Orbi 5G (NBR750, NBK752) How-To / Megathread

[hazarjast]

Introduction
Most likely you've purchased or are considering purchasing an Netgear NBR750/NBK752 (the latter being the bundle SKU with an additional satellite included), a.k.a. "Orbi 5G", as your primary or secondary source of Internet connectivity and found your way here through an Amazon review or the 5G LTE Hacks Facebook group. Welcome! Here you will find what you are looking for in terms of working with the unit and getting it to run with your provider and plan of choice. This thread will cover:

• How to flash stable, OEM Netgear firmware
• Unbricking After a Bad Firmware Flash
• General 'Mobile Broadband' WAN Notes
• How to get Command Line Access
• Using SSH Instead of Telnet
• How to disable bloatware (Armor/Circle/ReadyCLOUD) and Auto Updates
• How to set DNS and TTL (to keep data use "on-device")
• How to execute AT commands for "magic" etc.
• How to band or cell lock your modem
• How to receive SMS
• How to split wifi SSIDs (separate 2.4Ghz and 5Ghz SSIDs)
• How to setup DNSCrypt/stubby/OpenVPN/WireGuard or Something Else
• Using the NBR750 as WAN on another router (DMZ mode and disabling wifi radios)

DISCLAIMER
This guide is provided as a reference only without any warranty expressed or implied. If you brick your device, the author is not responsible. You understand that by flashing your device with any firmware which was not provided with your specific unit out of the box, you may have voided any warranty or support which you would normally be entitled to from Netgear during their advertised warranty period. Bear in mind that if you are using an RBS750 satellite, Netgear recommends that you flash any firmware updates there first prior to flashing them on the router (to ensure best compatbility). Proceed at your own risk!


What is the Stable Release OEM Firmware and How Do I Get It?
OEM stands for "Original Equipment Manufacturer", in this case Netgear. While 5G Orbis purchased directly from Netgear or Amazon today likely already have the stable release OEM firmware, it has been found that many of the earlier models that shipped to cellular carriers in Canada or elsewhere have custom firmware based on a early beta release from Netgear.

While these may run well enough, they are missing some goodies like native TTL adjustment in the GUI and possibly security/bug fixes that Netgear added to the first stable release of official OEM firmware which is version 4.6.5.11. All of my discovery and work on this unit so far has been on this release of firmware thus that will be the one recommended to flash to your unit for the purposes of this tutorial. If that should change I will update the OP here. The 4.6.5.11 stable release can be obtained directly from Netgear here and I have found no ill effects from flashing units which previously had Canadian carrier-specific or other beta releases already present:
https://www.downloads.netgear.com/files ... 1.5.64.zip

(Older, initial version can be found here for posterity but is *NOT* recommended since it is missing important security patches: https://www.downloads.netgear.com/files ... 6.5.11.zip)

To flash the Netgear OEM firmware above, simply extract the .chk file from the .zip, then login to the web GUI (usually by browsing to 'http://192.168.1.1') and go to 'Advanced > Administration > Firmware Update > Manual Update > Update > Browse' to select the extracted .chk file; click Upload and confirm the update allowing time for the upload/flash/reboot to complete. After the unit comes back online, you need to reset it to factory defaults ('Advanced > Administration > Backup Settings > Erase'). Be aware that you will have to go through the initial setup in the web browser again when performing this step. You can now proceed with the rest of this guide.

Unbricking After a Bad Firmware Flash
If you have accidentally bricked your device during firmware flash and it will no longer boot up completely, please refer to the following Netear KBA for recovery instructions. When performing a recovery flash it is recommended to flash back to Netgear stock v4.6.5.11:
https://kb.netgear.com/000059634/How-do ... =000059634

The Netgear KBA requires TFTP. If you don't have TFTP installed on your PC, refer to the following:
https://teckangaroo.com/enable-tftp-windows-10/

NOTE
Be aware there is modem firmware separate from the NBR750 router firmware. The modem inside is a Quectel RM502Q-AE and, as of this writing the current LTE firmware for the NBR750 modem is version the R11A04 revision which seems to work fine. I have not tested either the later R11 revisions or R13 firmware from Quectel directly at this time. If you decide to test this be aware it may cause issues as the RM502Q-AE in the NBR750 is in PCIe mode which uses the new Modem Host Interface (MHI) instead of the USB 3.0 bus to pass data. This is fairly unique to this unit as most RM502Q-AE setups using m.2/NGFF connections which do not have PCIe bus access (nor does any mainline OpenWRT kernel mod package exist for MHI yet). This may be confusing information but suffice it to say the mode of operation for the modem in the NBR750 is unique so flashing it with the latest Quectel firmware has the potential to cause issues since nearly all other routers using this model of modem have only be tested using the USB bus to pass data.

General 'Mobile Broadband' WAN Notes
If you will be using the router's modem as your main source of Internet connection (WAN) then under 'Advanced > Setup > Internet Setup > Mobile Broadband Settings' you will need to make sure you choose the dropdown option for 'Always use Mobile Broadband'. Also, in many cases you will need to set your appropriate APN information here as well and for PDP setting most carriers now require at least 'IPV4V6' or 'IPV6'. If you are using a voice/phone line SIM in the device from a carrier such as T-Mobile then you will likely notice that no connected devices have no Internet connectivity if your PDP is set to 'IPV4' only. This is because most cellular carriers and ISPs use IPV6 across their entire network stack and rely on the cellular modem or connected router on the client side to perform IPV4 to IPV6 translation.

How to Get Command Line Access - UPDATED METHOD
Install Python 3.8+ and download the 'telnet-enable2.py' script from here:
https://github.com/bkerler/netgear_telnet

From the PC with the Python script installed, open a command prompt in the directory where the script has been downloaded and issue the following command:

Code: Select all

telnet-enable2.py 192.168.1.1 [XX:XX:XX:XX:XX:XX] admin [password]

Where '[XX:XX:XX:XX:XX:XX]' is the MAC address printed on the bottom of your NBR750 unit (with colon separators between each pair of alphanumeric characters), and '[password]' is the password you set for the 'admin' user during the initial setup of the router. Once the script completes you can then login to the router via Telnet (port 23/tcp) using Windows telent client or another favorite Telnet client such as Putty. The username will be 'admin' and the password would be the same as the one you used in the command above (which was set by you in the initial router setup).

How to Get Command Line Access - OLD METHOD
This method has only been tested with the initial OEM firmware release from netgear (NBR750-V4.6.5.11.zip) and has not been tested with newer firmware. Do *NOT* perform the following steps to restore the configuration backup file if you've already used the 'UPDATED METHOD' in the previous section. The configuration file link and instructions are being left here only for posterity for those who may have some issue with a future Netgear firmware.
Once the aforementioned OEM firmware is installed cleanly and you've performed the required factory reset, you will then need to load a configuration backup to enable Telnet command line access on the device which will allow us to perform subsequent tweaks/mods of our choosing such as issuing AT commands to the Quectel modem inside etc. The configuration backup file can be downloaded below and can be uploaded to your unit in the web interface under 'Advanced > Administration > Backup Settings > Browse > Restore'. It may take a number of minutes for the restore to complete then the router will restart.
https://mega.nz/file/yEETmKoA#6SmlM6QrT ... vtcbR_8guk

Once the configuration backup is restored your Wi-Fi SSID will have been changed to "Orbi62" and the password for both it and the "admin" web interface account will be "Geardog123!" (no quotes). You may also need to update your cellular carrier settings for APN, PDP, etc. in case they were overwritten as well. At this point you should be able to login to the router via Telnet (port 23/tcp) using Windows telnet client (if you have it installed from 'Add/Remove Windows Features') or another Telnet client such as Putty. The username will be "admin" and password is the same "Geardog123!" you use for the account in the web interface already. You are free to change the web interface "admin" password, SSID password, or telnet "admin" password to anything you like at this point.

Using SSH Instead of Telnet
Telnet is pretty rudimentary and not very robust; it also does not allow easy transfer of files to/from the unit so I prefer to configure SSH instead. From a Telnet session you can execute the following which will enable SSH (dropbear daemon):

Code: Select all

cp /etc/shells /etc/shells.bak
rm /etc/dropbear/dropbear_rsa_host_key
printf "/bin/ash\n/bin/sh\n" > /etc/shells
dropbear -R

Now SSH (port 22/tcp) from the Windows 10 command prompt or Putty to 'root@192.168.1.1' and enter "admin" password to login. Then enter the following commands from the SSH prompt to enable SSH to persist after the device is restarted:

Code: Select all

cp /etc/rc.local /etc/rc.local.bak
printf "dropbear -R\nexit 0\n" > /etc/rc.local

At this point it would be a good idea to set a password for 'root' as it's not set by default. To do so enter the following command and hit return:

Code: Select all

passwd

It will prompt you to enter a password and then prompt a second time to confirm it. I usually recommend setting the 'root' password to the same thing you are using for 'admin' (ex. "Geardog123!" in the case of 'admin' from our config backup), but you can set it to whatever you want. The more complex password the better it is. Or you can get fancy and setup SSH keys which is even more secure but I am not going to cover that in this guide

If you wish to disable Telnet on the device at this point you can enter the following commands (will need a restart of the device to take effect):

Code: Select all

fnvram set telnet_enable=0
fnvram commit

How to disable bloatware (Armor/Circle/ReadyCLOUD/AWS IoT) and Auto Updates
By default we still have Netgear bloatware like Armor, ReadyCLOUD, and AWS IoT. Fortunately, Circle does not seem to be a thing this time around but the firmware still has traces of it so that can likely be disabled as well. We can disable all these resource hogging features (assuming you don't use them) via the following commands:

Code: Select all

fnvram set noarmor=1
fnvram set nocircle=1
fnvram set nocloud=1
fnvram set noaws=1
fnvram commit
reboot

Note that AWS IoT is required for using the Netgear mobile app with the device so disabling that would require you to use the web interface only.

To disable automatic firmware updates from Netgear, we can execute the following commands:

Code: Select all

cp /etc/hosts /etc/hosts.bak
echo "127.0.0.1 localhost http.fw.updates1.netgear.com devcom.up.netgear.com" > /etc/hosts

How to set DNS and TTL (to keep data use "on-device")
DISCLAIMER
TTL modification may violate your carrier's ToS. The author of this guide is not responsible if your carrier terminates your service due to TTL modification.

To use your own DNS servers you simply need to set them under 'Advanced > Setup > Internet Setup > Mobile Broadband Settings > Domain Name Server (DNS) Address' and enter the IPs for primary and secondary DNS of your choosing there (Ex. 8.8.8.8/8.8.4.4 for Google or 1.1.1.1/1.0.0.1 for CloudFlare). To change the TTL this time around Netgear has made it easy for us. In the web interface simply to to 'Advanced > Setup > Internet Setup > Mobile Broadband Settings > TTL' and enter your desired TTL for the modem interface ('64' for most carriers will work, I use '65' for T-Mobile, Visible users may need '66' etc. Basically just trying to make it ~64 once it reaches the carrier network). Click 'Apply' to save your DNS and TTL changes. Saving will take a minute or two but this value should persist across reboots.

