Kamoj Kamoj Addon 5.5 Beta for Netgear R7800/R8900/R9000 with Voxel FW

kamoj

Very Senior Member
I make beta versions of the next kamoj add-on.

The 5.5 beta has a lot more functions than the 5.0 beta and 5.4 betas.
The objective is to in the near future make an official release!

But first I need some voluntary testers to find serious bugs.
I can e.g. not test R9000 or Wireguard, so those testers are most wanted,
but anyone is welcome to test 5.5 beta.

To be a beta tester of this hobby project includes that you must be active;
as tester reporting success/error, and in the SNB forum.
Are you willing to give feedback, and contribute to the community?

In the SNB forum, please be polite and press "Like" on the postings you like.
,

N.B: Voxel firmware is a pre-requisite, not an option!

If you want to test betas you must apply by sending me a PM (Private Message)
after reading and accepting this, and tell me something about yourself and your router(s).


Examples of things you can tell me:
Report your experience directly to me, or in the forum, so that we together can
find bugs and introduce new functions.

What router do you have?

What is your level of router/networking knowledge?
How you got to know about the addon-on?

How long have you used Voxel firmware?
What are your expectations?
In what way do think can you help in the beta program?

Wishing you a good experience of the add-on!

This is a continuation of:
https://www.snbforums.com/threads/kamoj-add-on-beta-testing-ii.72238/
https://www.snbforums.com/threads/kamoj-add-on-beta-testing.67375/
https://www.snbforums.com/threads/kamoj-add-on-v5-for-netgear-r7800-x4s-and-r9000-x10.60590/
 

kamoj

Very Senior Member
Changes in kamoj-addon beta version 2021-12-29 5.5b12
---------------------------------------------------------------
There has been long time since last release, and many many changes has been done
to the add-on. Main focus have been on supervision of brwan and vpn device
simultaneously, stability, bug fixes and speed up.
A completely new menu is added: Supervision
I may have missed to list some changes here.

Thank you all contributors for reports and suggestions and cheering!

