DGND3700 V1 Transmission Firmware
This page contains all the custom firmware files for Netgear's DGND3700 V1 / N600 (ADSL/VDSL(FTTC)/WAN Router).
- NOTE this is built based upon Netgear's released GPL source code and is not related in any way to Netgear beyond that.
- 1 DGND3700 v1 / N600 Screenshots
- 2 Added Features
- 3 Updated Features
- 4 Known Issues
- 5 Download Latest Firmware DGND3700V1/N600
- 6 See Also
- 7 Notes/FAQ/Help/Instructions/Manual
- 7.1 Network Services
- 7.2 Cron
- 7.3 Dropbear (SSH/SFTP)
- 7.4 DNS (DNSMasq)
- 7.5 Port forwarding
- 7.6 Modifying firmware behaviour on the fly
- 7.7 OpenVPN
- 7.8 Telnet daemon
- 7.9 Transmission
- 7.10 Automatic
- 7.11 ADLS/VDSL
- 7.12 Inadyn-mt (DynDNS)
- 7.13 Ethernet WAN port to LAN
- 7.14 SSH / SFTP / Dropbear
- 7.15 PXE Booting
- 8 Building your own version
- 9 Comments
DGND3700 v1 / N600 Screenshots
- Avahi (Bonjour) network discovery for most services
- Transmission (Bittorrent) [including relevant network tweaks to tcp_fin_timeout/tcp_keepalive_time/rmem_max/wmem_max ]
- Automatic torrent RSS feeder
- Full ADSL Mode Setting, ADSL/VDSL , Target SNR Margin (10% increments), PhyRexMt
- Inadyn-mt Dynamic DNS Support
- e2fsprogs Format/check ext2/3/4 filesystems directly on device
- Large files support to filesystem limits
- Add 5th LAN port by reassigning ethernet WAN port to the bridge (eth0 to br0)
- NFS 2,3 and 4
- Filesystem, EXT 2,3 (& 4 as experimental in kernel), HFS+ r/o
- Dropbear SSH with sftp-server (OpenSSH), LAN and WAN access.
- strace for developers
- DNSMasq DHCP / DNS caching and PXE booting
- p910nd non-caching print server daemon (hotplug started)
- Lots more Busybox programs enabled.
- Crontab/crond (time based job scheduler)
- SNMP daemon
- RIP re-enabled (zebra ripd)
- Wake-On-Lan (send magic packet to wake LAN machine)
- Ad-blocking via DNS (using DNSMasq with http://pgl.yoyo.org/adservers/ blocklist)
- WAN VLAN tag ID (for certain VDSL providers such as BT Infinity)
- IGMP Proxy - (for IPTV [with VDSL services], modified with wl-500 oleg patches for 0.0.0.0/1 altnet)
- bbe binary block editor (dev use, alter the propietry binaries)
- TCPdump realtime network log/monitor
- ADSL/VDSL firmware replaced with A2pv6C035m.d23k (from Netgear's never released beta firmware)
- ADSL/VDSL granular mode selection, granular options selectable.
- miniDLNA (ReadyShare) Supports more TV's and devices & now works properly daemonized.
- Samba 3.6 (Support SMB2, years of bugfixes & improvements.)
- NTFS-3G 2014 (many fixes, improved Windows 8 NTFS compatability)
- udhcpd replaced with DNSMasq (works properly, faster, more features, DNS attack protection, caching, Ad-blocking, PXE Boot)
- Automounting USB via disk Label, falling back to UUID, then block device number.
- USB drive using spinning media CFQ I/O scheduler, (not NOOP!)
- Priority of all non-vital programs lowered to stop router hanging/crashing on CPU load.
- Time set from from time.nist.gov and pool.ntp.org on WAN up rather than Netgear's (sometimes problematic) time servers.
- MER (DHCP client options) not currently working on Sky Fibre Broadband,UK according to my tester. If anyone has this working please drop me a line.
