Beta Asuswrt-Merlin 386.2 Beta is now available

Status
Not open for further replies.

shauno100

Occasional Visitor
Location of the DHCP server should not really be a factor, I don't think. What DNS entry is your DHCP handout giving out?
My DHCP server on my NAS issues the same IP as the NAS IP itself as i also have DNS Server package running (DHCP server IP and DNS IP are the same for DHCP issued leases, gateway is my router IP)

Untitled.jpg
 

RMerlin

Asuswrt-Merlin dev
How can I set the time (or TZ) manually?.
1615904846579.png

Using 386.2 beta1, Using a custom DNS server on the WAN config page (Connect to DNS Server automatically) = unchecked, internet not working , the contents of /tmp/filter_rules on my RT-AX58U are below
Different issue, your firewall rules are correct. You might be affected by Asus now adding static routes for DNS servers. I recently reverted this change, try again with beta 2 once it's available.
 

shabbs

Very Senior Member
Different issue, your firewall rules are correct. You might be affected by Asus now adding static routes for DNS servers. I recently reverted this change, try again with beta 2 once it's available.
Nice.
 

Authority

Senior Member
That's not what I said... All I said is that they do not display monthly data (only daily), and that this data is kept in RAM and therefore vanishes after a reboot, so people using stock firmware almost never pay attention to these. They use Traffic Analyzer data instead.

The issue appeared a few years ago as other people told you, after they started making changes to the rstats daemon to better (?) interface with the network switch data, add VLAN handling, add support for multiple WAN, add 64-bit counter support for newer platforms, and so on. For a while I simply avoided merging their changes in my code to avoid having the same issues, but as of 386 they have done too many changes and fixes to that code for me to no longer keep it in sync with them, and so I merged all of their numerous recent changes with 386.1, which reintroduced the bug in my code.

I have no idea where exactly the bug lies because I have never been able to reproduce it myself, and after visually reviewing the code multiple times I am unable to see where the issue is. The bug will have to be fixed either by Asus (who has the manpower to test/debug this), or someone else who is actually able to reproduce it.
Thanks - now it makes sense. Is there anything I can do to help? Is there a reference number for the issue I can provide Asus or is it not worth the time? Thanks.
 

CaptainSTX

Part of the Furniture
The change made to OpenVPN in the Beta version seems to have improved the VPN client download speed by about 15 - 20 Mbps.
 

sbsnb

Very Senior Member
Has somebody tested latest OpenVPN over TCP in a configuration with encrypted TLS control channel with more than 2 clients at the same time? (the one other non-standard setting is port 443 instead of 1194). It works fine with one client but the moment a 2nd client connects the first one is thrown out (which in turn after some time tries to reconnect, does indeed reconnect and throws out the other client and so on). That is happening with basically any type of client - Windows, MacOS, Android, iOS.

384.18 was the last version where that worked OK and I was hoping that things will get better with the new version.
I have exactly this setup and have not experienced any issues with several connected clients.
 

RMerlin

Asuswrt-Merlin dev
Is there anything I can do to help?
Not at this time, unless you can easily reproduce the problem, and have the necessary skill to compile your own test builds with added debugging/test code. The fact the problem is intermittent makes it even harder to debug anything.

The change made to OpenVPN in the Beta version seems to have improved the VPN client download speed by about 15 - 20 Mbps.
What change? I haven't changed anything to OpenVPN...
 

DeepWoods

Occasional Visitor
@RMerlin
I've done a few more tests with cake while gaming and It's pretty obvious cake is having issues when something that send a lot of small packets is running on the network. Like an online multiplayer game, or a meter.net/ping-test.

Funny thing is that these ping spikes don't show on any in-game ping stats that I've tested (PUBG and Apex Legends) and I don't notice anything while playing either. Soo maybe cake is doing something to ICMP packets? It's not related to having HW acceleration off either as it doesn't happen with Tradicional Qos or Adaptive QOS.

Have a look at this test clip, I've tried to make it as short as possible. I have both the router and pingplotter pinging my first hop while I run an online multiplayer game. Cake on vs off

This is some DEEP SCIENCE on gaming and ping spikes. The results are curious...

