Wireless Internet Solutions for 5G LTE Cellular and Starlink
https://wirelessjoint.com/
You will need to use the band calculator to determine the hex for locking the bands.Cool Ranch wrote: Fri Jun 18, 2021 3:34 pm Any idea how to band lock this router to 2 and 71? I can't find the commands
Code: Select all
echo -ne "AT+QCFG=\"band\",0,42000001003300385a\r\n" | microcom -X -t 1000 /dev/ttyUSB2worked perfectly. Instantly locked to 2 with 71 as back up. Thank you so much <3egauk wrote: Fri Jun 18, 2021 4:05 pm You will need to use the band calculator to determine the hex for locking the bands.
https://wirelessjoint.com/viewtopic.php?f=16&t=943
Example CommandCode: Select all
echo -ne "AT+QCFG=\"band\",0,42000001003300385a\r\n" | microcom -X -t 1000 /dev/ttyUSB2
Sorry for months late reply. Life got busy again.frank33v wrote: Fri Apr 02, 2021 10:12 am I have been using my Orbi LBR20 on AT&T successfully now all winter following the original instructions with the ttl mod script and shutting down wifi and blocking updates.
I am on 2.5.2.20 and FW A05.
For some reason my MAGIC keeps reverting back and it I lose internet connection. Reboot, redo magic and I am back in business. Less than 24hrs later it happens again.
IS this a known issues now? Do I need to upgrade and try to figure out this new process listed above to make my Orbi stable with AT&T.
Pretty much anything done using the methods in this thread and forum are ToS violations to lesser or greater degrees (depending on which lawyer you ask on a given day) which is why I advise everyone to be discreet and careful and know the risks they are taking when proceeding any specific modifications to stock device firmware.outrage18 wrote: Mon Apr 05, 2021 12:22 pm ATT Post pay tablet plan will work with just APN change - but you risk termination as TOS requires SIM be used only in a tablet.
Thank you for posting this. Always good to have archive for those who have issues. I have placed a copy in cloud storage of my own as a mirror in case this one should go missing and someone is looking for itshinesmart wrote: Fri Apr 16, 2021 12:37 am Finally was able to find the LTE downgrade file to go from A06 back to A05.
https://www.downloads.netgear.com/files ... ge(US).zip
Hope this helps if anyone needs to downgrade.
Thank *you* for summarizing and sharing your experience as a reference for otherswasabi wrote: Tue May 18, 2021 2:56 pm I completed the upgrade today and wanted to share - as I went ahead and jumped to the most recent firmware V2.6.4.2. Happy to report that circle_jerk installs just fine with this version and as far as I can tell works.
My speed test just after the install is great (possibly better than before) but I haven't had any real run time with it yet (literally just finished the process).
For reference and to possibly help newbies - here are the steps I did:
1. Used WebUI to Reset to Factory (Administration > Backup Settings)
a. Note: this resets the Orbi to 192.168.1.1
2. Set admin password and recovery questions, left everything else default skipping where possible
3. Updated to V2.5.3.4 firmware via pre-downloaded zip (Orbi was not connected to internet)
a. Probably not needed but I did it by accident (chose wrong file lol)
4. Updated to V2.6.3.50 firmware via pre-downloaded zip (Orbi was not connected to internet)
a. This was in the OP
5. Connected to Orbi to internet/LTE by updating the APN
a. I'm using Calyx so only needed to set this to r.ispsn
6. Updated to V2.6.4.2 firmware via WebUI directly
a. Had not seen any comments about this version so it must be super new
7. Updated LTE Firmware from R01A05 to R01A06 via WebUI directly
8. After all firmware updates completed successfully - performed another factory reset
a. Probably not needed but I wanted a completely clean slate and since I hadn't done any actual configuration yet, so why not
9. Set admin password and recovery questions
10. Selected the mobile network configuration for Sprint\T-Mobile via the new /hidden_info.htm page
a. Selected: Commerical-TMO
b. Note: This does not set the APN - that will be done later
11. Set my desired internal IP and DHCP Range (eg: Change the LAN Setup IP to: 10.10.10.1)
12. Installed Circle_Jerk following Manual Instructions
a. Far simpler than I thought it would be to be honest
13. Rebooted
14. Logged into SSH via Putty (success)
15. Configuration of Circle_Jerk was completed:
a. Disabled WiFi
b. Configured the modem
c. Disabled Netgear IOT check-ins
d. Set DNS nameservers to Google DNS (instructions from a post in this megathread)
16. Adjusted the Authentication Type to IPv4v6
17. Rebooted
-Complete-
Thank you Hazarjast and to the many others that have posted tips and tricks in this megathread!
Your referenced issue of "some IoT device" not working with LBR20 would not be related to the step you reference.muenchris wrote: Fri May 21, 2021 5:22 pm You step 15.c step says "Disable Netgear IOT check-ins".
What exactly did you do here?
Is this helping with the problem that some IOT device do not work with the LBR20?
Thanks
Seems like something on your client PC is blocking TFTP. I would recommend going through the manual deployment instructions to better understand where the failure is occurring so that it can be remediated.bigcache wrote: Mon May 31, 2021 3:50 pm Weird, I choose to auto deploy, but after I got the SSH password, the command jump out:
Connect request failed.
And of course cannot ssh to LBR20, and I telnet to find there's no mods in that directory.
Fantastic! Glad to hear it is still working. Thanks for being a v2.6.5.2 "guinea pig" for the rest of usshinesmart wrote: Fri Jul 09, 2021 6:02 pm *** UPDATE ***
It’s safe to update to v2.6.5.2! CircleJerk still present and all is working as expected. No need to reinstall CJ. Performed about 4 reboots……and all is well.