Sending AT Commands to the Modem
Once logged into SSH (or Telnet if you chose to keep that enabled) you can echo your desired AT commands and pipe to the inbuilt 'microcom' function of BusyBox like so:

Code: Select all

echo -ne "AT+EGMR=1,7,\"010101010101010\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

(If you want to perform "magic" on your modem the above example is exactly what you would execute; just swap the digits with a valid IMEI. This particular command should be issued only without a SIM inserted.)

DISCLAIMER
"Magic" (aka IMEI repair) may violate your carrier's ToS or country's regulatory laws. The author of this guide is not responsible if your carrier terminates your service and/or if you suffer any legal repercussions which may result from the modification of your device's factory-issued IMEI.

There is a specific syntax for echoing commands to microcom:

• The complete command should be enclosed in double quotes.
• The command must be appended with \r\n to allow it to execute.
• Commands which include double quotes must have each double quote commented out using a backslash (\).

If you want to send commands interactively to the modem you can do so by opening a connection with microcom directly to the secondary AT port:

Code: Select all

microcom /dev/ttyUSB2

You can exit the prompt by pressing 'Ctrl+X'. Be aware that the system may be using the same tty to talk to the modem already so your input may be interrupted by other commands already being sent to the modem. This is why echo piped to microcom is the preferred way of issuing commands at this time.

Not all AT commands are published but all the ones that are can be found the source modem documentation for the RM502Q-AE (the Quectel modem inside the NBR750): https://www.quectel.com/wp-content/uplo ... l_V1.2.pdf


Band Locking
First, ask yourself why you need to band lock. In most cases you don't need to do this and will really just kneecap yourself from higher speeds. This is because when you band lock you must create a collection of bands to lock and any bands not included will not be used at all. So, if you create a collection (band index) of only one or two bands you will lose carrier aggregation (CA) abilities on any bands not included (assuming the tower allows CA on such bands).

If you still believe band locking is what you want to do you can use the AT command guide linked above to study the proper syntax for doing so. If someone wants to point me to a thread which already has the guide for doing this on the RM502Q-AE then I will be happy to come back and add it to this section. Be aware the commands for this modem are much different than those used in the modem for the LBR20 or other earlier Quectel modems; do not try to use those with this modem.


Cell Locking
As an alternative to band locking, you can lock to a specific cell which, IMHO, is a much more straightforward approach than band locking and will allow you to retain CA abilities without having to guess at the bands. For LTE/DSS at least, cell locking requires physical cell ID (PCI) and E-UTRA Absolute Radio Frequency Channel Number (EARFCN) as input values. There is nuance to LTE cell locking with 5G NSA and the commands will be different for NR compared to LTE. Much of this is covered in the aforementioned AT command guide and I will flesh out further instruction here if someone would like to point me in the direction of pre-written instructions else I will flesh this out as time and interest permit.

How To Receive SMS
Netgear has included an option on the left-hand side of the 'Advanced' page of the web interface which allows you to read SMS messages. This is straightforward. No option to send SMS is included, however.

How to split wifi SSIDs (separate 2.4Ghz and 5Ghz SSIDs)
In theory this can be done in the same way as other Orbi units but be warned I have not tested this specifically on the NBR750. If someone tests this please let me know for confirmation that it does indeed still work...
Refer to the following and read it entirely all the way until the end of the page:
https://digiex.net/threads/step-by-step ... ter.15648/

To simplify the main CLI commands:

Code: Select all

config set wifison-monitor_stop=1
config set wl_ssid="YOUR SSID 2.4Ghz NAME"
config set wla_ssid="YOUR SSID 5Ghz NAME"
config commit

The commands below check the values have been set as required and apply a reboot when ready:

Code: Select all

config get wifison-monitor_stop
config get wl_ssid
config get wla_ssid
reboot

Using the NBR750 as WAN on another router (DMZ mode and disabling wifi radios)
If you only intend to use the NBR750 for the modem and wish to use it as WAN on another router you should disable routing functions like the LAN DHCP server, change the NBR750 IP to use an address that does not conflict with the address range your other router is already using, and utilize the DMZ functionality.

To disable the DHCP server in the web gui go to "Advanced > Setup > LAN Setup" and un-check the option for "Use Router as DHCP Server". Click Apply.

To change the IP address of the NBR750 so that it does not conflict with the IP range of your other router, in the web gui go to "Advanced > Setup > LAN Setup" and change the IP address from the default (usually '192.168.1.1') to another range such as '192.168.115.1'. Click Apply.

To set the DMZ address (the static address which will be set for the WAN on your other router) in the web gui go to 'Advanced > Setup > WAN Setup' and select the "Default DMZ Server" option then enter the desired IP address (ex. 192.168.115.2). Click Apply.

NOTE
Once you disabled DHCP and change the IP address of the NBR750 you will no longer be able to connect to it automatically from your PC. In order to connect to it directly you would need to set your PC's IP address manually (statically) to an address within the new IP range of the router. Example: If the NBR750's IP address is set to '192.168.115.1' you would set your PC's IP address to something like '192.168.115.5' in order to access the NBR750 web gui or SSH to it directly. If you are unfamiliar with how to statically assign your PC's IP address you can refer to a guide like the one below:
https://pureinfotech.com/set-static-ip- ... indows-10/

Once your NBR750 has been set to use an IP outside of the range of your other router, has had DHCP disabled, and the DMZ IP configured, you can go to your other router's WAN configuration page and select the 'Static' address option and enter the DMZ IP you designated in the DMZ page of the NBR750. If need to access the NBR750 web gui from a PC connected to the LAN of the other router, you would use the DMZ IP you configured for it (ex. 'http://192.168.115.2'). Some routers' firewall may block access between the LAN and WAN by default so be aware you may need to create a firewall rule to allow LAN clients on the other router to access the WAN IP address of your NBR750.

If you wish to disable wifi completely on the NBR750 when using it with another router you can simply issue 'wifi down' interactively at the SSH prompt. Conversely, if you wanted to create a script that disables wifi after every reboot, you could do so by creating a script file such as '/opt/scripts/wifi_down.sh' with the following content (first 'mkdir /opt/scripts' to create the file under):

Code: Select all

#!/bin/sh

sleep 120
wifi down >/dev/null 2>/dev/null

The above waits for 2 minutes to make sure all services on the NBR750 have loaded after reboot then issues 'wifi down' in background (redirecting output to 'null' so it doesn't echo to the console for any logged in root user who may have connected via SSH) which deactivates the wifi radios. Once the script is created do not forget to make it executable (chmod +x /opt/scripts/wifi_down.sh) and make it execute at startup by adding a call to it in '/etc/rc.local'.

NOTE
@gilbreen has pointed out that, while 'wifi down' in the CLI does indeed take down the wifi radios, the web interface still shows that wifi is enabled which is different than other units like the LBR20 which show wifi as disabled in the web interface. Just something to be aware of. Also, you'll need to ensure the wifi monitor has been deactivated as well:

Code: Select all

fnvram set wifison-monitor_stop=1
fnvram commit
reboot

[gilbreen]

hazerjast,

Thanks again for another great tutorial. I received and set up an NBR750 last night and it is working great. The last step I want to do is to turn off wifi at each startup. I am familiar with the process as it is close to what was done on the LBR20. On the Voxel firmware, I used nano as my editor of choice to modify the wifi script and rc.local. The NBR750 firmware doesn't have nano installed so I tried using vi. However, when I launch vi, it doesn't seem to interact like normal. I was able to create the wifi script but when I issue the command:

Code: Select all

vi /opt/scripts/wifi_down.sh

The terminal screen shows what appears to be the editor, but when I finish adding the needed lines, it doesn't seem to be accepting the standard :wq command to close and save the file. It just adds the :wq to the window.

I am sure it is user error, but not sure how to modify the scripts.

EDIT

I realized today that I could connect to the router using WinSCP to connect via SCP and use the Edit function (right-click on the wifi_down.sh file) and make the edits there and then save the file. To be safe, I reissued the command to set the permissions on the file via SSH after the edits were finished.

One thing I noticed is the web interface of the router does not show that the wifi is down like it does on the LBR20. However, it is definitely not broadcasting its wifi signal.

[hazarjast]

hazerjast,

Thanks again for another great tutorial. I received and set up an NBR750 last night and it is working great. The last step I want to do is to turn off wifi at each startup. I am familiar with the process as it is close to what was done on the LBR20. On the Voxel firmware, I used nano as my editor of choice to modify the wifi script and rc.local. The NBR750 firmware doesn't have nano installed so I tried using vi. However, when I launch vi, it doesn't seem to interact like normal. I was able to create the wifi script but when I issue the command:

Code: Select all

vi /opt/scripts/wifi_down.sh

The terminal screen shows what appears to be the editor, but when I finish adding the needed lines, it doesn't seem to be accepting the standard :wq command to close and save the file. It just adds the :wq to the window.

I am sure it is user error, but not sure how to modify the scripts.

EDIT

I realized today that I could connect to the router using WinSCP to connect via SCP and use the Edit function (right-click on the wifi_down.sh file) and make the edits there and then save the file. To be safe, I reissued the command to set the permissions on the file via SSH after the edits were finished.

One thing I noticed is the web interface of the router does not show that the wifi is down like it does on the LBR20. However, it is definitely not broadcasting its wifi signal.

No problem! Not sure about your vi issue as I could not recreate this on my unit (vi seemed to work as normal). Don't forget that one must exit 'insert mode' by pressing 'Esc' prior to entering ':wq' to save your changes. WinSCP workaround to transfer the script files works as well just be aware sometimes windows text editors like to add windows format carriage returns for new lines so sometimes this creates an issue (but agnostic text editors like Notepad++ should not do this at least).

Thanks for sharing that web interface does not show wifi is down when using 'wifi down' from the CLI. This is good info as I had not tested this myself.

[gilbreen]

Turns out it was user error regarding vi. It is working as expected. I have more experience with nano so my lack of experience with vi was the issue. I I am really happy with the speeds. With the LBR20, I was getting approximate speeds of 50 down/10 up. Here are the speed results with the NBR750:

https://imgur.com/a/bpvrElS

[gilbreen]

I have added a startup script to shut down the wifi on the device. However, in doing some additional testing, it appears that approximately 24 hours after a reboot, the wifi is turned back on. There must be a service that checks the wifi status and if it is down, it restarts the wifi. I don't know enough where to start looking but will keep testing. If anyone has any recommendations on where to start, I am glad to try them.

[hazarjast]

I have added a startup script to shut down the wifi on the device. However, in doing some additional testing, it appears that approximately 24 hours after a reboot, the wifi is turned back on. There must be a service that checks the wifi status and if it is down, it restarts the wifi. I don't know enough where to start looking but will keep testing. If anyone has any recommendations on where to start, I am glad to try them.

Have you made sure the Wi-Fi monitor is off?

Code: Select all

config set wifison-monitor_stop=1
config commit

[gilbreen]

I hadn't run those commands yet as I thought they were just for splitting the SSIDs. However, when I try to run the first command, the result is:

Code: Select all

root@NBR750:~# config set wifison-monitor_stop=1
-sh: config: not found

Before I issued the command, I commented out the lines in the wifi_down.sh script and rebooted the router to make sure the script wouldn't interfere.