- PXE boot wont work if you are logged into the Web UI on another machine.
Download Latest Firmware DGND3700V1/N600
Download Link DGND3700_2014-09-29_A_D.chk
- External link to Netgear discussion forum about the modded firmware
This replaced 2014-09-28 which had a problem with samba
- openVPN 2.3.4 (not affected by ShellShock, no auth-user-pass-verify in default config [and no bash shell anyway])
- Using WAN port as 5th Ethernet port (actually port 0) now works fully without isolation.
(thanks to help from 'erm67' in decyphering /proc/switch!)
- Fixed occasional race condition with dnsmasq restarting before ports were freed.
(don't understand how it happens but adding a retry loop in the source fixed it.
The version change also fixes another possible race condition problem)
- miniDLNA/Readyshare 1.1.3 ? > 1.1.4 (fixes for some Philips TVs, added Magic Containers)
- Transmission 2.83 > 2.84
- OpenSSL 1.0.1h? > 1.0.2 beta3 (no Heartbleed)
- OpenSSH 6.3p1 > 6.6p1
- NFSUtils 1.2.7 > 1.3.0 (NFSv2 still enabled)
- inadyn-mt 02.24.38 > 02.24.43 (fixes, extra dynmaic dns servers supported)
- Dropbear(SSH) 2013.56 > 2014.65 (compiled with reduced unauth limits to help against brute force attacks)
- Samaba 3.2.22 > 3.2.24 (final Samba 3 release)
- DNSMasq 2.71 > 2.72
- Unnecessary 'dsldiag' removed from acos_init startup to save some CPU cycles.
- Altered built in accounts/groups to be more correct.
- Temp file used on altering web config values changed to be not the same as minidlna was still using!
- other minor bits and bobs.
This replaced 2014-05-26 which had a problem with dnsmasq
- tcpdump/libpcap 4.5.1 / 1.5.3 - network debugging/monitoring
- PXE Boot will serve all menu/data from USB if attached with magic folder /pxe/
- NVRAM variable dnsmasq_custom_options will append contents to dnsmasq config file
- Added items to Web UI
- additional WAN DHCP Client options can be passed (1483/MER)
- additional DNS server to DHCP assigned ones
- timezone setting (TZ)
- Ad-blocking list URL
- WAN VLAN tagging works properly (e.g. with BT Infinity, UK)
- Automatic RSS torrent feed web interface now works again
- miniDLNA/Readyshare > current Git (fixed some Samsung TV problems amongst many other fixes)
- Transmission 2.82 > 2.83
- OpenSSL > 1.02 (HEATBEAT disabled)
- Dnsmasq 2.68 > 2.71
- PXElinux > 6.02 (now direct via lpxelinux.0 without iPXE)
- e2fsprogs 1.42.9 - cant format/check ext2/3/4 file system directly on DGND3700 (mke2fs/e2fsck/badblocks etc. Usage example under 'transmission' here
- SMB2 (Samba V2) support now working. (Oddity of obsolete 'security = share' disabling SMB2 support.)
(Note gvfs-mount as used in Nautilus etc. only supports SMB1).
- umount now works again (bug introduced in Busybox 1.22.0 - I found/fixed).
- cURL 7.33.0 > 7.35.0
- miniDLNA/Readyshare > todays current git (development seems to have restarted)
- sqlite3 > 3080301
- NTFS-3g > 2014.2.15
- Now (almost) everything compiled with gcc optimize level -O3 for possible slight speedups/lower cpu usage. (Previously most were -O2 and some only -Os)
- Removed some unnecessary build options in ffmpeg to reduce library sizes (used by miniDLNA/Readyshare)
- Retracted using ionice for TBT and DLNA
- Ad blocking via DNS (dnsmasq) - [default using http://pgl.yoyo.org which isn't too large and yet still blocks 99%, can be changed via nvram parameter 'adblock_blocklist', if dnsmasq formatted]
- Additional DNS server can be added in addition to DHCP aquired ones by adding it's IP with nvram paramter 'wan_dns_extra'
Additions - Testing: [feedback please as untested]
- VLAN tag (WAN VLAN ID) on atm0 interface (for VDSL [e.g. BT Infinity, ID 101, remember transfer mode needs to be also PTM])
- IGMP Proxy (IPTV)
- Removed the possibility of race condition in acos_service when wan is going down and up where it may be reading/writing/moving/deleting resolv.auto file at the same time.
