Netgear R7800
INTRODUCTION
As on Sept 2018, started using a Netgear R7800 router
Started by connecting router, and then doing basic setup for wireless network. I used the same ssid and password as my existing wifi network, that makes it easier to switch over.
Installed Voxel's improved firmware
Currently I'm using the 54SF version.
Upgraded on 60SF version, will see how that goes.
Download the zip file from here, unzip it, and then go to administration, firmware update on router page, browse to find the file, and upload.
I did notice I needed to select the file twice before the router will go to the page to let the upload start.
TELNET
After installing new firmware, and doing basic setup stuff, like naming my devices and setting up static addresses,
go to http://routerlogin.net/debug.htm
to enable Telnet
Using a MAC, so brought up terminal and used brew to install telnet
brew install telnet
At first it didn't work. I rebooted the router, then reenabled telenet, and then it worked
But then I tried telnet again, and it didn't work (mac problem), so I rebuilt it like this
curl http://ftp.gnu.org/gnu/inetutils/inetutils-1.9.4.tar.gz -o inetutils-1.9.4.tar.gz
tar xvzf inetutils-1.9.4.tar.gz
cd inetutils-1.9.4
./configure
make
sudo make install
after that, telnet worked fine
Just type in
telenet 192.168.xxx.xxx
using the Router Ip Address
and it asks for your password
Use the same password to login to the webpage
Typing help shows this list of commands
. : [ [[ alias bg break cd chdir command continue echo eval exec
exit export false fg getopts hash help jobs kill let local pwd
read readonly return set shift source test times trap true type
ulimit umask unalias unset wait
Enabling SSH
From the telnet prompt:
1. Make /tmp/ssh directory and enter to it:
mkdir /tmp/ssh
cd /tmp/ssh
2. Generate your RSA private key using dropbear:
dropbearkey -t rsa -s 2048 -f id_dropbear
3. Output your public key:
dropbearkey -y -f id_dropbear | grep "^ssh-rsa " > id_rsa.pub
4. Create your /root/.ssh/authorized_keys file:
mkdir /root/.ssh
cat id_rsa.pub > /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
5. Convert your private dropbear key to OpenSSH format:
dropbearconvert dropbear openssh id_dropbear id_rsa
Attach a USB drive if one is not attached already:
cd /mnt
ls
My output to ls was: 1tb_NAS sda sda1
so use sda1, and copy the files to a ssh directory there
mkdir /mnt/sda1/ssh
cp /tmp/ssh/* /mnt/sda1/ssh
On my mac, I opened finder, then under shared clicked on R7800. It connects as guest. if it doesn't work click on readyshare.
Then click USB storage and you'll see the ssh folder with the keys in it.
On a PC, I opened File Explorer, when click on network on the left pane, and see if readyshare is there.
If not, right click on "this PC" in left pane.
Select Add a network location, next, Choose a custom network location
Enter this in box \\readyshare\usb_storage
hit next a few times. The ssh folder will be in usb_storage folder. But you probably can't copy the ssh files right now because of permissions
Go to the telnet terminal and change the permission for id_rsa
cd /tmp/mnt/sda1/ssh
chmod 0644 id_rsa
I also did chmod 0644 id_dropbear , but I don't think this was required, I just used the id_rsa file
Now you can copy the files from the usb stick/drive to a pc/mac/something else
Pick the PC or Mac method below.
PC
assumes you have putty installed already.
copy id_rsa from ssh folder to a folder on a pc
right click, and select open with pageant
start pageant. It starts minimized, so right click on the pageant icon, the small lower right icon, then select View Keys
Make sure the key is there, its a ssh-rsa 2048 imported openssh key. Close it.
Now right click on pageant again, and select New Session. Enter the router ip address , and type a name in saved sessions and save for the future. Putty will use the id_rsa key automatically now.
Click Open and login as root, and you should see a terminal screen with a root@R7800: prompt.
MAC
at the telnet terminal
chmod 600 id_rsa
Copy id_rsa from the netgear attached usb drive ssh folder to the .ssh folder.
.ssh is a hidden folder in /Users/your user name. I opened to finder windows, and moved the file from one to the other. On my mac, I go to the drive, when users, then my username folder, which I think is also the home folder. You need to be able to view hidden files to see the .ssh folder
If you get copy errors, try rebooting the mac. Do a "real" reboot by holding the power key down for a few seconds, then select restart or push Control+Command+Eject/Power button. I had some problems 2nd time I tried this, then restarted and all was fine.
Open a new terminal window, and type:
cd ~/.ssh
ssh -i id_rsa root@192.168.xxx.xxx
It should log in now.
After the first time, I just use the ssh -i id_rsa root@192.168.xxx.xxx command in terminal.
It complains that it can't find the id_rsa file, but connects anyway.
CLEANUP
For security, delete the files from ssh directory. Can do this in ssh since you have it working now.
cd /mnt/sda1/ssh
rm id_rsa.pub
rm id_rsa.pub
rm id_rsa
cd ..
rmdir ssh
Entware
insert a usb stick in to the 2nd slot. I had a usb hard drive in the 1st usb slot
So this procedure assumes some usb storage device in first slot, and a usb stick in the 2nd slot. Usb stick is used for temp storage.
