Release [Fork] Asuswrt-Merlin 374 LTS release 48E7

[john9527]

Does not report anything

Something is blocking stun. Are you running any addons?

EDIT: I uploaded a 'wicens-lts-mod.sh' script. Download and rename to 'wicens-lts.sh'
This adds a fallback to use the router's internal WAN IP if the stun fails.

 

[john9527]

Dumb question: how to tell my RT-AC68U version? ie. is V3 or not?

Should be on the label on the back of the router.....

or via ssh

nvram get PA

if it returns '8527' it's a V3

 

[Wallace_n_Gromit]

Updated to the latest release 48E2 on my RT-N16. Opened all the tabs. Browsed around. Everything seemed to be working ok. No issues with the GUI. Was excited to see the OpenVPN 2.5.1 being updated, then DoH! forgot that the N16 doesn't support OpenVPN, dang.

Additional thought: With @RMerlin's builds, more of the firmware has become/is becoming closed-sourced by Asus over time. Since we are still on the 374 firmware, does that mean that most, if not all, the firmware is still under GPL/open-source? I guess put another way, how does the still Open-source compare between the latest 386 builds of Merlin and the 374 builds of your fork, @john9527? I would imagine that there might be some on this forum that might be interested in this.

 

[Maverickcdn]

@john9527 @diamuxin

forking to Johns LTS was on a list of things to do but never saw an explicit request so I never got around to it, if there's success for users using Johns modified version Ill look at merging Johns edit to my github version

wicens was written to be a guided user entry experience hence the 1000 lines of user credential entry code, but as it was my first script it could use some better execution flow control and lots more finesse

What you want could be easily be accomplished a few different ways with much much less code like John mentioned in post #12

 

[diamuxin]

Something is blocking stun. Are you running any addons?

EDIT: I uploaded a 'wicens-lts-mod.sh' script. Download and rename to 'wicens-lts.sh'
This adds a fallback to use the router's internal WAN IP if the stun fails.

It doesn't work either, a shame.

Mar 10 17:15:00 wicens[3027]: manual : No saved WAN IP found, attempting to write current to this script
Mar 10 17:16:00 crond[415]: USER admin pid 7428 cmd /jffs/scripts/wicens-lts.sh cron
Mar 10 17:16:00 wicens[7429]: cron : Killing old process 3027 started by Option : manual  and deleting lock file Created
Mar 10 17:16:00 wicens[7429]: cron : Done, killed stale process, removed lock file
Mar 10 17:16:00 wicens[7429]: cron : No saved WAN IP found, attempting to write current to this script
Mar 10 17:16:06 wicens[7429]: cron : NOTICE - Killed hung getrealip.sh process after 5 secs

Thanks anyway..

The following script I have tried it too and it DOES work.

ddns-start:
Source: https://github.com/Meliox/Utils/blob/master/ddns-start/ddns-start

#!/bin/sh
# Custom DDNS (dynamic DNS) for the no-ip.com or asuswrt service for asuswrt-merlin
# The scripts works in a double NAT setup and single NAT setup, and will automatically detect the current configuration.
# The script does only support single wan configuration, e.g. not dual.

#Path to logfile leave empty if not used
LOGFILE=""

#Use cron to check for new ip every X minute.
#Leave empty if you're using the default from merlin (24 hours).
#Any previous, or if used, setting will be removed if left empty.
CUSTOM_UPDATE_INTERVAL=""
SILENT="false" # "true|false". true only logs ip change

#Select DDNS provider below. Select either and adjust config accordingly
DDNS_PROVIDER="noip" # "noip" or "asuswrt"

###Config for noip
USERNAME=""
PASSWORD=""
HOSTNAME=""
USERAGENT="asuswrt-merlin No-IP Updater/$VERSION"

###Config for asuswrt
MY_DDNS_HOSTNAME="[your-hostname].asuscomm.com"

#Select IP Service Provider below.
IP_PROVIDER="wget -O - --no-check-certificate --quiet https://checkip.amazonaws.com/"
#IP_PROVIDER="curl -s http://icanhazip.com/"
#IP_PROVIDER="curl -s http://ipv4.myip.dk/api/info/IPv4Address | cut -d "\"" -f2"

