2021-08-06 Kamoj Add-on FAQ - FREQUENTLY ASKED QUESTIONS: Section 1: Adguard Home FAQ for R7800 and R9000 Section 2: WIREGUARD FAQ/support for R7800 and R9000 Section 3: General FAQs for R7800/R900 and Kamoj Add-on ********************************************* * Adguard Home for R7800 and R9000 * ********************************************* Q: What is Adguard Home A: AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network. (https://adguard.com/en/adguard-home/overview.html) Q: Is Adguard Home associated with Adguard (as for Windows, Android, iPhone etc) A: Yes, it's from the same company and the same protection Q: Does it cost anything? A: No, It's free for integration into your router! Q: How do I install it? A: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Install Q: How do I start it? A: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home Q: How do I control it, set protection and view statistics etc? A: Kamoj Menu: Adguard Home (This menu choice is only available after you have started it!) Q: Can I run encrypted DNS requests? A: Yes, both DoH, DoT and DNSCrypt2 are supported Q: Can I run it simultaneously with DNSCrypt Proxy v2 or Stubby? A: No Q: Is this better than Kamoj's Dnscrypt 2 Ad-Blocking? A: It's definitely looking better and easier to understand and with very many more options. It might not be so fast though. Q: What features does it have that the Kamoj's Dnscrypt 2 Ad-Blocking does not? A: Easy choice of many things: - Profiles/Different blocking per device (Settings, Client Settings) - One click functions to block YouTube, WhatsApp and many more (Settings, General Settings) - Support for personal White Lists/Black Lists (Filters) Q: Where can I find any information about the running Adguard Home? A: Kamoj Menu: Router Information A: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home Q: How to update Adguard Home? A: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Download Latest Version To use it: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Install Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home The block lists and filters etc are automatically updated Q: How do I backup the Adguard Home configuration? A: Insert a working USB device in the router Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Backup config to USB (A directory AdGuardHome will be created (if not existing) with the backup file: AdGuardHome.yaml The previous backup file (if any) will be renamed to AdGuardHome.yaml.bup) Q: How do I restore a backup of the Adguard Home configuration? A: Insert a working USB device in the router with: A directory AdGuardHome with the backup file: AdGuardHome.yaml (E.g. /mnt/sda1/AdGuardHome/AdGuardHome.yaml) The file will be copied to the router's Adguard Home persistent area. The previous configuration file will be renamed to AdGuardHome.yaml.bup Q: Is Adguard Home writing to NAND memory? A: Only the configuration file, and only when you manually save a configuration from within the program. Q: Where do Adguard Home store it files and data? A: The installation file is downloaded only on user request or first time when it does not exist. It is stored in /opt/kamoj/addons/AdGuardHome_linux_armv7.tar.gz The configuration file is stored as /opt/kamoj/addons/defaults/AdGuardHome.yaml It is changed only when you manually save it from within the program. The working files, e.g. filters, black list, statistics etc are stored in RAM: /tmp/addons/adguard_home/ The program itself is installed at boot time directly to RAM: /tmp/AdGuardHome/ Q: What is the Username and Password? A: Username: x Password: x Q: How can I change the Username and Password? A: You have to setup Adguard Home yourself Q: How can I setup Adguard Home by myself? A: - First stop Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: None - Delete the current configuration: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Erase configuration - Start Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home - Start setup program: *If you access your router through it's IP eg 192.168.1.1: Kamoj Menu: Adguard Home Setup *If you not access the router through it's IP, open: http://192.168.1.1:3000 Run the guide, it's very easy. You can select one of many available languages as well. If you are not expert, I advice you to use these values: Admin Web Interface: Listen interface: 8080 DNS server: Listen interface: 5300 After The last "Open Dashboard", close the window The following steps (Or a router reboot) are needed to get the router