Beta ASUSWRT 386 RC3-3 public beta for IPv6 DDNS and IPv6 VPN server

[vrvrvrvrvr]

ON AX55 after reserving ip address for particular mac address, have lost connection to router interface.
HTTPS was never enabled..

Same thing happened with me one more time.
Within this issue:
VPN client (wireguard) got disabled and connected clients lost VPN connection but able to connect to Ethernet.
WEB interface not working from the machines who were connected through VPN tunnel. Same for SSH.
When I recovered all devices, machine I used for management (and previously conencted to VPN) is not routing through VPN client. Tried to disable/enable vpn conenction, remove and re-add device back to VPN clients list. No way it goes through VPN.. rebott doesn't help.. this drives me a little bit crazy.

Guys, how to troubleshoot and what kind of info I could provide to you ?

 

[vrvrvrvrvr]

I have managed to resolve this by
1. Removing assigned ip from dhcp client list for my client computer which was left assigned on Main and Guest network (wtf??)
2. Re-adding client to VPN clients list

 

[bradbort]

All devices on network get their own IPv6 while Asus router itself doesn't get it's own WAN IPv6. Hopefully Asus engineers are close to fixing this problem.

I've checked both ping and the system log. My units are definitely getting their IP6 address, and ping is fine.

 

[blade12]

Has anyone done a speed/performance test comparison with Wireguard using one of the supported routers & Wireguard-supported VPNs?

Perhaps comparing the following:
1) Without VPN
2) With VPN using Wireguard
3) With VPN using OpenVPN

I'm mostly curious about the difference between #1 and #2. #3 would be extra cherry on top.

 

[blade12]

The following are my iOS Speedtest App results on my iPhoneXsMax from my daughter’s place with RT-AC68U (500mbps Fibre Subscription) to my various VPN Servers setup at my home on my RT-AX88U (1gbps Fibre Subscription). I just did one test each.

• VPN 1 OpenVPN
  • Dn:108 mbps Up:109 mbps
• VPN 2 Instant Guard (IPsec IKEv1 under the hood)
  • Dn:141 mbps Up:153 mbps
• VPN 1 IPSec IKEv2
  • Dn:367 mbps Up:218 mbps
• VPN 1 IPSec IKEv1
  • Dn:147 mbps Up:156 mbps
• VPN 1 WireGuard (I recall in RC3-2, this is the fastest)
  • Dn:286 mbps Up:175 mbps

What speeds do you get without a VPN at all?

Edit: I just realized you set up a VPN server using your home network that you connect to from another location so it's probably not quite the same as using one of the major VPNs. Still might help get a basic comparison to see how much speed deteriorates with VPN vs without vpn.

 

[ehajjar]

@ASUSWRT_2020 when enabling IPv6 and connecting to VPN doesn't support IPv6 the devices will get IPv6 from the internet provider and IPv4 from the VPN, which doesn't make any sense.
I think you should block IPv6 for devices that using VPN.

 

[gspannu]

Yes and no.

You don’t *need* to use Asuswrt_merlin firmware but you need to «trick» your Asus router to install Entware and using partitions on an external drive by booting with an especially prepared USB drive in it. You have to be familiar enough with ssh and the commandline to then install the correct package from here (probably “nextdns_nohf”): https://repology.org/project/nextdns/versions

It’s more complicated and «advanced» than flashing it with Asuswrt_merlin, and it wouldn’t be “stock firmware” anymore, so that’s why I answered both yes and no.

If you hold out to for the next firmware update of asuswrt we should get DNS Filter back in stock and you can do much of the same as the nextdns cli there.

This is very interesting...

@LoPro
Can you provide some more insight (articles, links or guides) to learn how to install Entware (or just some other scripts/ software/ etc…) and special USB boot drives on stock firmware?

Reason: I am keen on trying out the beta 'stock' firmware with WireGuard support, but I also need some elements of Entware for my scripting, etc...

 

[abir1909]

Hi All,
New 386 rc3-3 firmware added more IPv6 support.
You can now use IPv6 to register DDNS and use it for OpenVPN, WireGuard server.
firmware link
https://drive.google.com/drive/folders/1zbP67c9LM-je_w3PEc36ybc_VFddJPPe?usp=sharing

support model list
GT-AX11000
RT-AX92U
RT-AX88U
RT-AX82U
RT-AX68U
RT-AX56U
RT-AX55
TUF-AX5400
TUF-AX3000
ZenWiFi ET8
ZenWiFi XT8
ZenWiFi XD6
ZenWiFi XD4

RT-AX86U and RT-AX58U are not in this run, there are still some issues that need to be solved.

