Beta Asuswrt-Merlin 386.1 Beta (stage 2) is now available

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Amiga

New Around Here
Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?
 

Martineau

Part of the Furniture
@RMerlin there is a critical bug with 386.1_beta3 on AX88U while using OpenVPN client. If option " Force Internet traffic through tunnel " is set to Yes and IPV6 is set to Disable, the connecting process will crash. Here's the log:

Jan 11 22:36:49 ovpn-client1[32047]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Jan 11 22:36:49 ovpn-client1[32047]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Jan 11 22:36:49 ovpn-client1[32047]: OpenVPN 2.5.0 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 28 2020
Jan 11 22:36:49 ovpn-client1[32047]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.08
Jan 11 22:36:49 ovpn-client1[32048]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 11 22:36:49 ovpn-client1[32048]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 22:36:49 ovpn-client1[32048]: TCP/UDP: Preserving recently used remote address: [AF_INET]174.128.180.120:443
Jan 11 22:36:49 ovpn-client1[32048]: UDP link local: (not bound)
Jan 11 22:36:49 ovpn-client1[32048]: UDP link remote: [AF_INET]174.128.180.120:443
Jan 11 22:36:49 ovpn-client1[32048]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 11 22:36:51 ovpn-client1[32048]: [7618/server] Peer Connection Initiated with [AF_INET]174.128.180.120:443
Jan 11 22:36:52 ovpn-client1[32048]: TUN/TAP device tun11 opened
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip addr add dev tun11 local 172.18.13.190 peer 172.18.13.189
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip -6 addr add fde4:8dba:82e3::102e/64 dev tun11
Jan 11 22:36:52 ovpn-client1[32048]: Linux ip -6 addr add failed: external program exited with error status: 2
Jan 11 22:36:52 ovpn-client1[32048]: Exiting due to fatal error

IPv6 over VPN is not supported
 

Martineau

Part of the Furniture
Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?
1610546926296.png
 

beerglass007

Regular Contributor
Silly question but has anyone got SSH access using beta 4 ?

I'm getting connection refused

SSH is enabled on standard port 22 for LAN only
 

beerglass007

Regular Contributor
Just used it, working fine. Same settings as you outlined.

nightmare

Wireshark is showing RST ACK....

Internet Protocol Version 4, Src: 192.168.0.1, Dst: 192.168.0.77
Transmission Control Protocol, Src Port: 22, Dst Port: 52510, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52510

Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xf1be [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]
 

Attachments

  • Screenshot 2021-01-13 at 15.36.18.png
    Screenshot 2021-01-13 at 15.36.18.png
    133 KB · Views: 42

Calkulin

Occasional Visitor
Anyone else want to take a stab at replicating @nzwayne 's results?
Anyone else with gigabit cable or even maybe fiber that has or is willing to compare beta4b and beta4-gb9 for speedtests?

As mentioned I'd be happy to be the one to test and replicate this, but I won't see anything higher than I do now with my 300Mbps download speeds lol


Performance on the AX88U v1.1 that I just received has been all over the place with either Beta 4(new build) or Beta 4b. The first 2 500Mbps speedtest in the screenshot were on Beta 4b, the next 700Mbps was on Beta 4(new build) and the last 900Mbps was back on Beta 4b. Also doing speedtest over WiFi varies a lot more on this AX88U than the AX58U it just replaced, as the AX58U was pretty consistent at 750-800Mbps over WiFi. Now it varies from 400-800Mbps on the AX88U, which I never saw the AX58U do in the 6 months I had it. Now on the router itself it did vary but that was because the speedtest on the AX58U pegged 2 CPU cores to 100% sometimes. And this was with TM completely off(withdrawn),
 

Attachments

  • Capture.PNG
    Capture.PNG
    65.6 KB · Views: 43

beerglass007

Regular Contributor
nightmare

Wireshark is showing RST ACK....

