Orbi LBR20 How-To / Megathread

How To Tutorials related to Routers and Firmware
Forum rules
This forum is for tutorials only--not for help or assistance.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Fri Apr 16, 2021 12:37 am Finally was able to find the LTE downgrade file to go from A06 back to A05.

https://www.downloads.netgear.com/files ... ge(US).zip

Hope this helps if anyone needs to downgrade.
Thank you for posting this. Always good to have archive for those who have issues. I have placed a copy in cloud storage of my own as a mirror in case this one should go missing and someone is looking for it :)

FWIW, I have not had problems with A06 (Sprint/T-Mobile) but it seems those with other carriers have reported some. Though it is has not been clearly traced back to the LTE firmware itself.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

wasabi wrote: Tue May 18, 2021 2:56 pm I completed the upgrade today and wanted to share - as I went ahead and jumped to the most recent firmware V2.6.4.2. Happy to report that circle_jerk installs just fine with this version and as far as I can tell works.

My speed test just after the install is great (possibly better than before) but I haven't had any real run time with it yet (literally just finished the process).

For reference and to possibly help newbies - here are the steps I did:

1. Used WebUI to Reset to Factory (Administration > Backup Settings)
a. Note: this resets the Orbi to 192.168.1.1
2. Set admin password and recovery questions, left everything else default skipping where possible
3. Updated to V2.5.3.4 firmware via pre-downloaded zip (Orbi was not connected to internet)
a. Probably not needed but I did it by accident (chose wrong file lol)
4. Updated to V2.6.3.50 firmware via pre-downloaded zip (Orbi was not connected to internet)
a. This was in the OP
5. Connected to Orbi to internet/LTE by updating the APN
a. I'm using Calyx so only needed to set this to r.ispsn
6. Updated to V2.6.4.2 firmware via WebUI directly
a. Had not seen any comments about this version so it must be super new
7. Updated LTE Firmware from R01A05 to R01A06 via WebUI directly
8. After all firmware updates completed successfully - performed another factory reset
a. Probably not needed but I wanted a completely clean slate and since I hadn't done any actual configuration yet, so why not
9. Set admin password and recovery questions
10. Selected the mobile network configuration for Sprint\T-Mobile via the new /hidden_info.htm page
a. Selected: Commerical-TMO
b. Note: This does not set the APN - that will be done later
11. Set my desired internal IP and DHCP Range (eg: Change the LAN Setup IP to: 10.10.10.1)
12. Installed Circle_Jerk following Manual Instructions
a. Far simpler than I thought it would be to be honest
13. Rebooted
14. Logged into SSH via Putty (success)
15. Configuration of Circle_Jerk was completed:
a. Disabled WiFi
b. Configured the modem
c. Disabled Netgear IOT check-ins
d. Set DNS nameservers to Google DNS (instructions from a post in this megathread)
16. Adjusted the Authentication Type to IPv4v6
17. Rebooted
-Complete-

Thank you Hazarjast and to the many others that have posted tips and tricks in this megathread!
Thank *you* for summarizing and sharing your experience as a reference for others :)
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

muenchris wrote: Fri May 21, 2021 5:22 pm You step 15.c step says "Disable Netgear IOT check-ins".
What exactly did you do here?
Is this helping with the problem that some IOT device do not work with the LBR20?

Thanks
Your referenced issue of "some IoT device" not working with LBR20 would not be related to the step you reference.

IOT (IoT) in this case is a reference to the router itself and Netgear's cloud based management platform used for their unsolicited firmware updates, ReadyNAS features, and them sending telemetry from your device back to their "mothership" for whatever the heck they feel like doing with it. Seeing how lax Netgear has been on security up to this point (and seeing stories in the news like the "WD MyBook Live" debacle), I do not trust a device in my network to be so "connected" to potentially unsecured destinations outside of my control. Thus, we can use DNS or firewall methods to block these types of communications.

In regards to the 'IoT' device issue you reference, what I have found when LTE PDP profile is set to 'IPv4v6' or 'IPv6' is that the unit does not automatically creat a 6-to-4 tunnel for LAN devices and defaults to sending them IPv4 addresses of '192.0.0.2' as the wwan0 IP with '192.0.0.1' as the gateway which can break routing to the various servers IoT devices need to reach out to on the Internet (they aren't going to get to the Internet trying to use '192.0.01' as a gateway).

Reading IPv6 DHCP RFCs surrounding IPv4 compatibility, this behavior may be by design and I am not sure that the LBR20 fully supports IPv6 WAN IPs using the LTE modem (you will notice that under 'Advanced' the "IPv6" options are always grayed out when using the LTE modem as the only WAN). There is more investigation and learning to be done on this topic but I have not made much progress given my other obligations so I personally just set PDP to 'IPv4' only until I can understand this better and/or resolve the issues surrounding IPv6. This is undesirable since at least with T-Mobile the PDP profile for 'IPv4v6' gives a much more local public IPv4 assignment and lower latency than 'IPv4' but then my IoT devices can't get out to the Internet and I have to resort to tunneling them all over VPN which is annoying. Since I am not an FPS gamer I've taken the higher latency penalty to allow my IoT devices easier access without a VPN :)
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

bigcache wrote: Mon May 31, 2021 3:50 pm Weird, I choose to auto deploy, but after I got the SSH password, the command jump out:

Connect request failed.

And of course cannot ssh to LBR20, and I telnet to find there's no mods in that directory.
Seems like something on your client PC is blocking TFTP. I would recommend going through the manual deployment instructions to better understand where the failure is occurring so that it can be remediated.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Fri Jul 09, 2021 6:02 pm *** UPDATE ***
It’s safe to update to v2.6.5.2! CircleJerk still present and all is working as expected. No need to reinstall CJ. Performed about 4 reboots……and all is well. 🥳
***************

Anyone tested the new firmware 2.6.5.2? Does circlejerk still work with no issues?

May test it this weekend.
Fantastic! Glad to hear it is still working. Thanks for being a v2.6.5.2 "guinea pig" for the rest of us :)
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

egauk wrote: Thu Apr 08, 2021 8:01 am Fingers crossed that Voxel is able to release his firmware for the LBR20 8-)
Your wish (and mine) has come true. Updated OP with link, overview, and QuickStart instructions for Voxel LBR20 firmware. Please test and provide feedback which I can pass on to Voxel in order to improve future releases :)
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Great News! Will try it out before the end of this week and provide feedback.

The latest firmware v2.6.5.2 has been very stable and showing faster speedtest results. Currently have two units running to compare; one with Visible and the other with the AT&T Tablet Plan.

As expected, the AT&T unit has better speeds at peak times of the day, and both are running on ipv4 and ipv6.

No band locking, no “magic”, no custom DNS. Just CJ on both to restrict OTA updates and the TTL iptables mod on the Visible unit only.

AT&T Unit: 105mb/40mb
Visible Unit: 70mb/25mb

Very curious to see what Voxel’s will produce. 🤔
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Tue Jul 13, 2021 4:45 pm Great News! Will try it out before the end of this week and provide feedback.

The latest firmware v2.6.5.2 has been very stable and showing faster speedtest results. Currently have two units running to compare; one with Visible and the other with the AT&T Tablet Plan.

As expected, the AT&T unit has better speeds at peak times of the day, and both are running on ipv4 and ipv6.

No band locking, no “magic”, no custom DNS. Just CJ on both to restrict OTA updates and the TTL iptables mod on the Visible unit only.

AT&T Unit: 105mb/40mb
Visible Unit: 70mb/25mb

Very curious to see what Voxel’s will produce. 🤔
Thank you for testing. Eagerly await your feedback :)

The stock v2.6.5.2 Netgear firmware won't make any difference in speed when you compare the same plans and networks on two devices because that version is still only compiled for generic ARM with no optimization flags for the specific SoC in the device. The reason you're seeing a difference is that Visible is a much lower prioritization level than a tablet line on AT&T (also many other variables in play given the different network, such as connected band spectrum, tower load, backhaul, etc.). An apples to apples comparison would be two units, one on one firmware version and the other on a different firmware version, using the same type of plan from the same carrier on both; otherwise it's not showing you anything definitive in regards to firmware performance improvement, IMHO.

Good to see that neither carrier is enforcing a whitelist of approved device TACs for your plans. However, they could do this at any time and/or decide on a down quarter that their shareholders need a dividend and flip the switch to enforce device restrictions in which case magic would then be required. Personally, I'm too paranoid to run with the native TAC since it's very easy for them to identify my use of a non-blessed device. Not sure which AT&T plan you are using but many folks with tablet plans through them are seeing enforcement of 10GB or 20GB hotspot; this may be less enforceable on a router device though with TTL in place so not sure if you've noticed any hard throttles after this amount or not.

With Voxel's firmware, my upload speeds on TMO on B41 peak at 50-100% more than on the stock firmware (10Mbps on stock, 15-20Mbps on Voxel) so take that FWIW. My download speeds under standard deprioritization during peak hours may be slightly faster but not as measurable as the upload improvement.
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

This comparison was to compare which carrier’s plan is more suited to my needs, that’s why I merely wanted to test them side by side on the same (newest) firmware v2.6.5.2 vs the older v2.5.20. I’ve seen improved speeds on both carriers when running the newest firmware vs the older builds. Here’s the proof via WiFi:

AT&T running 2.6.5.2 yielded 105/40mb
AT&T running 2.5.20 yielded 70/30mb

Visible running 2.6.5.2 yielded 70/25mb
Visible running 2.5.20 yielded 40/15mb

Whilst I’m very interested in the Voxel install, it all comes down to bandwidth speed and reliability. I’m sure his firmware improvements will be very noticeable, but unless it improves the ul/dl speeds, I may opt to stay with the newer stock firmware with CJ, especially if it survives firmware updates.

Very grateful for Voxel’s work as he is a genius and looking forward to testing it.

