IPv6 admin login constantly returns to "You cannot login unless logout another user first."

[jorhett]

I've been seeing a problem for a couple of years now where every 30 seconds or so I get tossed to the screen that says

> You cannot login unless logout another user first.

Since I'm always the only one logged in, I hit Back and continue on my business. Since I don't login often, and not for long, I've been putting up with this. It's been going on since at least the shift to 386 and continued with 387 and also with 388. So tonight I started debugging it.

I followed advice here and used these commands to clear all the values prior to logging in before a set of tests:

> nvram unset login_ip_str
> nvram unset login_timestamp
> nvram unset login_ip

Tests have confirmed that it doesn't matter if I use the dns name or the IP address, it only matters which protocol is being used. If I change the DNS name to only return an A record, or go directly to the IPv4 address, this problem disappears. If I go to the IPv6 address, or go to the exact same DNS name (after clearing dns cache of course) that returns an AAAA record then exactly 30 seconds after login I get redirected to the "logout another user" page.

Before anyone says "only use IPv4" -- that's not plausible for me. I work on dual stack services all day. IP traffic entering/leaving my house has been over 50% for a decade, and it's nearing 98% these days. In fact, I only have IPv4 on one local segment and I want to leave disable that and leave it on only for Guest network... and you can't login to admin from a Guest network.

 

[L&LD]

What router are you using? What specific firmware? Which router had 387.xx level firmware?

Have you tried a different browser? Have you disabled all extensions? Have you tried logging in, with 'InPrivate' mode (or the closest match to the browser you're using)?

What features and options do you have enabled on your router? What scripts?

As Asus is using primarily an IPv4 base for its internal workings, the easiest is to use the IPv4 address of the router and, as you state, the problem disappears.

I don't see too much of an (Asus/RMerlin) issue here. If there is a method that works, use that. If another way works unreliably, don't use that.

This isn't a Windows-based system that has multiple ways of doing the same thing.

 

[jorhett]

What router are you using? What specific firmware? Which router had 387.xx level firmware?

Sorry, I meant 386.7.2 not 387. It's been happening a while. I saw it on both my older RT-AC86U and I also see it on my RT-AX86U with 388.1 right now.

Have you tried a different browser? Have you disabled all extensions? Have you tried logging in, with 'InPrivate' mode (or the closest match to the browser you're using)?

It has nothing to do with the browser: same problem on Firefox, Chrome, Safari, across Linux, Mac, Windows, etc. It doesn't matter if I'm using incognito or not. Please stop thrashing around for the problem when I've already done the work and identified the issue for you. You can replicate it yourself.

What features and options do you have enabled on your router? What scripts?

Doesn't matter. I replicated on a fresh install with no configuration, stock IP

If there is a method that works, use that. If another way works unreliably, don't use that.

I can't use a 1984-created, over-two-decade deprecated protocol when I don't run it on my network.

 

[L&LD]

Glad you're so prepared, except for using the process that actually works.

You mentioned none of those things in your original post, hence my questions to verify.

If you're so dead set against IPv4 shortcuts, then you should probably be looking at another router that has fully baked IPv6 support then.

Most likely, almost all consumer routers are well past your expectations (and have been for a long time now).

 

[thiggins]

Glad you're so prepared, except for using the process that actually works.

@L&LD Please skip the snark

 

[L&LD]

@thiggins, thanks for keeping me on the straight and narrow.

Wishing you and your family all the best. Merry Christmas and a Wonderful New Year to all!

 

[dave14305]

Your best course of action is to reproduce the problem on stock firmware and then report it directly to Asus. I doubt Merlin will spend any time on this.

I used to run into it a lot and opted to just use the IPv4 address.

 

[jorhett]

I used to run into it a lot and opted to just use the IPv4 address.

How do you issue a valid cert for an IPv4 address? I know of no way to make dnsmasq return the internal IP address when the browser queries for the FQDN.

IPv6 address is the same inside and out, FQDN always returns a working address == valid TLS cert works

 

[guetech]

How do you issue a valid cert for an IPv4 address? I know of no way to make dnsmasq return the internal IP address when the browser queries for the FQDN.

IPv6 address is the same inside and out, FQDN always returns a working address == valid TLS cert works

Your best bet is to use a hostname (DDNS or otherwise). I used to regenerate the SSL cert when my WAN IP changed but it introduces a lot of quirks to use certs mapped to IPs. Let's encrypt + a custom DDNS works much better.

I'm having the same issue with IPv6 and I wish Merlin would add a "force logout" button so we at least didn't have to SSH (or wait several minutes) to get back into the router.

This would solve more than the ipv6 issue. (IE I want to login remotely to make a quick change, but if I accidentally left the system log page open on my desktop at home, so I can't. I'm effectively locked out unless I SSH from my phone and remember the magic nvram commands). Though I understand his reasons.