wireguard-go application all user space program.
I've read some R9000 user had 250 Mbps with Wireguard.
For R9000, it´s got 4 cpu cores, vs 2 for the R7800.
Wireguard is multi-threaded so it uses all cores, while OpenVPN is single-threaded.
So 120 Mbps for the R7800 single core without HW-support is incredible! Bravo @Voxel.

PS
If you want a cheap but still very good router, look at the Asus RT-AC86U.
It performs as well as the R9000 to a fraction (1/3) of the cost.

Ahh yes that makes sense, wireguard using all cores and OpenVPN just single core. I was able to flash back from dd-wrt to netgear stock firmware, what is weird is it kept my previous settings? then I flashed it to Router Firmware Version V1.0.2.84SF and Kamoj Add-on V5.4b28 - Installed both wireguard and open VPN for the fastest VPN that I have. Wireguard seems to hit a wall of 50mbps, where as openvpn with some tweaks, I was able to get it to hit 70mbps, I just need it to hit 100mbps (my max speed my ISP gives me). I did the Ookla speedtest within the System Information, with the add on and got "DL=15252/15252/15252, UL=7847/7847/7847 (Kbps)" which is much slower than my actual results. Will further tweak OpenVPN more I'm biased with Negear, especially since you and Voxel are working on it, so maybe get a R9000 if I can find a good deal Thanks for your help!!

 

[kamoj]

Ahh yes that makes sense, wireguard using all cores and OpenVPN just single core. I was able to flash back from dd-wrt to netgear stock firmware, what is weird is it kept my previous settings? then I flashed it to Router Firmware Version V1.0.2.84SF and Kamoj Add-on V5.4b28 - Installed both wireguard and open VPN for the fastest VPN that I have. Wireguard seems to hit a wall of 50mbps, where as openvpn with some tweaks, I was able to get it to hit 70mbps, I just need it to hit 100mbps (my max speed my ISP gives me). I did the Ookla speedtest within the System Information, with the add on and got "DL=15252/15252/15252, UL=7847/7847/7847 (Kbps)" which is much slower than my actual results. Will further tweak OpenVPN more I'm biased with Negear, especially since you and Voxel are working on it, so maybe get a R9000 if I can find a good deal Thanks for your help!!

Thank you too, I love to learn from the users!
DD-WRT/OpenWRT and NG/Voxel use different memory blocking.
(Have you tried the OpenWRT builds? They are quite promising, I must say. Kong himself is doing one of them!)

Probably Ookla have no good server near your point of exit.
You can run the Ookla test from command line "in the router", eg:

 speedtest.sh 1 auto all

 

[jberry]

Thank you too, I love to learn from the users!
DD-WRT/OpenWRT and NG/Voxel use different memory blocking.
(Have you tried the OpenWRT builds? They are quite promising, I must say. Kong himself is doing one of them!)

Probably Ookla have no good server near your point of exit.
You can run the Ookla test from command line "in the router", eg:

 speedtest.sh 1 auto all

Yes I have tried OpenWRT when the whole GUI problem happened with dd-wrt, that still alot of users are experiencing. Wireguard speeds were not as fast as dd-wrt.

Oh I was doing the speedtests while connected to a VPN, I just tried it now without no VPN, and it connected to my local ISP, getting good speeds, more than whats advertised from my ISP "Ping=6/6/6 ms, DL=109136/109136/109136, UL=11585/11585/11585 (Kbps)"

 

[Tume]

"Just a thought, would the R9000 since it has a newer linux kernel I'm assuming, will provide faster wireguard speeds??"

Yes. I have 400/100 connection.

