Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. M

    VPNMON VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)

    In your last code revision, the case pattern "[+/-][0-9]" for "$nvramVal" is incorrect because it causes the function to fail with valid values (e.g. "0" or "1") and to succeed with invalid values (e.g. "-1"), and that's because it requires a digit to have a preceding sign character (plus or...
  2. M

    VPNMON VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)

    Given that the values from NVRAM variables "vpn_client[1-5]_state" seem to be somewhat "unpredictable" in some cases, and there are calls to get those values in many places, I'd suggest a more modular coding solution using a function like this one: _VPN_GetClientState_() { if [ $# -lt 1 ]...
  3. M

    OpenVPN on iOS Cannot Parse Certificate

    The error message indicates that the parser found some syntax error on or around the "END marker" delimiter for the CA certificate so it seems that the client configuration file may have been corrupted when it was imported/uploaded to your iOS device, especially since you said the Windows...
  4. M

    cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback

    If you would like to get rid of those 2 warnings in the client log, you can make 2 simple changes in the OpenVPN Client configuration file: 1) Change "ncp-ciphers" to "data-ciphers" keyword FROM: ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305 TO: data-ciphers...
  5. M

    Static DHCP list not shown in UI following update to 3004.388.4

    When using the WinSCP tool, there's a potential risk of corrupting the NVRAM key values if you inadvertently don't follow exactly the correct format/syntax when editing the key contents. In addition, using the nvram CLI would be considered the safest method as it encapsulates the internal...
  6. M

    Static DHCP list not shown in UI following update to 3004.388.4

    If you have the SSH server enabled & configured on your router, you can use the following command to double-check if the built-in NVRAM variable still exists and if it has any of your custom settings: nvram show 2>/dev/null | grep "dhcp_staticlist=" If the key value is completely empty then...
  7. M

    OpenVPN configuration not compatible with OpenVPN Connect 3.4.0

    Yes, I fully understand the reasons for the design decision to not make the RSA Key size options readily available/visible after a selection has been made & then applied; and those are valid reasons that I agree with especially because, as you said, once the user selects & applies a new key...
  8. M

    OpenVPN configuration not compatible with OpenVPN Connect 3.4.0

    Yes, that's an option if/when users need or want to reset to defaults *all* their customized, pre-configured settings of the OpenVPN Server instance so that they can start from scratch. However, this thread here is actually about regenerating or renewing the SSL certificates of the server &...
  9. M

    OpenVPN configuration not compatible with OpenVPN Connect 3.4.0

    Yes, of course, there's no dispute about that; it's been made clear, AFAICT. The point is that first, you have to be able to *see* the RSA key size options (i.e. they must be visible) in order to change the current setting. If you read post #9 carefully, that's where the poster, @HarryH3, had...
  10. M

    OpenVPN configuration not compatible with OpenVPN Connect 3.4.0

    My parents & my parents-in-law have the RT-AC68U models (1.4GHz CPU H/W revision), and I've set up the 2 OpenVPN Servers available on each router with the same configuration (except, of course, for separate port #s, IP subnets & corresponding cert & keys), but I leave only the 1st Server...
  11. M

    OpenVPN configuration not compatible with OpenVPN Connect 3.4.0

    To make the "1024 bit" & "2048 bit" options visible again on an already configured Server instance, toggle OFF (i.e. disable) the "Enable OpenVPN Server" setting and then click on the "Apply" button. Once that step completes, toggle the Server back ON, and you'll see the "RSA Encryption" options.
  12. M

    BACKUPMON BACKUPMON v1.5.10 -Mar 1, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! (**Thread closed due to age**)

    OK, my shell script is now available in PasteBin: curl -kLSs --retry 3 --retry-delay 5 --retry-connrefused pastebin.com/raw/9jNL1G7C | tr -d '\r' > "$HOME/GetMountPointSelection.sh" && chmod 755 $HOME/*.sh You can run the script "as is" just to see the menu & test what it does...
  13. M

    BACKUPMON BACKUPMON v1.5.10 -Mar 1, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! (**Thread closed due to age**)

    I have a custom shell script that I use whenever I want to have menu-driven options so the user can select the mount point of a target USB-attached drive partition. If I understood correctly what you're trying to do, I think you could use it (perhaps with some minor changes) in your own script...
  14. M

    OpenVPN configuration not compatible with OpenVPN Connect 3.4.0

    Take a look at the following thread: https://www.snbforums.com/threads/open-vpn-app-no-longer-working.87154/#post-869477 When you regenerate the certificates using the "Renew" button on the WebGUI using the latest F/W versions, the correct built-in hash algorithm will be used automatically.
  15. M

    BACKUPMON BACKUPMON v1.5.10 -Mar 1, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! (**Thread closed due to age**)

    This post will probably sound pedantic to some readers, and I know it's fairly common for people to use the terms encryption & encoding interchangeably in everyday conversation, but as a s/w dev. who has worked with many encryption & encoding schemes in different projects over the years, and...
  16. M

    Plans to migrate to OpenSSL 3.0?

    IMO, using 1024-bit RSA encryption keys can be considered safe enough for now *if* all you're protecting is access to the router's Admin WebGUI, primarily because that kind of VPN traffic is transient and limited to your own household. So unless you're a famous celebrity, corporate executive...
  17. M

    Plans to migrate to OpenSSL 3.0?

    Double-check the current CA certificate used by your server with the following command: openssl x509 -noout -text -in "/jffs/openvpn/vpn_crt_server1_ca" | grep -E "Signature Algorithm:|Public Key Algorithm:|RSA Public-Key:" EDIT: Your output should match the one shown below from my router...
  18. M

    Plans to migrate to OpenSSL 3.0?

    I suggest you provide a screenshot of whatever error(s) you're getting now. If both the RSA & DH keys are now 2048 bits then the error should be different from your previous screenshot, and should point to something else that it's now considered "insecure" when running the updated app in...
  19. M

    Plans to migrate to OpenSSL 3.0?

    Use the following command: openssl dhparam -in /jffs/openvpn/vpn_crt_serverX_dh -text | grep "DH Parameters:" Where "X" is the server number: 1 or 2.
  20. M

    Plans to migrate to OpenSSL 3.0?

    If the newly generated & imported OpenVPN client config file still doesn't work with the "Preferred" option, you need to check each & every error message that you get and fix them one at a time. It's essentially a matter of having the OpenVPN Server configuration options satisfy the minimum set...
View older results
Top