- Router Information: Fixed date of "New Voxel Release" (Was always today...)
- Router Information: Show "New Voxel SnapShot Release"
- Router Information: Changed to show full kamoj version (including date)
- Router Information: Added "QoS Information" for R9000 (@danlat1415)
- Router Information: MTD Flash Usage: Check flash chip at every boot. (@sppmaster)
- Router Information: Added: "5G Speed". Also Max speed (Since boot)
- Router Information: Added: "2G Speed". Also Max speed (Since boot)
- Router Information: Added: "OpenVPN Client Speed". Added Max speed (Since boot) and Max speed Ever.
- Router Information: OpenVPN Client Status: Improved "down" detection.
- Router Information: Added: "Wireguard Client Speed". Added Max speed (Since boot) and Max speed Ever.
- Router Information: Wireguard Client Status: Improved "down" detection.
- Router Information: Added: "Iptables Information"
- Router Information: NTP synchronized: Reworked with more information at failure.
- Router Information: DNS status: Changed to test all servers (nvram get kamoj_ping_www).
- Router Information: Internet connection status: Changed to test all servers (nvram get kamoj_ping_ip).
- Router Information: Added: "WAN Speed". Added Max speed (Since boot) and Max speed Ever.
- System Information: Added: upnp info
- System Information: Voxel release info: Added date for releases.
- System Information: flash info: Added: Help button + More info: (URL collection) (@sppmaster)
- System Information: R9000: Fixed dmesg log to work when not using 60 GHz 802.11ad. (Netgear fault in /sbin/11ad_linkloss_wd.sh)
Note that dmesg log will be full of this message (2 every 5 sec) (from wil6210.ko), unless 60 GHz 802.11ad is Enabled...:
"wil6210 0003:01:00.0 wlan0: WMI: cannot send command while FW not ready"
and this message:
"wlan0: WMI size too large: 28 bytes, max is 0"
They are filtered in the add-on System Information, but floods the real dmesg log.
Really, really dirty Netgear code that has been hidden by deleting the dmesg log every 1 second!
- System Information: Fixed to be on after reboot: net-wall Log
- System Information: Changed "NTP Synch" to "Startup and time synchronization" and added more details.
- OpenVPN Client: ExpressVPN removed from pre-configured providers.
- OpenVPN Client: VPN tunnel Status: Improved "down" detection.
- OpenVPN Client: Added "Restart at DNS failure".
- Wireguard Client: VPN tunnel Status: Improved "down" detection. (@jberry, @primitivo, @blueliner)
- Wireguard Client: Added "Restart at DNS failure".
- Wireguard Client: Added handling of "MTU = " in [Interface] part of the configuration (@jberry).
- Settings: Rewritten "Show idle devices in device lists" to lower cpu usage
- Settings: Added: Congestion Control: htcp (@Voxel)
- Settings: Added: Set functions on / off: Disable dnsmasq in AP mode. (@Voxel, @NetBytes, @xinoup)
- Settings: Bandwidth usage default changed to OFF
- Settings 2: Changed text to indicate that a USB-device is recommended not required. (@primitivo)
- DNS Privacy/Ad-Blocking: Updated AdGuard Home configuration file to v0.107.0
- VPN Bypassing: Corrected bug that made IP's ending with only 1-2 digit(s) in the last octet to refuse being moved.
- VPN Bypassing: Corrected bug that made some IP's appear more than once.
- Shorter Add-on start up time.
- R9000 Stability improved, not so many Internet disconnections.
(Both R7800 and R9000 write logs to /var/log/messages, like this once every 2:37:30 (Once every 9450 second):
[Internet connected] IP address: xxx.xxx.xxx.xxx, Tuesday, December 28, 2021 19:13:04
There is no corresponding [Internet disconnected], and connection has never been down.
Does anyone know what is the cause of these logs? @Voxel @HELLO_wORLD @R. Gerrits ? )
- kamoj_fast_openvpn_supervision: removed, replaced by:
- addon_supervision.sh: Added.
- nvram variable name: kamoj_fast_openvpn_supervision changed to: kamoj_supervision
- Kamoj Menu: Added: Supervision menu.
Finally a GUI from where you can control most of the settings
for supervision, restart and logging, and some other things like ping/traceroute/download timeouts.
This new supervision is performed in a more efficient way to faster detect errors.
When a restart/reboot is needed, it will be logged as e.g:
[SUPERVISION] 2021-09-19 16:24:09 4772.27 addon_supervision.sh 6514: RESTART: openvpn 6 Cpu load: 4.1 %. Processes: 80. Threads: 180. iptables: ipv4 rules: 154. ipv6 rules: 15. System Load Average: 1.23 1.17 0.98. brwan: Rx: 7.671 KB/s, Tx: 6.342 KB/s. tun21: Rx: 4.370 KB/s, Tx: 2.537 KB/s.
If highs cpu load is detected, an alternative timeout can be used to not make false false disconnection detection.
If highs cpu load is detected, the log can also include the
the top cpu hogs, kernel stack backtrace, and the end of the message-log.
If this function is used, the new supervision supervises (and restarts if so enabled):
Code:
     SUPERVISION:
        A cron job supervises the Supervision Daemon itself.
     DNS:
        dnsmasq
        dnscrypt2
        stubby
        adguard
     VPN:
        openvpn_client     (Internet and DNS)
        wireguard_client   (Internet and DNS)
     IPTABLES:
     IPV6:
     NSS - Network SubSystem Accelerator:
     WiFi:
     CONNECTION:
        internet connection (With options of restart of net-wall and net-lan)
        dhcp gateway connection
     PING / TRACEROUTE SETTINGS:
        Max allowed time for each ping/traceroute test
        Alternative timeout when high cpu/kernel load
        IP address(s) for supervision
        URL address(s) for supervision
     LOGGING SELECTION:  
        Many different logs can be selected
     DOWNLOAD SETTINGS:
        Max allowed connect time for downloading of a file
        Max allowed time for the download of a file
- System Information: Ookla Speed Test, test next server if first gives bad result! (@LSM)
- addon_bwusage and addon_bypassvpn:
Corrected atomic lock function
- timeout command changed to not output result as a string
- renamed adblocking.sh to addon_adblocking.sh
- renamed adguard_home.sh to addon_adguard.sh
- renamed congestion_control.sh to addon_congestion_control.sh
- renamed hdd_spindown.sh addon_hdd_spindown.sh
- renamed kamoj_bugfix.sh addon_lib_bugfix.sh
- removed usr/bin/ping_guard.sh
- removed/replaced nvram parameters, e.g.:
kamoj_download_timeout
kamoj_restart_long_ping_timeout (replaced by kamoj_restart_timeout at boot)
kamoj_ping_guard
- Fixed hang/very long wait before timeout of GUI for these Settings:
Disable Router GUI timeout
Disable RAE Analytics
Disable ReadyCLOUD
Enable opt out at: Router Analytics Data Collection form
Enable Telnet after boot
Antenna LEDS off
Disable WPS button
Save the system logs to USB
- Changed max size of log-files from 10 MB to 1 MB (+ 1 MB backup)
- Changed to a single md5 file for all ipks etc
- FAQ.txt updated.
- readme.txt updated.