Internet Protocol Version 4, Src: 192.168.0.1, Dst: 192.168.0.77
Transmission Control Protocol, Src Port: 22, Dst Port: 52510, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52510

Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xf1be [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]



Looks like when I enable SSH it can't make the keys

Code:
Jan 13 15:47:36 syslogd started: BusyBox v1.25.1
Jan 13 15:47:36 kernel: klogd started: BusyBox v1.25.1 (2021-01-08 17:43:19 EST)
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 15:47:43 dropbear[16261]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
 

Mutzli

Very Senior Member
Looks like when I enable SSH it can't make the keys

Code:
Jan 13 15:47:36 syslogd started: BusyBox v1.25.1
Jan 13 15:47:36 kernel: klogd started: BusyBox v1.25.1 (2021-01-08 17:43:19 EST)
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 15:47:43 dropbear[16261]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
What is your setting for 'Local Access Control' - HTTP or HTTPS? If HTTPS you might have an issue with your certificate. You can renew it under DDNS under WAN settings.
 

beerglass007

Regular Contributor
What is your setting for 'Local Access Control' - HTTP or HTTPS? If HTTPS you might have an issue with your certificate. You can renew it under DDNS under WAN settings.

It was using HTTP but enabled HTTPS and its created a cert fine

I have no idea what its unable to generate a RSA key pair for SSH very odd

Anyone seen this before please ?


Here is the output from the client but its router which isn't listening because it cannot generate a RSA key pair

Code:
❯ ssh -vvv [email protected]
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: connect to address 192.168.0.1 port 22: Connection refused
ssh: connect to host 192.168.0.1 port 22: Connection refused

Looking at the logs and trying to force it to read to the JFFS Partition is failing. Anyone know how I can fix this please as I'm guessing this might be the root cause of the RSA key generation failing

Jan 13 17:30:00 kernel: mkdir: can't create directory '/jffs/.le/': Read-only file system
 
Last edited:

John Fitzgerald

Regular Contributor
It was using HTTP but enabled HTTPS and its created a cert fine

I have no idea what its unable to generate a RSA key pair for SSH very odd

Anyone seen this before please ?


Here is the output from the client but its router which isn't listening because it cannot generate a RSA key pair

Code:
❯ ssh -vvv ad[email protected]
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: connect to address 192.168.0.1 port 22: Connection refused
ssh: connect to host 192.168.0.1 port 22: Connection refused

So If your IP range starts at 192.168.0.1 (reserved range / login address)
Shouldn't the Cert be on 192.168.0.2 (reserved range / Holds Cert key)
And your range for everything else starts at 192.168.0.3---(245) or limited to say (75)?
 
Last edited:

beerglass007

Regular Contributor
So If your IP range starts at 192.168.0.1
Shouldn't the Cert be on 192.168.0.2
And your range starts at 192.168.0.3---(245 or limited to say 75)?

Not sure I follow any of that. The AX86u is 192.168.0.1 and I've SSH to that IP address. The cert would also be applied to that management IP address

Not sure what you mean by Cert on 192.168.0.2 and what the IP range .03 - 245 has got anything to do with it sorry
 

John Fitzgerald

Regular Contributor
Not sure I follow any of that. The AX86u is 192.168.0.1 and I've SSH to that IP address. The cert would also be applied to that management IP address

Not sure what you mean by Cert on 192.168.0.2 and what the IP range .03 - 245 has got anything to do with it sorry

The Cert being applied to a reserved range on 0.2

EDIT: do you mean Key and not Cert?
 

beerglass007

Regular Contributor
Where is the Cert coming from?



I'm using a password based SSH access. When enabling SSH on a linux system it will generate a SSH key pair but looking at the logs I'm getting this

Code:
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 17:47:04 dropbear[3465]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
Jan 13 17:47:04 hour_monitor: daemon is starting

Looking at more logs I think its because the JFFS Partition is read-only, or not mounted but hard to tell without SSH access

I did a nuclear reset the other day and formatted on next boot the JFFS Partition and its the first time enabling SSH again and assume its all linked

Not sure what you mean about CERT, I assume you mean the management SSL CERT or DDNS
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top