2024-01-22 Kamoj Addon FAQ - FREQUENTLY ASKED QUESTIONS: Section 1: Adguard Home FAQ for R7800 and R8900/R9000 Section 2: WIREGUARD FAQ/support for R7800 and R8900/R9000 Section 3: WiFi FAQ for R7800/R8900/R9000 Section 4: General FAQ for R7800/R8900/R9000 ********************************************* * Section 1: * * Adguard Home for R7800 and R9000 * ********************************************* Q: What is Adguard Home A: AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network. (https://adguard.com/en/adguard-home/overview.html) Q: Is Adguard Home associated with Adguard (as for Windows, Android, iPhone etc) A: Yes, it's from the same company and the same protection Q: Does it cost anything? A: No, It's free for integration into your router! Q: How do I install it? A: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Install Q: How do I start it? A: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home Q: How do I control it, set protection and view statistics etc? A: Kamoj Menu: Adguard Home (This menu choice is only available after you have started it!) Q: Can I run encrypted DNS requests? A: Yes, both DoH, DoT and DNSCrypt2 are supported Q: Can I run it simultaneously with DNSCrypt Proxy v2 or Stubby? A: No Q: Is this better than Kamoj's Dnscrypt 2 Ad-Blocking? A: It's definitely looking better and easier to understand and with very many more options. It might not be so fast though. Q: What features does it have that the Kamoj's Dnscrypt 2 Ad-Blocking does not? A: Easy choice of many things: - Profiles/Different blocking per device (Settings, Client Settings) - One click functions to block YouTube, WhatsApp and many more (Settings, General Settings) - Support for personal White Lists/Black Lists (Filters) Q: Where can I find any information about the running Adguard Home? A: Kamoj Menu: Router Information A: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home Q: How to update Adguard Home? A: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Download Latest Version To use it: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Install Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home The block lists and filters etc are automatically updated Q: How do I backup the Adguard Home configuration? A: Insert a working USB device in the router Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Backup config to USB (A directory AdGuardHome will be created (if not existing) with the backup file: AdGuardHome.yaml The previous backup file (if any) will be renamed to AdGuardHome.yaml.bup) Q: How do I restore a backup of the Adguard Home configuration? A: Insert a working USB device in the router with: A directory AdGuardHome with the backup file: AdGuardHome.yaml (E.g. /mnt/sda1/AdGuardHome/AdGuardHome.yaml) Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Restore config from USB The file will be copied to the router's Adguard Home persistent area. The previous configuration file will be renamed to AdGuardHome.yaml.bup Q: Is Adguard Home writing to NAND memory? A: Only the configuration file, and only when you manually save a configuration from within the program. Q: Where do Adguard Home store it files and data? A: The installation file is downloaded only on user request or first time when it does not exist. It is stored in /opt/kamoj/addons/AdGuardHome_linux_armv7.tar.gz The configuration file is stored as /opt/kamoj/addons/defaults/AdGuardHome.yaml It is changed only when you manually save it from within the program. The working files, e.g. filters, black list, statistics etc are stored in RAM: /tmp/addons/adguard_home/ The program itself is installed at boot time directly to RAM: /tmp/AdGuardHome/ A: To store these files on a USB device: Check "Use USB-device (when present) for Query, Statistics and program logs" in DNS Filter/Encryption: Adguard. Q: What is the Username and Password? A: Username: x Password: x Q: How can I change the Username and Password? A: You have to setup Adguard Home yourself Q: How can I setup Adguard Home by myself? A: - First stop Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: None - Delete the current configuration: Kamoj Menu: DNS Privacy/Ad-Blocking: Adguard Home: Erase configuration - Start Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home - Start setup program: *If you access your router through it's IP eg 192.168.1.1: Kamoj Menu: Adguard Home Setup *If you not access the router through it's IP, open: http://192.168.1.1:3000 Run the guide, it's very easy. You can select one of many available languages as well. If you are not expert, I advice you to use these values: Admin Web Interface: Listen interface: 8080 DNS server: Listen interface: 5300 After The last "Open Dashboard", close the window The following steps (Or a router reboot) are needed to get the router firewall setup: Open: http://192.168.1.1/adv_index.htm (Or what IP your router have) First stop Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: None Start Adguard Home: Kamoj Menu: DNS Privacy/Ad-Blocking: DNS Filter/Encryption: Adguard Home Close all your Netgear Genie windows (routerlogin.net, www.routerlogin.net, routerlogin.com, www.routerlogin.com) Q: Can I use dnscrypt2 servers with AdGuard Home? A: Yes Q: Where do I find DoH, DoT and DNSCrypt2 servers to use with AdGuard Home? A: https://kb.adguard.com/en/general/dns-providers Q: Where do I find dnscrypt2 servers to use with AdGuard Home? A: https://dnscrypt.info/public-servers/ Q: How do I add a dnscrypt2 server to use with AdGuard Home? A: E.g.: Find the server you want at: https://dnscrypt.info/public-servers/ Click on it's short name in the most left column. Copy the "Stamp" starting with "sdns://", and paste it as a new own line into the AdGuard Home: Settings: DNS Settings: Upstream DNS servers Press the button "Test upstreams" to verify all your servers are working. Q: What is DNS leak? A: Check e.g. here to learn about it: https://blog.cloudflare.com/dns-encryption-explained/ https://www.dnsleaktest.com/what-is-a-dns-leak.html Q: How can I do a "DNS leak test"? A: Use one of the many links provided by the add-on: DNS Privacy/Ad-Blocking: DNS Leak Test / Privacy links. A: You can try e.g. any/some of these test sites: http://dnsleak.com/ http://www.doileak.com/ http://www.vpninsights.com/dns-leak-test https://bash.ws/dnsleak https://cmdns.dev.dns-oarc.net/ https://ipleak.net/ https://ipx.ac/run https://surfshark.com/dns-leak-test https://tenta.com/test/ https://www.astrill.com/vpn-leak-test https://www.comparitech.com/privacy-security-tools/dns-leak-test/ https://www.dnsleaktest.com/ https://www.expressvpn.com/dns-leak-test https://www.grc.com/dns/dns.htm https://www.ovpn.com/en/dns-leak-test https://www.perfect-privacy.com/en/tests/dns-leaktest Q: Am I leaking DNS requests if the tests show more than one address? A: No, that's not how it works. Learn more until you understand what a real leak is. Q: How can I find out which DNS server is the fastest for me? A: You can find info and tools in any/some of these sites: https://www.senki.org/network-operations-scaling/dns-latency-and-performance-test-tools/ https://www.ultratools.com/tools/dnsHostingSpeed https://www.grc.com/dns/benchmark.htm https://code.google.com/archive/p/namebench/ https://www.makeuseof.com/tag/find-the-fastest-dns-to-optimize-your-internet-speed-with-namebench/ Q: I want to use the latest Beta version of AdGuard Home. How to do? A: 1). Tick the check-box DNS Privacy/Ad-Blocking: Adguard Home: Use BETA version. 2). Click "Download Latest Version" 3). Wait for AdGuard Home to be downloaded and installed. May take a few minutes depending on connection. See Adguard log for installation progress/result: DNS Filter/Encryption: Adguard: Q: Can I update AdGuard Home by clicking the "AdGuard update banner"? A: Only if you don't use a USB for AdGuard log-files etc. Please use the update function in the addon. ********************************************* * Section 2: * * WIREGUARD FAQ/support for R7800 and R9000 * ********************************************* Q: Do I need to install Wireguard to my router? A: Yes, but only if you have an R7800. Voxel have already installed it in the R9000 firmware. Q: How do I install wireguard to my R7800? A: 1. Install the kamoj add-on and reboot (as always after installations, or you will get problems!) 2. Logon to router 3. ADVANCED, Kamoj Menu, Wireguard Client, WireGuard Client - General settings: Install (Check box) 4. Answer OK to the reboot question (as always after installations, or you will get problems!) 