Ipq806x NSS build (Netgear R7800 / TP-Link C2600 / Linksys EA8500)

great to hear! Will try out the new master builds!
edit: Running three r7800's with the new master now: solid performance so far! Let's hope for the best on stability too!
edit 2: all are up for 24hours now, so this is promising :slight_smile: Performance is still solid.

2 Likes

which one? :slight_smile:
btw, with your previous master i could reach one month uptime, impressive!

2 Likes

Oh my, just tried the latest 5.15 master build on EA7500, the ram usage is finally reported correctly!
140 mb used, ~40 free, ~40 available too instead of 0.
Also it hasn't restarted in a few hours now under load of many connections.

I think this thing is working correctly for once, paradoxically since kernel is even newer. Good job man.

1 Like

I have been on : NBG6817-20230309-Stable2203NSS-sysupgrade for a month, after 3 weeks started noticing wifi dropouts randomly. Sometimes even the wifi vanishes completely, in general that compile isn't the greatest and no i couldn't find anything in the logs. All i know even after restarts the router started to function worse and worse every other week.
Had a total uptime of 40 days ish.

Now i'm testing the most recent compile: NBG6817-20230319-Stable2203NSS-sysupgrade
Lets see what this can give me.
So far this is what i'm getting on coaxial network(1000/50): https://www.waveform.com/tools/bufferbloat?test-id=7fb98018-a26e-4788-90b3-eba0f8c45e5d

I searched here on the forums and found that some platforms don’t have all the perl modules installed. I found this listing of packages:

perlbase-ipc, perlbase-module, perlbase-extutils

I build on fedora linux so I found the similar module to perl IPC and it automatically pulled in the rest via dependencies. Built with no issue after that!

1 Like

Additionally I get several Warnings before compiling.

./scripts/feeds update -a && ./scripts/feeds install -a && cp diffconfig .config && make defconfig && ./scripts/getver.sh
.....
Collecting target info: done
Create index file './feeds/routing.index' 
Collecting package info: done
Collecting target info: done
Create index file './feeds/telephony.index' 
Collecting package info: done
Collecting target info: done
Create index file './feeds/nss.index' 
Collecting package info: done
Collecting target info: done
Create index file './feeds/sqm_scripts_nss.index' 
Collecting package info: done
Collecting target info: done
Collecting package info: done
Collecting target info: done
WARNING: Makefile 'package/utils/busybox/Makefile' has a dependency on 'libpam', which does not exist
WARNING: Makefile 'package/utils/busybox/Makefile' has a dependency on 'libpam', which does not exist
WARNING: Makefile 'package/utils/busybox/Makefile' has a build dependency on 'libpam', which does not exist
WARNING: Makefile 'package/boot/kexec-tools/Makefile' has a dependency on 'liblzma', which does not exist
WARNING: Makefile 'package/network/services/lldpd/Makefile' has a dependency on 'libnetsnmp', which does not exist
WARNING: Makefile 'package/kernel/mac80211/Makefile' has a dependency on 'kmod-qca-nss-drv', which does not exist
WARNING: Makefile 'package/utils/policycoreutils/Makefile' has a dependency on 'libpam', which does not exist
WARNING: Makefile 'package/utils/policycoreutils/Makefile' has a dependency on 'libpam', which does not exist
WARNING: Makefile 'package/utils/policycoreutils/Makefile' has a build dependency on 'libpam', which does not exist
Installing all packages from feed packages.
Installing package '2to3' from packages
Installing package 'python3' from packages

I compile on Debian and except for 2 successful builds I've always got qca-nss-drv failed to build errors.

First time building from scratch, worked very good. Thanks @ACwifidude
My diffconfig for R7800, using it with stable

  • ath10k
  • igmpproxy
  • qrencode (for wireguard config QR)
  • banip
  • removed some packages i don't use

EDIT :
Release on Github:

WAN speedtest:

Download Mbps 936.60
Upload Mbps 859.86

@ACwifidude Is it allowed here to share my builded image in here?

