Recent content by RMerlin

While doing some OpenVPN maintenance, removing deprecated/legacy features, I figured might as well knock another item off my ToDo list, and implement full tls-crypt-v2 support on the server. This includes the ability to generate client keys for the clients you will connect to it:

No.

You could disable it, but clients on the 5 GHz and especially 6 GHz band should be able to deal just fine with Wifi 7 support being enabled, as these clients will have a fairly modern networking stack. It's largely stuff that deals with the 2.4 GHz band that might have issues with any modern...

That's odd, since specifically for Safari Asus are already disabling ETag support (which is the fix that I had to implement for all *.asp pages), so it should already be fine, unless Safari has some other non-standard way of handling the cache rather than querying the remote server for cache...

MLO seems to be a can of worms so far, regardless of the router model. Since so far that technology seem to underdeliver on its initial promises, I recommend just keeping it disabled. It's probably one of those features that would be nice if all clients played nicely with it. I suspect many...

Yeah, I suspect it depends on multiple factors, since I experienced it for the first time today, and only on one of the two routers I was working on. I'm just curious as to what factors might be involved, hence my query. Also, how common is it.

Ask Asus. Only direct user feedback to them might help there. My guess is there must be some technical challenges involved in supporting it on that model.

Has anyone over the past 2 years or so experienced an issue where they would make changes to a page, apply them, and the displayed page would show the original settings without their changes? I just spent a few hours digging through that issue with the OpenVPN Client page, and having finally...

Any feedback on the (albeit obscure) static key auth method? I already removed it from the server code, I am debating removing it from the client code as well considering how obscure (and much less secure than regular tls auth) it is. Personmally, I don't remember having ever seen it deployed.

All tunnel providers should have disabled compression many years ago. My concern is more for the server config, where some people might have enabled it for remote access without being aware of the feature deprecation. But I think that if it gets documented in the changelog, they will have...

That`s not a kernel panic, that`s just an application crash. A kernel panic is like a BSOD on Windows - it causes the entire system to crash and require a reboot.

asd is an Asus service, not a TrendMicro service. As your second crash, it's the networkmap service that crashed.

With stock firmware they are directly downloaded from Asus' website every time you access this page. For Asuswrt-Merlin I chose to keep local copies of all these files within the router itself, so routers won't need to constantly connect with Asus's website. So all I do is I regularly download...

I have started working on OpenVPN 2.7 support, and am reviewing some of the changes that came with it. Two important things: --secret support is now disabled by default. That authentication method is deemed no longer safe, so by default OpenVPN no longer supports it. Unless I can get a good...

Manufacturing hardware in the US has nothing to do with software-related flaws and won't change anything there. Also, Code Red and Nimda still happened despite Windows being developped in the USA.