***************
Anyone tested the new firmware 2.6.5.2? Does circlejerk still work with no issues?
May test it this weekend.
Your wish (and mine) has come true. Updated OP with link, overview, and QuickStart instructions for Voxel LBR20 firmware. Please test and provide feedback which I can pass on to Voxel in order to improve future releasesegauk wrote: Thu Apr 08, 2021 8:01 am Fingers crossed that Voxel is able to release his firmware for the LBR20
Thank you for testing. Eagerly await your feedbackshinesmart wrote: Tue Jul 13, 2021 4:45 pm Great News! Will try it out before the end of this week and provide feedback.
The latest firmware v2.6.5.2 has been very stable and showing faster speedtest results. Currently have two units running to compare; one with Visible and the other with the AT&T Tablet Plan.
As expected, the AT&T unit has better speeds at peak times of the day, and both are running on ipv4 and ipv6.
No band locking, no “magic”, no custom DNS. Just CJ on both to restrict OTA updates and the TTL iptables mod on the Visible unit only.
AT&T Unit: 105mb/40mb
Visible Unit: 70mb/25mb
Very curious to see what Voxel’s will produce.
Gotcha. Yeah, would be great to see how Voxel firmware compares to 2.6.5.2 on both carriers (assuming A06 modem firmware across all). Thank you for sharing your test results.shinesmart wrote: Wed Jul 14, 2021 12:32 pm This comparison was to compare which carrier’s plan is more suited to my needs, that’s why I merely wanted to test them side by side on the same (newest) firmware v2.6.5.2 vs the older v2.5.20. I’ve seen improved speeds on both carriers when running the newest firmware vs the older builds. Here’s the proof via WiFi:
AT&T running 2.6.5.2 yielded 105/40mb
AT&T running 2.5.20 yielded 70/30mb
Visible running 2.6.5.2 yielded 70/25mb
Visible running 2.5.20 yielded 40/15mb
Whilst I’m very interested in the Voxel install, it all comes down to bandwidth speed and reliability. I’m sure his firmware improvements will be very noticeable, but unless it improves the ul/dl speeds, I may opt to stay with the newer stock firmware with CJ, especially if it survives firmware updates.
Very grateful for Voxel’s work as he is a genius and looking forward to testing it.
* BTW, haven’t noticed any throttling by either carrier yet, and I’ve crossed 150gb on each for this month’s cycle. But you are correct, I may have to put up the drapes.
With your and @hazarjast help of course.Thanks for the feedback.shinesmart wrote: Thu Jul 15, 2021 11:56 pm Here are my initial notes on the Voxel firmware:
1. SSH/Telnet banner says LBK20 instead of LBR20. Easy Cosmetic Fix.
2. After initial SSH access, and creating folders to add the ‘firewall-start.sh’ script, I lost both SSH and Telnet access. Tried rebooting and still no access. I suspect some ports were somehow closed after my initial SSH session.
3. Had to reflash in order to regain Telnet access via the debug.htm page. Then had to enable port 22 in the netwall.conf file to allow SSH access. Finally!
Haven’t yet inserted sim in device as I still need to confirm that OTA updates have been disabled by Voxel. If not, will have to add it along with the iptables rules in the firewall-start.sh script.
Would also be nice to have a GUI added for updating TTL values but don’t know if it’s possible.
Disabled Circle, Armor and xCloud via Telnet.
Getting lots of errors on the admin pages, so will flash back to stock, factory reset and try again tomorrow.
Losing SSH is very odd behavior. In the two units I have help folks flash to Voxel firmware (by first downgrading to 2.5.2.20 stock) I have not observed this. Unless some CJ components (old dropbear binary still trying to run, 'fw_rules' script still trying to launch etc.) are still active or stock 2.5.2.20 downgrade *and* factory reset was not performed first before reflashing Voxel, I do not have an explanation for this behaviorshinesmart wrote: Fri Jul 16, 2021 8:05 am Did a fresh install of the Voxel build this morning.
LBR20 with Visible sim is now up and running. It appears that once you add the firewall-start.sh script, you lose the SSH capability. Still have port 22 open in netwall.conf. At least in this version Telnet is still available via debug page.
Observations with Visible over WiFi on (A06):
Too early to confirm, but the speeds are actually a bit slower with this Voxel build when compared to v2.6.5.2 all things being equal. Same sim plan, same tower, same band, same TTL value. I’m trying to be very optimistic, but it seems the router performance is still very buggy. The web interface still gives errors, especially when trying to Reboot via the Advanced page. Had to perform a hard reboot from the actual device.
I understand this is still a work in progress, but all in all, IMHO I see no noticeable improvement with running this custom build vs the latest stock build with CJ, which has been very stable for weeks.
Will test with AT&T plan tomorrow and advise. As I’ve said before, each users need is different, but if the router performance doesn’t translate to faster and more stable upload/download speeds…….then its an individual desire. Maybe gaming, VPN quality, etc will be better with the added performance improvements in Voxel’s version, but for my needs; daily surfing, multiple simultaneous video streaming and occasional Zoom and WhatsApp video calls, I’m happy thus far with stock & CJ.
I am not certain that the script is causing your issues but please remove anything that is not an iptables rule; it's not required and the loop and other commands might very well be causing other issues. The 'firewall-start.sh' script is not used like CJ scripts in any way (in fact it is superior in that it runs on interface changes outside of APN modification as I highlighted in the OP). The script 'firewall-start.sh' should only include the following:shinesmart wrote: Fri Jul 16, 2021 1:01 pm Maybe it’s my firewall-start.sh script that’s creating the SSH issue. Let me know if you see anything in my script:
#!/bin/sh
while [ 1 ]
do
# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \
iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64
# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \
ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 64
echo "127.0.0.1 localhost http.fw.updates1.netgear.com devcom.up.netgear.com" > /etc/hosts
sleep 300
done
Cheers!