[hazarjast]

I hadn't run those commands yet as I thought they were just for splitting the SSIDs. However, when I try to run the first command, the result is:

Code: Select all

root@NBR750:~# config set wifison-monitor_stop=1
-sh: config: not found

Before I issued the command, I commented out the lines in the wifi_down.sh script and rebooted the router to make sure the script wouldn't interfere.

Maybe try:

Code: Select all

fnvram set wifison-monitor_stop=1
fnvram commit

And reboot before executing the Wi-Fi down script.

[gilbreen]

Those commands took without error. I then uncommented the script, saved it and rebooted the router. However, upon reboot the wifi is still being broadcast.

If I manually issue the "wifi down" command via SSH, I get the following output but it does stop broadcasting the wifi signal:

Code: Select all

root@NBR750:~# wifi down
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
killall: iface-mgr: no process killed
Command failed: Not found
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
Command failed: Not found
Command failed: Not found
killall: iface-mgr: no process killed
killall: qldtool: no process killed
error_handler received : -1
Failed to send message to driver Error:-1
OK
OK
OK
FAIL
error_handler received : -1
Failed to send message to driver Error:-1
OK
OK
FAIL
device: wifi1 vifs: FhAp2 BhAp2 Guest2 SM0
device: wifi0 vifs: FhAp5 Guest5 SM1
device: wifi2 vifs: BhAp5
ath0      no private ioctls.

I am not sure why it takes the wifi down when issued manually versus the script.

In doing additional testing yesterday, I tried some of the following commands that were in the Orbi LBR20 thread in different combinations. These were the commands:

Code: Select all

/etc/init.d/wifison stop
/etc/init.d/wsplcd stop
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')

If I added the last two commands to the wifi_down.sh script so that the script was this:

Code: Select all

sleep 120
wifi down
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')

then the wifi signal would also stop from being broadcast, but the ring LED on the router would pulse white which according to the manual indicates that the router was booting or someone pressed the sync button, neither of which are the case.

[hazarjast]

Those commands took without error. I then uncommented the script, saved it and rebooted the router. However, upon reboot the wifi is still being broadcast.

If I manually issue the "wifi down" command via SSH, I get the following output but it does stop broadcasting the wifi signal:

Code: Select all

root@NBR750:~# wifi down
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
killall: iface-mgr: no process killed
Command failed: Not found
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
File not preset 
Failed to get common data
Command failed: Not found
Command failed: Not found
killall: iface-mgr: no process killed
killall: qldtool: no process killed
error_handler received : -1
Failed to send message to driver Error:-1
OK
OK
OK
FAIL
error_handler received : -1
Failed to send message to driver Error:-1
OK
OK
FAIL
device: wifi1 vifs: FhAp2 BhAp2 Guest2 SM0
device: wifi0 vifs: FhAp5 Guest5 SM1
device: wifi2 vifs: BhAp5
ath0      no private ioctls.

I am not sure why it takes the wifi down when issued manually versus the script.

In doing additional testing yesterday, I tried some of the following commands that were in the Orbi LBR20 thread in different combinations. These were the commands:

Code: Select all

/etc/init.d/wifison stop
/etc/init.d/wsplcd stop
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')

If I added the last two commands to the wifi_down.sh script so that the script was this:

Code: Select all

sleep 120
wifi down
kill $(ps | grep '[w]pa_supplicant' | awk '{print $1}')
kill $(ps | grep '[h]ostapd' | awk '{print $1}')

then the wifi signal would also stop from being broadcast, but the ring LED on the router would pulse white which according to the manual indicates that the router was booting or someone pressed the sync button, neither of which are the case.

Even in the LBR20 thread I don’t recommend executing the kill commands you’re using. This was from experiments I never had time to finish. Wifi down is what you want once the Wi-Fi watcher is disabled (which you’ve done successfully now). You can ignore the error messages. You will want to focus troubleshooting efforts on why your .sh script that calls wifi down 2 minutes after boot does not appear to be working.

[gilbreen]

I tried extending the sleep from 2 minutes, to 6 minutes and then to 10 minutes. In each case, the wifi stays up unless I log in and issue the wifi down command via SSH. Is it possible to issue two wifi down commands in the same script? Something like this?

Code: Select all

#!/bin/sh

sleep 120
wifi down >/dev/null 2>/dev/null
sleep 600
wifi down >/dev/null 2>/dev/null

[hazarjast]

I tried extending the sleep from 2 minutes, to 6 minutes and then to 10 minutes. In each case, the wifi stays up unless I log in and issue the wifi down command via SSH. Is it possible to issue two wifi down commands in the same script? Something like this?

Code: Select all

#!/bin/sh

sleep 120
wifi down >/dev/null 2>/dev/null
sleep 600
wifi down >/dev/null 2>/dev/null

It does not make sense why you would want to issue the command twice when it fails to work even once in the script. I would focus troubleshooting on why it works interactively but not when executed from the script. Perhaps the script is not even running at all? I would check things like script location, the call to it under rc.local (check for typos etc.), make sure permissions are correct (‘chmod +x [/path/to/script/file]’), maybe trying using the full path to the ‘wifi’ executable (ex. ‘/use/bin/Wi-Fi’ or ‘/usr/sbin/Wi-Fi’), etc.

[tekwarren]

Thank for you for making this so easy! The only thing I ran into playing with this is that TTL does not seem to apply. I set "65" in the GUI but when I run ping tests it does not match up.

[hazarjast]

Thank for you for making this so easy! The only thing I ran into playing with this is that TTL does not seem to apply. I set "65" in the GUI but when I run ping tests it does not match up.

Ping isn’t a valid test for a mangle that happens in POSTROUTING. True test is to download a large file and check the hotspot data usage in your carrier customer portal or app.

[splitd]

Also wanted to say thank you for this excellent information! I just got myself a 5G Orbi on the secondhand market to play with, after great results with my LBR20, and so far so good on the NBR750.

Has anyone had any success locking cells with the NBR750 so far? I used to lock cells all the time with the LBR20 as I have a few towers around me can bounce around semi regularly. I've read that the syntax may be a bit different and have the RM502Q command manual, but don't see anything specific about QNWLOCK. Anyone else figure out how to cell lock and disable cell lock effectively yet?

[hazarjast]

LTE cell locking should be much the same. I’ve only looked at the NR cell locking briefly and not sure if you can do it under NSA, might only be SA. Some info I was able to find when chatting with Quectel can be found here: https://forums.quectel.com/t/rm502-ae-n ... ng/12731/8

Hope it is helpful!

[SomeTechGuy]

For the life of me, I can't get my 5G Verizon SIM working with NBR750. I've made the IMEI modification, and I'm using the same TTL that works fine in my LBR20 and MR5200. I've been able to get both of those devices working with a TTL/HL of 64. On the NBR750, it will join the network, then get kicked off a few seconds later. I'm able to ping once or twice, but then ping ends with "network unreachable" even though QCAINFO shows that I'm still connected.

Is there something else that Verizon may be checking on this device in particular? I find it strange that I'm able to make it work flawlessly with the MR5200 and the LBR20.

Also, it's worth noting that I've tried the following TTL/HLs and seen that they are working using iptables/ip6tables:
63,64,65,66,87,88,116,117

I get the same effect with each.

[tekwarren]

Two questions...

Anyone attempt to update the firmware on the RM502 in this device? I didn't know if you could just get the latest and flash it manual via the GUI or if it would mess up what we have going on here.

Also wondering if anyone knows if the port labeled WAN/LAN can actually be used as a normal LAN port? I haven't had much luck finding any settings for it other than the option to turn on aggregation between that port and the one next to it.

Thanks

[hazarjast]

For the life of me, I can't get my 5G Verizon SIM working with NBR750. I've made the IMEI modification, and I'm using the same TTL that works fine in my LBR20 and MR5200. I've been able to get both of those devices working with a TTL/HL of 64. On the NBR750, it will join the network, then get kicked off a few seconds later. I'm able to ping once or twice, but then ping ends with "network unreachable" even though QCAINFO shows that I'm still connected.

Is there something else that Verizon may be checking on this device in particular? I find it strange that I'm able to make it work flawlessly with the MR5200 and the LBR20.

Also, it's worth noting that I've tried the following TTL/HLs and seen that they are working using iptables/ip6tables:
63,64,65,66,87,88,116,117

I get the same effect with each.

Verizon is an odd duck especially with 5G. I've seen reports of this behavior even on the LBR20 with some plans. I would make sure you are at the very least using a PDP of IPV4V6 or IPV6 and not something like IPv4 only. Can't really say what the VZW issues are for certain, but you can always try changing your modem image to generic in case it's something in the Verizon image:

Code: Select all

echo -ne "AT+QMBNCFG=\"AutoSel\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QMBNCFG=\"Deactivate\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QMBNCFG=\"select\",\"ROW_Generic_3GPP_PTCRB_GCF\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2
reboot

Additionally, if they are checking serial numbers now you could try to ensure your "donated" IMEI is matched by our donor device's serial number. SIM should be removed first before executing this:

Code: Select all

echo -ne "AT+EGMR=1,5,\"[serial_number]\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

(where '[serial_number]' matches your donor device)

I would recommend noting down the current serial number prior to attempting any modification so you can revert if needed:

Code: Select all

echo -ne "AT+EGMR=0,5\r\n" | microcom -X -t 1000 /dev/ttyUSB2

***DISCLAIMER***
Modifications such as the above may not be considered lawful in your region of the world and at the very least are unsupported hacks outside of your carrier's ToS so anything that results if fully your responsibility. I will not be held liable for terminated carrier accounts, legal action against subscribers, or device damage if you brick your modem with any of the AT commands found in this thread.

That being said, I hope this helps you out. Please post back and let us know if either of those suggestions helped or not

[hazarjast]

Two questions...

Anyone attempt to update the firmware on the RM502 in this device? I didn't know if you could just get the latest and flash it manual via the GUI or if it would mess up what we have going on here.

Also wondering if anyone knows if the port labeled WAN/LAN can actually be used as a normal LAN port? I haven't had much luck finding any settings for it other than the option to turn on aggregation between that port and the one next to it.

Thanks

Yes, I've run it with the latest R11 and R13 firmware and it works but of course this is fully unsupported by Netgear as they have their own specific firmware fork/revisions for this modem released by Quectel to Netgear. These Netgear modem updates are not available for download outside of the device (not posted on their support site or anywhere else that I could see). It is worth noting that I flashed the Quectel OEM firmware releases by removing the modem and directly connecting it to a PC in order to flash with the native Quectel tools under Wnidows. I've not checked whether the modem firmware update feature in the web GUI will take such firmware or not (I would guess not since Netgear has their own fork of firmware from Netgear specific to this device).

