How to get previously supported models working with amtm/entware/div again?

[Aziron5]

Hello

It seems to me the latest amtm and 3rd-party packages won't work well with older FWs and older models no longer supported.

I installed the usual stuff and then entware and it seems broken, stuff doesn't exist, there's comments on various errors when trying to check for entware packages, and when I try to remove entware there's an error at line 111 reset_amtm not found or something and amtm just quits, entware can't be uninstalled.
I didn't even attempt installing diversion because of this.

Sure, no longer supported with future updates, or it's like really no longer supported as in you can't even use older versions of these and get the older models functioning as it was possible several years ago?

Perhaps there's a repo where I could manually download all of the stuff I need, or better yet if there's a trick by editing the amtm or some kind of a script to make it "download versions compatible for this old FW and model".

On one of my routers the last FW is 384.6_0, I think amtm 3.2 was the latest I had on it, but I wiped because I used the router for other purposes and thought I'd never needed it anymore, I'm not sure I have the full jffs backups, I have some but I don't see most other packages (disk check, format, shell history).

Thanks! I did search around a bit and I'm sure there's archives, github, etc, but that's probably a lot of manual work, perhaps there's a faster way you guys may know about.

 

[John Fitzgerald]

You have to update your firmware first. Old scripts are unsupported as security has been updated.

Funny how with all that text you omitted the router model.

 

[Ranger802004]

Hello

It seems to me the latest amtm and 3rd-party packages won't work well with older FWs and older models no longer supported.

I installed the usual stuff and then entware and it seems broken, stuff doesn't exist, there's comments on various errors when trying to check for entware packages, and when I try to remove entware there's an error at line 111 reset_amtm not found or something and amtm just quits, entware can't be uninstalled.
I didn't even attempt installing diversion because of this.

Sure, no longer supported with future updates, or it's like really no longer supported as in you can't even use older versions of these and get the older models functioning as it was possible several years ago?

Perhaps there's a repo where I could manually download all of the stuff I need, or better yet if there's a trick by editing the amtm or some kind of a script to make it "download versions compatible for this old FW and model".

On one of my routers the last FW is 384.6_0, I think amtm 3.2 was the latest I had on it, but I wiped because I used the router for other purposes and thought I'd never needed it anymore, I'm not sure I have the full jffs backups, I have some but I don't see most other packages (disk check, format, shell history).

Thanks! I did search around a bit and I'm sure there's archives, github, etc, but that's probably a lot of manual work, perhaps there's a faster way you guys may know about.

Update to a supported model, they're not intended to last forever.

 

[John Fitzgerald]

Update to a supported model, they're not intended to last forever.

That's one way to get updated firmware.

 

[thelonelycoder]

I don‘t judge if you use outdated firmware or routers, there‘s always a reason why one does so.
I even check if my scripts still work on an RT-AC66U with firmware 380.70. And they do

See this post of how to get up to speed with the routers built in CA certificates:

amtm - AC87U - "All download attempts failed"

ah, that appears to be the problem...amtm is hardcoded to the system version of curl c_url(){ /usr/sbin/curl -fsNL --connect-timeout 10 --retry 3 --max-time 12 "$@";} @thelonelycoder : can this be updated to use the entware version if it's available?

www.snbforums.com

 

[Aziron5]

Sorry, the router model is RT-AC-56U and the older Merlin's FW does not have AMTM included and it's suffering from outdated ceritificates which perhaps among other solutions one solution is to edit the amtm/diversion scripts to add additional CURL parameters "k" in several places, I already have an AX-68U as the main router. I won't be exposing AC-56U to the internet directly, it's not going to become a main router (it can't handle gigabit ISP internet anyway). Just trying to use it for some testing and diy work and I thought why not put the old router to some use so that I don't make any interruptions on the main infrastructure.

Also putting # amtm NoMD5check into the amtm file didn't do anything, still showing "min update" available. I guess that's meant only for other addons?

I'll redo the whole thing with the special certificate recommendation in the meantime.

 

[thelonelycoder]

Sorry, the router model is RT-AC-56U and the older Merlin's FW does not have AMTM included and it's suffering from outdated ceritificates which perhaps among other solutions one solution is to edit the amtm/diversion scripts to add additional CURL parameters "k" in several places, I already have an AX-68U as the main router. I won't be exposing AC-56U to the internet directly, it's not going to become a main router (it can't handle gigabit ISP internet anyway). Just trying to use it for some testing and diy work and I thought why not put the old router to some use so that I don't make any interruptions on the main infrastructure.

