What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Beta Asuswrt-Merlin 3006.102.4 Beta is now available

Status
Not open for further replies.
Linuxer said:
Slightly related, but is there a way to "tell" DNS Director not to block port 853? I delegate DoT/DoH blocking to an external DNS block list through ControlD but at the same time I'd like to use ControlD DoT on my Android phone (and DNS Director blocks it). In short, I'd like to have DNS Director active but outgoing port 853 open as well. Is this feasible, somehow, even using some iptables rule? Id6be grateful if you could suggest some workaround.

Thanks a lot in advance.
Click to expand...
Simplest way would be to add you phone to the DNS Director's client list with a setting of "No Redirection"
 
RMerlin said:
I already answered you before.

1) The Apply button is only of use when editing the rules, it has nothing to do with enabling/disabling a client
2) If the client does not start then look at your system log for the reason why it's failing.
Click to expand...
OK maybe some pictures would better explain.
First picture I select the VPN client (and you do have to click Apply if you want to add one of the Rules) but I did not add a rule or click Apply:

VPN Page 1.png


Next picture. I Click on the VPN Status Page. As you can see it is Blank even after clicking the Refresh Button on the VPN Status page. However, the VPN is started and working. I checked and it is going through Proton. :

VPN Page 2.png


Next Picture. All I did was Clear Browser Cache and Refresh the Page. As you can see, the VPN Status is now showing:

VPN Page 3.png


It's not that the VPN isn't starting or working, I just have to clear the cache and refresh page every time I make a change to show the proper Status. Did not have to do this in previous version. I see nothing in log showing errors. Hope this makes it a little clearer.

Thanks
 
zenmota said:
OK maybe some pictures would better explain.
First picture I select the VPN client (and you do have to click Apply if you want to add one of the Rules) but I did not add a rule or click Apply:
Next picture. I Click on the VPN Status Page. As you can see it is Blank even after clicking the Refresh Button on the VPN Status page. However, the VPN is started and working. I checked and it is going through Proton. :
Next Picture. All I did was Clear Browser Cache and Refresh the Page. As you can see, the VPN Status is now showing:
It's not that the VPN isn't starting or working, I just have to clear the cache and refresh page every time I make a change to show the proper Status. Did not have to do this in previous version. I see nothing in log showing errors. Hope this makes it a little clearer.
Thanks
Click to expand...
Chrome based browser..?
Try Firefox.
 
zenmota said:
Yes, Edge. I don't really want to install another browser, as Edge does everything I need. And I did not have this problem with previous version.

Thanks
Click to expand...
Chromium has long standing issues with the FW self-signed certificates, and as RMerlin said ASUS changed some things about it again that made it even worst in Chrome based browsers (not ASUS fault, the bug is on Chrome side!).

And not that hard to test it on Firefox, just delete or dont use the browser afterwards...
If it works with it, its not the FW fault.
 
GWTechTalk said:
GWTechTalk said:
Depends on who your service provider is. T-Mobile Wifi calling only is able to serve one device at a time and you have to manually open the ports when UPNP is off. Which for me UPNP is always off.
Click to expand...
T-Mobile wifi calling is working as expected without UPnP and without any opened port.
Click to expand...
 
rickysuperdog said:
Firstly thanks Merlin for your efforts.

BE92u updated to beta2. PPTP error still happened. I haven't enabled DNS director and only IPSec VPN is enabled.

Apr 20 14:49:05 pptp[6874]: Call manager exited with error 1
Apr 20 14:49:08 rc_service: dns_dpi_check 4662:notify_rc start_dnsqd
Apr 20 14:49:15 pptp[9331]: connect: Connection refused
Apr 20 14:49:15 pptp[9331]: Could not open control connection to 192.168.2.1
Apr 20 14:49:15 pptp[6874]: Call manager exited with error 1
Apr 20 14:49:25 pptp[9414]: connect: Connection refused
Apr 20 14:49:25 pptp[9414]: Could not open control connection to 192.168.2.1
Apr 20 14:49:25 pptp[6874]: Call manager exited with error 1
Apr 20 14:49:35 pptp[9732]: connect: Connection refused
Apr 20 14:49:35 pptp[9732]: Could not open control connection to 192.168.2.1
Apr 20 14:49:35 pptp[6874]: Call manager exited with error 1
Apr 20 14:49:45 pptp[9878]: connect: Connection refused
Apr 20 14:49:45 pptp[9878]: Could not open control connection to 192.168.2.1
Apr 20 14:49:45 pptp[6874]: Call manager exited with error 1
Apr 20 14:49:55 pptp[10033]: connect: Connection refused
Apr 20 14:49:55 pptp[10033]: Could not open control connection to 192.168.2.1
Apr 20 14:49:55 pptp[6874]: Call manager exited with error 1
Apr 20 14:50:05 pptp[10112]: connect: Connection refused