If you do happen to flash your modem with non-Netgear supplied firmware, you should know that due to the version numbering, the Netgear supplied firmware will almost always be viewed as "newer" than the Quectel OEM firmware so, if you haven't blocked the router from communicating with the Netgear cloud servers, you will soon be notified in the web GUI that "new modem firmware is available!" which it will happily then download and flash if you let it. I say this to hopefully avoid the situation where you do all the work to flash OEM firmware only to have it overwritten again by Netgear's modem firmware

I'm glad you've brought up the Negear modem firmware because it gives me an opportunity to speak to one very strange nit I've found with the latest revision which I let it download and flash out of morbid curiosity. This nit is particularly interesting/relevant to T-Mobile users. It seems that on 'RM502QAEAAR11A04M4G_02.001.02.001' they have done two things which I would consider strange (at least on the Auto Selected TMO MBN, I didn't test an MBN change to see if the Generic MBN behaved any differently).

First, they have set the “nr5g_disable_mode” to 1 which disables 5G SA, and second they don’t include n41 in the NSA band mask. So essentially they’ve kneecapped speeds for any T-Mobile user who has decent 5G SA bands in their market and doesn’t override this at each startup themselves via AT command. This disablement of SA *appears* to be purposeful as a reboot will overwrite any value back to “1” ensuring it stays disabled since there’s no immediately accessible way for users to set this in the web gui (admittedly I haven’t checked the mobile app). It does make me wonder though if either this and/or the removal of n41 from the NSA mask was a mistake since the advertised specs clearly show n41 support.

My testing of Netgear's 'RM502QAEAAR11A04M4G_02.001.02.001' was done with a T-Mobile SIM provisioned with the $10 unlimited business tablet plan so not sure if the specific ICCID or plan provisioning impacts this behavior or not. Of course these limitations can be fixed easily enough by running the appropriate commands to enable SA and add n41 back to the NSA band mask but it's quite confusing and annoying why Netgear and/or T-Mobile has decided to do this. My best guess is that Netgear may have been tired of supporting customers in NR transition markets where SA and/or n41 may have been flaky so they went with stability (particularly of NSA and the further reaching n71) over speed.

Sorry to give a lot more info than you asked. Hope it was not confusing, just wanted to give some context on why folks may considering running the OEM firmware and what the current state of affairs was with Netgear's own custom modem firmware with the relevant impact to at least T-Mobile users.

For the LAN/WAN port I believe there should be an option for it on the WAN configuration section of the Advanced page with a checkbox that indicates it should be used for LAN. At least that's how they had it on the LBR20 but I've never had the need to use the LAN/WAN port at all on this unit. Even without the checkbox present, as long as your 'Mobile Broadband Settings' option is set to always use the the mobile connection then the LAN/WAN port should function as a LAN port (since no failover or balance would be enabled for a primary, hardwired WAN connection). If you have tested it and can't get it working as a LAN port please let us know.

[redsun82]

For the LAN/WAN port I believe there should be an option for it on the WAN configuration section of the Advanced page with a checkbox that indicates it should be used for LAN. At least that's how they had it on the LBR20 but I've never had the need to use the LAN/WAN port at all on this unit. Even without the checkbox present, as long as your 'Mobile Broadband Settings' option is set to always use the the mobile connection then the LAN/WAN port should function as a LAN port (since no failover or balance would be enabled for a primary, hardwired WAN connection). If you have tested it and can't get it working as a LAN port please let us know.

I for one tested it and could not get it to work. Like tekwarren wrote, I could not find any option in the mobile app or in the web GUI to actually make the WAN/LAN port a LAN one, and I do have the mobile broadcom setting set to LTE only, but the port won't work (contrary to the other two). Also, I could not find anything about it in the user manual. It's a bit weird as it seems this should be supported, as why would they label the port as WAN/LAN otherwise?

There should be commands on the root console that could rectify this though, right?

[hazarjast]

For the LAN/WAN port I believe there should be an option for it on the WAN configuration section of the Advanced page with a checkbox that indicates it should be used for LAN. At least that's how they had it on the LBR20 but I've never had the need to use the LAN/WAN port at all on this unit. Even without the checkbox present, as long as your 'Mobile Broadband Settings' option is set to always use the the mobile connection then the LAN/WAN port should function as a LAN port (since no failover or balance would be enabled for a primary, hardwired WAN connection). If you have tested it and can't get it working as a LAN port please let us know.

I for one tested it and could not get it to work. Like tekwarren wrote, I could not find any option in the mobile app or in the web GUI to actually make the WAN/LAN port a LAN one, and I do have the mobile broadcom setting set to LTE only, but the port won't work (contrary to the other two). Also, I could not find anything about it in the user manual. It's a bit weird as it seems this should be supported, as why would they label the port as WAN/LAN otherwise?

There should be commands on the root console that could rectify this though, right?

Ah, that is a pity. I have never really had a use case for it so I should not have made an assumption that it worked as one would expect. Apologies for that assumption.

Yes, you could probably troubleshoot this at the console examining the Ethernet and bridge interfaces to see how Netgear has constructed them. Unfortunately this effort would be very low on my long list of projects at the moment and I would wager it would take some hours of effort to sort out. Alternatively, you could check over in the Netgear forums to see if anyone has posted about the issue there: https://community.netgear.com/

[Sam023432]

Is there any benefit to upgrading the modem firmware ? And could you please leave the correct command for enabling sa and adding 41 ( I do realize it's not persistent ) and i have TMobile is the ipv4-6 slowing my speeds I seen a forum about using ipv6 pdp type only and using cloudfair DNS to fix ipv4 only issues it confused me I have no idea what would be the optimal settings for T-Mobile

[hazarjast]

Is there any benefit to upgrading the modem firmware ? And could you please leave the correct command for enabling sa and adding 41 ( I do realize it's not persistent ) and i have TMobile is the ipv4-6 slowing my speeds I seen a forum about using ipv6 pdp type only and using cloudfair DNS to fix ipv4 only issues it confused me I have no idea what would be the optimal settings for T-Mobile

Benefit to upgrading firmware would be not having to deal with the SA and band limitations that appear to exist on the current Netgear modem firmware. But again, because of the version numbering it may try to flash the Netgear version right back again unless you do something to block communications to the Netgear servers. Also not sure if the Quectel OEM firmware would flash to it via the WebGUI as my experience only involved physically removing the modem from the unit and connecting to a PC via USB adapter to perform the update which can be pretty labor intensive and risk damage to the unit if you are not confident in your disassembly/reassembly skillz.

In any case here are the TMO relevant commands:

Code: Select all

***View Current Connected Cell Details***
echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

***TMO 5G Mode Notes***
Check current mode:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

***TMO 5G NSA Band Notes***
Check current 5G NSA bands:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Add n41 and remove n25, n71 NSA (usually fast where available):
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:41:66:77:78\r\n" | microcom -X -t 1000 /dev/ttyUSB2

You can try adding the desired commands to '/etc/rc.local' to fire on startup if you wish to make them more reboot persistent. Be aware that the unit takes about 2 minutes to boot up and fire off '/etc/rc.local' which will then disconnect the modem temporarily again as it executes the AT commands. So, I would give it about 3 minutes after a reboot before expecting a stable connection.

If you want to share the forum post about ipv6 I'd be happy to look at it so I can comment in context but in reality a dual stack PDP (IPv4v6) should not be limiting your overall speeds on 5G NR. I've seen maybe 1-4ms latency difference between dual stack and ipv6. So not really something worth worrying about IMHO.

[D9RKNIGHT]

Long time lurker, first time posting. First, thanks for all the help.
I have been having no issues for a year with the nbr750 and a mobile beacon T-Mobile sim. Until sat night when I lost internet. I’ve spent 2 days trouble shooting.
Here is the background
This sim comes from an m2000. I put the sim back inside of it yesterday and it also did not have any connection. I factory reset the m2000 and it restored internet. That got me looking into apn settings because last year I had to change from fast.t-mobile.com and ipv6v4 to B2B.T-Mobile.com and ipv4 in order to bypass the video speed throttle. So that’s been working great until this weekend. Now after the m2000 factory reset and much trial and error and calls to mobile beacon and T-Mobile…I once again have unthrottled internet. The only way to achieve this was to change the 5g/4G from auto mode to manually select the network and the T-Mobile tech support rep had me select 311490. Now, combined with B2B.T-Mobile.com and ipv4, I’m back to unthrottled.

All this makes me think it’s modem related and not the SIM card, I assume.

So taking this sim back to my NBR750 and using the same settings has brought nothing but endless hours of headaches. No matter the apn settings, I have no internet while network mode is set to Auto. When I select 4G, it works again with several apn settings. But all much slower than the full 5g. (And the whole reason I have the nbr750).

I’ve been absolutely lost following threads and guides. I have AT line access and have tried everything I’ve found online. I know nothing about all this so I’m figuring it out as I go.

I’m happy to provide anything needed from the ssh terminal if anyone would be able to assist me. I truly have tried everything I can. Thanks in advance!

Is there any benefit to upgrading the modem firmware ? And could you please leave the correct command for enabling sa and adding 41 ( I do realize it's not persistent ) and i have TMobile is the ipv4-6 slowing my speeds I seen a forum about using ipv6 pdp type only and using cloudfair DNS to fix ipv4 only issues it confused me I have no idea what would be the optimal settings for T-Mobile

Benefit to upgrading firmware would be not having to deal with the SA and band limitations that appear to exist on the current Netgear modem firmware. But again, because of the version numbering it may try to flash the Netgear version right back again unless you do something to block communications to the Netgear servers. Also not sure if the Quectel OEM firmware would flash to it via the WebGUI as my experience only involved physically removing the modem from the unit and connecting to a PC via USB adapter to perform the update which can be pretty labor intensive and risk damage to the unit if you are not confident in your disassembly/reassembly skillz.

In any case here are the TMO relevant commands:

Code: Select all

***View Current Connected Cell Details***
echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

***TMO 5G Mode Notes***
Check current mode:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

***TMO 5G NSA Band Notes***
Check current 5G NSA bands:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Add n41 and remove n25, n71 NSA (usually fast where available):
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:41:66:77:78\r\n" | microcom -X -t 1000 /dev/ttyUSB2

You can try adding the desired commands to '/etc/rc.local' to fire on startup if you wish to make them more reboot persistent. Be aware that the unit takes about 2 minutes to boot up and fire off '/etc/rc.local' which will then disconnect the modem temporarily again as it executes the AT commands. So, I would give it about 3 minutes after a reboot before expecting a stable connection.

If you want to share the forum post about ipv6 I'd be happy to look at it so I can comment in context but in reality a dual stack PDP (IPv4v6) should not be limiting your overall speeds on 5G NR. I've seen maybe 1-4ms latency difference between dual stack and ipv6. So not really something worth worrying about IMHO.

[hazarjast]

Long time lurker, first time posting. First, thanks for all the help.
I have been having no issues for a year with the nbr750 and a mobile beacon T-Mobile sim. Until sat night when I lost internet. I’ve spent 2 days trouble shooting.
Here is the background
This sim comes from an m2000. I put the sim back inside of it yesterday and it also did not have any connection. I factory reset the m2000 and it restored internet. That got me looking into apn settings because last year I had to change from fast.t-mobile.com and ipv6v4 to B2B.T-Mobile.com and ipv4 in order to bypass the video speed throttle. So that’s been working great until this weekend. Now after the m2000 factory reset and much trial and error and calls to mobile beacon and T-Mobile…I once again have unthrottled internet. The only way to achieve this was to change the 5g/4G from auto mode to manually select the network and the T-Mobile tech support rep had me select 311490. Now, combined with B2B.T-Mobile.com and ipv4, I’m back to unthrottled.

