Kong pro firmware for IPQ806x (R7500, R7800, EA8500, ...)

I am also getting exception with the latest NSS build:

Mar  5 22:30:57 OpenWrt https-dns-proxy[26468]: [E]    92532.1678055457 (null):875418 3A75: Setting HTTP/2 version failed with 1: Error
Mar  5 22:30:57 OpenWrt https-dns-proxy[26468]: [E]    92532.1678055457 (null):875451 Try to run application with -x argument! Falling back to HTTP/1.1 version.
Mar  5 22:30:57 OpenWrt https-dns-proxy[26469]: [E]    92532.1678055457 (null):875578 3A75: Setting HTTP/2 version failed with 1: Error
Mar  5 22:30:57 OpenWrt https-dns-proxy[26469]: [E]    92532.1678055457 (null):875607 Try to run application with -x argument! Falling back to HTTP/1.1 version.

I believe this is causing my https-dns-proxy to stop and start over and over again every minute. Any idea how to fix this?
CC: @KONG

That is just an informal message telling you that the server you are connecting to does not support HTTP/2 and thus HTTP/1.1 is used, if https-dns-proxy starts over again, then there is a different problem, e.g. wan goes up and down every minute and triggers a restart of https-dns-proxy.

Thanks for your reply! Next update you make on the nss build, I can try getting logs or whatever you need to take a look if you want. I recently changed to ACwifidude NSS 22.03 build and everything is perfect. No error from https-dns-proxy either. I have XR500 that I was thinking about setting up and trying with your build to see if I get the same problem.

Quick update, I had the same problem with the NSS build on my XR500. The WAN would go up and down every minute. I ended up just flashing ACwifidude's NSS 22.03 build on my XR500 and flashed the Kong NSS build on my R7800 that I setup as a dumb AP. Performance is great wired and wireless. I have zero complaints with the current network setup. Thanks for the great build @KONG

I have just installed the 22.03/ipq806x-nss build dated 2023-03-10 on my R7800. Alas, it does not contain kmod-usb-net-dm9601-ether. Can someone help me creating a build environment for this kernel version so that I can build this kernel module myself?

Thanks

Those are my step by step instructions to build your own NSS build.

By the way, with latest source sync the https-dns-proxy error is gone, obviously this was a problem in the app itself.

Probably in the next few days I'll upgrade my main router to 22. I already have 22 builds running at work with 180+ days uptime and no issues. Then I plan on dropping 21 builds as support officially ends in April. I have not been very active lately since I started working on custom android builds.

Very Interest that

ACwifidude, thanks for the detailed instructions. I have built 22.03 branch but the packages built do not include kmod-usb-net-dm9601-ether. How can I choose to add this kmod to be built?

You can add packages to your diffconfig file.

Every line that looks like this is an added package:

CONFIG_PACKAGE_kmod-usb-storage=y

You can add packages to your heart’s delight. When you run “make defconfig” it turns your diffconfig in to a .config file to be used for your build.

Ah, now I get get it Thanks

FYI: I have now migrated my main unit to 22.03. My setup is quite complex and I had to setup from scratch.
This revealed a few little probs in my 22 build. E.g. missing options, one or 2 theme issues.

Since I soon drop 21 builds, you should get ready to upgrade to 22. For me one missing feature in firewall4 caused some trouble. nft command does not allow to delete a rule by the defintion that was used to add/insert it (wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Simple_IP.2FIPv6_Firewall).
This is a pain in the ass if you add/remove rules via cron, where you only want to disable a single rule without flushing other rules/chains that were created through cron. Thus I created a little script called in /bin/nft-delete, that allows to simple delete a rule by definition without the need to query the rules to get a handle etc., e.g.:

0 1 * * * nft insert rule inet fw4 user_pre_forward ip saddr 192.168.1.50 counter drop
0 8 * * * nft-delete rule inet fw4 user_pre_forward ip saddr 192.168.1.50 counter drop

Also I heavily used /etc/firewall.user through webif. With fw4 this tab was gone. I enabled it again, but it edits now /etc/nftables.d/10-custom-filter-chains.nft. This is the place where you can add your custom rules in nft syntax. If you used custom iptables rules, just use iptables-translate and add them into the right section.

