skeal
Part of the Furniture
For creating .crt for HTTPS access use this: (Must have Pixelserv-tls installed stand alone or with Diversion) https://github.com/kvic-z/pixelserv...ixelserv-CA-to-issue-a-certificate-for-WebGUI
Thank you!For creating .crt for HTTPS access use this: (Must have Pixelserv-tls installed stand alone or with Diversion) https://github.com/kvic-z/pixelserv-tls/wiki/[ASUSWRT]-Use-Pixelserv-CA-to-issue-a-certificate-for-WebGUI
This is normal. A default reset is always done before applying the uploaded file, as this is the only way to ensure that any previous leftover settings are removed (the ovp file you upload does not replace anything, it gets parsed and converted into nvram settings, so it cannot know about what non-default settings were previously there). Only a few settings are unaffected (like client name and policy rules).However, system-log mentions at/by upload (Resetting client (unit 3) to default settings) ?
Thanks for the pointer. I'll fiddle around with it later.https://www.snbforums.com/threads/tool-to-manage-your-own-certificate-authority.45062/
The nice thing with this is you can then sign your own certificate for all other devices on your LAN (for example if you have a NAS), then any browser already having your root CA imported will automatically recognize and accept that device's certificate without warnings.
Which router model, upgrade steps?Since updated from 384.8_2, In my external disk, smb file transfer speed is extremely slow. I tested it on Windows and macOS. Both are same.
Guys, please do some testing surrounding the OpenVPN key/certs, ensuring that you can still properly manage them: adding, removing (new with beta 3 - just clear the field to remove it), editing, etc...
Thanks!
/tmp/home/root# nvram show | grep CERTIFICATE
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Isn't that what this does?Just updated to 384_10 beta 3, then rebooted again, result:
Should have looked immediately before I updated, previously when I only had one client ram was showing 52, but its up to 57 now; 57144 / 65536 bytes. And yes there are two certs in one client. Is there anyway to only clear the certs manually in terminal without clearing Nvcache entirely?Code:/tmp/home/root# nvram show | grep CERTIFICATE -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Mar 23 05:59:10 ovpn-client1[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Mar 23 05:59:10 ovpn-client1[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mar 23 05:59:10 ovpn-client1[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
My router is RT-AC88U.Which router model, upgrade steps?
BF-CBC is the old default cipher. Just ignore that message, it typically happens when two OpenVPN client/servers rely on NCP to establish the cipher to use.Upon every handshake I get the following
Is the first two warnings just noise to ignore? I do not see BF-CBC anywhere in the settings.Code:Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC' Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256' Mar 23 05:59:10 ovpn-client1[11990]: Data Channel: using negotiated cipher 'AES-256-GCM' Mar 23 05:59:10 ovpn-client1[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mar 23 05:59:10 ovpn-client1[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
The RT-AX88U stores these in the jffs partition. If that partition is corrupted/wiped/unmounted, then these settings will be lost.After installing BETA3 on my RT-AX88U the entire DHCP-Static List got wiped. Luckily I had a backup of it in txt so I could just dump it back using SSH but I found this rather awkward.
EDIT:
My static routes and port forwards was gone as well.
EDIT2:
For some reason it's all gone after a reboot. I'll try to wipe it and see if it helps.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!