The only change there is that the Protocol field is now a dropdown instead of a text input field.
[384.12_Alpha - builds] Testing all variants.
- Status
The only change there is that the Protocol field is now a dropdown instead of a text input field.
Zastoff
Very Senior Member
Dont know if this can be of help, Kvic`s pixelserv-tls can create cert for the router, That how i did
edit:
From RMerlin`s wiki
Last edited:
Billy Chaney
Regular Contributor
scjr
Very Senior Member
I’m on 400/20 and using Cloudflare DNS as well. I use the same settings you posted, minus ‘Use local caching DNS Server’ is set to No. I seriously can’t tell a difference between Yes and No. Pages load very quickly regardless of which setting is used. I like the ‘safer and more reliable’ comment in the commit in regards to DNS Privacy and the new default, so I will keep it set to No. Though I can see changing that setting, if there’s an issue with a particular configuration. Maybe your configuration benefits from setting it to Yes?https://www.snbforums.com/threads/384-12_alpha-builds-testing-all-variants.56639/page-11#post-493386
As an update to my post above, I have now tested all possible scenarios with Connect to DNS Server Automatically (using ISP's or CloudFlare DNS servers) and Use local caching DNS Server (in Other Settings) set either to Yes or No.
By far, on my Fibre 1Gbps up/down symmetrical connection, the best combination is 'No' and using the CloudFlare DNS servers and 'Yes' for Use local caching. The page load times are noticeably faster than any other combination I tried. I feel like I'm 'surfing' the net like a 19-year-old, so fast and limber.
View attachment 17812 View attachment 17813
View attachment 17814
MDM
Senior Member
I know I can use the DDNS page, but that still isn't automatic, and above all I have no need to let DDNS enabled..
Did not expect that, I thought you needed to use "Enable the DDNS Client" and leave it ON and use the option "Free Certificate from Let's Encrypt"...
Obviously all that is needed is to enable "Import/Persistent Auto-generated" and click apply (with "Generate a new certificate" set to "Yes").
But I am now confused, why does the router itself not enable this option after enabling HTTPS LAN access. I always wondered why it even links you to the DDNS page "Click here to manage.", while there was nothing to manage there.
It is weird the router does not set this on its own, it would ease the life of many.
Is it possible to implement in the FW to automate this process, so that it does it automatically after choosing the HTTPS option (or BOTH) in Authentication Method?
OK this works, even after reboots it sticks! Thanks!
Did not expect that, I thought you needed to use "Enable the DDNS Client" and leave it ON and use the option "Free Certificate from Let's Encrypt"...
Obviously all that is needed is to enable "Import/Persistent Auto-generated" and click apply (with "Generate a new certificate" set to "Yes").
But I am now confused, why does the router itself not enable this option after enabling HTTPS LAN access. I always wondered why it even links you to the DDNS page "Click here to manage.", while there was nothing to manage there.
It is weird the router does not set this on its own, it would ease the life of many.
Is it possible to implement in the FW to automate this process, so that it does it automatically after choosing the HTTPS option (or BOTH) in Authentication Method?
dave14305
Part of the Furniture
Do you have AiProtection enabled? I’m just wondering if the “wred” process on the router was generating DNS requests to the TrendMicro servers while you were using the ISP DNS servers that were slow or timing out. These would be impacted by the setting, and since you’re very certain of the speed difference there has to be an explanation somewhere.I don't use benchmark tools.
We're in total agreement there.
I also agree that the images won't be on different sites either. But my issue and at least one other person was that originally, checking for updates in amtm was taking 2 minutes or more (for 8 scripts including amtm).
Thank you for the additional information, but this is the best set up as-is. All websites load as they should, no issues at all. The extra responsiveness is just a bonus I don't want to forgo right now.
Davidncali001
Regular Contributor
This is how I enabled HTTPS on port 8443 log in: https://github.com/kvic-z/pixelserv-tls/wiki/[ASUSWRT]-Use-Pixelserv-CA-to-issue-a-certificate-for-WebGUI
I ran that once and it has been perminate ever since. Note that I did run Diversion first so that way a certificate was already created for me when Diversion installed Pixelserv.
I ran that once and it has been perminate ever since. Note that I did run Diversion first so that way a certificate was already created for me when Diversion installed Pixelserv.
Swistheater
Very Senior Member
it is a nice concept, but this is still the equivalence of using a self signed cert. as apposed to a verified.
Dabombber
Senior Member
Somewhat amusingly, I just had a problem related to both certificates and the local DNS resolver setting. My certificate just updated but a printer was still using the outdated one because the script to update it used the host name instead of IP, which now doesn't resolve.
