Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Fork] Asuswrt-Merlin 374.43 LTS releases (V23E4 / V24B6)

Discussion in 'Asuswrt-Merlin' started by john9527, Aug 14, 2014.

  1. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    I had actually never added the OpenVPN logging level to the gui......just add a
    verb 1
    or whatever logging level you want to the custom config section.

    Will be pushing to github in a little while....
     
    cybrnook likes this.
  2. cybrnook

    cybrnook Senior Member

    Joined:
    Jan 8, 2014
    Messages:
    241
    Ah, thanks. I may have Merlin's current builds on my mind (what I was running before your branch). That may be where I remember it from.
     
  3. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    21,860
    Location:
    Canada
    It's controlled by the "vpn_loglevel" nvram setting. Default is 3, values are from 0 to 11 (looks like OpenVPN devs are Spinal Tap fans).
     
    punchsuckr and cybrnook like this.
  4. cybrnook

    cybrnook Senior Member

    Joined:
    Jan 8, 2014
    Messages:
    241
    Classic!

    For those that don't know the reference:
     
    Last edited: Mar 15, 2017
    punchsuckr and tyspeed42 like this.
  5. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    45
    after upgrade i cannot ssh to my remote rt-n16
    ovpn and other remote services do work but ssh is KO - i think we already had this issue a few versions ago
     
  6. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    Sorry, but nothing changed in 23E1 to E3 connected with SSH....and i just finished a time when I was connecting regularly with SSH via OpenVPN server.

    EDIT: The only thing I can think of is that the N16 is getting nvram challenged with only 32K (E3 added a couple of extra bytes). I may need to remove some features (like DNSCrypt) from the N16 builds.
     
    Last edited: Mar 15, 2017
  7. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    45
    ssh seems ok from lan but not from wan...strange...
     
  8. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    I just double checked after setting Allow WAN access....and it worked without any problem (My neighbor is on a different ISP and let's me connect to his ISP for testing).

    Are you using a DDNS for access? Maybe double check it's been updated correctly, or if your IP changed after the code upgrade, it may take a bit to propagate to the DNS servers.
     
    cybrnook likes this.
  9. scaramonga

    scaramonga Occasional Visitor

    Joined:
    Jan 15, 2015
    Messages:
    49
    I'm getting hundreds of these in log, I mean hundreds!! 23E1 firmware??

    Code:
    Mar 16 05:48:26 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for d1ulmmr4d4i8j4.cloudfront.net
    Mar 16 05:48:27 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for da2lh5cs8ikqj.cloudfront.net
    Mar 16 05:50:23 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.pcmrace.com
    Mar 16 05:50:25 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for i.ytimg.com
    Mar 16 06:04:58 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.pcmrace.com
    Mar 16 06:14:41 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.nfohump.com
    Mar 16 06:17:01 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for cs.rin.ru
    Mar 16 06:17:46 dnsmasq[544]: server 81.139.57.100#53: resp: 0x00 query failed for scaramonga.imgur.com
    Mar 16 06:20:19 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for avencolony.com
    Mar 16 06:21:23 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.componentsuk.co.uk
    Mar 16 06:21:53 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.watercoolinguk.co.uk
    Mar 16 06:21:54 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for code.instantcart.com
    Mar 16 06:24:55 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.chilledpc.co.uk
    Mar 16 06:27:14 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for images.nvidia.com
    Mar 16 06:27:14 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for api.digitalriver.com
    Mar 16 06:27:15 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for gethatch.com
    Mar 16 06:27:15 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for i.ytimg.com
    Mar 16 06:37:35 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.adobe.com
    Mar 16 06:38:02 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for cs.rin.ru
    Mar 16 07:46:42 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for 1fizorp.oloadcdn.net
    Mar 16 07:46:56 dnsmasq[544]: server 81.139.57.100#53: resp: 0x00 query failed for www.googleapis.com
    Mar 16 08:04:53 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for cdn2.alphr.com
    Mar 16 08:18:59 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for s.youtube.com
    Mar 16 08:22:35 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for q.ebaystatic.com
    Mar 16 08:23:41 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for promotions.ebay.co.uk
    Mar 16 08:25:01 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.yalldata.com
    Mar 16 08:26:24 dnsmasq[544]: server 81.139.57.100#53: resp: 0x00 query failed for store.akamai.steamstatic.com
    Mar 16 08:29:53 dnsmasq[544]: server 81.139.56.100#53: resp: 0x00 query failed for www.smallnetbuilder.com
     
