Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. E

    subnets cannot access the internet with Orbi RBK50

    I should add that Netgear was not helpful at all. Their tech didn't understand IPv4 routing. After an hour he or she finally consulted a "higher tier" and reported back, "As I consult this to the higher tier they said that this kind of setup would not work with the Orbi router it's a product...
  2. E

    subnets cannot access the internet with Orbi RBK50

    I recently changed my router to a Netgear Orbi RBK50 with the latest firmware. The LAN address of the router is 192.168.1.1 and things on the 192.168.1.0/24 subnet can access the internet just fine. On the 192.168.1.0/24 subnet is a box that forwards packets to another subnet, 192.168.2.0/24...
  3. E

    media bridge routing

    Thank you for 67_0! The new http certificate feature is a real time saver. While I was installing 67_0 on my media bridge, I noticed there is no route table in that mode. I have two subnets in my configuration, so it would help to be able to specify a static route, since one of my DNS servers...
  4. E

    [alpha] Asuswrt-Merlin 380.67 pre-beta test builds

    Thank you for your continued work on this firmware. A question: Will 380.67 include OpenVPN 2.4.3? They just released multiple security fixes in that version:
  5. E

    Ars: Advanced CIA firmware can turn home routers into recon slaves

    The CherryBlossom user's manual, as released by WikiLeaks, indicates that the CIA software can be built for Asus hardware. Is anything known about what techniques were used to compromise Asus routers, and whether those vulnerabilities have been closed in the latest software?
  6. E

    nvram space and https_crt_file

    Thank you Merlin. Do you know if httpd supports ECDSA certificates? Those are smaller. I believe I tried one once, and it didn't work, but as you keep upgrading the versions of things, that may have changed.
  7. E

    nvram space and https_crt_file

    My RT-AC66U nvram is at 64012 bytes (1524 left). The largest item is https_crt_file, which is 5800 bytes (/etc/cert.pem is 5416 bytes). I would like to install a new cert.pem, but it would result in an nvram overflow. Is there a way to move https_crt_file out of nvram to, for example, jffs or...
  8. E

    failed RT-AC66, what to replace it with?

    I have two RT-AC66s, the first is the main router, and the second runs in media bridge mode. The second one seems to have failed. I cannot connect to it either via WiFi or ethernet. I have done a factory reset, but the ethernet port of the computer never gets a DHCP address from the RT-AC66. I...
  9. E

    Edit MAC filter via SSH

    I would like to edit the MAC filter list via SSH (e.g. to change a MAC address). I discovered several candidate variables via "nvram show". Do all of these needed to be edited in sync? Or are some vestigial since the 2.4 and 5 lists were merged? Also, is there a way to just turn off MAC...
  10. E

    Asuswrt-Merlin 378.55 is now available

    Is there anything that should be done prior to installing 55 on a system that already has a /jffs/openvpn on 54_2? I used the recipe you posted once for manually moving OpenVPN keys etc. from NVRAM to JFFS (using a space in the GUI and then using custom commands to reference /jffs/openvpn files...
  11. E

    Asuswrt-Merlin 378.54_2 is now available

    This is a happy user success report concerning the item "OpenSSL upgraded from 1.0.0 to 1.0.2". I have my 54_2 connecting to two OpenVPN Linux servers (I do not run an OpenVPN server on the RT-AC66U). I was able to introduce "tls-version-min 1.2" into the config and the logs report Control...
  12. E

    Asuswrt-Merlin 378.54_2 is now available

    Thank you so much for this! This will be a big improvement. Has anyone tried using EC certificates and CA with 378.54_2?
  13. E

    NVRAM size

    Thank you. That is very helpful. I just make the /jffs change for the OpenVPN certs and it worked well. I might even have the room for a https cert/key in nvram now (too bad they can't live in jffs too). What did you think of sasoiliev's suggestion at at the link you posted? I actually keep a...
  14. E

    NVRAM size

    Thank you. That looks like it would indeed solve the problem. I will give it a try at the next reload. Do you happen to know if there is a way to set the certificate used by the router's HTTPS daemon? I would set it to the same one used by OpenVPN and avoid some certificate warnings when I...
  15. E

    OpenSSL update coming this Friday

    I do hope that by the time OpenVPN 2.4 comes out, ASUS will have upgraded to OpenSSL 1.0.2, since 1.0.0 lacks TLS1.2 and newer EC ciphers (which require much shorter keys, and therefore much less NVRAM space).
  16. E

    NVRAM size

    Does anyone know if there an ASUS product newer than the RT-AC66U that has more than 64KiB of NVRAM? I am forever having to reset and reload my router because I run into the limit. It would make life much simpler if there were a product with more. The last time I looked I didn't see NVRAM size...
  17. E

    Asuswrt-Merlin 378.50 Beta 2 is out

    openvpn --show-tls I have a favor to ask. Could someone with the beta installed login via ssh and do "openvpn --show-tls". I'd like to know if the new release includes TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 or TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384? They aren't in 376.49_5. The best TLS crypto...
  18. E

    certificate authority sharing to save nvram

    I am almost out of NVRAM. I have load two OpenVPN clients. Both have the same inline CA, which is rather long. It would be nice to have this stored only once, to save NVRAM space. Is there a way to do this?
  19. E

    entware bind-server on asuswrt-merlin

    Has anyone installed and used entware bind-server on asuswrt-merlin? I imagine that this would conflict with the existing DNS server on port 53, so it seems some sort of special hacks would be necessary to get it to work. If it could be made to work, it would be a nice place to do DNS for LAN...
  20. E

    SOHOpelessly Broken contest finds vulnerabilities in ASUS RT-AC66U

    it was the latest firmware when the contest was announced Since the contest was announced June 24, 374.5517 was the latest firmware at the time (376.1123 came out on July 7).
Top