OpenVPN version in Merlin compared to stock?
- Thread starter RFT354
- Start date
The version is in the system log when you start a server or client.
Thanks.
What will happen with Merlin for RT-AC86U when Asus stops issuing new firmware for that router (it's already 4 years old)? Will Merlin stop supporting it? If so, does any other opensource firmware support this model?
I'm about to unbox Asus RT-AC86U and need to decide which firmware to use. I have never installed custom firmware on any device before. The only reason I replaced my wired-only router with a wireless router, and this expensive, is because I want to have OpenVPN in the router instead of Windows. I've read this router has some kind of AES accelerator.
Martineau
Part of the Furniture
For a detailed response use the
openvpn --version commande.g. RT-AC68U v384.19
Code:
openvpn --version
OpenVPN 2.4.9 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 14 2020
library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=noRT-AC86U v386.1 Alpha4
Code:
openvpn --version
OpenVPN 2.5.0 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 29 2020
library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=noIs the RT-AC86U log for Merlin or stock?
Martineau
Part of the Furniture
Merlin
Do you know if in the past Merlin updates stopped after Asus stopped updating the firmware of older models?
It seems my model is not supported by OpenWRT, DD-WRT or any Tomato.
Mr Tvardovsky
Regular Contributor
Maybe this reference will help you - in summer RMerlin announced he’ll the most probably stop supporting ac87u and ac3200 (version 384.13_10):
Changelog (388.x) | Asuswrt-Merlin
www.asuswrt-merlin.net
At the same time, Merlin still fully supports ac66u_b1 that was launched, I believe, in 2016. And which remains fully supported by Asus.
All in all, I don’t think you have to worry about support for your ac86u for next couple of years.
Maybe this reference will help you - in summer RMerlin announced he’ll the most probably stop supporting ac87u and ac3200 (version 384.13_10):
The reason is limited support from Asus.Changelog (388.x) | Asuswrt-Merlin
At the same time, Merlin still fully supports ac66u_b1 that was launched, I believe, in 2016. And which remains fully supported by Asus.
All in all, I don’t think you have to worry about support for your ac86u for next couple of years.
Asus released stock firmware for the AC87U in 2020/07/09, but Merlin didn’t follow up in his latest release. I didn’t know Asus helps him. I emailed Asus a while ago and they could not provide a support end date for my AC86U model.
I wish there was some law that required the manufacturers to provide security updates for 10 years after they stopped selling a model. If Microsoft can do it with Windows, why not everybody else? It seems router security will remain in a state of anarchy for the foreseeable future.
The wire-only Asus router I’m using now had its last firmware update released in 2012, a year after I bought it, but it’s primitive compared to the one I bought now and therefore probably is less prone to security holes – and as I’m writing this my computer’s remote owner doesn’t seem to disagree with me (yes, very good security and no holes whatsoever…)
Smokey613
Very Senior Member
Asus routers hardware acceleration
Hello, Can someone confirm which Asus routers support hardware acceleration for VPN (and merlin-firmware) please. My understanding is there are two models: 1. Asus RT-AC86U (AC2900 version) 2. Asus RT-AX88U Are there other models? Thanks in advance. b
www.snbforums.com
Asuswrt-Merlin is essentially a fork of the original firmware. Once Asus stops supporting a model, it becomes impossible for me to continue supporting it due to the large amount of closed source portions of code in a firmware, which is model-specific. Once Asus's code and my code start drifting apart too much, then those closed source components become incompatible. This is what happened with the RT-AC87U, where Asus was still using 382 code for that model, and my firmware was using 384 code. Those closed source 382 components can no longer be used with 384 code.
True open source firmwares for commercial routers are all dying. Broadcom and Qualcomm are both increasingly closed in regards to driver code, and they both increasingly rely on more proprietary/closed source components to enhance features. In a few years, the only way to have an open sourced firmware on a modern router will be to build your own router based on an X86 or generic ARM platform platform. DD-WRT and Tomato are going nowhere in terms of new model support, and OpenWRT is increasingly getting cornered in terms of model support as well. I don't think there is any open source firmware that supports a Wifi 6 router right now.
I can already see how things will repeat itself for me, with years of no firmware updates. Politicians are constantly preaching how important the environment is and why they must tax everything and everyone so to limit our carbon footprint, but at the same time they force us to choose between throwing away our smartphones and routers every few years or using them without security updates.