Also putting # amtm NoMD5check into the amtm file didn't do anything, still showing "min update" available. I guess that's meant only for other addons?

I'll redo the whole thing with the special certificate recommendation in the meantime.

Well, my mentioned above script does exactly that, that's why I created it.

 

[Aziron5]

Well, my mentioned above script does exactly that, that's why I created it.

Sure, that is what I was referring to yes. I'm just not too sure whether EMTM and/or Entware it self at version 4.0 and the latest scripts would work with the older model ... from official messaging there's no indication it couldn't, but the last time I was using AC56U was with AMTM 3.2.
I was also wondering whether there's more verbose error messaging that amtm and it's addon scripts produce which may be hidden by default or ends up in other logs somewhere?

EDIT: I just ran the ca_cert script and I'm suppose to have amtm installed? I didn't. We'll see what happens, or I'll just wipe JFFS again and start over. The script checked out with all good and no errors reported, other than I have to install entware now.
It's not just failing to get updates, starting over on older models means you can't do anything, not even install amtm, normally without "k", insecure mode.

EDIT2: It seems to be working better now, swap file creation actually shows progress after downloading core-utils, and disk checker shows the log after installation. I guess each addon/module also required to download more resources and with broken certs all of those would require insecure mode as well or more modifications which I didn't thought were necessary, no wonder it wasn't fully downloading everything.

Now, what happens to Entware after I install Diversion? Would the script detect it already installed and skip overwriting?

Also, amtm by default installed freshly, nor the swap file module don't detect an already present swap file. Must be some config setting that's also set somewhere else (I wiped without saving JFFS, and no swap in older backups to see the example)

 

[thelonelycoder]

Sure, that is what I was referring to yes. I'm just not too sure whether EMTM and/or Entware it self at version 4.0 and the latest scripts would work with the older model ... from official messaging there's no indication it couldn't, but the last time I was using AC56U was with AMTM 3.2.
I was also wondering whether there's more verbose error messaging that amtm and it's addon scripts produce which may be hidden by default or ends up in other logs somewhere?

EDIT: I just ran the ca_cert script and I'm suppose to have amtm installed? I didn't. We'll see what happens, or I'll just wipe JFFS again and start over. The script checked out with all good and no errors reported, other than I have to install entware now.
It's not just failing to get updates, starting over on older models means you can't do anything, not even install amtm, normally without "k", insecure mode.

To install amtm on this router use the “Install command for Asuswrt-Merlin firmware older than 384.15" instruction here:

You'll need Entware installed for the CA check script to complete. This router being MIPS based, you'll also need to activate the amtm ep option "3. Parallel use Entware-backports Repo" for it to work, once you have updated amtm to the latest version.

Once all this is done you'll be fine to run whatever script is supported for it. Diversion and amtm certainly are.

​

 

[Aziron5]

To install amtm on this router use the “Install command for Asuswrt-Merlin firmware older than 384.15" instruction here:

You'll need Entware installed for the CA check script to complete. This router being MIPS based, you'll also need to activate the amtm ep option "3. Parallel use Entware-backports Repo" for it to work, once you have updated amtm to the latest version.

Once all this is done you'll be fine to run whatever script is supported for it. Diversion and amtm certainly are.

​

Yeah, thanks for clearing more stuff out, I was indeed following that guide, however that option "Parallel use Entware-backports Repo" does not exist, it also says in AMTM that the architecture is "(armv7l)" and Entware repo is "armv7sf-k2.6".

Secondly, AMTM installs straight to 4.0.

I perhaps didn't make it clear in the OP that this is the third time now that I'm doing a totally fresh install after wiping JFFS and everything else off USBFlash Storage, I wasn't trying to upload old jffs backups. That would have been the last resort, I wanted to see if latest addon versions would work on an older FW and such older model, first. Looks like it will!

EDIT: BTW I just noticed "armv7l" as in lower case "L" instead of number "1" ... seems like me and perhaps other people/sw/fw mistaking it for number "1" but it's actually ARMV7 revision 0 as I checked in /proc/cpuinfo and "l" being for little-endian is using number 1. Not sure those if this really means it's not MIPS, because there is some MIPS mentions elsewhere ... but I've ran the Cert script again and it installed more Entware packages and it reported all good.

Now I just install Diversion and it'll not mess up Entware?

 

[thelonelycoder]

Repo" does not exist, it also says in AMTM that the architecture is "(armv7l)" and Entware repo is "armv7sf-k2.6".

