What's new

Asuswrt-Merlin 378.54_2 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Before the updates I could see my two USB HDD "1 & 2" but after the updates I see all folders are shared on both the HDD, but I do not see the two HDD "1 & 2" stand alone anymore? How do I correct on this again, have tried all settings but it just show folders are not the HDD? Its on a RT-68U.
 
elsesince firmware manually
I have a feeling Eric will ban me from using this forum after these questions lol :D

1 - here is the thing , I want to block ALL clients if OVPN goes down
Chose option yes under "Block routed clients if tunnel goes down" Do i need to add all clients/IP ?
If Yes = Thank you o_O
If No = what would happen if i added them and do i need to add the Destination IP ?

2 - Did i screw up with question one and if i want to block all clients from using the internet if OVPN went down i need to chose All Traffic under "Redirect Internet traffic" ?
If Yes = Thank you :rolleyes:
If No = Someone Please explain what is it for

------------------------
btw i read README-merlin and got lost :oops:

Answer 1 = YES
Answer 2 = NO

A1. The question is

"Block routed clients if the tunnel goes DOWN"? and the answer is either YES or NO

So if you want to force selective routing clients to only use the VPN, then they must be explicitly defined, otherwise they would simply use the WAN.

A2. Setting "All Traffic under "Redirect Internet traffic" implies no selective routing (no RPDB tables are used) so ALL clients are forced to use the VPN and will never use the WAN.

However, there is an allowed exposure at boot time during the period when the WAN is available and the VPN has not yet connected i.e. how else would the router get/set the time if the VPN was never established and as of firmware 378.54 RMerlin won't start the VPN until the time is set - Catch-22? (With Policy Routing client blocking and ALL clients defined, RMerlin ensures this WAN leak cannot happen so to obfuscate your private internet activity you must use Policy Routing for a better level of confidence.)
 
Last edited:
since firmware manually

Answer 1 = YES
Answer 2 = NO

A1. The question is

"Block routed clients if the tunnel goes DOWN"? and the answer is either YES or NO

So if you want to force selective routing clients to only use the VPN, then they must be explicitly defined, otherwise they would simply use the WAN.

A2. Setting "All Traffic under "Redirect Internet traffic" implies no selective routing (no RPDB tables are used) so ALL clients are forced to use the VPN and will never use the WAN.

So there is an allowed exposure at boot time during the period when the WAN is available and the VPN has not yet connected i.e. how would the router get/set the time if the VPN was never established and as of firmware 378.54 RMerlin won't start the VPN until the time is set - Catch-22? (With Policy Routing client blocking and ALL clients defined RMerlin ensures this WAN leak cannot happen! so to obfuscate internet activity you must use Policy Routing).
Like is not enough , Thank you
 
Two Plusnet TV confirmed it was working for them, so the firmware end of things should be OK now.

Make sure you do disable the VPN+DHCP setting on your WAN page.

I do have that setting disabled but still no joy, I do get streaming to work for a couple of seconds if I toggle IGMP snooping on/off but other than that no dice, I am running this on a Netgear R7000 so could be a build issue I guess other than all works perfectly with an earlier build
 
Hi,

Did you already do a "check disk" of the attached USB drive on you PC? Could have a file system error... :oops:

As you use Windows NTFS: Is there any chance to switch to EXT3/4 (Linux format)? I run USB disks for years without any problem - but always Linux formatted. :rolleyes:

With kind regards
Joe :cool:

Yes, I did complete a chkdsk with no errors. I cannot covert it due to the massive size of the drive.
 
I have a feeling Eric will ban me from using this forum after these questions lol :D

1 - here is the thing , I want to block ALL clients if OVPN goes down
Chose option yes under "Block routed clients if tunnel goes down" Do i need to add all clients/IP ?
If Yes = Thank you o_O
If No = what would happen if i added them and do i need to add the Destination IP ?

2 - Did i screw up with question one and if i want to block all clients from using the internet if OVPN went down i need to chose All Traffic under "Redirect Internet traffic" ?
If Yes = Thank you :rolleyes:
If No = Someone Please explain what is it for

------------------------
btw i read README-merlin and got lost :oops:

You can define a CIDR-formatted subnet.

