[Release] Asuswrt-Merlin 384.12 is now available

[CaptainSTX]

Can you let me know what router model you have again, thanks?

The only thing I can think to ask so early here is this. Does the VPN server not start at all, even with all default settings? Or, are you using a custom VPN configuration that isn't working now?

Watch it when you're up on that stool resetting the router next time!

I have an AC86U. With 11_2 I could get the server running using just the default settings. With 12.0 I first tried the defaults on both Server 1 and Server 2. I then tried various custom configurations suggested by other posters on this site. The only thing I didn't try was generating my own certificates. Finally got the router so screwed up I had to totally erase the NVRAM, reset to factory defaults, reboot, etc and finally revert to 11_2 where everything is working just fine again with the defaults.

 

[JemTheWire]

Except that this is happening with Cloudflare and now Quad9.

Where will i find stubby.postconf ? I have searched with WinSCP in an SSH session, but no matches found.

 

[RMerlin]

Fixed the Sysinfo authenticated report for QTN, Uninstall AiCloud button not getting hidden on Firefox, Ping Count input field showing for Continuous Pings, Firmware Upgrade page reverting to generic Asus support link if scheduled checks were disabled.

I still can't reproduce any problem with the OpenVPN server. Just started my RT-AC86U once more, reset the server to factory defaults, and it started up just fine. I will need the system log entries occuring at the moment OpenVPN gets (re)started to have a better idea, otherwise I will have to count it as a configuration issue. OpenVPN server should actually be even less likely than before to error out, as it no longer waits for the clock to be properly set.

 

[CaptainSTX]

Thank you for that!

I too have seen this issue and will be doing my own Nuclear Reset to see if anything improves (possibly this weekend).

Did you do a reboot after making any changes, and then waiting at least 10 minutes after the router came back up before testing it again?

Some of the times yes. When I took the AC86 offline last night after the wife went to bed it sat on my desk all night long with no connections to the network or power. I also let it sit unplugged durring my breakfast break.

 

[Thermaltake]

I am getting these messages all the time in log, haven't had them on previous build of firmware

Jun 26 18:34:18 WLCEVENTD: eth2: Disassoc E4:0E:EE:24: D0:35
Jun 26 18:34:47 WLCEVENTD: eth2: ReAssoc E4:0E:EE:24: D0:35
Jun 26 18:34:47 WLCEVENTD: eth1: Disassoc E4:0E:EE:24: D0:35
Jun 26 18:35:18 WLCEVENTD: eth1: ReAssoc E4:0E:EE:24: D0:35
Jun 26 18:35:18 WLCEVENTD: eth2: Disassoc E4:0E:EE:24: D0:35
Jun 26 18:35:18 kernel: br0: received packet on eth1 with own address as source address

 

[CaptainSTX]

Fixed the Sysinfo authenticated report for QTN, Uninstall AiCloud button not getting hidden on Firefox, Ping Count input field showing for Continuous Pings, Firmware Upgrade page reverting to generic Asus support link if scheduled checks were disabled.

I still can't reproduce any problem with the OpenVPN server. Just started my RT-AC86U once more, reset the server to factory defaults, and it started up just fine. I will need the system log entries occuring at the moment OpenVPN gets (re)started to have a better idea, otherwise I will have to count it as a configuration issue. OpenVPN server should actually be even less likely than before to error out, as it no longer waits for the clock to be properly set.

I am beginning to believe that it is a problem with some scripts running on the AC86. If they crash they cause problems including issues with the VPN server and VPN clients.. As I have mentioned before several times when adjusting, starting or stopping Skynet it generates a three line error message in red referencing the Iptables & Ipconfig. Removing Skynet and then reinstalling Skynet or for that matter all scripts doesn't seem to fix the problem. For me I have had to do multiple nuclear options to get the router back into to operation and get at least the VPN clients up and going. When I got my AC86 up and working today on 11_2 with two VPN clients and a VPN server I knew I didn't want to run Skynet but I thought why not format an USB drive, setup a swap file, install entware, spdMerlin and connmom. Unfortunately this caused problems with certain features on the router including stopping both the VPN clients and VPN server and not allowing me to restart them. The only thing I can do without nuking the router is to try and run the VPN clients on 3 & 4 instead of 1 & 2.