Code: Select all
# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \
iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64
# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \
ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 64
Should not need to touch netwall.conf and it is not an executable it's a configuration file. SSH is already open by default. You should only need 'firewall-start.sh' to add your own iptables rules for TTL etc.shinesmart wrote: Fri Jul 16, 2021 3:21 pm Ok, thanks for the help. Will update the script accordingly!
So does the netwall.conf file also need to be executable? That might help explain why the ports aren’t staying open on my specific install.
I would much prefer to avoid doing another downgrade/factory reset. Will see if the updated script gives me back SSH access.
Have a new Verizon tablet plan, so will test that sim over the weekend.
* Just saw Voxel has already revised the LBR20 firmware, so will test as well.
Excellent! Glad to hear you got it sorted. I'm going to add a bold disclaimer to the top of the OP indicating that my methods (CJ etc.) and Voxel firmware are mutually exclusive as they accomplish things much differently and as the Ghostbusters would say: "DON'T CROSS THE STREAMS!"shinesmart wrote: Fri Jul 16, 2021 8:23 pm Voila! Once I fixed the script, I regained SSH access. Crazy how that script would cause the issue.
Just updated to the newer v9.2.5.2.23.1 Voxel firmware and it seems to be running well. Will continue comparing speed and performance results via WiFi as I’ve already established a baseline.
Up and running on the Postpaid Verizon Tablet Plan with TTL 64 and getting solid speeds:
Voxel v23.1: 90mb/30mb
Stock v2.6.5.2: 80mb/30mb
Speeds are about equal across both firmwares.
Still trying to determine the correct TTL for avoiding throttle……64, 65 or 117.
Do you know which one works?
Lol.
Outside of the minor revision to add the updated QCA drivers for WiFi I am not aware of any additional planned revisions based on newer firmware. Since RBK20 hardware is closest to LBR20 we can likely expect that base release that is built off of will likely follow for future revisions. Voxel mostly uses SNB forums so his updates can be more closely followed there for the curious. Of course he can feel free to correct me on any misstatements here as well if so choosingshinesmart wrote: Sun Jul 18, 2021 6:45 am Unfortunately, the Verizon portal doesn’t differentiate mobile data vs hotspot data for this tablet plan, so it’s difficult to know exactly what’s being used.
Activated the sim in an iPad LTE and then migrated to the LBR20 with magic, so only shows 2.3GB usage on the data usage page since activation, and pretty sure I’ve used at least 10GB. It appears that my data usage is not being tracked while in the Orbi, which may indicate that it’s pulling from mobile data……but that’s just a hunch. I’ve tried all three TTL values 64, 65 and 117 and the data usage still remains at 2.3GB (which I suspect is from the initial iPad usage).
** Update: Had to view usage via the Verizon website and now shows 18GB data used. The My Verizon iOS app was not showing usage. Still doesn’t differentiate on device data vs hotspot data, so I’ll see what happens when I cross my allotment. **
Will be testing the AT&T Tablet Plan this week to compare Voxel vs Stock/CJ performance.
Do you know if Voxel is planning any future updates to the firmware, possibly building on top of 2.6.5.2?
Code: Select all
. . .
Additionally you can use your own custom scripts to add your own iptables rules. These
scripts should be named firewall-start.sh (IPv4), /opt/scripts/firewall6-start.sh (IPv6)
and be placed in the:
/mnt/circle/overlay/opt/scripts/
directory, i.e.
/mnt/circle/overlay/opt/scripts/firewall-start.sh
/mnt/circle/overlay/opt/scripts/firewall6-start.sh
with 755 permission attributes (i.e. executable).
In my case all my actual routing is handled by an upstream PFSense box which is running NextDNS CLI. On the Orbi I'm simply overwriting resolve.conf with the IP address of my PFSense so that any NextDNS requests originating from the Orbi go there. This does not affect my LAN clients at all as they are all getting DNS already from the gateway (i.e. NextDNS running on my PFSense host).egauk wrote: Tue Mar 09, 2021 12:33 pm Would you mind sharing how you configured NextDNS to work on your Orbi? I see from the original post this is being used by modifying resolve.conf
Good stuff! Thanks for sharing.shinesmart wrote: Mon Jul 19, 2021 8:12 pm Ok, Verizon was able to fix the way the data usage was displaying on my account. Now I can clearly see the breakdown:
Data Usage: 23.4GB (sim in LBR20)
4G Hotspot Usage: 1.8GB (sim in iPad)
So, for my Verizon Postpaid Tablet Plan, it appears that TTL of either 64 or 65 will mask the hotspot usage in the LBR20.
Hope this helps others…..
The LBR20 checks the boxes you are looking for technically but be aware that for ID change and band locking you will need to from the command line and be comfortable with the Quectel AT command syntax (lots of examples in the OP and elsewhere on these forums); these are not things which can be accomplished in the GUI. For band locking you will need to calculate the hex value of your combined band index for which I believe there is a spreadsheet linked to in other Quectel threads. I prefer cell locking on Quectel's myself; this is touched on with command examples in the OP.Sintrail wrote: Tue Jul 20, 2021 7:14 pm I'm looking for a better device than my Nighthawk M1 for Tmobile / Sprint. Would this device on it's latest firmware still be a good option? My requirements are that I need an ID change and preferably band locking as well, and external MIMO antennas.
