[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

BloodFX

Regular Contributor
You really just need to examine the SSL certificate that your router is using for https. Are you saying you can login with https://router.asus.com:8443/ but not https://192.168.1.1:8443/ ?

View the certificate in your browser when the site is up (generally by clicking on the padlock icon, but I use Firefox). Is it a self-signed cert that Chrome doesn't like? Lot of different ways this could go, but we need to understand how your certificate is signed.

Yea its seems to be chrome only, I can login with default ip with microsoft edge, not tried any other browsers.
With chrome I can only login by using https://router.asus.com:8443/index.asp
Just realised could it be that i have no cert installed at all?
 

dave14305

Part of the Furniture
Yea its seems to be chrome only, I can login with default ip with microsoft edge, not tried any other browsers.
With chrome I can only login by using https://router.asus.com:8443/index.asp
Just realised could it be that i have no cert installed at all?
You would get a lot of complaints from Chrome logging into router.asus.com if you had no cert at all. Browsers will complain about certificate name mismatches with the URL hostname, so I would expect trouble when trying to browse https://192.168.1.1:8443/ when the router certificate is generated for https://router.asus.com:8443/. When logged into router.asus.com in Chrome, what do you see about the certificate when clicking on the security padlock?

If you run Diversion and Pixelserv, I would recommend following this wiki article to let Pixelserv sign your cert if you have already imported the Pixelserv CA on your devices.
https://github.com/kvic-z/pixelserv...ixelserv-CA-to-issue-a-certificate-for-WebGUI

Otherwise, there are alternative ways to sign a certificate in a way that satisfies all browsers. RMerlin and john9527 have both referred to XCA before as a good tool.
https://www.hohnstaedt.de/xca/
 

john9527

Part of the Furniture
Just realised could it be that i have no cert installed at all?
If you didn't explicitly save a cert in the gui or install your own, the router will automatically generate a new cert every time it reboots.
 
Last edited:

BloodFX

Regular Contributor
You would get a lot of complaints from Chrome logging into router.asus.com if you had no cert at all. Browsers will complain about certificate name mismatches with the URL hostname, so I would expect trouble when trying to browse https://192.168.1.1:8443/ when the router certificate is generated for https://router.asus.com:8443/. When logged into router.asus.com in Chrome, what do you see about the certificate when clicking on the security padlock?

If you run Diversion and Pixelserv, I would recommend following this wiki article to let Pixelserv sign your cert if you have already imported the Pixelserv CA on your devices.
https://github.com/kvic-z/pixelserv-tls/wiki/[ASUSWRT]-Use-Pixelserv-CA-to-issue-a-certificate-for-WebGUI

Otherwise, there are alternative ways to sign a certificate in a way that satisfies all browsers. RMerlin and john9527 have both referred to XCA before as a good tool.
https://www.hohnstaedt.de/xca/

I don't see a padlock, it just says your connection is not secure?
 

JWoo

Senior Member
I saw an article a couple days ago that DNS over TLS was being added to another firmware project, and that it was a big deal. Those of us using this build or Fresh Tomato have had DNS over TLS for 9 or 10 months already and knew it was a big deal last year! John's fork has been one of the early adopters of this functionality. Given the recent DNS hacks that affected some well known DNS servers, I appreciate even more having DoT on my routers.
 

Gar

Very Senior Member
Any experience here with DoT and the CF test? Does DoT work on other than CF and it's app? For me it always says no to DoT unless I use CF.
 

JWoo

Senior Member
Yes. I have used other DNS providers than Cloudfare. I have used Quad9 and Google as well and they work fine with DoT. I have used DNS Leak Test to verify DNS but to my knowledge only Cloudfare has a handy dandy web site to test DoT functionality (when using their resolvers). Others can comment about validating DoT with other resolvers.
 

ColinTaylor

Part of the Furniture
Any experience here with DoT and the CF test? Does DoT work on other than CF and it's app? For me it always says no to DoT unless I use CF.
The CF test only tells you if you're using their servers, not other people's.
 

john9527

Part of the Furniture
Next release has been posted to pick up a few new fixes...nothing critical. I'm going to be tied up for the next couple of weeks, so decided to post up my current working level.

LATEST RELEASE: Update-39E3/39L3
17-April-2019
Merlin fork 374.43_39E3j9527
Download http://bit.ly/1YdgUcP
============================

Key Changes:
  • Backported fixes for two buffer overrun exposures from Merlin 384
  • Custom scripts now post a log message if they are not marked as executable
  • Fix a case where the JFFS syslog copy may not be updated

SHA256
Code:
(Default Build - All supported routers)
1da9783719ba049db983d951f2bf1d2e491eb54da536f6c37b91f83382570b41  RT-N16_374.43_39E3j9527.trx
7ff2550da6a757f989d0e826a65ad564882d9b964bc59be4ea70b85216705d21  RT-AC66U_374.43_39E3j9527.trx
79375da7d3f55626b9cd24aec5b13fb9871e86014f26959b70b32b16fae7fb64  RT-N66U_374.43_39E3j9527.trx
8e21b418e7df90d01b574e1fda08a6be5a8720ac9896a45cf1c8cba01c9dff0f  RT-AC68U_374.43_39E3j9527.trx
0bb8364fda5740a1314115dbc1d9acc1f39f92498df55d1f2622ba7d6b0d48d3  RT-AC56U_374.43_39E3j9527.trx