For make cmd i used this to automatically fill in the correct amount of cores:
make -j $(($(nproc)+1))

# Use "make defconfig" to expand this to a full .config
CONFIG_TARGET_ipq806x=y
CONFIG_TARGET_ipq806x_generic=y
CONFIG_TARGET_ipq806x_generic_DEVICE_netgear_r7800=y

# exfat is patented
CONFIG_BUILD_PATENTED=y

# NSS Drivers
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-nss-ifb=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
#CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2=y
#CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6=y

# Longer waiting for failsafe button push
CONFIG_IMAGEOPT=y
CONFIG_PREINITOPT=y
CONFIG_TARGET_PREINIT_TIMEOUT=5

# Busybox tweaks
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVEHISTORY=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVE_ON_EXIT=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_FLAGS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_REGEXP=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_WINCH=y

# Add-on programs
CONFIG_DROPBEAR_ECC=y
#CONFIG_PACKAGE_openvpn-openssl=y
CONFIG_PACKAGE_htop=y
CONFIG_PACKAGE_kmod-cryptodev=y
CONFIG_PACKAGE_libopenssl-devcrypto=y
CONFIG_PACKAGE_kmod-dnsresolver=y
CONFIG_PACKAGE_kmod-ramoops=y
CONFIG_PACKAGE_kmod-pstore=y
CONFIG_PACKAGE_kmod-reed-solomon=y
#CONFIG_PACKAGE_kmod-pppol2tp=y
#CONFIG_PACKAGE_ds-lite=y
#CONFIG_PACKAGE_kmod-usb-printer=y
CONFIG_PACKAGE_igmpproxy=y
CONFIG_PACKAGE_qrencode=y
CONFIG_PACKAGE_banip=y

# USB device mount & file systems support
CONFIG_PACKAGE_block-mount=y
CONFIG_PACKAGE_cryptsetup=y
CONFIG_PACKAGE_e2fsprogs=y
CONFIG_PACKAGE_f2fs-tools=y
CONFIG_PACKAGE_kmod-crypto-ecb=y
CONFIG_PACKAGE_kmod-crypto-xts=y
CONFIG_PACKAGE_kmod-crypto-iv=y
CONFIG_PACKAGE_kmod-crypto-misc=y
CONFIG_PACKAGE_kmod-crypto-user=y 
CONFIG_PACKAGE_kmod-fs-exfat=y
CONFIG_PACKAGE_kmod-fs-ext4=y
CONFIG_PACKAGE_kmod-fs-f2fs=y
CONFIG_PACKAGE_kmod-fs-hfs=y
CONFIG_PACKAGE_kmod-fs-hfsplus=y
CONFIG_PACKAGE_kmod-fs-msdos=y
CONFIG_PACKAGE_kmod-fs-nfs=y
CONFIG_PACKAGE_kmod-fs-nfs-common=y
CONFIG_PACKAGE_kmod-fs-nfs-v3=y
CONFIG_PACKAGE_kmod-fs-nfs-v4=y
CONFIG_PACKAGE_kmod-fs-vfat=y
CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp1250=y
CONFIG_PACKAGE_kmod-nls-cp437=y
CONFIG_PACKAGE_kmod-nls-cp850=y
CONFIG_PACKAGE_kmod-nls-iso8859-1=y
CONFIG_PACKAGE_kmod-nls-iso8859-15=y
CONFIG_PACKAGE_kmod-nls-utf8=y
CONFIG_PACKAGE_kmod-usb-storage=y
CONFIG_PACKAGE_kmod-usb-storage-uas=y
CONFIG_PACKAGE_libblkid=y
CONFIG_PACKAGE_ntfs-3g=y
CONFIG_PACKAGE_nfs-utils=y

# IPv6 support
CONFIG_PACKAGE_6in4=y
CONFIG_PACKAGE_6to4=y
CONFIG_PACKAGE_6rd=y

# WLAN/WPS support
CONFIG_PACKAGE_hostapd-utils=y
CONFIG_WPA_MSG_MIN_PRIORITY=4
CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
# CONFIG_PACKAGE_libustream-wolfssl is not set