I'd also prefer to create multiple SSIDs with SQM applied individually, though I guess I could do that through my current router and use this only as the modem, correct?
The file '/etc/udhcdp.conf' does not exist; possibly you meant '/etc/udhcpd.conf'? Regardless, the latter does not exist by default either and would not help with DNS, it is the configuration file for micro DHCP daemon (udhcpd) and thus used for assigning IP client addresses. Typically if you want to change DNS you would want '/etc/resolv.conf' though enforcing your nameservers can be tricky using LTE as WAN since on successful connection/reconnection that file gets overwritten with the DNS servers provided by the carrier. You could create your own infinite loop script which overwrites '/etc/resolv.conf' at specific intervals or look at calling through '/opt/scripts/firewall-start.sh' or other script under that path to see if that works better.PunyGod wrote: Wed Jul 21, 2021 5:02 pm Hello everyone, I've been testing Voxel's firmware some. I'm going to try to use it with NordLynx VPNs soon. We'll see how that goes.
At the moment I'm having a problem with DNS, although this might be a problem with the stock firmware as well. Changing the DNS in settings doesn't seem to do anything. I tried disabling the traffic meter (per someone's suggestion on netgear community forums), and tried modifying /etc/udhcdp.conf to my preferred DNS. I don't think changes there would persist through reboots, so I added my modified file to /mnt/circle/overlay/tmp/udhcdp.conf and rebooted a couple times.
The overlay doesn't seem to be working the way I thought it would. The file at etc/udhcdp.conf isn't getting my updates like the firewall-start.sh and rc.local files did.
Am I doing something wrong? Is there a better way to change DNS settings without having to set it on every device?
I found the price of the LBR20 quite competitive for the modem inside it of along with the basic functions it accomplishes (LAN Port, basic routing, etc.) Is there a much cheaper option I'm missing? Getting a CAT16 modem appears to run 225 by itself, and the LBR20 was only 300.hazarjast wrote: Mon Jul 26, 2021 9:39 am If your requirements are more advanced/granular while still needing LTE as your main WAN source, then disabling routing/wifi functions and just running it as a WAN to another router makes more sense (though not cost effective if you are paying MSRP for the LBR20 compared to other options, IMHO). I run the latter myself with LBR20 as a modem and PFSense as my router/firewall along with Ubiquiti gear for switches/WiFi.
Thanks for the response. Would you advise running the latest FW and Voxel? Do I need Voxel in order to telnet and run the AT commands? I did see your "read between the lines" and understand what the AT command is, are all the digits in that accurate aside from the ID or do they change for any reason?hazarjast wrote: Mon Jul 26, 2021 9:39 am The LBR20 checks the boxes you are looking for technically but be aware that for ID change and band locking you will need to from the command line and be comfortable with the Quectel AT command syntax (lots of examples in the OP and elsewhere on these forums); these are not things which can be accomplished in the GUI. For band locking you will need to calculate the hex value of your combined band index for which I believe there is a spreadsheet linked to in other Quectel threads. I prefer cell locking on Quectel's myself; this is touched on with command examples in the OP.
Tinkering with WiFi SSID split I cannot offer feedback on directly; maybe check Voxel's SNB forums thread on the RBK20 to see if this is possible or not. Since the Orbi line has a lot of WiFi customizations done by Netgear which is proprietary I'm not certain this could be done easily. SQM may be possible with Entware but you would need to install Entware on a network share since LBR20 doesn't have space for it. Ultimately that limitation may make it impractical or non-functional depending on how well the QoS scripts run from a network share. For both WiFi SSID and QoS requirements I would recommend as you suggest: use LBR20 as a modem as WAN to another router which is more flexible to match your requirements.
For those which do not have a lot of specific requirements and/or plan to use other Orbi satellites for mesh coverage, LBR20 is great. If your requirements are more advanced/granular while still needing LTE as your main WAN source, then disabling routing/wifi functions and just running it as a WAN to another router makes more sense (though not cost effective if you are paying MSRP for the LBR20 compared to other options, IMHO). I run the latter myself with LBR20 as a modem and PFSense as my router/firewall along with Ubiquiti gear for switches/WiFi.
I'm a full time nurse doing my best I'm no expert so any help would be appreciated I have VZW and this is the only internet option where I live so with that said any help any lol because this form jumps around and its way out of my leagueAt those prices you reference, I agree with you. My statement was directly based on *MSRP* which is ~$400 USD and greater in other parts of the world. Once you exceed $400 BYOD (build-your-own-device) starts to look more attractiveundyingshadow wrote: Mon Jul 26, 2021 10:52 am I found the price of the LBR20 quite competitive for the modem inside it of along with the basic functions it accomplishes (LAN Port, basic routing, etc.) Is there a much cheaper option I'm missing? Getting a CAT16 modem appears to run 225 by itself, and the LBR20 was only 300.
One nice thing in the LBR20 which is hard to find in a lot of other Cat.16 modems is the inclusion of both B71 and B41, so there is that."Latest firmware" and "Voxel" are mutually exclusive if you are referring to the latest stock firmware; Voxel is a separate firmware based on 2.5.2.20 GPL sources that Netgear provides. Yes, I recommend running Voxel as it's compiled directly for the hardware and lets us have a lot of nice features out of the box without having to hack things together. No, you don't "need" Voxel in order to telnet but its simpler than having to jump through the hoops required to enable it on the latest stock firmware. Digits in the AT command you reference are command options and should not be changed (though the ID will be unique and of your own entry as you say).Sintrail wrote: Mon Jul 26, 2021 1:27 pm Thanks for the response. Would you advise running the latest FW and Voxel? Do I need Voxel in order to telnet and run the AT commands? I did see your "read between the lines" and understand what the AT command is, are all the digits in that accurate aside from the ID or do they change for any reason?