R9000 OpenVPN

R9000 Wireguard

Both using Mullvad

 

[kamoj]

Changes in kamoj-addon beta version 5.4b29
--------------------------------------------------
- Router Information: Adguard Home: Don't count (even faulty) comments in server count. (@blueliner)
- Bandwidth Monitor: Disabled if not Router mode.
- Bandwidth Monitor: Removed duplicate entries in iptables.
- Bandwidth Monitor: Added wait-for-lock to deal with iptables error code:
"Another app is currently holding the xtables lock. Perhaps you want to use the -w option?"
- VPN Clients : Allow to switch between Wireguard and OpenVPN without manually stopping the running one first.
- OpenVPN Client : Speeded up restart when disconnected by server
- OpenVPN Client : Speeded up GUI response at start of client
- Wireguard Client : Speeded up GUI response at start of client
- Minor fixes.

 

[jberry]

"Just a thought, would the R9000 since it has a newer linux kernel I'm assuming, will provide faster wireguard speeds??"

Yes. I have 400/100 connection.

R9000 OpenVPN
View attachment 33708

R9000 Wireguard
View attachment 33709

Both using Mullvad

thank you!!! I may just get a R9000, since if my ISP offers faster internet in the future, I want to be future proof.

Changes in kamoj-addon beta version 5.4b29
--------------------------------------------------
- Router Information: Adguard Home: Don't count (even faulty) comments in server count. (@blueliner)
- Bandwidth Monitor: Disabled if not Router mode.
- Bandwidth Monitor: Removed duplicate entries in iptables.
- Bandwidth Monitor: Added wait-for-lock to deal with iptables error code:
"Another app is currently holding the xtables lock. Perhaps you want to use the -w option?"
- VPN Clients : Allow to switch between Wireguard and OpenVPN without manually stopping the running one first.
- OpenVPN Client : Speeded up restart when disconnected by server
- OpenVPN Client : Speeded up GUI response at start of client
- Wireguard Client : Speeded up GUI response at start of client
- Minor fixes.

Thanks will update soon!

 

[manup85]

Hello All,

since b28 Ram is just amazing!!

tnx Kamoj

 

[pege63]

Yes Thank you so much.

 

[foo man]

Amazing work as always kamoj! Thanks for the update, running perfectly here!

 

[kamoj]

Changes in kamoj-addon beta version 5.4b30
--------------------------------------------------
- OpenVPN Client : Reversed change of: "Speeded up restart when disconnected by server"

 

[primitivo]

Thank you @kamoj & @Voxel for your excellent work.

I have always been disappointed by R9000, so I have never had much hopes it will surprise me one day. Due to the nature of this 6 port router, DD-WRT is broken both when it comes to VLANs and most importantly broken when it comes to establish WAN PPPoE connection. So pretty much it is useless router for DD-WRT if you have PPPoE and do not intend to run it in dual-NAT mode. My main driver for years have been Asus routers with Merlin FW + Astrill applet VPN (with their optimized OpenVPN protocol called RouterPro): AC56U, AC68U, AC86U. Max OpenVPN speeds I was getting were approx 240Mbps but only thanks to RouterPro, with standard OpenVPN I had max 140Mbps.

I setup @Voxel FW some time ago already, but I have only used it in AP mode. Currently I am running: FW:V1.0.4.50HF
@kamoj was kind enough to share his latest beta addon 5.4b30 and although I have asked him for WGET, he said he does not have hosting facility.

I would like to stress something here @kamoj , few things:
1. transfer.sh allows you to add files for WGET commands downloads similar like you have posted in your initial installation post. Files are valid for 14 days only, but I can see with 5v of the addon you have used hosting facility of Voxel - so why not ask him for the same?
2. Instructions should be as clear as in your initial installation post and posted with every new thread.
3. I would skip the PM you thing, like you would be working on some NASA with aliens meeting secret project.

This will drive more users to your addons, I was a bit skeptical PMing you in first place, as the rules written to obtain your addon looks like I need to pass some technical grade, while I am just average internet user...

R9000 WireGuard Voxel FW + kamoj addon running WG I get: 488 Mbps down / 88 Mbps up.

It is maxing out my upload, while my download speed without VPN is 570Mbps. Still great result, compared to half of what I was getting on Asus AC86U with Astrill applet. The main culprit here as we all know is OVPN being single threaded.