* BTW, haven’t noticed any throttling by either carrier yet, and I’ve crossed 150gb on each for this month’s cycle. But you are correct, I may have to put up the drapes. 🤫
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Wed Jul 14, 2021 12:32 pm This comparison was to compare which carrier’s plan is more suited to my needs, that’s why I merely wanted to test them side by side on the same (newest) firmware v2.6.5.2 vs the older v2.5.20. I’ve seen improved speeds on both carriers when running the newest firmware vs the older builds. Here’s the proof via WiFi:

AT&T running 2.6.5.2 yielded 105/40mb
AT&T running 2.5.20 yielded 70/30mb

Visible running 2.6.5.2 yielded 70/25mb
Visible running 2.5.20 yielded 40/15mb

Whilst I’m very interested in the Voxel install, it all comes down to bandwidth speed and reliability. I’m sure his firmware improvements will be very noticeable, but unless it improves the ul/dl speeds, I may opt to stay with the newer stock firmware with CJ, especially if it survives firmware updates.

Very grateful for Voxel’s work as he is a genius and looking forward to testing it.

* BTW, haven’t noticed any throttling by either carrier yet, and I’ve crossed 150gb on each for this month’s cycle. But you are correct, I may have to put up the drapes. 🤫
Gotcha. Yeah, would be great to see how Voxel firmware compares to 2.6.5.2 on both carriers (assuming A06 modem firmware across all). Thank you for sharing your test results.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Just wanted to let folks know that I have worked with some additional folks to test Verizon (postpaid proper, not prepaid Visible or MVNO) and AT&T under Voxel's firmware and so far those carriers have been good. I am running for nearly 72 hours so far on T-Mobile on B2 and B41 as PCCs without issue :)
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Here are my initial notes on the Voxel firmware:

1. SSH/Telnet banner says LBK20 instead of LBR20. Easy Cosmetic Fix.

2. After initial SSH access, and creating folders to add the ‘firewall-start.sh’ script, I lost both SSH and Telnet access. Tried rebooting and still no access. I suspect some ports were somehow closed after my initial SSH session.

3. Had to reflash in order to regain Telnet access via the debug.htm page. Then had to enable port 22 in the netwall.conf file to allow SSH access. Finally!

Haven’t yet inserted sim in device as I still need to confirm that OTA updates have been disabled by Voxel. If not, will have to add it along with the iptables rules in the firewall-start.sh script.

Would also be nice to have a GUI added for updating TTL values but don’t know if it’s possible.

Disabled Circle, Armor and xCloud via Telnet.

Getting lots of errors on the admin pages, so will flash back to stock, factory reset and try again tomorrow.
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Did a fresh install of the Voxel build this morning.

LBR20 with Visible sim is now up and running. It appears that once you add the firewall-start.sh script, you lose the SSH capability. Still have port 22 open in netwall.conf. At least in this version Telnet is still available via debug page.

Observations with Visible over WiFi on (A06):

Too early to confirm, but the speeds are actually a bit slower with this Voxel build when compared to v2.6.5.2 all things being equal. Same sim plan, same tower, same band, same TTL value. I’m trying to be very optimistic, but it seems the router performance is still very buggy. The web interface still gives errors, especially when trying to Reboot via the Advanced page. Had to perform a hard reboot from the actual device.

I understand this is still a work in progress, but all in all, IMHO I see no noticeable improvement with running this custom build vs the latest stock build with CJ, which has been very stable for weeks.

Will test with AT&T plan tomorrow and advise. As I’ve said before, each users need is different, but if the router performance doesn’t translate to faster and more stable upload/download speeds…….then its an individual desire. Maybe gaming, VPN quality, etc will be better with the added performance improvements in Voxel’s version, but for my needs; daily surfing, multiple simultaneous video streaming and occasional Zoom and WhatsApp video calls, I’m happy thus far with stock & CJ. 😎
Voxel
Posts: 1
Joined: Fri Jul 16, 2021 9:49 am
Has thanked: 0
Been thanked: 1 time

Re: Orbi LBR20 How-To / Megathread

Post by Voxel »

Let us continue directly with me. It would be more correct I think? ;-)

Just found this forum and this thread after reading @hazarjast e-mail re: LTEHACK forum. Thanks for him for his good words.

Thank you @shinesmart as well for your attempts of testing. Let us a bit clarify.

First, ssh access should NOT be opened by netwall.conf for an access from the LAN. Only for WAN. I.e. there are NO special actions are needed to open it from your local network. WAN is your wwan interface or brwan if you are using the cable connection.

Second, what is the text version of your custom netwall.conf? There are Mac version (CR symbol at the end of line), Windows version (CR+LF symbols at the end of line)? Unix version (LF symbol at the end of line).

We are dealing with Linux, so we have to use Unix version (LF at th end of line).

Use of others text versions could break the work of net-wall program.

Third, I am interested in the speed test running from the WebGUI. Currently you did not point what is your Wi-Fi client, what is the connection (2.4GHz or 5GHz) so what should I assume? Your speed by Wi-Fi (e.g. 2.4) or your Internet speed?

FYI: my best speed test results are 346.77/41.32 as dl/ul. Unfortunately I bought the NAS version of Orbi LBR. I am in Europe. So I had the same version of LBR as you. A06. In Europe. Only B7. I had about 220-230/38 with the stock V2.6.4.2.

I cannot say that I am an expert in LTE now. But I will be :-) With your and @hazarjast help of course.

Please let me know.

Also FYI. Latest fw from NG contains updated QCA drivers for Wi-Fi. I plan to update my current version 23Sf-HW as it was done for Orbi RBK50

https://www.snbforums.com/threads/custo ... ost-700398

Let's rock?

Best regards and wishes,
Voxel.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Thu Jul 15, 2021 11:56 pm Here are my initial notes on the Voxel firmware:

1. SSH/Telnet banner says LBK20 instead of LBR20. Easy Cosmetic Fix.

2. After initial SSH access, and creating folders to add the ‘firewall-start.sh’ script, I lost both SSH and Telnet access. Tried rebooting and still no access. I suspect some ports were somehow closed after my initial SSH session.

3. Had to reflash in order to regain Telnet access via the debug.htm page. Then had to enable port 22 in the netwall.conf file to allow SSH access. Finally!

Haven’t yet inserted sim in device as I still need to confirm that OTA updates have been disabled by Voxel. If not, will have to add it along with the iptables rules in the firewall-start.sh script.

Would also be nice to have a GUI added for updating TTL values but don’t know if it’s possible.

Disabled Circle, Armor and xCloud via Telnet.

Getting lots of errors on the admin pages, so will flash back to stock, factory reset and try again tomorrow.
Thanks for the feedback.

Yes, I mentioned banner change to Voxel.

Something is definitely not right with you losing any SSH access; telnet is not enabled to begin with on the firmware and not required (much less secure and robust than SSH). Did you downgrade to 2.5.2.20 stock per the instructions prior to flashing Voxel's firmware?

Existing Negear GUI modification I cannot speak to directly but I know Negear appears to use a convoluted setup of custom binary which is acting as web server along with a backend database for storing most CGI and configuration settings. I do not believe their customized binary for the web server is under GPL so likely any modifications would require manual reverse engineering with decompiling which could take a lot of effort. Maybe I am wrong, I hope so.

I have not had any errors on the admin pages. I am thinking something is amiss from the firmware downgrade (if already performed prior to Voxel flash). CJ is definitely not tested or certified for use with Voxel firmware given it leverages a better means of achieving the same and allowing us to completely disable Circle so if any remnant of CJ is still running on your unit I could see that causing conflicts.

It is a good plan to flash back to stock 2.5.2.20 and perform a factory reset as you suggest (you will notice it does not necessarily wipe 'mods' and 'backup' folders created by CJ deployment under '/mnt/circle' when downgrading and resetting to factory, but Circle scripts are replaced back to stock). Only then would I flash Voxel's firmware which should ensure a clean experience.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Fri Jul 16, 2021 8:05 am Did a fresh install of the Voxel build this morning.

LBR20 with Visible sim is now up and running. It appears that once you add the firewall-start.sh script, you lose the SSH capability. Still have port 22 open in netwall.conf. At least in this version Telnet is still available via debug page.

Observations with Visible over WiFi on (A06):

Too early to confirm, but the speeds are actually a bit slower with this Voxel build when compared to v2.6.5.2 all things being equal. Same sim plan, same tower, same band, same TTL value. I’m trying to be very optimistic, but it seems the router performance is still very buggy. The web interface still gives errors, especially when trying to Reboot via the Advanced page. Had to perform a hard reboot from the actual device.

I understand this is still a work in progress, but all in all, IMHO I see no noticeable improvement with running this custom build vs the latest stock build with CJ, which has been very stable for weeks.

Will test with AT&T plan tomorrow and advise. As I’ve said before, each users need is different, but if the router performance doesn’t translate to faster and more stable upload/download speeds…….then its an individual desire. Maybe gaming, VPN quality, etc will be better with the added performance improvements in Voxel’s version, but for my needs; daily surfing, multiple simultaneous video streaming and occasional Zoom and WhatsApp video calls, I’m happy thus far with stock & CJ. 😎
Losing SSH is very odd behavior. In the two units I have help folks flash to Voxel firmware (by first downgrading to 2.5.2.20 stock) I have not observed this. Unless some CJ components (old dropbear binary still trying to run, 'fw_rules' script still trying to launch etc.) are still active or stock 2.5.2.20 downgrade *and* factory reset was not performed first before reflashing Voxel, I do not have an explanation for this behavior :(

When testing WAN performance between stock and Voxel firmware a good baseline should be tests performed over Ethernet first due to myriad factors that can affect WiFi speed (band, channel, building architecture, RF congestion/interference from surrounding devices using the same spectrum etc.). Don't get me wrong, WiFi tests are still good as it can highlight differences in WiFi performance specifically as it relates to compiled WiFi drivers etc. But a true test of WAN (specifically LTE WAN) performance differences should be baselined over Ethernet whenever possible.