I'm just wondering if there is something with the memory architecture of the AC86 so the NVRAM, JFFS formats and factory resets can't totally reset all the routers memory? This is the second AC86 I have had these issues with. Never had any issues with scripts on my AC1900P which I wish I hadn't given to my son nor do I have any issues running scripts on my N66.

 

[JemTheWire]

Thank you for that!

I too have seen this issue and will be doing my own Nuclear Reset to see if anything improves (possibly this weekend).

Did you do a reboot after making any changes, and then waiting at least 10 minutes after the router came back up before testing it again?

Please let us know how you get on. I might as well wait and see the outcome of your Nuke. OTOH, I might just hit that big red button soon too!

 

[L&LD]

I have an AC86U. With 11_2 I could get the server running using just the default settings. With 12.0 I first tried the defaults on both Server 1 and Server 2. I then tried various custom configurations suggested by other posters on this site. The only thing I didn't try was generating my own certificates. Finally got the router so screwed up I had to totally erase the NVRAM, reset to factory defaults, reboot, etc and finally revert to 11_2 where everything is working just fine again with the defaults.

With the defaults not working for you, I think it may not be fully reset then?

No issues at all on many, many RT-AC68U's, RT-AC86U's, RT-AC3100's when I demo what the Asus DDNS + OpenVPN Server can do for some of the more tech capable customers.

If there were issues, it was errors in set up, not with the router.

Since you're familiar with my reset guides, let me give a quick overview once again of the order I recommend to ensure it is as fully erased as possible with no remnants lingering anywhere:

Follow the suggested order and only do what is indicated below.

1. Remove all Ethernet LAN and WAN cables from the router.
2. Remove all USB drives and any other USB peripherals too (including any USB fans to cool off the unit).
3. Flash to the latest firmware (RMerlin 384.12_0 in this example) if you haven't already, after double checking the sha256sum.sha256 hash for a non-corrupted download.
4. Pull the power plug from the router (and not the AC power adaptor from the wall socket). Wait 2 minutes.
5. Perform a WPS NVRAM Erase.
6. Perform a quick/temporary Wizard Setup to get to the advanced settings.
7. Perform a full reset to factory defaults including checking the box to 'Initialize all settings...' too.
8. Perform a quick/temporary Wizard Setup to get to the advanced settings.
9. Check the box to 'Format the JFFS on next boot'. Reboot the router only once. Make sure you have not Enabled Scripts either at this time.
10. After the router has rebooted and you've waited around 5 minutes for the CPU cores to settle, flash the same firmware once again.
11. After the router reboots wait again for 5 minutes for the CPU cores to settle.
12. Pull the power plug from the router (and not the AC power adaptor from the wall socket). Wait 2 minutes.
13. Perform a final WPS NVRAM Erase.

After the router reboots, perform a nominal M&M Config. Do not plug in any USB drives or other devices until after this testing period.

Does the Default OpenVPN server work now? Continue below.

Before plugging in your USB drive, make sure it has been fully formatted to NTFS format in a computer first, before plugging it into the router.

I would recommend using the amtm Step-by-Step guide to get that USB drive formatted properly as Ext4 with journalling enabled and using amtm set a swap file for the router to use too. Don't forget to set the amtm disk checker utility to verify the health of the drive on each boot up too.

If the OpenVPN server has continued to work with the USB drive + amtm + swap file + disk checker showing okay after a reboot, I would claim 'success'.

If not, there is something else going on that we need to uncover on your network or router setup(s).

 

[CaptainSTX]

Just some data to support issues with clearing memory in the AC86 after running scripts on my AC86:

I did have several scripts including Skynet running however currently I don't and there is no USB installed with either scripts or swap file.

The router has had NVRAM cleared at least three times, the JFFS has been reformatted more than once and the router has been factory reset multiple times and rebooted.

