[Beta] Asuswrt-Merlin 384.10 Beta is now available

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.
Status
Not open for further replies.

skeal

Part of the Furniture

Sonyrolfy

Regular Contributor
No leftovers when ticked default. Keys/cert are empty. RT86U. Beta3. However, system-log mentions at/by upload (Resetting client (unit 3) to default settings) ?

system-log:

Upload: openvpn: Resetting client (unit 4) to default settings (All keys/certs & Crypto Settings are in)
Default: rc_service: httpds 758:notify_rc stop_vpnclient4;clearvpnclient
openvpn: Resetting client (unit 4) to default settings (Keys/cert are empty)
 

RMerlin

Asuswrt-Merlin dev
However, system-log mentions at/by upload (Resetting client (unit 3) to default settings) ?
This is normal. A default reset is always done before applying the uploaded file, as this is the only way to ensure that any previous leftover settings are removed (the ovp file you upload does not replace anything, it gets parsed and converted into nvram settings, so it cannot know about what non-default settings were previously there). Only a few settings are unaffected (like client name and policy rules).
 

roundaway

Occasional Visitor
Beta 3 dirty flashed on RT-AC66_B1. OpenVPN server working fine with one android client connected. Good speeds.
 

ksyoon70

New Around Here
Since updated from 384.8_2, In my external disk, smb file transfer speed is extremely slow. I tested it on Windows and macOS. Both are same.
 

RamGuy

Senior Member
After installing BETA3 on my RT-AX88U the entire DHCP-Static List got wiped. Luckily I had a backup of it in txt so I could just dump it back using SSH but I found this rather awkward.

EDIT:

My static routes and port forwards was gone as well.

EDIT2:

For some reason it's all gone after a reboot. I'll try to wipe it and see if it helps.
 
Last edited:

John Adler

Regular Contributor
beta 3 working very stable.
even with many changes I did on my setup.
testing a lot yesterday.
thxs guys for the list to optimize the router
 

MarkRH

Senior Member

Centrifuge

Regular Contributor
Since updated from 384.8_2, In my external disk, smb file transfer speed is extremely slow. I tested it on Windows and macOS. Both are same.
Which router model, upgrade steps?
 

Henk59

Regular Contributor
Guys, please do some testing surrounding the OpenVPN key/certs, ensuring that you can still properly manage them: adding, removing (new with beta 3 - just clear the field to remove it), editing, etc...

Thanks!

Merlin,
My ovpn settings was unsupported after some years.
My VPN (provider) connection was therefore lost.
I'd first an FW update from 384.09 to 384.10B3 after that I click DEFAULT button on the VPN page.

I made the mistake that I edit/paste the crt keys on the wrong field Client Certificate instead of the Certificate Authority field.
Deleteting the Certicate field went fine.

OpenVPN works fine again.

Merlin, thank you for the 384.10B3 FW.
 

dugaduga

Senior Member
@Henk59 I did the exact same thing and I was unable to connect from that client.

Just updated to 384_10 beta 3, then rebooted again, result:

Code:
/tmp/home/root# nvram show | grep CERTIFICATE
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Should have looked immediately before I updated, previously when I only had one client ram was showing 52, but its up to 57 now; 57144 / 65536 bytes. And yes there are two certs in one client. Is there anyway to clear the certs manually in terminal without clearing Nvcache entirely?
 
Last edited:

dugaduga

Senior Member
Update Deleting the certs worked this time (great work!), though it doesn't clear previous ones from the cache either. Adding it back did not add it back into the cache though, good sign, and adding a second cert does not increase NVcache, yay!
 

Jack Yaz

Part of the Furniture
Just updated to 384_10 beta 3, then rebooted again, result:

Code:
/tmp/home/root# nvram show | grep CERTIFICATE
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Should have looked immediately before I updated, previously when I only had one client ram was showing 52, but its up to 57 now; 57144 / 65536 bytes. And yes there are two certs in one client. Is there anyway to only clear the certs manually in terminal without clearing Nvcache entirely?
Isn't that what this does?

https://www.snbforums.com/threads/b...ta-is-now-available.55520/page-11#post-473701
 

dugaduga

Senior Member
Oh my gosh what a life saver, thank you @RMerlin, great work and @Jack_Yaz for pointing that out! Down to 51990 / 65536 bytes now. Looking better than ever, thanks guys.
 

dugaduga

Senior Member
Upon every handshake I get the following

Code:
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'

Mar 23 05:59:10 ovpn-client1[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Mar 23 05:59:10 ovpn-client1[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mar 23 05:59:10 ovpn-client1[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Is the first two warnings just noise to ignore? I do not see BF-CBC anywhere in the settings.
 

JemTheWire

Senior Member
Since updating from beta 2 to beta 3 on my RT-AX88U (router mode), and RT-AC88U (access point) I have noticed a marked speed decrease in page load times.

On beta 2, the status bar of my browser whether Firefox or Chrome, I could see text stating performing TLS handshake etc. Now that happens so much faster I hardly have chance to read what it says!

Result.

Thanks Eric.
 

RMerlin

Asuswrt-Merlin dev
Upon every handshake I get the following

Code:
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'

Mar 23 05:59:10 ovpn-client1[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Mar 23 05:59:10 ovpn-client1[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mar 23 05:59:10 ovpn-client1[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Is the first two warnings just noise to ignore? I do not see BF-CBC anywhere in the settings.
BF-CBC is the old default cipher. Just ignore that message, it typically happens when two OpenVPN client/servers rely on NCP to establish the cipher to use.
 

RMerlin

Asuswrt-Merlin dev
After installing BETA3 on my RT-AX88U the entire DHCP-Static List got wiped. Luckily I had a backup of it in txt so I could just dump it back using SSH but I found this rather awkward.

EDIT:

My static routes and port forwards was gone as well.

EDIT2:

For some reason it's all gone after a reboot. I'll try to wipe it and see if it helps.
The RT-AX88U stores these in the jffs partition. If that partition is corrupted/wiped/unmounted, then these settings will be lost.
 
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top