firewall setup: Open: http://192.168.1.1/adv_index.htm (Or what IP your router have) First stop Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: None Start Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home Close all your Netgear Genie windows (routerlogin.net, www.routerlogin.net, routerlogin.com, www.routerlogin.com) Q: Can I use dnscrypt2 servers with AdGuard Home? A: Yes Q: Where do I find DoH, DoT and DNSCrypt2 servers to use with AdGuard Home? A: https://kb.adguard.com/en/general/dns-providers Q: Where do I find dnscrypt2 servers to use with AdGuard Home? A: https://dnscrypt.info/public-servers/ Q: How do I add an dnscrypt2 server to use with AdGuard Home? A: E.g.: Find the server you want at: https://dnscrypt.info/public-servers/ Click on it's short name in the most left column. Copy the "Stamp" starting with "sdns://", and Paste it as a new own line into the AdGuard Home: Settings: DNS Settings: Upstream DNS servers Press the button "Test upstreams" to verify all your servers are working. Q: What is DNS leak? A: Check e.g. here to learn about it: https://blog.cloudflare.com/dns-encryption-explained/ https://www.dnsleaktest.com/what-is-a-dns-leak.html Q: How can I do a "DNS leak test"? A: Use one of the many links provided by the add-on: DNS Privacy/Ad-Blocking: DNS Leak Test / Privacy links. A: You can try e.g. any/some of these test sites: http://dnsleak.com/ http://www.doileak.com/ http://www.vpninsights.com/dns-leak-test https://bash.ws/dnsleak https://cmdns.dev.dns-oarc.net/ https://ipleak.net/ https://ipx.ac/run https://surfshark.com/dns-leak-test https://tenta.com/test/ https://www.astrill.com/vpn-leak-test https://www.comparitech.com/privacy-security-tools/dns-leak-test/ https://www.dnsleaktest.com/ https://www.expressvpn.com/dns-leak-test https://www.grc.com/dns/dns.htm https://www.ovpn.com/en/dns-leak-test https://www.perfect-privacy.com/en/tests/dns-leaktest Q: Am I leaking DNS requests if the tests show more than one address? A: No, that's not how it works. Learn more until you understand what a real leak is. Q: How can I find out which DNS server is the fastest for me? A: You can find info and tools in any/some of these sites: https://www.senki.org/network-operations-scaling/dns-latency-and-performance-test-tools/ https://www.ultratools.com/tools/dnsHostingSpeed https://www.grc.com/dns/benchmark.htm https://code.google.com/archive/p/namebench/ https://www.makeuseof.com/tag/find-the-fastest-dns-to-optimize-your-internet-speed-with-namebench/ Q: I want to use the latest Beta version of AdGuard Home. How to do? A: 1). Tick the check-box DNS Privacy/Ad-Blocking: Adguard Home: Use BETA version. 2). Click "Download Latest Version" 3). Wait for AdGuard Home to be downloaded and installed. May take a few minutes depending on connection. See Adguard log for installation progress/result: DNS Filter/Encryption: Adguard: ********************************************* * WIREGUARD FAQ/support for R7800 and R9000 * ********************************************* Q: Do I need to install Wireguard to my router? A: Yes, but only if you have an R7800. Voxel have already installed it in the R9000 firmware. Q: How do I install wireguard to my R7800? A: 1. Install the kamoj add-on and reboot (as always after installations, or you will get problems!) 2. Logon to router 3. ADVANCED, Kamoj Menu, Wireguard Client, WireGuard Client - General settings: Install (Check box) 4. Answer OK to the reboot question (as always after installations, or you will get problems!) 5. After the reboot you can start using Wireguard Q: How do I uninstall wireguard from my R7800? A: 1. Logon to router 2. ADVANCED, Kamoj Menu, Wireguard Client, WireGuard Client - General settings: Install (Uncheck) 3. Answer OK to the reboot question (as always after installations, or you will get problems!) Q: How do I get started with Wireguard, using the kamoj add-on? A: A short wireguard instruction: 1. You have to generate the configuration file according to your vpn/wireguard providers instructions. They are all different, and most providers have more than one way to do it. So I can not help you with this. But you don't need any special file for routers or so, any standard config file generated for you personally should be good. 2. Then open this file in a text editor and copy the contents to the kamoj add-on wireguard window, where you can read the text "Type or Paste your configuration file contents here." 3. Set a suitable name for you configuration file in the "Configuration name" box. 4. Click "Create/Save VPN configuration" to save the configuration. 