[Beta] Asuswrt-Merlin 382.1 Beta is available

[Schuby]

Sorry if this has been mentioned, but it seems that exporting the .ovpn file does not automatically include the server and key certs into the config file.

I even tried setting defaults and reconfigured my OpenVPN server manually.

Edit: Firmware 382.1_beta1 on RT-AC88U.

Edit2: No matter what I do (i.e., placing the cert/key manually into the file and such) I continue to receive these errors:

Oct 21 13:30:44 openvpn[647]: IPREDACTED VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC88U, emailAddress=me@myhost.mydomain
Oct 21 13:30:44 openvpn[647]: IPREDACTED OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Oct 21 13:30:44 openvpn[647]: IPREDACTED TLS_ERROR: BIO read tls_read_plaintext error
Oct 21 13:30:44 openvpn[647]: IPREDACTED TLS Error: TLS object -> incoming plaintext read error
Oct 21 13:30:44 openvpn[647]: IPREDACTED TLS Error: TLS handshake failed

I'm going to keep messing around with it to try and figure it out. My theory is that there is an issue with the certificate generation, but it is too early to tell.

Edit3: Ok I figured out the error above, I was placing the wrong cert/key in the openvpn config. I pulled the right one from /jffs/openvpn/. However the only issue that remains is that the export of the OpenVPN config does not include this automatically like it used to.

 

[JGrana]

I just tried on stock 382-1 Beta. Right, no tune2fs.
I already have Entware-ng installed. Did an
opkg update
opkg install tune2fs

Now I have tune2fs. If you haven't already installed Entware-ng, try it!

 

[yk101]

I just tried on stock 382-1 Beta. Right, no tune2fs.
I already have Entware-ng installed. Did an
opkg update
opkg install tune2fs

Now I have tune2fs. If you haven't already installed Entware-ng, try it!

Thanks, I will try entware version. In any case, I see the utility as being installed by the Merlin firmware installer (git version), but it is missing... so I assume that there should be a native one.

 

[MacG32]

I've noticed in System Log | Wireless Log that a device still lists as a connection under 5 GHz, but the name is listed as <not found> and it has no lease under DHCP leases. It's been disconnected for some time now.

 

[djrm]

I have seen that time in ther router is incorrect despite the Summer time settings and time zone are correct. Currently it's 17:10 for me and router is showing 16:10. EDIT: This is fixed changing the Weeks in the DST config as described in https://www.snbforums.com/threads/ntp-an-hour-back.41679/#post-352720
Also following errors comes frecuently:
kernel: *** ERROR: [tdts_shell_ioctl_sig_op_load:95] tdts_core_rule_parsing_trf_load() fail! (I saw this error commented previously in this post)

kernel: dhd_prot_ioctl: status ret value is -20

Also I have seen that now router is using RAM at 35% instead 28% with 380_68_4 firmware... And... at least for me the wifi performance for 5Ghz decrease around 90Mb in download (from 300 Mb connection) and upload remains the same. After downgrade to 380_66_4 download performance back to normal and RAM use as well.

 

[sveinan]

Just wondering if anyone are experiencing the same logic for OpenVPN configuration.

Basically: Every time I press 'Apply' on an OpenVPN server instance. Even without changes to any config. The router will generate a new unique 'Static Key', even if one already exists in field. The other existing Certificate/Keys are kept unchanged.

I am using TLS/HMAC as an extra layer of security. Not very practical having a new 'Static Key' generated each time I change/test config. Want to set it myself basically.

Maybe there is a 'if exist value in field, do nothing' missing for 'Static Key'. Anybody else getting this behavior ?

 

[hvluu]

@RMerlin, is there any significant changes in the iptables in this build in comparison to 380.xx buids? I posted couple days ago there's a error (or bug) caused by iptables used in my script, the same one I've been using under 380.xx in the AC68U with no errors whatsoever.
The error that I got when running this command

iptables -t mangle -A PREROUTING -m set --match-set ovpn_split dst -j MARK --set-mark 0x88

is

iptables: No chain/target/match by that name.

The entire script ran just fine, but whatever iptables command that I tried to issue, all returned the same error message above.

 

[Vexira]

I have very limited control over the Wi-Fi Radar stuff, as it's proprietary Broadcom stuff - that's why for instance it doesn't use Asuswrt's regular visuals.



