Asuswrt-Merlin 374.40 is out

[Builder71]

Din any of the RT-N66U users experienced random reboots ?

...

No.
Not even one.

 

[Builder71]

Bug report: RT-N66U, Firmware: 374.40 (Merlin build)

Parental control
It is no longer possible to disable individual clients in the client list. Changes
in the list will not stick after applying.

How to reproduce: Uncheck a client in the list and then click Apply.

From the Asus .4422 release notes you can tell they touched the code.

Versie 3.0.0.4.374.4422

Beschrijving ASUS RT-N66U Firmware version 3.0.0.4.374.4422
Security related issues:
1. Fixed lighthttpd vulnerability.
2. Fixed cross-site scripting vulnerability (CWE-79).
3. Fixed the authentication bypass (CWW-592).
4. Added notification to help avoid security risks.
5. Fixed network place(samba) and FTP vulnerability.

Improvement:
1. Redesigned the parental control time setting UI.
2. Updated multi language strings.
3. Adjusted FW checking algorithm.
4. Adjusted Time zone detecting algorithm.
5. Improved web UI performance.

My guess, it's an Asus bug.
Anyone tested this with official Asus 3.0.0.4.374.4422?

 

[RMerlin]

Its seems to be line 809 of the Advanced_VPN_Content.asp causing the issue.
<input type="hidden" name="vpn_serverx_eas" value="<% nvram_get("vpn_serverx_eas"); %>">

Unfortunately my knowledge of nvram kinda dies from there. From viewing the source on the page at runtime that line shows this:

<input type="hidden" name="vpn_serverx_eas" value="1,

My guess is either something is corrupted in that variable somehow. Is there a way to get access to that variable from the command line or somewhere else?

You might have some corrupted settings in nvram, since "1," is the normal value for anyone that has the OpenVPN server set to start at boot time. You can view the actual content with:

nvram get vpn_serverx_eas

I haven't had any other report so far of httpd dying while accessing that page.

 

[miller79]

You might have some corrupted settings in nvram, since "1," is the normal value for anyone that has the OpenVPN server set to start at boot time. You can view the actual content with:

nvram get vpn_serverx_eas

I haven't had any other report so far of httpd dying while accessing that page.

Actually the more I thought about it, since the "1," showed up, I have a feeling it actually may be the next line that is causing the issue which is:

<input type="hidden" name="status_openvpnd" value="<% nvram_dump("openvpn_connected",""); %>">

Again this page works fine as long as the client router isn't connected. As soon as it connects, segmentation fault every time.

I compared the source when nothing is connected to when it is and everything is exactly the same up until that line. The openvpn_connected value that is shown is "" when its working.

Is there a way to debug the version of httpd on this firmware so I can get the core dump? Also is there a way to get what the value of the nvram_dump would be on the command line or is that just doing a nvram get as well?

Also on a side note, everything else on this firmware is working perfectly. Seems my speeds wirelessly and wired have improved on my local network. I don't have to go to the page that crashes ever so this issue isn't a show stopper for me but I would like to fix it if possible.

Thanks for everything you have done!

 

[NekoKoneko]

Din any of the RT-N66U users experienced random reboots ?
... any build past .26b was a complete disappointment for me...

Same here. With the latest build I'm also having random wireless connection drops and WebUI freezes. Did a full factory reset. 26b is rock solid for me.

 

[svenp]

Hi Merlin,

With such a large jump in versions, a factory default reset is strongly recommended.

i have made a factory default reset.
After this, the certificate is trunc at the same line.

Asus has made the certificate fields to small.

Please show VPN -> OpenVpn Client -> Content modification of Keys & Certificates.

In the headline:

Keys and Certificates

Only paste the content of the ----- BEGIN xxx ----- / ----- END xxx ----- block (including those two lines).

Limit: 3499 characters per field

My Certificate has 3890 byte.

you can remove this limit?

 

[Flying Dutchman]

Same here. With the latest build I'm also having random wireless connection drops and WebUI freezes. Did a full factory reset. 26b is rock solid for me.

I am on 26b and the coverage is wonderfull compared to all other builds I tried. Also not a single glitch in performance. Love it
I'll wait for a build which has at least the same coverage as 26b as coverage is the most important feature for me of this AP.

 

[Ritzie]

Guest Networks

What will cause the guest networks to run so slow? I'm running the latest beta on ac68u and latest firmware on ac66u. The ac66u is connected to the ac68u as media bridge. Both have been reset and reconfigured after the firmware update.