Now I would like to ask few questions:
1. How do I make WG to start at boot? If I reboot the router, I have to manually start the WG connection...
2. I saw VPN Bypassing feature but what if I would like to route 1 device only? Is it possible to define "route only"?
3. @kamoj I wonder what is your ability to add more protocols? I would be very interested to see router performance of OpenConnect and ShadowSocks. I know OpenWRT has GUI packages of both, but unfortunately OpenWRT doesn't really have any good multi core routers to buy apart from Linksys wrt3200acm which is dual core, so that's obviously a downgrade to R9000.

 

[kamoj]

So good to see your report here with much interesting information, thank you!

I have no need to reach many users.

I plan to "soon" make an official/open release again, sure.
At the moment my health is not the best and I'm travelling too much to get the time to arrange it:
The issue with the release is the shear time it will take to write the 1st posting in the new thread;
Making snap-shots, make instructions for all levels of users, arrange the final "hosting"/downloading-site, adjust posting to the max limit 10000 characters etc
This is what holds me back at the moment.
There might be an increased demand/request for support as well, and my current situation does not allow for that.
The same goes for the PM and vague install instruction thing - I don't have the time to support all users.

There is also no rule for having some degree of technical knowledge, I would say I rather like an active community.
If you can't get it to work, or find bugs, it's all beneficial for me, and the community of users, as long as the information is shared and we learn from it.
The language barrier is also quite important to understand. It's so easy to misunderstand each other.
In all, I agree that my beta testing program is a bit awkward. I'll try be better in the future.
I'm glad you joined, and shared in a very exemplary way!

I was happy to read about your fast adaption to Voxel/Kamoj, and the amazing WG speed you got!
Can you also try the speed of the OpenVPN Client please?

To your questions:

1. Try "Restart at connection failure".
   I don't use WG myself, but others do, and I've got no report of your issue before.
   It's of course advisable to share the WG log file to find what goes wrong in your setup.
   It might be something with the PPPoE, as I have never used that either.
   If so, I advice you to delay the WG startup by setting the "Start delay at boot" in the WG Client GUI!
   I eagerly await your findings!
   
   
2. The Bypassing is by default "All devices use the VPN".
   That's the safe approach I've chosen to not expose new connected devices.
   But you can easily make all devices to bypass:
   Just click in the left "VPN Bypassing" window, press ctrl-a and click on "Move selected devices ->".
   
   
3. I don't know my true ability in these regards. But I have good news for you!
   Both OpenConnect and ShadowSocks are available from Entware:
   http://www.voxel-firmware.com/Downloads/Voxel/html/entware.html

PS
The hosting of @Voxel is provided by @vladlenas as far as I know! Thank you both generous men!!!
My add-on might be hosted at same place in the future, should they both agree to do so.

PPS
I also advice you to try out DNSCrypt with Ad-blocking, and @HELLO_wORLD s Aegis!
https://www.snbforums.com/threads/aegis-1-7-x.70761/

 

[primitivo]

@kamoj thanks for your feedback. You must be the first dev who don't care about the volume

1. Checking "Restart at connection failure" worked. Did not have to setup any "Start delay at boot".
2. I understand your approach to VPN Bypass, it does make sense obviously.
3. I understand both OpenConnect and ShadowSocks being available from Entware, but nothing really beats GUI client setup. Hence my question about your ability to add these protocols as a GUI clients.
4. I have tested OpenVPN through your addon, I am getting 112 Mbps down and 88 Mbps up on the same server (6ms latency) as I tested Wireguard before. I trust OpenVPN config takes advantage of AES-NI support which R9000 has. So we can safely assume that on WireGuard I am getting 4.5x better speeds than on OpenVPN.
5. I will check your suggestions of DNSCrypt and Ageis. Although I am not sure how does DNSCrypt help if using VPN. I thought the main advantage of DNSCrypt is when you use it without VPN to prevent your ISP from seeing DNS requests. But perhaps I got something wrong.