5. I recommend to check 2 boxes in: "WireGuard Client - General settings": "Killswitch On" and "No Killswitch for Bypass devices" 6. Select your configuration in the "Select and Run WireGuard Client Configuration" drop-down box, and click "Start Wireguard Client with this" 7. I also recommend that you check "Cyclic Status update" at top of page, and check the log file, by "Show Session WG log" or if you like a pop-up window with color coded log: "Show last lines of the VPN log in new window". Q: I created wireguard configurations from the add-on GUI, but after reboot they are gone. Why? A: You have left an USB device in the router containing a directory named wireguard-client This will replace your router configurations with the ones on the USB device. Q: How do I import my Wireguard configuration files to the router: 1. Add your .conf files to a USB device, to a directory at the root named: wireguard-client 2. Insert the USB device in the router. It will auto mount and copy your configurations to the router. 3. Remove the USB device, or rename the directory to something else, or else all your router files will be overwritten with ones from the USB device at next mount/reboot. 4. Login via normal GUI 5. Go to ADVANCED: Kamoj Menu: Wireguard Client Q: My internet connection is lost after a reboot and wireguard/OpenVPN clients is activated. Why? A: Short answer: Update to kamoj add-on 5.2b2-1 or later. Long answer: To be able to use the "crypto protocols" Wireguard and OpenVPN, there are a number of pre-requisites. At boot time not all services are available and need to be waited for. Some of them are: Time - The cryptos are changed regularly and current time must be accurate for this to work. DNS - A working name server must function to resolve addresses like "google.com" Q: Update to kamoj add-on 5.2b2-1 or later, but I still have no internet connection after a reboot and wireguard/OpenVPN clients is activated. Why? A: You may not have an internet connection at all. A: You can also add extra start delays for Wireguard resp. OpenVPN in the add-on GUI: "Start delay at boot" Q: Where do I enter user Id and Password for my Wireguard client? A: For wireguard there is a completely new concept. There is no longer "one" configuration file that everyone can use. Now you generate your own configuration files with your own private encryption key. This key is not available to public, so the add-on can not do it. Q: How do I generate my configuration file(s) for wireguard? A: Ask you vpn/wireguard provider. Q: What does "Get all configuration files" do? A: It just re-reads the configuration directory for your files. You might have inserted a USB device with new configurations (in e.g. /mnt/sda1/wireguard-client) since you opened the wireguard window. This files are the automatically copied to the router, wireguard configuration file area. Then you use "Get all configuration files" to scan the configuration file area to find all files. Or you could simply reload the web-page! Q: I want to use a Wireguard server in my router. Is it possible? A: Yes with the R9000 it is possible. Kamoj don't have a R9000 and can not help with instructions. Please use SNB forum to search for information. Why not start a new thread for it so everyone ca benefit from it! https://www.snbforums.com/threads/wireguard-support-to-voxel-fw.59927/post-537965 https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-82sf-v-1-0-2-82-1sf-v-1-0-2-82-2sf.69449/post-673931 https://www.snbforums.com/threads/wireguard-support-to-voxel-fw.59927/post-598146 ********************************************** * General FAQs for Kamoj Add-on * ********************************************** Q: How do I know if there is a new Kamoj Add-on Beta release? A: Check https://www.snbforums.com/threads/kamoj-add-on-beta-testing-ii.72238/ A: Check the color of the Kamoj add-on version number in Router GUI top right corner. If it's red, there is another version availbale. Q: What does the "Turbo On" do? A: It depends on router. But no overclocking. R7800: It maximizes cpu affinity, frequency and governor and network offloading. Wireguard is multi-threaded so it's important to use all cpu kernels. R9000: It maximizes just network settings, offloading the router main cpu(s). I have noticed 2 degrees lower temperature for my R7800 with turbo off, but much slower performance. Q: What does the "Killswitch On" do? A: When activated, it stop all