(Legacy Only Builds)
fbba5033a87c5fbed9b3f83a2960838a5d53b717075d1aadc5c0d0ddfe54e4eb  RT-AC68U_3.0.0.4_374.43_2-39L3j9527.trx
92faa3693ffc2cbef324fad7ff510d302628c57d977d5597e374e534fb04690b  RT-AC56U_3.0.0.4_374.43_2-39L3j9527.trx
545927719c46e359a0db6bf9dcb348f99c0f3d8786725780cb182994c61b19be  RT-N16_3.0.0.4_374.43_2-39L3j9527.trx
5e9c82a5b250097172fe3867667149dfa46ed792782cc9f7d11959c44957c2f5  RT-AC66U_3.0.0.4_374.43_2-39L3j9527.trx
9aa05ea06237b4ebec4619c43d9b7ad221c2565a4667971d172a6d857d1bac88  RT-N66U_3.0.0.4_374.43_2-39L3j9527.trx
 

Fluflu

New Around Here
Hi,

I have an RT-AC66U on 39E1. I just changed the log level from debug to notification, and after the usual waiting time I'm not able to login any more? Username and password just not accepted.

This has happened to me once before. That time I had to reset the router but don't feel like doing that again. Any ideas what's happening?

Edit: Router seems to work as usual, just not able to login to the admin interface.
 

L&LD

Part of the Furniture
Hi,

I have an RT-AC66U on 39E1. I just changed the log level from debug to notification, and after the usual waiting time I'm not able to login any more? Username and password just not accepted.

This has happened to me once before. That time I had to reset the router but don't feel like doing that again. Any ideas what's happening?

Edit: Router seems to work as usual, just not able to login to the admin interface.

Reboot the router and see if that solves it. :)

Otherwise; update to the latest firmware (see post above yours), recommended. How long ago did you need to reset it? From which firmware version did you flash to 39E1? You may not feel like it, but it may be necessary if it is more than 3 versions ago. ;)
 

john9527

Part of the Furniture
Hi,

I have an RT-AC66U on 39E1. I just changed the log level from debug to notification, and after the usual waiting time I'm not able to login any more? Username and password just not accepted.

This has happened to me once before. That time I had to reset the router but don't feel like doing that again. Any ideas what's happening?

Edit: Router seems to work as usual, just not able to login to the admin interface.
Just tried flipping the log-level a couple of times and everything worked fine. Can't think of why loglevel would effect logging in.

Can you connect via SSH? If you, you can manually reset the loglevel to the default Info via

nvram set log_level=7
nvram commit
service reboot

Are you running any addons such as Skynet or Diversion? Only SWAG I can come up with is that some addon which tries to clean the syslog is looking for some log entry which isn't there with Notification level and spinning.....
 

Fluflu

New Around Here
Thanks john9527 and L&LD for quick responses. I have rebooted :) SSH login not enabled unfortunately. Last reset was not that long ago, 2 versions perhaps. Not sure how to update the firmware if I'm not able to login? Can I use the ASUS Firmware restoration tool perhaps? And will that cause me to lose all settings?

Some more info: Not running SSL, OpenVPN server running, otherwise pretty default setup.

Last time this happened I was also just doing a minor change. I'm thinking it's time to replace the old AC66u perhaps..
 

Fluflu

New Around Here
Update and wtf: Tried replacing my username with the default 'admin' now, it worked! With the password set for my username. So it seems my user was renamed from what I've set to 'admin'...

Thinking maybe Lastpass or a form filler changed the login name on the Admin page where I changed log level before I hit save...
 

dave14305

Part of the Furniture
Next release has been posted to pick up a few new fixes...nothing critical. I'm going to be tied up for the next couple of weeks, so decided to post up my current working level.

LATEST RELEASE: Update-39E3/39L3
17-April-2019
Merlin fork 374.43_39E3j9527
Download http://bit.ly/1YdgUcP
============================

Key Changes:
  • Backported fixes for two buffer overrun exposures from Merlin 384
  • Custom scripts now post a log message if they are not marked as executable
  • Fix a case where the JFFS syslog copy may not be updated

SHA256
Code:
(Default Build - All supported routers)
1da9783719ba049db983d951f2bf1d2e491eb54da536f6c37b91f83382570b41  RT-N16_374.43_39E3j9527.trx
7ff2550da6a757f989d0e826a65ad564882d9b964bc59be4ea70b85216705d21  RT-AC66U_374.43_39E3j9527.trx
79375da7d3f55626b9cd24aec5b13fb9871e86014f26959b70b32b16fae7fb64  RT-N66U_374.43_39E3j9527.trx
8e21b418e7df90d01b574e1fda08a6be5a8720ac9896a45cf1c8cba01c9dff0f  RT-AC68U_374.43_39E3j9527.trx
0bb8364fda5740a1314115dbc1d9acc1f39f92498df55d1f2622ba7d6b0d48d3  RT-AC56U_374.43_39E3j9527.trx

(Legacy Only Builds)
fbba5033a87c5fbed9b3f83a2960838a5d53b717075d1aadc5c0d0ddfe54e4eb  RT-AC68U_3.0.0.4_374.43_2-39L3j9527.trx
92faa3693ffc2cbef324fad7ff510d302628c57d977d5597e374e534fb04690b  RT-AC56U_3.0.0.4_374.43_2-39L3j9527.trx
545927719c46e359a0db6bf9dcb348f99c0f3d8786725780cb182994c61b19be  RT-N16_3.0.0.4_374.43_2-39L3j9527.trx
5e9c82a5b250097172fe3867667149dfa46ed792782cc9f7d11959c44957c2f5  RT-AC66U_3.0.0.4_374.43_2-39L3j9527.trx
9aa05ea06237b4ebec4619c43d9b7ad221c2565a4667971d172a6d857d1bac88  RT-N66U_3.0.0.4_374.43_2-39L3j9527.trx
I saw a fork in the router so I took it! :D
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top