D
Deleted member 77025
Guest
For me its currently they have all a battle, the haxx0rs itself and the firms too, so no one is getting out currently ?
Kids have profile on android asus app with devices assigned, time schedule and filters on for adult content.How is your parental control configured?
Configure it through the webui. The mobile app is not supported.Kids have profile on android asus app with devices assigned, time schedule and filters on for adult content.
My VPNs keep restarting every minute when in use. ...
The OpenVPN clients are restarting every 60 seconds due to the "inactivity timeout" triggered by the 60-sec "ping-restart" directive which is pushed to the clients. This "inactivity timeout" sends the SIGUSR1 signal which is what causes the encrypted tunnels to be closed and restarted every minute.Code:Jan 15 15:54:27 ovpn-client1[5616]: [atlanta417] Inactivity timeout (--ping-restart), restarting Jan 15 15:54:27 ovpn-client1[5616]: SIGUSR1[soft,ping-restart] received, process restarting Jan 15 15:54:27 ovpn-client1[5616]: Restart pause, 1 second(s) ... Jan 15 15:55:23 ovpn-client2[2998]: [atlanta417] Inactivity timeout (--ping-restart), restarting Jan 15 15:55:23 ovpn-client2[2998]: SIGUSR1[soft,ping-restart] received, process restarting Jan 15 15:55:23 ovpn-client2[2998]: Restart pause, 1 second(s)
persist-tun
persist-key
Jan 15 15:54:28 ovpn-client1[5616]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.7.110.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.110.7 255.255.255.0,peer-id 2,cipher AES-256-GCM'
...
...
Jan 15 15:55:25 ovpn-client2[2998]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.7.110.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.110.7 255.255.255.0,peer-id 3,cipher AES-256-GCM'
Thank you so very much @Martinski ! Adding persist-tun & key to the custom configurations fixed the consistent reconnects. I'm so very glad that you saw that they were missing and needed. I'm really glad it's not a firmware issue as well. Everything in the BETA is functioning properly and without a hitch. Thank you too @RMerlin !The OpenVPN clients are restarting every 60 seconds due to the "inactivity timeout" triggered by the 60-sec "ping-restart" directive which is pushed to the clients. This "inactivity timeout" sends the SIGUSR1 signal which is what causes the encrypted tunnels to be closed and restarted every minute.
To avoid the above behavior, the "persist-tun" & "persist-key" directives are normally set on the server side and then pushed to the clients as well; however, based on the log you provided, I don't see those directives being pushed at all to your VPN clients, so I'd recommend double-checking to see if they exist in your client configuration files like so:
If not found, I suggest adding those lines to each client configuration.Code:persist-tun persist-key
Also, it appears that you have both OpenVPN clients being assigned the same IP address while trying to start up, one after the other, based on these log entries:
This should not happen. Did you import the same configuration file when you set up the two OpenVPN clients on the router?Code:Jan 15 15:54:28 ovpn-client1[5616]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.7.110.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.110.7 255.255.255.0,peer-id 2,cipher AES-256-GCM' ... ... Jan 15 15:55:25 ovpn-client2[2998]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.7.110.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.110.7 255.255.255.0,peer-id 3,cipher AES-256-GCM'
If yes, that's not correct because then you can end up in a situation where two separate OpenVPN client instances are started using exactly the same certificate/key pair. In such a scenario, the OpenVPN server authenticates & creates a connection with the 1st client; but a short time later, the 2nd client tries to connect so the server may just "replace" the current connection with the 1st client (thinking they're the same, just reconnecting & reestablishing the encrypted tunnel), leaving the 1st client instance "hanging" which means that it doesn't get any "keepalive" pings anymore & without any tunnel traffic.
This eventually leads to the 1st client reaching the "inactivity timeout" triggered by the "ping-restart" directive. Now, the 1st client instance tries to reconnect, kicking off the 2nd client connection, and the loop repeats with the 2nd client instance eventually reaching the "inactivity timeout" after 60 seconds because it has no "keepalives" & no tunnel traffic.