## CODE BELOW ####
VERSION="3.0"
# Get the the reported wan_ipaddr from nvram. (dual wan uses wan_ipaddr_x, not supported)
ASUSIP="$(nvram get wan0_ipaddr)"

LogMe(){
    if [[ -n "$LOGFILE" ]]; then
        echo "[$(date +'%Y-%m-%d %H:%M:%S')]: $1" >> "$LOGFILE"
    fi
    if [[ "$SILENT" == "true" ]]; then
        if [[ -n "$2" ]]; then
            logger "$1"
        fi
    else
        logger "$1"
    fi
}
UpdateMerlin(){
    /sbin/ddns_custom_updated "$1"
}
UpdateIp(){
    nvram set EXTERNALIP="$NEWIP"
    case "$DDNS_PROVIDER" in
        "noip" )
            # update ip
            URL="https://$USERNAME:$PASSWORD@dynupdate.no-ip.com/nic/update?hostname=$HOSTNAME&myip=$NEWIP"
            RESPONSE=$(curl -s -k --user-agent "$USERAGENT" "$URL")
            RESPONSE_A=$(echo $RESPONSE | awk '{ print $1 }')
            case "$RESPONSE_A" in
                "good")    UpdateMerlin 1; LogMe "CustomUpdateDDNS: (good) DNS hostname successfully updated to $NEWIP." "log"
                ;;
                "nochg") UpdateMerlin 1; LogMe "CustomUpdateDDNS: (nochg) IP address is current: $NEWIP; no update performed."
                ;;
                "nohost") UpdateMerlin 0; LogMe "CustomUpdateDDNS: (nohost) Hostname supplied does not exist under specified account. Revise config file."
                ;;
                "badauth") UpdateMerlin 0; LogMe "CustomUpdateDDNS: (badauth) Invalid username password combination."
                ;;
                "badagent")    UpdateMerlin 0; LogMe "CustomUpdateDDNS: (badagent) Client disabled - No-IP is no longer allowing requests from this update script."
                ;;
                "!donator")    UpdateMerlin 0; LogMe "CustomUpdateDDNS: (!donator) An update request was sent including a feature that is not available."
                ;;
                "abuse") UpdateMerlin 0; LogMe "CustomUpdateDDNS: (abuse) Username is blocked due to abuse."
                ;;
                "911") UpdateMerlin 0; LogMe "CustomUpdateDDNS: (911) A fatal error on our side such as a database outage. Retry the update in no sooner than 30 minutes."
                ;;
                "*") UpdateMerlin 0; LogMe "CustomUpdateDDNS: (error) Could not understand the response from No-IP. The DNS update server may be down."
                ;;
            esac
        ;;
        "asuswrt" )
            RESPONSE=$(nslookup $MY_DDNS_HOSTNAME ns1.asuscomm.com | tail -n1 | sed -e 's/Address 1: //')
            if [[ -n "$RESPONSE" ]]; then
                UPDATE_DDNS="ez-ipupdate -S dyndns -i eth0 -a $NEWIP -h $MY_DDNS_HOSTNAME -A 2 -s nwsrv-ns1.asus.com"
                UpdateMerlin 1
                LogMe "CustomUpdateDDNS: DNS hostname successfully updated to $NEWIP." "log"
            else
                LogMe "CustomUpdateDDNS: Something went wrong????"
            fi
        ;;
    esac
}


CronUpdate(){
    if [[ -n "$CUSTOM_UPDATE_INTERVAL" ]]; then
        if [[ -z "$(cru l | grep "CustomUpdateDDNS")" ]]; then
            /usr/sbin/cru a CustomUpdateDDNS "*/$CUSTOM_UPDATE_INTERVAL * * * * /jffs/scripts/ddns-start"
            LogMe "CustomUpdateDDNS has been added to cron (x $CUSTOM_UPDATE_INTERVAL mins)"
        fi
    else
        if [[ -n "$(cru l | grep "CustomUpdateDDNS")" ]]; then
            /usr/sbin/cru d "CustomUpdateDDNS"
            LogMe "CustomUpdateDDNS has been removed from cron"
        fi
    fi
}