I actually thought this was my most well priced option. I didn't buy it at full retail but used, but even at 300 with a Cat18 modem that does 5x CA and B71 this seemed to beat anything else I could find? Perhaps I made a mistake in my thinking. Either way I think it will perform better than my M1. It arrives tomorrow so I'll post an update after I get fiddling with it.
I don't run WireGuard but the config file option "PresharedKey" is valid per the man pages for the 'wg' binary. Double check that windscribe PresharedKey is correct. Voxel firmware for LBR20 is using wireguard-tools v1.0.20210424 so all the config syntax that applies to that should apply here just as it does on other up-to-date wireguard OS targets(Ubuntu/Alpine/Fedora/etc.). I see you have a post up in SNB regarding this so maybe someone who is using WireGuard there will be able to provide some additional guidance. Else, I would pursue setting up some logging when using the windscribe PresharedKey and open a support ticket with them and provide them with the error message you are encountering.undyingshadow wrote: Mon Jul 26, 2021 9:35 pm Anyone know how to use a wireguard Preshared Key on Voxel firmware?
I'm using the latest Voxel Firmware on an LBR20 with the Wireguard client. The Quickstart.txt indicates to use the following template for the wireguard.conf file:
------------------------- cut here ---------------------------------------
EndPoint="wireguard.5july.net"
LocalIP="10.0.xxx.xxx/24"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
PublicKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
Port="48574"
------------------------- cut here ---------------------------------------
Problem is that I'm trying to connect to a VPN provider (windscribe) that provides a Preshared Key.
The WG VPN client doesn't seem to work without it.
Trying a different provider (without a PSK) works.
I tried PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
The speeds and 'bursts' you describe sound more like signal issues or deprioritization than issues with TTL. On most plans TTL mangle not working is pretty obvious (i.e. connection not working at all such as when using prepaid/MVNO, or connection getting hard throttled to 600Kbps once you exceed your line's hotspot limit). Getting speeds in excess of 10Mbps doesn't sound like a TTL issue at first pass.Sam023432 wrote: Tue Jul 27, 2021 1:09 am Well I'm lost and don't know if I Mangeld the TTL tables correctly I used putty port 23 ip 192.168.1.1 copy and pasted the command one line at a time for ipv4 and ipv6 and it seemed to work????? On my PC (but I also changed lc default to 65 on cmd ) all I know is the speeds are junk 15-10 then random 40mbps rare but it happens lol but only on the PC if connect any device it is slow as me trying to figure out this router lolI'm a full time nurse doing my best I'm no expert so any help would be appreciated I have VZW and this is the only internet option where I live so with that said any help any lol because this form jumps around and its way out of my league
Code: Select all
iptables -t mangle -L
ip6tables -t mangle -L
Code: Select all
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Endpoint = 38.146.XXX.XXX:51820
AllowedIPs = 0.0.0.0/0Code: Select all
# WireGuard: create wg0 config (wg0.conf)
echo "[Interface]" > $WGConfig
echo "PrivateKey = $PrivateKey" >> $WGConfig
echo "[Peer]" >> $WGConfig
echo "PublicKey = $PublicKey" >> $WGConfig
echo "Endpoint = $IP:$Port" >> $WGConfig
echo "AllowedIPs = 0.0.0.0/0" >> $WGConfig
Thanks. I think the only thing I really need is to lock out sprint bands as once in awhile it seems to REALLY want to do sprint only, even resetting, turning antennas etc. I get 7/.5 if I'm lucky on sprint.hazarjast wrote: Wed Jul 28, 2021 10:43 am "Latest firmware" and "Voxel" are mutually exclusive if you are referring to the latest stock firmware; Voxel is a separate firmware based on 2.5.2.20 GPL sources that Netgear provides. Yes, I recommend running Voxel as it's compiled directly for the hardware and lets us have a lot of nice features out of the box without having to hack things together. No, you don't "need" Voxel in order to telnet but its simpler than having to jump through the hoops required to enable it on the latest stock firmware. Digits in the AT command you reference are command options and should not be changed (though the ID will be unique and of your own entry as you say).
Again, my statements are based on MSRP which is a little inflated in the US and very inflated in some countries outside the US. If you can get for under MSRP then it becomes a quite attractive option if only for the modem capabilities. FWIW, you aren't going to find many towers in the US that will actually take advantage of 5x CA as that is ultimately something the carrier enables in their deployments. I don't think you made any mistakes in your thinking, I agree that LBR20 is quite capable which is why I'm running it myself as an upgrade to an M1 I had previously
Code: Select all
# Check: is it router, exit if "no"
if [ "$MODULE_NAME" != "RBR50" ]; then
echo "This device is not router (satellite). Exit."
exit 0
fi
im just at a loss and i have done the circle mod but the ttl is not sticking so i could really really really use the help 18mb upload 2mb download right now so urrrrghhh lolDo you have discord or something? If you can do a call with screen share I can show you.Sam023432 wrote: Sun Aug 01, 2021 2:34 pm Is there any chance someone can make a step by step guide on how to add the ttl mod for the V9.2.5.2.23SF-HW version ???????????????????????????
Nice detective work on your partundyingshadow wrote: Wed Jul 28, 2021 4:30 pm No joy. Can't connect to anything (either via the router itself or attached devices) when I add PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXX="
I found /var/log/wireguard-client.log
Start WireGuard client. Please wait.