All this makes me think it’s modem related and not the SIM card, I assume.

So taking this sim back to my NBR750 and using the same settings has brought nothing but endless hours of headaches. No matter the apn settings, I have no internet while network mode is set to Auto. When I select 4G, it works again with several apn settings. But all much slower than the full 5g. (And the whole reason I have the nbr750).

I’ve been absolutely lost following threads and guides. I have AT line access and have tried everything I’ve found online. I know nothing about all this so I’m figuring it out as I go.

I’m happy to provide anything needed from the ssh terminal if anyone would be able to assist me. I truly have tried everything I can. Thanks in advance!

Not sure how much help I can be here as your situation sounds complex and it seems you have some sort of specialty business plan given your APN (maybe Calyx?). In general you really shouldn't ever have to manually select a network so that is a red flag to me that there could be some tower issue in your area; maybe it is undergoing some changes/upgrades?

You mention you have somehow input the same settings into the NBR750 as you had set on the M2000. How are you manually selecting the 311490 network on the NBR750? What commands have you run on the NBR750 already and I assume you've repaired it to match the identity of the M2000? It might be helpful info if you can find out which cells/bands the M2000 is connecting to as well.

[gilbreen]

Has anyone been able to figure out how to run the wifi down script at launch? I have created the script with the right permissions and have it called to run from the rc.local file. I have tried calling it with the full path to the executable (/sbin/wifi) and without the full path. I know rc.local is running successfully because dropbear is running at launch. I am no expert in linux so not sure where else I should try putting the script where it can be called. I don't reboot too often so I currently just manually issue the wifi down command after a reboot. Just curious to see what others have learned. Other than this small issue, the router has been rock solid with great speeds on T-Mobile. My speeds average 350 down/30 up.

[msmhassan]

I have NBR750 working on Zain Kuwait 5g network. it was working fine until I updated the firmware of the router and Modem firmware. now I m facing very interrupted service. It looks the router is connecting online but it keeps disconnected and the speed is very slow.


NBR750 verson i m running now is NBR750-V4.6.5.11_1.5.66
Modem firmware version RM502QAEAAR11A02M4G

[hazarjast]

Has anyone been able to figure out how to run the wifi down script at launch? I have created the script with the right permissions and have it called to run from the rc.local file. I have tried calling it with the full path to the executable (/sbin/wifi) and without the full path. I know rc.local is running successfully because dropbear is running at launch. I am no expert in linux so not sure where else I should try putting the script where it can be called. I don't reboot too often so I currently just manually issue the wifi down command after a reboot. Just curious to see what others have learned. Other than this small issue, the router has been rock solid with great speeds on T-Mobile. My speeds average 350 down/30 up.

Does 'wifi down' work fine interactively? That would be the first test. I know in the LBR20 it would take about two minutes for the system to get to the point where all wifi services were loaded so if you're trying to take them down while other things are asking them to come up that's not going to work. In your 'rc.local' you may need to add a similar sleep statement before 'wifi down' (ex. 'sleep 120' which would sleep 2 minutes or 120 seconds).

[hazarjast]

I have NBR750 working on Zain Kuwait 5g network. it was working fine until I updated the firmware of the router and Modem firmware. now I m facing very interrupted service. It looks the router is connecting online but it keeps disconnected and the speed is very slow.


NBR750 verson i m running now is NBR750-V4.6.5.11_1.5.66
Modem firmware version RM502QAEAAR11A02M4G

The referenced firmware version is not specific and has multiple revisions starting with that prefix. Full version revision information can be obtained using the AT command "AT+QGMR". If you can provide that it might be a good reference point for others. If it happens to be "RM502QAEAAR11A04M4G_02.001.02.001" then that might help in explaining your issues. As I mentioned in a previous post that firmware seems to have made changes to some of the default enabled bands (specifically n41 in the case of my T-Mobile USA testing) as well as disable 5G SA. A cursory google search indicates Zain 5G may be using C-band: n77, n78, and n79. Assuming that info is accurate it seems like Netgear could have disabled one of those in the firmware I tested but my T-Mobile USA service doesn't use them so I could not confirm this.

Reference the relevant AT command examples below, maybe they will be useful to you and remember that they may not be reboot persistent (meaning you may need to add them to 'rc.local' for execution on every reboot else they may be lost when power is disconnected or unit is rebooted):

Code: Select all

View current connected cell details:
echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current mode:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current 5G NSA bands:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current 5G SA bands:
echo -ne "AT+QNWPREFCFG=\"nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

5G NSA band enablement example:
Enable NR bands 2,5,7,25,41,48,66,71,77,78, and 79 for NSA mode if available in your firmware:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

5G SA band enablement example:
Enable NR bands 2,5,7,25,41,48,66,71,77,78, and 79 for SA mode if available in your firmware:
echo -ne "AT+QNWPREFCFG=\"nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Keep in mind that officially the NBR750 is only published to have support for n2, n5, n25, n41, n48, n66, n71, and n77 as it is sold at least in the USA so if you get an error when trying to add n79 it may be blocked on the baseband of the Netgear firmware. No clue what bands it's officially certified for in Kuwait as per Netgear but the original Quectel firmware of the RM502Q-AE modem natively supports n1, n2, n3, n5, n7, n8, n12, n20, n25, n28, n38, n40, n41, n48, n66, n71, n77, n78, and n79.

Best of luck!

[gilbreen]

Has anyone been able to figure out how to run the wifi down script at launch? I have created the script with the right permissions and have it called to run from the rc.local file. I have tried calling it with the full path to the executable (/sbin/wifi) and without the full path. I know rc.local is running successfully because dropbear is running at launch. I am no expert in linux so not sure where else I should try putting the script where it can be called. I don't reboot too often so I currently just manually issue the wifi down command after a reboot. Just curious to see what others have learned. Other than this small issue, the router has been rock solid with great speeds on T-Mobile. My speeds average 350 down/30 up.

Does 'wifi down' work fine interactively? That would be the first test. I know in the LBR20 it would take about two minutes for the system to get to the point where all wifi services were loaded so if you're trying to take them down while other things are asking them to come up that's not going to work. In your 'rc.local' you may need to add a similar sleep statement before 'wifi down' (ex. 'sleep 120' which would sleep 2 minutes or 120 seconds).

I can log into the router via SSH and if I issue the command 'wifi down', the wifi signal is no longer broadcast. Similar to what I had posted last year, the router UI reports that the wifi is still active even though it is not. I believe that is what you mean by working interactively.

My rc.local file has the following lines:

Code: Select all

dropbear -R
/opt/scripts/wifi_down.sh
exit 0

And the wifi_down.sh file has the following lines:

Code: Select all

#!/bin/sh

sleep 120
wifi down >/dev/null 2>/dev/null

However, since the wifi remains up, I assume, that the script is not running successfully from its current location in /opt/scripts. The permissions for the script are:

Code: Select all

root@NBR750:/opt/scripts# ls -l
-rwxr-xr-x    1 root     root            54 Mar 26 15:57 wifi_down.sh

You mentioned adding the sleep command in the rc.local file. Is it better there instead of the script? Can I add the sleep command and the "wifi down' command in the rc.local?

Thanks for your assistance.

[msmhassan]

I have NBR750 working on Zain Kuwait 5g network. it was working fine until I updated the firmware of the router and Modem firmware. now I m facing very interrupted service. It looks the router is connecting online but it keeps disconnected and the speed is very slow.


NBR750 verson i m running now is NBR750-V4.6.5.11_1.5.66
Modem firmware version RM502QAEAAR11A02M4G

The referenced firmware version is not specific and has multiple revisions starting with that prefix. Full version revision information can be obtained using the AT command "AT+QGMR". If you can provide that it might be a good reference point for others. If it happens to be "RM502QAEAAR11A04M4G_02.001.02.001" then that might help in explaining your issues. As I mentioned in a previous post that firmware seems to have made changes to some of the default enabled bands (specifically n41 in the case of my T-Mobile USA testing) as well as disable 5G SA. A cursory google search indicates Zain 5G may be using C-band: n77, n78, and n79. Assuming that info is accurate it seems like Netgear could have disabled one of those in the firmware I tested but my T-Mobile USA service doesn't use them so I could not confirm this.

Reference the relevant AT command examples below, maybe they will be useful to you and remember that they may not be reboot persistent (meaning you may need to add them to 'rc.local' for execution on every reboot else they may be lost when power is disconnected or unit is rebooted):

Code: Select all

View current connected cell details:
echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current mode:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current 5G NSA bands:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current 5G SA bands:
echo -ne "AT+QNWPREFCFG=\"nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

5G NSA band enablement example:
Enable NR bands 2,5,7,25,41,48,66,71,77,78, and 79 for NSA mode if available in your firmware:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

5G SA band enablement example:
Enable NR bands 2,5,7,25,41,48,66,71,77,78, and 79 for SA mode if available in your firmware:
echo -ne "AT+QNWPREFCFG=\"nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Keep in mind that officially the NBR750 is only published to have support for n2, n5, n25, n41, n48, n66, n71, and n77 as it is sold at least in the USA so if you get an error when trying to add n79 it may be blocked on the baseband of the Netgear firmware. No clue what bands it's officially certified for in Kuwait as per Netgear but the original Quectel firmware of the RM502Q-AE modem natively supports n1, n2, n3, n5, n7, n8, n12, n20, n25, n28, n38, n40, n41, n48, n66, n71, n77, n78, and n79.

Best of luck!

Thank you hazarjast.

I tried AT+QGMR but I get error message /bin/ash: AT+QGMR: not found


regarding the rest of commands root@NBR750:/# echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev
/ttyUSB2
at+qeng="servingcell"
+QENG: "servingcell","NOCONN"
+QENG: "LTE","FDD",419,02,54829,112,301,1,5,5,A040,-90,-17,-52,12,7,130,-
+QENG:"NR5G-NSA",419,02,205,-99,5,-12,650016,78,12

OK
root@NBR750:/#
root@NBR750:/# echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X
-t 1000 /dev/ttyUSB2
at+qnwprefcfg="nr5g_disable_mode"
+QNWPREFCFG: "nr5g_disable_mode",0

OK
root@NBR750:/#
root@NBR750:/# echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1
000 /dev/ttyUSB2
AT+QNWPREFCFG="nsa_nr5g_band"
+QNWPREFCFG: "nsa_nr5g_band",77:78

OK
root@NBR750:/#
root@NBR750:/# echo -ne "AT+QNWPREFCFG=\"nr5g_band\"\r\n" | microcom -X -t 1000
/dev/ttyUSB2
AT+QNWPREFCFG="nr5g_band"
+QNWPREFCFG: "nr5g_band",2:5:7:25:41:48:66:71:77:78:79

OK

I noticed that SA bands was only 78:79 so I opened the rest of the bands. I tried to stop NSA but didn't work

[gilbreen]

I have NBR750 working on Zain Kuwait 5g network. it was working fine until I updated the firmware of the router and Modem firmware. now I m facing very interrupted service. It looks the router is connecting online but it keeps disconnected and the speed is very slow.


