amtm amtm - the Asuswrt-Merlin Terminal Menu

[tomsk]

Yes it does. But that is web gui not CLI/amtm

I can maybe see a use case where you have really messed with things to the point where GUI is unrecoverable, and a factory reset is desired where you can still access the CLI.... but other than that, isn't it kind of reinventing the wheel.... even then you can hold some buttons down on the box and get a hard reset.

 

[L&LD]

@pirx73 I agree with @tomsk overall, but, if this reset could be 'automated' and perform the following, it would be most helpful.

• Plugin USB drive with new firmware (it can be the same as currently installed, of course).
• Run 'Nuclear Reset' script.
• The router will reboot, flash the firmware.
• Reset to factory defaults including 'Initialize all settings' checked.
• Flash the firmware again.
• Format the JFFS partition on the next reboot, reboot 3 times in the next 15 minutes, with at least 5 to 10 minutes between reboots.
• Flash the firmware, reboot, flash the firmware again.
• Reset to factory defaults one last time.
• Apply M&M Config 'safe' defaults.

Ideally, you can feed the script the username, password, and new SSID's for the router too.

Of course, I have no idea how the script will be continued after each reset/reboot and flashing of the firmware though.

But in this form, a 'nuclear reset' script would be very useful to weed out bad routers (hardware) from bad settings (user).

 

[maghuro]

@pirx73 I agree with @tomsk overall, but, if this reset could be 'automated' and perform the following, it would be most helpful.

• Plugin USB drive with new firmware (it can be the same as currently installed, of course).
• Run 'Nuclear Reset' script.
• The router will reboot, flash the firmware.
• Reset to factory defaults including 'Initialize all settings' checked.
• Flash the firmware again.
• Format the JFFS partition on the next reboot, reboot 3 times in the next 15 minutes, with at least 5 to 10 minutes between reboots.
• Flash the firmware, reboot, flash the firmware again.
• Reset to factory defaults one last time.
• Apply M&M Config 'safe' defaults.

Ideally, you can feed the script the username, password, and new SSID's for the router too.

Of course, I have no idea how the script will be continued after each reset/reboot and flashing of the firmware though.

But in this form, a 'nuclear reset' script would be very useful to weed out bad routers (hardware) from bad settings (user).

The only thing that won't be reseted is the pen were the firmware is, so the script would be writing to a "config" file on the pen what's the step where it is and resume from there after reboot/reset.

 

[Asad Ali]

@pirx73 I agree with @tomsk overall, but, if this reset could be 'automated' and perform the following, it would be most helpful.

• Plugin USB drive with new firmware (it can be the same as currently installed, of course).
• Run 'Nuclear Reset' script.
• The router will reboot, flash the firmware.
• Reset to factory defaults including 'Initialize all settings' checked.
• Flash the firmware again.
• Format the JFFS partition on the next reboot, reboot 3 times in the next 15 minutes, with at least 5 to 10 minutes between reboots.
• Flash the firmware, reboot, flash the firmware again.
• Reset to factory defaults one last time.
• Apply M&M Config 'safe' defaults.

Ideally, you can feed the script the username, password, and new SSID's for the router too.

Of course, I have no idea how the script will be continued after each reset/reboot and flashing of the firmware though.

But in this form, a 'nuclear reset' script would be very useful to weed out bad routers (hardware) from bad settings (user).

Not possible. There's no SSH access on fresh firmware and you can't store/feed the variables to it live while the firmware is refreshing.

 

[L&LD]

@Asad Ali, I know that.

I meant to feed the script all those variables before you hit 'go nuclear'.

 

[Asad Ali]

@Asad Ali, I know that.

I meant to feed the script all those variables before you hit 'go nuclear'.

Still not possible, even if you store the variables on a separate USB etc, SSH access and custom scripts will be disabled on fresh install so script won't be able to do anything.

 

[L&LD]

@Asad Ali, that would depend on what magic RMerlin decides to include.

(But for security reasons, probably not a good idea).

 

[Asad Ali]

@Asad Ali, that would depend on what magic RMerlin decides to include.

(But for security reasons, probably not a good idea).

Well then there's no point for the script anyway, If it needs dependancies from some major changes in the firmware, the functionality can be baked directly in it as well.

No offense to your idea, it's really nice and I like it as well but I'm just pointing out what's possible and what's not within current environment.

 

[dugaduga]

"upd err" for days now. github.com working fine in browser, but they or is it diversion.ch blocking spesific urls and raw updates such as diversion.ch uses, as anticipated given it is now owned by Microsoft. Please move to a better reliable service provider.