5. After the reboot you can start using Wireguard Q: How do I uninstall wireguard from my R7800? A: 1. Logon to router 2. ADVANCED, Kamoj Menu, Wireguard Client, WireGuard Client - General settings: Install (Uncheck) 3. Answer OK to the reboot question (as always after installations, or you will get problems!) Q: How do I get started with Wireguard, using the kamoj add-on? A: A short wireguard instruction: 1. You have to generate the configuration file according to your vpn/wireguard providers instructions. They are all different, and most providers have more than one way to do it. So I can not help you with this. But you don't need any special file for routers or so, any standard config file generated for you personally should be good. 2. Then open this file in a text editor and copy the contents to the kamoj add-on wireguard window, where you can read the text "Type or Paste your configuration file contents here." 3. Set a suitable name for you configuration file in the "Configuration name" box. 4. Click "Create/Save VPN configuration" to save the configuration. 5. I recommend to check 2 boxes in: "WireGuard Client - General settings": "Killswitch On" and "No Killswitch for Bypass devices" 6. Select your configuration in the "Select and Run WireGuard Client Configuration" drop-down box, and click "Start Wireguard Client with this" 7. I also recommend that you check "Automatic Status update" at top of page, and check the log file, by "Show Session WG log" or if you like a pop-up window with color coded log: "Show last lines of the VPN log in new window". Q: I created wireguard configurations from the add-on GUI, but after reboot they are gone. Why? A: You have left an USB device in the router containing a directory named wireguard-client This will replace your router configurations with the ones on the USB device. If "Synchronize configurations with USB-device" is selected, the configurations created from the addon GUI, will be copied to the USB-device, and survive a reboot. Q: How do I import my Wireguard configuration files to the router: 1. Add your .conf files to a USB device, to a directory at the root named: wireguard-client 2. Insert the USB device in the router. It will auto mount and copy your configurations to the router. 3. Remove the USB device, or rename the directory to something else, or else all your router files will be overwritten with ones from the USB device at next mount/reboot. 4. Login via normal GUI 5. Go to ADVANCED: Kamoj Menu: Wireguard Client Q: My internet connection is lost after a reboot and wireguard/OpenVPN clients is activated. Why? A: To be able to use the "crypto protocols" Wireguard and OpenVPN, there are a number of pre-requisites. At boot time not all services are available and need to be waited for. Some of them are: Time - The cryptos are changed regularly and current time must be accurate for this to work. DNS - A working name server must function to resolve addresses like "google.com" Q: I have no internet connection after a reboot and wireguard/OpenVPN clients is activated. Why? A: You may not have an internet connection at all. A: You can also add extra start delays for Wireguard resp. OpenVPN in the add-on GUI: "Start delay at boot" Q: Where do I enter user Id and Password for my Wireguard client? A: For wireguard there is a completely new concept. There is no longer "one" configuration file that everyone can use. Now you generate your own configuration files with your own private encryption key. This key is not available to public, so the add-on can not do it. Q: How do I generate my configuration file(s) for wireguard? A: Ask you vpn/wireguard provider. Q: What does "Get all configuration files" do? A: It just re-reads the configuration directory for your files. You might have inserted a USB device with new configurations (in e.g. /mnt/sda1/wireguard-client) since you opened the wireguard window. This files are the automatically copied to the router, wireguard configuration file area. Then you use "Get all configuration files" to scan the configuration file area to find all files. Or you could simply reload the web-page! Q: I want to use a Wireguard server in my router. Is it possible? A: Yes with the R9000 it is possible. The Kamoj addon does not yet have this functionality. Please use SNB forum to search for information. Why