Assuming the router is on 192.168.1.1:

1) Create a rule for WAN access from 192.168.1.1 (leave destination empty)
2) Create a rule for VPN from 192.168.1.0/24 (leave destination empty)

That will provide you with policy-based routing, with access to the option to block Internet access if the tunnel goes down, but leaving the router unaffected (it needs to be able to reach the Internet of obvious reasons, such as connecting to the tunnel provider to begin with).
 
It seems that with .1 and .2 the policy routing is not working. ( selecting stop traffic if tunnel goes down ). I reverted back to 53 all working fine. Any problems?
 
Updated from 378.53 to 378.54_2 on my RT-AC66U and rTorrent (installed thru Entware) stopped working: doesn't run on boot anymore and cannot start it manually either.
Unfortunately cannot find any log or something similar.
Rolled-back to 378.53 and everything works well again.

Any help or ideas how to fix it is appreciated, thanks.
 
I have an AC68R with 378.54_2 and an AC87U w/ 55 alpha 1. The site survey on the AC87U sees only about half the networks the AC68U sees. I tried this a few times now.

Both routers sit next to each other right now while I am playing with them. The radios work fine on both, I get about close to 120 Mpbs down wireless on 2.4 and close to 170 down on 5G with a MBP early 2011 (N only, no AC) with both routers. Both deliver ~30 mbps to iOS devices when on the roof via 5G, pretty awesome.

The 68U uses three of these high gain 9dbi antennas (I know their gain or not is controversially debated) and slightly beats the 87 in throughput when on the roof.

Will do more testing and swap the antennas but could the site survey be influenced by the antennas even though they both seem to have the same range and throughput right now, or is this a firmware or AC87u radio issue (quantenna)?
 
I have an AC68R with 378.54_2 and an AC87U w/ 55 alpha 1. The site survey on the AC87U sees only about half the networks the AC68U sees. I tried this a few times now.

Both routers sit next to each other right now while I am playing with them. The radios work fine on both, I get about close to 120 Mpbs down wireless on 2.4 and close to 170 down on 5G with a MBP early 2011 (N only, no AC) with both routers. Both deliver ~30 mbps to iOS devices when on the roof via 5G, pretty awesome.

The 68U uses three of these high gain 9dbi antennas (I know their gain or not is controversially debated) and slightly beats the 87 in throughput when on the roof.

Will do more testing and swap the antennas but could the site survey be influenced by the antennas even though they both seem to have the same range and throughput right now, or is this a firmware or AC87u radio issue (quantenna)?
Where did you obtain the 55 alpha build for the AC87u?
 
I have an AC68R with 378.54_2 and an AC87U w/ 55 alpha 1. The site survey on the AC87U sees only about half the networks the AC68U sees. I tried this a few times now.

Both routers sit next to each other right now while I am playing with them. The radios work fine on both, I get about close to 120 Mpbs down wireless on 2.4 and close to 170 down on 5G with a MBP early 2011 (N only, no AC) with both routers. Both deliver ~30 mbps to iOS devices when on the roof via 5G, pretty awesome.

The 68U uses three of these high gain 9dbi antennas (I know their gain or not is controversially debated) and slightly beats the 87 in throughput when on the roof.

Will do more testing and swap the antennas but could the site survey be influenced by the antennas even though they both seem to have the same range and throughput right now, or is this a firmware or AC87u radio issue (quantenna)?

It's possible that Quantenna's scanning algorithm is different. You can also try switching scanning mode.
 
Updated from 378.53 to 378.54_2 on my RT-AC66U and rTorrent (installed thru Entware) stopped working: doesn't run on boot anymore and cannot start it manually either.
Unfortunately cannot find any log or something similar.
Rolled-back to 378.53 and everything works well again.

Any help or ideas how to fix it is appreciated, thanks.

Check your System Log for any error message.
 
You can define a CIDR-formatted subnet.

Assuming the router is on 192.168.1.1:

1) Create a rule for WAN access from 192.168.1.1 (leave destination empty)
2) Create a rule for VPN from 192.168.1.0/24 (leave destination empty)

That will provide you with policy-based routing, with access to the option to block Internet access if the tunnel goes down, but leaving the router unaffected (it needs to be able to reach the Internet of obvious reasons, such as connecting to the tunnel provider to begin with).