New Version Detected - Updating To (d41d8cd98f00b204e9800998ecf8427e)
Saving Changes
Unloading Skynet Components
[*] Updating chart.js Failed
[*] Updating chartjs-plugin-zoom.js Failed
[*] Updating hammerjs.js Failed
[*] Updating skynet.asp Failed

oddly:

! Diversion: diversion.ch unreachable
! Skynet: raw.githubusercontent.com unreachable
! NVRAM Save/Restore Utility: raw.githubusercontent.com unreachable
! dnscrypt installer: raw.githubusercontent.com unreachable
! using fallback server diversion.ch
! amtm: diversion.ch unreachable

I can reach diversion.ch in browser and ping it via router

please explain this

 

[L&LD]

@dugaduga no issues here (just updated a few scripts).

The whole day I'm troubleshooting for customers issues that seem at first glance router issues but are proving to be otherwise (server issues on their supplier's end). The whole internet infrastructure is being strained now and it's easy to see the cracks here and there.

I'm sure things will go back to normal when the lockdown restrictions are able to be eased up.

I am even guessing that for those that do continue to use it heavily at that time, it may be the fastest its ever been too.

 

[dugaduga]

@dugaduga no issues here (just updated a few scripts).

The whole day I'm troubleshooting for customers issues that seem at first glance router issues but are proving to be otherwise (server issues on their supplier's end). The whole internet infrastructure is being strained now and it's easy to see the cracks here and there,

I'm sure things will go back to normal when the lockdown restrictions are able to be eased up.

I am even guessing that for those that do continue to use it heavily at that time, it may be the fastest its ever been too.

Seems Github is prioritizing spesific functionality in rolling or targeted blackouts. Trump passed the bill with 4% support ending net neutrality in America so corporations have legal rights to prioritize traffic into teirs and lanes of priority governed by whatever suits the highest bidders personal agenda and bias just like that endangered species known as Cable TV or print news.

Look at it this way, in the 80's, Canada used to have over 100 meat processing facilities owned by Canadians. Now it has 3. Two of 3 Canadian processing facilities have been hit by corona virus, one shut down entirely. Now we have a meat shortage because of our short sightedness.

Ending net neutrality puts the control over nearly unlimited bandwidth and what is seen or not seen on the internet into the hands of a small hand full of internet service providers, CDN's and coprorations and their paymasters instead of everyone equally. This may be an example of that. We can cross our fingers and hope it all goes away once this lockdown passes. We may have to fight for it. Many will say governments and corporations tend to not let go of these powers once they have them in their grasp. Time will tell.

 

[maghuro]

I think a backup scheduler would be a nice addition. Today, users must manually run backups in the GUI. Mine is simple, but I offer it as a conversation starter:

#!/bin/sh

BACKUPDIR=/tmp/mnt/Backup/Router

if [ -d "$BACKUPDIR" ]; then
        if [ -n "$1" ]; then
          FWVER="$1"
        else
          FWVER="$(nvram get buildno)_$(nvram get extendno)"
        fi

        rm -f "$BACKUPDIR"/settings_"$FWVER".cfg.bak 2>/dev/null
        cp -p "$BACKUPDIR"/settings_"$FWVER".cfg "$BACKUPDIR"/settings_"$FWVER".cfg.bak 2>/dev/null
        nvram save "$BACKUPDIR"/settings_"$FWVER".cfg

        rm -f "$BACKUPDIR"/jffs_"$FWVER".tar.bak 2>/dev/null
        cp -p "$BACKUPDIR"/jffs_"$FWVER".tar "$BACKUPDIR"/jffs_"$FWVER".tar.bak 2>/dev/null
        tar -cf "$BACKUPDIR"/jffs_"$FWVER".tar -C /jffs .

        rm -f "$BACKUPDIR"/nvram_"$FWVER".txt.bak 2>/dev/null
        cp -p "$BACKUPDIR"/nvram_"$FWVER".txt "$BACKUPDIR"/nvram_"$FWVER".txt.bak 2>/dev/null
        nvram show 2>/dev/null | sort > "$BACKUPDIR"/nvram_"$FWVER".txt
fi

I've been using this as a base and constructed one for my needs.
Two questions:
- Is it correct to use: nvram save "$BACKUPDIR"/settings_"$FWVER".cfg>/dev/null , so it can suppress the "Saved!" Output?
- if someday I need to restore nvram, I'll use the .cfg file through Gui or through nvram restore command, correct? I mean, the .txt file is only for reading purposes, right?

Thanks.

