What's new

Release [Test] Asuswrt-Merlin 384.19 - OpenVPN test builds

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Fresh install just to be sure. Everything is working fine with 3 VPN clients, exclusive and disabled DNS. Rebooted several times with no issues. No DNS leaks and Scripts are working fine as well. Setup is with UDP (1 voip) and TCP, TUN.
Some extra info:
Code:
: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
 
Last edited:
around 30% of my CPU was being constantly pegged by the processes jffs2_gcd_mtd9 and nt_center (unrelated to vpn

This is some maintenance done on the nt_center database on first boot of the newer AX88U code. If you let it sit for a while, maintenance will eventually complete, and it will return to normal.
 
People who tested VPN, please provide some basic info about your setup, to determine what was tested:

- proto (UDP or TCP)
- Interface (TAP or TUN)
- Type of authentication (did you build your own key/certs, or let the firmware generate ones for you?)
- Did you use any static key (be it through tls-crypt being enabled, or just using tls-auth mode?)
 
  • UDP
  • Both TAP and TUN
  • Firmware generated
  • No static key
 
- proto (UDP)
- Interface (TUN)
- Type of authentication (auth none) (build own key/certs) and disable duplicate-cn
- Use (tls-crypt)
Just updated to alpha2 and my 3-vpn clients working fine. All mine scripts around vpn working fine to.
Thank you RMerlin

EDIT: Only thing a value was -1 need to be 0. Then right dns working again.

View attachment 24792

Iustus updated ad alpha2 et III-finis opus vpn clients. Denique, ut omnia mea scripta circa vpn opus.
Tibi gratias ago RMerlin

- proto (UDP)
- Interface (TUN)
- Type of authentication (auth none) (build own key/certs) and disable duplicate-cn
- Use (tls-crypt)
 
proto (UDP)
Interface (TAP)
Firmware generated
tls-auth mode
 
I found this in log, seems missing something..........

Code:
Jul 21 18:05:06 Starting_OpenVPN_%s_%d...: server
Jul 21 18:05:07 openvpn: OpenVPN server 2 launch completed.
Code:
Jul 21 18:05:08 Starting_OpenVPN_%s_%d...: client
Jul 21 18:05:08 openvpn: OpenVPN client 1 launch completed.
Code:
Jul 21 18:05:09 Starting_OpenVPN_%s_%d...: client
Jul 21 18:05:09 openvpn: OpenVPN client 3 launch completed.
Code:
Jul 21 18:05:11 custom_script: Running /jffs/scripts/smb.postconf (args: /etc/smb.conf)
Jul 21 18:05:11 openvpn-updown: Forcing 192.168.12.146 to use DNS server 46.227.67.134
Jul 21 18:05:11 openvpn-updown: Forcing 192.168.12.144 to use DNS server 46.227.67.134
Jul 21 18:05:11 openvpn-updown: Excluding  from forced DNS routing
Jul 21 18:05:12 openvpn-updown: Forcing 192.168.12.142 to use DNS server 46.227.67.134
 
This is some maintenance done on the nt_center database on first boot of the newer AX88U code. If you let it sit for a while, maintenance will eventually complete, and it will return to normal.


OK. Thanks for the info. It was pegging for approx. 1 hour.. I will reflash the code now and let it run overnight...
Regarding my ovpn slowlyness, I'll be able to confirm tomorrow and in that case will post my settings..
 
Depends on the router model. Best to make a backup of your settings first.

The 384.19 alpha installed with no issues but the connection to my VPN server seemed slower so I reverted to 384.18 on my AC86 to run some comparisons. Didn't go smoothly. After reloading the 384.18 I no longer could access the GUI or SSH into the router as it would not accept my password or the default password. It was working fine as a router but had to do a reset to factory defaults then reload a saved configuration. Restoring a configuration after a reset means you need to set up all your VPN servers and clients again.

So be prepared to spend some time going back.
 
Number of OpenVPN Clients: 2 iVacy VPN, 1 NordVPN, 1 Fastest VPN, 1 work VPN
OpenVPN Servers: None

- Protocol: iVacy = UDP, Nord = UDP, Fastest = UDP, Work = TCP
- Interface: All TUN
- Type of authentication: Certs provided by VPN Servers
- Did you use any static key: Yes
 
I have Torgaurd VPN, Asus router to router and a VPN Server, all working fine no alterations needed. AX88U
 
Im only running openvpn server but my config was retained after a dirty upgrade and I was able to connect using the client on my iPhone without any issue. No perceived change in function on my rt-ax88u.

config is attached. Udp over 443, tun, explicitly requiring aes-256-gcm, tls-version-min 1.3, tls-ciphersuites TLS_AES_256_GCM_SHA384 and, ecdh-curve secp521r1. Using own ca for auth (easy-rsa).

edit: no problems with services starting or with using skynet. Everything has been working as expected.
 

Attachments

  • E84A76E7-E77D-47AE-A94A-906356FCFCCC.png
    E84A76E7-E77D-47AE-A94A-906356FCFCCC.png
    236.3 KB · Views: 300
Last edited:
The 384.19 alpha installed with no issues but the connection to my VPN server seemed slower so I reverted to 384.18 on my AC86 to run some comparisons. Didn't go smoothly. After reloading the 384.18 I no longer could access the GUI or SSH into the router as it would not accept my password or the default password. It was working fine as a router but had to do a reset to factory defaults then reload a saved configuration. Restoring a configuration after a reset means you need to set up all your VPN servers and clients again.

So be prepared to spend some time going back.

Had the same issue - but my RT-AC86U restore from backup after reset included successful restore of my OpenVPN server and Client [x2] settings [restored both settings and jffs backup].
 
AC86U. Test firmware loaded ok. amtm fails to load with the following error. Skynet and diversion don't work.

admin@RT-AC86U-F210:/tmp/home/root# amtm
mkdir: can't create directory '/jffs/addons/': Read-only file system

amtm failed to create the directory
/jffs/addons/amtm
Please investigate. Aborting amtm now.
 
AC86U. Test firmware loaded ok. amtm fails to load with the following error. Skynet and diversion don't work.

admin@RT-AC86U-F210:/tmp/home/root# amtm
mkdir: can't create directory '/jffs/addons/': Read-only file system

amtm failed to create the directory
/jffs/addons/amtm
Please investigate. Aborting amtm now.

Looks like the jffs is not mounted.


Internal Storage
NVRAM usage64305 / 131072 bytes
JFFSUnmounted
 
Updated one of my RT-AC5300'S to Alpha2. I noticed that the speed with OVPN is ca. 50% less than with 384.18)
 
Updated one of my RT-AC5300'S to Alpha2. I noticed that the speed with OVPN is ca. 50% less than with 384.18)

Zero change to the OpenVPN code itself - only the code that creates the config files was changed.
 
Jul 21 18:05:06 Starting_OpenVPN_%s_%d...: server

This is an incorrect logmessage() call on OpenVPN start that's missing a parameter, causing the output to be garbled.
 
This is an incorrect logmessage() call on OpenVPN start that's missing a parameter, causing the output to be garbled.
Seems is something is missing here too:
Jul 21 18:05:11 openvpn-updown: Excluding [HERE] from forced DNS routing
 
Seems is something is missing here too:
Jul 21 18:05:11 openvpn-updown: Excluding [HERE] from forced DNS routing

Post your list of policy rules, I suspect you have a rule that basically tells all clients (or 0.0.0.0 in the past) to be excluded from DNS routing.
 
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top