LogMe "CustomUpdateDDNS: Starting custom DDNS updater v$VERSION"

if [[ -z "$ASUSIP" ]]; then
    LogMe "(error) Router has no ip or no network configuration"
    exit 1
fi

CronUpdate

LogMe "CustomUpdateDDNS: Reported asus router ip: $ASUSIP"

if [[ -n "$(echo "$ASUSIP" | grep -E '^(10\.|100\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1[0-2][0-9])\.|172\.(1[6789]|2[0-9]|3[01])\.|192\.0\.0\.|192\.168|198\.1[89])')" ]]; then
    # check if we have a local ip. If true, then look up external ip
    LogMe "CustomUpdateDDNS: Local ip detected"
    # look up external ip
    NEWIP=$(eval $IP_PROVIDER)
    if [[ -n "$NEWIP" ]]; then
        LogMe "CustomUpdateDDNS: Found external ip: $NEWIP"
    else
        LogMe "CustomUpdateDDNS: External IP not found"
    fi
else
    NEWIP="$ASUSIP"
    LogMe "CustomUpdateDDNS: External ip detected"
fi

# compare found ip with stored ip. If nothing is stored, assume an update is needed

if [[ "$NEWIP" == "$(nvram get EXTERNALIP)" ]]; then
    # ip has not changed there's no need to hammer the ddns provider, so compare it to the previosuly found ip and save in ram
    LogMe "CustomUpdateDDNS: (nochange) External IP address is current: $NEWIP"
    LogMe "CustomUpdateDDNS: Update not needed"
    /sbin/ddns_custom_updated 1
else
    UpdateIp
fi
LogMe "CustomUpdateDDNS: DDNS update complete"
exit 0

The only thing is that we should add the possibility of email notifications, but I do not think it is complicated since I use email notifications with other scripts.

Greetings.

 

[Maverickcdn]

Something is blocking stun. Are you running any addons?

EDIT: I uploaded a 'wicens-lts-mod.sh' script. Download and rename to 'wicens-lts.sh'
This adds a fallback to use the router's internal WAN IP if the stun fails.

John looks like you removed the function export to the temp file which is where current_wan_ip is set from



Edit: Its exported to a temp file as in testing if setting current_wan_ip=$(F_getrealip) the 5 sec wait watcher for the stun lookup is borked and doesnt kill hung lookups

 

[john9527]

John looks like you removed the function export to the temp file which is where current_wan_ip is set from

I moved the redirect into the function call itself....running directly from the command line it would hang the way you had it. Just trying different things.
The fact that the ministun fails when run by itself from the command line is the problem.

When I can I'll bring up my N66 MIPS and see if I can recreate (it's a bit disruptive to take down my main router and replace it)

 

[john9527]

It doesn't work either, a shame

But what does it tell you about your external WAN IP? What kind of config do you have? Are you double NAT? CGNAT?

 

[Maverickcdn]

I moved the redirect into the function call itself....running directly from the command line it would hang the way you had it. Just trying different things.
The fact that the ministun fails when run by itself from the command line is the problem.

When I can I'll bring up my N66 MIPS and see if I can recreate (it's a bit disruptive to take down my main router and replace it)

Doh, my bad. At work right now, must have scrolled by the other change.

In testing on my N66 back in the day I was trying gettunnelip (didnt know about getextip) on your fork which did return my WAN IP but I think if someone is running a VPN this would show the VPN IP correct?

 

[john9527]

In testing on my N66 back in the day I was trying gettunnelip (didnt know about getextip) on your fork which did return my WAN IP but I think if someone is running a VPN this would show the VPN IP correct?

gettunnelip is just a link to getextip in my fork (it started life as gettunnelip, but was then generalized...I happened to pick a different name for the general version before Merlin did ). If you just pass a number (instead of a full interface name) it assumes you are requesting a tun interface.

 

[diamuxin]

But what does it tell you about your external WAN IP? What kind of config do you have? Are you double NAT? CGNAT?

No, I don't have double NAT and neither do CG-NAT. My AC66U is the main router.

My Internet connection is with FTTH and I only have one ONT before the router (it is transparent): I connect by PPPoE through VLAN20.