 

[thelonelycoder]

"upd err" for days now. github.com working fine in browser, but they or is it diversion.ch blocking spesific urls and raw updates such as diversion.ch uses, as anticipated given it is now owned by Microsoft. Please move to a better reliable service provider.



oddly:



I can reach diversion.ch in browser and ping it via router

please explain this

Diversion specifically auto-force-whitelists these domains and with it in Skynet. Your router is having problems internally resolving these domains.

 

[SomeWhereOverTheRainBow]

Diversion specifically auto-force-whitelists these domains and with it in Skynet. Your router is having problems internally resolving these domains.

sounds like big time dns resolution issues.
@dugaduga

This is not necessarily related, but is your clock set right on your router? Also, do you have DNSSEC validation turned on?

If the clock is not set right, try turning dnssec validation off to see if your DNS issues improve. if this is not the problem, try using a smaller blocklist in diversion to see if this is the culprit. Diversion does not need a massive list to do decent blocking.

 

[dugaduga]

Diversion specifically auto-force-whitelists these domains and with it in Skynet. Your router is having problems internally resolving these domains.

So never experienced this ever before. How do I fix this? I am able to update blocklists in diversion from raw.github* without any issues. Seems amtm is blocking itself from updating properly. [maybe dnsmasq] I noted arpa queries leaking past diversions [dnsmasqs] wc blocklist into dnscrypt, i blv during amtm update attempts. Will keep posted

Nothing in the previous comment helped.

 

[SomeWhereOverTheRainBow]

So never experienced this ever before. How do I fix this? I am able to update blocklists from raw.github* without any issues. Seems amtm is blocking itself from updating properly. I noted arpa queries breaking past diversions wc blocklist into dnscrypt

I posted some troubleshooting ideas above. try them out.

 

[SomeWhereOverTheRainBow]

So never experienced this ever before. How do I fix this? I am able to update blocklists in diversion from raw.github* without any issues. Seems amtm is blocking itself from updating properly. I noted arpa queries breaking past diversions wc blocklist into dnscrypt during, i blv during amtm update attempts. Will keep posted

Nothing in the previous comment helped.

IF the steps I posted above do not turn out to help you, then maybe it is issues concerning the DNS provider you are using, especially if they filter your traffic(a.k.a quad9 or cleanbrowsing).

 

[dugaduga]

This is all I see in dnscrypt log when running the update; never had that happen before; arpa is leaking past dnsmasq / diversion wc blocklist

arpa

is AMTM now dependant on reverse dns queries?

[2020-04-24 04:41:53] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:42:09] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:42:24] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:42:39] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:42:54] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 1ms -
[2020-04-24 04:43:09] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:43:24] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:43:39] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:43:54] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:44:09] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:44:24] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:44:39] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:44:44] 127.0.1.1 bin.entware.net AAAA SYNTH 0ms -
[2020-04-24 04:44:44] 127.0.1.1 bin.entware.net A PASS 47ms quad9-dnscrypt-ip4-filter-alt
[2020-04-24 04:44:54] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -
[2020-04-24 04:45:10] 127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms -

It is rejected because dnscrypt also blocks arpa, only if it slips past dnsmasq's wildcard filter.

 

[SomeWhereOverTheRainBow]

This is all I see in dnscrypt log when running the update; never had that happen before; arpa is leaking past dnsmasq / diversion wc blocklist

arpa

is diversion now dependant on reverse dns queries?

@dugaduga
in dnscrypt.toml
This is the purpose of the forwarding_rules parameter:
forwarding_rules = 'forwarding-rules.txt'

Forwarding reverse queries
A rule such as

lan 192.168.1.1

will forward any queries within the local .lan zone to 192.168.1.1, presumably, the router.

For example, the IP address of printer.lan cannot be resolved by public resolvers, but the router may know about it.

Similarly, the router knows that 192.168.1.7 (or whatever the printer IP address is) is the IP address of printer.lan. But a specific rule is required for dnscrypt-proxy to ask the router to resolve names for IP addresses within the local network ("reverse queries").

The rules should use the .in-addr.arpa zone:

# Resolve names of IP addresses in 10.* using the router 192.168.1.1
10.in-addr.arpa 192.168.1.1

# Resolve names of IP addresses in 192.* using the router 192.168.1.1
192.in-addr.arpa 192.168.1.1

# Resolve names of IP addresses in 169.254.* using the router 192.168.1.1
# Note that address components are in reverse order
254.169.in-addr.arpa 192.168.1.1

you can read more about it here.

https://github.com/dnscrypt/dnscrypt-proxy/wiki/Forwarding

 

[dugaduga]

The first question that needs to be answered is why are ARPA queries making it to dnscrypt to begin with, they've been blocked by dnsmasq and diversion for over a year.