not start a new thread for it so everyone ca benefit from it! https://www.snbforums.com/threads/wireguard-support-to-voxel-fw.59927/post-537965 https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-82sf-v-1-0-2-82-1sf-v-1-0-2-82-2sf.69449/post-673931 https://www.snbforums.com/threads/wireguard-support-to-voxel-fw.59927/post-598146 ********************************************* * Section 3: * * WiFi FAQ for R7800 and R9000 * ********************************************* Q: My WiFi can not be switched on. It's on in ADVANCED: Advanced Setup: Wireless Settings, but the BASIC page and the Kamoj add-on Router Information shows it as off. Also there really is no WiFi available to connect. What can I do? (@Giudi001) A: This is a Netgear bug that can also happen when you update the Firmware or at other times. One reason is if you have switched off the WiFi with the hard button on the router, and then made a Firmware update. The radios would then have been left unusable. A1: The smart way: Install Kamoj add-on 5.4b24 or later, and enable WiFi Supervison in Settings. Within one minute, the WiFi should be working again. A2: The manual way: Run this command, from a router terminal shell/prompt: wlan down;wlan up;for i in 1 2;do { [ "$(dni_wlan radio 11a -s)" != "ON" ] || [ "$(dni_wlan radio 11g -s)" != "ON" ]; } && wlan toggle; done Q: My WiFi on/off settings are grayed out and the add-on does not report any connected clients. What is wrong, and what can I do? A: It's an old Netgear bug. Try this from router command line: nvram set wl_hw_btn_state="on" nvram commit reboot Q: I have tried different Firmware (Netgear / Voxel / DD-WRT / LEDE / OpenWRT) and now I can't switch on the WiFi! What can I do? A: This is a Netgear bug that can happen randomly to anyone when updating any firmware. Erase all configuration data: R7800: Run these commands from a router shell/prompt: nvram default nvram commit mtd erase netgear reboot R8900/R9000: Run these commands from a router shell/prompt: nvram default nvram commit ngmtd="$(awk -F: '/"netgear"$/ {print $1}' /proc/mtd | grep mtd)" [ -n "$ngmtd" ] && flash_erase /dev/"$ngmtd" 0 0 reboot Q: After flashing R7800 my 5Ghz Wifi stopped working. What can I do? A: Don't use one of the DFS channels. (@R. Gerrits) A: Use the Kamoj add-on built in supervision, by ticking the box: Settings:Set functions on / off:Supervise WiFi Q: After reboot it takes about 10 minutes before my 5Ghz Wifi is working. What can I do? A: Don't use one of the DFS channels. (The DFS regulations include that the router must make sure there is no radar transmission on DFS channels before using them!) (@R. Gerrits) Q: My system log gets full of these messages: "[wifi1] FWLOG: [xxxxxxxxx] WAL_DBGID_"?! A: Try to Uncheck "Advanced Setup: Wireless Settings: Enable 160 Mhz bandwidth in the 5 Gghz band" (@foo man) Q: I want to bypass VPN for the WiFi (Guest) network(s). (@baursak, @R. Gerrits) Is there a function/way to handle this? A: Yes, it is found in ADVANCED:Kamoj Menu:VPN Bypassing: Bypass VPN for all devices connected to WiFi interface Q: What is the limit for number of connected WiFi devices? A: The limit is 32 devices per radio band (2.4 / 5 GHz). Q: I've seen more than 32 WiFi devices connected to the router on one band? Is it possible? A: It's possible if some device(s) are "sleeping", not active. Then up to 50 devices may be connected according to Netgear. Q: I've less than 32 devices but can not connect new devices anyhow. Why? A: Uncheck "Setup: Wireless Setup: Wireless Settings: Enable Smart Connect" Uncheck "Advanced Setup: Wireless Settings: Advanced Wireless Settings: Enable 160 MHz bandwidth in the 5 GHz band" Uncheck "Advanced Setup: Wireless Settings: Advanced Wireless Settings: Enable Smart Roaming" (R8900/R9000) A: Uncheck "Advanced Setup: Wireless Settings: Enable MU-MIMO" (This is important if you have many devices and reaching the limit, since each of the (max 4) MIMO devices use several (4) WiFi-"bandwidth-slots", decreasing the 32 limit.) Q: Sometimes my WiFi stops working! What can I do? A: Use the Kamoj addon Supervision to restart WiFi radios when they stop working: Check "Supervision: SUPERVISION: Supervision On" Check "Supervision: WIFI (2.4 GHz and 5 GHz bands): Supervise WiFi radios" Q: Can I see if the