[Alpha] Asuswrt-Merlin 382.1 Alpha

[RMerlin]

I can reproduce this aswell. Some of the config dissappeared with out reboot. (might have been when configuring a second vpn clint but I have not confirmed this)

Can either of you get me some exact steps to reproduce it? Even after editing two different clients, they both kept their custom content here.

Check the output of the following command:

nvram show | grep vpn.*_custom

It should show one _custom entry for all five clients. If not, then it might indicate some default values are missing/undefined.

 

[LouisvilleUK]

Can either of you get me some exact steps to reproduce it?

For me, I upload .ovpn file and hit “apply”. Within Custom Configuration I have the following:

remote-cert-tls server
fast-io
sndbuf 524288
rcvbuf 524288
auth-nocache
pull-filter ignore client-ip
pull-filter ignore block-ipv6
pull-filter ignore socket-flags
pull-filter ignore reneg-sec

On reboot, only the first line is there: remote-cert-tls server. Everything else is gone.

Check the output of the following command:

nvram show | grep vpn.*_custom

Output:
vpn_client1_custom=remote-cert-tls server
vpn_client2_custom=
vpn_client3_custom=
vpn_client4_custom=
vpn_client5_custom=
vpn_client_custom=remote-cert-tls server
vpn_server1_custom=
vpn_server2_custom=
vpn_server_custom=
size: 60739 bytes (70333 left)

 

[RMerlin]

I see it now. It's not getting erased, it's getting truncated after a reboot.

 

[RMerlin]

Any nvram value that contains a carriage return seems to get truncated now. And since libnvram is now closed source... Sigh.

 

[Jack Yaz]

Any nvram value that contains a carriage return seems to get truncated now. And since libnvram is now closed source... Sigh.

"Progress" am i right?

 

[MacG32]

There are connected clients not showing up in the Client View List, but they are visible in Wireless Log and DHCP leases. They are connected to 2.4GHz. Trying to change settings to get them to show up again. They showed up before.

[Accept DNS Configuration: Exclusive] and [Redirect Internet traffic: Policy Rules (strict)] still shows my ISP's DNS in https://ipleak.net .

This was in the log. It's the first time I've seen a jffs2 warning. kernel: jffs2: warning: (14647) jffs2_sum_write_data: Not enough space for summary, padsize = -171 .

There's nothing listed under Port Forwarding.

Disable Asusnat tunnel: I set it to No and the 2.4GHz clients showed back up in the Client View List.

Clients with Blocked internet access that are 2.4GHz clients are showing as wired Interfaces without Tx/Rx Rates and Access times in the Client View List, even though they stream music and videos via Samba shares.

Rebooted today and ports are being forwarded under Port Forwarding.

 

[RMerlin]

[Accept DNS Configuration: Exclusive] and [Redirect Internet traffic: Policy Rules (strict)] still shows my ISP's DNS in https://ipleak.net

See this post.

 

[RMerlin]

I uploaded a new build.

06a182f Bump revision to alpha 3; updated documentation
23ec29b webui: fixed field validation on Tools->Other Settings page
8e9789e webui: improve/fix field validation on OpenVPN client and server pages
78f61e3 webui: allow dots in validator.safeName method
caa44af webui: limit OpenVPN logging verbosity to 6 - higher levels require compiling OpenVPN with debug enabled
81dd0e9 rc: implement boot time migration of VPN custom into base64-encoded custom2
f4f8858 openvpn: store custom configs base64-encoded
3a7f84d webui: store the digest value instead of the digest label (was broken by d12b9a3991ab4eaa1e5a64841b0c5a2deae18889)
0322b27 rc: enable rate report for HTB classifier on HND (for QoS stats report) (Closes #29)
4f5750b iproute2-4.x: fix location of config files
f8a987b openvpn: define default NCP ciphers for OpenVPN clients

 

[.TT.]

Thanks RMerlin
Got my VPN working as expected.

OT: Any changes in 382 preventing this script for custom dhcp range for guest networks?
https://www.snbforums.com/threads/i...p-range-for-guest-networks.30066/#post-234632

 

[LouisvilleUK]

First, thank you RMerlin for spending time on 86U development!

Wow, VERY nice performance with OpenVPN. I’m getting full throughput of 200 down with cipher AES-128-GCM.

A couple things I’m seeing with OpenVPN:
- Redirect internet traffic must be set to All in order to route clients through VPN. Policy Rules (strict) is still not routing clients.
- Custom Configuration options are now sticking around after reboot. However, when I upload .opvn file, it will not accept: pull-filter ignore “reneg-sec”. When I manually add to Custom Config and hit Apply, it goes away.

 

[.TT.]

Just noticed bandwidth monitor/traffic analyzer shows all VPN traffic as upload.

 

[MacG32]

I'm getting connected through an OpenVPN Client, but my ISP's DNS is leaking.

 

[jim769]

Sorry off topic. And you hate these questions but any time line at all for the 88 and 3100 ???

 

[KnightRider]

Sorry off topic. And you hate these questions but any time line at all for the 88 and 3100 ???

https://www.snbforums.com/threads/asuswrt-merlin-project-update.41065/

 

[jim769]

https://www.snbforums.com/threads/asuswrt-merlin-project-update.41065/

That statement in the link was made SEP 4th its now SEP 30th he may have a better idea now for a timeline. It can't hurt to ask.

 

[RMerlin]

Redirect internet traffic must be set to All in order to route clients through VPN. Policy Rules (strict) is still not routing clients.

Works properly for me, both Policy Rule and Policy Rule (strict) mode.

Just noticed bandwidth monitor/traffic analyzer shows all VPN traffic as upload.

Nothing new there, been the same in the past due to how traffic monitoring works.

That statement in the link was made SEP 4th its now SEP 30th he may have a better idea now for a timeline. It can't hurt to ask.

I don't. I won't begin looking at the 382 GPL release for the AC88 and AC3100 until I'm done with the AC86U, whenever that will happen. I don't even know yet if that 159xx GPL is compatible with the 164xx GPL currently used by 382.1.

 

[jim769]

I don't. I won't begin looking at the 382 GPL release for the AC88 and AC3100 until I'm done with the AC86U, whenever that will happen. I don't even know yet if that 159xx GPL is compatible with the 164xx GPL currently used by 382.1.

Thank You !!!

 

[RMerlin]

However, when I upload .opvn file, it will not accept: pull-filter ignore “reneg-sec”

Works for me. One thing to note however, if your file is UTF-8 encoded, it might not display the " " properly in the Custom area. This issue also existed in previous releases, and is only cosmetic - the config.ovpn file is properly read and parsed by OpenVPN.

I'll "flatten" the UTF-8 content so it displays properly in the textarea field.

 

[.TT.]

Has robocfg function been removed on this platform?
Is there any other way to set duplex manually?

 

[RMerlin]

Has robocfg function been removed on this platform?
Is there any other way to set duplex manually?

Robocfg does not support the network switch used by the RT-AC86U.

There are new Broadcom replacements, but they are proprietary tools and therefore we have no documentation as to how to use them to do anything.