your tunneled devices from connecting to internet if the VPN goes down. Q: What does the "OpenVPN/Wireguard Client: No Killswitch for Bypass devices" do? A: When activated, it allows all your non-tunneled devices to connect to internet even if the VPN is down. Q: Can I use the "Killswitch" together with "By-passing"? A: Yes, you can let By-passing devices skip the killswitch: OpenVPN/Wireguard Client: No Killswitch for Bypass devices. This is what you normally want, i.e. devices not using the VPN tunnel, shall continue to function on internet, even if the VPN stops working/disconnects. Q: Which is faster of the Wireguard and OpenVPN Clients? A: Depends on the router: R7800: OpenVPN Client max is about 120 Mbps R9000: OpenVPN Client max is about 200+ Mbps R7800: Wireguard-go client max is about 70 Mbps R9000: Wireguard Client max is about 400+ Mbps Q: Can I use both Wireguard and OpenVPN Client? A: Yes, but only one at a time. The GUI will not allow you to run both. If you activate both manually some dirty way, only one of them will run anyhow. Q: How do I get the add-on beta into the router? A: Download to your computer and transfer it to a USB device. Insert the USB device in the router Telnet into the router and find the install file at e.g. /mnt/sda1 A: Insert a USB device in the router FTP the file to the USB device Telnet into the router and find the install file at e.g. /mnt/sda1 A: "spocko's way" (not my first choice): 1. Download the addon to my Windows PC 2. Run a tftp server on my PC, for example tftpd32: https://tftpd32.jounin.net/ 3. Point tftp server to folder where addon was downloaded 4. Telnet into router 5. Change into temporary folder: $ cd /tmp 6. Transfer addon to router using tftp: $ tftp -g -r filename ip.address.of.pc 7. Install addon per Kamoj instructions Q: How do I Telnet to the router? A: 1. Logon (From your web-browser): http://www.routerlogin.net 2. http://www.routerlogin.net/debug.htm 3. Check (Set a tick in the box for) "Enable Telnet". (No apply needed) 4. Run telnet and connect to the router: telnet routerlogin.net (or e.g. telnet 192.168.1.1) Q: How do I get Telnet on my Windows 10 computer? A: Hold down the Windows Key, then press the “R“ key. The Run dialog box appears. In the Open: window, type: pkgmgr /iu:”TelnetClient” Click OK Q: How do get a "shell" to start Telnet from, on my Windows 10 computer? A: Hold down the Windows Key, then press the “R“ key. The Run dialog box appears. In the Open: window, type: cmd Click OK Q: I can not uninstall the previous Kamoj add-on. What do I do? A: Install latest version over the previous one, and hope for the best ;-) Q: What changes are done in the add-on beta compared to the kamoj add-on 5.00 beta? A: See the release_notes.txt file at download site, and https://www.snbforums.com/threads/kamoj-add-on-v5-for-netgear-r7800-x4s-and-r9000-x10.60590/#post-532396 Q: Do I have to re-install the Kamoj Add-on when I update the firmware? A: Yes. But all Kamoj settings are kept, and restored when you install the add-on again. Q: I don't like to have Kamoj settings left. How do I remove them? A: Login to the router using telnet and issue these commands: nvram show | awk -F= '/^kamoj/ {print $1}' | xargs -n1 nvram unset; nvram commit Q: Where does the (Critical Max=75 ) °C come from for the R7800? A: It's taken from Netgear source code controlling a - non-existing - fan. I have never found a "promised" / official value for this though. Q: Which OpenVPN providers does the add-on support? A: There is no limit on this since you can add your own configuration files. But the add-on has direct support for a number of providers, giving information about server location, server load, ping times e.g. The add-on directly supports these OPENVPN providers: AzireVPN, ExpressVPN, Integrity, Mullvad, NordVPN, PrivateInternetAccess (PIA), PrivateVPN, PureVPN, SurfsharkVPN, TorGuard, VyprVPN Q: How do I use one of the built-in OpenVPN providers? A: Open the tab Kamoj Menu : OpenVPN Client Wait for some time (5+ sec) for Providers to be loaded Find the section: Create OpenVPN Client Configuration Fill in your Credentials: User Identity/Name and Password Select your "OpenVPN Provider" in the drop list "-- OpenVPN Provider --". Wait for some time (5-60 seconds) for measuring speed of all servers. Make your choice(s) from left to right, and select a server in the drop list. "Create configuration" "Start VPN" I recommend that you check "Cyclic Status update" at top of page, and check the log file, by "Show