[384.12_Alpha - builds] Testing all variants.

[vdemarco]

What is all the output when you run this on the router?

nslookup raw.githubusercontent.com

What is your WAN DNS set to?

admin@router:/tmp/home/root# nslookup raw.githubusercontent.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: raw.githubusercontent.com
Address 1: 151.101.196.133

also if i do a ping

admin@router:/tmp/home/root# ping raw.githubusercontent.com
PING raw.githubusercontent.com (151.101.196.133): 56 data bytes
64 bytes from 151.101.196.133: seq=0 ttl=57 time=17.757 ms
64 bytes from 151.101.196.133: seq=1 ttl=57 time=17.424 ms
^C
--- raw.githubusercontent.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 17.424/17.590/17.757 ms


I think the issue is with curl.

I just installed entware curl

with the built in curl

admin@router:/tmp/home/root# curl -fL https://www.apple.com
curl: (48) An unknown option was passed in to libcurl


with entware

/opt/bin/curl -fL https://www.apple.com

it get a bunch of stuff.

so the issue is definitely with the built in curl.

I updated the firewall script to use the curl in /opt/bin/ and its working.

 

[Kingp1n]

It shouldn't make any difference unless you need to use the names you've given them in scripts on the router itself.

Wan: Use local caching DNS server as system resolver (default: No)
No:

• The router will not be able to resolve client host names. This has no effect on clients themselves (they can always resolve them if using the router for dns).
• The router will use ISP DNS servers. Essential for setting system time if using DoT. Clients will use whatever dnsmasq is set to use.

Yes:

• The router may be unable to set the time if DoT is enabled. DoT will not work without the time being set. Everything may be horribly broken.
  
• The router can resolve host names set by dnsmasq (some-pc.lan etc). Once again, no effect on clients themselves (they can always resolve them if using the router for dns).

So it's mostly a choice between stuff working and having the router able to use client host names. If you really need both, it's possible to set dnsmasq to use the ISP DNS servers for the time servers only (That'd be "Yes" with dnsmasq.conf.add entries like server=/pool.ntp.org/8.8.8.8).

Does this also depend on whether you're using the current alpha to 384.11_2?

 

[Kingp1n]

If they solve the issue of the OpenVPN server being dropped, it would make the 'Yes' setting stable and my network responsiveness (and @Marin's, it seems) better than when it is set to 'No'.

It's weird since I have to yes and don't have openvpn server issues and I'm using the FWs built in NTP service as well

 

[Swistheater]

It's weird since I have to yes and don't have openvpn server issues and I'm using the FWs built in NTP service as well

The only thing i can report issues with really is Let's Encrypt it wants to continuously restart after a reboot.

 

[Treadler]

If you have IPv6 issues on the RT-AX88U please try build 384.12_alpha1-g49e6d4d687.

My ISP just turned on IPv6. With the ‘ipv6’ alpha, all is looking good.
Passing various IPv6 tests just fine.

 

[Nigel Jones]

I have a Vigin media 350/35 service which is actually provisioned closer to 400/38, and typical max speeds are around 382/36. I have a virgin media SH3 in modem mode.

I installed the initial alpha1 (May 18, g40c9e42009) soon after it was published on my RT-AC3200 and it's been working well.

Last night I realised there was a revised alpha2 (May 22, g4a8cd4ead5) and upgraded

Today I realised something was wrong ... On checking more closely I see my speed had dropped from a typical 380Mbps downstream to around 140Mbps -- at least over wifi on 2 devices - a macbook pro, and an iPhone XS Max, even in the same room as the router. I didn't test point to point. Ethernet seemed little affected.

I rebooted clients & the modem, and now I've just switched to and from the two builds 3 times, and consistently the updated alpha 3 has comprimised download speeds.

I made no setting changes between the install/remove. I've not though done a full reset, which I may try in a subsequent build if the issue persists.

| Update -- I do use QOS including the tool from FreshJR. I omitted to test with it disabled.]

 

[PittiGi]

RT-AC3200, after clean install no problems so far. Everything works fine, the only exception are the Leds, which cannot be deactivated anymore, neither via menu nor via hardware key.

 

[skeal]

@RMerlin this is likely out of your control but when I enable WAG and LAG, or just LAG, the network map count of devices gets messed up. I have over 20 devices and it shows 8. When using just LAG if you click view list, it populates after you click it. With WAG enabled as well as LAG, you don't get any more devices than what the network map page shows before clicking "view list."
Edit: It would seem the only devices listed in network map are wireless, there are no cabled devices listed.
Edit: This problem follows you everywhere in the routers settings. Trying to add a device in QOS and it's not listed as it's a cabled device. This is a deal breaker as monitoring or adding devices (cabled) can no longer be done, (everything shows offline). Any dynamic list of clients is affected.

I backed right out of WAG and LAG settings. Right away all my devices are listed in network map and all the other places they should be listed. The WAG and LAG functions work, but it's implementation needs more TLC.

 

[skeal]

Wow! I now have a vanilla setup as my buddy @scjr says, everything is in amazingly smooth working order. Seems a bit boring though....LOL

 

[scjr]

Wow! I now have a vanilla setup as my buddy @scjr says, everything is in amazingly smooth working order. Seems a bit boring though....LOL

Vanilla ice cream sometimes needs a topping or two.

 

[Swistheater]

Does this also depend on whether you're using the current alpha to 384.11_2?

