New firmware with built in Torrent Client

w3wilkes · ‎2014-08-27

@Richud, Now I'm not really sure what's going on with my WHS backup failures. I'm now looking at some drive pooling software I'm using on the WHS box as being a possible cause. Like I said earlier, everything else appears to be working just fine.

w3wilkes · ‎2014-08-28

I'm now starting to think the DGND3700v1 is dying. I find in the event log on my client PC's that the connection to the WHS box is dropping and not reconnecting. I've tried switching ports on the router, having clients connected through Ethernet and wireless, in any connection scenario I get dropped connections and failed reconnect. I've tried going back to stock Netgear firmware and the connection still drops. This is starting to look like when my sons DG834 died from heat exhaustion, wouldn't surprise me if heat is the cause of this too. Also starting to see some weird things on web pages that correct with a refresh. I guess it's time to start shopping!

whskerp · ‎2014-08-29

whskerp wrote:
IPSec/IKE is fine if you don't have nasty firewalls in the way elsewhere which block ports UDP 500/4500 as well as AH and ESP. OpenVPN (which is implemented on the DD-WRT routers) can run over TCP or UDP and on any port so is a lot more flexible. It is also a lot easier to configure IMHO and allows bridging or routing.

Don't spend too much time on it. I have it rolled out on Linux servers on my local LANs. I was just wondering if you might have considered adding it as a next step.

Thanks
Peter

Actually, no, IPSec is truly horrible! I've been playing with connecting the Netgear to Strongswan and although I have got it sort of working it's dreadful to set up and get working compared with OpenVPN! And far less secure. The router doesn't support AES at all.

WizP · ‎2014-09-11

I would really value OpenVPN too. Absolutely fantastic firmware. It has really give the router and new lease of life and one of the best modem routers currently available.

richud · ‎2014-09-20

whskerp, WizP,
Have added openVPN in my current test firmware - I am just fiddling about with it. I am setting default to tun (routed), default port 1194, UDP and a static key.
Are they suitable for what you need?
[you can manually alter these afterwards, but not via a webif]

WizP · ‎2014-09-22

I can give it a go and see how it works. I've only just started looking at VPN's recently so it may take me a little longer getting things up and going. Is the static Key instead of the certificate file?

richud · ‎2014-09-22

wizp: ok well since last post ive tested it locally and it all worked nicely. Yes to the key - I think the CA stuff is too complicated to implement in a way to make it easily usable. My current idea is a static key is generated when openVPN first fires up and is written to the nvram so everyone gets a unique key. (obv can then be easily changed if needed, or deleting it will cause a new one to be generated). You just need to then copy key from router to your client and then usable straight away. I just need to spend an hour with nvram idea as was an afterthought - I'll put firmware up in a few days when have finalised it. And for something irrelevant - have FTTC cabinets in my village, should be going live with VDSL soon 🙂

bulldog147 · ‎2014-09-23

Is it correct that Netgear DGND3700v1 is the same broadcom chipset on the Openreach EchoLife VER.B HG612 Modem?

Broadcom BCM6368?

whskerp · ‎2014-09-24

Hi Richud - I do have other ports in use but can change. I use a key files (client.crt/client.key/ca.crt) - can they be manually saved in the config somehow from the command line maybe? Many thanks - will have a look!

Or perhaps add the contents of each file as a NVRAM variable if that's possible (the linefeeds which normally break up the lines of PEM data are I think probably optional) - then a ca.crt and either server or client cert/key could be input from Telnet and saved with the nvram commands. Just an idea.

richud · ‎2014-09-26

whskerp: can you have a go with this build I just did and see how you get on? https://mega.co.nz/#!BFQWxD7L!6_vs4NzLzMHr-QhWRPhxl8sO5l2Bk5oHQ--8bx_f8Jw If you enable openvpn on startup in network services web page, reboot, it should fire up with defaults. If you telnet/ssh in and look at 'param show' output you can hopefully work out whats going on. (static key by default) If you could have a play with that and see how you get on that would be cool. If you then want to put your certs in /tmp/mnt/storage , alter the nvram 'openvpn_value' string to reference them, and see how that goes. [A whole ton of other bits are updated too, if anything odd occurs please let me know] Cheers.