Session VPN log" or if you like a pop-up window with color coded log: "Show last lines of the VPN log in new window". I also recommend to check 3 boxes in: "OpenVPN Client - General settings": "Killswitch On", "No Killswitch for Bypass devices", "Keep Killswitch On when restarting client" and "Turbo On" Q: How can I verify if a port is open or closed? A: https://www.canyouseeme.org/ This is a free utility for remotely verifying if a port is open or closed. It is useful to users who wish to verify port forwarding, and check to see if a server is running or a firewall or ISP is blocking certain ports. Q: How can I enable port forwarding when using the VPN client? A: Tick the check-box for: VPN Bypassing: Router it-self bypass VPN Q: How can I be sure that the VPN tunnel is working for my device? A: - Go to your VPN providers home page and check. - Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip (This will show you you device's ip address as seen from internet). Q: How can I be sure that the Killswitch is working for my device? A: Switch on the Killswitch Make a not valid configuration and start OpenVPN/Wireguard Client with the bad configuration. Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you your device's ip address as seen from internet, and since you have failed to start the VPN tunnel you should NOT see any ip address at all, and you can not connect your device to internet. Q: How can I test that the No Killswitch for Bypass devices is working? A: Switch on the Killswitch Switch on No Killswitch for Bypass devices Make a not valid configuration and start OpenVPN/Wireguard Client with the bad configuration. Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you you device's ip address as seen from internet, and since you have failed to start the VPN tunnel you should NOT see any ip address at all, and you can not connect your device to internet. Now open the VPN Bypassing page. In the left green window find and select your device, and then press "Move selected devices -->". Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you your device's ip address as seen from internet, and since you have bypassed the VPN tunnel you should see your ip address from internet provider, and you can connect your device to internet. In the right reddish window find and select your device, and then press "<-- Move selected devices". Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you you device's ip address as seen from internet, and since you have failed to start the VPN tunnel you should NOT see any ip address at all, and you can not connect your device to internet. Now go to the OpenVPN Client page and start a valid working configuration to establish a VPN tunnel. Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you your device's ip address as seen from internet, and since you are using the VPN tunnel you should see your ip address from VPN provider, and you can connect your device to internet. Go to your VPN providers home page and check. Q: Do I really have to uninstall previous add-on version before installing a new one? A: If you don't remove the old add-on version before installing a new one, you may get problems. You should uninstall previous version before installing a new one, since each version has a different installer that e.g. cleans up the nvram when you uninstall. If you don't uninstall your router will be left with nvram garbage and old files, and that could eventually give unexplainable problems. Q: I want to use ssh but how do I generate and install the ssh/dropbear crypto keys? A: To simplify I have added a script to the add-on, that: - automatically generates SSH/RSA keys for ssh/dropbear. - provides automatic restore of keys after e.g. firmware update/factory reset. To use it: 1). Insert a USB device (preferred: with label/name "optware") in the router. 2). Open a router telnet/command prompt and issue command: ssh_keys_install.sh 3). Then just follow the instructions Q: How do I login to the router using WinSCP and my installed ssh/dropbear crypto keys? A: Follow these steps: - Install WinSCP (https://winscp.net) - Start WinSCP - New Site - File protocol: SCP - Host name: 192.168.1.1 Port number: 22 - User name: root Password: - Advanced... - Environment: Directories: Remember last used directory: Check - Environment: Directories: Remote directory: / - Environment: Directories: Local directory: - Environment: SCP/Shell: Shell: /bin/sh - SSH: Authentication: Private key file: C:\ssh\private_openssh_key.ppk - OK - Save, Name: SCP 192.168.1.1 SSH KEYS - OK - Login Q: How do I login to the router using WinSCP and Username & Password? A: Follow these steps: - Kamoj Menu: Settings: Set some functions on / off: Allow SSH login with Username & Password: Check - Start WinSCP - New Site - File protocol: SCP - Host name: 192.168.1.1 Port number: 22 - User name: admin Password: - Advanced: - Environment: Directories: Remember last used directory: Check - Environment: Directories: Remote directory: / - Environment: Directories: Local directory: - Environment: SCP/Shell: Shell: /bin/sh - Connection: Tunnel: Connect through SSH tunnel: Check - Connection: Tunnel: Host name: 192.168.1.1 Port number: 22 - Connection: Tunnel: User name: admin Password: - OK - Save, Name: SCP 192.168.1.1 ID+PW - OK - Login Q: I want to have more functions and programs in my router. Where can I find compatible software? A: You want to install Entware in your router! Voxel have a big library of Entware programs to install: http://www.voxel-firmware.com/Downloads/Voxel/Entware/Entware-3x-Voxel/ Q: How do I install Entware? A: Run the kamoj add-on installation procedure: entware_install.sh A: Follow Voxel instructions in his readme at http://www.voxel-firmware.com/Downloads/Voxel/readme.docx Q: I want to install the Entware program netdata that shows all kind of router information in a GUI accessible from a web browser. How do I do that? A: 1). Install Entware 2). Install and start netdata: entware_install.sh netdata 3). Open in your web-browser: http://192.168.1.1:19999/ Or click "Netdata" in the Kamoj Advanced tab (available only after Netdata is installed) Q: How do I use my Pi-hole as DNS server/Ad-Blocker? A: 1). Set some stable DNS servers : Setup: Domain Name Server (DNS) Address : Internet Setup: Use These DNS Servers : 1.1.1.1 2). Set your Pi-hole address in DHCP DNS Options : Custom DNS and check "Include default DNS" Q: How can I see the current state of the routers nand flash memory? A: Kamoj Menu: Settings: Router Internals: flash info Q: How do I reset all USB mounting points to start from sda1 again etc? A: Run these commands from router shell: nvram show | awk -F= '/green_download_path/ {print $1}' | xargs -n1 nvram unset nvram show | awk -F= '/^shared_usb_folder/ {print $1}' | xargs -n1 nvram unset nvram show | awk -F= '/usbDeviceName/ {print $1}' | xargs -n1 nvram unset nvram show | awk -F= '/^node[0-9]*/ {print $1}' | xargs -n1 nvram unset nvram commit reboot Q: How do I reboot the router? A: I suggest you stay with the Netgear GUI way: Advanced: reboot Q: Are there other ways of doing a reboot, and what are the differences? There are many ways on doing it, e.g.: 1). Router GUI: Advanced: reboot 2). Router shell: /sbin/reboot Halt use signal=2 done. Halt send signal to init... Makes sync automatically. Instructs the system to reboot. Does not reset mtd ecc error counters. 3). Router shell: /sbin/poweroff Halt use signal=1 done. Sends an ACPI signal to power down system. There is no power off function in the router, so after a long time it will restart. Resets mtd ecc error counters. 4). Router shell: /sbin/halt Halt use signal=0 done. Halt send signal to init... Makes sync automatically. Instructs the hardware to stop all CPU functions, but leaves it powered on. 5). Router shell: echo b > /proc/sysrq-trigger # reboot. Hard quick reboot 6). Router shell: echo c > /proc/sysrq-trigger # Simulate a kernel panic. Hard quick reboot and Netgear logging at start. 7). Use e.g. a paper clip or tooth picker to press the "pinhole" reset button very short time (< 1 sec). 8). Router shell: /sbin/reboot -f Halt use signal=2 done. got reboot and ppid pgid is 23630|26416.. Halt run reboot(magic)... Q: How do I reset the router to "Factory settings" (Reset the user configuration)? A: A factory reset deletes personalized settings including your user name, password, WiFi network name (SSID), and security settings. A factory reset is necessary when you can't recover your password. See: https://kb.netgear.com/9665/How-do-I-perform-a-factory-reset-on-my-NETGEAR-router N.B.: Factory reset does NOT erase e.g. the netgear partition. 1). GUI: Advanced: Administration: Backup Settings: "Revert to factory default settings": Erase, Yes 2). Use e.g. a paper clip or tooth picker to press and hold the "pinhole" reset button until the lights change, about 7 seconds. Release the Restore Factory Settings or Reset button. 