Observations: meter.net/ping-test generates a small trickle of packets and FPS games still shouldn't be saturating your slow upload link (and certainly not your download). CoD/WZ appears to send less than 100 Kbps while gaming (measuring roughly from the Traffic Analyser). I would think Apex and PUBG would be similar.

Speculation: With a 1Mbps uplink, you might be a bit of an outlier at this point and measuring a quirk of how Cake behaves when handling this small packet load (or at least, how it is configured) and slow upload limit. I don't play Apex, but is there a chance that your in-game ping stats are averaged? In the latest CoD/WZ, the in-game ping stats appear to be "live" and vary up/down considerably in real time. Overall, I suspect that Cake is introducing some small jitter in latency which you can't "feel" in game, and might be averaged on your in-game stats, but you can see with the separate pings generated in the graphs.

The benefit of Cake is that you avoid the really BIG ping spikes when something else saturates your upload/download. The cost is theoretically a small penalty in latency, but I wouldn't have expected it to be this significant or erratic. You are fighting a difficult battle optimizing for a 1Mbps upload limit. There may be some way to configure Cake to handle this situation better, but is it necessary if you don't "feel" it in game? Interested to see where this goes. I would doubt that Cake is prioritizing your gaming packets over ICMP traffic, but happily surprised if it is true.
 

askan7

Regular Contributor
This is some DEEP SCIENCE on gaming and ping spikes. The results are curious...

Observations: meter.net/ping-test generates a small trickle of packets and FPS games still shouldn't be saturating your slow upload link (and certainly not your download). CoD/WZ appears to send less than 100 Kbps while gaming (measuring roughly from the Traffic Analyser). I would think Apex and PUBG would be similar.

Speculation: With a 1Mbps uplink, you might be a bit of an outlier at this point and measuring a quirk of how Cake behaves when handling this small packet load (or at least, how it is configured) and slow upload limit. I don't play Apex, but is there a chance that your in-game ping stats are averaged? In the latest CoD/WZ, the in-game ping stats appear to be "live" and vary up/down considerably in real time. Overall, I suspect that Cake is introducing some small jitter in latency which you can't "feel" in game, and might be averaged on your in-game stats, but you can see with the separate pings generated in the graphs.

The benefit of Cake is that you avoid the really BIG ping spikes when something else saturates your upload/download. The cost is theoretically a small penalty in latency, but I wouldn't have expected it to be this significant or erratic. You are fighting a difficult battle optimizing for a 1Mbps upload limit. There may be some way to configure Cake to handle this situation better, but is it necessary if you don't "feel" it in game? Interested to see where this goes. I would doubt that Cake is prioritizing your gaming packets over ICMP traffic, but happily surprised if it is true.

bandwidth monitor shows around 10-25KB/s upload while playing apex, far from the 0.9mb limit I set (Around 100KB/s). I was getting stable 100KB/s upload on bandwidth monitor while uploading that video. And pings were pretty decent, around +8ms over idle.
And that's with very safe limit, as I can easily do 0.95 limit and get only +10ms on average but I prefer the lower latency.

For normal download I get around +3ms.

With adaptive or traditional qos I don't see these spikes but gaming experience is soo much worse when someone starts downloading/uploading.
 
Last edited:

CaptainSTX

Part of the Furniture
What change? I haven't changed anything to OpenVPN...

I was reading the change log.

386.2 (xx-xxx-2021)
- NEW: Added support for the GT-AX11000. Note that VPNFusion, as
well as the ROG-specific features such as the custom UI
are not supported.
- NEW: Added support for the RT-AX68U.
- NEW: Added jittertimer-rngd daemon to HND routers. This will
ensure sufficient entropy is generated early on at
boot time, reducing boot stalls caused by insufficient
entropy for the kernel's random number generator,
and also generally improves security related to
crypto operations by the router.
- NEW: Added Cake QoS for HND routers. Note that just like
Traditional QoS, this is not compatible with hardware
acceleration, and therefore might not be usable on
connections faster than around 350 Mbps (may vary based
on router models).
- UPDATED: Merged GPL 386_42095.
- UPDATED: Openssl to 1.1.1j.
- UPDATED: OpenVPN to 2.5.1.
 

lilstone87

Very Senior Member
bandwidth monitor shows around 10-25KB/s upload while playing apex, far from the 0.9mb limit I set (Around 100KB/s). I was getting stable 100KB/s upload on bandwidth monitor while uploading that video. And pings were pretty decent, around +8ms over idle.
And that's with very safe limit, as I can easily do 0.95 limit and get only +10ms on average but I prefer the lower latency.