richud · ‎2014-09-27

whskerp/WiZP - I put some brief distructions on wiki now (firmware not linked on there until you kindly test it is ok)

http://www.richud.com/wiki/DGND3700_V1_Transmission_Firmware#OpenVPN

TCP and UDP worked locally, but VPN'ing in from work I could only connect via UDP but not get data across, probably filtered?, TCP was fine though.

richud · ‎2014-09-28

hmm silence, well I decided to go for a release then, please see wiki for link! (test link wont work as fixed the WAN port isolation on LAN if using as 5th ethernet port this morning so rebuilt newer firmware)

paulmcg · ‎2014-09-28

Just installed this, seems to be OK so far, all my old settings were retained OK. I'll monitor the syslog for a while to see if there is anything unusual.

I have been noticing even in previous versions this bit of info in syslog (I'm using asl.conf on OS X 10.7.5) Just curious what it might mean..

Sep 29 07:25:13 kernel: HTB[4294967295] : quantum of class 10010 is small. Consider r2q change.
Sep 29 07:25:13 kernel: HTB[4294967295] : quantum of class 10020 is small. Consider r2q change.
Sep 29 07:25:13 kernel: HTB[4294967295] : quantum of class 10030 is small. Consider r2q change.
Sep 29 07:25:13 kernel: HTB[4294967295] : quantum of class 10040 is small. Consider r2q change.

I've not been following on the OpenVPN discussion much, I don't have a service I can try. I'm assuming its set manually in nvram,

~ # param show | grep -i vpn
vpnPolicy1=
vpnPolicy2=
vpnPolicy3=
vpnPolicy4=
vpnPolicy5=
startvpn=0
vpn_update=0
qos_rule10=VPN:0:10:2:1-1723-1723:2-1701-1701:4-1-1:
openvpn_enable=1
openvpn_state=1
openvpn_key=#
# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
openvpn_value=--proto udp --dev tun --secret /tmp/static.key --ifconfig 10.8.0.1 10.8.0.2 --keepalive 10 120 --ping-timer-rem
openvpn_port=1194

Here is what I get in syslog when I activate it:

Sep 29 07:28:02 watch.sh: Unknown[4294967295] : DEBUG(0) openvpn#enable
Sep 29 07:29:09 watch.sh: Unknown[4294967295] : DEBUG(0) openvpn#start
Sep 29 07:29:12 openvpn[2892]: Unknown[4294967295] : OpenVPN 2.3.4 mips-unknown-linux-gnu [SSL (OpenSSL)] [EPOLL] [MH] [IPv6] built on Sep 28 2014
Sep 29 07:29:12 openvpn[2892]: library versions[4294967295] : OpenSSL 1.0.2-beta3 25 Sep 2014
Sep 29 07:29:12 openvpn[2892]: Unknown[4294967295] : TUN/TAP device tun0 opened
Sep 29 07:29:12 openvpn[2892]: Unknown[4294967295] : do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 29 07:29:12 openvpn[2892]: Unknown[4294967295] : /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sep 29 07:29:12 openvpn[2896]: UDPv4 link local (bound)[4294967295] : [undef]
Sep 29 07:29:12 openvpn[2896]: UDPv4 link remote[4294967295] : [undef]

Also, I now have my connect disconnect working better in crontab, I can disable/enable both wireless and adsl in scripts, e.g.