Changes in kamoj-addon beta version 2021-12-29 5.5b1 -11
---------------------------------------------------------------
- Not released to any beta testers.

Changes in kamoj-addon beta version 2021-09-26 5.4b36
---------------------------------------------------------------
- Not released to any beta testers.
- addon_ping_guard.sh: Changed to test all servers (nvram get kamoj_ping_ip) in parallel.
To use addon_ping_guard.sh : nvram set kamoj_ping_guard=1;nvram commit;reboot
Log to: /var/log/ping_guard.log
WARNING: Not tested with R9000.
WARNING: Use addon_supervision, unless you need the extensive logging.
- Other fixes.
 
Last edited:

n1llam1

Regular Contributor
Kudos @kamoj! Your continued support is much appreciated.

The upgrade to 5.5b12 went smoothly without any issue on both my R7800 devices (1 in router mode, 1 in AP mode).

R7800 Router: V1.0.2.90SF (2021-12-10) (Voxel). Kamoj Add-on:211229-162625-5.5b12. Aegis:1.7.12. AdGuard Home, version v0.107.1

R7800 AP: V1.0.2.90SF (2021-12-10) (Voxel). Kamoj Add-on:211229-162625-5.5b12

Thanks again. Enjoy the holidays and happy new year!
 

KW.

Regular Contributor
Been toying around a bit with my r9000. Done about 5 reboots to try to make it fail. So far everything is working very good. Time will tell if i get the drop outs with wireguard after more uptime. Im unhealthy obsessed with wireguard for some reason. Maybe it's cause its the only function i really understand.
Well well.
With Dns:crypt, adblocks and wireguard everything has been running really fine. Im also happy with the the information the addon gives me! I've maxed out supervision and so on. This feels like a super update. My problems before have been that wireguard suddenly got unstable. Time will tell if it is fixed, but I got a feeling that it is. Before I got some problems after a reboot. That explains my testing with around five reboots, and they have not given me any problems.

PS: my only spoiled nagging is that wireguard do not start automatically after a reboot. But its not on the addon, it dont autostart without it ether. In the first days of Voxel and Kamoj it did. I still miss those glory days (kidding, the add-on have seen tremendous growth) Im impressed.

Thank you so much!
 

primitivo

Senior Member
PS: my only spoiled nagging is that wireguard do not start automatically after a reboot. But its not on the addon, it dont autostart without it ether. In the first days of Voxel and Kamoj it did. I still miss those glory days (kidding, the add-on have seen tremendous growth) Im impressed.
I have finally upgraded both Voxel to V1.0.4.56HF (from V1.0.4.55HF) and Kamoj from 5.4b35 to 5.5b12.
WG doesn't start for me either on R9000 after reboot. It was working properly and reconnecting after reboot on 5.4b35. I do have "Restart at connection failure" checked.