- Few minor GUI tweaks
- Dnsmasq now doesn't poll for resolve.auto, relies on wan up/down, (will save a few CPU cycles)
- Time/date set via busybox's ntpd on wan up (time.nist.giv & time.pool.org). No longer running timesync with Netgear's servers, (will save a few CPU cycles)
- SNMP Monitor (Web GUI)
- Wake-On-Lan (Web GUI)
- Cron Scheduler (Web GUI)
- Avahi/Bonjour/Zeroconf services advertisments
- RIP (re-enabled Netgear's implementation with zebra/ripd)
- bbe (binary block editor), wol (cli)
- Busybox > 1.22.1
- Samba > 3.6.22
- Patched pre-existing bug in lld2d (link layer topology discovery daemon) so when it randomly renames the LAN Setup > Device Name it goes to a default DGND3700 and not "802.11 Broadcom Reference", which breaks things (such as Windows 7 'network map')
- Transmission startup script will no longer cause a 0 byte config file if the drives full.
- A few other minor fixes.
- Enabled MaxMTU setting to 1492 on PPPoA
- LAN Setup > 'Device Name' now forced to only allow alphanumeric and hyphens as being used as hostname and as part of the service names
- Web GUI updated with new 'network services' and text tweaking for clarity
- Most programs/services now separately enabled/disabled via the 'network services'.
- miniDLNA now referred to with its new name 'ReadyMedia'
- more filtering of webui input to block anyone entering invalid characters that may break parsing
- p910nd non-caching print server daemon added, autostarts on USB printer hotplug. (Appsocket/HP JetDirect , port 9100)
- Altered ADSL 'Target SNR Margin' adjustments on web gui to have finer grained control (10% increments)
- telnet client as requested
- crontab/crond as requested (and cURL executable). Setting nvram option cron_value with a normal crontab entry will make crond start using that value.
- rebuilt MIPS build toolchain with all available patches (fixing daemonize bug)
- minidlna to 1.1.1, now running properly daemonized. (Netgear worked around this by leaving it running in debug mode!) It should take up less resources now doing a scan too & work with more tv's etc.
- openssl 1.0.2
- all the (A/V) libs that minidlna uses. (ffmpeg 2.0.2 ,libogg 1.3.1, flac 1.3.0 & zlib 1.2.8)
- dnsmasq now back to low CPU usage & not crapping out (setting --query-port=0), thanks to a tool called dnsblast that let me get to the bottom of it after weeks of fiddling and trying to find a reliable test.
- unplugging a usb device should stop services and cleanup everything properly.
- other minor things I can't remember now as it has been so long since last release.
- ionice reducing I/O priority of transmission and minidlna to get low dibs order on the usb drive and not hog it.
- multitude of kernel patches from Olegs Wl-500g firmware
- Using ISO-8601 for firmware numbering. (FYI Netgears choice '10201736' is month:10 day:20 hour:17 minute:36, no year)
- udhcpd nuked, DNSMasq now doing DNS and DHCP, featuring;
- resolvable LAN hostnames including the router
- DNS query caching (including local caching for TBT trackers etc.)
- simultaneous query of DNS servers, using fastest.