I am glad CJ has been stable for you and again thank you for testing Voxel's firmware. Hopefully we can make some sense of what is causing your particular issues so that the latter runs as I have seen it run (fast and stable). But at the end of the day, I understand you sometimes have to stick with what 'just works' if you do not have time to troubleshoot.
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Maybe it’s my firewall-start.sh script that’s creating the SSH issue. Let me know if you see anything in my script:

#!/bin/sh

while [ 1 ]
do

# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \
iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64

# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \
ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 64

echo "127.0.0.1 localhost http.fw.updates1.netgear.com devcom.up.netgear.com" > /etc/hosts

sleep 300

done


Cheers!
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Fri Jul 16, 2021 1:01 pm Maybe it’s my firewall-start.sh script that’s creating the SSH issue. Let me know if you see anything in my script:

#!/bin/sh

while [ 1 ]
do

# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \
iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64

# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \
ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 64

echo "127.0.0.1 localhost http.fw.updates1.netgear.com devcom.up.netgear.com" > /etc/hosts

sleep 300

done


Cheers!
I am not certain that the script is causing your issues but please remove anything that is not an iptables rule; it's not required and the loop and other commands might very well be causing other issues. The 'firewall-start.sh' script is not used like CJ scripts in any way (in fact it is superior in that it runs on interface changes outside of APN modification as I highlighted in the OP). The script 'firewall-start.sh' should only include the following:

Code: Select all

# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \
iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64

# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \
ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 64

In Voxel's firmware I have used the 'Check' function to confirm that it is not reaching out to netgear for stock firmware (outside of the LTE firmware which is ultimately sourced from Quectel) so adding hosts file entries should not be necessary (you will see 'updated failed' on Status if you check). If you still want to add hosts file entries you should be able to do so with the overlay filesystem by creating the 'hosts' file you want i.e. '/mnt/circle/overlay/etc/hosts'. Once your overlay 'hosts' file is populated, upon reboot you can check that your hosts file contains your entries by cat'ing '/etc/hosts'. If you have other scripts you want to run at boot they can be called at each restart by creating '/mnt/circle/overlay/etc/rc.local' and adding the full path to them as lines in that file. When creating overlay files please be certain that you are setting the correct permissions on them (executable if creating new script files like 'firewall-start.sh' and proper r/w chmod for overlay of any existing file like '/etc/hosts', '/etc/rc.local', etc.).
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Ok, thanks for the help. Will update the script accordingly!

So does the netwall.conf file also need to be executable? That might help explain why the ports aren’t staying open on my specific install.

I would much prefer to avoid doing another downgrade/factory reset. Will see if the updated script gives me back SSH access.
🍺

Have a new Verizon tablet plan, so will test that sim over the weekend.

* Just saw Voxel has already revised the LBR20 firmware, so will test as well.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Fri Jul 16, 2021 3:21 pm Ok, thanks for the help. Will update the script accordingly!

So does the netwall.conf file also need to be executable? That might help explain why the ports aren’t staying open on my specific install.

I would much prefer to avoid doing another downgrade/factory reset. Will see if the updated script gives me back SSH access.
🍺

Have a new Verizon tablet plan, so will test that sim over the weekend.

* Just saw Voxel has already revised the LBR20 firmware, so will test as well.
Should not need to touch netwall.conf and it is not an executable it's a configuration file. SSH is already open by default. You should only need 'firewall-start.sh' to add your own iptables rules for TTL etc.

Would be curious if you could confirm if you downgraded to 2.5.2.20 stock prior to flashing Voxel firmware. This will help us help others knowing what may occur if one does not perform this order of operations.

Thanks for testing the latest revision :)
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Yes, I downgraded from v2.6.5.2 to v2.5.2.20, then did a factory reset and then installed Voxel’s build.
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Voila! Once I fixed the script, I regained SSH access. Crazy how that script would cause the issue.

Just updated to the newer v9.2.5.2.23.1 Voxel firmware and it seems to be running well. Will continue comparing speed and performance results via WiFi as I’ve already established a baseline.

Up and running on the Postpaid Verizon Tablet Plan with TTL 64 and getting solid speeds:

Voxel v23.1: 90mb/30mb
Stock v2.6.5.2: 80mb/30mb

Speeds are about equal across both firmwares. 😎

Still trying to determine the correct TTL for avoiding throttle……64, 65 or 117.

Do you know which one works?
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Fri Jul 16, 2021 8:23 pm Voila! Once I fixed the script, I regained SSH access. Crazy how that script would cause the issue.

Just updated to the newer v9.2.5.2.23.1 Voxel firmware and it seems to be running well. Will continue comparing speed and performance results via WiFi as I’ve already established a baseline.

Up and running on the Postpaid Verizon Tablet Plan with TTL 64 and getting solid speeds:

Voxel v23.1: 90mb/30mb
Stock v2.6.5.2: 80mb/30mb

Speeds are about equal across both firmwares. 😎

Still trying to determine the correct TTL for avoiding throttle……64, 65 or 117.

Do you know which one works?
Excellent! Glad to hear you got it sorted. I'm going to add a bold disclaimer to the top of the OP indicating that my methods (CJ etc.) and Voxel firmware are mutually exclusive as they accomplish things much differently and as the Ghostbusters would say: "DON'T CROSS THE STREAMS!" ;) Lol.

TTL decrements as it passes and generally accepted phone device value is 64 so, in my case on T-Mobile, a mangle value of 65 in the script gets me to 64 when my packets hit the network. I have not used VZW postpaid myself but from working with others using them typically a setting of 65 works there as well though I've had multiple people tell me 64 is working for them (which does not make much sense to me technically as you would think it would hit the carrier at 63?). Further strange is the 117 which really I have no way of explaining yet again some folks insist on older VZW plans it "just works". There seems to be an extra hop with Visible and I've seen folks use 66 for them, but now I'm just getting off on a tangent....

I would say start with 65 as it makes the most sense and just login to your plan portal and download a multi-GB file to check. May not be real time but in some minutes or logging out and coming back in, the VZW portal should show if you're pulling from your tether/hotspot bucket if they differentiate that from on-device data on your tablet plan. For T-Mobile after hotspot bucket is exhausted it hard throttles to 600Kbps so it's quite obvious when my iptables rules are not set or set correctly :)
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Unfortunately, the Verizon portal doesn’t differentiate mobile data vs hotspot data for this tablet plan, so it’s difficult to know exactly what’s being used.

Activated the sim in an iPad LTE and then migrated to the LBR20 with magic, so only shows 2.3GB usage on the data usage page since activation, and pretty sure I’ve used at least 10GB. It appears that my data usage is not being tracked while in the Orbi, which may indicate that it’s pulling from mobile data……but that’s just a hunch. I’ve tried all three TTL values 64, 65 and 117 and the data usage still remains at 2.3GB (which I suspect is from the initial iPad usage).

** Update: Had to view usage via the Verizon website and now shows 18GB data used. The My Verizon iOS app was not showing usage. Still doesn’t differentiate on device data vs hotspot data, so I’ll see what happens when I cross my allotment. ** 😫

Will be testing the AT&T Tablet Plan this week to compare Voxel vs Stock/CJ performance.

Do you know if Voxel is planning any future updates to the firmware, possibly building on top of 2.6.5.2?
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Sun Jul 18, 2021 6:45 am Unfortunately, the Verizon portal doesn’t differentiate mobile data vs hotspot data for this tablet plan, so it’s difficult to know exactly what’s being used.

Activated the sim in an iPad LTE and then migrated to the LBR20 with magic, so only shows 2.3GB usage on the data usage page since activation, and pretty sure I’ve used at least 10GB. It appears that my data usage is not being tracked while in the Orbi, which may indicate that it’s pulling from mobile data……but that’s just a hunch. I’ve tried all three TTL values 64, 65 and 117 and the data usage still remains at 2.3GB (which I suspect is from the initial iPad usage).

** Update: Had to view usage via the Verizon website and now shows 18GB data used. The My Verizon iOS app was not showing usage. Still doesn’t differentiate on device data vs hotspot data, so I’ll see what happens when I cross my allotment. ** 😫

Will be testing the AT&T Tablet Plan this week to compare Voxel vs Stock/CJ performance.

Do you know if Voxel is planning any future updates to the firmware, possibly building on top of 2.6.5.2?
Outside of the minor revision to add the updated QCA drivers for WiFi I am not aware of any additional planned revisions based on newer firmware. Since RBK20 hardware is closest to LBR20 we can likely expect that base release that is built off of will likely follow for future revisions. Voxel mostly uses SNB forums so his updates can be more closely followed there for the curious. Of course he can feel free to correct me on any misstatements here as well if so choosing :)

Again, 2.6.5.2 aside from WiFi performance improvement has so far offered no real functionality upgrade from lower revisions and only adds complexity to creation of new firmware given the increasingly convoluted cryptography and storage partitioning that Netgear is using these days (IMHO, their attempt to further obfuscate the use of old/bad code for 'security by obscurity' rather than actually improving and making quality updates in the underlying code).
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

For optimal processing of rules, Voxel suggests splitting IPv4 and IPv6 into their own scripts and is updating his QuickStart.txt to reflect this:

Code: Select all

. . .
Additionally you can use your own custom scripts to add your own iptables rules. These
scripts should be named firewall-start.sh (IPv4), /opt/scripts/firewall6-start.sh (IPv6)
and be placed in the:

/mnt/circle/overlay/opt/scripts/

directory, i.e.

/mnt/circle/overlay/opt/scripts/firewall-start.sh
/mnt/circle/overlay/opt/scripts/firewall6-start.sh

with 755 permission attributes (i.e. executable).
(OP has been updated with the above for those that start there)
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

egauk wrote: Tue Mar 09, 2021 12:33 pm Would you mind sharing how you configured NextDNS to work on your Orbi? I see from the original post this is being used by modifying resolve.conf
In my case all my actual routing is handled by an upstream PFSense box which is running NextDNS CLI. On the Orbi I'm simply overwriting resolve.conf with the IP address of my PFSense so that any NextDNS requests originating from the Orbi go there. This does not affect my LAN clients at all as they are all getting DNS already from the gateway (i.e. NextDNS running on my PFSense host).
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Ok, Verizon was able to fix the way the data usage was displaying on my account. Now I can clearly see the breakdown:

Data Usage: 23.4GB (sim in LBR20)
4G Hotspot Usage: 1.8GB (sim in iPad)

So, for my Verizon Postpaid Tablet Plan, it appears that TTL of either 64 or 65 will mask the hotspot usage in the LBR20. 👍🏽

Hope this helps others…..😎
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

shinesmart wrote: Mon Jul 19, 2021 8:12 pm Ok, Verizon was able to fix the way the data usage was displaying on my account. Now I can clearly see the breakdown:

Data Usage: 23.4GB (sim in LBR20)
4G Hotspot Usage: 1.8GB (sim in iPad)

So, for my Verizon Postpaid Tablet Plan, it appears that TTL of either 64 or 65 will mask the hotspot usage in the LBR20. 👍🏽

Hope this helps others…..😎
Good stuff! Thanks for sharing.
Sintrail
Posts: 10
Joined: Wed Jun 30, 2021 5:07 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Orbi LBR20 How-To / Megathread

Post by Sintrail »

I'm looking for a better device than my Nighthawk M1 for Tmobile / Sprint. Would this device on it's latest firmware still be a good option? My requirements are that I need an ID change and preferably band locking as well, and external MIMO antennas.