Apr 20 14:47:22 kernel: 0000: 04 00 00 00 00 00 00 00
Apr 20 14:47:22 kernel: 0000: 04 00 00 00 00 00 00 00
Apr 20 14:47:22 kernel: 0000: 04 00 00 00 00 00 00 00
Apr 20 14:47:23 kernel: fifo_bitmap_by_startidx:
Apr 20 14:47:23 kernel: fifo_bitmap_by_startidx:
Apr 20 14:47:23 kernel: 0000: 04 00 00 00 00 00 00 00
Apr 20 14:47:23 kernel: fifo_bitmap_by_startidx:
Apr 20 14:47:23 kernel: 0000: 04 00 00 00 00 00 00 00
Apr 20 14:47:23 kernel: 0000: 04 00 00 00 00 00 00 00

Secondly for the CPU issues and no response to WEBUI while login need time to see if these issues are fixed. Beta1 happened many times and I need to force back to the original firmware.

Many thanks and will report later.
Click to expand...
Follow up :

Strange that after I enable and disabled the PPTP and OpenVPN server several times, the pptp error message gone.

Furthermore:
CPU issue and WEBUI no response issues seems fixed on beta2 firmware.

Thanks
 
Last edited:
I doubt there is any side effect from this, but I noticed these libmnl libraries incorrectly linked in the firmware image.
Code: 
lrwxrwxrwx    1 rtradmin root           115 Apr 19 12:51 libmnl.so -> /home/merlin/amng.ax88pro/release/src-rt-5.04axhnd.675x/targets/94912GW/fs.install/libmnl-1.0.4/usr/lib/libmnl.so.0
lrwxrwxrwx    1 rtradmin root           115 Apr 19 12:51 libmnl.so.0.2.0 -> /home/merlin/amng.ax88pro/release/src-rt-5.04axhnd.675x/targets/94912GW/fs.install/libmnl-1.0.4/usr/lib/libmnl.so.0
Seems to be unique in 3006.102-wifi6.
 
Last edited:
@Dedel66 Do tell. I had to manually setup UDP port rules to get it working for me. The GUI didnt have the settings needed and does not by default allow wifi calling to work.

PM me if you need to don't want to hijack this thread. Oh and looking at your config, it likely works because you have IPV6. I do not, and my ISP doesn't offer it yet.


Code: 
#!/bin/sh

# T-Mobile Wi-Fi Calling and Visual Voicemail support (with IP restrictions)

# Define T-Mobile IP ranges
TMO_WFC_IPSEC="208.54.0.0/16"
TMO_AUTH_VVM="66.94.0.0/19"
TMO_CRL="206.29.177.36"

# ========================
# INPUT chain (Router itself)
# ========================

# IPSec (WFC 2.0)
iptables -I INPUT -p udp -s $TMO_WFC_IPSEC --dport 500 -j ACCEPT
iptables -I INPUT -p udp -s $TMO_WFC_IPSEC --dport 4500 -j ACCEPT

# SIP/TLS (WFC 1.0)
iptables -I INPUT -p tcp -s $TMO_WFC_IPSEC --dport 5061 -j ACCEPT
iptables -I INPUT -p udp -s $TMO_WFC_IPSEC --dport 5061 -j ACCEPT

# HTTPS Auth
iptables -I INPUT -p tcp -s $TMO_AUTH_VVM --dport 443 -j ACCEPT

# IMAP/SSL Voicemail
iptables -I INPUT -p tcp -s $TMO_AUTH_VVM --dport 993 -j ACCEPT

# CRL server (for cert validation)
iptables -I INPUT -p tcp -s $TMO_CRL --dport 80 -j ACCEPT

# Allow return traffic
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ========================
# FORWARD chain (LAN clients)
# ========================

# IPSec passthrough
iptables -I FORWARD -p udp -d $TMO_WFC_IPSEC --dport 500 -j ACCEPT
iptables -I FORWARD -p udp -d $TMO_WFC_IPSEC --dport 4500 -j ACCEPT

# SIP/TLS
iptables -I FORWARD -p tcp -d $TMO_WFC_IPSEC --dport 5061 -j ACCEPT
iptables -I FORWARD -p udp -d $TMO_WFC_IPSEC --dport 5061 -j ACCEPT

# HTTPS Auth
iptables -I FORWARD -p tcp -d $TMO_AUTH_VVM --dport 443 -j ACCEPT

# IMAP Voicemail
iptables -I FORWARD -p tcp -d $TMO_AUTH_VVM --dport 993 -j ACCEPT

# CRL
iptables -I FORWARD -p tcp -d $TMO_CRL --dport 80 -j ACCEPT

# Allow return traffic
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# ========================
# Router Features
# ========================

# IPSec passthrough settings
nvram set vpn_passthrough=1
nvram set ipsec_pass=1

# Optional: Disable SIP ALG (helps VoWiFi stability)
nvram set nf_sip=0

# Commit and reload if needed
nvram commit
 
Last edited:
For the BE92u a bug including in the original firmware and Merlin beta 1, 2 is that the right hand side System Status table of the Network Map and Client stats will be blank if connected the WebUI through internet IP, intranet no problem. It was fixed in the original beta firmware RT-BE92U_9.0.0.6_102_37803-ga2dcc92_1207-g0fc42_BB0B that released in February. I had reported to Asus support and they knew this issue but still not implemented the fix to recent stable firmware update.
 