@kamoj any idea why?

Edit: I have added 15s "start delay at boot" in Wireguard Client settings and it works properly now after reboot.

Edit 2: Kamoj, why can't you test Wireguard I wonder?

Edit 3: It is not "start delay at boot" that fixed my Wireguard autostart on reboot. There is old bug, where you have to go to OpenVPN Client, enable (click on the red square to make it green) and disable (to make the square red) the client (I know it doesn't make sense) and it will fix Wireguard. @kamoj can you fix it in the next release?
 
Last edited:

KW.

Regular Contributor
Edit 3: It is not "start delay at boot" that fixed my Wireguard autostart on reboot. There is old bug, where you have to go to OpenVPN Client, enable (click on the red square to make it green) and disable (to make the square red) the client (I know it doesn't make sense) and it will fix Wireguard. @kamoj can you fix it in the next release?
Well that worked! Fantastic now all is perfect!
 

jberry

Occasional Visitor
Edit 3: It is not "start delay at boot" that fixed my Wireguard autostart on reboot. There is old bug, where you have to go to OpenVPN Client, enable (click on the red square to make it green) and disable (to make the square red) the client (I know it doesn't make sense) and it will fix Wireguard. @kamoj can you fix it in the next release?
I think I discovered this last released when the OpenVPN client was always green check marked with no config file even there, yes old bug. I will update to this Kamoj version 5.5 soon on my R9000 and test both OpenVPN and WireGuard
 

jberry

Occasional Visitor
Using Router Firmware Version (Voxel) V1.0.4.56HF and Kamoj Add-on V5.5b12 on Netgear R9000. WireGuard interface when connecting, and also reconnecting to get a better ping, seems faster :) Like there isn't a delay anymore when re starting the filewall. I do see the "Warning: Changing MTU from 1412 to 1340 as stated in [Interface]" so its working fine :) Did a reboot (after clicking the green check mark in the openvpn client to make it red), wireguard automatically connects successfully after rebooting the router many times, I do have the delay set to 3 seconds.
 

jrbmw

Regular Contributor
Thanks for latest update @Kamoj.Smooth update and running well.Is there a reason why express vpn config has been removed ?

Regards
 

Panner

Occasional Visitor
@kamoj

Thanks for the updated version. Your work is much appreciated

Updated both R9000 (Voxel V1.0.4.56F) & R7800 (AP mode) (Voxel 1.0.2.90SF) –.

No problems with R7800 in AP mode

On the R9000 both Wireguard and OpenVPN show no VPN on the VPN tunnel status (red shield) with cyclic status on. In router info, states no wg0 (wireguard) or no tun21 (OpenVPN). Both logs show connecting OK

However, both seem to be connected to their VPN servers as my IP address changes to the VPN address and everything works.

Have removed and reinstalled the addon and rebooted several times

Wireguard restarting after reboot but only after the suggested turning on and off OpenVPN before restarting Wireguard.

