Release [Test] Asuswrt-Merlin 384.19 - OpenVPN test builds

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.
Status
Not open for further replies.

Sonyrolfy

Regular Contributor
Fresh install just to be sure. Everything is working fine with 3 VPN clients, exclusive and disabled DNS. Rebooted several times with no issues. No DNS leaks and Scripts are working fine as well. Setup is with UDP (1 voip) and TCP, TUN.
Some extra info:
Code:
: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
 
Last edited:

RMerlin

Asuswrt-Merlin dev
around 30% of my CPU was being constantly pegged by the processes jffs2_gcd_mtd9 and nt_center (unrelated to vpn
This is some maintenance done on the nt_center database on first boot of the newer AX88U code. If you let it sit for a while, maintenance will eventually complete, and it will return to normal.
 

RMerlin

Asuswrt-Merlin dev
People who tested VPN, please provide some basic info about your setup, to determine what was tested:

- proto (UDP or TCP)
- Interface (TAP or TUN)
- Type of authentication (did you build your own key/certs, or let the firmware generate ones for you?)
- Did you use any static key (be it through tls-crypt being enabled, or just using tls-auth mode?)
 

octopus

Very Senior Member
- proto (UDP)
- Interface (TUN)
- Type of authentication (auth none) (build own key/certs) and disable duplicate-cn
- Use (tls-crypt)
Just updated to alpha2 and my 3-vpn clients working fine. All mine scripts around vpn working fine to.
Thank you RMerlin

EDIT: Only thing a value was -1 need to be 0. Then right dns working again.

View attachment 24792

Iustus updated ad alpha2 et III-finis opus vpn clients. Denique, ut omnia mea scripta circa vpn opus.
Tibi gratias ago RMerlin
- proto (UDP)
- Interface (TUN)
- Type of authentication (auth none) (build own key/certs) and disable duplicate-cn
- Use (tls-crypt)
 

no_name

Regular Contributor
proto (UDP)
Interface (TAP)
Firmware generated
tls-auth mode
 

octopus

Very Senior Member
I found this in log, seems missing something..........

Code:
Jul 21 18:05:06 Starting_OpenVPN_%s_%d...: server
Jul 21 18:05:07 openvpn: OpenVPN server 2 launch completed.
Code:
Jul 21 18:05:08 Starting_OpenVPN_%s_%d...: client
Jul 21 18:05:08 openvpn: OpenVPN client 1 launch completed.
Code:
Jul 21 18:05:09 Starting_OpenVPN_%s_%d...: client
Jul 21 18:05:09 openvpn: OpenVPN client 3 launch completed.
Code:
Jul 21 18:05:11 custom_script: Running /jffs/scripts/smb.postconf (args: /etc/smb.conf)
Jul 21 18:05:11 openvpn-updown: Forcing 192.168.12.146 to use DNS server 46.227.67.134
Jul 21 18:05:11 openvpn-updown: Forcing 192.168.12.144 to use DNS server 46.227.67.134
Jul 21 18:05:11 openvpn-updown: Excluding  from forced DNS routing
Jul 21 18:05:12 openvpn-updown: Forcing 192.168.12.142 to use DNS server 46.227.67.134
 

FTC

Senior Member
This is some maintenance done on the nt_center database on first boot of the newer AX88U code. If you let it sit for a while, maintenance will eventually complete, and it will return to normal.

OK. Thanks for the info. It was pegging for approx. 1 hour.. I will reflash the code now and let it run overnight...
Regarding my ovpn slowlyness, I'll be able to confirm tomorrow and in that case will post my settings..
 

CaptainSTX

Part of the Furniture
Depends on the router model. Best to make a backup of your settings first.
The 384.19 alpha installed with no issues but the connection to my VPN server seemed slower so I reverted to 384.18 on my AC86 to run some comparisons. Didn't go smoothly. After reloading the 384.18 I no longer could access the GUI or SSH into the router as it would not accept my password or the default password. It was working fine as a router but had to do a reset to factory defaults then reload a saved configuration. Restoring a configuration after a reset means you need to set up all your VPN servers and clients again.