For the upgrade I don't recommend an upgrade without reset. Thus you should backup config, take screenshots and setup from scratch. You can always extract the backup and copy and paste IPs,MACs etc. from the old configs.

@ACwifidude, hey I tried that with kmods and other packages for iphone tethering:

kmod-usb-net
kmod-usb-net-cdc-ether
kmod-usb-net-rndis
kmod-usb-net-ipheth
kmod-usb2
usbutils
usbmuxd
libusbmuxd
libimobiledevice
libimobiledevice-utils

but the packages are not added after I build it. Any hint? Thanks.

Post your diffconfig here and I’ll check it out.

# Use "make defconfig" to expand this to a full .config
CONFIG_TARGET_ipq806x=y
CONFIG_TARGET_ipq806x_generic=y
CONFIG_TARGET_DEVICE_ipq806x_generic_DEVICE_netgear_r7800=y

# exfat is patented
CONFIG_BUILD_PATENTED=y

# NSS Drivers
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-nss-ifb=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pptp=y
# CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2 is not set
# CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6 is not set
CONFIG_PACKAGE_kmod-qca-nss-crypto=y
CONFIG_PACKAGE_kmod-qca-nss-drv-igs=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y

# Longer waiting for failsafe button push
CONFIG_IMAGEOPT=y
CONFIG_PREINITOPT=y
CONFIG_TARGET_PREINIT_TIMEOUT=5

# Busybox tweaks
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVEHISTORY=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVE_ON_EXIT=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_FLAGS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_REGEXP=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_WINCH=y

# Add-on programs
CONFIG_DROPBEAR_ECC=y
CONFIG_PACKAGE_openvpn-openssl=y
CONFIG_PACKAGE_htop=y
CONFIG_PACKAGE_kmod-cryptodev=y
CONFIG_PACKAGE_libopenssl-devcrypto=y
CONFIG_PACKAGE_kmod-dnsresolver=y
CONFIG_PACKAGE_kmod-ramoops=y
CONFIG_PACKAGE_kmod-pstore=y
CONFIG_PACKAGE_kmod-reed-solomon=y
# CONFIG_PACKAGE_kmod-pppol2tp is not set
CONFIG_PACKAGE_ds-lite=y
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_kmod-usb-printer=y
CONFIG_PACKAGE_kmod-usb-net=y
CONFIG_PACKAGE_kmod-usb-net-cdc-ether=y
CONFIG_PACKAGE_kmod-usb-net-rndis=y
CONFIG_PACKAGE_kmod-usb-net-ipheth=y
CONFIG_PACKAGE_kmod-usb2=y
CONFIG_PACKAGE_usbutils=y
CONFIG_PACKAGE_usbmuxd=y
CONFIG_PACKAGE_libusbmuxd=y
CONFIG_PACKAGE_libimobiledevice=y
CONFIG_PACKAGE_libimobiledevice-utils=y
CONFIG_PACKAGE_stubby=y