Extract from wireguard session log:
2021-12-30 09:56:07 48.76 [WireGuard] Client rc.common 20322: Information: Check that all needed data exist in the configuration
2021-12-30 09:56:07 48.76 [WireGuard] Client rc.common 20322: Information: Starting WireGuard client: /etc/wireguard/config/client/Windscribe-Manchester
2021-12-30 09:56:07 48.77 [WireGuard] Client rc.common 20322: Information: IP of EndPoint man-126-wg.whiskergalaxy.com is 89.44.201.100.
2021-12-30 09:56:07 48.78 [WireGuard] Client rc.common 20322: Information: For R9000: Install the kernel module
2021-12-30 09:56:07 48.82 [WireGuard] Client rc.common 20322: Information: Start the program / Add a new interface
2021-12-30 09:56:07 48.83 [WireGuard] Client rc.common 20322: Information: Assign an IP address and peer
2021-12-30 09:56:07 48.84 [WireGuard] Client rc.common 20322: Information: Configure the interface
2021-12-30 09:56:07 48.85 [WireGuard] Client rc.common 20322: Information: Set config file for wg0 interface
2021-12-30 09:56:07 49.02 [WireGuard] Client rc.common 20322: Information: Activate the interface
2021-12-30 09:56:07 49.03 [WireGuard] Client rc.common 20322: Information: Check that the wg0 interface is available
2021-12-30 09:56:07 49.04 [WireGuard] Client rc.common 20322: Information: Overriding The Default Route
2021-12-30 09:56:07 49.05 [WireGuard] Client rc.common 20322: Information: adding route 89.XX.XXX.XXX via 192.168.1.1
2021-12-30 09:56:07 49.06 [WireGuard] Client rc.common 20322: Information: adding route 0/1 dev wg0
2021-12-30 09:56:07 49.06 [WireGuard] Client rc.common 20322: Information: adding route 128/1 dev wg0
2021-12-30 09:56:07 49.07 [WireGuard] Client rc.common 20322: Information: If configured, set killswitch for WireGuard client.
2021-12-30 09:56:07 49.08 [WireGuard] Client rc.common 20322: Information: kill_switch
2021-12-30 09:56:07 49.10 [WireGuard] Client rc.common 20322: Information: Restart firewall to apply iptables rules for WireGuard client.
2021-12-30 09:56:09 51.64 [WireGuard] Client rc.common 20322: Starting Firewall...
Done!
2021-12-30 09:56:09 51.65 [WireGuard] Client rc.common 20322: Information: Optimize network settings
2021-12-30 09:56:09 51.66 [WireGuard] Client rc.common 20322: Information: Show processes
2021-12-30 09:56:09 51.68 [WireGuard] Client rc.common 20322: 20941 root SW< [wg-crypt-wg0]
2021-12-30 09:56:09 51.68 [WireGuard] Client rc.common 20322: Information: Show Wireguard status
2021-12-30 09:56:09 51.69 [WireGuard] Client rc.common 20322: interface: wg0
public key: XXXXXXXXXXXXXXXXX…….
private key: (hidden)
listening port: 34000

peer: XXXXXXXXXXXXXXXXX…….
preshared key: (hidden)
endpoint: 89.XX.XXX.XXX:443
allowed ips: 0.0.0.0/0
latest handshake: 1 second ago
transfer: 6.13 KiB received, 3.97 KiB sent
2021-12-30 09:56:09 51.70 [WireGuard] Client rc.common 20322: Information: ip route after starting wireguard
2021-12-30 09:56:10 51.70 [WireGuard] Client rc.common 20322:
0.0.0.0/1 dev wg0 scope link
default via 192.168.1.1 dev brwan
89.XX.XXX.XXX via 192.168.1.1 dev brwan
128.0.0.0/1 dev wg0 scope link
192.168.1.0/24 dev brwan proto kernel scope link src 192.168.1.110
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.1
239.0.0.0/8 dev br0 scope link
2021-12-30 09:56:10 51.71 [WireGuard] Client rc.common 20322: Information: Show ping time and to see if DNS is working
2021-12-30 09:56:10 51.90 [WireGuard] Client rc.common 20322: Information: PING a.root-servers.net (198.41.0.4): 56 data bytes 64 bytes from 198.41.0.4: icmp_seq=0 ttl=53 time=89.7 ms
2021-12-30 09:56:10 52.06 [WireGuard] Client rc.common 20322: Information: Wireguard Client completed start sequence
2021-12-30 09:56:10 52.07 [WireGuard] Client rc.common 20322: =============================================================

Regards
 

stern67

New Around Here
Thanks Kamoj!
I've upgraded the addon from 5.4b35 to 5.5.12 without any problems. My configuration is R7800, 1.0.2.90SF, aegis 1.7.12, adguard 0.108.
The only "bug" I've found so far is cosmetic - It doesn't show aegis version in Router Info, instead it shows in red "New Aegis Release:version...", however Sys Info shows Aegis release info.

