[ 388.2 alpha Build(s) ] Testing available build(s)

[XIII]

Installed 388.2 Alpha 2 over 388.1 on my GT-AX6000.

Unfortunately something still crashes when I try set the IPSec VPN Pre-Shared Key:

Mar 14 21:05:06 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 4.19.183, aarch64)
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
Mar 14 21:05:07 00[NET] installing IKE bypass policy failed
Mar 14 21:05:07 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 14 21:05:07 00[CFG]   loaded ca certificate "C=TW, O=ASUS, CN=ASUS ax6000 Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Mar 14 21:05:07 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 14 21:05:07 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 14 21:05:07 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 14 21:05:07 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 14 21:05:07 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 14 21:05:07 00[CFG]   loaded IKE secret for %any
Mar 14 21:05:07 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Mar 14 21:05:07 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf curve25519 agent xcbc cmac hmac kdf gcm drbg attr kernel-pfkey kernel-netlink socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic counters
Mar 14 21:05:07 00[JOB] spawning 8 worker threads
Mar 14 21:05:07 01[CFG] received stroke: add connection 'Host-to-Net'
Mar 14 21:05:07 01[CFG] adding virtual IP address pool 10.10.10.0/24
Mar 14 21:05:07 01[CFG] added configuration 'Host-to-Net'
Mar 14 21:05:07 05[CFG] received stroke: add connection 'Host-to-Netv2'
Mar 14 21:05:07 05[CFG] reusing virtual IP address pool 10.10.10.0/24
Mar 14 21:05:07 05[CFG]   loaded certificate "C=TW, O=ASUS, CN=192.168.0.2" from 'svrCert.pem'
Mar 14 21:05:07 05[CFG]   id '<REDACTED>.asuscomm.com' not confirmed by certificate, defaulting to 'C=TW, O=ASUS, CN=192.168.0.2'
Mar 14 21:05:07 05[CFG] added configuration 'Host-to-Netv2'
Mar 14 21:05:07 00[DMN] SIGINT received, shutting down

@RMerlin I reported this for 388.1, but back then you unfortunately/understandably had no time to look into this. Perhaps you have some time now, while waiting for (more?) GPL's? (Not trying to push you!)

Is the local IP address in "CN=192.168.0.2" expected or should this be a public IP address for (configuring) IPSec VPN to properly work?

(My ASUS router is behind my ISP's router, which does not offer bridge mode - thus in DMZ instead)

 

[RMerlin]

@RMerlin I reported this for 388.1, but back then you unfortunately/understandably had no time to look into this. Perhaps you have some time now, while waiting for (more?) GPL's? (Not trying to push you!)

According to Broadcom, the policy messages are a compatibility issue for this kernel between the 64-bit kernel and the 32-bit userspace tool, and shouldn't prevent IPSEC from working properly.

 

[XIII]

According to Broadcom, the policy messages are a compatibility issue for this kernel between the 64-bit kernel and the 32-bit userspace tool, and shouldn't prevent IPSEC from working properly.

When I enter my key and try to save it, I see a message that settings are being applied, with an increasing percentage (steps of 10%). When it reaches 100% the Pre-Shared Key field is emptied.

When I try to connect from an iPhone/iPad anyway, they stall on “Connecting…”

The same settings used to work fine with my AC86U using the 386.x firmware.

What can I do to (help) debug/fix this?

 

[brummygit]

This will happen if your node is on a newer build than your main.

Also have issues with the AiMesh Topology page. I can confirm that all my nodes are on the same base GPL as the main router and that a full reset and manual reconfigure doesn't resolve.

At one point this evening, the page was completely unresponsive but seemed to fix itself after a while.

 

[DJones]

Since Curl is like a mini-browser connecting to the Internet and used by many add-ons I thought it would be good to keep up to date with bug-fixes and vulnerabilities like desktop-browsers, but never mind...

No idea if it would break anything but you could probably just use entware curl 7.86.0-1

 

[RMerlin]

When I enter my key and try to save it, I see a message that settings are being applied, with an increasing percentage (steps of 10%). When it reaches 100% the Pre-Shared Key field is emptied.

When I try to connect from an iPhone/iPad anyway, they stall on “Connecting…”

The same settings used to work fine with my AC86U using the 386.x firmware.

What can I do to (help) debug/fix this?

I will have to see if I can reproduce it.

 

[Wisiwyg]

Also have issues with the AiMesh Topology page. I can confirm that all my nodes are on the same base GPL as the main router and that a full reset and manual reconfigure doesn't resolve.

At one point this evening, the page was completely unresponsive but seemed to fix itself after a while.

Several people have reported it takes ~ 10 sec for the page to resolve. Happens to me as well.

 

[eclp]

Unfortunately, and apparently no matter with which new version, the annoying dcd tainted error persists mercilessly on my AX88U. This causes, among other things, that WebHistory is no longer functional after a few days.