 

[john9527]

I connect by PPPoE through VLAN20.

DING! DING!
I understand now....my getextip is not pppoe aware. I'll work on a new build for you to try.

 

[RMerlin]

DING! DING!
I understand now....my getextip is not pppoe aware. I'll work on a new build for you to try.

Asus added a getrealip.sh script to the firmware a few years ago, maybe use that as a reference. It's on my Github under router/rom/apps_scripts/ .

 

[dev_null]

The only thing is that we should add the possibility of email notifications, but I do not think it is complicated since I use email notifications with other scripts.

Greetings.

If you can export it as a text file, you can use div-email (https://raw.githubusercontent.com/de-vnull/vnstat-on-merlin/development/scripts/div-email.sh) to draw from the Diversion email credentials and send a message.

See description here: https://www.snbforums.com/threads/b...tall-script-offline-for-now.70091/post-661765

And how I got it to work on the alpha version of VoM: https://www.snbforums.com/threads/b...tall-script-offline-for-now.70091/post-661889

 

[john9527]

@diamuxin @Maverickcdn

OK....there's a new build, 48D3 in the Development-Beta folder. Biggest change is PPPoE support in the stun script. I have no way to pre-test, but pretty sure it should work.

There's also a new wicens.sh script in the Scripts folder. Since I needed to open the code, I updated the firmware so that changes to to the wicens script are no longer necessary except for the firmware version check (1 line added, 2 lines changed). I also updated the version to 1.12

I'll keep my fingers crossed!

 

[Maverickcdn]

Wow John... you're amazing, if anything your willingness to go above and beyond (in my opinion) has reinvigorated me to get back behind the keyboard.

I won't be able to put in some consistent seat time for a bit but Ill look at adding 374LTS support to wicens and the request from maghuro on github for update support. I should be able to test against your beta build as well (not PPPoE though)

Do you remember what the issue here was specifically?

EDIT: I also refreshed the download wicens-lts.sh script to fix a problem removing the wan-event script when doing a reset.

And not to sway your thread or the discussion too much but @thelonelycoder was hinting he might be working on a stand alone Emailer script, it may be backwards compatible with 374LTS, but if it doesnt come to fruition I may look at doing it but Ill be quite busy until fall, I had started on such a thing myself and was designing a GUI interface for Merlins addon API but quickly realized I was well out of my realm of knowledge and it will take me 6months+ to learn/write/debug any such thing but it could retain some of the 1000 lines of CLI entry code for user creds to still work with 374LTS

Keep up the stellar work!

 

[john9527]

@Maverickcdn

I like to try and keep things with my fork as compatible as possible with Merlin, so this was a good exercise (I also enjoy debugging and fixing problems.....I know.....I'm strange )

On this one...

EDIT: I also refreshed the download wicens-lts.sh script to fix a problem removing the wan-event script when doing a reset.

I originally wanted to be able to rename your script to avoid confusion, but you had hard coded the script name in a lot of places. When I did a mass replace to make the name a variable, there was a sed command that referenced the script name that was constructed with single quotes that didn't expand correctly and needed to be changed to double quotes.

 

[Maverickcdn]

@diamuxin I made the changes to my script to accommodate the changes made by John to his firmware, you can install 48D3 and download wicens v1.12 from github

I wont be able to test it myself just yet so Im at your mercy

 

[diamuxin]

Hi!

I have followed the recommended steps in my AC66U:

1.- Updated my AC66U from 48E2 -> 48D3
2.- Installed wicens.sh script downloaded from @Maverickcdn 's Github (updated according to the latest script from @john9527 )

It works almost correctly already !! Congratulations!

Just a small problem (at least for me, hehe), the sendmail of this latest release does not work well, I have tried it with SMTP Gmail (587) and also with SMTP Outlook (587).