- some protections against attacks involving DNS
- PXE boot enabled, with two flavours of Memtest86 currently bootable, via TFTP > HTTP (iPXE > PXELINUX), F12 on most systems at boot. [expansion in mind, pull larger stuff from the USB drive]
- Can add LAN/Ethernet port to the bridge (to act as 5th LAN port)
- Renice original default programs to low priority on startup
- Dropbear SSH Firewall enabled didn't stick after power cycle (moved on menu, now called 'dropbearfw')
- Static leases work correctly.
- Automatic URL/Feed parsing fixed
- Updated Busybox and Dropbear
- Added sftp-server (from OpenSSH) addition for Dropbear to allow SFTP access
- Added opening external Firewall to allow SSH/SFTP
- Dropbear now logs to syslog
- Fixed log to be working again
- Annex M and VDSL selection on new menu set them. [Note, under 'Settings' > 'ADSL Setting' , 'VDSL' setting has no effect]
- Updated Transmission 2.77 > 2.82
- Added Automatic 0.8.0 for automatically adding torrents from RSS feeds.
- GUI page for dyndns
- Added advanced Wifi menu back that was 'hidden' in original firmware, A-MPDU/A-MSDU aggregation, Beacon, DTIM interval setting.
- Much more feature enhanced web GUI for ADSL, Dyndns, Torrent/Automatic settings
- Shutdown/reboot from new menu shut everything down nicely first from inittab
- Compiling firmware initially is quicker as enabled multiple job build (-j4) on most things [16m on Corei5].
- Other minor things I cant remember.
Previous DGND3700 V1 / N600 firmware versions
I am afraid this an an eclectic mix of info at the moment.
- You can only use start/stop when the service is enabled only.
This will let you 'do something' on a time schedule. Cron Info
Turn wireless on/off
- 2Ghz = 'wla_' = wl0
- 5Ghz = 'wlg_' = wl1
Turn OFF both 2 & 5Ghz daily at 23:15, crontab entry is
15 23 * * * param set wla_wlanstate=Disable;param set wlg_wlanstate=Disable;pkill -SIGUSR1 wlanconfigd
Turn ON both 2 & 5Ghz daily at 06:15, crontab entry is
15 6 * * * param set wla_wlanstate=Enable;param set wlg_wlanstate=Enable;pkill -SIGUSR1 wlanconfigd
If for example you already have 5Ghz disabled, omit the wlg_ part from both entries (semi colon separates commands)
l:admin p:<same as routers web page>
- When the ADSL/ppp comes up, dropbear's connection will drop, you will probably only notice this if you connect while its still in final stages of booting up
Can enable or disable firewall to allow WAN access (setting: 'SSH/SFTP WAN Access')
Very strongly suggest you set a complex password if you are enabling external SSH access! Bear in mind you can tunnel almost anything through SSH to any machine on your LAN
DHCP, DNS, PXE boot (wired), Ad-blocking are all provided by DNSmasq.
A third DNS server can be set via Network Settings page, which appends to ISP assigned ones.'All Servers' feature is enabled so it will pick the result from the fastest server to respond. This is useful if your ISP's servers are not always reliable.
- The list must be in dnsmasq format
- The list specified will get processed to change 127.0.0.1 to 0.0.0.0
- The process: WAN connection comes up > latest list downloaded > DNSmasq restarted. Any domain in the list will then redirect to IP 0.0.0.0, effectively blocking it.)
- Most of the time the blocking goes unnoticed, I find when I am at work with no blocking I DO notice lots more ads everywhere.
The only known issues are ;
- In a tiny minority of web sites, the ad display area is hard-sized and you may get a grey box saying it can't be found (eBay for example).
- If you follow a web link that hops through an advert site (AdFly) or redirects (a google 'Ad') then it won't work. Very unlikely to happen on 'normal' web sites!
The web UI only lets you map incoming connections on the WAN to the same internal port.
If you want to map to different ports you need to do it with a uPnP client (using UPnP-IGD protocol).
In a Linux based OS such as Ubuntu, 'uPnP Router Control' will do it.