NBR750 verson i m running now is NBR750-V4.6.5.11_1.5.66
Modem firmware version RM502QAEAAR11A02M4G

The referenced firmware version is not specific and has multiple revisions starting with that prefix. Full version revision information can be obtained using the AT command "AT+QGMR". If you can provide that it might be a good reference point for others. If it happens to be "RM502QAEAAR11A04M4G_02.001.02.001" then that might help in explaining your issues. As I mentioned in a previous post that firmware seems to have made changes to some of the default enabled bands (specifically n41 in the case of my T-Mobile USA testing) as well as disable 5G SA. A cursory google search indicates Zain 5G may be using C-band: n77, n78, and n79. Assuming that info is accurate it seems like Netgear could have disabled one of those in the firmware I tested but my T-Mobile USA service doesn't use them so I could not confirm this.

Reference the relevant AT command examples below, maybe they will be useful to you and remember that they may not be reboot persistent (meaning you may need to add them to 'rc.local' for execution on every reboot else they may be lost when power is disconnected or unit is rebooted):

Code: Select all

View current connected cell details:
echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current mode:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current 5G NSA bands:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Check current 5G SA bands:
echo -ne "AT+QNWPREFCFG=\"nr5g_band\"\r\n" | microcom -X -t 1000 /dev/ttyUSB2

5G NSA band enablement example:
Enable NR bands 2,5,7,25,41,48,66,71,77,78, and 79 for NSA mode if available in your firmware:
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

5G SA band enablement example:
Enable NR bands 2,5,7,25,41,48,66,71,77,78, and 79 for SA mode if available in your firmware:
echo -ne "AT+QNWPREFCFG=\"nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Keep in mind that officially the NBR750 is only published to have support for n2, n5, n25, n41, n48, n66, n71, and n77 as it is sold at least in the USA so if you get an error when trying to add n79 it may be blocked on the baseband of the Netgear firmware. No clue what bands it's officially certified for in Kuwait as per Netgear but the original Quectel firmware of the RM502Q-AE modem natively supports n1, n2, n3, n5, n7, n8, n12, n20, n25, n28, n38, n40, n41, n48, n66, n71, n77, n78, and n79.

Best of luck!

Thank you hazarjast.

I tried AT+QGMR but I get error message /bin/ash: AT+QGMR: not found


regarding the rest of commands root@NBR750:/# echo -ne "at+qeng=\"servingcell\"\r\n" | microcom -X -t 1000 /dev
/ttyUSB2
at+qeng="servingcell"
+QENG: "servingcell","NOCONN"
+QENG: "LTE","FDD",419,02,54829,112,301,1,5,5,A040,-90,-17,-52,12,7,130,-
+QENG:"NR5G-NSA",419,02,205,-99,5,-12,650016,78,12

OK
root@NBR750:/#
root@NBR750:/# echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\"\r\n" | microcom -X
-t 1000 /dev/ttyUSB2
at+qnwprefcfg="nr5g_disable_mode"
+QNWPREFCFG: "nr5g_disable_mode",0

OK
root@NBR750:/#
root@NBR750:/# echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\"\r\n" | microcom -X -t 1
000 /dev/ttyUSB2
AT+QNWPREFCFG="nsa_nr5g_band"
+QNWPREFCFG: "nsa_nr5g_band",77:78

OK
root@NBR750:/#
root@NBR750:/# echo -ne "AT+QNWPREFCFG=\"nr5g_band\"\r\n" | microcom -X -t 1000
/dev/ttyUSB2
AT+QNWPREFCFG="nr5g_band"
+QNWPREFCFG: "nr5g_band",2:5:7:25:41:48:66:71:77:78:79

OK

I noticed that SA bands was only 78:79 so I opened the rest of the bands. I tried to stop NSA but didn't work

To run the command that hazerjast mentioned, the full command is:

Code: Select all

echo -ne "at+qgmr\r\n" | microcom -X -t 1000 /dev/ttyUSB2

That should return the full firmware of the modem. Mine returned:

Code: Select all

RM502QAEAAR11A04M4G_02.001.02.001

Good luck!

[msmhassan]

Thank you gilbreen

my firmware version is RM502QAEAAR11A02M4G_01.003.01.003

is there a way to downgrade the modem version? I have seen in the web control access of the router a place to update it manually but I don't have the source file to do it

[gilbreen]

Thank you gilbreen

my firmware version is RM502QAEAAR11A02M4G_01.003.01.003

is there a way to downgrade the modem version? I have seen in the web control access of the router a place to update it manually but I don't have the source file to do it

I don't believe there is a way to downgrade the modem firmware while it is installed in the router. As hazerjast mentioned above, one may remove the modem from the router and install a firmware (whether up or down) using the Quectel firmware tools. I haven't done it with the modem in this router but have upgraded and downgraded firmware on other modems.

My understanding is the numbering starting after the letter A in the listing of the firmware number. I could be wrong, but I believe the modem firmware you have installed is older than the one I have installed. Others may have more information.

[jericsmith]

...
[*]How to setup DNSCrypt/stubby/OpenVPN/WireGuard or Something Else

Hoping I missed something, but has anyone sorted Wireguard (client) on this yet?

[hazarjast]

Hoping I missed something, but has anyone sorted Wireguard (client) on this yet?

Yes, folks have done this. It's officially supported and tested by Voxel in his firmware. If you are looking for support for a specific issue I would suggest posting over at the SnB forums: https://www.snbforums.com/threads/custo ... 542/page-2

[jericsmith]

Hoping I missed something, but has anyone sorted Wireguard (client) on this yet?

Yes, folks have done this. It's officially supported and tested by Voxel in his firmware. If you are looking for support for a specific issue I would suggest posting over at the SnB forums: https://www.snbforums.com/threads/custo ... 542/page-2

I thought the Voxel firmware was for the LBR20?

[hazarjast]

Hoping I missed something, but has anyone sorted Wireguard (client) on this yet?

Yes, folks have done this. It's officially supported and tested by Voxel in his firmware. If you are looking for support for a specific issue I would suggest posting over at the SnB forums: https://www.snbforums.com/threads/custo ... 542/page-2

I thought the Voxel firmware was for the LBR20?

Lol! You are correct I got my wires crossed. WireGuard is not available on the NB750 unfortunately. Apologies.

[jericsmith]

Yes, folks have done this. It's officially supported and tested by Voxel in his firmware. If you are looking for support for a specific issue I would suggest posting over at the SnB forums: https://www.snbforums.com/threads/custo ... 542/page-2

I thought the Voxel firmware was for the LBR20?

Lol! You are correct I got my wires crossed. WireGuard is not available on the NB750 unfortunately. Apologies.

Well, regardless, I greatly appreciated you putting together this guide. Thank you!

[jericsmith]

Thank you gilbreen

my firmware version is RM502QAEAAR11A02M4G_01.003.01.003

is there a way to downgrade the modem version? I have seen in the web control access of the router a place to update it manually but I don't have the source file to do it

I don't believe there is a way to downgrade the modem firmware while it is installed in the router. As hazerjast mentioned above, one may remove the modem from the router and install a firmware (whether up or down) using the Quectel firmware tools. I haven't done it with the modem in this router but have upgraded and downgraded firmware on other modems.

My understanding is the numbering starting after the letter A in the listing of the firmware number. I could be wrong, but I believe the modem firmware you have installed is older than the one I have installed. Others may have more information.

FYI, the flash has plenty of space so I upgraded modem firmware by sending the most recent file from Quectel over to /tmp via SCP and running QFirehose -f /tmp/firmwaredirectoryname

And yes, after you update the modem firmware to the most recent Quectel branch you will get notices from Netgear that you need to update your modem firmware unless you block the update check servers as outlined in the original post. (The Netgear branch is several versions back as of 6/11/2023)

[Rich Hathaway]

What processor/cpu is inside this model?
Specs on the web for are only showing clock speed but no specific cpu label

[jericsmith]

What processor/cpu is inside this model?
Specs on the web for are only showing clock speed but no specific cpu label

Code: Select all

root@NBR750:/proc# cat cpuinfo
processor	: 0
model name	: ARMv7 Processor rev 4 (v7l)
BogoMIPS	: 48.84
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm aes pmull sha1 sha2 crc32 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xd03
CPU revision	: 4

processor	: 1
model name	: ARMv7 Processor rev 4 (v7l)
BogoMIPS	: 48.84
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm aes pmull sha1 sha2 crc32 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xd03
CPU revision	: 4

processor	: 2
model name	: ARMv7 Processor rev 4 (v7l)
BogoMIPS	: 48.84
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm aes pmull sha1 sha2 crc32 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xd03
CPU revision	: 4

processor	: 3
model name	: ARMv7 Processor rev 4 (v7l)
BogoMIPS	: 48.84
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm aes pmull sha1 sha2 crc32 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xd03
CPU revision	: 4

Hardware	: Generic DT based system
Revision	: 0000
Serial		: 0000000000000000

Most info commands aren't functioning with busybox, but I also get

Code: Select all

root@NBR750:/proc# uname -a
Linux NBR750 4.4.60 #1 SMP PREEMPT Sun Dec 11 20:38:49 UTC 2022 armv7l GNU/Linux

and this from the syslog. I'm a linux amateur, so busybox missing the few commands I know to use for finding this means I'm more than happy to take any suggestions.

Code: Select all

[    0.000000] CPU: ARMv7 Processor [410fd034] revision 4 (ARMv7), cr=10c0383d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] Machine model: Qualcomm Technologies, Inc. IPQ807x/AP-OAK03

[jericsmith]

Just a heads up that after upgrading to newest Quectel firmware and disabling NSA (forcing SA) I'm getting 360+Mbps down, so doing better than my other WG1608/Quectel RM500Q-AE based routers at the moment. Thanks again to hazarjast for the compilation of info.

CA reporting:
+QCAINFO: "PCC",501390,12,"NR5G BAND 41",654+QCAINFO: "SCC",521310,6,"NR5G BAND 41",1,654,0,-,-

[Rich Hathaway]

@ jericsmith
I will answer your dm here, thanks for the info, I do not need anything else from it, it's not my kind of device I won't be getting one to fool with.
I did have a look at the firmware it has a Qualcomm,cpr3-ipq807x CPU, and the image is a double stacked ubi based on openwrt, not my kind of device, I try to stick to the non-open os's that are more difficult to get into and modify.

anyway, if anyone wants firm for this one I will attach it, after all, it is open lol.

This goes without saying I am not responsible for anything anyone does to their device, I do not have this device, and I have not loaded this firmware to any device, it is straight from Netgears site (unmodified) so dl and use at your own risk!!

NBR750-V4.6.5.11_1.5.65.zip

[lplassman]

Has anyone been able to figure out how to run the wifi down script at launch? I have created the script with the right permissions and have it called to run from the rc.local file. I have tried calling it with the full path to the executable (/sbin/wifi) and without the full path. I know rc.local is running successfully because dropbear is running at launch. I am no expert in linux so not sure where else I should try putting the script where it can be called. I don't reboot too often so I currently just manually issue the wifi down command after a reboot. Just curious to see what others have learned. Other than this small issue, the router has been rock solid with great speeds on T-Mobile. My speeds average 350 down/30 up.