I'd also prefer to create multiple SSIDs with SQM applied individually, though I guess I could do that through my current router and use this only as the modem, correct?
PunyGod
Posts: 4
Joined: Wed Jul 21, 2021 4:46 pm
Has thanked: 0
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by PunyGod »

Hello everyone, I've been testing Voxel's firmware some. I'm going to try to use it with NordLynx VPNs soon. We'll see how that goes.

At the moment I'm having a problem with DNS, although this might be a problem with the stock firmware as well. Changing the DNS in settings doesn't seem to do anything. I tried disabling the traffic meter (per someone's suggestion on netgear community forums), and tried modifying /etc/udhcdp.conf to my preferred DNS. I don't think changes there would persist through reboots, so I added my modified file to /mnt/circle/overlay/tmp/udhcdp.conf and rebooted a couple times.

The overlay doesn't seem to be working the way I thought it would. The file at etc/udhcdp.conf isn't getting my updates like the firewall-start.sh and rc.local files did.

Am I doing something wrong? Is there a better way to change DNS settings without having to set it on every device?
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Sintrail wrote: Tue Jul 20, 2021 7:14 pm I'm looking for a better device than my Nighthawk M1 for Tmobile / Sprint. Would this device on it's latest firmware still be a good option? My requirements are that I need an ID change and preferably band locking as well, and external MIMO antennas.

I'd also prefer to create multiple SSIDs with SQM applied individually, though I guess I could do that through my current router and use this only as the modem, correct?
The LBR20 checks the boxes you are looking for technically but be aware that for ID change and band locking you will need to from the command line and be comfortable with the Quectel AT command syntax (lots of examples in the OP and elsewhere on these forums); these are not things which can be accomplished in the GUI. For band locking you will need to calculate the hex value of your combined band index for which I believe there is a spreadsheet linked to in other Quectel threads. I prefer cell locking on Quectel's myself; this is touched on with command examples in the OP.

Tinkering with WiFi SSID split I cannot offer feedback on directly; maybe check Voxel's SNB forums thread on the RBK20 to see if this is possible or not. Since the Orbi line has a lot of WiFi customizations done by Netgear which is proprietary I'm not certain this could be done easily. SQM may be possible with Entware but you would need to install Entware on a network share since LBR20 doesn't have space for it. Ultimately that limitation may make it impractical or non-functional depending on how well the QoS scripts run from a network share. For both WiFi SSID and QoS requirements I would recommend as you suggest: use LBR20 as a modem as WAN to another router which is more flexible to match your requirements.

For those which do not have a lot of specific requirements and/or plan to use other Orbi satellites for mesh coverage, LBR20 is great. If your requirements are more advanced/granular while still needing LTE as your main WAN source, then disabling routing/wifi functions and just running it as a WAN to another router makes more sense (though not cost effective if you are paying MSRP for the LBR20 compared to other options, IMHO). I run the latter myself with LBR20 as a modem and PFSense as my router/firewall along with Ubiquiti gear for switches/WiFi.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

PunyGod wrote: Wed Jul 21, 2021 5:02 pm Hello everyone, I've been testing Voxel's firmware some. I'm going to try to use it with NordLynx VPNs soon. We'll see how that goes.

At the moment I'm having a problem with DNS, although this might be a problem with the stock firmware as well. Changing the DNS in settings doesn't seem to do anything. I tried disabling the traffic meter (per someone's suggestion on netgear community forums), and tried modifying /etc/udhcdp.conf to my preferred DNS. I don't think changes there would persist through reboots, so I added my modified file to /mnt/circle/overlay/tmp/udhcdp.conf and rebooted a couple times.

The overlay doesn't seem to be working the way I thought it would. The file at etc/udhcdp.conf isn't getting my updates like the firewall-start.sh and rc.local files did.

Am I doing something wrong? Is there a better way to change DNS settings without having to set it on every device?
The file '/etc/udhcdp.conf' does not exist; possibly you meant '/etc/udhcpd.conf'? Regardless, the latter does not exist by default either and would not help with DNS, it is the configuration file for micro DHCP daemon (udhcpd) and thus used for assigning IP client addresses. Typically if you want to change DNS you would want '/etc/resolv.conf' though enforcing your nameservers can be tricky using LTE as WAN since on successful connection/reconnection that file gets overwritten with the DNS servers provided by the carrier. You could create your own infinite loop script which overwrites '/etc/resolv.conf' at specific intervals or look at calling through '/opt/scripts/firewall-start.sh' or other script under that path to see if that works better.

Since my upstream PFSense handles DNS for all my LAN clients and Voxel firmware prevents auto-upgrading to Netgear's firmware I have not had much incentive for going back and solving this issue myself since DNS on the LBR20 in my case is only used for the device itself and not any LAN client devices. However, at some point I'll probably go back and enforce DNS so I can examine the traffic to/from the LBR20 itself using NextDNS as I did before I switched to Voxel.
undyingshadow
Posts: 5
Joined: Sun Jul 25, 2021 2:15 pm
Has thanked: 2 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by undyingshadow »

hazarjast wrote: Mon Jul 26, 2021 9:39 am If your requirements are more advanced/granular while still needing LTE as your main WAN source, then disabling routing/wifi functions and just running it as a WAN to another router makes more sense (though not cost effective if you are paying MSRP for the LBR20 compared to other options, IMHO). I run the latter myself with LBR20 as a modem and PFSense as my router/firewall along with Ubiquiti gear for switches/WiFi.
I found the price of the LBR20 quite competitive for the modem inside it of along with the basic functions it accomplishes (LAN Port, basic routing, etc.) Is there a much cheaper option I'm missing? Getting a CAT16 modem appears to run 225 by itself, and the LBR20 was only 300.
Sintrail
Posts: 10
Joined: Wed Jun 30, 2021 5:07 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Orbi LBR20 How-To / Megathread

Post by Sintrail »

hazarjast wrote: Mon Jul 26, 2021 9:39 am The LBR20 checks the boxes you are looking for technically but be aware that for ID change and band locking you will need to from the command line and be comfortable with the Quectel AT command syntax (lots of examples in the OP and elsewhere on these forums); these are not things which can be accomplished in the GUI. For band locking you will need to calculate the hex value of your combined band index for which I believe there is a spreadsheet linked to in other Quectel threads. I prefer cell locking on Quectel's myself; this is touched on with command examples in the OP.

Tinkering with WiFi SSID split I cannot offer feedback on directly; maybe check Voxel's SNB forums thread on the RBK20 to see if this is possible or not. Since the Orbi line has a lot of WiFi customizations done by Netgear which is proprietary I'm not certain this could be done easily. SQM may be possible with Entware but you would need to install Entware on a network share since LBR20 doesn't have space for it. Ultimately that limitation may make it impractical or non-functional depending on how well the QoS scripts run from a network share. For both WiFi SSID and QoS requirements I would recommend as you suggest: use LBR20 as a modem as WAN to another router which is more flexible to match your requirements.

For those which do not have a lot of specific requirements and/or plan to use other Orbi satellites for mesh coverage, LBR20 is great. If your requirements are more advanced/granular while still needing LTE as your main WAN source, then disabling routing/wifi functions and just running it as a WAN to another router makes more sense (though not cost effective if you are paying MSRP for the LBR20 compared to other options, IMHO). I run the latter myself with LBR20 as a modem and PFSense as my router/firewall along with Ubiquiti gear for switches/WiFi.
Thanks for the response. Would you advise running the latest FW and Voxel? Do I need Voxel in order to telnet and run the AT commands? I did see your "read between the lines" and understand what the AT command is, are all the digits in that accurate aside from the ID or do they change for any reason?

I actually thought this was my most well priced option. I didn't buy it at full retail but used, but even at 300 with a Cat18 modem that does 5x CA and B71 this seemed to beat anything else I could find? Perhaps I made a mistake in my thinking. Either way I think it will perform better than my M1. It arrives tomorrow so I'll post an update after I get fiddling with it.
undyingshadow
Posts: 5
Joined: Sun Jul 25, 2021 2:15 pm
Has thanked: 2 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by undyingshadow »

Anyone know how to use a wireguard Preshared Key on Voxel firmware?

I'm using the latest Voxel Firmware on an LBR20 with the Wireguard client. The Quickstart.txt indicates to use the following template for the wireguard.conf file:


------------------------- cut here ---------------------------------------
EndPoint="wireguard.5july.net"
LocalIP="10.0.xxx.xxx/24"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
PublicKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
Port="48574"
------------------------- cut here ---------------------------------------

Problem is that I'm trying to connect to a VPN provider (windscribe) that provides a Preshared Key.
The WG VPN client doesn't seem to work without it.
Trying a different provider (without a PSK) works.
I tried PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

Well I'm lost and don't know if I Mangeld the TTL tables correctly I used putty port 23 ip 192.168.1.1 copy and pasted the command one line at a time for ipv4 and ipv6 and it seemed to work????? On my PC (but I also changed lc default to 65 on cmd ) all I know is the speeds are junk 15-10 then random 40mbps rare but it happens lol but only on the PC if connect any device it is slow as me trying to figure out this router lol 😂😂 I'm a full time nurse doing my best I'm no expert so any help would be appreciated I have VZW and this is the only internet option where I live so with that said any help any lol because this form jumps around and its way out of my league
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

undyingshadow wrote: Mon Jul 26, 2021 10:52 am I found the price of the LBR20 quite competitive for the modem inside it of along with the basic functions it accomplishes (LAN Port, basic routing, etc.) Is there a much cheaper option I'm missing? Getting a CAT16 modem appears to run 225 by itself, and the LBR20 was only 300.
At those prices you reference, I agree with you. My statement was directly based on *MSRP* which is ~$400 USD and greater in other parts of the world. Once you exceed $400 BYOD (build-your-own-device) starts to look more attractive :) One nice thing in the LBR20 which is hard to find in a lot of other Cat.16 modems is the inclusion of both B71 and B41, so there is that.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Sintrail wrote: Mon Jul 26, 2021 1:27 pm Thanks for the response. Would you advise running the latest FW and Voxel? Do I need Voxel in order to telnet and run the AT commands? I did see your "read between the lines" and understand what the AT command is, are all the digits in that accurate aside from the ID or do they change for any reason?