Even after this it appears that the changes that Skynet made to the firewall are still blocking IPs as the below entries look like the entries when Skynet was installed.

Jun 26 17:05:20 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=71.203.149.147 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=247 ID=59664 DF PROTO=TCP SPT=47703 DPT=23 SEQ=2731859005 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Jun 26 17:05:36 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=147.75.105.227 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=237 ID=2602 PROTO=TCP SPT=55756 DPT=21 SEQ=2535063552 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 26 17:05:54 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=89.248.160.193 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=25735 PROTO=TCP SPT=55353 DPT=9336 SEQ=1913539264 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 26 17:08:16 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:08:22 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=71.6.232.8 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=52558 SEQ=0 MARK=0x8000000
Jun 26 17:08:26 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=79.107.197.228 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=46 ID=55018 PROTO=TCP SPT=17657 DPT=23 SEQ=1204488767 ACK=0 WINDOW=21739 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 26 17:08:27 WLCEVENTD: wl0.1: Assoc 44:65:0D:C5:61:58
Jun 26 17:08:27 dnsmasq-dhcp[2098]: DHCPREQUEST(br0) 192.168.XXX.116 44:65:0d:c5:61:58
Jun 26 17:08:27 dnsmasq-dhcp[2098]: DHCPACK(br0) 192.168.XXX.116 44:65:0d:c5:61:58 WINC-00-00
Jun 26 17:08:27 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:08:31 WLCEVENTD: wl0.1: Disassoc 44:65:0D:C5:61:58
Jun 26 17:08:38 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:08:41 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:09:37 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:09:40 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=67.207.82.249 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=237 ID=21957 PROTO=TCP SPT=60000 DPT=122 SEQ=4289486720 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Finally AiProtection is showing no hits which is what I saw when I had Skynet installed and working.

 

[dave14305]

Even after this it appears that the changes that Skynet made to the firewall are still blocking IPs as the below entries look like the entries when Skynet was installed.

Disable logging of dropped packets in the Firewall GUI.

 

[L&LD]

Just some data to support issues with clearing memory in the AC86 after running scripts on my AC86:

I did have several scripts including Skynet running however currently I don't and there is no USB installed with either scripts or swap file.

The router has had NVRAM cleared at least three times, the JFFS has been reformatted more than once and the router has been factory reset multiple times and rebooted.

Even after this it appears that the changes that Skynet made to the firewall are still blocking IPs as the below entries look like the entries when Skynet was installed.

Jun 26 17:05:20 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=71.203.149.147 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=247 ID=59664 DF PROTO=TCP SPT=47703 DPT=23 SEQ=2731859005 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Jun 26 17:05:36 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=147.75.105.227 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=237 ID=2602 PROTO=TCP SPT=55756 DPT=21 SEQ=2535063552 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 26 17:05:54 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=89.248.160.193 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=25735 PROTO=TCP SPT=55353 DPT=9336 SEQ=1913539264 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 26 17:08:16 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:08:22 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=71.6.232.8 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=52558 SEQ=0 MARK=0x8000000
Jun 26 17:08:26 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=79.107.197.228 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=46 ID=55018 PROTO=TCP SPT=17657 DPT=23 SEQ=1204488767 ACK=0 WINDOW=21739 RES=0x00 SYN URGP=0 MARK=0x8000000
Jun 26 17:08:27 WLCEVENTD: wl0.1: Assoc 44:65:0D:C5:61:58
Jun 26 17:08:27 dnsmasq-dhcp[2098]: DHCPREQUEST(br0) 192.168.XXX.116 44:65:0d:c5:61:58
Jun 26 17:08:27 dnsmasq-dhcp[2098]: DHCPACK(br0) 192.168.XXX.116 44:65:0d:c5:61:58 WINC-00-00
Jun 26 17:08:27 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:08:31 WLCEVENTD: wl0.1: Disassoc 44:65:0D:C5:61:58
Jun 26 17:08:38 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:08:41 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:09:37 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=62.98.12.178 DST=71.203.10.63 LEN=44 TOS=0x00 PREC=0x20 TTL=47 ID=22305 PROTO=TCP SPT=10684 DPT=23 SEQ=1204488767 ACK=0 WINDOW=15276 RES=0x00 SYN URGP=0 OPT (020405A8) MARK=0x8000000
Jun 26 17:09:40 kernel: DROP IN=eth0 OUT= MAC=XX:XX:26:82:b8:20:00:01:5c:71:b8:46:08:00 SRC=67.207.82.249 DST=71.203.10.63 LEN=40 TOS=0x00 PREC=0x20 TTL=237 ID=21957 PROTO=TCP SPT=60000 DPT=122 SEQ=4289486720 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Finally AiProtection is showing no hits which is what I saw when I had Skynet installed and working.