IMPORTANT: You will need to leave the USB stick in the 2nd slot for Entware to work.
ls
Then check output, and make sure usb stick is at sdb1, or adjust the command below.
format stick, and make the name optware
mkfs.ext4 -L optware /dev/sdb1
go here
https://www.voxel-firmware.com/Downloads/Voxel/html/r7800.html
select entware folder, and download entware-cortexa15-3x-initial.tar to a pc/mac
You need to copy to the root of your stick, and can't use windows or a mac, so I did the following
remove and reinsert the usb stick from the router.
On the PC/mac, open readyshare, then USB_Storage
Copy entware-cortex-a15-3x-initial.tar.gz to USB_Storage.
Go to the router SSH window
cd /tmp/mnt/sda1
cp entware-cortex-a15-3x-initial.tar.gz ../sdb1
cd /tmp/mnt/sdb1
ls and make sure the entware file is there
extract the files
tar -xzf entware-cortex-a15-3x-initial.tar.gz
Reboot the router
reopen ssh connection to router
ls –l /opt/*
shows entware directories or symlinks (bin, usr, share, var etc.)
2) Create swap file (optional) in /mnt/sda1 or /mnt/sdb1 or /mnt/sdc1 etc.:
cd /mnt/sda1
dd if=/dev/zero of=swap bs=1024 count=1048576
mkswap swap
chmod 0600 swap
swapon swap
Reboot router again.
open ssh connection, and
opkg update
opkg upgrade
For versions 59sf and up, you may need to change the path
first check the path
echo $PATH
It should look like this, but order doesn't matter
/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin
It may be missing /opt/bin and /opt/sbin
then you can do this:
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin
To make the change permanent, install nano per below, then
nano /etc/profile
find export PATH= statement, and change to one above
Now you can install and use entwear packages
I decided to install nano
opkg install nano
You use opkg install to install any of the packages you want
Backup
open a ssh connection to the router
This assumes you have a storage device connected to sda1
cd /
tar cf /mnt/sda1/backup.tar etc/init.d/net-wan root/.ssh
last backup 9/15/18 640am
Restore saved changes after every update of firmware enabling and using telnet:
cd /
tar xf /mnt/sda1/backup.tar
reboot
Upgrading version
When I upgraded to .60sf, had these issues
SSH stopped working.
Restored backup to fix, open telnet window
cd /
tar xf /mnt/sda1/backup.tar
reboot
After router comes back up, opened mac terminal windows
cd ~/.ssh
ssh -i id_rsa root@192.168.xxx.xxx
and it worked again
Entware also stopped working, going to a version above 59 the path is not included.
I needed to add
export PATH=/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin
And it works again
DNS Crypt
connect to router through ssh or telnet terminal
1 Download the two installation packages:
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/ca-certificates_20180409_all.ipk
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk
2. Install both of them:
/bin/opkg install ca-certificates_20180409_all.ipk
/bin/opkg install dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk
3. Enable dnscrypt-proxy-2 init script (to start it automatically after reboot):
/etc/init.d/dnscrypt-proxy-2 enable
4. Reboot your router
reboot
Or to manually start
/etc/init.d/dnscrypt-proxy-2 start
Edit the configuration file
nano /etc/dnscrypt-proxy-2.toml
Find this line
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
Remove the leading #, and insert your servers from here https://dnscrypt.info/public-servers/
server_names = ['ventricle.us', 'ev-us', 'opennic-onic']
exit and save
restart
/etc/init.d/dnscrypt-proxy-2 start
go here to test https://www.perfect-privacy.com/dns-leaktest/
Stubby
This is stubby add-on for Netgear R7800 X4S running Voxel firmware.
Stubby is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
https://github.com/getdnsapi/stubby
Log into telnet or ssh terminal
Get 5 packages
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/stubby_0.2.3-1_ipq806x.ipk
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/libyaml_0.2.1-1_ipq806x.ipk
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/libunbound_1.7.3-6_ipq806x.ipk
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/getdns_1.4.2-1_ipq806x.ipk
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/ca-certificates_20180409_all.ipk
install packages
/bin/opkg install ca-certificates_20180409_all.ipk libyaml_0.2.1-1_ipq806x.ipk libunbound_1.7.3-6_ipq806x.ipk getdns_1.4.2-1_ipq806x.ipk stubby_0.2.3-1_ipq806x.ipk
enable
/etc/init.d/stubby enable
reboot router
or start the daemon manually:
/etc/init.d/stubby
Log file is /var/log/stubby.log. Check it if something is wrong.
Configuration (optional):
Currently it is configured to use Cloudflare servers (DoT). You may customize your config file:
/etc/stubby/stubby.yml
Kamoj add on
adds information to debug page . http://www.routerlogin.net/debug.htm
Start SSH or telenet connection
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/kamoj-debug-page_180920-211912-1_ipq806x.ipk
install
/bin/opkg install --force-overwrite kamoj-debug-page_180920-211912-1_ipq806x.ipk
reboot to complete installation
reboot
File Permissions
Fixing when can't move or delete files/folders
go to folder. If folder name has spaces, put in ""
Change to allow guest (or could be admin) as owner
chown guest:guest *.*
Or to change all the subdirectories in directory music_t
chown -R guest:guest music_t
Change to allow anyone to read write
chmod -R 777 music_t