There's a serious problem with 378.55 and OpenVPN.

[Dajinn]

I've been able to get my router out of this conundrum once already but now I'm not able to and I don't know what to do.

With OpenVPN I wanted to secure it as much as possible and generated my own 2048-DH key to put into the field. DO NOT DO THIS!

Once you click save/apply or whatever you're doomed. The configuration file will not create and the entire router will not do ANYTHING because it is "waiting on the vpnserver1" to restart or do whatever. I've tried hard resets, factory software resets in the GUI, power cycling, turning the OpenVPN server off, the router is completely stuck on this command and it won't let me change any other setting or configure the OpenVPN server.

Please help!

Aug 26 18:05:43 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:43 rc_service: skip the event: start_autodet.
Aug 26 18:05:44 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:44 rc_service: skip the event: start_autodet.
Aug 26 18:05:45 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:45 rc_service: skip the event: start_autodet.
Aug 26 18:05:46 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:46 rc_service: skip the event: start_autodet.
Aug 26 18:05:47 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:47 rc_service: skip the event: start_autodet.
Aug 26 18:05:48 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:48 rc_service: skip the event: start_autodet.
Aug 26 18:05:49 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:49 rc_service: skip the event: start_autodet.
Aug 26 18:05:50 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:50 rc_service: skip the event: start_autodet.
Aug 26 18:05:51 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:51 rc_service: skip the event: start_autodet.
Aug 26 18:05:52 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:52 rc_service: skip the event: start_autodet.
Aug 26 18:05:53 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:53 rc_service: skip the event: start_autodet.
Aug 26 18:05:54 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:54 rc_service: skip the event: start_autodet.
Aug 26 18:05:56 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:56 rc_service: skip the event: start_autodet.
Aug 26 18:05:58 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:58 rc_service: skip the event: start_autodet.
Aug 26 18:05:59 rc_service: httpd 272:notify_rc start_autodet
Aug 26 18:05:59 rc_service: skip the event: start_autodet.
Aug 26 18:07:14 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:07:14 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:07:45 rc_service: skip the event: resetdefault.
Aug 26 18:07:46 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:07:46 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:08:16 rc_service: skip the event: resetdefault.
Aug 26 18:08:17 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:08:17 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:08:39 rc_service: httpd 272:notify_rc stop_vpnserver1
Aug 26 18:08:39 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:08:47 rc_service: skip the event: resetdefault.
Aug 26 18:08:48 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:08:48 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:09:10 rc_service: skip the event: stop_vpnserver1.
Aug 26 18:09:19 rc_service: skip the event: resetdefault.
Aug 26 18:09:20 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:09:20 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:09:50 rc_service: skip the event: resetdefault.
Aug 26 18:09:51 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:09:51 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:10:21 rc_service: skip the event: resetdefault.
Aug 26 18:10:22 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:10:22 rc_service: waitting "start_vpnserver1" via ...
Aug 26 18:10:53 rc_service: skip the event: resetdefault.
Aug 26 18:10:54 rc_service: watchdog 278:notify_rc resetdefault
Aug 26 18:10:54 rc_service: waitting "start_vpnserver1" via ...

 

[L&LD]

How can you see that output and you can't reset the router to factory defaults either through the gui or the hardware switches?

 

[Calisro]

Like @L&LD , im not clear on what you are describing. Also it would be good to see the log from before those repeating messages.

 

[Dajinn]

Err...not to be chinsey but okay...the router isn't doing anything because it's stuck waiting for the vpnserver1 to either start or restart. Earlier it was waiting for it to restart, now it's waiting for it to start.

What does this mean?

It means ANY command I send to the router, whether it be, update port forwarding, enable WAN access, reset factory defaults, etc. etc. etc, do NOT apply, and get "skipped", don't you guys see? Skip the event: resetdefault? It's skipping it and tossing the command out the window because it's waiting on the start_vpnserver1 command. Factory resetting and power cycling do not take it out of this state where it's waiting on the router to finish doing whatever it's doing with vpnserver1.

 

[L&LD]

Err...not to be chinsey but okay...the router isn't doing anything because it's stuck waiting for the vpnserver1 to either start or restart. Earlier it was waiting for it to restart, now it's waiting for it to start.

What does this mean?

It means ANY command I send to the router, whether it be, update port forwarding, enable WAN access, reset factory defaults, etc. etc. etc, do NOT apply, and get "skipped", don't you guys see? Skip the event: resetdefault? It's skipping it and tossing the command out the window because it's waiting on the start_vpnserver1 command. Factory resetting and power cycling do not take it out of this state where it's waiting on the router to finish doing whatever it's doing with vpnserver1.

Turn off the router. Pull the plug.

Remove all USB devices.

Hold the reset button and keep holding it and then apply the power.

After 10 seconds or so, the router will be reset to factory defaults.

 

[Dajinn]

How can you see that output and you can't reset the router to factory defaults either through the gui or the hardware switches?

I can see the output because the reset commands either via hardware or software(factory reset through GUI or power cycling) are getting skipped because it's trying to interact with the vpnserver1 but it isn't.

 

[Calisro]

Got it. logon with ssh and run:

service stop_vpnserver1

if no ssh/telnet access reset it like @L&LD said

 

[Dajinn]

Okay got it, thanks fellows. Now I want to address the other issue, does the Merlin firmware not support 2048-bit keys for DH? The reason I am using Merlin firmware is because the up to date official ASUS firmware was not accepting the DH key I was generating saying there was a formatting issue even though I properly removed the line breaks. It wasn't getting any garbage HTML formatting it just wasn't accepting it.

 

[Calisro]

What error did you get in the log? also, there are supposed to be line breaks in keys...

 

[Dajinn]

Oh man...I don't really want to do it again but if I recall there was no error it just said, when I updated the DH key, that it was "waiting on event chpass" or something.

As far as the line breaks, if I didn't remove the line breaks on the ASUS firmware it would insert garbage characters like #10;&31;&31 etc etc. If I removed the line breaks and copy/pasted it would format correctly into the text box with the line breaks.

edit; Once I finish updating the BMC on one of my servers I'll try to add a 2048 bit key again and get the log.

 

[john9527]

There's a fix in the next Merlin release to prevent the loop on an invalid DH. But it's triggered by an invalid DH....there's something amiss with the DH you are trying to apply.

 

[Calisro]

keys need line breaks. But not those characters. your key or the method you used to copy paste them is wrong.

 

[Dajinn]

I used openSSL-64 on Windows 7 and I open the params file with notepad++. Is there an alternative/approved method?

 

[Calisro]

Sounds like that should be fine but you 1) shouldn't get those charaters pasting them and 2) shouldn't have to "clean up" anything like line breaks or anything.

 

[Dajinn]

So on my home PC running Windows 10 I followed the same method and was able to get the key to work this time by just doing a straight copy paste. I must have experienced the same looping issue because when I upgraded from the stock firmware to Merlin I left the DH key field with the text I had in it which had erroneous HTML formatting inserted which I believe was causing the loop. The Merlin firmware must handle that or not have that bug. Anyway, success!