3). Router shell : nvram default; nvram commit; reboot Q: I tried the "Factory reset", but it doesn't reset all settings. How do I really reset the router to "Factory settings"? A: It's not possible without very special knowledge. Using stock "Revert to factory default settings" does not restore the router to virgin state. It only erases the user settings in the configuration file. Q: I really want to reset to factory settings! Is there any way to do it? A: Yes, but I'll not tell, since there is a big chance you brick your router, and also it would be illegal in some countries to e.g. reset the WiFi-region. Q: Is there a way to do a "better" factory reset than from stock GUI? A: WARNING: This might brick your router Yes, but be sure you know what you are doing, and I take no responsibility if you brick your router. 1). Download 2 different firmware's: ------------------------------------------------ Voxel: http://www.voxel-firmware.com/Downloads/Voxel/html/index.html Netgear: https://www.netgear.com/support/download/ ------------------------------------------------ 2). Unzip the image files from the downloaded firmware zip files ------------------------------------------------ 3). CHANGE firmware to a not wanted one: It is NOT enough to flash same firmware again! Not from GUI and not even using tftp. You must alternate the version, e.g. between Netgear/Voxel: Router GUI: Administration: Firmware Update: Locate and select the upgrade file on your hard disk: Browse 4). CHANGE firmware to the wanted one: Router GUI: Administration: Firmware Update: Locate and select the upgrade file on your hard disk: Browse ------------------------------------------------ 5). Erase all configuration data: R7800: Run these commands from a router shell/prompt: nvram default nvram commit mtd erase netgear reboot R8900/R9000: Run these commands from a router shell/prompt: nvram default nvram commit ngmtd="$(awk -F: '/"netgear"$/ {print $1}' /proc/mtd | grep mtd)" [ -n "$ngmtd" ] && flash_erase /dev/"$ngmtd" 0 0 reboot ------------------------------------------------ 6). Save the Router configuration file: Router GUI: Advanced: Administration: Backup Settings: Save a copy of current settings: Back Up Make sure the file size is less than 100Kb Q: My R7800 configuration is corrupt and can not be set. What to do? A: WARNING: This might brick your router. Only run it as your very last resort. From router shell/prompt: /usr/sbin/nandtest -m /dev/mtd11 Q: I have tried different Firmware (Netgear / Voxel / DD-WRT / LEDE / OpenWRT) and now I can't switch on the WiFi! What can I do? A: This is a Netgear bug that can happen randomly to anyone when updating any firmware. Erase all configuration data: R7800: Run these commands from a router shell/prompt: nvram default nvram commit mtd erase netgear reboot R8900/R9000: Run these commands from a router shell/prompt: nvram default nvram commit ngmtd="$(awk -F: '/"netgear"$/ {print $1}' /proc/mtd | grep mtd)" [ -n "$ngmtd" ] && flash_erase /dev/"$ngmtd" 0 0 reboot Q: My WiFi can not be switched on. It's on in ADVANCED: Advanced Setup: Wireless Settings, but the BASIC page and the Kamoj add-on Router Information shows it as off. Also there really is no WiFi available to connect. What can I do? (@Giudi001) A: This is a Netgear bug that can also happen when you update the Firmware or at other times. One reason is if you have switched off the WiFi with the hard button on the router, and then made a Firmware update. The radios would then have been left unusable. A1: The smart way: Install Kamoj add-on 5.4b24 or later, and enable WiFi Supervison in Settings. Within one minute, the WiFi should be working again. A2: The manual way: Run this command, from a router terminal shell/prompt: wlan down;wlan up;for i in 1 2;do { [ "$(dni_wlan radio 11a -s)" != "ON" ] || [ "$(dni_wlan radio 11g -s)" != "ON" ]; } && wlan toggle; done Q: My WiFi on/off settings are grayed out and the add-on does not report any connected clients. What is wrong, and what can I do? A: It's an old Netgear bug. Try this from router command line: nvram set wl_hw_btn_state="on" nvram commit reboot Q: I'm running DD-WRT and can not go back to Netgear stock firmware. What can I do? A: https://www.snbforums.com/threads/r7800-strange-issue-when-going-back-to-voxel-stock-firmware.46452/ https://forum.openwrt.org/t/netgear-r7800-exploration-ipq8065-qca9984/285/1058# (ubifs is corrupt and you need to clean this area: 0x000003480000-0x000007900000 - Stop with ctrl-c at uboot prompt and enter this command: nand erase 0x3480000 0x4480000 - run command: fw_recovery Q: How do I use tftp to