# USB device mount & file systems support
CONFIG_PACKAGE_block-mount=y
CONFIG_PACKAGE_cryptsetup=y
CONFIG_PACKAGE_e2fsprogs=y
CONFIG_PACKAGE_f2fs-tools=y
CONFIG_PACKAGE_kmod-crypto-ecb=y
CONFIG_PACKAGE_kmod-crypto-xts=y
CONFIG_PACKAGE_kmod-crypto-iv=y
CONFIG_PACKAGE_kmod-crypto-misc=y
CONFIG_PACKAGE_kmod-crypto-user=y
CONFIG_PACKAGE_kmod-fs-exfat=y
CONFIG_PACKAGE_kmod-fs-ext4=y
CONFIG_PACKAGE_kmod-fs-f2fs=y
CONFIG_PACKAGE_kmod-fs-hfs=y
CONFIG_PACKAGE_kmod-fs-hfsplus=y
CONFIG_PACKAGE_kmod-fs-msdos=y
CONFIG_PACKAGE_kmod-fs-nfs=y
CONFIG_PACKAGE_kmod-fs-nfs-common=y
CONFIG_PACKAGE_kmod-fs-nfs-v3=y
CONFIG_PACKAGE_kmod-fs-nfs-v4=y
CONFIG_PACKAGE_kmod-fs-vfat=y
CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp1250=y
CONFIG_PACKAGE_kmod-nls-cp437=y
CONFIG_PACKAGE_kmod-nls-cp850=y
CONFIG_PACKAGE_kmod-nls-iso8859-1=y
CONFIG_PACKAGE_kmod-nls-iso8859-15=y
CONFIG_PACKAGE_kmod-nls-utf8=y
CONFIG_PACKAGE_kmod-usb-storage=y
CONFIG_PACKAGE_kmod-usb-storage-uas=y
CONFIG_PACKAGE_libblkid=y
CONFIG_PACKAGE_ntfs-3g=y
CONFIG_PACKAGE_nfs-utils=y

# IPv6 support
CONFIG_PACKAGE_6in4=y
CONFIG_PACKAGE_6to4=y
CONFIG_PACKAGE_6rd=y

# WLAN/WPS support
CONFIG_PACKAGE_hostapd-utils=y
CONFIG_WPA_MSG_MIN_PRIORITY=4
CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set
# CONFIG_PACKAGE_libustream-mbedtls is not set
# CONFIG_PACKAGE_libmbedtls is not set

# SSL certificates
CONFIG_PACKAGE_ca-certificates=y

# Luci (SSL from OpenSSL)
CONFIG_PACKAGE_luci-ssl-openssl=y
CONFIG_PACKAGE_luci-app-commands=y
CONFIG_PACKAGE_luci-app-adblock=y
CONFIG_PACKAGE_luci-app-openvpn=y
CONFIG_PACKAGE_luci-app-ddns=y
CONFIG_PACKAGE_luci-app-wireguard=y
CONFIG_PACKAGE_luci-theme-openwrt-2020=y
CONFIG_PACKAGE_luci-app-sqm=y

# Luci statistics
CONFIG_PACKAGE_luci-app-statistics=y
CONFIG_PACKAGE_collectd-mod-conntrack=y
CONFIG_PACKAGE_collectd-mod-cpufreq=y
CONFIG_PACKAGE_collectd-mod-dhcpleases=y
CONFIG_PACKAGE_collectd-mod-entropy=y
CONFIG_PACKAGE_collectd-mod-exec=y
CONFIG_PACKAGE_collectd-mod-thermal=y
CONFIG_PACKAGE_collectd-mod-wireless=y

After “cp diffconfig .config” and “make defconfig” - these yes selections should be in your .config file. After your build you should see these packages in your manifest file in your bin folder. Are these packages in your .config and manifest file?

It's in the .config and manifest file but after installing the factory image it's not installed and I'm getting this trying to install it:

image1029×338 30.3 KB

Only kmod-usb2 and libimobiledevice got installed.

if the packages are in your .config and manifest files then they should be in your image. You can try to sysupgrade your image you built and see if it will load. The packages you show there are in my standard build (kmod-usb-core and kmod-nls-base, my build doesn't have kmod-usb-net). Try loading your sysupgrade and seeing if it loads the packages you added.

I had to change CONFIG_TARGET_DEVICE_ipq806x_generic_DEVICE_netgear_r7800=y to CONFIG_TARGET_ipq806x_generic_DEVICE_netgear_r7800=y
I copied the diffconfig from your first post. Seemed a bit old... Thanks for ya help.

Ah that makes sense. I edited my post and deleted that old diffconfig so that it is less confusing.