~ # crontab -l
0 6 * * * /media/Scratch1/connect.sh start
0 23 * * * /media/Scratch1/connect.sh stop
~ # /media/Scratch1/connect.sh start

w3wilkes · ‎2014-09-28

I've had the 2014-09-28 firmware up for just over 6 hours and it seems to be fine. @Richud, can't thank you enough for all the work you've put into making this the router it should have been! A couple of nits;

The Systems Logs do not display in IE11, but work fine in Chrome.

The Windows 7 Network and Sharing Center fails to show the "full network map" (pretty unimportant, but thought I'd mention it).

In the Maintenance - Attached Devices listing it only shows the names for Windows devices (PC's) and my HP Ethernet attached printer. All Linux and Android devices just show -- in the Device Name column (the device names show fine in the negear firmware). Again, kind of a nit.

Thanks again!
W3

paulmcg · ‎2014-09-28

I'm trying to connect to a VPN server using a .ovpn file, using IP rather than DNS. It seems like that should work, but not seeming to get a new IP at all. Maybe I need to read up a bit. This is what I am seeing, with the config file having "remote 123.211.215.65 1686" and udp

/sbin/openvpn --config /media/Scratch1/vpngate_vpn889319372.opengw.net_udp_1686.ovpn  && param set openvpn_state=1 --daemon
Mon Sep 29 11:35:11 2014 OpenVPN 2.3.4 mips-unknown-linux-gnu [SSL (OpenSSL)] [EPOLL] [MH] [IPv6] built on Sep 28 2014
Mon Sep 29 11:35:11 2014 library versions: OpenSSL 1.0.2-beta3 25 Sep 2014
Mon Sep 29 11:35:11 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Sep 29 11:35:11 2014 Socket Buffers: R=[113664->131072] S=[113664->131072]
Mon Sep 29 11:35:11 2014 UDPv4 link local: [undef]
Mon Sep 29 11:35:11 2014 UDPv4 link remote: [AF_INET]123.211.215.65:1686
Mon Sep 29 11:35:11 2014 TLS: Initial packet from [AF_INET]123.211.215.65:1686, sid=89ee0c88 6cd757f3
Mon Sep 29 11:35:11 2014 VERIFY OK: depth=0, CN=uw7fh89yvc3t00tvp.net, O=h8nn6 5a0b3f, C=US
Mon Sep 29 11:35:12 2014 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Sep 29 11:35:12 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 29 11:35:12 2014 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Sep 29 11:35:12 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 29 11:35:12 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Sep 29 11:35:12 2014 [uw7fh89yvc3t00tvp.net] Peer Connection Initiated with [AF_INET]123.211.215.65:1686
Mon Sep 29 11:35:14 2014 SENT CONTROL [uw7fh89yvc3t00tvp.net]: 'PUSH_REQUEST' (status=1)
Mon Sep 29 11:35:14 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.5 10.211.1.6,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.6,redirect-gateway def1'
Mon Sep 29 11:35:14 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 29 11:35:14 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 29 11:35:14 2014 OPTIONS IMPORT: route options modified
Mon Sep 29 11:35:14 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 29 11:35:14 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 29 11:35:14 2014 ROUTE_GATEWAY 203.45.255.1
Mon Sep 29 11:35:14 2014 TUN/TAP device tun0 opened
Mon Sep 29 11:35:14 2014 TUN/TAP TX queue length set to 100
Mon Sep 29 11:35:14 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Sep 29 11:35:14 2014 /sbin/ifconfig tun0 10.211.1.5 pointopoint 10.211.1.6 mtu 1500
Mon Sep 29 11:35:14 2014 /sbin/route add -net 123.211.215.65 netmask 255.255.255.255 gw 203.45.255.1
Mon Sep 29 11:35:14 2014 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.211.1.6
Mon Sep 29 11:35:14 2014 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.211.1.6
Mon Sep 29 11:35:14 2014 Initialization Sequence Completed

I figured that since this is how its done in Ubuntu it should work. Maybe I'm not waiting long enough for a result?

paulmcg · ‎2014-09-29

I just rolled back to the DGND3700_2014-05-29_A_D.chk version and can now see all my NAS shares, which had gone missing in the newer version.

