Orbi LBR20 How-To / Megathread

How To Tutorials related to Routers and Firmware
Forum rules
This forum is for tutorials only--not for help or assistance.
little-endian
Posts: 5
Joined: Tue Sep 28, 2021 8:46 am
Has thanked: 0
Been thanked: 2 times

Re: Orbi LBR20 How-To / Megathread

Post by little-endian » Sun Oct 24, 2021 4:53 pm

It depends on "which wifi?", but assuming that you probably rather mean the "fronthaul" connections with their broadcasted SSIDs (opposed to the hidden ones when using additional satellites):

While it would be far too easy and also convenient to be able to do that via the official GUI (so Netgear thinks apparently), it is at least possible via the CLI.

Of course, disabling it might prevent connecting certain devices or break any intelligent band steering (although I would yet have to witness such a thing actually existing and working). I disabled the 2.4 GHz band for instance as not a few clients (or their programmers respectively) are simply too retarded to stick to the 5 GHz one whenever possible so one has to teach those with a sledgehammer I guess.

One can also use different SSIDs for the two bands by the way, which is another way to steer stubborn devices into the wanted one.

das1996
Posts: 15
Joined: Fri Feb 12, 2021 11:57 pm
Has thanked: 4 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by das1996 » Sun Oct 24, 2021 11:38 pm

Sorry, let me clarify. Disable wifi meaning turn wifi off entirely. No backhaul, no 2.4, 5ghz, etc. No wifi period :)

The person using this only wants to use the lte modem/router function, nothing else.

hazarjast
Posts: 133
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 16 times
Been thanked: 35 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast » Mon Oct 25, 2021 8:38 pm

das1996 wrote:
Fri Oct 22, 2021 6:28 pm
I've been out of touch for a while. Glad to see more progress made.

Question; there is no option in the GUI to disable wifi. Is it possible to do so through console? Negative side effects?
No GUI option. CLI can easily issue “wifi down” which will take down the radios. It’s a bit of spaghetti mess to try and kill all the Orbi related Wifi services completely to regain resources though since there’s watcher scripts which call Wifi related stuff that Netgear expects to be running at all times. 90% of the time I just issue “wifi down” and call it good. I need actually spend some time looking at how to kill all the extra crap that still runs after the radios are off if you look in the “call once” script commands from the CJ repository but is haven’t really bothered with it much since then.

hazarjast
Posts: 133
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 16 times
Been thanked: 35 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast » Wed Nov 03, 2021 1:25 pm

Voxel firmware V9.2.5.2.26SF has been released. Mostly package updates with some fixes as well. OP updated with download and release notes links.

Also, the successor to the LBR20 with WiFi 6 (though not the newer 6e standard) and 5G is now being sold by Netgear: https://www.netgear.com/home/wifi/mesh/nbk752/
(NBR750 is the actual model number of the router unit; FCC ID PY320400511)

Unfortunately they force you to buy it in a pack with an additional Orbi satellite and the package price is an eye-watering $1100 USD on pre-order. The good news is that it appears they stuck with Quectel for the modem (specifically the RM502Q-AE) so much of the same stuff in this thread should likely apply to it as well. I will definitely not be purchasing one at the astronomical MSRP though so I do not plan on posting anymore about it in this thread.

For those curious...
User manual can be found here: https://www.downloads.netgear.com/files ... _UM_EN.pdf
FCC filing docs on the router itself can be found here (no good pics until December though, it appears): https://fcc.report/FCC-ID/PY320400511
FCC filing docs on the Quectel modem used by the router can be found here: https://fcc.report/FCC-ID/XMR2020RM502QAE
Quectel Hardware Guide for the modem can be found here: https://fcc.report/FCC-ID/XMR2020RM502QAE/5019309

das1996
Posts: 15
Joined: Fri Feb 12, 2021 11:57 pm
Has thanked: 4 times
Been thanked: 0

Re: Orbi LBR20 How-To / Megathread

Post by das1996 » Thu Nov 18, 2021 7:15 pm

@hazarjast How do i send you a private message?