Modifying firmware behaviour on the fly
These are for the mode advanced user.
rcS (startup), wan-pre.sh and wan-up.sh have several hooks in them, these basically evaluate a nvram parameter, i.e. execute the contents.
e.g. Manipulating QoS, this will get executed at the end up wan-up, when the WAN connection comes up (via PPP in this case).
For a 512 kbit upload sync connection on pppoa, this will help stop upload slowdown. Thanks to Ali1234 for the tip. See Section 188.8.131.52 here, tc docs
param set wanup_hook_2="tc qdisc replace dev pppoa0 root tbf rate 500kbit latency 50ms burst 1540" param save
(requester: G. Ashman)
Dnsmasq has a config file hook at the end of the config file.
Adding anything into this nvram parameter 'dnsmasq_custom_options' will append to the end of the configuration. Any duplicate directives should get replaced.
(requested whskerp & WizP)
Enable 'OpenVPN server' in 'Network Services', then start it, or reboot. When the service starts for the first time it will set a randomly generated unique static key and some defaults.
Get contents of /tmp/static.key (web interface 'Network Settings > 'OpenVPN Static Key', Show) and save it locally on your machine.
To connect to the VPN:
Ubuntu get the network manager plugin, "sudo apt-get install network-manager-openvpn", go to Network manager > VPN Connections > Configure VPN, Add > VPN > OpenVPN (note it wont be there until you install plugin first).
OpenVPN client config
These are the DEFAULTS you would set on the CLIENT, see below on changing them.
Gateway: <You Routers external IP>
Static key: (browse to wherever you saved it)
Key Direction : none
Remote IP Address: 10.8.0.1
Local IP Address: 10.8.0.2
Leave everything else default....
- remember 10.8.0.1 is the P-to-P address of the router, so when configuring the SERVER it will be the local IP
NVRAM values used
static key = 'openvpn_key', port ='openvpn_port', rest of config in 'openvpn_value'.
Changing openVPN settings
Just set the appropriate nvram parameter with the new value, so to change to TCP, do the below, then 'param save', then 'pkill -HUP openvpn' to restart.
param set openvpn_value="--proto tcp --dev tun --secret /tmp/static.key --ifconfig 10.8.0.1 10.8.0.2 --keepalive 10 120 --ping-timer-rem"
(Then you need to set TCP in the VPN config on the client, and you can connect.)
If you want to change to the more complicated key setups available, suggest storing them in /tmp/mnt/storage or your attached USB device. (You could put them in nvram easily enough but you would need to code something to convert them to files for openVPN to use)
- Note, this router does not use/support iptables
Allows opening a terminal without needing any login credentials (therefore there is obviously no WAN access)
To use transmission you need (very) preferably an EXT3 formatted drive*, with a folder in the root created called 'transmissionbt'.
Starting the service without this will have no effect. [This ensures the router wont write default configurations and files to everything plugged in unintentionally when automounting.]
Security options can be changed from the Netgear web interface, all other options can be changed via Transmission's own webGUI - but you need to stop transmission from Netgear web interface to make it save settings (it saves on program exit only, cannot force a save via its own web interface sadly.)
- The performance of NTFS is terrible due to high CPU usage, please don't use NTFS formatted drives if at all possible.
Strongly suggest setting any external access IP's in the RPC whitelist and setting an RPC password
Monitors RSS feeds then filters and drop/start torrents automagically.
It requires one or more RSS feeds and one or more filters (that apply to all feeds). Optionally a target folder can be specified for each filter.
Filtering requires some basic understanding regular expression matching, PCRE syntax for detailed filtering.
e.g. Sample RSS Feed URL
e.g. Sample Filter (basic), Episodes 01 to 09 of season 01
- Note all the filters apply to all the feeds, (Automatic does have the ability to tie them together however this would make the web interface too complicated, imho.)