IP of EndPoint XXXXXXXXXX.whiskergalaxy.com is 38.146.XXX.XXX.
Restart firewall to apply iptables rules for WireGuard client.
Generating Rules...
Done!
Starting Firewall...
Done!
This is the second completely separate VPN endpoint with a preshared key that has failed. The only one that I've gotten to work is one that doesn't have a PSK (a wireguard server I setup myself)
The file format that Voxel uses doesn't appear to be a standard one. Is it possible the config file is being parsed for commands to feed to wireguard-tools and Presharedkey just isn't being parsed. I suspect this because /tmp/wg0.conf has:
Code: Select all
[Interface] PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= [Peer] PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= Endpoint = 38.146.XXX.XXX:51820 AllowedIPs = 0.0.0.0/0
EDIT: Yup, that's exactly what's happening:
/etc/init.d/wg-client has
I tried to modify the script but my changes do not persist.Code: Select all
# WireGuard: create wg0 config (wg0.conf) echo "[Interface]" > $WGConfig echo "PrivateKey = $PrivateKey" >> $WGConfig echo "[Peer]" >> $WGConfig echo "PublicKey = $PublicKey" >> $WGConfig echo "Endpoint = $IP:$Port" >> $WGConfig echo "AllowedIPs = 0.0.0.0/0" >> $WGConfig
No head shaking or judgment here, these things can be complex to anyone who has not approached the subject before. If you are still struggling you can reach out (hazarjast at protonmail dot com) and I can try to assist further as my time permits.Sam023432 wrote: Thu Jul 29, 2021 1:41 am Thank you.... after tedious attempts i installed the circle jerk not not positive it worked (auto deploy) the ttl is not sticking have to manualy change evey time via shh and im super confused on how to add the ttl mod script like copy paste to notepad rename and save as sh. to the circle jerk unziped file or idk also i have no idea on how to change dns with fixed ip ?????? ................i know i know i can already picture you reading this and shaking your head i am indeed out of my league here but i am trying my best i followed everything verbatim in quick start auto deploy i am just stuck at the point of the ttl mod and script part that's where i get completely lost i sadly am a follow exact step 1 .2 3 4. 5 type : (
...................................i would like to say thank you seriously for all the help you give ppl like myself something most ppl take for granted like the internet is a blessing here where there are no isp and ppl like you are the Robbin hood of the tech world so thank you again for your patience and expertise its a bigger deal then you might realize for regular folks like me !!! : )
If you want to lock to Sprint without complexity of band calculation you can always lock the cell instead if you can find the EARCFN and CELLID. You can try to use CellMapper or "neighbourcell" command to confirm those two pieces of info from your closest tower. See the example below where I am actively connected to my local [legacy] Sprint B41 cell. "Neighbourcell" first output shows my EARCFN and CELLID along with the next closest ones:Sintrail wrote: Wed Jul 28, 2021 6:45 pm Thanks. I think the only thing I really need is to lock out sprint bands as once in awhile it seems to REALLY want to do sprint only, even resetting, turning antennas etc. I get 7/.5 if I'm lucky on sprint.
Otherwise I'm getting 80/10, which is perfect for me, a big upgrade from the M1. B71 has been key. So I just need to dig into the band locking to lock out those sprint bands then I'm golden! Thanks for all your knowledge and input here, it's really appreciated!
Code: Select all
root@LBR20:~# echo -ne "AT+QENG=\"neighbourcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2
AT+QENG="neighbourcell"
+QENG: "neighbourcell intra","LTE",40072,312,-6,-93,-65,0,-,-,-,-,-
+QENG: "neighbourcell inter","LTE",39874,312,-6,-92,-65,0,-,-,-,-
Code: Select all
echo -ne "AT+QNWLOCK=\"common/4g\",1,39874,312\r\n" | microcom -X -t 1000 /dev/ttyUSB2Code: Select all
echo -ne "AT+QNWLOCK=\"common/4g\",2,39874,312,40072,312\r\n" | microcom -X -t 1000 /dev/ttyUSB2Code: Select all
echo -ne "AT+QNWLOCK=\"common/4g\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2I have been using your exact scenario for the last couple of years (Unifi for WiFi). A quick and dirty takedown of WiFi can be accomplished manually over SSH by issuing simply "wifi down". However, there is a lot of ancillary services still loaded for WiFi which are still running. So far, through trial and error, I've come up with the following which seems to kill most of the WiFi related stuff:gilbreen wrote: Thu Jul 29, 2021 6:55 pm I am getting caught up with this thread. A lot of good info! What would be the correct way to disable wifi while using the new Voxel firmware? I have Unifi equipment in place and would prefer to use it instead.
Code: Select all
kill $(ps | grep '[c]heck_status.sh' | awk '{print $1}')
wifi down
/etc/init.d/soap_agent stop
/etc/init.d/netscan stop
/etc/init.d/wifison-monitor stop
/etc/init.d/wsplcd stop
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[t]ri_band_detect.sh' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')
The bug you found I believe should be fixed in latest Voxel release. Please see updated OP for the download link and change log. It could be your second problem is also fixed as well but no guarantees as I have not tested this myself. If you still have issues loading certain sites once on the latest Voxel release please reply and let us know. At that point I would be focusing on DNS to start and see which sites are resolving and which are not.PunyGod wrote: Fri Jul 30, 2021 1:34 am I'm running Voxel's firmware trying to get a connection to NordVPN using either OpenVPN or NordLynx. No luck with a wireguard NordLynx connection so far, although I think I have all the right connection info. Now I'm trying to get OpenVPN to work, and all I get when I try to start the VPN is "This device is not router (satellite). Exit." Any help?
