Skynet Skynet 7.5.8 Firewall UI Issues

[ChickenheadOS]

Hey Guys! New member here. I figured I would join and make my first post something interesting. lol

I have a RT-AX86U_Pro, recently upgraded to Skynet 7.5.8 and have been having UI issues for Merlins firewall Skynet tab. Not a super big issue as everything else seems to be running as intended, but would be nice to have working.

I checked path /tmp/mnt/rtmount/skynet/webui to see if .js files were missing/corrupt. appears that only stats.js made it which confirms debug logs.


Local WebUI Files | [Failed]
Mounted WebUI Files | [Failed]


16/18 Tests Sucessful

[*] Local File Missing - [ chart.js chartjs-plugin-zoom.js hammerjs.js skynet.asp ]

[*] Mounted File Missing - [ chart.js chartjs-plugin-zoom.js hammerjs.js skynet.asp ]

I have tried reinstalling amtm, deleting swap file/recreating, restarting the firewall process. After that I decided to a a complete firmware update while I was at it from 3004.388.5 - 3004.388.6 and still the issue persist even with a clean install of amtm and Skynet 7.5.8.

 

[dave14305]

Run: firewall update -f

 

[ChickenheadOS]

result

[i] Forcing Update
[i] New Version Detected - Updating To v7.5.8 (5c986a1d7fc19ea042ddf1b97ffad170)
[i] Saving Changes
[i] Unloading Skynet Components
[*] Updating chart.js Failed
[*] Updating chartjs-plugin-zoom.js Failed
[*] Updating hammerjs.js Failed
[*] Updating skynet.asp Failed
[*] Updating firewall.sh Failed
[i] Restarting Firewall Service

same results in debug logs as previously

 

[dave14305]

Run these commands and post the output:

curl -v -o /dev/null https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/webui/skynet.asp
date

 

[ChickenheadOS]

 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0*   Trying [2606:50c0:8002::154]:443...
* Connected to raw.githubusercontent.com (2606:50c0:8002::154) port 443
* ALPN: curl offers http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3050 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io
*  start date: Feb 21 00:00:00 2023 GMT
*  expire date: Mar 20 23:59:59 2024 GMT
*  subjectAltName: host "raw.githubusercontent.com" matched cert's "*.githubusercontent.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> GET /Adamm00/IPSet_ASUS/master/webui/skynet.asp HTTP/1.1
> Host: raw.githubusercontent.com
> User-Agent: curl/8.4.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [193 bytes data]
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 40277
< Cache-Control: max-age=300
< Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
< Content-Type: text/plain; charset=utf-8
< ETag: "5fd4aa8de46ef703ee7f00d116a66cbb10ffa902faccd704696d3f98ccde7628"
< Strict-Transport-Security: max-age=31536000
< X-Content-Type-Options: nosniff
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< X-GitHub-Request-Id: BFA2:2CA8:2797E0:2F5FEE:65C694EA
< Accept-Ranges: bytes
< Date: Fri, 09 Feb 2024 21:11:06 GMT
< Via: 1.1 varnish
< X-Served-By: cache-chi-klot8100116-CHI
< X-Cache: MISS
< X-Cache-Hits: 0
< X-Timer: S1707513067.763742,VS0,VE94
< Vary: Authorization,Accept-Encoding,Origin
< Access-Control-Allow-Origin: *
< Cross-Origin-Resource-Policy: cross-origin
< X-Fastly-Request-ID: 5ffbf3188aa4af48ff8d4e5322cf9ada46fb0464
< Expires: Fri, 09 Feb 2024 21:16:06 GMT
< Source-Age: 0
<
{ [5 bytes data]
100 40277  100 40277    0     0  11577      0  0:00:03  0:00:03 --:--:--  188k
* Connection #0 to host raw.githubusercontent.com left intact

 

[dave14305]

Ok, how about cat /jffs/scripts/firewall-start ls -l /tmp/mnt/*/skynet

 

[ChickenheadOS]

Excuse the redaction

 

[ColinTaylor]

Check that your USB drive isn't full.

 

[ChickenheadOS]

Check that your USB drive isn't full.

It sits at about 2%

Anything on the drive itself I should look at in the subfolders?

 

[dave14305]

Try to run the curl exactly as the script does and see what happens. Replace the path to your redacted USB drive at the end of the curl command.

curl -fL --retry 3 --connect-timeout 3 --max-time 6 --retry-delay 1 --retry-all-errors https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/webui/skynet.asp -o /tmp/mnt/…/skynet/webui/skynet.asp
echo $?
find /tmp/mnt -name skynet.asp -exec ls -l {} +

 

[ChickenheadOS]

Try to run the curl exactly as the script does and see what happens. Replace the path to your redacted USB drive at the end of the curl command.

curl -fL --retry 3 --connect-timeout 3 --max-time 6 --retry-delay 1 --retry-all-errors https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/webui/skynet.asp -o /tmp/mnt/…/skynet/webui/skynet.asp
echo $?
find /tmp/mnt -name skynet.asp -exec ls -l {} +

I ran it twice for good measure and got the following results. 6 error for the download then a success

I did notice string

content="IE=Edge"

Could this be cause the UI issues as IE is deprecated?