revive a bricked router, or just flash new firmware? This is also working if the file system has become read-only, and to recover from a boot loop. A: First, do NOT try to flash same firmware as already installed! You must alternate the version, e.g. between Netgear/Voxel or Voxel/Netgear. Here you have alternative descriptions on how to perform the tftp: https://kb.netgear.com/22688/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP https://forum.lede-project.org/t/netgear-r7800-exploration-ipq8065-qca9984/285/5 https://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-rbk53-rbr50-rbs50-v-9-2-5-2-11sf-hw.71395/post-677496 The Kamoj way: PREPARATION: - A TFTP client installed in your computer. Windows: Enable Windows 10 TFTP, e.g. using pkgmgr or dism: pkgmgr: Hold down the Windows Key, then press the “R“ key. The Run dialog box appears. In the Open: window, type: pkgmgr /ui:"TFTP" Click OK dism: Hold down the Windows Key, then press the “R“ key. The Run dialog box appears. In the Open: window, type: dism /online /Enable-Feature /FeatureName:TFTP Hold down the 2 keys: ctrl+shift Click OK You can also read about it at e.g.: http://www.thewindowsclub.com/enable-tftp-windows-10 Test that the command is enabled by running it from a "DOS" prompt: tftp - Your computer must have a static IPv4 IP Address from the 192.168.1.x network, because the router's bootloader’s TFTP recovery mode defaults to 192.168.1.1. (For Windows 10: See e.g.: https://pureinfotech.com/set-static-ip-address-windows-10/ IPv4 Address. . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 ) Verify that your PC still has 192.168.1.100 before trying to TFTP: Run from "DOS" command prompt: ipconfig - A new firmware to flash. Windows: copy or move the firmware image to e.g. C:\R7800-V1.0.2.83SF.img - An Ethernet cable connection from the router to your computer. - Disconnect all WAN and LAN port cables except the one to the computer to run tftp from. SET ROUTER IN TFTP MODE: You have to do this with the router: - Power off - Press and hold a pin in the reset hole - Power on - Wait for power LED to stop flashing amber and start flashing white - Release reset button - Wait a little, the router is now in tftp-mode! CHECK CONNECTION: From your computer: ping 192.168.1.1 FLASH THE FIRMWARE: From your computer: Windows: From the "DOS" prompt: tftp -i 192.168.1.1 PUT C:\R7800-V1.0.2.79SF.img If successful you get a reply like this: Transfer successful: 31361153 bytes in 12 second(s), 2613429 bytes/s (R9000 example: tftp -i 192.168.1.1 PUT C:\R9000-V1.0.5.2.img Transfer successful: 36804737 bytes in 28 second(s), 1314454 bytes/s ) The router will after this restart itself with the new firmware. Have patience and do not abort this. You might need to power off/on the router once it has completed its own restart. If problem try a Netgear stock image. Q: As soon as I open or interact with OpenVPN or DNS Privacy/Ad-Blocking I get a admin/password request pop up which only goes away after I click cancel, and I'm sent to the password reset page. I have tried different browsers and privacy modes with same issue. A: That problem others have even with Netgear stock firmware (You can search Netgear forum a.o.). Netgear has had many problems with different character sets through the years and their html code is a "jungle" of tries to fix it. I have not been able to correct the issue in the add-on yet - sorry! A solution is to CHANGE password (NOT just enter your old credentials), or it will stay bad until you do. Use a password without non-alphanumeric characters. Especially "$" should be avoided. You should try to not use any of these characters in the password: "Non-English-characters,$,!, <, >, @, %, *,?, .,+,-,/,|,\,&,=,',",`,´" If it starts working then add "strange" characters one by one till you find out the "bad" one. Q: Is it possible to preserve only IP reservations without backup/restore of the whole configuration? A: Yes. You can even copy the reservations between the R7800 and R9000, using shell commands: #Backup: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 nvram show | grep reservation[0-9] >/tmp/mnt/sda1/reservations.txt #Restore: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 while IFS="=" read -r P V; do nvram set "$P"="$V"; done /tmp/mnt/sda1/forwarding.txt #Delete all forwarding: nvram show | grep forwarding[0-9] | xargs -n1 nvram unset; nvram commit #Restore: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 while IFS="=" read -r P V; do nvram set "$P"="$V"; done