Mar 15 01:26:07 kernel: potentially unexpected fatal signal 11.
Mar 15 01:26:07 kernel: CPU: 1 PID: 7169 Comm: dcd Tainted: P           O    4.1.51 #2
Mar 15 01:26:07 kernel: Hardware name: Broadcom-v8A (DT)
Mar 15 01:26:07 kernel: task: ffffffc02bbe41c0 ti: ffffffc028c4c000 task.ti: ffffffc028c4c000
Mar 15 01:26:07 kernel: PC is at 0xf6da439c
Mar 15 01:26:07 kernel: LR is at 0x1dce0
Mar 15 01:26:07 kernel: pc : [<00000000f6da439c>] lr : [<000000000001dce0>] pstate: 600f0010
Mar 15 01:26:07 kernel: sp : 00000000ffe0fa78
Mar 15 01:26:07 kernel: x12: 00000000000a2050 
Mar 15 01:26:07 kernel: x11: 00000000f60ff024 x10: 00000000000a23c4 
Mar 15 01:26:07 kernel: x9 : 00000000f60ffd5c x8 : 00000000000a287c 
Mar 15 01:26:07 kernel: x7 : 00000000f60ffd90 x6 : 00000000000a2876 
Mar 15 01:26:07 kernel: x5 : 0000000000000000 x4 : 00000000f60ffd40 
Mar 15 01:26:07 kernel: x3 : 0000000000000000 x2 : 0000000000000000 
Mar 15 01:26:07 kernel: x1 : 000000000007d72a x0 : 0000000000000000

 

[ZANGIEF]

After updating RT-AX86U from 388.1 to 388.2 alpha2, I noticed that the AiProtection alert emails (Google) were no longer being sent.

After resetting and reconfiguring, I received the "Notify Mail Verify" email, but when I accessed the test site, I did not receive the alert email. In the router's GUI, it was counted as Malicious Sites Blocking.

I also tried this post, but it did not fix the problem.
I have already set up a Google account with two-step verification and an app password.

 

[brummygit]

Several people have reported it takes ~ 10 sec for the page to resolve. Happens to me as well.

Yes, I am aware others have reported this problem. To assist @RMerlin with diagnosis I am confirming that (contrary to earlier posts) matching node versions and a full factory reset do not resolve it.

 

[Calkulin]

Can anyone confirm if it happens on official 22525? I think that would be a better way to diagnosis this as it would confirm if it would be on Asus to fix

 

[Ripshod]

RT-AX88U_388.2_alpha2-g099892a1cf seems to have problems with 5Ghz wifi. Came home from work and noticed 5Ghz wasn't available. Ran a wifi analyzer and saw the 5G was coming up for about 5 seconds before dying again - like completely gone for 20 seconds. It did this continually before I rebooted the router.
I'm sticking with it to see if it happens again. Is there anything I can test for you @RMerlin?

Must have just been a one-off. Rock stable today. Thanks RMerlin.

 

[dbell]

@RMerlin - not sure where to put this so putting it here although not directly related to 388.2 - on the infamous missing product icon on aimesh nodes. The issue is in this aimesh_data object which you can inspect directly in browser console:

For the router (hostname: ax86u-office), the image is loaded from this url: https://nw-dlcdnet.asus.com/plugin/productIcons/RT-AX86U.png

But for the node, the icon_model_name property matches a client name that I set via a static dhcp allocation of ax86u-base, and because it has a value it tries to load this image (which of course does not exist): https://nw-dlcdnet.asus.com/plugin/productIcons/AX86U-BASE.png

Seems like icon_model_name is being populated for nodes with incorrect data and thus that value used, unlike the case for the router where it probably falls back and uses model_name or ui_model_name because icon_model_name is empty.

I expect this is in the ASUS code but perhaps you could feed it back through your contacts there.

UPDATE: The icon loads properly by tricking the code using a client name in the dhcp entry of RT-AX86U so that icon_model_name gets set the same as the other model name entries:

 

[livefeed]

@RMerlin

Working great on my setup about from Open VPN.

Running 388.2_alpha2-g099892a1cf on a GT-AXE16000, Open VPN (ExpressVPN) was working fine before the Alpha from two days ago, any ideas?

Seeing this on the settings page;
Error - check configuration!

 

[cubano_14]

On an AX86U. Would anyone know if alpha 1 or 2 has the test wifi fix merlin got from asus a few weeks back that fixed random disconnect issues, etc? I know this has 22525 for the AX86U though i didn't see anything in the changelog regarding that specific fix. I had been trying to keep up on information regarding the wifi fix firmware and if it was yet implemented into a release but lost track.

Thanks

 

[bbunge]

On an AX86U. Would anyone know if alpha 1 or 2 has the test wifi fix merlin got from asus a few weeks back that fixed random disconnect issues, etc? I know this has 22525 for the AX86U though i didn't see anything in the changelog regarding that specific fix. I had been trying to keep up on information regarding the wifi fix firmware and if it was yet implemented into a release but lost track.

Thanks

The "fix" was to be in 388.22525 I believe. Both 388.22525 and 388.2 a2 WIFI work as intended.

 

[cubano_14]

The "fix" was to be in 388.22525 I believe. Both 388.22525 and 388.2 a2 WIFI work as intended.

Fantastic! I'll give it a shot and see whats up. Thank you for the heads up!

 

[RMerlin]

any ideas?

Check your System Log for information as to what is going on.

 

[y2k se]

RT-AX88U_388.2_alpha2-g099892a1cf fixes the Administration>System tab, woohoo!!

It mostly figured it on my RT-AX88U PRO also, however the format jffs partition on reboot option is missing.

 

[visortgw]

It mostly figured it on my RT-AX88U PRO also, however the format jffs partition on reboot option is missing.

That is probably because the RT-AX88U PRO, like the GT-AX6000 and others, does not have JFFS. The newer routers useee UBIFS rather than JFFS2