 

[dave14305]

What is the DNS setup on your router?

cat /etc/resolv.conf
time nslookup raw.githubusercontent.com

 

[ChickenheadOS]

What is the DNS setup on your router?

cat /etc/resolv.conf
time nslookup raw.githubusercontent.com

Mullvad

DNS over HTTPS and DNS over TLS

Our public DNS service

mullvad.net

cat /etc/resolv.conf

nameserver 194.242.2.9
nameserver 194.242.2.5
nameserver 2001:1998:f00:2::1
nameserver 2001:1998:f00:1::1


time nslookup raw.githubusercontent.com

Server:    194.242.2.9
Address 1: 194.242.2.9

Name:      raw.githubusercontent.com
Address 1: 2606:50c0:8002::154
Address 2: 2606:50c0:8003::154
Address 3: 2606:50c0:8000::154
Address 4: 2606:50c0:8001::154
Address 5: 185.199.110.133 cdn-185-199-110-133.github.com
Address 6: 185.199.108.133 cdn-185-199-108-133.github.com
Address 7: 185.199.111.133 cdn-185-199-111-133.github.com
Address 8: 185.199.109.133 cdn-185-199-109-133.github.com

 

[dave14305]

The time results are missing.

Interestingly, I also see slow resolution from the router, which would exceed the curl timeout parameters.

# time nslookup raw.githubusercontent.com
Server:    9.9.9.11
Address 1: 9.9.9.11 dns11.quad9.net

Name:      raw.githubusercontent.com
Address 1: 185.199.110.133 cdn-185-199-110-133.github.com
Address 2: 185.199.111.133 cdn-185-199-111-133.github.com
Address 3: 185.199.108.133 cdn-185-199-108-133.github.com
Address 4: 185.199.109.133 cdn-185-199-109-133.github.com
Address 5: 2606:50c0:8001::154
Address 6: 2606:50c0:8000::154
Address 7: 2606:50c0:8003::154
Address 8: 2606:50c0:8002::154
real    0m 5.58s
user    0m 0.00s
sys     0m 0.00s

 

[ColinTaylor]

@ChickenheadOS Post the complete output of time nslookup raw.githubusercontent.com

@dave14305

# time nslookup raw.githubusercontent.com 9.9.9.11
Server:    9.9.9.11
Address 1: 9.9.9.11 dns11.quad9.net

Name:      raw.githubusercontent.com
Address 1: 185.199.108.133 cdn-185-199-108-133.github.com
Address 2: 185.199.111.133 cdn-185-199-111-133.github.com
Address 3: 185.199.110.133 cdn-185-199-110-133.github.com
Address 4: 185.199.109.133 cdn-185-199-109-133.github.com
Address 5: 2606:50c0:8002::154
Address 6: 2606:50c0:8003::154
Address 7: 2606:50c0:8000::154
Address 8: 2606:50c0:8001::154
real    0m 0.36s
user    0m 0.00s
sys     0m 0.00s

 

[ColinTaylor]

Mullvad

DNS over HTTPS and DNS over TLS

Our public DNS service

mullvad.net

cat /etc/resolv.conf

nameserver 194.242.2.9
nameserver 194.242.2.5
nameserver 2001:1998:f00:2::1
nameserver 2001:1998:f00:1::1

These IPs can only be used with DNS resolvers that support DoH or DoT, not with DNS over UDP/53 or TCP/53.

 

[dave14305]

@ChickenheadOS Post the complete output of time nslookup raw.githubusercontent.com

@dave14305

# time nslookup raw.githubusercontent.com 9.9.9.11
Server:    9.9.9.11
Address 1: 9.9.9.11 dns11.quad9.net

Name:      raw.githubusercontent.com
Address 1: 185.199.108.133 cdn-185-199-108-133.github.com
Address 2: 185.199.111.133 cdn-185-199-111-133.github.com
Address 3: 185.199.110.133 cdn-185-199-110-133.github.com
Address 4: 185.199.109.133 cdn-185-199-109-133.github.com
Address 5: 2606:50c0:8002::154
Address 6: 2606:50c0:8003::154
Address 7: 2606:50c0:8000::154
Address 8: 2606:50c0:8001::154
real    0m 0.36s
user    0m 0.00s
sys     0m 0.00s

Mine varies with nslookup, but runs fine with dig. Since curl thinks it’s a name resolution issue, the mullvad servers must be to blame.

 

[ChickenheadOS]

So if I understand correctly DoH/DoT are not supported by the revolvers at github causing the ui issue.

 

[ColinTaylor]

So if I understand correctly DoH/DoT are not supported by the revolvers at github causing the ui issue.

No, it means that you have misconfigured the DNS settings on your router. You are using 194.242.2.9 and 194.242.2.5 for normal DNS when Mullvad's instructions explicitly tell you not to do that.