Edit: OhWell now that I changed that to LBR20, it starts but internet won't work right while connected. For a while google searches were working but loading any other site wouldn't work. What causes that?Code: Select all
# Check: is it router, exit if "no" if [ "$MODULE_NAME" != "RBR50" ]; then echo "This device is not router (satellite). Exit." exit 0 fi
Just to be clear, when you say "circle mod" I want to make sure you are simply referring to the overlay filesystem and not referencing "CircleJerk" mod usage on Voxel firmware. As I've stated previously these two things in general are mutually exclusive. Assuming you are not combining CJ and Voxel, here is the step-by-step for enabling reboot-persistent TTL mod:Sam023432 wrote: Sun Aug 01, 2021 2:34 pm Is there any chance someone can make a step by step guide on how to add the ttl mod for the V9.2.5.2.23SF-HW version ???????????????????????????
Code: Select all
mkdir -p /mnt/circle/overlay/opt/scripts
touch /mnt/circle/overlay/opt/scripts/firewall-start.sh
chmod 755 /mnt/circle/overlay/opt/scripts/firewall-start.sh
touch /mnt/circle/overlay/opt/scripts/firewall6-start.sh
chmod 755 /mnt/circle/overlay/opt/scripts/firewall6-start.sh
Code: Select all
vi /mnt/circle/overlay/opt/scripts/firewall-start.sh
Code: Select all
# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 65 > /dev/null 2>&1 || \
iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 65
Code: Select all
:wq
Code: Select all
# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 65 > /dev/null 2>&1 || \
ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 65
Code: Select all
cat /mnt/circle/overlay/opt/scripts/firewall*
Code: Select all
reboot
Code: Select all
iptables -t mangle -L
ip6tables -t mangle -L
Code: Select all
host gmail-smtp-in.l.google.com[108.177.126.27]
said: 550-5.1.1 The email account that you tried to reach does not exist.
Please try 550-5.1.1 double-checking the recipient's email address for
typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1
https://support.google.com/mail/?p=NoSuchUser s4si10563711ejj.578 - gsmtp
(in reply to RCPT TO command)
Thanks hazarjast! I actually implemented the same steps above over the weekend based on a couple of your previous posts. I saw your post about the commands to disable wifi from last March and then one of your recent comments about rc.local being able to commands at bootup with Voxel's firmware. So I combined those two posts and it is working great! I did add a sleep delay of 60 seconds as the first step based on other posts and just as you recommended above.hazarjast wrote: Mon Aug 02, 2021 12:16 pm I have been using your exact scenario for the last couple of years (Unifi for WiFi). A quick and dirty takedown of WiFi can be accomplished manually over SSH by issuing simply "wifi down". However, there is a lot of ancillary services still loaded for WiFi which are still running. So far, through trial and error, I've come up with the following which seems to kill most of the WiFi related stuff:
You could put the above in a script and have it called via '/etc/rc.local' so that it takes WiFi down on startup. If you did that I would suggest adding a couple/few minute 'sleep' delay before the other commands to make sure you're not pulling the rug out from under anything while services are still loading. YMMV as I haven't gotten back around to testing this further myself. If you do test and result looks good or you have to tweak, please provide feedback as I'm sure it would help myself and others who wish to disable wifi after startupCode: Select all
kill $(ps | grep '[c]heck_status.sh' | awk '{print $1}') wifi down /etc/init.d/soap_agent stop /etc/init.d/netscan stop /etc/init.d/wifison-monitor stop /etc/init.d/wsplcd stop kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}') kill $(ps | grep '[t]ri_band_detect.sh' | awk '{print $1}') kill $(ps | grep '[h]ostapd' | awk '{print $1}')
Code: Select all
#ln -sf /mnt/circle/mods/check_status.sh /sbin/check_status.sh
#/sbin/check_status.sh &No need to flash stock. Once you are on Voxel you can upgrade to newer versions of his firmware just as you would apply a normal update.gilbreen wrote: Mon Aug 02, 2021 5:42 pm I see that Voxel has released another update to his firmware. Once an LBR20 has the Voxel firmware and he releases a new version, is it necessary to revert back to the stock Netgear firmware (2.5.2.20) before installing the new version or can the new Voxel firmware be installed over top his old version? Separately, I sent him a donation as a thank you for his efforts and ,like hazarjast, encourage others to do the same if they can.
Yeah those omitted lines were a way I was working on to make sure the Netgear check script didn’t restart any Wifi services after they were killed. The modified check script is in the CircleJerk repository but I hadn’t tested it on Voxel so I just left it out when making the recommendations on what to kill.gilbreen wrote: Mon Aug 02, 2021 6:19 pm Thanks hazarjast! I actually implemented the same steps above over the weekend based on a couple of your previous posts. I saw your post about the commands to disable wifi from last March and then one of your recent comments about rc.local being able to commands at bootup with Voxel's firmware. So I combined those two posts and it is working great! I did add a sleep delay of 60 seconds as the first step based on other posts and just as you recommended above.
