Quick Start Guide (!) IMPORTANT NOTE: it is strongly advised to update to the stock firmware 2.5.2.4 before flashing this version if you are using stock firmware. If you are using Voxel firmware already no any intermediate flashing is needed. https://www.downloads.netgear.com/files/GDC/RBK50/RBR50-V2.5.2.4.zip https://www.downloads.netgear.com/files/GDC/RBK50/RBS50-V2.5.2.4.zip (!) IMPORTANT NOTE: do not try to reset your RBK to factory default settings (flash the stock version first to perform reset). Reset to default factory settings when you press the "reset" button is disabled. Warning: I am not responsible for any damage of your router if you decide to try this custom firmware. You should do all under your own risk and responsibility. Your router is your router and you should understand the risk to brick it. 1. Flashing Voxel’s custom firmware build and rolling back to the stock. Nothing special. The procedure is similar to flashing downloaded official stock firmware. In general all your current settings (used in the stock firmware) should be kept. But it is recommended to make the backup of your current settings before flashing. Identically you can revert to the stock firmware. 2. Overlay partition on USB. Original stock firmware uses tmpfs overlay partition (in RAM). So all you changes in the files/dirs are kept only until next reboot of router/satellite. If you need to keep your changed/added files you should use external USB disk/stick formatted as ext2/ext3/ext4 with /overlay directory on the root where you should add your new or modified files keeping the dirtree of Orbi. For example, if you wish to use your own /etc/dnscrypt-proxy-2.toml just place it into /overlay/etc/dnscrypt-proxy-2.toml. 3. Setting up ssh access to the router and satellite. After flashing and your settings you may need to have SSH access to router (e.g. if you wish to use Entware). SSH daemon dropbear in Orbi uses port 22 and accepts root login with your WebGUI password. 4. Entware. You can use Entware prepared by me for R7500/R7800/R9000. It works fine with Orbi. (1) Prepare new USB stick or disk with ext2 or ext3 or ext4 filesystem from telnet/ssh console. Label it “optware”. ext4 is highly recommended for USB HDD. Example how to create ext4 filesystem with label “optware”: mkfs.ext4 -L optware -O ^64bit /dev/sda1 or mkfs.ext4 -L optware -O ^metadata_csum -O ^64bit /dev/sda1 to provide compatibility for routers having kernel < 3.6, such as R7500/R7800. (2) Unpack entware-cortexa15-3x-initial.tar at the root of your stick/disk: cd /mnt/sda1 wget https://www.voxel-firmware.com/Downloads/Voxel/Entware/entware-cortex-a15-3x-initial-generic.tar.gz tar xf entware-cortexa15-3x-initial.tar (3) Run the command from telnet/ssh console: nvram set nocloud=1 nvram commit (4) Create the file /overlay/root/.profile to set PATH for Entware: ------------------------------------------------------------------------ #!/bin/sh export PATH=/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin ------------------------------------------------------------------------ (5) Reboot the router/satellite. Check that “ls -l /opt/*” shows entware directories or symlinks (bin, usr, share, var etc.) 5. Open your own firewall ports. If you need to make several ports accessible from WAN then create the text file /overlay/etc/netwall.conf with ports you need to open. Example of this file: ------------------------------------------------------------------------ ACCEPT net fw tcp 22,8443 ACCEPT net fw udp 1194 ------------------------------------------------------------------------ (to open TCP ports 22 and 8443 and UDP port 1194). NOTE: this file should contain LF symbol at the end of last line (press ENTER key in your text editor). Additionally you can use your own custom script to add your own iptables rules. This script should be named firewall-start.sh and be placed in the /overlay/opt/scripts/ directory, i.e. /overlay/opt/scripts/firewall-start.sh with 755 permission attributes (i.e. executable). 6. Enable DNSCtypt Proxy-2 or stubby. To enable DNSCrypt Proxy-2 run from telnet console the commands: nvram set dnscrypt2=1 nvram commit reboot To enable stubby run from telnet console the commands: nvram set stubby=1 nvram commit reboot If both DNSCrypt Proxy-2 and stubby are enabled, only stubby will be used. To disable DNSCrypt Proxy-2 or/and stubby set them to "0" by nvram. 