Netgear R7800

Enabling SSH

From the telnet prompt:

1. Make /tmp/ssh directory and enter to it:

mkdir  /tmp/ssh

cd /tmp/ssh

2. Generate your RSA private key using dropbear:

dropbearkey -t rsa -s 2048 -f id_dropbear

3. Output your public key:

dropbearkey -y -f id_dropbear | grep "^ssh-rsa " > id_rsa.pub

4. Create your /root/.ssh/authorized_keys file:

mkdir /root/.ssh

cat id_rsa.pub > /root/.ssh/authorized_keys

chmod 0600 /root/.ssh/authorized_keys

5. Convert your private dropbear key to OpenSSH format:

dropbearconvert dropbear openssh id_dropbear id_rsa

Attach a USB drive if one is not attached already:

cd /mnt

ls

My output to ls was: 1tb_NAS sda sda1

so use sda1, and copy the files to a ssh directory there

mkdir /mnt/sda1/ssh

cp /tmp/ssh/* /mnt/sda1/ssh

On my mac, I opened finder, then under shared clicked on R7800. It connects as guest. if it doesn't work click on readyshare.

Then click USB storage and you'll see the ssh folder with the keys in it.

On a PC, I opened File Explorer, when click on network on the left pane, and see if readyshare is there.

If not, right click on "this PC" in left pane.

Select Add a network location, next, Choose a custom network location

Enter this in box \\readyshare\usb_storage

hit next a few times. The ssh folder will be in usb_storage folder. But you probably can't copy the ssh files right now because of permissions

Go to the telnet terminal and change the permission for id_rsa

cd /tmp/mnt/sda1/ssh  

chmod 0644 id_rsa  

I also did chmod 0644 id_dropbear , but I don't think this was required, I just used the id_rsa file

Now you can copy the files from the usb stick/drive to a pc/mac/something else

Pick the PC or Mac method below.

PC

assumes you have putty installed already.

copy id_rsa from ssh folder to a folder on a pc

right click, and select open with pageant

start pageant. It starts minimized, so right click on the pageant icon, the small lower right icon, then select View Keys

Make sure the key is there, its a ssh-rsa 2048 imported openssh key. Close it.

Now right click on pageant again, and select New Session. Enter the router ip address , and type a name in saved sessions and save for the future. Putty will use the id_rsa key automatically now.

Click Open and login as root, and you should see a terminal screen with a root@R7800: prompt.

MAC

at the telnet terminal

chmod 600 id_rsa  

Copy id_rsa from the netgear attached usb drive ssh folder to the .ssh folder.

.ssh is a hidden folder in /Users/your user name. I opened to finder windows, and moved the file from one to the other. On my mac, I go to the drive, when users, then my username folder, which I think is also the home folder. You need to be able to view hidden files to see the .ssh folder

If you get copy errors, try rebooting the mac. Do a "real" reboot by holding the power key down for a few seconds, then select restart or push Control+Command+Eject/Power button. I had some problems 2nd time I tried this, then restarted and all was fine.

Open a new terminal window, and type:

cd ~/.ssh

ssh -i id_rsa root@192.168.xxx.xxx

It should log in now.

After the first time, I just use the ssh -i id_rsa root@192.168.xxx.xxx command in terminal.

It complains that it can't find the id_rsa file, but connects anyway.

CLEANUP

For security, delete the files from ssh directory. Can do this in ssh since you have it working now.

cd /mnt/sda1/ssh

rm id_rsa.pub

rm id_rsa.pub

rm id_rsa

cd ..

rmdir ssh

Entware

insert a usb stick in to the 2nd slot. I had a usb hard drive in the 1st usb slot

So this procedure assumes some usb storage device in first slot, and a usb stick in the 2nd slot. Usb stick is used for temp storage.

IMPORTANT: You will need to leave the USB stick in the 2nd slot for Entware to work.

ls

Then check output, and make sure usb stick is at sdb1, or adjust the command below.

format stick, and make the name optware

mkfs.ext4 -L optware /dev/sdb1

go here

https://www.voxel-firmware.com/Downloads/Voxel/html/r7800.html

select entware folder, and download entware-cortexa15-3x-initial.tar to a pc/mac

You need to copy to the root of your stick, and can't use windows or a mac, so I did the following

remove and reinsert the usb stick from the router.

On the PC/mac, open readyshare, then USB_Storage

Copy entware-cortex-a15-3x-initial.tar.gz to USB_Storage.