WiFi supervision has trigged? A: Yes, check the Supervision log: The log is accessible from 2 places: Kamoj Menu: Supervision: SUPERVISION, LOGGING and SETTINGS: Supervision log: Show Kamoj Menu: System Information: System Information: Supervision: Show Q: The WiFi supervision detected and fixed that my 5 GHz WiFi stopped working, but it restarted also the 2.4 GHz band radio. Why? A: Yes, both radios will be restarted if one fails, that's Netgear design. Q: I've used the WiFi supervision, but it doesn't restart the failed radio anyhow. What can I do? A: As a last resort: Check "Supervision: WIFI (2.4 GHz and 5 GHz bands): Restart traffic-less WiFi" Set "Minimum time without WiFi traffic to restart WiFi radios" to a sensible value. The draw-back with this is that both radios/bands will be restarted if the traffic cease on one of the bands for more than "Minimum time without WiFi traffic to restart WiFi radios" seconds. Q: Is it possible to preserve only the WiFi SSIDs instead of backup/restore of the whole configuration? A: Yes. You can even copy the SSIDs between the R7800 and R9000, using shell commands: #Backup: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 nvram show|grep -E "^w[la|ig|lg|l|wlg1|wla1]*_ssid" >/tmp/mnt/sda1/ssid.txt #Restore: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 while IFS="=" read -r P V; do nvram set "$P"="$V"; done ". Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you your device's ip address as seen from internet, and since you have bypassed the VPN tunnel you should see your ip address from internet provider, and you can connect your device to internet. In the right reddish window find and select your device, and then press "<-- Move selected devices". Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you you device's ip address as seen from internet, and since you have failed to start the VPN tunnel you should NOT see any ip address at all, and you can not connect your device to internet. Now go to the OpenVPN Client page and start a valid working configuration to establish a VPN tunnel. Open a command prompt and run: curl -s --max-time 1 https://ipinfo.io/ip This will show you your device's ip address as seen from internet, and since you are using the VPN tunnel you should see your ip address from VPN provider, and you can connect your device to internet. Go to your VPN providers home page and check. Q: Do I really have to uninstall previous add-on version before installing a new one? A: If you don't remove the old add-on version before installing a new one, you may get problems. You should uninstall previous version before installing a new one, since each version has a different installer that e.g. cleans up the nvram when you uninstall. If you don't uninstall your router will be left with nvram garbage and old files, and that could eventually give unexplainable problems. Q: I want to use ssh but how do I generate and install the ssh/dropbear crypto keys? A: To simplify I have added a script to the add-on, that: - automatically generates SSH/RSA keys for ssh/dropbear. - provides automatic restore of keys after e.g. firmware update/factory reset. To use it: 1). Insert a USB device (preferred: with label/name "optware") in the router. 2). Open a router telnet/command prompt and issue command: ssh_keys_install.sh 3). Then just follow the instructions Q: How do I login to the router using WinSCP and my installed ssh/dropbear crypto keys? A: Follow these steps: - Install WinSCP (https://winscp.net) - Start WinSCP - New Site - File protocol: SCP - Host name: 192.168.1.1 Port number: 22 - User name: root Password: - Advanced... - Environment: Directories: Remember last used directory: Check - Environment: Directories: Remote directory: / - Environment: Directories: Local directory: - Environment: SCP/Shell: Shell: /bin/sh - SSH: Authentication: Private key file: C:\ssh\private_openssh_key.ppk - OK - Save, Name: SCP 192.168.1.1 SSH KEYS - OK - Login Q: How do I login to the router using WinSCP and Username & Password? A: Follow these steps: - Kamoj Menu: Settings: Set some functions on / off: Allow SSH login with Username & Password: Check - Start WinSCP - New Site - File protocol: SCP - Host name: 192.168.1.1 Port number: 22 - User name: admin Password: - Advanced: - Environment: Directories: Remember last used directory: Check - Environment: Directories: Remote directory: / - Environment: Directories: Local directory: - Environment: SCP/Shell: Shell: /bin/sh - Connection: Tunnel: Connect through SSH tunnel: Check - Connection: Tunnel: Host name: 192.168.1.1 Port number: 22 - Connection: Tunnel: User name: admin Password: - OK - Save, Name: SCP 192.168.1.1 ID+PW - OK - Login Q: How do I login to the router using SSH from outside/remote/wan/internet? A: Follow these steps: - Kamoj Menu: Settings: Set some functions on / off: Allow SSH access from wan (Internet): Check Q: I want to have more functions and programs in my router. Where can I find compatible software? A: You want to install Entware in your router! Voxel have a big library of Entware programs to install: http://www.voxel-firmware.com/Downloads/Voxel/Entware/Entware-3x-Voxel/ Q: How do I install Entware? A: Follow Voxel instructions in his readme at http://www.voxel-firmware.com/Downloads/Voxel/readme.docx A: Run the kamoj add-on installation procedure from router command prompt: entware_install.sh Default is files system ext2. It is the fastest, and easy to deal with. If you really want to change to/from ext3/ext4, please first have a USB device NOT formated with a Linux file system (ext2/ext3/ext4). FAT32 works good e.g. If you want another file system than ext2 you then have to set up the nvram variable, e.g.: nvram set kamoj_entware_file_system=ext2; nvram commit This must be done before running entware_install.sh. Summary: To use ext/2ext3/ext4, you must make sure the USB device not already use ext2/ext3/ext4. Q: The Entware installation failed. What can I do? A1: Take out the USB devioce and format it as FAT32 in another computer, and try again. A2: Run the installation procedure "by hand" from router command prompt, step by step: entware_install.sh format_usb_device entware_install.sh install_entware entware_install.sh create_swap_file entware_install.sh standard_settings entware_install.sh update_entware_and_packages entware_install.sh netdata Q: I want to install the Entware program netdata that shows all kind of router information in a GUI accessible from a web browser. How do I do that? A: 1). Install Entware 2). Install and start netdata: entware_install.sh netdata 3). Open in your web-browser: http://192.168.1.1:19999/ Or Refresh the Kamoj GUI, and click "Netdata" in the Kamoj Advanced tab (available only after Netdata is installed) Q: How do I use my Pi-hole as DNS server/Ad-Blocker? A: 1). Set some stable DNS servers : Setup: Domain Name Server (DNS) Address : Internet Setup: Use These DNS Servers : 1.1.1.1 + 8.8.8.8 + 9.9.9.9 2). Set your Pi-hole address in DHCP DNS Options : Custom DNS and check "Include default DNS" Q: How can I see the current state of the routers nand flash memory? A: Kamoj Menu: Settings: Router Internals: flash info Q: How do I reset all USB mounting points to start from sda1 again etc? A: Run these commands from router shell: nvram show | awk -F= '/green_download_path/ {print $1}' | xargs -n1 nvram unset nvram show | awk -F= '/^shared_usb_folder/ {print $1}' | xargs -n1 nvram unset nvram show | awk -F= '/usbDeviceName/ {print $1}' | xargs -n1 nvram unset nvram show | awk -F= '/^node[0-9]*/ {print $1}' | xargs -n1 nvram unset nvram commit reboot Q: How do I reboot the router? A: I suggest you stay with the Netgear GUI way: Advanced: reboot Q: Are there other ways of doing a reboot, and what are the differences? There are many ways on doing it, e.g.: 1). Router GUI: Advanced: reboot Makes sync automatically. Instructs the system to reboot. Does not reset mtd ecc error counters. 2). Router shell: /sbin/reboot Halt use signal=2 done. Halt send signal to init... Makes sync automatically. Instructs the system to reboot. Does not reset mtd ecc error counters. 3). Router shell: /sbin/poweroff Halt use signal=1 done. Sends an ACPI signal to power down system. There is no power off function in the router, so after a long time it will restart. Resets mtd ecc error counters. 4). Router shell: /sbin/halt Halt use signal=0 done. Halt send signal to init... Makes sync automatically. Instructs the hardware to stop all CPU functions, but leaves it powered on. 5). Router shell: echo b > /proc/sysrq-trigger # reboot. Hard quick reboot 6). Router shell: echo c > /proc/sysrq-trigger # Simulate a kernel panic. Hard quick reboot and Netgear logging at start. 