I didn't do one on my RT-AC88U and everything is working fine. Everyone's experience will vary, so at this time, it's not mandatory, but as usual someone should be prepared to do one if anything unusual comes up.

I had to to fix some paid app errors in the logs

 

[Xentrk]

@RMerlin, is there any significant changes in the iptables in this build in comparison to 380.xx buids? I posted couple days ago there's a error (or bug) caused by iptables used in my script, the same one I've been using under 380.xx in the AC68U with no errors whatsoever.
The error that I got when running this command

iptables -t mangle -A PREROUTING -m set --match-set ovpn_split dst -j MARK --set-mark 0x88

is

iptables: No chain/target/match by that name.

The entire script ran just fine, but whatever iptables command that I tried to issue, all returned the same error message above.

I have a few members I have been helping in the selective routing thread and they also get this error when I don't. What they have in common is the router model - AC68U.

What is output of these two commands?

iptables --verbose -t mangle -vL PREROUTING | grep match-set
iptables --version

Even though you got the error message on iptables, did the chain get created? that is what the first command will show.

I have iptables v1.4.14 installed. I am using 380.68_4 though.

 

[hvluu]

I have a few members I have been helping in the selective routing thread and they also get this error when I don't. What they have in common is the router model - AC68U.

What is output of these two commands?

iptables --verbose -t mangle -vL PREROUTING | grep match-set
iptables --version

Even though you got the error message on iptables, did the chain get created? that is what the first command will show.

I have iptables v1.4.14 installed. I am using 380.68_4 though.

I got the same iptables version. But issue the first command doesn't return anything and that makes sense because the only command that has match-set in it was the iptables command and it didn't get to properly execute because of the error "no chain/....."

 

[isr25]

Asus AC86U
Low priority issue: Adaptive QOS - Web History;
All Clients filter - sorted via domain name, there is also an option to choose page number.
Specific client filter - page does not filter clients properly, still showing all clients. Page number selection field is missing.

Is it possible to have an option to sort via “last access time”?

CPU Load Average seems to be always high. Current 1, 5, 15 min average is 4.17, 3.95, 3.92, but in network map, both CPU cores are normally less than 4%.

 

[RMerlin]

@RMerlin, is there any significant changes in the iptables in this build in comparison to 380.xx buids? I posted couple days ago there's a error (or bug) caused by iptables used in my script, the same one I've been using under 380.xx in the AC68U with no errors whatsoever.
The error that I got when running this command

iptables -t mangle -A PREROUTING -m set --match-set ovpn_split dst -j MARK --set-mark 0x88

is

iptables: No chain/target/match by that name.

The entire script ran just fine, but whatever iptables command that I tried to issue, all returned the same error message above.

What router are you running it on? Also make sure you properly initialize your ipsets.

 

[RMerlin]

Is it possible to have an option to sort via “last access time”?

Web History is handled by the Trend Micro engine.

 

[RMerlin]

CPU Load Average seems to be always high. Current 1, 5, 15 min average is 4.17, 3.95, 3.92, but in network map, both CPU cores are normally less than 4%.

Average Load is not the same thing as the CPU usage under Linux. Load indicates how many processes are currently waiting to access the CPU. This is normal on the RT-AC86U.

 

[hvluu]

What router are you running it on? Also make sure you properly initialize your ipsets.

I’m running the beta build on AC86U. I first called the ip_set_hash_ip module then create the ipset called ovpn_split. The iptable command is issued as the last command of te script. I even check the ipset list and the list exists with the IPs ranges of Netflix and Hulu when I ping the addresses.


Sent from my iPhone using Tapatalk

 

[wirelessme]

Hi - I am using an AC88U with the 382 Beta 1. Issue is uPNP (Media Server is not working). I mean DLNA TVs and VLC do not show it. 380 works like a charm. Anyone encountering this?

Taking this as a bug report?

 

[clvk07]

after updating to 382.1 using AC88U UPNP media server is not visible from other devices

 

[RMerlin]

Minidlna hangs when started by the firmware, however manually launching it works. I haven't been able to track down the cause yet.

 

[RMerlin]

The minidlna issue might just have been a bad build - for some reason minidlna was compiled to use daemon() - every recompile attempts I've made so far had it properly disabled.

 

[RMerlin]

For some reason, my RT-AC88U is missing tune2fs. Is that expected on this build?

Was lost when I switched to Asus's e2fs build recipes, re-added.