I’m mostly concern with having old OpenVPN on my router once Asus stops releasing new firmware. Is there a way for me to copy and paste new OpenVPN code into the firmware of my router when that happens? It has to be really simple, because I don’t know anything about coding.
If not, I’ll probably buy cheap routers that still receive new firmware and put this one, the one which is running the OpenVPN, behind the new one’s firewall. What I’m not going to do is buy a high-end router every few years. I don’t game, so this router is really an overkill for me.
Here’s an x86 router, but too expensive for me. They seem to preconfigure them for different VPN providers, so you just hook them up and go.
The best VPN router solution | Vilfo
Vilfo is a VPN router that protects all devices in your network. Vilfo supports the majority of VPN services and over 30 are pre-integrated.
I don’t know if this is possible, but perhaps a better business idea would be to sell software people can use in their old PCs and turn them into routers. Good for the environment, too.
It's not as simple as just copying newer files on top of the old one unfortunately. You need to do an actual code merge using tools such as "patch" and "diff", and you also have to adjust other areas of the code when there are changes done at the settings level (for instance, you can't just replace 2.4.x code with 2.5.x and expect it to work properly).
To be honest, OpenVPN is pretty solid security-wise. The code received two independent audit a few years ago, and I've seen very little (if any) security fixes in OpenVPN since then. OpenSSL has also gained a lot in terms of security, with the last few security issues being rather esoteric to exploit (i.e. most can't be exploited through an application such as OpenVPN).
If the VPN service is your main worry, then I can suggest running it on another system behind your router. Can be a virtual machine running on an existing PC, for example. Something like CentOS or Ubuntu LTS should at least give you a few years of security update, and after that you can upgrade the whole distro.
That already exists, and many are actually free. OpenSense, pfSense, Sophos XG (their home edition is free), Gargoyle, etc...
I’m probably going to keep the still unboxed AC86U I bought, but I am curious of alternative solutions so I don’t have to look for new hardware every few years when the manufacturer stops updating the firmware.
You mentioned running OpenVPN on a separate machine behind my router. I want the OpenVPN machine to remain on 24/7, so it can’t be a VM on a machine I turn off every day. This is the main reason I’m not keeping the Windows VPN app I’m using now, since it’s leaking every time the computer reboots. I assume I should then connect other machines to that OpenVPN machine, but how do I make that connection so all data goes through the OpenVPN machine? I tried to share adapter a while back, but couldn’t make it work.
Sharing a VPN connection through an Ethernet cable
Before you start Your Windows PC needs to be connected to your network either using Wi-Fi or an Ethernet cable. If you are connecting your PC to the network via an Ethernet cable, you will need a ...
Does Sophos XG also function as a router?
Also, which is easiest to understand for somebody like me, who thinks the ac86u UI is very complicated: Sophos XG, OPNsense or PFsense? I’ve watched Youtube videos of all three, and my impression is that Sophos XG is ever so slightly more intuitive, followed by OPNsense and lastly PFsense, which is least intuitive. Should I even attempt, because I risk leaving big security holes in the firewall?
I realized my old machines only have 100Mb LAN, so it would have to be something like this:
https://www.amazon.com/dp/B074XP8XRG/?tag=snbforums-20
You didn't specify the goal was to route your outbound traffic through a VPN provider rather than getting remote access to your LAN. That's a completely different scenario. You would need your client to use that VPN router as your default gateway.
Yes, it's a complete router/gateway/security solution.
Sophos XG is probably the simplest of the three, with pfsense being the most complicated one. But none of these are designed for network novices, unlike home routers like the Asus routers, so they all carry a certain learning curve.
You mean the OpenVPN must be in my AC86U, or Sophos XG if I go that way?
Edit:
If inbound VPN was my primary interest, I would probably look in to Wireguard.
WireGuard for Windows 0.3.1 is the release you’ve been waiting for
Unprivileged users can start and stop WireGuard tunnels via the UI now.
Last edited:
Similar threads
Similar threads
Similar threads
-
-
-
-
Connection to router by ip fails while remote over OpenVPN
- Started by cone
- Replies: 17
-
-
-
-
-
-
Latest threads
-
-
XT8 Packet Loss Wired Mesh - Using as Access Points Only
- Started by spyerx
- Replies: 0
-
Asus BQ16 Little help required.
- Started by Reinforcer
- Replies: 1
-
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!