I doubt many people will face similar issues, but I think I'll leave it set to Yes and set the time servers in dnsmasq.postconf to use the ISP DNS directly instead of going through stubby.
EDIT: Removed dnspriv_enable check since toggling it reloads dnsmasq, not restarts it.
I doubt many people will face similar issues, but I think I'll leave it set to Yes and set the time servers in dnsmasq.postconf to use the ISP DNS directly instead of going through stubby.
Code:
#!/bin/sh
if [ "$(nvram get dns_local_cache)" = "1" ]; then
{
NTPSERVERS=""
for VAR in 0 1; do
NTP="$(nvram get "ntp_server$VAR")"
[ -n "$NTP" ] && NTPSERVERS="$NTPSERVERS/$NTP"
done
[ -z "$NTPSERVERS" ] && NTPSERVERS="/pool.ntp.org"
for DNS in $(nvram get wan_dns); do
echo "server=$NTPSERVERS/$DNS"
done
for VAR in 1 2 3; do
DNS="$(nvram get "ipv6_dns$VAR")"
[ -n "$DNS" ] && echo "server=$NTPSERVERS/$DNS"
done
} >> "$1"
fiEDIT: Removed dnspriv_enable check since toggling it reloads dnsmasq, not restarts it.
Last edited:
L&LD
Part of the Furniture
No, right now and for the past few days (week?), I have had AiProtection disabled.
Stevens243
Regular Contributor
I ran the helper script and get this error:
-sh: $: not found
Not sure if I'm missing something or not seeing if I'm supposed to put a local data set in there in place of the $
Zastoff
Very Senior Member
Try without $
Code:
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"Stevens243
Regular Contributor
That did it. TYVM!
Billy Chaney
Regular Contributor
While this works perfectly with Chrome, I can’t get it to work with Firefox.I know I can use the DDNS page, but that still isn't automatic, and above all I have no need to let DDNS enabled..
OK this works, even after reboots it sticks! Thanks!
Did not expect that, I thought you needed to use "Enable the DDNS Client" and leave it ON and use the option "Free Certificate from Let's Encrypt"...
Obviously all that is needed is to enable "Import/Persistent Auto-generated" and click apply (with "Generate a new certificate" set to "Yes").
View attachment 17864
But I am now confused, why does the router itself not enable this option after enabling HTTPS LAN access. I always wondered why it even links you to the DDNS page "Click here to manage.", while there was nothing to manage there.
It is weird the router does not set this on its own, it would ease the life of many.
Is it possible to implement in the FW to automate this process, so that it does it automatically after choosing the HTTPS option (or BOTH) in Authentication Method?
MDM
Senior Member
It is precisely with Firefox its working! (as with IE and Edge)
Although in Firefox I still have the yellow "!" triangle but who cares (because FF does not "trust" local personal Certificates by design even when added as exception), at least now it does work after a reboot.
The issue I had was that after several reboots, and adding exceptions, the "cert8.db" gets corrupted, and I had to restore the file from backup (or delete it), which started being annoying...
Last edited:
Billy Chaney
Regular Contributor
After importing the cert file into Chrome, I get a solid padlock beside the URL when logging into my router. When I import the cert into Firefox, I get the same as you do. Now when I use Kvics script and import the certs into Chrome or Firefox I get a solid padlock on both. Green for Firefox when logging into my router.
MDM
Senior Member
A lot, or too much work only to see a "solid padlock", couldn't care less if it works without bugging me.
But I do get a solid padlock in IE and Edge..
- Status
Similar threads
Similar threads
Similar threads
-
Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW
- Started by WishForTheStars
- Replies: 6
-
-
RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!)
- Started by itibi
- Replies: 14
-
[ 3006.102 alpha Build(s) ] Testing available build(s)
- Started by octopus
- Replies: 43
-
-
[ 3004.388.8 alpha Build(s) ] Testing available build(s)
- Started by octopus
- Replies: 39
-
-
[ 3006.102 alpha Build(s) ] Testing available build(s)
- Started by octopus
- Replies: 59
-
[ 3004.388.7 alpha 2 Build(s) ] Testing available build(s)
- Started by octopus
- Replies: 85
-
[ 3004.388.7 alpha 1 Build(s) ] Testing available build(s)
- Started by octopus
- Replies: 175
Latest threads
-
-
XT8 Packet Loss Wired Mesh - Using as Access Points Only
- Started by spyerx
- Replies: 1
-
Asus BQ16 Little help required.
- Started by Reinforcer
- Replies: 1
-
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!