Thank you Merlin. This was useful!
 
Hi,

I have read a lot of this question but I would like to hear it once and for all if its OK to use the same SSID for both 2,4 and 5 Ghz network? What do you say RMerlin?

I really like your work with ASUS firmwares!! :)

Regards,
Christian
 
Hi,

I have read a lot of this question but I would like to hear it once and for all if its OK to use the same SSID for both 2,4 and 5 Ghz network? What do you say RMerlin?

I really like your work with ASUS firmwares!! :)

Regards,
Christian

I would not advise it, as it causes problems on some devices...they will not understand which (band) network you actually want to connect... ;)

Other than that, it is OK and won`t burn down your router for sure...
 
I am having problems with OpenVPN on my AC87.
I had a N66 with OpenVPN on it and used Tunnelblick to connect to it from my Mac.
Changed to AC87 this weekend.
Apart from the fact that the mac connect speeds are not what i had hoped for i can not get the Tunnelblick client to connect to the ac87.
My android phone does connect so the openvpn server is working and accessable but something is different though.

I am not running any extra dlna stuff, neither do i have any usb things attached to it.
I use the this router, just as the n66 before it, for its good wireless range and ability to have openvpn on it.

Tunnelblick keeps trying to connect.
Tunnelblick has these logs available:
Code:
*Tunnelblick: OS X 10.10.3; Tunnelblick 3.5.2 (build 4270.4346); prior version 3.5.0 (build 4265); Admin user

Configuration client2

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/client2.tblk:

client
dev tun
proto udp
remote xxxxxx.asuscomm.com 1195
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
resolv-retry infinite
nobind


================================================================================

"Sanitized" full configuration file

client
dev tun
proto udp
remote xxxx.asuscomm.com 1195
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
resolv-retry infinite
nobind



================================================================================

There are no unusual files in client2.tblk

================================================================================

Configuration preferences:

-routeAllTrafficThroughVpn = 1
-keychainHasUsernameAndPassword = 1
-openvpnVersion = 2.3.6
-keepConnected = 1
-lastConnectionSucceeded = 0
-tunnelDownSoundName = Glass
-tunnelUpSoundName = Basso

================================================================================

Wildcard preferences:


================================================================================

Program preferences:

skipWarningThatIPANotFetchedBeforeConnection = 1
skipWarningThatIPAddressDidNotChangeAfterConnection = 1
skipWarningThatInternetIsNotReachable = 1
placeIconInStandardPositionInStatusBar = 0
launchAtNextLogin = 1
menuIconSet = 3.3.TBMenuIcons
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
    "3.5.2 (build 4270.4346)",
    "3.5.0 (build 4265)",
    "3.4.4 (build 4055.4236)",
    "3.4.3 (build 4055.4198)",
    "3.4.2 (build 4055.4161)",
    "3.4.1 (build 4054)",
    "3.4.0 (build 4007)",
    "3.4beta38 (build 4002)",
    "3.4beta36 (build 3945)",
    "3.4beta34 (build 3935)"
)
statusDisplayNumber = 0
lastLaunchTime = 455997357.50861
showConnectedDurations = 1
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = thuis
installationUID (not shown)
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame SettingsSheetWindow = 606 567 829 424 0 0 1920 1177
NSWindow Frame ConnectingWindow = 796 615 412 297 0 0 1920 1177
detailsWindowFrameVersion = 4270.4346
detailsWindowFrame = {{295, 533}, {916, 467}}
detailsWindowLeftFrame = {{0, 0}, {164, 350}}
leftNavSelectedDisplayName = client2
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2015-06-14 17:55:57 +0000
SULastProfileSubmissionDate = 2015-06-11 12:25:33 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 11
WebKitStandardFont = Lucida Grande

================================================================================

Tunnelblick Log:

2015-06-16 10:00:10 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 12 2015
2015-06-16 10:00:10 library versions: OpenSSL 1.0.1o 12 Jun 2015, LZO 2.08
2015-06-16 10:00:09 *Tunnelblick: OS X 10.10.3; Tunnelblick 3.5.2 (build 4270.4346); prior version 3.5.0 (build 4265)
2015-06-16 10:00:09 *Tunnelblick: Attempting connection with client2; Set nameserver = 1; monitoring connection
2015-06-16 10:00:09 *Tunnelblick: openvpnstart start client2.tblk 1337 1 0 3 0 17200 -ptADGNWradsgnw 2.3.6
2015-06-16 10:00:11 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
   