So be prepared to spend some time going back.
 

Toink

Occasional Visitor
Number of OpenVPN Clients: 2 iVacy VPN, 1 NordVPN, 1 Fastest VPN, 1 work VPN
OpenVPN Servers: None

- Protocol: iVacy = UDP, Nord = UDP, Fastest = UDP, Work = TCP
- Interface: All TUN
- Type of authentication: Certs provided by VPN Servers
- Did you use any static key: Yes
 

skeal

Part of the Furniture
I have Torgaurd VPN, Asus router to router and a VPN Server, all working fine no alterations needed. AX88U
 

fields987

Regular Contributor
Im only running openvpn server but my config was retained after a dirty upgrade and I was able to connect using the client on my iPhone without any issue. No perceived change in function on my rt-ax88u.

config is attached. Udp over 443, tun, explicitly requiring aes-256-gcm, tls-version-min 1.3, tls-ciphersuites TLS_AES_256_GCM_SHA384 and, ecdh-curve secp521r1. Using own ca for auth (easy-rsa).

edit: no problems with services starting or with using skynet. Everything has been working as expected.
 

Attachments

Last edited:

kernol

Very Senior Member
The 384.19 alpha installed with no issues but the connection to my VPN server seemed slower so I reverted to 384.18 on my AC86 to run some comparisons. Didn't go smoothly. After reloading the 384.18 I no longer could access the GUI or SSH into the router as it would not accept my password or the default password. It was working fine as a router but had to do a reset to factory defaults then reload a saved configuration. Restoring a configuration after a reset means you need to set up all your VPN servers and clients again.

So be prepared to spend some time going back.
Had the same issue - but my RT-AC86U restore from backup after reset included successful restore of my OpenVPN server and Client [x2] settings [restored both settings and jffs backup].
 

Blacklistedcard

Regular Contributor
AC86U. Test firmware loaded ok. amtm fails to load with the following error. Skynet and diversion don't work.

[email protected]:/tmp/home/root# amtm
mkdir: can't create directory '/jffs/addons/': Read-only file system

amtm failed to create the directory
/jffs/addons/amtm
Please investigate. Aborting amtm now.
 

Blacklistedcard

Regular Contributor
AC86U. Test firmware loaded ok. amtm fails to load with the following error. Skynet and diversion don't work.

[email protected]:/tmp/home/root# amtm
mkdir: can't create directory '/jffs/addons/': Read-only file system

amtm failed to create the directory
/jffs/addons/amtm
Please investigate. Aborting amtm now.
Looks like the jffs is not mounted.


Internal Storage
NVRAM usage64305 / 131072 bytes
JFFSUnmounted
 

SheikhSheikha

Regular Contributor
Updated one of my RT-AC5300'S to Alpha2. I noticed that the speed with OVPN is ca. 50% less than with 384.18)
 

RMerlin

Asuswrt-Merlin dev
Updated one of my RT-AC5300'S to Alpha2. I noticed that the speed with OVPN is ca. 50% less than with 384.18)
Zero change to the OpenVPN code itself - only the code that creates the config files was changed.
 

RMerlin

Asuswrt-Merlin dev
Jul 21 18:05:06 Starting_OpenVPN_%s_%d...: server
This is an incorrect logmessage() call on OpenVPN start that's missing a parameter, causing the output to be garbled.
 

octopus

Very Senior Member
This is an incorrect logmessage() call on OpenVPN start that's missing a parameter, causing the output to be garbled.
Seems is something is missing here too:
Jul 21 18:05:11 openvpn-updown: Excluding [HERE] from forced DNS routing
 

RMerlin

Asuswrt-Merlin dev
Seems is something is missing here too:
Jul 21 18:05:11 openvpn-updown: Excluding [HERE] from forced DNS routing
Post your list of policy rules, I suspect you have a rule that basically tells all clients (or 0.0.0.0 in the past) to be excluded from DNS routing.
 
Status
Not open for further replies.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top