7). Router shell: /sbin/reboot -f Halt use signal=2 done. got reboot and ppid pgid is 23630|26416.. Halt run reboot(magic)... 8). Use e.g. a paper clip or tooth picker to press the "pinhole" reset button very short time (< 1 sec). Q: How do I reset the router to "Factory settings" (Reset the user configuration)? A: A factory reset deletes personalized settings including your user name, password, WiFi network name (SSID), and security settings. A factory reset is necessary when you can't recover your password. See: https://kb.netgear.com/9665/How-do-I-perform-a-factory-reset-on-my-NETGEAR-router N.B.: Factory reset does NOT erase e.g. the netgear partition. 1). GUI: Advanced: Administration: Backup Settings: "Revert to factory default settings": Erase, Yes 2). Use e.g. a paper clip or tooth picker to press and hold the "pinhole" reset button until the lights change, about 7 seconds. Release the Restore Factory Settings or Reset button. 3). Router shell : nvram default; nvram commit; reboot Q: I tried the "Factory reset", but it doesn't reset all settings. How do I really reset the router to "Factory settings"? A: It's not possible without very special knowledge. Using stock "Revert to factory default settings" does not restore the router to virgin state. It only erases the user settings in the configuration file. Q: I really want to reset to factory settings! Is there any way to do it? A: Yes, but I'll not tell, since there is a big chance you brick your router, and also it would be illegal in some countries to e.g. reset the WiFi-region. Q: Is there a way to do a "better" factory reset than from stock GUI? A: WARNING: This might brick your router Yes, but be sure you know what you are doing, and I take no responsibility if you brick your router. 1). Download 2 different firmware's: ------------------------------------------------ Voxel: http://www.voxel-firmware.com/Downloads/Voxel/html/index.html Netgear: https://www.netgear.com/support/download/ ------------------------------------------------ 2). Unzip the image files from the downloaded firmware zip files ------------------------------------------------ 3). CHANGE firmware to a not wanted one: It is NOT enough to flash same provider firmware again! Not from GUI and not even using tftp. You must alternate the provider, e.g. between Netgear/Voxel: Router GUI: Administration: Firmware Update: Locate and select the upgrade file on your hard disk: Browse 4). CHANGE firmware to the wanted one: Router GUI: Administration: Firmware Update: Locate and select the upgrade file on your hard disk: Browse ------------------------------------------------ 5). Erase all configuration data: R7800: Run these commands from a router shell/prompt: nvram default nvram commit mtd erase netgear reboot R8900/R9000: Run these commands from a router shell/prompt: nvram default nvram commit ngmtd="$(awk -F: '/"netgear"$/ {print $1}' /proc/mtd | grep mtd)" [ -n "$ngmtd" ] && flash_erase /dev/"$ngmtd" 0 0 reboot ------------------------------------------------ 6). Save the Router configuration file: Router GUI: Advanced: Administration: Backup Settings: Save a copy of current settings: Back Up Make sure the file size is less than 100Kb Q: My R7800 configuration is corrupt and can not be set. What to do? A: WARNING: This might brick your router. Only run it as your very last resort. From router shell/prompt: /usr/sbin/nandtest -m /dev/mtd11 Q: I'm running R7800 with DD-WRT and can not go back to Netgear stock firmware. What can I do? A: https://www.snbforums.com/threads/r7800-strange-issue-when-going-back-to-voxel-stock-firmware.46452/ https://forum.openwrt.org/t/netgear-r7800-exploration-ipq8065-qca9984/285/1058# (ubifs is corrupt and you need to clean this area: 0x000003480000-0x000007900000 - Stop with ctrl-c at uboot prompt and enter this command: nand erase 0x3480000 0x4480000 - run command: fw_recovery Q: How do I use tftp to revive a bricked router, or just flash new firmware? This is also working if the file system has become read-only, and to recover from a boot loop. A: First, do NOT try to flash same firmware as already installed! You must alternate the version, e.g. between