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient2.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_17200.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Shared/client2.tblk/Contents/Resources
          --config
          /Library/Application Support/Tunnelblick/Shared/client2.tblk/Contents/Resources/config.ovpn
          --cd
          /Library/Application Support/Tunnelblick/Shared/client2.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --management-query-passwords
          --management-hold
          --redirect-gateway
          def1
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw

2015-06-16 10:00:09 *Tunnelblick: openvpnstart starting OpenVPN
2015-06-16 10:00:11 *Tunnelblick: Established communication with OpenVPN
2015-06-16 10:00:11 *Tunnelblick: Obtained VPN username and password from the Keychain
2015-06-16 10:00:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 10:00:11 UDPv4 link local: [undef]
2015-06-16 10:00:11 UDPv4 link remote: [AF_INET]83.128.212.xxxx:1195
2015-06-16 10:00:11 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2015-06-16 10:00:12 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 10:00:12 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 10:00:12 TLS Error: TLS handshake failed
2015-06-16 10:00:12 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 10:00:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 10:00:12 UDPv4 link local: [undef]
2015-06-16 10:00:12 UDPv4 link remote: [AF_INET]83.128.212.xxxx:1195
2015-06-16 10:00:12 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 10:00:12 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 10:00:12 TLS Error: TLS handshake failed
2015-06-16 10:00:12 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 10:00:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 10:00:12 UDPv4 link local: [undef]
2015-06-16 10:00:12 UDPv4 link remote: [AF_INET]83.128.212.xxx:1195
2015-06-16 10:00:14 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 10:00:14 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 10:00:14 TLS Error: TLS handshake failed

I edited out my dns name and ipadress it resolves to.
I also clipped the rest since it just keeps looping.

I am hoping someone knows whats wrong here.
Just to be clear: i've gotten openvpn and tunnelblick working in the past (n66).
Also openvpn on ac87 together with android works.
 
I'm trying to set up a Media Server and I get the following errors on minidlna log. Do you guys know what could cause this? The path /tmp/sda1/DLNA is a network drive mounted via cifs with chmod of 777.