# SSL certificates
CONFIG_PACKAGE_ca-certificates=y

# Luci (SSL from OpenSSL)
CONFIG_PACKAGE_luci-ssl-openssl=y
CONFIG_PACKAGE_luci-app-commands=y
#CONFIG_PACKAGE_luci-app-adblock=y
#CONFIG_PACKAGE_luci-app-openvpn=y
#CONFIG_PACKAGE_luci-app-ddns=y
CONFIG_PACKAGE_luci-app-wireguard=y
CONFIG_PACKAGE_luci-theme-openwrt-2020=y
#CONFIG_PACKAGE_luci-app-sqm=y
CONFIG_PACKAGE_luci-app-banip=y

# Luci statistics
CONFIG_PACKAGE_luci-app-statistics=y
CONFIG_PACKAGE_collectd-mod-conntrack=y
CONFIG_PACKAGE_collectd-mod-cpufreq=y
CONFIG_PACKAGE_collectd-mod-dhcpleases=y
CONFIG_PACKAGE_collectd-mod-entropy=y
CONFIG_PACKAGE_collectd-mod-exec=y
CONFIG_PACKAGE_collectd-mod-thermal=y
CONFIG_PACKAGE_collectd-mod-wireless=y

#CONFIG_PACKAGE_kmod-ath10k-ct=m
CONFIG_PACKAGE_kmod-ath10k=m
#CONFIG_PACKAGE_ath10k-firmware-qca988x-ct=m
#CONFIG_PACKAGE_ath10k-firmware-qca99x0-ct=m
#CONFIG_PACKAGE_ath10k-firmware-qca9984-ct=m
#CONFIG_PACKAGE_ath10k-firmware-qca988x=m
#CONFIG_PACKAGE_ath10k-firmware-qca99x0=m
CONFIG_PACKAGE_ath10k-firmware-qca9984=m



2 Likes

I don’t mind seeing other people’s builds here. I’ll keep my build updated via the links in the first post but anyone that wants to share their link, suggest changes, or finds ways to improve the code I’m all ears.

I might include suggested changes in my build, I might not. I try to keep my build simple and not too bloated (but with a reasonable set of packages that most would use). If another person’s link or experiences is helpful for someone I feel that is the point of a community build, for everyone to join in and enjoy the different flavors out there / learn from each other / share their experiences with either my build, or their own builds.

2 Likes

I just wanted to add I've been running the NSS 22.03 build on my XR500 (wifi disabled) for almost 5 days and everything has been great. I am using Kong's NSS build on my R7800 that I have setup as a dumb AP. Everything is great. Thanks for the great build @ACwifidude, I appreciate all the great work.

1 Like

I want to point out a reference to another issue with nlbwmon that was broadly discussed on this thread too. Just in case anyone has missed it but may want to try a possible solution.
Currently I'm testing the proposed solution to remove list local_network 'lan' from /etc/config/nlbwmon.

Has anyone noticed that on R7800, USB LEDs are swapped. When I put an USB flash device in port 1 - the LED 2 blinks and vice versa.

Thanks, i have made a release on Github for the people who want to use it.
See my previous post.

1 Like

First off, big thanks to everyone on here for their work on these devices.

I have the EA7500v1 and I'm having an issue with MFP (802.11w) for the purpose of enabling WPA3.

With MFP disabled, I'm getting nearly my full download WAN speed over WLAN (about 560Mbps).
With MFP enabled, download speeds drop to under 30Mbps.
This means I can't use WPA3.

802.11r is disabled.
I have tried both ath10k and ath10k-ct to no improvement.
I have tried the various wpad flavors to no improvement.

On default OpenWRT (not this NSS build), enabling MFP does not affect WLAN speed. However, the speed maxes out at about 260Mbps so that's not an option for me either.

Has anyone else experienced this and is there a fix?

Here with Oneplus 8T connected with 5GHz WPA3 (11w required) and Netgear R7800 i reach 500 Mbps without problems in speedtest.