Your router is certainly not in a good/known state. Skynet requires a USB drive of at least 500MB to work.

The above is proof enough for me that you need to follow what I suggested above in post 308 for you.

 

[CaptainSTX]

Disable logging of dropped packets in the Firewall GUI.

The multiple entries in the log is not the issue. The issue that I'm presenting is that the changes to the firewall that Skynet makes don't seem to go away when an AC86 is factory reset, nuked, etc.

 

[dave14305]

The multiple entries in the log is not the issue. The issue that I'm presenting is that the changes to the firewall that Skynet makes don't seem to go away when an AC86 is factory reset, nuked, etc.

So logging is set to None in Firewall settings?

 

[CaptainSTX]

Your router is certainly not in a good/known state. Skynet requires a USB drive of at least 500MB to work.

The above is proof enough for me that you need to follow what I suggested above in post 308 for you.

I believe I have done that multiple times including waiting between reboots. I have printed out your instructions and followed them precisely.

When I get a chance I will try again and log the time and results and see what happens.

To me it is very strange that the modified firewall continues to run even though no scripts are installed and JFFS scripts is set to NO.

Thanks for your suggestions and patience.

 

[L&LD]

I believe I have done that multiple times including waiting between reboots. I have printed out your instructions and followed them precisely.

When I get a chance I will try again and log the time and results and see what happens.

To me it is very strange that the modified firewall continues to run even though no scripts are installed and JFFS scripts is set to NO.

Thanks for your suggestions and patience.

Please see post 308 above and follow those instructions as indicated. The fact that you are reporting the above indicates that the router is not working as intended.

That post above is as concise as I can be to fully reset the router and clear all areas that can be safely cleared.

 

[CaptainSTX]

So logging is set to None in Firewall settings?

No the logging is set to dropped. The volume/ frequency of dropped is consistent with what I saw when the firewall is modified by Skynet. I no longer have any scripts running including Skynet installed. I have nuked and reset the router but the changes Skynet made to the firewall persist. This is OK but it seems that at least on the AC86 if you have installed scripts the router really can't be reset to factory default

 

[dave14305]

No the logging is set to dropped. The volume/ frequency of dropped is consistent with what I saw when the firewall is modified by Skynet. I no longer have any scripts running including Skynet installed. I have nuked and reset the router but the changes Skynet made to the firewall persist. This is OK but it seems that at least on the AC86 if you have installed scripts the router really can't be reset to factory default

It sounds like nvram was erased, but perhaps SkyNet ran one more time before jffs was erased, changing the firewall logging setting as it is written to do. I’m not arguing your point since I don’t have an AC86U, but SkyNet logging isn’t much different (and relies on) the built in firmware logging feature being active.

 

[DAVID LONG]

<snip>


Finally AiProtection is showing no hits which is what I saw when I had Skynet installed and working.

I have Skynet working and I still get hits on AiProtection.

 

[DAVID LONG]

<snip> The only thing I can do without nuking the router is to try and run the VPN clients on 3 & 4 instead of 1 & 2.
<snip>.

I thought I read that you should use 1 & 3 or 2 & 4, not sequential numbers.

 

[Butterfly Bones]

I thought I read that you should use 1 & 3 or 2 & 4, not sequential numbers.

Yes, and no.

Direct reply and reason from RMerlin:
https://www.snbforums.com/threads/p...-asus-openvpn-client.43029/page-2#post-426754