Malpd · ‎2014-09-29

NAS shares "work" but you cant access them

by work i mean torrents get downloaded and everything and if i attach the usb disk to the computer i can access it

but i cannot access it directly through the router

richud · ‎2014-09-29

Think I broke samba when I cleaned up the user/groups mess somehow...that's what happens when you rush and make your missus lamb shanks for dinner instead of doing the usual final tests! (I will have a look back through other posts tonight.)

whskerp · ‎2014-09-29

richud wrote:
whskerp:
can you have a go with this build I just did and see how you get on?
https://mega.co.nz/#!BFQWxD7L!6_vs4NzLzMHr-QhWRPhxl8sO5l2Bk5oHQ--8bx_f8Jw

If you enable openvpn on startup in network services web page, reboot, it should fire up with defaults. If you telnet/ssh in and look at 'param show' output you can hopefully work out whats going on. (static key by default)
If you could have a play with that and see how you get on that would be cool.
If you then want to put your certs in /tmp/mnt/storage , alter the nvram 'openvpn_value' string to reference them, and see how that goes.
[A whole ton of other bits are updated too, if anything odd occurs please let me know]
Cheers.

@richud
Sorry - been away for a few days and now up to my nexck at work. I'll have a look as soon as I get a chance. thanks very much for looking at this.
Peter

capricorn180 · ‎2014-09-29

Hi, just came across this the other day and just need help with the dynamic dns side of things, I'm trying to setup Namecheap service usin the 'generic' setting. Seeing a couple of posts here I've followed the instructions but it's just not updating but the var/log/messages says it is.

Here are my settings

DynDNS Service: generic
Username (or hash) : mywebsite.com
Password : big long password from the Dynamic DNS page on namecheap account domain options
Alias Hostname : mywebsite.com

Advanced options All blank except
DynDNS server name : dynamicdns.park-your-domain.com
DynDNS server URL : /update?host=www&domain=mywebsite.com&password=biglongpasswordfromnamecheapdyndnspage
Forced update Period (s) : 60

If I go ahead and put the url dynamicdns.park-your-domain.com/update?host=www&domain=mywebsite.com& in my browser it updates fine

Here's my /var/log/messages from the router I can't see any errors.


Sep 29 16:49:57 (none) user.notice watch.sh: DEBUG(0) inadynset# --dyndns_system custom@http_svr_basic_auth --username mywebsite.com --password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --alias mywebsite.com --dyndns_server_name dynamicdns.park-your-domain.co
Sep 29 16:49:57 (none) user.notice watch.sh: DEBUG(200) m --dyndns_server_url /update?host=www&domain=mywebsite.com&password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --forced_update_period 60
Sep 29 16:49:58 (none) user.warn INADYN[2806]: Mon Sep 29 16:49:58 2014: W:INADYN: IPv4 address read from cache file (/tmp/inadyn_ip.cache):  'xxx.xxx.xxx.xxx'... (my correct IP)
Sep 29 16:50:04 (none) user.warn INADYN[2806]: Mon Sep 29 16:50:04 2014: W:INADYN: IP address for alias 'mywebsite.com:auto' needs update to 'xxx.xxx.xxx.xxx'...
Sep 29 16:50:05 (none) user.warn INADYN[2806]: Mon Sep 29 16:50:05 2014: W:INADYN: Alias 'mywebsite.com' to IP 'xxx.xxx.xxx.xxx' updated successfully.
Sep 29 16:50:05 (none) user.warn INADYN[2806]: Mon Sep 29 16:50:05 2014: W:INADYN: DYNDNS Server response: HTTP/1.1 200 OK^M Cache-Control: private^M Content-Length: 417^M Content-Type: text/html^M Server: Microsoft-IIS/7.5^M Set-Cookie: ASPSESSIONIDSQCARCBB=IFEFBOCAODIOCL