User avatar
Didneywhorl
Posts: 2776
Joined: Fri Mar 23, 2018 5:37 pm
Location: USA
Has thanked: 1064 times
Been thanked: 580 times
Contact:

Re: Orbi LBR20 How-To / Megathread

Post by Didneywhorl » Fri Nov 19, 2021 9:42 am

das1996 wrote:
Thu Nov 18, 2021 7:15 pm
@hazarjast How do i send you a private message?
Ask for him on the Facebook group. https://www.facebook.com/groups/LTE.Hacks

hazarjast
Posts: 133
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 16 times
Been thanked: 35 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast » Sat Nov 20, 2021 12:10 am

das1996 wrote:
Thu Nov 18, 2021 7:15 pm
@hazarjast How do i send you a private message?
Best to reach out via email: hazarjast at protonmail dot com

hazarjast
Posts: 133
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 16 times
Been thanked: 35 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast » Sun Nov 21, 2021 1:37 am

While working on a friend's LBR20 I finally figured out the cause and solution of the ip6tables mangle randomly not taking effect on startup in Voxel's firmware when called using either 'firewall-start.sh' or 'firewall6-start.sh'. It helped that I actually went back and read the man page for the source package that is used for iptables on the LBR20, 'xtables-legacy':
https://manpages.debian.org/testing/ipt ... .8.en.html

Code: Select all

LIMITATIONS
When inserting a rule using iptables -A or iptables -I, iptables first needs to retrieve the current active ruleset,
change it to include the new rule, and then commit back the result.
This means that if two instances of iptables are running concurrently, one of the updates might be lost.
This can be worked around partially with the --wait option.
After reading that I updated my iptables/ip6tables rules to include '-w' ('--wait') switches and now the ip6tables mangle appears to work on startup as desired. Also realized that for the rare few that have plans provisioned with public IPv4 IPs it would be best to have the iptables rules I was using from the CJ scripts which secure SSH on the WAN interface. Generally not necessary for most since almost all plans are CGNAT'ed these days but still including them for reference below. They all reflect the '-w' switch as indicated:

firewall-start.sh

Code: Select all

# Secure SSH daemon by ensuring any WAN traffic is blocked
iptables -w -C net2loc -p tcp --dport 22 -m state --state NEW -m recent --set > /dev/null 2>&1 || \
iptables -w -I net2loc 1 -p tcp --dport 22 -m state --state NEW -m recent --set

# Secure SSH daemon against bruteforce attacks
iptables -w -C net2loc -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP > /dev/null 2>&1 || \
iptables -w -I net2loc 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

# IPv4 TTL mod
iptables -w -t mangle -C POSTROUTING -o wwan0 -j TTL --ttl-set 65 > /dev/null 2>&1 || \
iptables -w -t mangle -I POSTROUTING 1 -o wwan0 -j TTL --ttl-set 65
firewall6-start.sh

Code: Select all

# IPv6 TTL mod (prevents leaks not covered by IPv4 rules)
# Sleep added for good measure
sleep 5
ip6tables -w -t mangle -C POSTROUTING -o wwan0 -j HL --hl-set 65 > /dev/null 2>&1 || \
ip6tables -w -t mangle -I POSTROUTING 1 -o wwan0 -j HL --hl-set 65

User avatar
Didneywhorl
Posts: 2776
Joined: Fri Mar 23, 2018 5:37 pm
Location: USA
Has thanked: 1064 times
Been thanked: 580 times
Contact:

Re: Orbi LBR20 How-To / Megathread

Post by Didneywhorl » Sun Nov 21, 2021 1:25 pm

I wonder if this would help in general with IP tables TTL/HL rules used on openWRT

hazarjast
Posts: 133
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 16 times
Been thanked: 35 times

Re: Orbi LBR20 How-To / Megathread

Post by hazarjast » Sun Nov 28, 2021 1:00 pm

Didneywhorl wrote:
Sun Nov 21, 2021 1:25 pm
I wonder if this would help in general with IP tables TTL/HL rules used on openWRT
Would not hurt to add '-w' (--wait) switch for anything using iptables based on the xtables-legacy* packages, IMHO.

Post Reply