Does 'wifi down' work fine interactively? That would be the first test. I know in the LBR20 it would take about two minutes for the system to get to the point where all wifi services were loaded so if you're trying to take them down while other things are asking them to come up that's not going to work. In your 'rc.local' you may need to add a similar sleep statement before 'wifi down' (ex. 'sleep 120' which would sleep 2 minutes or 120 seconds).

I can log into the router via SSH and if I issue the command 'wifi down', the wifi signal is no longer broadcast. Similar to what I had posted last year, the router UI reports that the wifi is still active even though it is not. I believe that is what you mean by working interactively.

My rc.local file has the following lines:

Code: Select all

dropbear -R
/opt/scripts/wifi_down.sh
exit 0

And the wifi_down.sh file has the following lines:

Code: Select all

#!/bin/sh

sleep 120
wifi down >/dev/null 2>/dev/null

However, since the wifi remains up, I assume, that the script is not running successfully from its current location in /opt/scripts. The permissions for the script are:

Code: Select all

root@NBR750:/opt/scripts# ls -l
-rwxr-xr-x    1 root     root            54 Mar 26 15:57 wifi_down.sh

You mentioned adding the sleep command in the rc.local file. Is it better there instead of the script? Can I add the sleep command and the "wifi down' command in the rc.local?

Thanks for your assistance.

I found a solution to the problem where the wifi doesn't go down on boot. It appears that the sleep command executes first and delays the wifi module from being started until after the sleep command has been executed. I found that by forking the wifi down script into the background solves this issue. As a result, my rc.local file looks like this:

Code: Select all

dropbear -R                        
(exec /opt/scripts/wifi_down.sh) &                                  
                                                                      
exit 0 

And the wifi_down.sh file has the following:

Code: Select all

#!/bin/sh

sleep 120
/sbin/wifi down

[lplassman]

For those who want to enable 5G SA with n41 enabled on boot, here is a method I found that worked.
Create a script file at: /opt/scripts/enable_5g_sa.sh and insert the following into it:

Code: Select all

#!/bin/sh

echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QNWPREFCFG=\"nr5g_band\",2:5:7:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Make the script file executable (chmod +x /opt/scripts/enable_5g_sa.sh) and add a call to it to /etc/rc.local as shown following:

Code: Select all

dropbear -R
(exec /opt/scripts/wifi_down.sh) &
/opt/scripts/enable_5g_sa.sh

exit 0

[gilbreen]

I found a solution to the problem where the wifi doesn't go down on boot. It appears that the sleep command executes first and delays the wifi module from being started until after the sleep command has been executed. I found that by forking the wifi down script into the background solves this issue. As a result, my rc.local file looks like this:

Code: Select all

dropbear -R                        
(exec /opt/scripts/wifi_down.sh) &                                  
                                                                      
exit 0 

And the wifi_down.sh file has the following:

Code: Select all

#!/bin/sh

sleep 120
/sbin/wifi down

I appreciate you sharing your findings. I'll implement the recommended changes on my router.

Thanks for the update!

[gilbreen]

I found a solution to the problem where the wifi doesn't go down on boot. It appears that the sleep command executes first and delays the wifi module from being started until after the sleep command has been executed. I found that by forking the wifi down script into the background solves this issue. As a result, my rc.local file looks like this:

Code: Select all

dropbear -R                        
(exec /opt/scripts/wifi_down.sh) &                                  
                                                                      
exit 0 

And the wifi_down.sh file has the following:

Code: Select all

#!/bin/sh

sleep 120
/sbin/wifi down

I appreciate you sharing your findings. I'll implement the recommended changes on my router.

Thanks for the update!

Just following up to say the the rc.local sript update fixed the issue of the wifi_down script not starting as expected. Thanks for sharing!

[gilbreen]

Hazerjast, I was reviewing the posts from earlier this year and had a question on the following commands that were posted:

Code: Select all

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

What is the difference between the first and third command? They appear to be the same command but the first states it allows both 5G NSA and SA and the third states it disables 5G NSA.

Separately, I am running firmware RM502QAEAAR11A04M4G_02.001.02.001. The device always boots up with the following setting:

"nr5g_disable_mode",0

but I saw an earlier post stating that the newest Netgear default was to have nr5g_disable_mode set to 1. Perhaps I misread it. I am running the router firmware version V4.6.5.11_1.5.64. Is the difference due to the modem firmware perhaps?

[hazarjast]

Hazerjast, I was reviewing the posts from earlier this year and had a question on the following commands that were posted:

Code: Select all

Allow both 5G NSA and SA:
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G SA (Default, but can be slow if n41 SA is available):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",1\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Disable 5G NSA (in case you wish to force SA):
echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2

What is the difference between the first and third command? They appear to be the same command but the first states it allows both 5G NSA and SA and the third states it disables 5G NSA.

Separately, I am running firmware RM502QAEAAR11A04M4G_02.001.02.001. The device always boots up with the following setting:

"nr5g_disable_mode",0

but I saw an earlier post stating that the newest Netgear default was to have nr5g_disable_mode set to 1. Perhaps I misread it. I am running the router firmware version V4.6.5.11_1.5.64. Is the difference due to the modem firmware perhaps?

Apologies this was a typo on my part, the last one to disable NSA should be:

Code: Select all

echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",2\r\n" | microcom -X -t 1000 /dev/ttyUSB2

[roaminggnome]

FYI, some Ebay seller has 700+ of these brand-new for $190 on eBay right now. I just received mine today and it's brand new, shipped in a brown Netgear logo box with logo tape that's never been open. I suspect these are covid work from over overstock, and now they're at a great price!

Hope it helps some other folks on here!

https://www.ebay.com/itm/266501311828?

[Orlimar1]

FYI, some Ebay seller has 700+ of these brand-new for $190 on eBay right now. I just received mine today and it's brand new, shipped in a brown Netgear logo box with logo tape that's never been open. I suspect these are covid work from over overstock, and now they're at a great price!

Hope it helps some other folks on here!

https://www.ebay.com/itm/266501311828?

A buddy said they don't have N41 though. That's a big deal for T-Mobile users.

[nordicboy2]

5G Bands: n2, n5, n25, n41, n48, n66, n71, n77
https://www.downloads.netgear.com/files ... _NA_DS.pdf

This is tempting me.

What are the differences between the RM502 and RM520 ?

[hazarjast]

FYI, some Ebay seller has 700+ of these brand-new for $190 on eBay right now. I just received mine today and it's brand new, shipped in a brown Netgear logo box with logo tape that's never been open. I suspect these are covid work from over overstock, and now they're at a great price!

Hope it helps some other folks on here!

https://www.ebay.com/itm/266501311828?

A buddy said they don't have N41 though. That's a big deal for T-Mobile users.

It is true that Netgear seemed to have kneecapped the modem for TMO users by disabling n41 and 5G SA in their RM502QAEAAR11A04M4G_02.001.02.001 update. However this can be worked around by issuing AT commands or flashing Quectel OEM firmware as detailed in earlier posts.

[hazarjast]

5G Bands: n2, n5, n25, n41, n48, n66, n71, n77
https://www.downloads.netgear.com/files ... _NA_DS.pdf

This is tempting me.

What are the differences between the RM502 and RM520 ?

RM520 is using Qualcomm SDX62 which supports 2x carrier aggregation (CA) using both TDD+FDD combos under 5G SA which is the primary difference between it and the RM502 which uses the SDX55. Be aware that the modem driver Netgear uses from Quectel is an older one that doesn’t natively support SDX62 modems such as the RM520 so that will not be a simple drop-in replacement for the RM502 under this router (NBR750).

[helmut]

FYI, the flash has plenty of space so I upgraded modem firmware by sending the most recent file from Quectel over to /tmp via SCP and running QFirehose -f /tmp/firmwaredirectoryname

And yes, after you update the modem firmware to the most recent Quectel branch you will get notices from Netgear that you need to update your modem firmware unless you block the update check servers as outlined in the original post. (The Netgear branch is several versions back as of 6/11/2023)

@jericsmith sorry to revive this, I'm trying to upgrade the fw to R13 without having to take it out. Did you have to install qfirehose on the NBR750?
Any pointers would help. Thanks

[bigpal]

For the life of me, I can't get my 5G Verizon SIM working with NBR750. I've made the IMEI modification, and I'm using the same TTL that works fine in my LBR20 and MR5200. I've been able to get both of those devices working with a TTL/HL of 64. On the NBR750, it will join the network, then get kicked off a few seconds later. I'm able to ping once or twice, but then ping ends with "network unreachable" even though QCAINFO shows that I'm still connected.

@SomeTechGuy
Did you ever get this working with a Verizon SIM? I am experiencing the same behavior as you are...

[bigpal]

Also, for those of you who had trouble getting wifi disabled, there's an easy fix. In your /etc/rc.local where you call your wifi_down script or whatever you called it, you need to add the "&" at the end of the line, otherwise the sleep line in the script won't do anything, it will simply wait until the script has run its course before it begins putting up the interfaces. The ampersand fires off the script into its own process and runs independent.

For example, in my /etc/rc.local, I have:
/opt/scripts/wifi_down.sh >> /opt/scripts/logwifi.log &
(I like to append the output to a log file I can check in the event there's a problem)

Once I added the ampersand, I've never seen wifi come back again, not even once.

[hydrocynus]

Hello, what are the advantages of using this modem vs a 5g cell phone connected to a Glinet running Luci and applying the right TTL rules? My LBR20 is retired because I now have 5g bands and I can say the same for the 5g mimo antenna. So, beside being able to chose the towers to which to connect, what are the other advantages? The modem is indeed about $200 on eBay now and I am considering getting one as long as it works well with Visible (I read some have issues with Verizon). Thanks.

[pdonahue]

Yes, folks have done this. It's officially supported and tested by Voxel in his firmware. If you are looking for support for a specific issue I would suggest posting over at the SnB forums: https://www.snbforums.com/threads/custo ... 542/page-2

I thought the Voxel firmware was for the LBR20?

Lol! You are correct I got my wires crossed. WireGuard is not available on the NB750 unfortunately. Apologies.

Has anyone had any luck patching in Wireguard or getting OpenVPN to run in client mode on the NBR750s? I've done a little poking around in the device but can't figure out how to get any packages installed. I'm currently trying to get OpenVPN to work as a client connecting to my server.

[pdonahue]

Hello, what are the advantages of using this modem vs a 5g cell phone connected to a Glinet running Luci and applying the right TTL rules? My LBR20 is retired because I now have 5g bands and I can say the same for the 5g mimo antenna. So, beside being able to chose the towers to which to connect, what are the other advantages? The modem is indeed about $200 on eBay now and I am considering getting one as long as it works well with Visible (I read some have issues with Verizon). Thanks.

I can validate it works quite happily on Visible. When I first fired it up it exhibited the behaviors others have noted where it kept changing channels and disconnecting / reconnecting to the network. After a couple of hours it stabilized and has been working well since.

