Menu
What's new
By:
Filters Better Search

Github snapshot test builds (Updated 30-May-2015)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Question.. Would it be possible to add some sort of page that shows how the QOS engine is sorting and prioritizing the traffic? Similar to what you get with Tomato with the pie charts and ports being used and all that?
 
Gitsum said:
Question.. Would it be possible to add some sort of page that shows how the QOS engine is sorting and prioritizing the traffic? Similar to what you get with Tomato with the pie charts and ports being used and all that?
Click to expand...

Lots of work involved, that would have a very low priority for me.
 
RMerlin said:
The webui itself was already hardened a few release ago. It will only accept the following ciphers (with a few explicit rejections at the end of that list):

Code: 
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-G
CM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-EC
DSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:
!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

OpenVPN allowed TLS are currently a bit wider, because of the need to inter operate with a variety of clients (for the server) and providers (for the client). I haven't decided yet on a good way to harden it without sacrificing compatibility. One solution I'm currently leaning toward is to have a specific suite of secure ciphers defined, and these would be allowed by default. There would probably be a webui option to enable support for weaker ciphers (which would be disabled by default).

I'm also tempted to make that a generic "Harden security" setting instead, which once enabled, would limit the available ciphers in addition to enforcing the use of TLS 1.0 or higher (currently it defaults to TLS 1.0 only for compatibility reasons - something that OpenVPN 2.3.7+ will be addressing in the future).

I'm still considering the available options there.
Click to expand...
Thanks for your extensive replies :)
 
Locking this thread as the final release is now available - thanks everyone who tested these alpha builds and provided some feedback.
 
Status
Not open for further replies.

Similar threads

S
Firmware:3004.388.4_0_rog suggestions
Replies
3
Views
493
ColinTaylor
C
G
Killswitch on updated RT-AX56U (V1) works
Replies
4
Views
1K
Viktor Jaep
Viktor Jaep
D
Asus Merlin - OpenVPN Policy Rules to direct Roku to another gateway
Replies
9
Views
1K
ColinTaylor
C
R
Domain VPN Routing
2
Replies
24
Views
2K
Ranger802004
R
RMerlin
Release Asuswrt-Merlin 386.6 is now available for select models
4 5 6
Replies
111
Views
35K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
RMerlin Beta Asuswrt-Merlin 3004.388.6_x test builds (dnsmasq 2.90) Asuswrt-Merlin 102
B Solved Speed test Asuswrt-Merlin 11
H Send Test Email From AiProtection? Asuswrt-Merlin 3
U Solved Cloudflare DoT test Asuswrt-Merlin 5
R Slow compared to ISP modem but Asus Speed Test Fast Asuswrt-Merlin 3
G Weird Issue on Asus speed test vs Desktop Speed test Asuswrt-Merlin 12
C Asus Merlin 388.2_2 speed test history not working Asuswrt-Merlin 24
Seria17hri11er Client Speed Test Upload over QoS Bandwidth Limit Asuswrt-Merlin 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 973 (members: 22, guests: 951)
Top