I actually thought this was my most well priced option. I didn't buy it at full retail but used, but even at 300 with a Cat18 modem that does 5x CA and B71 this seemed to beat anything else I could find? Perhaps I made a mistake in my thinking. Either way I think it will perform better than my M1. It arrives tomorrow so I'll post an update after I get fiddling with it.
"Latest firmware" and "Voxel" are mutually exclusive if you are referring to the latest stock firmware; Voxel is a separate firmware based on 2.5.2.20 GPL sources that Netgear provides. Yes, I recommend running Voxel as it's compiled directly for the hardware and lets us have a lot of nice features out of the box without having to hack things together. No, you don't "need" Voxel in order to telnet but its simpler than having to jump through the hoops required to enable it on the latest stock firmware. Digits in the AT command you reference are command options and should not be changed (though the ID will be unique and of your own entry as you say).

Again, my statements are based on MSRP which is a little inflated in the US and very inflated in some countries outside the US. If you can get for under MSRP then it becomes a quite attractive option if only for the modem capabilities. FWIW, you aren't going to find many towers in the US that will actually take advantage of 5x CA as that is ultimately something the carrier enables in their deployments. I don't think you made any mistakes in your thinking, I agree that LBR20 is quite capable which is why I'm running it myself as an upgrade to an M1 I had previously :)
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

undyingshadow wrote: Mon Jul 26, 2021 9:35 pm Anyone know how to use a wireguard Preshared Key on Voxel firmware?

I'm using the latest Voxel Firmware on an LBR20 with the Wireguard client. The Quickstart.txt indicates to use the following template for the wireguard.conf file:


------------------------- cut here ---------------------------------------
EndPoint="wireguard.5july.net"
LocalIP="10.0.xxx.xxx/24"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
PublicKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
Port="48574"
------------------------- cut here ---------------------------------------

Problem is that I'm trying to connect to a VPN provider (windscribe) that provides a Preshared Key.
The WG VPN client doesn't seem to work without it.
Trying a different provider (without a PSK) works.
I tried PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
I don't run WireGuard but the config file option "PresharedKey" is valid per the man pages for the 'wg' binary. Double check that windscribe PresharedKey is correct. Voxel firmware for LBR20 is using wireguard-tools v1.0.20210424 so all the config syntax that applies to that should apply here just as it does on other up-to-date wireguard OS targets(Ubuntu/Alpine/Fedora/etc.). I see you have a post up in SNB regarding this so maybe someone who is using WireGuard there will be able to provide some additional guidance. Else, I would pursue setting up some logging when using the windscribe PresharedKey and open a support ticket with them and provide them with the error message you are encountering.

I don't think WireGuard has its own log file by default so here are some starting points to look at for obtaining logs for troubleshooting:

https://www.procustodibus.com/blog/2021 ... uard-logs/
https://www.the-digital-life.com/wiregu ... e-logging/
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Sam023432 wrote: Tue Jul 27, 2021 1:09 am Well I'm lost and don't know if I Mangeld the TTL tables correctly I used putty port 23 ip 192.168.1.1 copy and pasted the command one line at a time for ipv4 and ipv6 and it seemed to work????? On my PC (but I also changed lc default to 65 on cmd ) all I know is the speeds are junk 15-10 then random 40mbps rare but it happens lol but only on the PC if connect any device it is slow as me trying to figure out this router lol 😂😂 I'm a full time nurse doing my best I'm no expert so any help would be appreciated I have VZW and this is the only internet option where I live so with that said any help any lol because this form jumps around and its way out of my league
The speeds and 'bursts' you describe sound more like signal issues or deprioritization than issues with TTL. On most plans TTL mangle not working is pretty obvious (i.e. connection not working at all such as when using prepaid/MVNO, or connection getting hard throttled to 600Kbps once you exceed your line's hotspot limit). Getting speeds in excess of 10Mbps doesn't sound like a TTL issue at first pass.

Be aware that if you're just copying/pasting the iptables commands at the telnet prompt this will only be active as long as the LBR20 stays connected to the network and not rebooted. If it disconnects/reconnects to the network due to reboot or other cause, these pasted rules will no longer be active. That is why they are included in scripts which are called at boot and/or periodically depending on which firmware and mod option you are using from the OP. You can check if your mangle rules are in place with the following commands (one for IPv4 and one for IPv6):

Code: Select all

iptables -t mangle -L
ip6tables -t mangle -L
The last line of output from those commands should show a POSTROUTING rule reflecting the TTL value you set when executing your iptables command. If there is no value present, then your iptables rule is not in place.
undyingshadow
Posts: 5
Joined: Sun Jul 25, 2021 2:15 pm
Has thanked: 2 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by undyingshadow »

Okay, maybe I messed up. I'll give it another try.
undyingshadow
Posts: 5
Joined: Sun Jul 25, 2021 2:15 pm
Has thanked: 2 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by undyingshadow »

No joy. Can't connect to anything (either via the router itself or attached devices) when I add PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXX="

I found /var/log/wireguard-client.log

Start WireGuard client. Please wait.
IP of EndPoint XXXXXXXXXX.whiskergalaxy.com is 38.146.XXX.XXX.
Restart firewall to apply iptables rules for WireGuard client.
Generating Rules...
Done!
Starting Firewall...
Done!

This is the second completely separate VPN endpoint with a preshared key that has failed. The only one that I've gotten to work is one that doesn't have a PSK (a wireguard server I setup myself)

The file format that Voxel uses doesn't appear to be a standard one. Is it possible the config file is being parsed for commands to feed to wireguard-tools and Presharedkey just isn't being parsed. I suspect this because /tmp/wg0.conf has:

Code: Select all

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Endpoint = 38.146.XXX.XXX:51820
AllowedIPs = 0.0.0.0/0

EDIT: Yup, that's exactly what's happening:

/etc/init.d/wg-client has

Code: Select all

        # WireGuard: create wg0 config (wg0.conf)
        echo "[Interface]"              >  $WGConfig
        echo "PrivateKey = $PrivateKey" >> $WGConfig
        echo "[Peer]"                   >> $WGConfig
        echo "PublicKey = $PublicKey"   >> $WGConfig
        echo "Endpoint = $IP:$Port"     >> $WGConfig
        echo "AllowedIPs = 0.0.0.0/0"   >> $WGConfig
I tried to modify the script but my changes do not persist.
Sintrail
Posts: 10
Joined: Wed Jun 30, 2021 5:07 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Orbi LBR20 How-To / Megathread

Post by Sintrail »

hazarjast wrote: Wed Jul 28, 2021 10:43 am "Latest firmware" and "Voxel" are mutually exclusive if you are referring to the latest stock firmware; Voxel is a separate firmware based on 2.5.2.20 GPL sources that Netgear provides. Yes, I recommend running Voxel as it's compiled directly for the hardware and lets us have a lot of nice features out of the box without having to hack things together. No, you don't "need" Voxel in order to telnet but its simpler than having to jump through the hoops required to enable it on the latest stock firmware. Digits in the AT command you reference are command options and should not be changed (though the ID will be unique and of your own entry as you say).

Again, my statements are based on MSRP which is a little inflated in the US and very inflated in some countries outside the US. If you can get for under MSRP then it becomes a quite attractive option if only for the modem capabilities. FWIW, you aren't going to find many towers in the US that will actually take advantage of 5x CA as that is ultimately something the carrier enables in their deployments. I don't think you made any mistakes in your thinking, I agree that LBR20 is quite capable which is why I'm running it myself as an upgrade to an M1 I had previously :)
Thanks. I think the only thing I really need is to lock out sprint bands as once in awhile it seems to REALLY want to do sprint only, even resetting, turning antennas etc. I get 7/.5 if I'm lucky on sprint.

Otherwise I'm getting 80/10, which is perfect for me, a big upgrade from the M1. B71 has been key. So I just need to dig into the band locking to lock out those sprint bands then I'm golden! Thanks for all your knowledge and input here, it's really appreciated!
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

Thank you.... after tedious attempts i installed the circle jerk not not positive it worked (auto deploy) the ttl is not sticking have to manualy change evey time via shh and im super confused on how to add the ttl mod script like copy paste to notepad rename and save as sh. to the circle jerk unziped file or idk also i have no idea on how to change dns with fixed ip ?????? ................i know i know i can already picture you reading this and shaking your head i am indeed out of my league here but i am trying my best i followed everything verbatim in quick start auto deploy i am just stuck at the point of the ttl mod and script part that's where i get completely lost i sadly am a follow exact step 1 .2 3 4. 5 type : (
...................................i would like to say thank you seriously for all the help you give ppl like myself something most ppl take for granted like the internet is a blessing here where there are no isp and ppl like you are the Robbin hood of the tech world so thank you again for your patience and expertise its a bigger deal then you might realize for regular folks like me !!! : )
gilbreen
Posts: 32
Joined: Mon Aug 31, 2020 4:26 pm
Has thanked: 0
Been thanked: 6 times

Re: Orbi LBR20 How-To / Megathread

Post by gilbreen »

I am getting caught up with this thread. A lot of good info! What would be the correct way to disable wifi while using the new Voxel firmware? I have Unifi equipment in place and would prefer to use it instead.
PunyGod
Posts: 4
Joined: Wed Jul 21, 2021 4:46 pm
Has thanked: 0
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by PunyGod »

I'm running Voxel's firmware trying to get a connection to NordVPN using either OpenVPN or NordLynx. No luck with a wireguard NordLynx connection so far, although I think I have all the right connection info. Now I'm trying to get OpenVPN to work, and all I get when I try to start the VPN is "This device is not router (satellite). Exit." Any help?