I would recommend not adding any additional server lines to dnsmasq or resolv.dnsmasq while running stubby. Make sure the only server lines you have are related to subby. Nano /tmp/resolv.dnsmasq to confirm all you have is 127.0.1.1 and then stubby will function right. Stubby does not like having competition and will fight with dnsmasq if it doesn't win. The addition of server lines is not necessary it is hard coded to properly set ntp.

 

[Swistheater]

I came to this conclusion when I observed the server lines being added to resolv.dnsmasq for my ISP's Domain was actually causing stubby to compete for the connection. I got rid of these lines by defining my own WAN DNS addresses. ( for example you can use google or cloudflare on the wan page- also on the ipv6 page if you use this connection.) you can also delete any lines added by your isp with a simple
sed -i "/^server=/someISPDOMAIN/ISPDNS.*$/d" /tmp/resolv.dnsmasq to your dnsmasq.postconf file. you will have to first inspect what those lines are there by using nano /tmp/resolv.dnsmasq. any lines other that server=127.0.1.1, do not need to be there. this is mainly for if you have YES selected to use as local caching resolver.

 

[MDM]

I have a Vigin media 350/35 service which is actually provisioned closer to 400/38, and typical max speeds are around 382/36. I have a virgin media SH3 in modem mode.

I installed the initial alpha1 (May 18, g40c9e42009) soon after it was published on my RT-AC3200 and it's been working well.

Last night I realised there was a revised alpha2 (May 22, g4a8cd4ead5) and upgraded

Today I realised something was wrong ... On checking more closely I see my speed had dropped from a typical 380Mbps downstream to around 140Mbps -- at least over wifi on 2 devices - a macbook pro, and an iPhone XS Max, even in the same room as the router. I didn't test point to point. Ethernet seemed little affected.

I rebooted clients & the modem, and now I've just switched to and from the two builds 3 times, and consistently the updated alpha 3 has comprimised download speeds.

I made no setting changes between the install/remove. I've not though done a full reset, which I may try in a subsequent build if the issue persists.

| Update -- I do use QOS including the tool from FreshJR. I omitted to test with it disabled.]

Check if LAN - Switch Control - NAT Acceleration has minimum CTF (Cut Through Forwarding) enabled.
Or do the full reset...

 

[Swistheater]

I have a Vigin media 350/35 service which is actually provisioned closer to 400/38, and typical max speeds are around 382/36. I have a virgin media SH3 in modem mode.

I installed the initial alpha1 (May 18, g40c9e42009) soon after it was published on my RT-AC3200 and it's been working well.

Last night I realised there was a revised alpha2 (May 22, g4a8cd4ead5) and upgraded

Today I realised something was wrong ... On checking more closely I see my speed had dropped from a typical 380Mbps downstream to around 140Mbps -- at least over wifi on 2 devices - a macbook pro, and an iPhone XS Max, even in the same room as the router. I didn't test point to point. Ethernet seemed little affected.

I rebooted clients & the modem, and now I've just switched to and from the two builds 3 times, and consistently the updated alpha 3 has comprimised download speeds.

I made no setting changes between the install/remove. I've not though done a full reset, which I may try in a subsequent build if the issue persists.

| Update -- I do use QOS including the tool from FreshJR. I omitted to test with it disabled.]

Check if LAN - Switch Control - NAT Acceleration has minimum CTF (Cut Through Forwarding) enabled.
Or do the full reset...

--- I highly suggest the reset route using @L&LD 's guide for M&M Config and Sanitize Network approach
I recommend re-configuring everything manually and testing with no scripts involved to determine if your NVRAM save is causing the issue.

 

[Swistheater]

just did an early update to alpha 2

 

[Swistheater]

SO atm i am testing out a DoT server that is being hosted with Pi-hole configured- is it normal behavior to see the blocked adds in syslog as potential rebind attacks?

Jun  1 00:52:34 dnsmasq[17366]: possible DNS-rebind attack detected: www.google-analytics.com
Jun  1 00:52:35 dnsmasq[17366]: possible DNS-rebind attack detected: www.google-analytics.com
Jun  1 00:52:41 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:42 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:42 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:43 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:44 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:44 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:45 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:52:47 dnsmasq[17366]: possible DNS-rebind attack detected: log-ingestion.samsungacr.com
Jun  1 00:53:04 dnsmasq[17366]: possible DNS-rebind attack detected: alb.reddit.com
Jun  1 00:53:05 dnsmasq[17366]: possible DNS-rebind attack detected: alb.reddit.com
Jun  1 00:53:25 dnsmasq[17366]: possible DNS-rebind attack detected: www.googleadservices.com
Jun  1 00:56:16 dnsmasq[17366]: possible DNS-rebind attack detected: csi.gstatic.com
Jun  1 00:56:17 dnsmasq[17366]: possible DNS-rebind attack detected: csi.gstatic.com

 

[Dabombber]

You might need to turn rebind protection off if you want to use a Pi-hole upstream of dnsmasq.

Enable DNS Rebind protection: "Enabling this will protect your LAN against DNS rebind attacks, however it will prevent upstream DNS servers from resolving queries to any non-routable IP (for example, 192.168.1.1)."

 

[Delusion]

just did an early update to alpha 2
View attachment 17941
View attachment 17942

How?

 

[WuTang LAN]

How?

Self-compile of the code I would imagine.

 

[Vexira]

How?

compiled in a virtual machine under the Linux environment, sadly I don't have a stable enough pc to try it again.