7. Disable Armor (BitDefender) and Circle update startup. To disable Armor update daemon run from telnet console the command: nvram set noarmor=1 nvram commit reboot To disable Circle update daemon run from telnet console the command: nvram set nocircle=1 nvram commit reboot 8. Disable ReadyCLOUD (XAgent/XCloud). To disable ReadyCLOUD update daemon run from telnet console the command: nvram set nocloud=1 nvram commit reboot 9. Disable Amazon Alexa (AWS-IoT). To disable AWS-IoT daemon run from telnet console the command: nvram set noaws=1 nvram commit reboot 10. Disable SAMBA server start (Network Drive). To disable SAMBA server run from telnet console the command: nvram set samba_disable=1 nvram commmit reboot 11. Custom SAMBA config. You can use your own custom SAMBA config file using Overlay partition on USB if you place your custom smb.conf to /overlay/etc/config/samba directory on USB drive i.e. /overlay/etc/config/samba/smb.conf 12. Custom script to run (for Orbi v2 owners, units w/o USB port). You can create you own script to execute it after every reboot. Script should be placed to /mnt/ntgr directory or/and /mnt/bitdefender/ (internal nand) with name: rc.user. I.e. /mnt/ntgr/rc.user or/and /mnt/bitdefender/rc.user 13. WireGuard client. To start its using you should (1) Prepare the text file in Unix format (https://en.wikipedia.org/wiki/Text_file#Unix_text_files) with name wireguard.conf defining the following values: EndPoint, LocalIP, PrivateKey, PublicKey and Port of you WireGuard client config from WG provider. Example: ------------------------- cut here --------------------------------------- EndPoint="wireguard.5july.net" LocalIP="10.0.xxx.xxx/24" PrivateKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=" PublicKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=" Port="48574" ------------------------- cut here --------------------------------------- NOTE: no spaces before/after "=" symbol in example above. NOTE: the name of the file wireguard.conf is lowercase. NOTE: optional line could be added if your providers requires that: PresharedKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=" (2) Place this wireguard.conf file to /overlay/etc/ directory of your USB drive formatted as ext4 filesystem. I.e. /overlay/etc/wireguard.conf. (3) Insert this flash drive into your Orbi RBR50. (4) Enter by telnet to your router (RBR50) and set the nvram variable wg-client to 1 Code: nvram set wg-client=1 nvram commit (5) Reboot your router. (6) Alternative way: place this file wireguard.conf to the root of your USB drive (any format), attach it to the router and reboot your router. This drive should be attached every time you reboot your RBR50. NOTE: to disable WireGuard client starting just set wg-client to "0" and reboot the router. 14. OpenVPN client. Important: only TUN clients are supported To install OpenVPN client you can use two methods. First, semiautomatic: (1) Create the folder /openvpn-client at the root of USB stick (name of folder should be lowercase). (2) Put your *.ovpn config file into this folder (.ovpn extension of the file must be lowercase). (3) Insert this USB stick into router. OpenVPN client will be started after 30 seconds. And it will be started automatically every time after next reboot if USB drive is attached. Advice: use CA/CERT/KEY of client embedded into you *.ovpn. But separate CA/CERT/KEY files also could be used. Every file from /openvpn-client folder on the USB stick will be copied to /etc/openvpn/config/client directory of your router. To disable OpenVPN client just create the file “disable” in the folder /openvpn-client (/openvpn-client/disable) on your USB stick and insert it into router. Now OpenVPN client will not be used. Second method of installation uses Overlay partition on USB feature: just create /overlay/etc/openvpn/config/client directory on your USB drive formated as ext2/ext3/ext4 and put your *.ovpn file (and CA/CERT/KEY if any). See "Overlay partition on USB". You can start/stop OpenVPN client manually from telnet console for testing: /etc/init.d/openvpn-client start or /etc/init.d/openvpn-client stop to stop it. Log file for OpenVPN client is /var/log/openvpn-client.log, check it if you have problems. NOTE: you can add your own delay for starting OpenVPN client after reboot by the command from telnet: nvram set vpn_client_delay=120 nvram commit (to set 120 sec. delay) 15. Mounting a CIFS Share. It is possible to mount remote network share using the Common Internet File System (CIFS). This feature could be useful for Orbi v2 owners, units w/o USB port for example to use Entware mounting remote Windows/Mac/Linux/NAS shared network disk to /opt directory. Example how to mount CIFS Share: mkdir /mnt/share mount.cifs //192.168.1.100/DiskC /mnt/share -o user=username,iocharset=utf8,vers=3.02 16. Reset to default factory settings. Reset to default factory settings when you press the "reset" button is disabled. Flash to the stock firmware and perform reset to the factory settings after that if you need it. I cannot control that and cannot fix everything from the stock firmware because of lacking source codes from NG/DNI. But you can assign your own functionality as a reaction on pressing "reset" button: if you have your own script saved as "/opt/scripts/reset-button.sh" (see "Overlay partition on USB" regarding how to create such a script) it will be executed when you press the "reset" button instead of actual reset. For example your own script to backup your current settings will be performed. It is up to you what/how to customize. Voxel.