Happy New Year!
 

kamoj

Very Senior Member
PS: my only spoiled nagging is that wireguard do not start automatically after a reboot. But its not on the addon, it dont autostart without it ether. In the first days of Voxel and Kamoj it did. I still miss those glory days (kidding, the add-on have seen tremendous growth) Im impressed.
Edit 3: It is not "start delay at boot" that fixed my Wireguard autostart on reboot. There is old bug, where you have to go to OpenVPN Client, enable (click on the red square to make it green) and disable (to make the square red) the client (I know it doesn't make sense) and it will fix Wireguard.
Did a reboot (after clicking the green check mark in the openvpn client to make it red), wireguard automatically connects successfully after rebooting the router many times, I do have the delay set to 3 seconds.
Wireguard restarting after reboot but only after the suggested turning on and off OpenVPN before restarting Wireguard.
Yes, it's an old bug. I confess. It's even described in the 5.4b34 release notes, together with the fix to on/off OpenVPN...
It's a mix of issues when getting clean from Voxel e.g. A part of the problem is Voxels strange handling on how to on/off the OpenVPN Client.
For Wireguard there is just a parameter in nvram, but for OpenVPN you have to create/delete files and directories.

The biggest part of the problem is that I seldom use Wireguard,
I don't run Wireguard because it's slower than OpenVPN on my R7800.

I'll make a try to make a fix tomorrow as New Years gift to you all.
It's so good we have these fantastic brave beta testers.
Thank you all!
 
Last edited:

kamoj

Very Senior Member
Thanks Kamoj!
I've upgraded the addon from 5.4b35 to 5.5.12 without any problems. My configuration is R7800, 1.0.2.90SF, aegis 1.7.12, adguard 0.108.
The only "bug" I've found so far is cosmetic - It doesn't show aegis version in Router Info, instead it shows in red "New Aegis Release:version...", however Sys Info shows Aegis release info.

Happy New Year!
Thx for the report. You must have Aegis installed for it to work in Router Information.
If you have that, please try again, and/or to extend the download timeout parameters...
 
  • Like
Reactions: KW.

kamoj

Very Senior Member
Thanks for latest update @Kamoj.Smooth update and running well.Is there a reason why express vpn config has been removed ?

Regards
Yes, I don't have Express VPN, and they don't publish a list of their servers or configuration files.
After my "secret" source has stopped providing Express VPN info, the add-on can not automatically retrieve it and calculate fastest servers etc as before.
It's Express VPN to blame...
But you can still use the add-on with Express VPN of course. Just Copy and paste your configurations into the add-on!
 

jrbmw

Regular Contributor
Yes, I don't have Express VPN, and they don't publish a list of their servers or configuration files.
After my "secret" source has stopped providing Express VPN info, the add-on can not automatically retrieve it and calculate fastest servers etc as before.
It's Express VPN to blame...
But you can still use the add-on with Express VPN of course. Just Copy and paste your configurations into the add-on!
@kamoj Tried manual config and doesent work.If you require any help as before ... Im willing

Regards
 

Attachments

  • vpn not work.txt
    1.7 KB · Views: 44

kamoj

Very Senior Member
@kamoj Tried manual config and doesent work.If you require any help as before ... Im willing

Regards
  1. Go to the Kamoj Addon: "OpenVPN Client" menu.
  2. Locate "Create/Edit an OpenVPN Client Configuration manually",
  3. and select "uk-east-london-ca-version-2.expressnetw.com-1195.ovpn" from the drop-box,
  4. and click "Read configuration".
  5. Fill in "User Identity/Name" and "Password".
  6. Click on "Create/Save VPN configuration".
  7. Locate "Select and Run OpenVPN Client Configuration",
  8. and select "uk-east-london-ca-version-2.expressnetw.com-1195.ovpn" from the drop-box,
  9. and click the green "Start VPN with this" button.
Your connection should be ok within 20 seconds or so.
Check the logs, and provide to me if it's still not working for you.
PS
Your configurations are not lost when you update the kamoj addon.
You can insert a USB-stick in the router and get automatic backup/restore.
"OpenVPN Client - General settings" + "Synchronize configurations with USB-device"
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top