Edit: Oh

Code: Select all

# Check: is it router, exit if "no"
if [ "$MODULE_NAME" != "RBR50" ]; then
        echo "This device is not router (satellite). Exit."
        exit 0
fi
Well now that I changed that to LBR20, it starts but internet won't work right while connected. For a while google searches were working but loading any other site wouldn't work. What causes that?
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

Is there any chance someone can make a step by step guide on how to add the ttl mod for the V9.2.5.2.23SF-HW version ??????????????????????????? :? :? :? :? :? :? :? :? :? :? im just at a loss and i have done the circle mod but the ttl is not sticking so i could really really really use the help 18mb upload 2mb download right now so urrrrghhh lol
PunyGod
Posts: 4
Joined: Wed Jul 21, 2021 4:46 pm
Has thanked: 0
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by PunyGod »

Sam023432 wrote: Sun Aug 01, 2021 2:34 pm Is there any chance someone can make a step by step guide on how to add the ttl mod for the V9.2.5.2.23SF-HW version ??????????????????????????? :? :? :? :? :? :? :? :? :? :? im just at a loss and i have done the circle mod but the ttl is not sticking so i could really really really use the help 18mb upload 2mb download right now so urrrrghhh lol
Do you have discord or something? If you can do a call with screen share I can show you.
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

no and i wouldn't have the internet speed to do so lmao i have the orbi hooked up to a powerful antenna and it has amazing signal but as for the cell its not an option this is why getting this thing working is so important but i do appreciate it life just cant be that simple for me lmao.....................this is a huge ask but maybe you could do a video and send it to my email samcrim023432 at gmail dot com and i will post a step by step guide for anyone else on here after i get it worked out lol :P
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

undyingshadow wrote: Wed Jul 28, 2021 4:30 pm No joy. Can't connect to anything (either via the router itself or attached devices) when I add PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXX="

I found /var/log/wireguard-client.log

Start WireGuard client. Please wait.
IP of EndPoint XXXXXXXXXX.whiskergalaxy.com is 38.146.XXX.XXX.
Restart firewall to apply iptables rules for WireGuard client.
Generating Rules...
Done!
Starting Firewall...
Done!

This is the second completely separate VPN endpoint with a preshared key that has failed. The only one that I've gotten to work is one that doesn't have a PSK (a wireguard server I setup myself)

The file format that Voxel uses doesn't appear to be a standard one. Is it possible the config file is being parsed for commands to feed to wireguard-tools and Presharedkey just isn't being parsed. I suspect this because /tmp/wg0.conf has:

Code: Select all

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Endpoint = 38.146.XXX.XXX:51820
AllowedIPs = 0.0.0.0/0

EDIT: Yup, that's exactly what's happening:

/etc/init.d/wg-client has

Code: Select all

        # WireGuard: create wg0 config (wg0.conf)
        echo "[Interface]"              >  $WGConfig
        echo "PrivateKey = $PrivateKey" >> $WGConfig
        echo "[Peer]"                   >> $WGConfig
        echo "PublicKey = $PublicKey"   >> $WGConfig
        echo "Endpoint = $IP:$Port"     >> $WGConfig
        echo "AllowedIPs = 0.0.0.0/0"   >> $WGConfig
I tried to modify the script but my changes do not persist.
Nice detective work on your part :)

I see this is solved by Voxel in his latest update: https://www.snbforums.com/threads/custo ... -hw.73983/

It would appear your issue is resolved from the latest updates in your SNB thread: https://www.snbforums.com/threads/voxel ... ent.73882/

Please let us know if that is not the case.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Sam023432 wrote: Thu Jul 29, 2021 1:41 am Thank you.... after tedious attempts i installed the circle jerk not not positive it worked (auto deploy) the ttl is not sticking have to manualy change evey time via shh and im super confused on how to add the ttl mod script like copy paste to notepad rename and save as sh. to the circle jerk unziped file or idk also i have no idea on how to change dns with fixed ip ?????? ................i know i know i can already picture you reading this and shaking your head i am indeed out of my league here but i am trying my best i followed everything verbatim in quick start auto deploy i am just stuck at the point of the ttl mod and script part that's where i get completely lost i sadly am a follow exact step 1 .2 3 4. 5 type : (
...................................i would like to say thank you seriously for all the help you give ppl like myself something most ppl take for granted like the internet is a blessing here where there are no isp and ppl like you are the Robbin hood of the tech world so thank you again for your patience and expertise its a bigger deal then you might realize for regular folks like me !!! : )
No head shaking or judgment here, these things can be complex to anyone who has not approached the subject before. If you are still struggling you can reach out (hazarjast at protonmail dot com) and I can try to assist further as my time permits.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Sintrail wrote: Wed Jul 28, 2021 6:45 pm Thanks. I think the only thing I really need is to lock out sprint bands as once in awhile it seems to REALLY want to do sprint only, even resetting, turning antennas etc. I get 7/.5 if I'm lucky on sprint.

Otherwise I'm getting 80/10, which is perfect for me, a big upgrade from the M1. B71 has been key. So I just need to dig into the band locking to lock out those sprint bands then I'm golden! Thanks for all your knowledge and input here, it's really appreciated!
If you want to lock to Sprint without complexity of band calculation you can always lock the cell instead if you can find the EARCFN and CELLID. You can try to use CellMapper or "neighbourcell" command to confirm those two pieces of info from your closest tower. See the example below where I am actively connected to my local [legacy] Sprint B41 cell. "Neighbourcell" first output shows my EARCFN and CELLID along with the next closest ones:

Code: Select all

root@LBR20:~# echo -ne "AT+QENG=\"neighbourcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2
AT+QENG="neighbourcell"
+QENG: "neighbourcell intra","LTE",40072,312,-6,-93,-65,0,-,-,-,-,-
+QENG: "neighbourcell inter","LTE",39874,312,-6,-92,-65,0,-,-,-,-
From there if I wanted to lock to the 39874 EARCFN I could issue the following:

Code: Select all

echo -ne "AT+QNWLOCK=\"common/4g\",1,39874,312\r\n" | microcom -X -t 1000 /dev/ttyUSB2
If I wanted to lock either of the found EARCFNs for B41 and let the LBR20 automatically choose between them I could issue the following:

Code: Select all

echo -ne "AT+QNWLOCK=\"common/4g\",2,39874,312,40072,312\r\n" | microcom -X -t 1000 /dev/ttyUSB2
However, I do not do this in my case because 39874 appears to be new and/or under maintenance as I found it disconnects often and has upload throughput issues. So, I lock to the more stable cell EARCFN(40072).

Cell locking is not reboot-persistent so you could need to make a script and call to that script in '/etc/rc.local' (using overlay filesystem if you are on Voxel firmware). Bear in mind it will take 20-30 seconds for your modem to reach the internet again after a successful cell lock to a stable cell. It's possible to lock cells which are not for your carrier or otherwise not authorized for your SIM ICCID or APN as well so I would test for a period of time when locking a new cell to ensure it is stable for you. Also note that if that particular cell goes down for any reason, you will lose internet connectivity until you either lock a different cell or disable cell locking and let it auto-choose its own cell again. To disabled cell locking again you can issue the following:

Code: Select all

echo -ne "AT+QNWLOCK=\"common/4g\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2
Hope this information is helpful.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

gilbreen wrote: Thu Jul 29, 2021 6:55 pm I am getting caught up with this thread. A lot of good info! What would be the correct way to disable wifi while using the new Voxel firmware? I have Unifi equipment in place and would prefer to use it instead.
I have been using your exact scenario for the last couple of years (Unifi for WiFi). A quick and dirty takedown of WiFi can be accomplished manually over SSH by issuing simply "wifi down". However, there is a lot of ancillary services still loaded for WiFi which are still running. So far, through trial and error, I've come up with the following which seems to kill most of the WiFi related stuff:

Code: Select all

kill $(ps | grep '[c]heck_status.sh' | awk '{print $1}')
wifi down
/etc/init.d/soap_agent stop
/etc/init.d/netscan stop
/etc/init.d/wifison-monitor stop
/etc/init.d/wsplcd stop
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[t]ri_band_detect.sh' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')
You could put the above in a script and have it called via '/etc/rc.local' so that it takes WiFi down on startup. If you did that I would suggest adding a couple/few minute 'sleep' delay before the other commands to make sure you're not pulling the rug out from under anything while services are still loading. YMMV as I haven't gotten back around to testing this further myself. If you do test and result looks good or you have to tweak, please provide feedback as I'm sure it would help myself and others who wish to disable wifi after startup :)
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

PunyGod wrote: Fri Jul 30, 2021 1:34 am I'm running Voxel's firmware trying to get a connection to NordVPN using either OpenVPN or NordLynx. No luck with a wireguard NordLynx connection so far, although I think I have all the right connection info. Now I'm trying to get OpenVPN to work, and all I get when I try to start the VPN is "This device is not router (satellite). Exit." Any help?

Edit: Oh

Code: Select all

# Check: is it router, exit if "no"
if [ "$MODULE_NAME" != "RBR50" ]; then
        echo "This device is not router (satellite). Exit."
        exit 0
fi
Well now that I changed that to LBR20, it starts but internet won't work right while connected. For a while google searches were working but loading any other site wouldn't work. What causes that?
The bug you found I believe should be fixed in latest Voxel release. Please see updated OP for the download link and change log. It could be your second problem is also fixed as well but no guarantees as I have not tested this myself. If you still have issues loading certain sites once on the latest Voxel release please reply and let us know. At that point I would be focusing on DNS to start and see which sites are resolving and which are not.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

Sam023432 wrote: Sun Aug 01, 2021 2:34 pm Is there any chance someone can make a step by step guide on how to add the ttl mod for the V9.2.5.2.23SF-HW version ??????????????????????????? :? :? :? :? :? :? :? :? :? :? im just at a loss and i have done the circle mod but the ttl is not sticking so i could really really really use the help 18mb upload 2mb download right now so urrrrghhh lol
Just to be clear, when you say "circle mod" I want to make sure you are simply referring to the overlay filesystem and not referencing "CircleJerk" mod usage on Voxel firmware. As I've stated previously these two things in general are mutually exclusive. Assuming you are not combining CJ and Voxel, here is the step-by-step for enabling reboot-persistent TTL mod:
  1. SSH into your LBR20 using Putty.
  2. Issue the following commands:

    Code: Select all

    mkdir -p /mnt/circle/overlay/opt/scripts
    touch /mnt/circle/overlay/opt/scripts/firewall-start.sh
    chmod 755 /mnt/circle/overlay/opt/scripts/firewall-start.sh
    touch /mnt/circle/overlay/opt/scripts/firewall6-start.sh
    chmod 755 /mnt/circle/overlay/opt/scripts/firewall6-start.sh
    
