john9527
Part of the Furniture
Check the browser console for any errors....Okey, cant get it working for now.
Check the browser console for any errors....Okey, cant get it working for now.
TypeError: staticstatsTableEntries[j] is undefinedAdvanced_VPNStatus.asp:288:1Check the browser console for any errors....
Not firmware specific. I get expired message and I’m on Merlin at the moment.Hmm, more quirks.. seems that curl have some problem when trying to update afraid.org
get this answer: curl: (60) SSL certificate problem: certificate has expired
Works before updating to 44D6
# curl -v https://freedns.afraid.org/
* Trying 204.140.20.21:443...
* Connected to freedns.afraid.org (204.140.20.21) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Not firmware specific. I get expired message and I’m on Merlin at the moment.
Code:# curl -v https://freedns.afraid.org/ * Trying 204.140.20.21:443... * Connected to freedns.afraid.org (204.140.20.21) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, certificate expired (557): * SSL certificate problem: certificate has expired * Closing connection 0 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
Thanks! Can the “certificate is expired” only be the server certificaat? I ask this because the same url is working perfectly on Ubuntu 18.04 with curl. See https://www.snbforums.com/threads/3...ficate-problem-certificate-has-expired.64455/If it says "certificate is expired", then that's what it is: the certificate on the remote server is expired.
See https://freedns.afraid.org/news/I just tested and have same answer Merlin, seems problem is with afraig.org then?
if you have an out of date CA root store in your TLS client, automatic dynamic updates (over TLS only) may not be working for you starting today due to a upstream TLS provider chain key change.
The current keys are valid, and rigorously tested/verified to work for all modern updated installations, though the change is upstream in the signing chain.
If this affects you, in a pinch you could do plaintext updates, or update your TLS installation.
In light of a lot of legacy devices making updates unattended, I'm evaluating acquiring keys from a different TLS provider.
What language setting are you using? And what locale set for your system?TypeError: staticstatsTableEntries[j] is undefinedAdvanced_VPNStatus.asp:288:1
parseStatus http://192.168.14.1/Advanced_VPNStatus.asp:288
initial http://192.168.14.1/Advanced_VPNStatus.asp:104
onload http://192.168.14.1/Advanced_VPNStatus.asp:1
What language setting are you using? And what locale set for your system?
Let's check the more likely things first...
Did you see something that stands out in the configurationWhat language setting are you using? And what locale set for your system?
Let's check the more likely things first...
Not really....and I can't recreate it. I've only been able to come up with three possibilities...Did you see something that stands out in the configuration
Not really....and I can't recreate it. I've only been able to come up with three possibilities...
(1) You aren't really connected, and OpenVPN is just returning a header without any data
(2) You are connected, but OpenVPN for some reason is only returning partial data
(3) There's something strange in the data that is leading to a parsing error (this is usually language/locale specific). By locale, I mean the language/number formats defined in your operating system (Windows?) that are picked up by the browser.
I'm inclined to think it's this last one....how are you using the debugging features of the browser console (set a breakpoint at the failure and examine variable contents). If your not comfortable with this, I can do a debug build that will throw some alerts with the data I need to see.
May 31 17:50:32 openvpn[3488]: VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=octopus, OU=octopus [email protected], CN=octopus CA, name=EasyRSA, [email protected]
May 31 17:50:32 openvpn[3488]: VERIFY KU OK
May 31 17:50:32 openvpn[3488]: Validating certificate extended key usage
May 31 17:50:32 openvpn[3488]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 31 17:50:32 openvpn[3488]: VERIFY EKU OK
May 31 17:50:32 openvpn[3488]: VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=octopus, OU=octopus [email protected], CN=octopus, name=EasyRSA, [email protected]
May 31 17:50:32 openvpn[3488]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:50:32 openvpn[3488]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
May 31 17:50:32 openvpn[3488]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
# Automatically generated configuration
daemon
client
dev tun11
txqueuelen 1000
proto udp
remote octopus.xxxxxxx.xx 1194
resolv-retry infinite
nobind
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-GCM
auth none
script-security 2
route-delay 2
route-up vpnrouting.sh
route-pre-down vpnrouting.sh
verb 3
up updown.sh
down updown.sh
tls-crypt static.key
ca ca.crt
cert client.crt
key client.key
status-version 2
status status 10
# Custom Configuration
remote-cert-tls server
fast-io
# log /tmp/vpnclient-1.log
To probably nobody's great surprise, US East is seemingly working properly.I've put up a 44D6 release in the development folder
https://1drv.ms/f/s!Ainhp1nBLzMJiF2l3WjM46lSmxrH
which backports part of the tz updates from Merlin. It will allow you to set the DST times for some additional locations, including the new separate entry for Helsinki.
(A second part, which sets the default DST start and end times per location still needs to be backported, but will take some additional work. So please manually verify/set those values for your location).
Not really....and I can't recreate it. I've only been able to come up with three possibilities...
(1) You aren't really connected, and OpenVPN is just returning a header without any data
(2) You are connected, but OpenVPN for some reason is only returning partial data
(3) There's something strange in the data that is leading to a parsing error (this is usually language/locale specific). By locale, I mean the language/number formats defined in your operating system (Windows?) that are picked up by the browser.
I'm inclined to think it's this last one....how are you using the debugging features of the browser console (set a breakpoint at the failure and examine variable contents). If your not comfortable with this, I can do a debug build that will throw some alerts with the data I need to see.
Not likely...I even double checked. They've come up with a 'compatibility' version going back to the 3.10 kernel. These older routers are based on the 2.6.x kernel.Just an off question since I'm no programmer.
Will OpenVPN be replaced by WireGuard at some point?
Not likely...I even double checked. They've come up with a 'compatibility' version going back to the 3.10 kernel. These older routers are based on the 2.6.x kernel.
So would Merlin/Asus be able to implement in their firmware in the future?
It might be technically possible for the newer routers but you'd have to ask Asus what their plans are. As for Merlin, he's already answered this question multiple times.These older routers are based on the 2.6.x kernel.
What he saidIt might be technically possible for the newer routers but you'd have to ask Asus what their plans are. As for Merlin, he's already answered this question multiple times.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!