[2015/06/16 06:47:09] minidlna.c:1172: warn: Starting MiniDLNA version 1.1.4.
[2015/06/16 06:47:09] minidlna.c:357: warn: Creating new database at /tmp/mnt/sda1/DLNA/.minidlna/files.db
[2015/06/16 06:47:15] sql.c:41: error: SQL ERROR 5 [database is locked]
pragma default_cache_size = 8192;
[2015/06/16 06:47:15] sql.c:41: error: SQL ERROR 5 [database is locked]
pragma default_cache_size = 8192;
[2015/06/16 06:47:15] minidlna.c:1211: warn: HTTP listening on port 8200
[2015/06/16 06:47:20] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into DETAILS (TITLE, PATH, CREATOR, ARTIST, GENRE, ALBUM_ART) VALUES ('DLNA', '/tmp/mnt/sda1/DLNA', NULL, NULL, NULL, 0);
[2015/06/16 06:47:25] sql.c:41: error: SQL ERROR 5 [database is locked]
UPDATE DETAILS set TIMESTAMP = 2 where ID = 0
[2015/06/16 06:47:25] scanner.c:757: warn: Scanning /tmp/mnt/sda1/DLNA
[2015/06/16 06:47:30] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into DETAILS (TITLE, PATH, CREATOR, ARTIST, GENRE, ALBUM_ART) VALUES ('Clipes', '/tmp/mnt/sda1/DLNA/Clipes', NULL, NULL, NULL, 0);
[2015/06/16 06:47:36] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into OBJECTS (OBJECT_ID, PARENT_ID, DETAIL_ID, CLASS, NAME) VALUES ('64$0', '64', 0, 'container.storageFolder', 'Clipes')
[2015/06/16 06:47:41] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into DETAILS (PATH, SIZE, TIMESTAMP, DURATION, DATE, CHANNELS, BITRATE, SAMPLERATE, RESOLUTION, TITLE, CREATOR, ARTIST, GENRE, COMMENT, DLNA_PN, MIME, ALBUM_ART) VALUES ('/tmp/mnt/sda1/DLNA/Clipes/Benny Benassi - Satisfaction (Man Version).mp4', 5828755, 1429660892, '0:02:27.240', '2015-04-21T21:01:32', 1, 39586, 0, '0x0', 'Benny Benassi - Satisfaction (Man Version)', NULL, NULL, NULL, NULL, NULL, 'video/mp4', 0);
[2015/06/16 06:47:41] metadata.c:1587: error: Error inserting details for '/tmp/mnt/sda1/DLNA/Clipes/Benny Benassi - Satisfaction (Man Version).mp4'!
[2015/06/16 06:47:41] scanner.c:490: warn: Unsuccessful getting details for /tmp/mnt/sda1/DLNA/Clipes/Benny Benassi - Satisfaction (Man Version).mp4!
[2015/06/16 06:47:46] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into DETAILS (PATH, SIZE, TIMESTAMP, DURATION, DATE, CHANNELS, BITRATE, SAMPLERATE, RESOLUTION, TITLE, CREATOR, ARTIST, GENRE, COMMENT, DLNA_PN, MIME, ALBUM_ART) VALUES ('/tmp/mnt/sda1/DLNA/Clipes/Benny Benassi Satisfaction HD.3gp', 1518697, 1429660892, '0:02:25.166', '2015-04-21T21:01:32', 1, 10461, 0, '0x0', 'Benny Benassi Satisfaction HD', NULL, NULL, NULL, NULL, NULL, 'video/3gpp', 0);
[2015/06/16 06:47:46] metadata.c:1587: error: Error inserting details for '/tmp/mnt/sda1/DLNA/Clipes/Benny Benassi Satisfaction HD.3gp'!
[2015/06/16 06:47:46] scanner.c:490: warn: Unsuccessful getting details for /tmp/mnt/sda1/DLNA/Clipes/Benny Benassi Satisfaction HD.3gp!
[2015/06/16 06:47:51] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into DETAILS (PATH, SIZE, TIMESTAMP, DURATION, DATE, CHANNELS, BITRATE, SAMPLERATE, RESOLUTION, TITLE, CREATOR, ARTIST, GENRE, COMMENT, DLNA_PN, MIME, ALBUM_ART) VALUES ('/tmp/mnt/sda1/DLNA/Clipes/Eminem - Not Afraid_HD.mp4', 66359216, 1429660892, '0:04:18.708', '2015-04-21T21:01:32', 2, 256502, 0, '0x0', 'Eminem - Not Afraid_HD', NULL, NULL, NULL, NULL, NULL, 'video/mp4', 0);
[2015/06/16 06:47:51] metadata.c:1587: error: Error inserting details for '/tmp/mnt/sda1/DLNA/Clipes/Eminem - Not Afraid_HD.mp4'!
[2015/06/16 06:47:51] scanner.c:490: warn: Unsuccessful getting details for /tmp/mnt/sda1/DLNA/Clipes/Eminem - Not Afraid_HD.mp4!
[2015/06/16 06:47:56] sql.c:41: error: SQL ERROR 5 [database is locked]
INSERT into DETAILS (PATH, SIZE, TIMESTAMP, DURATION, DATE, CHANNELS, BITRATE, SAMPLERATE, RESOLUTION, TITLE, CREATOR, ARTIST, GENRE, COMMENT, DLNA_PN, MIME, ALBUM_ART) VALUES ('/tmp/mnt/sda1/DLNA/Clipes/Jar of Hearts - Christina Perri (Boyce Avenue feat. Tiffany Alvord acoustic cover) on iTunes.mp4_HD.mp4', 56269250, 1429660872, '0:04:56.200', '2015-04-21T21:01:12', 2, 189970, 0, '0x0', 'Jar of Hearts - Christina Perri (Boyce Avenue feat. Tiffany Alvord acoustic cover) on iTunes.mp4_HD', NULL, NULL, NULL, NULL, NULL, 'video/mp4', 0);
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top