The bottom line is I recommend you double-check & make sure that each OpenVPN client has its own, unique cert & key pair in its corresponding configuration file.
That sounds like a Scribe/uiScribe problem rather than a firmware problem.OK..this is bad...I just installed the beta and under system logs...items that should be showing under skynet (ie items that are being blocked) are showing under system messages log.
Works for me. Are you sure UPNP is enabled and you do have actual UPNP port forwards in place?
Code:iptables -t nat -L VUPNP -vn
should confirm whether you truly have forwarded ports.
Look for theThis is the output i get:
View attachment 55621
But the RT-AX58U Log shows nothing:
View attachment 55622
/tmp/upnp.leases
file on the router. That is where the UPNP entries will come from.Look for the/tmp/upnp.leases
file on the router. That is where the UPNP entries will come from.
control@RT-AX58U-2C40:/tmp# cat upnp.leases
TCP:43775:192.168.50.7:43775:0:
UDP:43775:192.168.50.7:43775:0:
In your browser, if you right click and View Page Source on the page, what does the line look like where it saysI looked in the upnp.leases file and got:
Code:control@RT-AX58U-2C40:/tmp# cat upnp.leases TCP:43775:192.168.50.7:43775:0: UDP:43775:192.168.50.7:43775:0:
View attachment 55640
But still nothing in "System Log => Port Forwarding"
var upnparray = …
In your browser, if you right click and View Page Source on the page, what does the line look like where it saysvar upnparray = …
var upnparray = [[]];
var vserverarray = [["ALL", "0.0.0.0", "TCP", "20", "192.168.50.7", "21", "VSERVER"],
["ALL", "0.0.0.0", "TCP", "21", "192.168.50.7", "21", "VSERVER"],
[]];
var upnparray = [[]];
I think it’s expecting some description in the leases file after the last colon. Never used upnp before so I’m no expert.It says:
Code:var upnparray = [[]];
I tried port forwarding and that shows up, but no upnp forward.
Code:var vserverarray = [["ALL", "0.0.0.0", "TCP", "20", "192.168.50.7", "21", "VSERVER"], ["ALL", "0.0.0.0", "TCP", "21", "192.168.50.7", "21", "VSERVER"], []]; var upnparray = [[]];
I think it’s expecting some description in the leases file after the last colon. Never used upnp before so I’m no expert.
# cat /tmp/upnp.leases
UDP:9308:192.168.1.156:9308:0:192.168.1.156:9308 to 9308 (UDP)
UDP:8571:192.168.1.156:8571:0:192.168.1.156:8571 to 8571 (UDP)
Well, I uninstalled skynet and scribe(s)...reinstalled and then all the logs disappeared and the main "original" log showed only....so, I did a complete factory reset...had the DDNS problem...reconnect my node...started reinstalling all the scripts and it was going pretty well until I installed SCMerlin (which I did last) and then I lost my node and skynet hangs and I have to restart entware application, from the SCMerlin UI, for skynet to start working again...LOL..so here I am now thinking on what I'm going to do next. I'm going to downgrade back to Merlin released version and hopefully just upload my backups and cross my fingers. Otherwise, I will have to completely rebuild my setup again. I guess that is better than having surgery tomorrow, which that is a whole other story, because the hospital is stuck on stupid. Anyhoo, if anyone needs anything from my router to help diagnose these problems...let me know including how to pull whatever you need.That sounds like a Scribe/uiScribe problem rather than a firmware problem.
That would make sense. sscanf() does not consider an empty string as a valid parameter, so the scan process will need to take that into account.I think it’s expecting some description in the leases file after the last colon.
I can confirm that it's working fine for me with a test laptop configured through the webui. Laptop lost connectivity, and regained it at the properly scheduled times.Configure it through the webui. The mobile app is not supported.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!