The router supports PPPoA , IPoA, PPPoE, IPoEoATM (1483 Bridged) [MER] & VLAN ID
Can fine tune most DSL line mode settings on Advanced interface.
Some common VDSL/Fiber (FTTC) ISP settings (reported to me as working) :
UK, EE Fibre : VPI:0, VCI: 38, PPPoE VC-Based, Transfer Mode: PTM, WAN VLAN ID: 101, Login: xxxx.orangehome.co.uk@fs , Password: as provided. [from whskerp]
UK, BT Infinity : VPI:0, VCI: 38, PPPoE VC-Based, Transfer Mode: PTM, WAN VLAN ID: 101, Login email@example.com , Password [blank]. [from mosi4]
UK, TalkTalk Fiber : same as above? please let me know if anyone has this working.
UK, Sky Fibre - set DHCP extra option 61 (-x 0x3d:), please let me know if anyone has this working.
POLAND, Orange Neostrada Fiber : VPI:0, VCI: 35, PPPoE LLC, Transfer Mode: PTM, WAN VLAN ID: 35, login & password from ISP. [from Hagnar]
ITALY, Fastweb Fibra : VPI: 8, VCI: 36, No logon, LLC-BASED, Transfer Mode: PTM, No logon [from pdneri]
GREECE, Ote and HOL : PPPoE, LLC, PTM, VPI:0, VCI:35, VLAN ID:835, Bitswap: enabled, SRA: enabled, login & password from ISP
- Remember to change 'Transfer Mode' to PTM if using VDSL.
Please look at the man page before fiddling with the advanced options!
Ethernet WAN port to LAN
This sets the ethernet WAN port (actually eth0) to be part of the WiFi/LAN bridge device (br0), thus becoming a 5th ethernet port on the LAN.
- Note, you may also need to change 'WAN Setup' > 'WAN Preference', 'Must use DSL WAN', depending on what your connection type is.
- Note, this port will not be able to 'see' the other ethernet ports and vice versa. It will see wifi network and internet (WAN) fine. (I believe the is due to a port VLAN setting in the switch, if anyone figures out how to change it please let me know!)
SSH / SFTP / Dropbear
(SSH) Secure shell and SFTP access, both encrypted. (DSS is disabled)
SFTP gives you FTP like access securely via an SSH connection.
Access web GUI securely from WAN via SSH tunnel
- Router LAN IP : 192.168.0.1
- Router WAN IP or no-ip name : joeblow.no-ip.com
- Arbitary / unused random port on your local machine : 18000
ssh -L 18000:192.168.0.1:80 firstname.lastname@example.org
This will open a terminal session and make the routers web GUI accessible locally http://127.0.0.1:18000
RDP to a machine on your LAN externally via SSH tunnel
- (RDP) PC LAN 184.108.40.206
- Router WAN IP or no-ip name : joeblow.no-ip.com
- Arbitary / unused random port on your local machine : 18000
The router has built in PXE boot using Dnsmasq's built in TFTP server to push out ldlinux.0 (Syslinux 6.x). This then boots the menu (default) from the built web server via HTTP with Memtest86 and Memtest86+.
If you create a folder on the root of your USB drive called 'pxe', it will PXE boot from here instead. It checks for the presence of the folder and the boot config file 'default'. i.e. pxe/default. You then have complete control over what it boots. The easiest way to get this working is copy the contents of /usr/pxe from the router to pxe/ on your USB drive (probably via SFTP (Filezilla).
- Note if you have logged into the web interface on another machine and its not logged/timed out, PXE boot will fail. (ldlinux.c32 not found)
Building your own version
You need to visit DGND3700 V1 Transmission Firmware Build for details of how to make/compile it yourself. Included here is a bundle of all (my) build parts, links to external source files for new/replacement programs, the working(fixed) toolchain and link to the original N600 / DGND3700 Netgear GPL source. If you can get all the files, all you need to do is literally run 'go.sh' to rebuild it all.
Commentsblog comments powered by Disqus