Go to the router SSH window

cd /tmp/mnt/sda1

cp entware-cortex-a15-3x-initial.tar.gz ../sdb1

cd /tmp/mnt/sdb1

ls and make sure the entware file is there

extract the files

tar -xzf entware-cortex-a15-3x-initial.tar.gz

Reboot the router

reopen ssh connection to router

ls –l /opt/*

shows entware directories or symlinks (bin, usr, share, var etc.)

2) Create swap file (optional) in /mnt/sda1 or /mnt/sdb1 or /mnt/sdc1 etc.:

cd /mnt/sda1

dd if=/dev/zero of=swap bs=1024 count=1048576

mkswap swap

chmod 0600 swap

swapon swap

Reboot router again.

open ssh connection, and

opkg update

opkg upgrade

For versions 59sf and up, you may need to change the path

first check the path

echo $PATH 

It should look like this, but order doesn't matter

/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin

It may be missing /opt/bin and /opt/sbin

then you can do this:

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin

To make the change permanent, install nano per below, then

nano /etc/profile

find export PATH= statement, and change to one above

Now you can install and use entwear packages

I decided to install nano

opkg install nano

You use opkg install to install any of the packages you want

Backup

open a ssh connection to the router

This assumes you have a storage device connected to sda1

cd /

tar cf /mnt/sda1/backup.tar etc/init.d/net-wan root/.ssh

last backup 9/15/18 640am

Restore saved changes after every update of firmware enabling and using telnet:

cd /

tar xf /mnt/sda1/backup.tar

reboot

Upgrading version

When I upgraded to .60sf, had these issues

SSH stopped working.

Restored backup to fix, open telnet window

cd /

tar xf /mnt/sda1/backup.tar

reboot

After router comes back up, opened mac terminal windows

cd ~/.ssh

ssh -i id_rsa root@192.168.xxx.xxx

and it worked again

Entware also stopped working, going to a version above 59 the path is not included.

I needed to add

export PATH=/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin

And it works again

DNS Crypt

connect to router through ssh or telnet terminal

1 Download the two installation packages:

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/ca-certificates_20180409_all.ipk

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk

2. Install both of them:

/bin/opkg install ca-certificates_20180409_all.ipk

/bin/opkg install dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk

3. Enable dnscrypt-proxy-2 init script (to start it automatically after reboot):

/etc/init.d/dnscrypt-proxy-2 enable

4. Reboot your router

reboot

Or to manually start

/etc/init.d/dnscrypt-proxy-2 start

Edit the configuration file

nano /etc/dnscrypt-proxy-2.toml

Find this line

# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']

Remove the leading #, and insert your servers from here https://dnscrypt.info/public-servers/

server_names = ['ventricle.us', 'ev-us', 'opennic-onic']

exit and save

restart

/etc/init.d/dnscrypt-proxy-2 start

go here to test https://www.perfect-privacy.com/dns-leaktest/

Stubby

This is stubby add-on for Netgear R7800 X4S running Voxel firmware.

stubby read me

Stubby is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.

https://github.com/getdnsapi/stubby

Log into telnet or ssh terminal

Get 5 packages

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/stubby_0.2.3-1_ipq806x.ipk

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/libyaml_0.2.1-1_ipq806x.ipk

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/libunbound_1.7.3-6_ipq806x.ipk

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/getdns_1.4.2-1_ipq806x.ipk

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/ca-certificates_20180409_all.ipk

install packages

/bin/opkg install ca-certificates_20180409_all.ipk libyaml_0.2.1-1_ipq806x.ipk libunbound_1.7.3-6_ipq806x.ipk getdns_1.4.2-1_ipq806x.ipk stubby_0.2.3-1_ipq806x.ipk 

enable

/etc/init.d/stubby enable

reboot router

or start the daemon manually:

/etc/init.d/stubby

Log file is /var/log/stubby.log. Check it if something is wrong.

Configuration (optional):

Currently it is configured to use Cloudflare servers (DoT). You may customize your config file:

/etc/stubby/stubby.yml 

Kamoj add on

adds information to debug page . http://www.routerlogin.net/debug.htm

add on information link

Start SSH or telenet connection

wget --no-check-certificate https://www.voxel-firmware.com/Downloads/kamoj-debug-page_180920-211912-1_ipq806x.ipk

install

/bin/opkg install --force-overwrite kamoj-debug-page_180920-211912-1_ipq806x.ipk

reboot to complete installation

reboot

File Permissions

Fixing when can't move or delete files/folders

go to folder. If folder name has spaces, put in ""

Change to allow guest (or could be admin) as owner

chown guest:guest *.*

Or to change all the subdirectories in directory music_t

chown -R guest:guest music_t

Change to allow anyone to read write

chmod -R 777 music_t