Ban-ip is working now on my build. I had some configuration errors with interfaces but now it logs and shows that it blocked incoming ip's

Fri Mar 24 00:50:21 2023 kern.warn kernel: [262870.721873] banIP/inp-wan/drp/firehol3v4: IN=pppoe-wan OUT= MAC= SRC=192.241.197.141 DST=xxx LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47880 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0

I did some more testing. The issue is with ath10k vs ath10k-ct on the EA7500v1.
ath10k-ct works with or without MFP (802.11w). Unfortunately, the Wifi speed limit seems to be about 290Mbps for this driver.
ath10k does not work with MFP (speed drops to about 30Mbps on both this NSS build and vanilla OpenWRT). It is, however, capable of running without MFP at twice the speed and half the latency of ath10k-ct.

This is an unfortunate situation.

I'm getting this error while trying to compile master

ERROR: package/feeds/nss/qca-nss-crypto failed to build.

//edited with correct diffconfig

# Use "make defconfig" to expand this to a full .config
CONFIG_TARGET_ipq806x=y
CONFIG_TARGET_ipq806x_generic=y
CONFIG_TARGET_MULTI_PROFILE=y
CONFIG_TARGET_DEVICE_ipq806x_generic_DEVICE_linksys_ea7500-v1=y
CONFIG_TARGET_PER_DEVICE_ROOTFS=y

# exfat is patented
CONFIG_BUILD_PATENTED=y

# swap stuff (LE: it actually works after a few hours, turn swappiness higher and set it to use zstd)
CONFIG_SWAP=y
CONFIG_PACKAGE_zram-swap=y

# NSS Drivers
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-nss-ifb=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pptp=y
# CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2 is not set
# CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6 is not set
CONFIG_PACKAGE_kmod-qca-nss-crypto=y
CONFIG_PACKAGE_kmod-qca-nss-drv-igs=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y

# Longer waiting for failsafe button push
CONFIG_IMAGEOPT=y
CONFIG_PREINITOPT=y
CONFIG_TARGET_PREINIT_TIMEOUT=5

# Busybox tweaks
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVEHISTORY=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVE_ON_EXIT=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_FLAGS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_REGEXP=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_WINCH=y

# Add-on programs
CONFIG_DROPBEAR_ECC=y
# CONFIG_PACKAGE_openvpn-openssl is not set
CONFIG_PACKAGE_htop=y
CONFIG_PACKAGE_nano=y
CONFIG_PACKAGE_kmod-cryptodev=y
CONFIG_PACKAGE_kmod-dnsresolver=y
CONFIG_PACKAGE_kmod-ramoops=y
CONFIG_PACKAGE_kmod-pstore=y
CONFIG_PACKAGE_kmod-reed-solomon=y
# CONFIG_PACKAGE_kmod-pppol2tp is not set
CONFIG_PACKAGE_ds-lite=y
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_kmod-usb-printer=y

# USB device mount & file systems support
CONFIG_PACKAGE_block-mount=y
CONFIG_PACKAGE_cryptsetup=y
CONFIG_PACKAGE_e2fsprogs=y
CONFIG_PACKAGE_f2fs-tools=y
CONFIG_PACKAGE_kmod-crypto-ecb=y
CONFIG_PACKAGE_kmod-crypto-xts=y
CONFIG_PACKAGE_kmod-crypto-iv=y
CONFIG_PACKAGE_kmod-crypto-misc=y
CONFIG_PACKAGE_kmod-crypto-user=y
CONFIG_PACKAGE_kmod-fs-exfat=y
CONFIG_PACKAGE_kmod-fs-ext4=y
CONFIG_PACKAGE_kmod-fs-f2fs=y
CONFIG_PACKAGE_kmod-fs-hfs=y
CONFIG_PACKAGE_kmod-fs-hfsplus=y
CONFIG_PACKAGE_kmod-fs-msdos=y
CONFIG_PACKAGE_kmod-fs-nfs=y
CONFIG_PACKAGE_kmod-fs-nfs-common=y
CONFIG_PACKAGE_kmod-fs-nfs-v3=y
CONFIG_PACKAGE_kmod-fs-nfs-v4=y
CONFIG_PACKAGE_kmod-fs-vfat=y
CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp1250=y
CONFIG_PACKAGE_kmod-nls-cp437=y
CONFIG_PACKAGE_kmod-nls-cp850=y
CONFIG_PACKAGE_kmod-nls-iso8859-1=y
CONFIG_PACKAGE_kmod-nls-iso8859-15=y
CONFIG_PACKAGE_kmod-nls-utf8=y
CONFIG_PACKAGE_kmod-usb-storage=y
CONFIG_PACKAGE_kmod-usb-storage-uas=y
CONFIG_PACKAGE_libblkid=y
CONFIG_PACKAGE_ntfs-3g=y
CONFIG_PACKAGE_nfs-utils=y