  3. Now we will populate each firewall script ('firewall-start.sh' with IPv4 commands and 'firewall6-start.sh' with IPv6 commands). To do this, we will use the text editor 'vi'. Let's start by opening the IPv4 firewall script in vi:

    Code: Select all

    vi /mnt/circle/overlay/opt/scripts/firewall-start.sh
    
  4. Once the file is open in vi, you have to press the "I" (as in "igloo") key on your keyboard to enter "Insert" mode.
  5. Then, select the following text from the code box and copy it to your clipboard ("Ctrl+C"):

    Code: Select all

    # IPv4 TTL mod
    iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 65 > /dev/null 2>&1 || \
    iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 65
    
  6. Now paste the text from your clipboard into the Putty window by right-clicking with your mouse anywhere inside it. You should see the text appear in vi.
  7. Hit 'Enter' to add a new line, then press "Esc" (escape key) on your keyboard which will take you out of "Insert" mode. Save and exit vi by typing the following followed by "Enter" on your keyboard:

    Code: Select all

    :wq
    
    (":" = enter vi command mode, "w" = write changes to the file, "q" = quit vi)
  8. Now repeat steps 3 through 7 for 'firewall6-start.sh' with the text below (for IPv6):

    Code: Select all

    # IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
    ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 65 > /dev/null 2>&1 || \
    ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 65
    
  9. Check your work by issuing the following command:

    Code: Select all

    cat /mnt/circle/overlay/opt/scripts/firewall*
    
    The output should show all the iptables commands you've added from the code boxes above in the previous steps. If it does not, go back into each file and check for mistakes (maybe you didn't paste before saving, maybe you forgot "w" when existing vi and the text was not saved, etc.).
  10. Issue the following command to restart the LBR20 to check that your scripts execute properly on startup:

    Code: Select all

    reboot
    
  11. Once the unit has rebooted and some minutes have passed to be sure all services have started, issue the following two commands to check that your iptables rules are active:

    Code: Select all

    iptables -t mangle -L
    ip6tables -t mangle -L
    
    The last line of output from each command should show a POSTROUTING rule with a value of "65". If not, then something went wrong and your iptables rules are not active. Check that the 'firewall-start.sh' and 'firewall6-start.sh' script files exist where you created them in the previous steps above and that they are populated with the necessary iptables text in the code boxes from previous steps. Also, be sure that you did not miss the "chmod 755" commands when creating the files as this makes them executable. Fix any errors you encounter, then reboot and execute the above iptables commands again to re-check.
NOTE: If a TTL value of "65" is not appropriate for your specific carrier/plan (and it isn't for some), you can edit the firewall script files you created by using vi to open the files, going into "Insert" mode by pressing "I" (as in "igloo"), using your arrow keys to move the cursor to the existing "65" entries, back-spacing them out to delete, then replace by entering your desired value. Don't forget to hit escape to exit "Insert" mode and issue ":wq" to write your changes to the file and exit vi and reboot to apply your changes.

FYI, I tried to email you but got the following bounce-back:

Code: Select all

host gmail-smtp-in.l.google.com[108.177.126.27]
    said: 550-5.1.1 The email account that you tried to reach does not exist.
    Please try 550-5.1.1 double-checking the recipient's email address for
    typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1
    https://support.google.com/mail/?p=NoSuchUser s4si10563711ejj.578 - gsmtp
    (in reply to RCPT TO command)
gilbreen
Posts: 32
Joined: Mon Aug 31, 2020 4:26 pm
Has thanked: 0
Been thanked: 6 times

Re: Orbi LBR20 How-To / Megathread

Post by gilbreen »

I see that Voxel has released another update to his firmware. Once an LBR20 has the Voxel firmware and he releases a new version, is it necessary to revert back to the stock Netgear firmware (2.5.2.20) before installing the new version or can the new Voxel firmware be installed over top his old version? Separately, I sent him a donation as a thank you for his efforts and ,like hazarjast, encourage others to do the same if they can.
gilbreen
Posts: 32
Joined: Mon Aug 31, 2020 4:26 pm
Has thanked: 0
Been thanked: 6 times

Re: Orbi LBR20 How-To / Megathread

Post by gilbreen »

hazarjast wrote: Mon Aug 02, 2021 12:16 pm I have been using your exact scenario for the last couple of years (Unifi for WiFi). A quick and dirty takedown of WiFi can be accomplished manually over SSH by issuing simply "wifi down". However, there is a lot of ancillary services still loaded for WiFi which are still running. So far, through trial and error, I've come up with the following which seems to kill most of the WiFi related stuff:

Code: Select all

kill $(ps | grep '[c]heck_status.sh' | awk '{print $1}')
wifi down
/etc/init.d/soap_agent stop
/etc/init.d/netscan stop
/etc/init.d/wifison-monitor stop
/etc/init.d/wsplcd stop
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[t]ri_band_detect.sh' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')
You could put the above in a script and have it called via '/etc/rc.local' so that it takes WiFi down on startup. If you did that I would suggest adding a couple/few minute 'sleep' delay before the other commands to make sure you're not pulling the rug out from under anything while services are still loading. YMMV as I haven't gotten back around to testing this further myself. If you do test and result looks good or you have to tweak, please provide feedback as I'm sure it would help myself and others who wish to disable wifi after startup :)
Thanks hazarjast! I actually implemented the same steps above over the weekend based on a couple of your previous posts. I saw your post about the commands to disable wifi from last March and then one of your recent comments about rc.local being able to commands at bootup with Voxel's firmware. So I combined those two posts and it is working great! I did add a sleep delay of 60 seconds as the first step based on other posts and just as you recommended above.

Your initial post about disabling wifi from last March also included two lines but, like you did above, I left them out since I disabled Circle and they seemed to be related to it:

Code: Select all

#ln -sf /mnt/circle/mods/check_status.sh /sbin/check_status.sh
#/sbin/check_status.sh &
The router definitely seems more responsive without Armor, Circle and Wifi services running. I appreciate the help and all the great info!
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

gilbreen wrote: Mon Aug 02, 2021 5:42 pm I see that Voxel has released another update to his firmware. Once an LBR20 has the Voxel firmware and he releases a new version, is it necessary to revert back to the stock Netgear firmware (2.5.2.20) before installing the new version or can the new Voxel firmware be installed over top his old version? Separately, I sent him a donation as a thank you for his efforts and ,like hazarjast, encourage others to do the same if they can.
No need to flash stock. Once you are on Voxel you can upgrade to newer versions of his firmware just as you would apply a normal update.
hazarjast
Posts: 248
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 47 times
Been thanked: 74 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast »

gilbreen wrote: Mon Aug 02, 2021 6:19 pm Thanks hazarjast! I actually implemented the same steps above over the weekend based on a couple of your previous posts. I saw your post about the commands to disable wifi from last March and then one of your recent comments about rc.local being able to commands at bootup with Voxel's firmware. So I combined those two posts and it is working great! I did add a sleep delay of 60 seconds as the first step based on other posts and just as you recommended above.

Your initial post about disabling wifi from last March also included two lines but, like you did above, I left them out since I disabled Circle and they seemed to be related to it:

Code: Select all

#ln -sf /mnt/circle/mods/check_status.sh /sbin/check_status.sh
#/sbin/check_status.sh &
The router definitely seems more responsive without Armor, Circle and Wifi services running. I appreciate the help and all the great info!
Yeah those omitted lines were a way I was working on to make sure the Netgear check script didn’t restart any Wifi services after they were killed. The modified check script is in the CircleJerk repository but I hadn’t tested it on Voxel so I just left it out when making the recommendations on what to kill.
Cameleer
Posts: 2
Joined: Sun Aug 05, 2018 10:54 am
Has thanked: 5 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by Cameleer »

hazarjast wrote: Mon Aug 02, 2021 1:10 pm Just to be clear, when you say "circle mod" I want to make sure you are simply referring to the overlay filesystem and not referencing "CircleJerk" mod usage on Voxel firmware. As I've stated previously these two things in general are mutually exclusive. Assuming you are not combining CJ and Voxel, here is the step-by-step for enabling reboot-persistent TTL mod:
  1. SSH into your LBR20 using Putty.
  2. Issue the following commands:

    Code: Select all

    mkdir -p /mnt/circle/overlay/opt/scripts
    touch /mnt/circle/overlay/opt/scripts/firewall-start.sh
    chmod 755 /mnt/circle/overlay/opt/scripts/firewall-start.sh
    touch /mnt/circle/overlay/opt/scripts/firewall6-start.sh
    chmod 755 /mnt/circle/overlay/opt/scripts/firewall6-start.sh
    
  3. Now we will populate each firewall script ('firewall-start.sh' with IPv4 commands and 'firewall6-start.sh' with IPv6 commands). To do this, we will use the text editor 'vi'. Let's start by opening the IPv4 firewall script in vi:

    Code: Select all

    vi /mnt/circle/overlay/opt/scripts/firewall-start.sh
    
  4. Once the file is open in vi, you have to press the "I" (as in "igloo") key on your keyboard to enter "Insert" mode.
  5. Then, select the following text from the code box and copy it to your clipboard ("Ctrl+C"):

    Code: Select all

    # IPv4 TTL mod
    iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 65 > /dev/null 2>&1 || \
    iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 65
    
  6. Now paste the text from your clipboard into the Putty window by right-clicking with your mouse anywhere inside it. You should see the text appear in vi.
  7. Hit 'Enter' to add a new line, then press "Esc" (escape key) on your keyboard which will take you out of "Insert" mode. Save and exit vi by typing the following followed by "Enter" on your keyboard:

    Code: Select all

    :wq
    
    (":" = enter vi command mode, "w" = write changes to the file, "q" = quit vi)
  8. Now repeat steps 3 through 7 for 'firewall6-start.sh' with the text below (for IPv6):

    Code: Select all

    # IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
    ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 65 > /dev/null 2>&1 || \
    ip6tables -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 65
    
  9. Check your work by issuing the following command:

    Code: Select all

    cat /mnt/circle/overlay/opt/scripts/firewall*
    
    The output should show all the iptables commands you've added from the code boxes above in the previous steps. If it does not, go back into each file and check for mistakes (maybe you didn't paste before saving, maybe you forgot "w" when existing vi and the text was not saved, etc.).
  10. Issue the following command to restart the LBR20 to check that your scripts execute properly on startup:

    Code: Select all

    reboot
    
  11. Once the unit has rebooted and some minutes have passed to be sure all services have started, issue the following two commands to check that your iptables rules are active:

    Code: Select all

    iptables -t mangle -L
    ip6tables -t mangle -L
    
    The last line of output from each command should show a POSTROUTING rule with a value of "65". If not, then something went wrong and your iptables rules are not active. Check that the 'firewall-start.sh' and 'firewall6-start.sh' script files exist where you created them in the previous steps above and that they are populated with the necessary iptables text in the code boxes from previous steps. Also, be sure that you did not miss the "chmod 755" commands when creating the files as this makes them executable. Fix any errors you encounter, then reboot and execute the above iptables commands again to re-check.
NOTE: If a TTL value of "65" is not appropriate for your specific carrier/plan (and it isn't for some), you can edit the firewall script files you created by using vi to open the files, going into "Insert" mode by pressing "I" (as in "igloo"), using your arrow keys to move the cursor to the existing "65" entries, back-spacing them out to delete, then replace by entering your desired value. Don't forget to hit escape to exit "Insert" mode and issue ":wq" to write your changes to the file and exit vi and reboot to apply your changes.