So I see in the log its updated successfully, and the Server response is 200 OK, but it's not actualy updating when I see the namecheap page. But it does work when I just put the url in a browser and get

SETDNSHOSTeng00true

using 2014-05-29 version

Thanks for this amazing firmware, would love it if anyone was able to help me with this

richud · ‎2014-09-29

paulmcg: - post1, only the nvram 'openvpn' bits are relevant, the other stuff is for openswan or cruft (like the firmware, lots of nvram contents is old remnants from other routers) from your first post that all looks 'normal' - post2 Afraid you will have to fiddle and see, you know more about it than I do. Did it work just using the static key? The only thing to be careful of is using default port as that is only one open on the firewall. - post3 Fixed just now. (I broke it, sort of bug, it doesnt like using 'nobody' account as 'force user' unless nobody is root! Anyway so 'force user' is now root.) w3: cheers! -Seems IE doesnt like the object tags used to display the linked files, not sure if its security or a 'feature', if anyone wants to work out what the problem is I am happy to change the code. I didnt think anyone still used IE? :) -Thought we fixed the network map for you when found out the problem was the bug that was altering your routers share name? (LAN setup > device name, is it 'DGND3700'?) I just checked again on a win7 pc and was fine for me? -How original firmware is, it annoys me too malpd: see above, fixed now. 🙂 whkskerp: cool - also finally got that WAN/eth port sussed too, ill write something about fiddling with /proc/switch53115 ! capricorn: thanks 🙂 - I think you can omit setting a username/password/alias in the fields if using a servername/URL combo. I'd suggest just telnetting in and running inadyn-mt from the command line to test. Be quicker than doing it via web page. [I am surprised it isn't a default service option in inadyn to be honest.] Let us know how you get on.

Malpd · ‎2014-09-29

Shares working again 🙂

Nice job on the fast fix 😄

paulmcg · ‎2014-09-29

Yes, thanks for that, all my various shares and device names are visible again and samba working good.
I've modified the params

openvpn_value=--config /media/Scratch1/vpngate_vpn889319372.opengw.net_udp_1686.ovpn
openvpn_port=1686

so that if I change to run state in the GUI it loads the config file and then daemonizes it according to the script in /etc/init.d. The config file I'm using is a self contained .opvn file that has the server ca, client cert and key included. According to my syslog output it seems to "work". From the router I can see the new interface, can ping and nslookup out from the router, but not traceroute. From the computer I can ping the router, but cannot get beyond that.
What I'm really trying to do is to VPN to an anonymous proxy, since Australia is about to become one of the most restricted countries in the world. Just getting everything ready to go, but I guess I need more help.

w3wilkes · ‎2014-09-30

Yes, the network map was fixed, but seems to have fallen over in the last couple of releases, wonder if it may be the new Nexus 5 phones. Checked and it fails on the original .12NA firmware too, so the problem isn't unique to your firmware.

I've only tried the .12NA firmware for the device names in the Attached Devices list.

Yes, there are a few of us IE folks left, but we know how to use another browser when we find something that doesn't work in IE 🙂

Again, Thanks for all the work.

paulmcg · ‎2014-10-01

Still harping on about openvpn, I've been looking on the dd-wrt and openvpn sites, and they seem to be saying that you need to use the iptables command to be able to route traffic from the LAN through the VPN tunnel.
I tried a few of the commands, and it seems the version in the DGND3700 is from December 22, 2007, so a lot of the flags and functions that may be needed are not recognised, e.g.
~ # iptables -t nat -nL
iptables v1.4.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Also, do you have a command reference for /bin/nat5 ? I see that is used in your /etc/init.d/openvpn.sh script.

New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Can't get Dynamic DNS working for Namecheap

Re: Can't get Dynamic DNS working for Namecheap

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client

Re: New firmware with built in Torrent Client