OK, I made a wild guess. If you‘re on arm architecture all is fine. MIPSEL routers did not receive Entware updates for years but there was a backport that received limited updates for a little while.

Diversion works fine on your router, no messing up installing it.

 

[Aziron5]

OK, I made a wild guess. If you‘re on arm architecture all is fine. MIPSEL routers did not receive Entware updates for years but there was a backport that received limited updates for a little while.

Diversion works fine on your router, no messing up installing it.

Allright. Diversion auto-detects Entware and skips, great, I was a bit worried just because I remembered some old instruction of needing to install Diversion first before Entware IIRC, but I guess that has since been resolved.

There was almost no errors from the installation of Diversion, except that:

/opt/share/diversion/webui/process.div: line 837: am_settings_get: not found
/opt/share/diversion/webui/process.div: line 837: am_settings_get: not found
/opt/share/diversion/webui/process.div: line 839: am_settings_get: not found

It also appears when turning off/on Diversion logging.

Router Date Keeper and Shell History don't appear to be working between reboots it seems.

Diversion does appear to work, however I have this router daisy chained to the primary one already running Diversion ... it seems that this second router here isn't going through the Diversion of the main router and making DNS requests directly and receiving replies.
Diversion on the primary router doesn't see any requests made from router2. This is perhaps an issue with DNS configs for the router2, perhaps I have to disallow and only allow the router1's IP as the DNS provider?

 

[SomeWhereOverTheRainBow]

Diversion does appear to work, however I have this router daisy chained to the primary one already running Diversion ... it seems that this second router here isn't going through the Diversion of the main router and making DNS requests directly and receiving replies.
Diversion on the primary router doesn't see any requests made from router2. This is perhaps an issue with DNS configs for the router2, perhaps I have to disallow and only allow the router1's IP as the DNS provider?

You cannot overlap Diversions and expect to be able to see what is getting blocked on the secondary diversion from the primary diversion. Anything that uses the secondary diversion as primary dns will get blocked first if the blocked domain is present in the secondary instances block list. The only way you would see entries being blocked on both diversion's would be if you were able to use both Diversion instances in parallel at the same time from all your dns requesting clients, or if the primary diversions blocklist has a block entry that is not present in the secondaries, or vice versa. It only gets more complicated if you have each router configured to use different upstream dns servers; to me, this sounds like the reason why the secondary Diversion is not using the primary Diversion.

 

[thelonelycoder]

There was almost no errors from the installation of Diversion, except that:

/opt/share/diversion/webui/process.div: line 837: am_settings_get: not found
/opt/share/diversion/webui/process.div: line 837: am_settings_get: not found
/opt/share/diversion/webui/process.div: line 839: am_settings_get: not found

It also appears when turning off/on Diversion logging.

Remove the webui files for Diversion in d, 10, 2. Remove Diversion WebUI files.
You'll see a bunch of errors but that is expected. Your routers firmware does not support the addons WebUI.

Diversion does appear to work, however I have this router daisy chained to the primary one already running Diversion ... it seems that this second router here isn't going through the Diversion of the main router and making DNS requests directly and receiving replies.

I do this all the time with my test routers. My test routers WAN cables are connected to the primary routers LAN ports and are set as WAN Connection Type Automatic IP, no third party resolvers.

 

[Aziron5]

You cannot overlap Diversions and expect to be able to see what is getting blocked on the secondary diversion from the primary diversion. Anything that uses the secondary diversion as primary dns will get blocked first if the blocked domain is present in the secondary instances block list. The only way you would see entries being blocked on both diversion's would be if you were able to use both Diversion instances in parallel at the same time from all your dns requesting clients, or if the primary diversions blocklist has a block entry that is not present in the secondaries, or vice versa. It only gets more complicated if you have each router configured to use different upstream dns servers; to me, this sounds like the reason why the secondary Diversion is not using the primary Diversion.

I do this all the time with my test routers. My test routers WAN cables are connected to the primary routers LAN ports and are set as WAN Connection Type Automatic IP, no third party resolvers.

Right, I eventually foresaw I would have to configure DNS differently, turns out that all it takes is setting WAN DNS of router2 to point to router1's IP just as you confirmed (This is what Auto sets as well). I thought I would also have to enable "Advertise Router's IP ..." and other settings in the DHCP Server DNS settings area, but nope.

Now I see Diversion on router1 seeing router2's and it's clients DNS requests, while on Diversion 2 ofcourse those filtered DNS requests aren't colored because I don't duplicate lists, but this means I can actually use this as a feature and focus on a separate list for some other testing bits.

Thanks folks!