[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

octopus

Very Senior Member
I get this:
js1.jpg
Check the browser console for any errors....
TypeError: staticstatsTableEntries[j] is undefinedAdvanced_VPNStatus.asp:288:1
parseStatus http://192.168.14.1/Advanced_VPNStatus.asp:288
initial http://192.168.14.1/Advanced_VPNStatus.asp:104
onload http://192.168.14.1/Advanced_VPNStatus.asp:1

I get this under Edge browser:
  1. HTML1300: Användaren har navigerat.
    Advanced_VPNStatus.asp (1,1)
  2. HTML1524: Ogiltig HTML5 DOCTYPE. Överväg att använda den interoperabla formen "<!DOCTYPE html>".
    Advanced_VPNStatus.asp (1,1)
  3. HTML1513: En extra <html>-tagg hittades. Det får bara finnas en <html>-tagg i ett dokument.
    Advanced_VPNStatus.asp (3,1)
  4. HTML1509: Omatchad sluttagg.
    Advanced_VPNStatus.asp (480,1)
  5. HTML1521: Oväntad </body>-tagg eller oväntat filslut. Alla öppna element måste stängas före dokumentslutet.
    Advanced_VPNStatus.asp (489,1)
  6. 0: Unable to get property '0' of undefined or null reference
    Advanced_VPNStatus.asp (287,1)
  7. 13
    0: Unable to get property 'getElementsByTagName' of undefined or null referencestate.js (2211,1)
 
Last edited:

octopus

Very Senior Member
Hmm, more quirks.. seems that curl have some problem when trying to update afraid.org
get this answer: curl: (60) SSL certificate problem: certificate has expired
Works before updating to 44D6
 

dave14305

Part of the Furniture
Hmm, more quirks.. seems that curl have some problem when trying to update afraid.org
get this answer: curl: (60) SSL certificate problem: certificate has expired
Works before updating to 44D6
Not firmware specific. I get expired message and I’m on Merlin at the moment.
Code:
# curl -v https://freedns.afraid.org/
*   Trying 204.140.20.21:443...
* Connected to freedns.afraid.org (204.140.20.21) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
 

octopus

Very Senior Member
Not firmware specific. I get expired message and I’m on Merlin at the moment.
Code:
# curl -v https://freedns.afraid.org/
*   Trying 204.140.20.21:443...
* Connected to freedns.afraid.org (204.140.20.21) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I just tested and have same answer Merlin, seems problem is with afraig.org then?
 

RMerlin

Asuswrt-Merlin dev
If it says "certificate is expired", then that's what it is: the certificate on the remote server is expired.
 

dave14305

Part of the Furniture
I just tested and have same answer Merlin, seems problem is with afraig.org then?
See https://freedns.afraid.org/news/
if you have an out of date CA root store in your TLS client, automatic dynamic updates (over TLS only) may not be working for you starting today due to a upstream TLS provider chain key change.

The current keys are valid, and rigorously tested/verified to work for all modern updated installations, though the change is upstream in the signing chain.

If this affects you, in a pinch you could do plaintext updates, or update your TLS installation.

In light of a lot of legacy devices making updates unattended, I'm evaluating acquiring keys from a different TLS provider.
 

octopus

Very Senior Member
What language setting are you using? And what locale set for your system?
Let's check the more likely things first...

I'm on " English" and locale (hope this is what you mean) Copenhagen, Stockholm, Oslo GMT+1
 

octopus

Very Senior Member
What language setting are you using? And what locale set for your system?
Let's check the more likely things first...
Did you see something that stands out in the configuration
 

john9527

Part of the Furniture
Did you see something that stands out in the configuration
Not really....and I can't recreate it. I've only been able to come up with three possibilities...
(1) You aren't really connected, and OpenVPN is just returning a header without any data
(2) You are connected, but OpenVPN for some reason is only returning partial data
(3) There's something strange in the data that is leading to a parsing error (this is usually language/locale specific). By locale, I mean the language/number formats defined in your operating system (Windows?) that are picked up by the browser.