For normal download I get around +3ms.

With adaptive or traditional qos I don't see these spikes but gaming experience is soo much worse when someone starts downloading/uploading.

Having played COD CW on PS5. When in an actual match playing. I'm pretty sure I noticed closer to 200Kbps on the download side, and around 100Kbps on the upstream side. Overall not a lot of bandwidth being used, however it's a bit more than it use to be playing cod. I think some of it has to do with how the devs keep track of in game data, for stuff like SBMM, and such.

No way enough bandwidth usage to cause latency to be spiking, unless you're on a very limited connection. But I have personally felt the odd moments where the game is feeling jerky a couple times while playing, and it feels a lot like latency getting jumpy for a brief moment. This was while using cake, during the alpha. I do want to test more with the current beta, as Merlin did change the defaults a bit. Overall it feels to me cake might being managing larger amounts of smaller packets, a bit odd. I dunno if there's any cake settings we could possibly play around with, that might change how it handles such traffic. But it's something to look into, for people who know what they're doing.
 

JIPG

Regular Contributor
Thank you for clarifying what setting you were referring to (manually setting DST time). I did it, but by an unknown reason, my router time started the DST schedule a couple of days ago while I have the starting date set on Last Sunday of March.

I do not know if it is related to the underscore character (as discovered by snaunton) in the time zone name I use (MET-1DST_1) making the
time_zone_x variable not having appended the content of time_zone_dstoff=M3.5.0/2,M10.5.0/3, and perhaps forcing the application of a "generic" DST start date (maybe a USA one?) because time_zone_x and /etc/TZ have no content at all about DST.
 

ankhazam

Senior Member
@RMerlin,
I have an interesting problem with this build AX88U at 386.2_beta1
I can only add a SINGLE user to my openvpn server1...
No matter how many entries I add in user/password table, only a single one persists and is injected into the shadow file...
I tried resetting the server do default, rebooting my unit, no success.
The users table lists the system user and a single one added with password.
BR,
Ank

My log after clicking apply:

Code:
Mar 16 18:54:43 router rc_service: httpds 1235:notify_rc restart_chpass;restart_vpnserver1
Mar 16 18:54:43 router custom_script: Running /jffs/scripts/service-event (args: restart chpass)
Mar 16 18:54:43 router custom_script: Running /jffs/scripts/service-event (args: restart vpnserver1)
Mar 16 18:54:43 router ovpn-server1[9225]: event_wait : Interrupted system call (code=4)
Mar 16 18:54:43 router ovpn-server1[9225]: Closing TUN/TAP interface
Mar 16 18:54:43 router ovpn-server1[9225]: /usr/sbin/ip addr del dev tun21 10.8.0.1/24
Mar 16 18:54:43 router ovpn-server1[9225]: ovpn-down 1 server tun21 1500 1621 10.8.0.1 255.255.255.0 init
Mar 16 18:54:43 router dnsmasq[3622]: stopped listening on tun21(#31): 10.8.0.1 port 53
Mar 16 18:54:43 router ovpn-server1[9225]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Mar 16 18:54:43 router ovpn-server1[9225]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Mar 16 18:54:43 router ovpn-server1[9225]: SIGTERM[hard,] received, process exiting
Mar 16 18:54:44 router ovpn-server1[9491]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Mar 16 18:54:44 router ovpn-server1[9491]: OpenVPN 2.5.1 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 10 2021
Mar 16 18:54:44 router ovpn-server1[9491]: library versions: OpenSSL 1.1.1j  16 Feb 2021, LZO 2.08
Mar 16 18:54:44 router ovpn-server1[9492]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 16 18:54:44 router ovpn-server1[9492]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Mar 16 18:54:44 router ovpn-server1[9492]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mar 16 18:54:44 router ovpn-server1[9492]: Diffie-Hellman initialized with 2048 bit key
Mar 16 18:54:44 router ovpn-server1[9492]: TUN/TAP device tun21 opened
Mar 16 18:54:44 router ovpn-server1[9492]: TUN/TAP TX queue length set to 1000
Mar 16 18:54:44 router ovpn-server1[9492]: /usr/sbin/ip link set dev tun21 up mtu 1500
Mar 16 18:54:44 router vpnserver1[9493]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Mar 16 18:54:44 router ovpn-server1[9492]: /usr/sbin/ip link set dev tun21 up
Mar 16 18:54:44 router ovpn-server1[9492]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24
Mar 16 18:54:44 router ovpn-server1[9492]: ovpn-up 1 server tun21 1500 1621 10.8.0.1 255.255.255.0 init
Mar 16 18:54:44 router dnsmasq[3622]: listening on tun21(#33): 10.8.0.1 port 53
Mar 16 18:54:44 router ovpn-server1[9492]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Mar 16 18:54:44 router ovpn-server1[9492]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Mar 16 18:54:44 router ovpn-server1[9492]: UDPv4 link local (bound): [AF_INET][undef]:1194
Mar 16 18:54:44 router ovpn-server1[9492]: UDPv4 link remote: [AF_UNSPEC]
Mar 16 18:54:44 router ovpn-server1[9492]: MULTI: multi_init called, r=256 v=256
Mar 16 18:54:44 router ovpn-server1[9492]: IFCONFIG POOL IPv4: base=10.8.0.2 size=252
Mar 16 18:54:44 router ovpn-server1[9492]: Initialization Sequence Completed
 
Last edited:

gspannu

Senior Member
Set it manually instead of relying on the timezones. It's possible that the router's TZ database isn't up to date, with all the changes that happened these past few years to DST periods.
@RMerlin Did not understand.
How to set the time manually?

I'm getting the same issue, in UK.
Time is off by an hour; setting to GMT fixes it for now, but come last weekend of March and the time will be off by an hour again.
 

JR Godwin

Regular Contributor
Try picking a different timezone, then go back and pick yours. Look at the DST stuff to make sure it's got the correct info. I have a weird thing that when I've reset my router, it loads my correct time zone, but has the wrong DST info loaded, by changing timezone and changing back, it forces a load of the correct DST info, fixing my 1 hour out issue.
 

dave14305

Part of the Furniture
Regarding DST, why aren’t there people jumping up and down in the Asus (stock) forum? This was a problem Asus introduced in an earlier 386 GPL, no? Why are only Merlin users seemingly affected (or vocal)? :confused:

Edit: it may not have been a widely released GPL firmware (40996 or greater).
 
Last edited:

RMerlin

Asuswrt-Merlin dev
I was reading the change log.
Ah, the updated version. I don`t recall seeing anything in its changelog related to performance.

I have an interesting problem with this build AX88U at 386.2_beta1
I can only add a SINGLE user to my openvpn server1...
No matter how many entries I add in user/password table, only a single one persists and is injected into the shadow file...
I tried resetting the server do default, rebooting my unit, no success.
The users table lists the system user and a single one added with password.
Confirmed, I can reproduce it on my own RT-AX88U. Thanks, I`ll have a look at it.
 

DeepWoods

Occasional Visitor
bandwidth monitor shows around 10-25KB/s upload while playing apex, far from the 0.9mb limit I set (Around 100KB/s). I was getting stable 100KB/s upload on bandwidth monitor while uploading that video. And pings were pretty decent, around +8ms over idle.
And that's with very safe limit, as I can easily do 0.95 limit and get only +10ms on average but I prefer the lower latency.

For normal download I get around +3ms.

With adaptive or traditional qos I don't see these spikes but gaming experience is soo much worse when someone starts downloading/uploading.
"Maybe" all is well? I found this comment from RMerlin from way back in 2015.
It "might" explain why your pings suffer when running game traffic (because QoS prioritizes ICMP lower).
It would be nice to have some Cake guru confirm what you are measuring.
 
Status
Not open for further replies.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top