Your initial post about disabling wifi from last March also included two lines but, like you did above, I left them out since I disabled Circle and they seemed to be related to it:
The router definitely seems more responsive without Armor, Circle and Wifi services running. I appreciate the help and all the great info!Code: Select all
#ln -sf /mnt/circle/mods/check_status.sh /sbin/check_status.sh #/sbin/check_status.sh &
Thank you hazerjast for your awesome work and info! I have my LBR20 running the newest Voxel. I'm running T-mobile Magent Max with working magic on the orbi and using the wifi from the orbi. Even with your great instructions I still can't get my TTL working correctly. Still having some leakage. From a command prompt using orbi wifi when I ping DNS 8.8.8.8 I come back with TTL=110. I have tried various mixed rules of TTL 64 and 65 still nothing. When I check the above TTL rules step 11 in telnet I get back Ipv4 = 65, but nothing on the IPv6. The IPv6 script shows the routing just no IPv6=65 at the end.hazarjast wrote: Mon Aug 02, 2021 1:10 pm Just to be clear, when you say "circle mod" I want to make sure you are simply referring to the overlay filesystem and not referencing "CircleJerk" mod usage on Voxel firmware. As I've stated previously these two things in general are mutually exclusive. Assuming you are not combining CJ and Voxel, here is the step-by-step for enabling reboot-persistent TTL mod:
NOTE: If a TTL value of "65" is not appropriate for your specific carrier/plan (and it isn't for some), you can edit the firewall script files you created by using vi to open the files, going into "Insert" mode by pressing "I" (as in "igloo"), using your arrow keys to move the cursor to the existing "65" entries, back-spacing them out to delete, then replace by entering your desired value. Don't forget to hit escape to exit "Insert" mode and issue ":wq" to write your changes to the file and exit vi and reboot to apply your changes.
- SSH into your LBR20 using Putty.
- Issue the following commands:
Code: Select all
mkdir -p /mnt/circle/overlay/opt/scripts touch /mnt/circle/overlay/opt/scripts/firewall-start.sh chmod 755 /mnt/circle/overlay/opt/scripts/firewall-start.sh touch /mnt/circle/overlay/opt/scripts/firewall6-start.sh chmod 755 /mnt/circle/overlay/opt/scripts/firewall6-start.sh- Now we will populate each firewall script ('firewall-start.sh' with IPv4 commands and 'firewall6-start.sh' with IPv6 commands). To do this, we will use the text editor 'vi'. Let's start by opening the IPv4 firewall script in vi:
Code: Select all
vi /mnt/circle/overlay/opt/scripts/firewall-start.sh- Once the file is open in vi, you have to press the "I" (as in "igloo") key on your keyboard to enter "Insert" mode.
- Then, select the following text from the code box and copy it to your clipboard ("Ctrl+C"):
Code: Select all
# IPv4 TTL mod iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 65 > /dev/null 2>&1 || \ iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 65- Now paste the text from your clipboard into the Putty window by right-clicking with your mouse anywhere inside it. You should see the text appear in vi.
- Hit 'Enter' to add a new line, then press "Esc" (escape key) on your keyboard which will take you out of "Insert" mode. Save and exit vi by typing the following followed by "Enter" on your keyboard:
(":" = enter vi command mode, "w" = write changes to the file, "q" = quit vi)Code: Select all
:wq- Now repeat steps 3 through 7 for 'firewall6-start.sh' with the text below (for IPv6):
Code: Select all
# IPv6 TTL mod (prevents leaks not covered by IPv4 rules) ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 65 > /dev/null 2>&1 || \ ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 65- Check your work by issuing the following command:
The output should show all the iptables commands you've added from the code boxes above in the previous steps. If it does not, go back into each file and check for mistakes (maybe you didn't paste before saving, maybe you forgot "w" when existing vi and the text was not saved, etc.).Code: Select all
cat /mnt/circle/overlay/opt/scripts/firewall*- Issue the following command to restart the LBR20 to check that your scripts execute properly on startup:
Code: Select all
reboot- Once the unit has rebooted and some minutes have passed to be sure all services have started, issue the following two commands to check that your iptables rules are active:
The last line of output from each command should show a POSTROUTING rule with a value of "65". If not, then something went wrong and your iptables rules are not active. Check that the 'firewall-start.sh' and 'firewall6-start.sh' script files exist where you created them in the previous steps above and that they are populated with the necessary iptables text in the code boxes from previous steps. Also, be sure that you did not miss the "chmod 755" commands when creating the files as this makes them executable. Fix any errors you encounter, then reboot and execute the above iptables commands again to re-check.Code: Select all
iptables -t mangle -L ip6tables -t mangle -L
FYI, I tried to email you but got the following bounce-back:Code: Select all
host gmail-smtp-in.l.google.com[108.177.126.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser s4si10563711ejj.578 - gsmtp (in reply to RCPT TO command)
.i know its not recommended but i had the same issue the only way i got it to work was to put the ip6 scrip code in with the ip4 code and it worked like a charm so far but either way his guide was a blessing so no complaints here ttl 64 hl64 on reboot (set at 64 seems to be the one for verizon) i cant thank hazarjast enough note...... made the actual code part one long line per commandCameleer wrote: Wed Aug 04, 2021 9:05 am
Thank you hazerjast for your awesome work and info! I have my LBR20 running the newest Voxel. I'm running T-mobile Magent Max with working magic on the orbi and using the wifi from the orbi. Even with your great instructions I still can't get my TTL working correctly. Still having some leakage. From a command prompt using orbi wifi when I ping DNS 8.8.8.8 I come back with TTL=110. I have tried various mixed rules of TTL 64 and 65 still nothing. When I check the above TTL rules step 11 in telnet I get back Ipv4 = 65, but nothing on the IPv6. The IPv6 script shows the routing just no IPv6=65 at the end.
Does anyone have any ideas about what to try next?
I have an old archer c7 router with golden orb on it setting here unused. Would It be easier/safer to use the wifi from the C7 and set the TTL on it?
Setting this up for my mother in law so would really like to just use the orbi 100% and have one less router to deal with
Thanks