I'm inclined to think it's this last one....how are you using the debugging features of the browser console (set a breakpoint at the failure and examine variable contents). If your not comfortable with this, I can do a debug build that will throw some alerts with the data I need to see.
 

octopus

Very Senior Member
Not really....and I can't recreate it. I've only been able to come up with three possibilities...
(1) You aren't really connected, and OpenVPN is just returning a header without any data
(2) You are connected, but OpenVPN for some reason is only returning partial data
(3) There's something strange in the data that is leading to a parsing error (this is usually language/locale specific). By locale, I mean the language/number formats defined in your operating system (Windows?) that are picked up by the browser.

I'm inclined to think it's this last one....how are you using the debugging features of the browser console (set a breakpoint at the failure and examine variable contents). If your not comfortable with this, I can do a debug build that will throw some alerts with the data I need to see.

openvpn have this output:
Code:
May 31 17:50:32 openvpn[3488]: VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=octopus, OU=octopus [email protected], CN=octopus CA, name=EasyRSA, [email protected]
May 31 17:50:32 openvpn[3488]: VERIFY KU OK
May 31 17:50:32 openvpn[3488]: Validating certificate extended key usage
May 31 17:50:32 openvpn[3488]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 31 17:50:32 openvpn[3488]: VERIFY EKU OK
May 31 17:50:32 openvpn[3488]: VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=octopus, OU=octopus [email protected], CN=octopus, name=EasyRSA, [email protected]
May 31 17:50:32 openvpn[3488]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:50:32 openvpn[3488]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:50:32 openvpn[3488]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA

Code:
# Automatically generated configuration
daemon
client
dev tun11
txqueuelen 1000
proto udp
remote octopus.xxxxxxx.xx 1194
resolv-retry infinite
nobind
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-GCM
auth none
script-security 2
route-delay 2
route-up vpnrouting.sh
route-pre-down vpnrouting.sh
verb 3
up updown.sh
down updown.sh
tls-crypt static.key
ca ca.crt
cert client.crt
key client.key
status-version 2
status status 10

# Custom Configuration
remote-cert-tls server
fast-io
# log /tmp/vpnclient-1.log

Where can I read to set a breakpoint in browser?
 
Last edited:

jrmwvu04

Very Senior Member
I've put up a 44D6 release in the development folder
https://1drv.ms/f/s!Ainhp1nBLzMJiF2l3WjM46lSmxrH
which backports part of the tz updates from Merlin. It will allow you to set the DST times for some additional locations, including the new separate entry for Helsinki.
(A second part, which sets the default DST start and end times per location still needs to be backported, but will take some additional work. So please manually verify/set those values for your location).
To probably nobody's great surprise, US East is seemingly working properly.
 

anotherengineer

Regular Contributor
Not really....and I can't recreate it. I've only been able to come up with three possibilities...
(1) You aren't really connected, and OpenVPN is just returning a header without any data
(2) You are connected, but OpenVPN for some reason is only returning partial data
(3) There's something strange in the data that is leading to a parsing error (this is usually language/locale specific). By locale, I mean the language/number formats defined in your operating system (Windows?) that are picked up by the browser.

I'm inclined to think it's this last one....how are you using the debugging features of the browser console (set a breakpoint at the failure and examine variable contents). If your not comfortable with this, I can do a debug build that will throw some alerts with the data I need to see.

Just an off question since I'm no programmer.

Will OpenVPN be replaced by WireGuard at some point?
 

anotherengineer

Regular Contributor
Not likely...I even double checked. They've come up with a 'compatibility' version going back to the 3.10 kernel. These older routers are based on the 2.6.x kernel.

So would Merlin/Asus be able to implement in their firmware in the future?
 

ColinTaylor

Part of the Furniture
So would Merlin/Asus be able to implement in their firmware in the future?
These older routers are based on the 2.6.x kernel.
It might be technically possible for the newer routers but you'd have to ask Asus what their plans are. As for Merlin, he's already answered this question multiple times.
 

john9527

Part of the Furniture
It might be technically possible for the newer routers but you'd have to ask Asus what their plans are. As for Merlin, he's already answered this question multiple times.
What he said :)

Actually, I think there is an opportunity here for someone. I was reading something a few days ago about using a Raspberry Pi as a Wireguard client/server which was said to work well (sorry, don't remember where I saw it). It would be great if someone would put together a tutorial about how to do that and integrate it with the router.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top