# IPv6 support
CONFIG_PACKAGE_6in4=y
CONFIG_PACKAGE_6to4=y
CONFIG_PACKAGE_6rd=y

# WLAN/WPS support
CONFIG_PACKAGE_hostapd-utils=y
CONFIG_WPA_MSG_MIN_PRIORITY=4
CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set
# CONFIG_PACKAGE_libustream-mbedtls is not set
# CONFIG_PACKAGE_libmbedtls is not set

# SSL certificates
CONFIG_PACKAGE_ca-certificates=y

# Luci (SSL from OpenSSL)
CONFIG_PACKAGE_luci-ssl-openssl=y
CONFIG_PACKAGE_luci-app-commands=y
CONFIG_PACKAGE_luci-app-adblock=y
# CONFIG_PACKAGE_luci-app-openvpn is not set
CONFIG_PACKAGE_luci-app-ddns=y
# CONFIG_PACKAGE_luci-app-wireguard is not set
CONFIG_PACKAGE_luci-theme-openwrt-2020=y
# CONFIG_PACKAGE_luci-app-sqm is not set
CONFIG_PACKAGE_luci-app-banip=y
CONFIG_PACKAGE_luci-app-upnp=y

# Luci statistics
CONFIG_PACKAGE_luci-app-statistics=y
CONFIG_PACKAGE_collectd-mod-conntrack=y
CONFIG_PACKAGE_collectd-mod-cpufreq=y
CONFIG_PACKAGE_collectd-mod-dhcpleases=y
CONFIG_PACKAGE_collectd-mod-entropy=y
CONFIG_PACKAGE_collectd-mod-exec=y
CONFIG_PACKAGE_collectd-mod-interface=y
CONFIG_PACKAGE_collectd-mod-iwinfo=y
CONFIG_PACKAGE_collectd-mod-load=y
CONFIG_PACKAGE_collectd-mod-memory=y
CONFIG_PACKAGE_collectd-mod-network=y
CONFIG_PACKAGE_collectd-mod-ping=y
CONFIG_PACKAGE_collectd-mod-thermal=y
CONFIG_PACKAGE_collectd-mod-wireless=y
CONFIG_PACKAGE_collectd-mod-uptime=y


really happy with the latest 5.15 builds for my r7800's.: Both wired as WiFi performance is great and all three routers have an uptime of +5days now. :muscle:

2 Likes

For wpad you have to “turn off” mbedtls to use openssl, the “# is not set” lines do that so that there are not issues.

CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set
# CONFIG_PACKAGE_libustream-mbedtls is not set
# CONFIG_PACKAGE_libmbedtls is not set

I’ve found this combo of NSS packages satisfies all the inter dependencies and activates all the desired NSS drivers, it may seem like a bunch but the newer NSS requires a few more packages compared to the old 10.0 (this isn’t “the minimum” packages but will make all the packages work for what it looks like you selected):

# NSS Drivers
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-nss-ifb=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pptp=y
# CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2 is not set
# CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6 is not set
CONFIG_PACKAGE_kmod-qca-nss-crypto=y
CONFIG_PACKAGE_kmod-qca-nss-drv-igs=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y

Best of luck!

3 Likes

It built and booted fine, thank you, for completeness i edited my previous comment.

One tiny thing, the resulting image is called "openwrt-ipq806x-generic-linksys_ea7500-v1-squashfs-sysupgrade.bin", is that normal? It has everything, the nss stuff, the packages i added/removed etc, so it's just cosmetic.

1 Like

Yes that is the normal naming convention for OpenWrt. I change the name after building to my preferred naming scheme to clearly know the build date and architecture.

1 Like