20287.Which GPL version are you checking? That code didn't seem to be commented out in 384_20379 (the latest I've got).
https://github.com/blackfuel/asuswrt-gt-ac5300/blob/master/release/src/router/rc/services.c
20287.Which GPL version are you checking? That code didn't seem to be commented out in 384_20379 (the latest I've got).
Thanks. Looks like for some reason that didn't get merged into my own repo.
And meanwhile I fixed the RT-AC86U build of IPSEC - the precompiled libssl/libcrypto Asus provided in the GPL were compiled with -no-engine, preventing it from loading. I recompiled them, and now my Zenpad is able to succesfully connect to the RT-AC86U.
//ENGINE_load_builtin_engines();
//ENGINE_register_all_complete();
In my experience, no-engine made some conflicts with wget and openvpn when I built from your clean repo. (need a test)
So I commented out 2lines in /strongswan-5.2.1/src/libstrongswan/plugins/openssl/openssl_plugin.c.
Code://ENGINE_load_builtin_engines(); //ENGINE_register_all_complete();
And now TOR and IPSec both work fine.
But maybe there be a potential risk.
I simply recompiled the aarch64 version of OpenSSL with engine support enabled, so no code change was necessary. The updated static builds are now on Github. My Zenpad was able to access my RT-AC86U's webui from its LAN address while connected through IPSEC, so IPSEC is definitely working fine now on that model.
The regular 32-bit build of OpenSSL always had engine support enabled (as it's necessary for Tor and probably others as well). I haven't changed anything, so OpenVPN/Tor shouldn't be unaffected.
BTW, don't you have system log problem ? It is happening only to me?
I don't understand what you mean by this, sorry.
Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
Clear system log and try signature update (or whatever makes syslog).
It appear like this.
Code:Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
I could access the web ui when I connected another wi-fi (IPv4, different IP) but when I was using LTE (IPv6) web ui didn't response. (internet was ok)My Zenpad was able to access my RT-AC86U's webui from its LAN address while connected through IPSEC, so IPSEC is definitely working fine now on that model.
I hope to be fixed. I couldn't find wrong point.Doubt it's related to IPSEC. /tmp/syslog.log only contains the data once, so that'd be a display issue tied to either httpd or the webui, possibly triggered when clearing the logfile.
Found it. It's a bug in httpd that only appears when IPSEC support is enabled, there should be an "else if" instead of an "if" there:
https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/httpd/web.c#L1649
Otherwise, it causes the requested logfile to be sent twice. Probably breaks various other system dump calls in that same function as well.
Unsure about special characters, but generally asuswrt is very fragile to these, best to avoid using them when in doubt.
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
C | Does Asus' IPsec implementation allow LAN access? | ASUSWRT - Official | 7 | |
K | ASUS iOS app not finding router AX89U Pro 3.0.0.6.102_21514 | ASUSWRT - Official | 5 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!