 

[Builder71]

I am on 26b and the coverage is wonderfull compared to all other builds I tried. Also not a single glitch in performance. Love it
I'll wait for a build which has at least the same coverage as 26b as coverage is the most important feature for me of this AP.

You can wait..., or report a bug to make it happen.

Flash Asus latest, then report bugs here.

Did you?

 

[RMerlin]

Actually the more I thought about it, since the "1," showed up, I have a feeling it actually may be the next line that is causing the issue which is:

<input type="hidden" name="status_openvpnd" value="<% nvram_dump("openvpn_connected",""); %>">

That is probably a more likely candidate, as this new option was recently added by Asus.

Is there a way to debug the version of httpd on this firmware so I can get the core dump? Also is there a way to get what the value of the nvram_dump would be on the command line or is that just doing a nvram get as well?

Simplest way to debug it at this time is to carpet bomb the code with printf() statements, and running it over SSH so you can gather additional info. Or compile it with debug symbols, and run it through gdb.

 

[RMerlin]

Hi Merlin,


i have made a factory default reset.
After this, the certificate is trunc at the same line.

Asus has made the certificate fields to small.

Please show VPN -> OpenVpn Client -> Content modification of Keys & Certificates.

In the headline:

Keys and Certificates

Only paste the content of the ----- BEGIN xxx ----- / ----- END xxx ----- block (including those two lines).

Limit: 3499 characters per field

My Certificate has 3890 byte.

you can remove this limit?

That limit is large enough to support a 4096-bit certificate. If your certificate needs more than that, then your certificate is way overkill for this router.

The limit was decided by me as a balanced value. Increasing that limit would significantly increase memory usage.

 

[RMerlin]

I am on 26b and the coverage is wonderfull compared to all other builds I tried. Also not a single glitch in performance. Love it
I'll wait for a build which has at least the same coverage as 26b as coverage is the most important feature for me of this AP.

You'll be waiting a long time. The current performance on the N66U is as good as it will ever get legally. And that's with using a special driver that Asus can't use in the official firmware.

I've had a lot of reports from users confirming that they got the same coverage from this driver as they did with 26b. I suggest you look into optimizing your settings if you still see any significant difference.

 

[AndiiiHD]

Quick Question - what is the easiest way to block my NAS (connected with cable to my AC66U) from internet Access (-> LAN only). Is there a "block MAC for WAN access" list like in tomato? I did not find anything similar - in the latest Merlin firmware...

 

[elorimer]

Then either you are doing something to open or forward port 22 on your router's firewall, or the firewall is disabled.

Right the second time. Dunno how that happened.

 

[owine]

Quick Question - what is the easiest way to block my NAS (connected with cable to my AC66U) from internet Access (-> LAN only). Is there a "block MAC for WAN access" list like in tomato? I did not find anything similar - in the latest Merlin firmware...

You could use parental control to accomplish this from the web gui. Or you could use an iptables rule. But parental controls would probably be the easiest.

 

[bobwoz]

Upgraded RT-N66U yesterday from 374.32_2-SDK5 to the latest 374.40.

Performance so far is solid. Saw the best ever 5GHz wireless file transfer from my PC to my HTPC through a TrendNET media bridge - 30MB/sec! That's downstairs and through 3 walls - w00t!

Many thanks to you, Merlin. Enjoy your well deserved break!

 

[Magnus33]

N66U solid as a rock since install.

Reset nvram and flashed without issue then uploaded my settings.

Coverage same as before and speed is good.

Parental control change is certainly there but that's asus and not Merlins doing.

Sit back and relax Merlin you done good .

 

[miller79]

That is probably a more likely candidate, as this new option was recently added by Asus.



Simplest way to debug it at this time is to carpet bomb the code with printf() statements, and running it over SSH so you can gather additional info. Or compile it with debug symbols, and run it through gdb.

Just to make sure I read correctly, but what you are saying is there is no way to get what the nvram_dump returns from command line and you must use printf's to view the value at the time?

I'll play with it some more when I get home and see if I can make anymore sense out of it. Thanks for your help!

 

[ANJ9686]

Hmm range not very good on my AC66U... I might revert to 374.39


Sent from my iPhone

 

[lindvalll]

Thanks for you precious work, Merlin!

My router is running rock solid so far with .40 after 'clean' install with reset and manual configuration. Using R66U and came from .39-em.

Loooookie loookie