What's new

N00bs need simple page with outdated stuff & working stuff. Also simple commonly used phrases only people following Merlin for years understand :D

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

Citius

Guest
First of all this was the closest i got and when trying to answer that the thread i got that it was to old :)

Importing the CA is required for your devices to trust certificates created by Pixelserv. Firefox has a separate cert store than Windows, so you have to do it twice if you use Firefox and Edge/Chrome. So if you’ve done these steps multiple times, you could end up with the wrong CA on your devices depending how much you started over.

Unfortunately you have to take the Pixelserv wiki instructions with a grain of salt because they are aging and the author is AWOL, and amtm makes it simpler. You should really avoid installing Pixelserv manually, and instead just install Diversion and let Diversion install Entware and Pixelserv and create your CA. Once that’s done, run the script in amtm to secure the webui.

Yeah, an old post, but it's the closest one i can find after about 15 hours of searching and reading old guides, FAQ:s, and so on.
I have installed Diversion with pixelserv-tls, skynet, YazFi, and some others

Only one simple question:
How do i secure my access to my router on my LAN (router.asus.com). I do not use DDNS or any external access.
I just want to have my router login secured since i don't trust all devices on my lan.
That was the simple question :)

I have pixelserv installed and want to use it for more than ad-blocking.
The PS command in AMTM starts and asks me 1. or 2, Where the latter is "newer and updated" But it just fails.
I know it's not developed anymore, and if someone have an easy guide to just get LAN side access to the router secured with a cert, it will be great or what command do i have to input to make this work?
The CA uses the CN: Pixelserv CA and has nothing to do with router.asus.com .
Please give me the commands to generate a server cert for the router.
and not: $ sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"

There are NO... NO.... Simple guide for N00BS in this small space of home users. At work i work with much more expensive stuff, but they are actually easier to understand since they are built for it. and i understand how incredibly much you guys have made these routers much more secure for home users. It's like Home router on steroids, thats why i bought an RT-AX86U i little while ago.
I won't buy that expensive HW and SoftWare licenses from Cisco, Checkpoint or equal with SSL inspection as a service and level 7 Firewalls and virtual patching ad so on.
I just want to secure my home entertainment on a decent level, but i'm finding it harder to acomplish since i havent followed this segment of the market.

I have imported the CA.crt to my Android phone and my win 10 and i'm not really sure why i needed that since ad-blocking worked fine without it. But i get a green padlock on the test page for the pixelserv now :)

Some small things that someone working with these scripts and routers knows very well is for me several hours reading through 4 or 5 years of posting in threads just to try to follow the developement, to understand how i can do i simple task. It makes me so tired, after so many hours of reading things that doesn't work anymore or is used differently now.
Im absolutely not ungreatful, even if it may sound so, but a thousand thanks to the one putting together a Knowledge base with easy instructions and Frequently used words that is not self explainatory. Just the phrase M&M is impossible to find anywhere else. I know now that it means Manual and minimal, but that had me spending a long time understanding.
And stuff like that the last developer of the Pixelserv is not available anymore and it should only be used for ad blocking now would be great on that Knowledge base.
Or a simple thing like: what is "SSH UI" that is mentioned here and there. Most people say SSH GUI. Try to google it.

Again, as i said, this is not me criticising your great work, but you live with this everyday and are well known with the different phrases, but for me just starting with Entware, Scripts and all that now is possible to do this it's overwhelming. and as i understand a lot more than an average home user it's frustrating that a simple shortened phrase that is not "Googleable" makes me halt for a long while with a simple task.

I used Merlin many years ago because my AC68U sucked at ovpn, and i hade Express VPN and wanted more clients and settings. That was easy and SUPER. But 5 years later the terminology and all the new stuff is not easy to dive into :)

I am glad that i have managed to setup a separate vlan for my guest wifi for work and throwing that traffic trough one tunnel with YazFi, and my private network trough another and it is working well.
It is incredible! so the advancements made is really going on corporate level.
But then something that i liked a lot like Skynet and Diversion is not working when i connect throug the OVPN tunnel since my provider doesn't let me set DNS to disabled in the VPN settings.
so then i spend 2 days trying to get that working, but no success. Finally i just let my private stuff go through my isp with Skynet and Diversion functioning.
All the time i try to do things like i want to have them, it feels like i'm the first one asking for this function, even though many is using it. But this is the people that has followed with Merlin in all these years.
all the others that is having problems could probably be guided very easily.