 

[primitivo]

@kamoj Please let me know if I can donate somehow, Paypal, VPN account, a bottle of champagne or shall we pool cash for R9000

 

[kamoj]

View attachment 33888

@kamoj Please let me know if I can donate somehow, Paypal, VPN account, a bottle of champagne or shall we pool cash for R9000

Hahaha, I never knew it could be that fast!
Congratulations!!!
Seems like the R9000 really is something - thanks to @Voxel
If you donate to Voxel I'm more than happy - thank you very much!

 

[R. Gerrits]

@kamoj thanks for your feedback. You must be the first dev who don't care about the volume

5. I will check your suggestions of DNSCrypt and Ageis. Although I am not sure how does DNSCrypt help if using VPN. I thought the main advantage of DNSCrypt is when you use it without VPN to prevent your ISP from seeing DNS requests. But perhaps I got something wrong.

With the current implementation of both Wireguard and OpenVPN, the router will still use the DNS servers that are configured on the internet settings page. -> By default this has the DNS servers from your ISP.
In this case, depending on your VPN provider, your ISP might still get the DNS requests even though you are using a VPN.

I am saying "depending on VPN provider" because some providers intercept DNS requests and redirect them to their own DNS-servers. But you'll never know for sure. And with DNScrypt, you do.
(alternatively, you could change the DNS-servers on the internet settings page so that they do not point to you ISP, but for instance to 1.1.1.1 / 1.0.0.1)

 

[primitivo]

@R. Gerrits Thank you for explanation. I never use the ISP DNS by default, always either Cloudflare or OpenDNS setup on the WAN DNS page. Question is if there is any other benefit of DNScrypt, does it make sense to setup e.g. OpenDNS servers on router WAN page + OpenDNS DNScrypt ? I see this a bit pointless, but correct me if I am wrong.

@kamoj I came across first issue with running Wireguard. I have a dedicated IP setup on one of the VPN provider and on R9000 Wireguard client. The moment I connect through the VPN providers apps to this dedicated IP - it disconnects / terminate the other dedicated IP session (in this case R9000). So in other words I know how to break Wireguard connection. So I broke it to see how will the addon behave.

The thing is that despite the Wireguard connection has been broken, there is absolutely no information about it in the wireguard logs and the Wireguard client still thinks the connection is active by showing green status symbol. The internet setup page of the router confirms no internet being available. This is also a strange behaviour, because as you can see in the connection status I am "connected". Perhaps the reason why it shows this error, is because the whole router has been routed through WG client - this would make sense I guess. The Wireguard client doesn't have killswitch turned on, so it should simply stop working and normal WAN connection should be used from the ISP. However nothing works instead, until I manually untick the green checkbox to disconnect Wireguard client, then ISP internet is back.

Can you confirm this is a bug with the way addon works? Do you see any resolution of it? Perhaps adding "ping IP every X seconds" would help the addon to establish if the connection is still alive or not?

 

[sppmaster]

I get this screen at the moment

While the latest Voxel is V1.0.2.85SF

 

[sppmaster]

Several other things that I was able to try at last (considering the router has been quite busy during the pandemic isolation and online time spent).
I've tried the Wake-On-LAN option but it doesn't work with my desktop computer. I've used the computer MAC address (I used xx:xx:xx:xx:xx:xx format) and * but neither worked. I use this small utility http://magicpacket.free.fr/ to monitor if the magic WOL packet is properly received on the target machine.

I do not receive it using the WOL option from the add-on. I've always had WOL working with my older OpenWRT router so my BIOS, OS and network settings are correct.
.

I've tried the option Unrestricted Port Forwarding hoping it will let me forward traffic to the router LAN address (192.168.1.1) when I've tried to SSH to the router Dropbear server from WAN.

I've set the router options too but I cannot establish SSH connection to the router. The router does accept the Port Forwarding rule to 192.168.1.1 to be set but connection from WAN is not possible.

Another glitch I experience is that when I uninstall the add-on without turning off DNSCrypt I don't have Internet access after restart. I have to install the add-on again (same or newer version) in order to restore the Internet access.