Any update on the AX86U? thanks

 

[rme]

Using ET8 router and 1 node, there is a problem with WAN\DDNS\domains.google.com ddns setup. i reset to factory default settings using stock 3.0.0.4.386_43981, then setup new mesh network only changing wifi settings and login/password, then upgraded to RC3-3 from onedrive link on 1st page of this thread, then tried to re-setup domains.google.com ddns using same settings that previously worked under stock fw. Get a registration error. Attached pdf shows the redacted settings that work on stock fw ddns setup for domains.google.com, but don't work when entered into RC3-3. It seems that the asus ddns (www.asus.com) built in ddns does work under RC3-3 but didn't test that too much

 

[CPngN]

Using ET8 router and 1 node, there is a problem with WAN\DDNS\domains.google.com ddns setup. i reset to factory default settings using stock 3.0.0.4.386_43981, then setup new mesh network only changing wifi settings and login/password, then upgraded to RC3-3 from onedrive link on 1st page of this thread, then tried to re-setup domains.google.com ddns using same settings that previously worked under stock fw. Get a registration error. Attached pdf shows the redacted settings that work on stock fw ddns setup for domains.google.com, but don't work when entered into RC3-3. It seems that the asus ddns (www.asus.com) built in ddns does work under RC3-3 but didn't test that too much

Well crap. I suppose I haven't noticed because at some point I had issues on my previous Asus router and just started using a mac mini server to do the DDNS upkeep. It's on ethernet, so it will always have the same external IP as the router.
Hey does Google Domains really do free email forwarding with just a domain registration? No "hosting package" needed?! Damn that would save me hundreds!

 

[rme]

yes it does, just need a domain registration with domains.google.com and go into settings/email and setup an email forward

 

[CPngN]

yes it does, just need a domain registration with domains.google.com and go into settings/email and setup an email forward

Oh, like a single forward. I have like 300 forwarding addresses on my domain (new address for every site!) that all forward to one of 2 or 3 places. I add them on the fly. Don't think Google's thing does that, does it?

 

[mattl0]

I bought the asus rt-ax82u last month.

With the official firmware from asus and one of merlin fork on github (wich is based on the official one) My lg wifi appliances ( I automate my home ) keeps disconnecting. The router is at three meters from the washing machine and the dryer. Both are connected on a guess account on 2.4.
But with this beta firmware the issue is not present at all. I don’t see that as a problem for now, but It would be nice to know what changed in the beta that would explain that difference? Maybe it could be backported?
Thanks

 

[JGrana]

Is anyone running Wireguard in a site-site configuration with this R3 beta?

If so, can you share what iptables rules Asus is putting in?
Also, the wgX.conf file it creates would be helpful (with the PublicKey and PrivateKey removed!).

 

[Marcrisale]

Just saw the new asuswrt release (not a beta one) when will the wireguard option be available in the release version and not just in beta?. What will the RC3-4 include?

 

[Martineau]

Also, the wgX.conf file it creates would be helpful (with the PublicKey and PrivateKey removed!).

The WireGuard Beta requires you to manually enter ALL configuration values into the GUI, and they are saved in NVRAM variables so I don't believe there is a permanent physical .conf file.
(Similar to wg-quick which creates a temporary file (stripped of unrecognised directives) for use by the wg setconf wgX? /proc/self/fd/63 command when initially creating the interface, which is then immediately deleted when wg-quick terminates.)

e.g. where X is either 's' for 'server' or 'c' for 'client', and '?' is the instance number (NOTE: only one WireGuard 'server' wgs1 is currently allowed and I think only five 'clients')

nvram set wgX?_addr=
nvram set wgX?_aips=
nvram set wgX?_alive=
nvram set wgX?_dns=
nvram set wgX?_enable=
nvram set wgX?_ep_addr=
nvram set wgX?_ep_port=
nvram set wgX?_nat=1"
nvram set wgX?_ppub=
nvram set wgX?_priv=

EDIT: Doh! but of course you can issue the Userspace tool command

wg showconf wgc5

[Interface]
ListenPort = 48350
PrivateKey = deaDj/czAgWTzLEkWoPF/2eMFlRBkPv62W2XX3wieiVA=

[Peer]
PublicKey = 7YNog586gTRA3gb+78tpfG/w1Ua/JprciQTSO/tKjyE=
AllowedIPs = ::/0
Endpoint = [2001:ac8:20:308::a15f]:51820
PersistentKeepalive = 25

 

[torstein]

Oh, like a single forward. I have like 300 forwarding addresses on my domain (new address for every site!) that all forward to one of 2 or 3 places. I add them on the fly. Don't think Google's thing does that, does it?

This is the way! I do the same, but with Apple iCloud "Hide my Email".

 

[srkbear]

Hi, no intention to be impatient but we’re going into two months without an update to this beta—any word on the next beta cycle release please?

 

[rayofsi]

i was running rc2 just fine, and my itchy finger pressed update. now i am having issues with this firmware, interface fails to load sometimes. i tried to static ip a device thats on a aimesh node and i get kicked out of the interface and it fails to load again.

 

[OzarkEdge]

i was running rc2 just fine, and my itchy finger pressed update. now i am having issues with this firmware, interface fails to load sometimes. i tried to static ip a device thats on a aimesh node and i get kicked out of the interface and it fails to load again.

I would install the firmware you want to use, reset that firmware to its default settings, and configure it from scratch. If beta firmware is unsatisfactory, start over with the latest released firmware.

Reset FAQ
Reset Button/webUI Restore
WPS Button Hard Reset

OE