Like L&Lds guides for some stuff works super and is idiot proof.
I did what everyone says you shouldnt with AiMesh. I mixed my AX with my old AC. After reading instructions he made about it. It worked flawless. I didn't need it since i have just a one floor apartement but it was cool to try and set it up with my brand new router and my 5 year old router, and still it worked.

I Can't use the helper "PS" since it isn't working.
Thanks to Diversion and AMTM, and it was easy to set them up with the Pixelserv. But how can i use this with my https://router.asus.com:8443?
How can there not be any guide or just an instruction when everything is installed and working but i just need to generate a cert for the router. I mean i didn't need to do more than install it with the "SSH UI" (yes please google "SSH UI" and spend 1 hour to understand what that is. Normally called "SSH GUI") "Going bananas right now! :D
Please put one post with words used that no one else in the whole world other then ASUS and the great team of people working to improve ASUS stuff knows what they mean.
Iv'e been workng with IT for many years but home routers with Arch and Entware stuff is not something that is self explained. Just trying to send e-mail from Diversion is incredibly hard when usin Curl.
I asked a collegue that is a programmer and very good at Linux and he didn't know why it failed.

This is very good guide below but when the helper script below or the newer PS in AMTM doesn't work and you know it is just some strings of commands and it will work makes you never quit searching, but it is nowhere to be find.

"For the "less technology savvy users of ASUSWRT"
config-webgui.sh
To make life easier for less technology savvy users of ASUSWRT, a helper script is developed to automate the process. Simply re-run the script after firmware upgrade. Note that re-running the script does not cause harm. If you see any cert error, feel free to run the script again. Below is the one-liner script:

$ sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"
The script will guide you through the process and

allow you to choose your DDNS or router.asus.com for accessing WebGUI
use your Pixelserv CA in /opt/var/cache/pixelserv to issue a server cert to WebGUI
configure WebGUI with the new certificate
let you test before confirming work
let you revert to old certificate if test fails"

sorry. Just frustrated for getting so excited about some features that works perfect and then hitting a wall.

Kind regards/Citius
 
It's simple: In amtm enter ps and use option 2. Read the explanation by kvic and proceed.
 
Maybe it is time to retire option 1.
 
I believe it was Novemer 2016 when AB-Solution with pixelserv-tls was released.
Spot on. I went on a vacation to the US right after and then the now ex was elected then.
 
I wrote a basic "for n00bs" post as I was figuring out my install for the first time; updated it three times since then. :) Ref: sig.
 
Maybe it is time to retire option 1.
Option 2 was the first i tried since it said it was updated with newer models (but i guess that was in May 2020)
Is there some log i can grab that may lead me to the error?
 
Is there a workaround for ps not working? I'm doing a greenfield setup and that was one of my steps after replacing my keys. I went looking for the code to add the model (if possible) but I cannot locate it on the router. None of the AX routers are, I assume, included?

@thelonelycoder I saw your comment about "sunsetting" pixelserv... Have most people stopped using pixelserv? It still seems to block a lot of stuff on pages for me. I see a lot of blank space... I know you and @Jack Yaz kindly "adopted" pixelserv to keep it working for the Merlin community after Apple broke the certificate dates. THANKS!
 
Last edited:
I believe it was Novemer 2016 when AB-Solution with pixelserv-tls was released.
Spot on. I went on a vacation to the US right after and then the now ex was elected then.
HE WHO MUST NOT BE NAMED! ;)
 
Last edited:
Is there a workaround for ps not working? I'm doing a greenfield setup and that was one of my steps after replacing my keys. I went looking for the code to add the model (if possible) but I cannot locate it on the router. None of the AX routers are, I assume, included?
Try now, I've updated the helper script. Use uu to force update amtm first.

Code:
# March 6 2020 Modification by thelonelycoder.
#              Added GT-AC2900 and RT-AX86U, added stop point for errors.

@thelonelycoder I saw your comment about "sunsetting" pixelserv... Have most people stopped using pixelserv? It still seems to block a lot of stuff on pages for me. I see a lot of blank space... I know you and @Jack Yaz kindly "adopted" pixelserv to keep it working for the Merlin community after Apple broke the certificate dates. THANKS!
Indeed, I am sunsetting pixelserv-tls in a future Diversion release. For now it'll still work for those that appreciate its job.
 
TY!! I'd love to hear what people are doing besides pixelserv-tls. As far as I know, pi-hole is the only other "like" option and pixelserv-tls had some clear advantages at the time I explored the pros/cons. I do see a marked contrast to the "ad levels" when I'm logged in at work vs at home.... night / day on some sites.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top