Wicens log:

My shipping method (Gmail) used in other scripts (It has always worked well with 48E2):

Example:

#!/bin/sh
FROM="xxx@gmail.com"
AUTH="xxx@gmail.com"
PASS="xxxxxxx"
FROMNAME="Router RT-AC66U"
TO="xxxyyy@gmail.com"

echo "Subject: DDNS: Nueva IP WAN" >/tmp/mail.txt
echo "From: \"$FROMNAME\"<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Servidor NO-IP actualizado correctamente con IP: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
echo "Fecha Sistema: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "----- " >>/tmp/mail.txt
echo "Enviado desde ASUS RT-AC66U" >>/tmp/mail.txt

cat /tmp/mail.txt | /usr/sbin/sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" -au"$AUTH" -ap"$PASS" $TO

rm /tmp/mail.txt

Result:

Log with verbose option (sendmail -v):

admin@RT-AC66U-2940:/jffs/scripts# ./tmail.sh
sendmail: send:'NOOP'
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
verify return:1
250 SMTPUTF8
sendmail: recv:'250 2.0.0 OK d204sm3314037wmc.17 - gsmtp'
sendmail: send:'EHLO RT-AC66U-2940'
sendmail: recv:'250-smtp.gmail.com at your service, [2a0c:5a80:16ff:ffff::567f:fc29]'
sendmail: recv:'250-SIZE 35882577'
sendmail: recv:'250-8BITMIME'
sendmail: recv:'250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH'
sendmail: recv:'250-ENHANCEDSTATUSCODES'
sendmail: recv:'250-PIPELINING'
sendmail: recv:'250-CHUNKING'
sendmail: recv:'250 SMTPUTF8'
sendmail: send:'AUTH LOGIN'
sendmail: recv:'334 VXNlcm5hbWU6'
sendmail: send:''
sendmail: recv:'334 UGFzc3dvcmQ6'
sendmail: send:''
sendmail: recv:'534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbu'
sendmail: recv:'534-5.7.14 XlATGtsDndqNyvL7huEOu4RQuw2SQ3Qk3OdN19Vsa-pLUO8w8Q'
sendmail: recv:'534-5.7.14 6hvuNtvxrl2AZ-9vsciomSDRzkouxdw_KJokbZZQZhTtlL8D3OCLNFpmDqAd7Nbu>'
sendmail: recv:'534-5.7.14 Please log in via your web browser and then try again.'
sendmail: recv:'534-5.7.14  Learn more at'
sendmail: recv:'534 5.7.14  https://support.google.com/mail/answer/78754 d204sm3314037wmc.17 - gsmtp'
sendmail:  failed
admin@RT-AC66U-2940:/jffs/scripts#

Certificate used: /jffs/configs/Equifax_Secure_Certificate_Authority.pem

-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

With another provider (Outlook):

#!/bin/sh
FROM="xxx@outlook.com"
AUTH="xxx@outlook.com"
PASS="xxxxxx"
FROMNAME="Router RT-AC66U"
TO="xxxyyy@gmail.com"

echo "Subject: DDNS: Nueva IP WAN" >/tmp/mail.txt
echo "From: \"$FROMNAME\"<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Servidor NO-IP actualizado correctamente con IP: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
echo "Fecha Sistema: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "----- " >>/tmp/mail.txt
echo "Enviado desde ASUS RT-AC66U" >>/tmp/mail.txt

cat /tmp/mail.txt | /usr/sbin/sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp-mail.outlook.com:587 -tls1 -starttls smtp" \
-f"$FROM" -au"$AUTH" -ap"$PASS" $TO

rm /tmp/mail.txt

Result:

I'm sure the problem is with FW 48D3, if you have modified sendmail and some part of the firmware that does not allow the use of the certificate (with 48E2 the scripts sent emails correctly). I have also tried from my NAS sending email from the same GMAIL account and it works fine, but nothing comes out of the router.

EDIT: It's funny, when I reboot (2 times) it, at startup, the script, for example, wan-start if it sends the email correctly but then sendmail no longer works.

EDIT2: Everything solved, it was a problem with my Gmail account (from). I have created a new account and now everything works fine.

Many, many, thank you for your great work!

EDIT3: Thanks also to @Maverickcdn for his great script!

Best regards.

 

[john9527]

sendmail is standard as part of busybox...nothing special in the fork.

One thing I found is that the mail servers I was using to send the mail would complain when using a custom 'name' for the sender (maybe a spam/security check). Try setting the sender 'name' to be the same as your sending email address instead of something like Asus Router