Netgear/Voxel or Voxel/Netgear. Here you have alternative descriptions on how to perform the tftp: https://kb.netgear.com/22688/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP https://forum.lede-project.org/t/netgear-r7800-exploration-ipq8065-qca9984/285/5 https://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-rbk53-rbr50-rbs50-v-9-2-5-2-11sf-hw.71395/post-677496 The Kamoj way: PREPARATION: - A TFTP client installed in your computer. Windows: Enable Windows 10 TFTP, e.g. using dism or pkgmgr: dism: Hold down the Windows Key, then press the “R“ key. The Run dialog box appears. In the Open: window, type: dism /online /Enable-Feature /FeatureName:TFTP Hold down the 2 keys: ctrl+shift Click OK pkgmgr: Hold down the Windows Key, then press the “R“ key. The Run dialog box appears. In the Open: window, type: pkgmgr /ui:"TFTP" Click OK You can also read about it at e.g.: http://www.thewindowsclub.com/enable-tftp-windows-10 Test that the command is enabled by running it from a "DOS" prompt: tftp - Your computer must have a static IPv4 IP Address from the 192.168.1.x network, because the router's bootloader's TFTP recovery mode defaults to 192.168.1.1. (For Windows 10: See e.g.: https://pureinfotech.com/set-static-ip-address-windows-10/ IPv4 Address. . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 ) Verify that your PC still has 192.168.1.100 before trying to TFTP: Run from "DOS" command prompt: ipconfig - A new firmware to flash. Windows: copy or move the firmware image to e.g. C:\R7800-V1.0.2.83SF.img - An Ethernet cable connection from the router to your computer. - Disconnect all WAN and LAN port cables except the one to the computer to run tftp from. SET ROUTER IN TFTP MODE: You have to do this with the router: - Power off - Press and hold a pin in the reset hole - Power on - Wait for power LED to stop flashing amber and start flashing white - Release reset button - Wait a little, the router is now in tftp-mode! CHECK CONNECTION: From your computer: ping 192.168.1.1 FLASH THE FIRMWARE: From your computer: Windows: From the "DOS" prompt: tftp -i 192.168.1.1 PUT C:\R7800-V1.0.2.97SF.img If successful you get a reply like this: Transfer successful: 31361153 bytes in 12 second(s), 2613429 bytes/s (R9000 example: tftp -i 192.168.1.1 PUT C:\R9000-V1.0.5.2.img Transfer successful: 36804737 bytes in 28 second(s), 1314454 bytes/s ) The router will after this restart itself with the new firmware. Have patience and do not abort this. You might need to power off/on the router once it has completed its own restart. If problem try a Netgear stock image. Q: As soon as I open or interact with OpenVPN or DNS Privacy/Ad-Blocking I get a admin/password request pop up which only goes away after I click cancel, and I'm sent to the password reset page. I have tried different browsers and privacy modes with same issue. A: That problem others have even with Netgear stock firmware (You can search Netgear forum a.o.). Netgear has had many problems with different character sets through the years and their html code is a "jungle" of tries to fix it. I have not been able to correct the issue in the add-on yet - sorry! A solution is to CHANGE password (NOT just enter your old credentials), or it will stay bad until you do. Use a password without non-alphanumeric characters. Especially "$" should be avoided. You should try to not use any of these characters in the password: "Non-English-characters,$,!, <, >, @, %, *,?, .,+,-,/,|,\,&,=,',",`,´" If it starts working then add "strange" characters one by one till you find out the "bad" one. Q: Is it possible to preserve only IP reservations without backup/restore of the whole configuration? A: Yes. You can even copy the reservations between the R7800 and R9000, using shell commands: #Backup: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 nvram show | grep reservation[0-9] >/tmp/mnt/sda1/reservations.txt #Restore: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 while IFS="=" read -r P V; do nvram set "$P"="$V"; done /tmp/mnt/sda1/forwarding.txt #Delete all forwarding: nvram show | grep forwarding[0-9] | xargs -n1 nvram unset; nvram commit #Restore: # Insert a USB-device, and check what it is mounted as, e.g. /tmp/mnt/sda1 while IFS="=" read -r P V; do nvram set "$P"="$V"; done