FYI, I tried to email you but got the following bounce-back:

Code: Select all

host gmail-smtp-in.l.google.com[108.177.126.27]
    said: 550-5.1.1 The email account that you tried to reach does not exist.
    Please try 550-5.1.1 double-checking the recipient's email address for
    typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1
    https://support.google.com/mail/?p=NoSuchUser s4si10563711ejj.578 - gsmtp
    (in reply to RCPT TO command)
Thank you hazerjast for your awesome work and info! I have my LBR20 running the newest Voxel. I'm running T-mobile Magent Max with working magic on the orbi and using the wifi from the orbi. Even with your great instructions I still can't get my TTL working correctly. Still having some leakage. From a command prompt using orbi wifi when I ping DNS 8.8.8.8 I come back with TTL=110. I have tried various mixed rules of TTL 64 and 65 still nothing. When I check the above TTL rules step 11 in telnet I get back Ipv4 = 65, but nothing on the IPv6. The IPv6 script shows the routing just no IPv6=65 at the end.

Does anyone have any ideas about what to try next?

I have an old archer c7 router with golden orb on it setting here unused. Would It be easier/safer to use the wifi from the C7 and set the TTL on it?

Setting this up for my mother in law so would really like to just use the orbi 100% and have one less router to deal with :).

Thanks
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

yes !!!!!! thank you soooooo much : ) ...... i had been working soooo hard at trying to fix this you have no idea i was literally up until midnight the other night trying i even wrote down my username as my email lol this was so exhausting but thank you so much for the step by step guide this is going to help so many ppl like me you made it very easy to understand and i took 5min i cant thank you enough !!!!!!!!!!!!!!!
egauk
Posts: 23
Joined: Mon Mar 08, 2021 11:51 am
Has thanked: 5 times
Been thanked: 6 times

Re: Orbi LBR20 How-To / Megathread

Post by egauk »

I just installed Voxel and it is working great except for dnscrypt, which only works over wifi after the LBR is fully booted and I restart the dnscrypt service. It seems dnscrypt may be starting too early in the boot process (before all of the interfaces are up).

Has anyone else encountered this issue?

Resolved by Voxel
https://www.snbforums.com/threads/voxel ... ypt.74042/
gscheb
Posts: 1595
Joined: Tue Sep 10, 2019 10:37 am
Has thanked: 85 times
Been thanked: 329 times

Re: Orbi LBR20 How-To / Megathread

Post by gscheb »

Hello, Been using one of these for AT&T. With original orbi firmware. Being AT&T have no use for TTL settings. But would like to create a group of bands. Do I have to switch to this voxel to do that?
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

Cameleer wrote: Wed Aug 04, 2021 9:05 am

Thank you hazerjast for your awesome work and info! I have my LBR20 running the newest Voxel. I'm running T-mobile Magent Max with working magic on the orbi and using the wifi from the orbi. Even with your great instructions I still can't get my TTL working correctly. Still having some leakage. From a command prompt using orbi wifi when I ping DNS 8.8.8.8 I come back with TTL=110. I have tried various mixed rules of TTL 64 and 65 still nothing. When I check the above TTL rules step 11 in telnet I get back Ipv4 = 65, but nothing on the IPv6. The IPv6 script shows the routing just no IPv6=65 at the end.

Does anyone have any ideas about what to try next?

I have an old archer c7 router with golden orb on it setting here unused. Would It be easier/safer to use the wifi from the C7 and set the TTL on it?

Setting this up for my mother in law so would really like to just use the orbi 100% and have one less router to deal with :).

Thanks
i know its not recommended but i had the same issue the only way i got it to work was to put the ip6 scrip code in with the ip4 code and it worked like a charm so far but either way his guide was a blessing so no complaints here ttl 64 hl64 on reboot (set at 64 seems to be the one for verizon) i cant thank hazarjast enough note...... made the actual code part one long line per command

root@LBR20:~# cat /mnt/circle/overlay/opt/scripts/firewall*
# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64

ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \ip6tabl[/b]es -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 64

(in the script code is one long line per command delete space between\ ip in red so \ip)

i get 118 when i ping google as well not really sure what to do there but still this is much better then having to change manually evey time so thank you hazarjast i really appreciate your how to guide maybe when you get some time you can q us in on changing the dns also : ) : )
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Here is a roundup of the providers/data plans I’ve tested on the LBR20 during the past 3 months:

By Price:
1. $15 Verizon Tablet Plan: Magic & TTL
2. $15 MetroByTMobile Tablet Plan: Magic & TTL
3. $20 AT&T Tablet Plan: Magic only
4. $25 Visible Plan: Magic & TTL

By Performance (Upload:Download):
1. AT&T: 120:45
2. Metro: 105:40
3. Verizon: 75:25
4: Visible: 60:30

Best picks for overall value are AT&T and Metro!

All plans were tested in 2 units; one running Stock with CircleJerk and the other running Voxel’s firmware. Although both were comparable, the Stock/CJ unit slightly outperformed the Voxel unit on each and every test. All test were performed over WiFi.
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

what do you mean by magic/ttl?
shinesmart
Posts: 32
Joined: Tue Feb 23, 2021 7:32 pm
Has thanked: 0
Been thanked: 13 times

Re: Orbi LBR20 How-To / Megathread

Post by shinesmart »

Magic = IMEI Repair
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

just curious but why the extra step of using magic ? what is the added benefit assuming you are using it on the orbi ?
gilbreen
Posts: 32
Joined: Mon Aug 31, 2020 4:26 pm
Has thanked: 0
Been thanked: 6 times

Re: Orbi LBR20 How-To / Megathread

Post by gilbreen »

Magic allows the Orbi to appear as whatever device you told your carrier you were using for their service. Some carriers will remove your plan if you are not connecting with the device you said you were using.
Sam023432
Posts: 11
Joined: Tue Jul 27, 2021 1:00 am
Has thanked: 0
Been thanked: 3 times

Re: Orbi LBR20 How-To / Megathread

Post by Sam023432 »

gilbreen wrote: Mon Aug 09, 2021 7:00 pm Magic allows the Orbi to appear as whatever device you told your carrier you were using for their service. Some carriers will remove your plan if you are not connecting with the device you said you were using.
you wouldnt happen to have a link to the software or how to go about this with the orbi not having usb and all ????????? :D :D :D
tal7901
Posts: 2
Joined: Fri Jul 16, 2021 4:09 pm
Has thanked: 0
Been thanked: 2 times

Re: Orbi LBR20 How-To / Megathread

Post by tal7901 »

You could go back to page 1 and read everything up to this point (many many times as I did lol ) :D :D :D
Please don't take this the wrong way. Not meaning it to be an A**hole or anything but that's what the I think the majority of us has probably done lol! I've read over the whole thread no less that a dozen times lol! I'm an old fart starting with computers back in the 80's. IBM PC jr and the Commode Door. Used to run a local BBS with a 14 baud modem (Bulletin Board System for those that was wondering WTF is that lmao!) Been away from anything code related or modem scripts for years so I had to read and reread multiple times before it finally kicked in lol! I finally got the Magic figured out with the help of hazarjast. VERY knowledgeable group here. Saved me a lot of money $$$ for which I am so grateful :D
gscheb
Posts: 1595
Joined: Tue Sep 10, 2019 10:37 am
Has thanked: 85 times
Been thanked: 329 times

Re: Orbi LBR20 How-To / Megathread

Post by gscheb »

Hello, Been using one of these for AT&T. With original orbi firmware. Being AT&T have no use for TTL settings. But would like to create a group of bands. Do I have to switch to this voxel to do that?
User avatar
BillA
Posts: 1137
Joined: Sun Dec 01, 2019 6:46 pm
Location: USA
Has thanked: 204 times
Been thanked: 317 times
Contact:

Re: Orbi LBR20 How-To / Megathread

Post by BillA »

Sam023432 wrote: Thu Aug 05, 2021 2:14 pm
root@LBR20:~# cat /mnt/circle/overlay/opt/scripts/firewall*
# IPv4 TTL mod
iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \iptables -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 64

ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \ip6tabl[/b]es -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 64

(in the script code is one long line per command delete space between\ ip in red so \ip)

There's typo on the first line "POSTROUTING 1 -o" should be "POSTROUTING -o" without the "1"
On the second line "\ip6tabl[/b]es -t " should be "\ip6tables -t".
Here are the correct commands enclosed in code.

Code: Select all

iptables -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 64 > /dev/null 2>&1 || \iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 64
ip6tables -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 64 > /dev/null 2>&1 || \ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 64
tal7901
Posts: 2
Joined: Fri Jul 16, 2021 4:09 pm
Has thanked: 0
Been thanked: 2 times

Re: Orbi LBR20 How-To / Megathread

Post by tal7901 »

Has anyone experienced a speed drop using AT&T? I'm on the $20 Ipad tablet plan using latest Voxel and magic and usually get 75-135 download on speed test but tonight only 25-30. Currently it's connected to band 14 but usually connects to band 66. I've tried rebooting several times hoping to connect to ban 66 to see if that's he problem but no luck. Also has anyone successfully been able to band lock with AT&T and if so how lol! thanks
Post Reply

Return to “Tutorials”