[bigpal]

I can validate it works quite happily on Visible. When I first fired it up it exhibited the behaviors others have noted where it kept changing channels and disconnecting / reconnecting to the network. After a couple of hours it stabilized and has been working well since.

Interesting. Does it go through this couple of hour period of disconnecting every time you restart the modem or was that a one time thing getting registered on the network? (or whatever it was doing)

[pdonahue]

First time only. All subsequent reboots at that location it’s been fine. I’m testing tonight at a different location and will let you know if it does it again.

[bigpal]

If anyone has had success getting the NBR750 to work with a Verizon unlimited tablet SIM, if you don't mind, please give an idea of what steps you followed to do this. I've tried every combination of steps, TTLs, IMEI, APNs, etc and I can't get to the Internet. I get an IP and everything looks great, but I can't ping google DNS servers or anything else.

Trying a Visible plan tomorrow to see if there's any difference.

[helmut]

Hi. I believe I bricked my modem trying to update module fw. I can still ssh into the router but it no longer recognizes sim or modem, I can't issue any AT commands. Any help would be greatly appreciated. @hazarjast ?

[pdonahue]

Hello, what are the advantages of using this modem vs a 5g cell phone connected to a Glinet running Luci and applying the right TTL rules? My LBR20 is retired because I now have 5g bands and I can say the same for the 5g mimo antenna. So, beside being able to chose the towers to which to connect, what are the other advantages? The modem is indeed about $200 on eBay now and I am considering getting one as long as it works well with Visible (I read some have issues with Verizon). Thanks.

I can validate it works quite happily on Visible. When I first fired it up it exhibited the behaviors others have noted where it kept changing channels and disconnecting / reconnecting to the network. After a couple of hours it stabilized and has been working well since.

So after taking my Orbi 5G mobile and testing at a few different locations (mainly to see if it'd connect to Verizon's C band "ultra wide" on channel 77 (it does!) now I'm back to having the same issue as several others at my main site.

It comes up and will stay up as long as no high amounts of data get pulled through it. I'm able to execute speed tests and see upwards of 300 Mbps down / 30ish up but as soon as I have any clients start pulling significant data through it it goes into the disconnect / re-connect cycle.

I suspect it has something to do with how Verizon changes between their LTE or 5G network and then moves over to 5G UW when you start pushing any significant throughput. That's the general behavior I noticed on my iPhone 12 Pro Max also on a Visible plus ($45/mo) plan. It would stay on either LTE or 5G (depending on signal strength) and as soon as you fire up a speed test or listen to music or anything that requires any real bandwidth it changes over to 5G UW and then the speeds crank up from 20-50Mbps to 300 - 500Mbps.

I may try out doing some channel locking but have to re-deploy this sim card tomorrow so I may not get to it.

[bigpal]

I may try out doing some channel locking but have to re-deploy this sim card tomorrow so I may not get to it.

I gave up on the Orbi and went with the GL-X3000. I also switched to a Visible SIM, but the configuration should be the same. I blocked band 66 and band 2 on 4G side and I have successfully forced it to connect to 5G band 2. I get 100-250Mbps...

Will Visible throttle me or does anyone have any experience with the deprioritization after the "50GB premium data"?

PS - Verizon blocked my tablet plan SIM because of the testing I did with it over the course of several days.

[roaminggnome]

Hello, what are the advantages of using this modem vs a 5g cell phone connected to a Glinet running Luci and applying the right TTL rules? My LBR20 is retired because I now have 5g bands and I can say the same for the 5g mimo antenna. So, beside being able to chose the towers to which to connect, what are the other advantages? The modem is indeed about $200 on eBay now and I am considering getting one as long as it works well with Visible (I read some have issues with Verizon). Thanks.

I can validate it works quite happily on Visible. When I first fired it up it exhibited the behaviors others have noted where it kept changing channels and disconnecting / reconnecting to the network. After a couple of hours it stabilized and has been working well since.

So after taking my Orbi 5G mobile and testing at a few different locations (mainly to see if it'd connect to Verizon's C band "ultra wide" on channel 77 (it does!) now I'm back to having the same issue as several others at my main site.

It comes up and will stay up as long as no high amounts of data get pulled through it. I'm able to execute speed tests and see upwards of 300 Mbps down / 30ish up but as soon as I have any clients start pulling significant data through it it goes into the disconnect / re-connect cycle.

I suspect it has something to do with how Verizon changes between their LTE or 5G network and then moves over to 5G UW when you start pushing any significant throughput. That's the general behavior I noticed on my iPhone 12 Pro Max also on a Visible plus ($45/mo) plan. It would stay on either LTE or 5G (depending on signal strength) and as soon as you fire up a speed test or listen to music or anything that requires any real bandwidth it changes over to 5G UW and then the speeds crank up from 20-50Mbps to 300 - 500Mbps.

I may try out doing some channel locking but have to re-deploy this sim card tomorrow so I may not get to it.

What TTL were you using for Visible? Can you band lock it to n77 only and see if that fixes the connection issues? Verizon is in the process of rolling out 5G Standalone.

I may try out doing some channel locking but have to re-deploy this sim card tomorrow so I may not get to it.

I gave up on the Orbi and went with the GL-X3000. I also switched to a Visible SIM, but the configuration should be the same. I blocked band 66 and band 2 on 4G side and I have successfully forced it to connect to 5G band 2. I get 100-250Mbps...

Will Visible throttle me or does anyone have any experience with the deprioritization after the "50GB premium data"?

PS - Verizon blocked my tablet plan SIM because of the testing I did with it over the course of several days.

After 50GB of Premium Data on LTE / 5G (Nationwide) DSS, you'll be dropped from QCI 8 priority to QCI 9, but if you're getting those kinds of speeds, then you might not see much of a drop, since they must not be overly congested at all on the tower you're connecting to. One thing to note, they're starting to convert 5G DSS back to LTE now since it was such a disaster due to the DSS system.

[hydrocynus]

Looks like I will keep using my 5g phone with visible tethered to a glinet router using the correct TTL settings (btw, I use the firewall ipv4 TTL set at 88 and IPv6 TTL set at 89). I then am able to circumvent the 5mbps throttle.and pull decent speeds up to 35mbps when I am not deprioritized.

I decommissioned my lbr20 and 4g/4g mimo antenna because I now have 5g bands (not UW yet as I am in a rural area). Thought that 5g routers were too expensive when I have a busted screen cell phone with 5g laying around. It is on the roof and I use TeamViewer for sometimes restart it. I then use the cable TV (with a Direct TV deca) to bring the signal to the lbr20 used as a mesh with the other satellites.

Works well for me

[jericsmith]

FYI, the flash has plenty of space so I upgraded modem firmware by sending the most recent file from Quectel over to /tmp via SCP and running QFirehose -f /tmp/firmwaredirectoryname

And yes, after you update the modem firmware to the most recent Quectel branch you will get notices from Netgear that you need to update your modem firmware unless you block the update check servers as outlined in the original post. (The Netgear branch is several versions back as of 6/11/2023)

@jericsmith sorry to revive this, I'm trying to upgrade the fw to R13 without having to take it out. Did you have to install qfirehose on the NBR750?
Any pointers would help. Thanks

Sorry for the late response, but no, literally just SSH'd in after compying the full firmware folder from Quectel as I wrote above. Worked like a charm. I believe it already has QFirehose to manage modem firmware updates from Netgear.

[jrtelecom]

Hello, im new on this post. Excellent information. Really appreciate. This modem is replacing my old lbr20. I was noticed after making some IP test, it will not showing IPv6 addresses in "MyIp Test". Can anyone drive me in correct direction to make it work on both ipv4 and 6? Thank you su much

[jrtelecom]

For those who want to enable 5G SA with n41 enabled on boot, here is a method I found that worked.
Create a script file at: /opt/scripts/enable_5g_sa.sh and insert the following into it:

Code: Select all

#!/bin/sh

echo -ne "at+qnwprefcfg=\"nr5g_disable_mode\",0\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",2:5:7:25:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QNWPREFCFG=\"nr5g_band\",2:5:7:41:48:66:71:77:78:79\r\n" | microcom -X -t 1000 /dev/ttyUSB2

Make the script file executable (chmod +x /opt/scripts/enable_5g_sa.sh) and add a call to it to /etc/rc.local as shown following:

Code: Select all

dropbear -R
(exec /opt/scripts/wifi_down.sh) &
/opt/scripts/enable_5g_sa.sh

exit 0

This will make SA only or both NSA and SA?

[rachas]

Hi Guys,

I need all your help. I have Orbi NBR750 and it's preconfigured for the US market, but I am using this item in Europe. The 4G/5G bands between the US and EU are different. The example current setup for LTE is:

Code: Select all

+QNWPREFCFG: "lte_band",2:4:5:7:12:13:14:25:26:29:30:41:48:66:71

For the EU, I need those 4G LTE Bands to be: B1, 3, 7, 8, 20, 28, 38, 40, 41. I have added the script to boot:

Code: Select all

#!/bin/sh

echo -ne "AT+QNWPREFCFG=\"lte_band\",1:3:7:8:20:28:38:40:41\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QNWPREFCFG=\"nsa_nr5g_band\",1:3:7:8:20:28:40:41:77:78\r\n" | microcom -X -t 1000 /dev/ttyUSB2
echo -ne "AT+QNWPREFCFG=\"nr5g_band\",1:3:7:8:20:28:40:41:77:78\r\n" | microcom -X -t 1000 /dev/ttyUSB2

and it does the jobs:

Code: Select all

+QNWPREFCFG: "lte_band",1:3:7:8:20:28:38:40:41

OK

But when I reboot the router, somehow it gets loaded with US bands, and the modem is initiated with them, after that, it runs my script for the EU bands. Looks like I need to reload only the modem it picks new settings (not reboot the router). Now I use this workaround to do that I am taking off the SIM card and add put back again. The modem reads SIM and picks my EU bands. Another workaround is to go to Netgear local page (192.168.1.1) -> Advanced -> Mobile Broadband Settings and change, for example, -> Network mode -> 4G from Automatic or way round and Apply, that as well reloads the modem and it picks EU band settings. That is a pain in the bum. My question is, do you know what local command what I can run to reload modem and I would add this to the boot script? Was trying to look at the Mobile Broadband Settings HTML page, but is difficult to trace what commands it executes.
I hope you understand, my issue.

Thank you in advance, for your help.

[NHeydary]

Congrats to all who have gotten Python to work and get the telnet script to work---now help a few of us out.

I'm stuck here:

PS C:\Users\nemat\Downloads> python
Python 3.12.2 (tags/v3.12.2:6abddd9, Feb 6 2024, 21:26:36) [MSC v.1937 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> telnet-enable2.py 192.168.1.1 [MyMACAddress] admin [MyRouterPW]
File "<stdin>", line 1
telnet-enable2.py 192.168.1.1 [MyMACAddress] admin [MyRouterPW]
^^^^^^^
SyntaxError: invalid syntax

The arrows pointing to 192.168. show it as the invalid syntax. What needs to change? That's the IP of the router on the network, my MAC address is put correctly inside the brackets and my router's password is typed correctly inside the brackets following 'admin'.