  10. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    Don't use 'Debug' as the syslog loglevel...

    EDIT: Just as a reminder to everyone, you can use the Search box in the upper right hamd corner to search within a thread you have open.
     
    joegreat and Nullity like this.
  11. punchsuckr

    punchsuckr Regular Contributor

    Joined:
    May 17, 2014
    Messages:
    167
    Maybe it's time we had a community maintained FAQ...
     
  12. cybrnook

    cybrnook Senior Member

    Joined:
    Jan 8, 2014
    Messages:
    241
    @john9527 , is it normal that after a clean install and nvram erase, during my initial setup I could see from the "tools" page that CTF (only) was enabled, but on the switch config page, NAT acceleration was set to "Disabled" out of the box. I know you have different "levels" in CTF, but I figured if tools showed as enabled, I would have seen it set to level 1 or 2 at least.

    Unless CTF is just On all the time as it causes no issues since there is no Trend Micro DPI engine in your builds...?
     
  13. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    45
    actually the issue is that dropbear binds on lan address only even if "aalow access from wan" is ON
    currently i run an sslh in front so i can connect to the lan address and i can connect but maybe I can fix this.
    from what i found my nvram is empty for:
    "sshd_addr="
    woh should I enter 0.0.0.0 here?
     
  14. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    Ahh....the non-standard config using sslh (had to look that one up) :) The binding to only the router was done for security reasons.

    As far as sshd_addr goes, it's part of a nvram only (not in gui), fork unique option that I added for another user a long time ago. It may indeed be able to help you out. Check the Merlin_Fork_Options.txt file to see how to use it.
     
  15. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    It all depends on when you looked and what options you set up (i.e. if you set up something that would automatically disable CTF). Sometimes the entry on the tools page requires a reboot to get in sync with the actual state.....the entry on the switch page will generally immediately reflect if you did something to disable CTF. Try and reboot and they should be in sync.
     
  16. cybrnook

    cybrnook Senior Member

    Joined:
    Jan 8, 2014
    Messages:
    241
    Oh, I set it all up in the meantime, so I am way past that :) (Plus I use your QoS, so it normally gets disabled anyways)

    But this was a fresh boot off a fresh install, then a subsequent nvram erase && reboot. So no custom config had been performed yet.

    Do you set CTF to enabled by default, or disabled? So I know for the future.


    Gear switch, you think there are any limitations on why the RT-AC1900P would not run this fork? With it's close similarities to the RT-AC68U, would it not be possible? Granted Flash and RAM are larger....
     
  17. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,032
    Location:
    United States
    Should be enabled by default unless you are connected with a USB modem.

    Sorry, won't work. It has a different processor and requires a different SDK (same as the AC-68U revs above B1)
     
    cybrnook likes this.
  18. cybrnook

    cybrnook Senior Member

    Joined:
    Jan 8, 2014
    Messages:
    241
    Okay, maybe I will wipe and test again just for giggles to make sure it's nothing. My goal is only to help you fine tune, that's why I bring this stuff up. And no, no USB modem, single line from a linksys modem on Xfinity.

    Fair enough, I had a couple, was going to offer to send one. But seems there is a hard limit anyways....
     
  19. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    45
    thank you very much, John
    my ssh access is restored !
     
  20. slobodan

    slobodan Regular Contributor

    Joined:
    Jul 30, 2015
    Messages:
    52
    No, please don't. Dnscrypt is great.
     

Share This Page