MDM said:
Chromium has long standing issues with the FW self-signed certificates, and as RMerlin said ASUS changed some things about it again that made it even worst in Chrome based browsers (not ASUS fault, the bug is on Chrome side!).

And not that hard to test it on Firefox, just delete or dont use the browser afterwards...
If it works with it, its not the FW fault.
Click to expand...
Thanks for the info. I did not know some things had change. I might try FireFox later.

Thanks
 
MDM said:
Chromium has long standing issues with the FW self-signed certificates, and as RMerlin said ASUS changed some things about it again that made it even worst in Chrome based browsers (not ASUS fault, the bug is on Chrome side!).
Click to expand...
I use edge version 135.xxx.xxx.xx which is chromium based in which case self signed certificates works as it should with this firmware.
 
Ripshod said:
Has anyone else lost wifi calling with either of the betas after a full manual rebuild? I saw this this morning, but after restoring the backup from this morning it's back and running fine. If I have to do a full manual rebuild to create the error again I'm willing.
Click to expand...
If your ISP uses IPSEC for Wifi Calling then make sure that on WAN -> NAT Passthrough the IPSEC passthrough is enabled.
 
bluepoint said:
I use edge version 135.xxx.xxx.xx which is chromium based in which case self signed certificates works as it should with this firmware.
Click to expand...
Yes, but did he import the certificates? (even then it might glitch at places)
With Firefox you dont need to, just add as exception and done.
 
MDM said:
Yes, but did he import the certificates? (even then it might glitch at places)
With Firefox you dont need to, just add as exception and done.
Click to expand...
I did try Firefox and it did fix the problem for the most part. Maybe a couple of quirks. I did not import any certificates. Not sure how to do that or if need to. Never did before. Not sure about adding an exception in Firefox either. I did try accessing and changing setting for VPN in this Beta with another computer that is on this home network. It's running Windows 10 and use Edge, same problem.

Thanks
 
RMerlin said:
If your ISP uses IPSEC for Wifi Calling then make sure that on WAN -> NAT Passthrough the IPSEC passthrough is enabled.
Click to expand...
Unfortunately the problem at least for me is that it doesn’t work with IPv4 only, as multiple devices cannot have WiFi calling connected at the same time due to port collisions.

IPv6 fixes this issue as the devices then have a unique public ip. I haven’t found a way on IPv4 to make it work for multiple devices simultaneously. Open to ideas but seems to be a documented issue of IPv4 only.

Without upnp the only option is manual mapping but that is not super reliable.
 
Last edited:
Status
Not open for further replies.

Similar threads

RMerlin
Release Asuswrt-Merlin 3004.388.9 is now available
11 12 13
Replies
241
Views
27K
The PyroPath
T
RMerlin
  • Locked
Beta Asuswrt-Merlin 3004.388.9 Beta is now available
4 5 6
Replies
112
Views
10K
RMerlin
RMerlin
RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.3 beta is now available for Wifi 7 devices
2 3
Replies
53
Views
8K
RMerlin
RMerlin
RMerlin
Release Asuswrt-Merlin 3006.102.3 is now available for WIfi 7 devices
5 6 7
Replies
120
Views
22K
supershaun
S
octopus
  • Locked
[ 3006.102_4 alpha Build(s) ] available build(s)
14 15 16
Replies
313
Views
32K
octopus
octopus
Similar threads
Thread starter Title Forum Replies Date
RMerlin Release Asuswrt-Merlin 3006.102.4 is now available Asuswrt-Merlin 199
A Homekit help request on Asuswrt-Merlin 3006.102.4 Beta 2 Asuswrt-Merlin 2
RMerlin Release Asuswrt-Merlin 3006.102.3 is now available for WIfi 7 devices Asuswrt-Merlin 120
RMerlin Beta Asuswrt-Merlin 3006.102.3 beta is now available for Wifi 7 devices Asuswrt-Merlin 53
visortgw Asuswrt Merlin 3006.102.3 Alpha2 for GT-BE98 Pro, RT-BE86U, RT-BE88U, and RT-BE96U Asuswrt-Merlin 16
visortgw Asuswrt Merlin 3006.102.3 Alpha1 for GT-BE98 Pro Asuswrt-Merlin 46
RMerlin Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices Asuswrt-Merlin 101
RMerlin Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices Asuswrt-Merlin 70
RMerlin Release Asuswrt-Merlin 3006.102.1 is now available for Wifi 7 devices Asuswrt-Merlin 106
RMerlin Beta Asuswrt-Merlin 3006.102.1 Beta is now available for WIfi 7 devices Asuswrt-Merlin 97

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 900 (members: 11, guests: 889)
Back
Top