What's new

Asuswrt-Merlin 384.8 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Since 384.8_2 OpenVPN started to force full tunnel vs split while neither client nor server settings were changed. Anyone else experienced this?

UPD: /etc/openvpn/server1/config.ovpn now contains push "redirect-gateway def1" directive. My current VPN settings here https://imgur.com/a/8UGzF61

This is normal, since you have Client access set to "both".
 
Hi everyone

Sorry this is off topic
But my problem is Open VPN TAP server

Nothing works from a LAN to another LAN. Both LAN's using same DHCP spann. 192.168.1.1-192.168.1.254

Is there any solution for that kind of behaviour with OpenVPN TAP???

If I'm using 4g from My cellphone then I'm able to log into Asus router GUI.
 
Hi everyone

Sorry this is off topic
But my problem is Open VPN TAP server

Nothing works from a LAN to another LAN. Both LAN's using same DHCP spann. 192.168.1.1-192.168.1.254

Is there any solution for that kind of behaviour with OpenVPN TAP???

If I'm using 4g from My cellphone then I'm able to log into Asus router GUI.
It is off topic. If you haven't already please make use of the search facility. Otherwise, start your own post. Make sure you include the router models and firmware versions, and any other information relevant to your setup.
 
Hi everyone,

I flashed 384.8 on my rt-ac68u about a month or so ago but Ive noticed that the core 1 under the cpu gets stuck at 100 % after every couple of weeks. I do have a mains powered 8tb desktop hard drive connected. I created an SSH session and ran the "top" command and got this:

CPU: 0.7% usr 2.6% sys 0.0% nic 48.0% idle 44.9% io 0.0% irq 3.5% sirq
Load average: 5.13 4.99 4.63 1/124 22602
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
18931 1 admin S 928 0.3 0 2.4 miniupnpd -f /etc/upnp/config
230 229 admin S 5176 2.0 0 1.0 nt_monitor
265 229 admin R 5176 2.0 1 0.7 nt_monitor
9272 1 admin S 10672 4.1 0 0.3 /usr/sbin/lighttpd-monitor
301 1 admin S 9240 3.6 1 0.1 networkmap --bootwait
212 1 admin R 2060 0.8 1 0.1 protect_srv
22586 21940 admin R 1424 0.5 1 0.1 top
36 2 admin SW 0 0.0 1 0.1 [kworker/1:1]
9271 1 admin S 14892 5.8 1 0.0 /usr/sbin/lighttpd -f /tmp/lighttpd.conf -D
9324 1 admin S 11048 4.3 1 0.0 /usr/sbin/lighttpd-arpping -f br0
11202 11201 admin S N 10488 4.1 0 0.0 minidlna -f /etc/minidlna.conf -r
11199 1 admin S 10488 4.1 1 0.0 minidlna -f /etc/minidlna.conf -r
11201 11199 admin S 10488 4.1 1 0.0 minidlna -f /etc/minidlna.conf -r
276 1 admin S 6132 2.4 1 0.0 httpd -i br0
29450 1 admin S 6080 2.3 1 0.0 /usr/sbin/smbd -D -s /etc/smb.conf
911 398 admin S 5972 2.3 1 0.0 mastiff
398 322 admin S 5972 2.3 0 0.0 mastiff
322 1 admin S 5972 2.3 0 0.0 mastiff
399 398 admin S 5972 2.3 1 0.0 mastiff
29449 1 admin S 5872 2.2 0 0.0 nmbd -D -s /etc/smb.conf
1 0 admin S 5604 2.1 1 0.0 /sbin/preinit
714 1 admin D 5532 2.1 0 0.0 disk_monitor
280 1 admin S 5416 2.1 1 0.0 watchdog
206 1 admin S 5404 2.1 0 0.0 /sbin/wanduck
831 1 admin S 5400 2.1 1 0.0 bwdpi_wred_alive
351 1 admin S 5400 2.1 0 0.0 erp_monitor
514 1 admin S 5400 2.1 1 0.0 usbled
666 1 admin S 5400 2.1 0 0.0 ntp
867 1 admin S 5400 2.1 0 0.0 pc_block
324 1 admin S 5400 2.1 1 0.0 hour_monitor
323 1 admin S 5400 2.1 1 0.0 bwdpi_check
225 1 admin S 5400 2.1 1 0.0 wpsaide
91 1 admin S 5396 2.1 1 0.0 console
232 1 admin D 5328 2.0 1 0.0 nt_center
243 232 admin S 5328 2.0 1 0.0 nt_center
244 243 admin S 5328 2.0 1 0.0 nt_center
211 1 admin S 5176 2.0 1 0.0 nt_monitor
229 211 admin S 5176 2.0 1 0.0 nt_monitor
453 452 admin S 3940 1.5 0 0.0 cfg_server
452 363 admin S 3940 1.5 1 0.0 cfg_server
admin@RT-AC68U:/tmp/home/root#

Does anyone have an idea as to whats happening?

Thanks all
 
I'm rather confused about DNSSEC I'm afraid:

I'm using unbound with DNS over TLS (DoT) and DNSSEC with Cloudflare's DNS server(s). If I enable DNSSEC in the LAN / DHCP Server page in the router GUI (Asuswrt-merlin firmware) Cloudfare's test page http://1.1.1.1/help does not detect my connection to 1.1.1.1 nor that I'm using DoT. However, if I disable DNSSEC in the router GUI that test page does detect my connection to 1.1.1.1 and that I'm using DoT... No matter whether I enable or disable the DNSSEC setting in the router GUI, the test on https://internet.nl/connection/ always says DNSSEC is working fine.

Can anyone explain this behaviour?

And tell me what setting I should best use in the router GUI?
 
I'm rather confused about DNSSEC I'm afraid:

I'm using unbound with DNS over TLS (DoT) and DNSSEC with Cloudflare's DNS server(s). If I enable DNSSEC in the LAN / DHCP Server page in the router GUI (Asuswrt-merlin firmware) Cloudfare's test page http://1.1.1.1/help does not detect my connection to 1.1.1.1 nor that I'm using DoT. However, if I disable DNSSEC in the router GUI that test page does detect my connection to 1.1.1.1 and that I'm using DoT... No matter whether I enable or disable the DNSSEC setting in the router GUI, the test on https://internet.nl/connection/ always says DNSSEC is working fine.

Can anyone explain this behaviour?

And tell me what setting I should best use in the router GUI?
I think this behavior is normal? @skeal explained this to me once, but can’t remember what he told me. Maybe he’ll reply here and explain.
 
This is normal, since you have Client access set to "both".
But that's the problem: in previous firmware even with "Client will use VPN to access" set to "Both" I could choose at client's end whether I want full tunnel or not. Now it looks like I need to set that option to "LAN only" and use "redirect-gateway def1" in client's config. It looks reasonable but may be confusing for those who upgrade, especially because of the wording "LAN only".
Just tested choosing "LAN only" — it breaks the idea of switching between full/split tunnel at client's end completely. I have two connection configs at clent where the only difference is presence of "redirect-gateway def1" option. While configuration w/o option creates split tunnel as expected, the second being connected doesn't have any connection except LAN; which is certainly not great at all.
 
Last edited:
But that's the problem: in previous firmware even with "Client will use VPN to access" set to "Both" I could choose at client's end whether I want full tunnel or not.

Which was a bug. The firmware now behaves as intended, otherwise that setting would be meaningless security-wise. It's up to you to configure everything if you need a non-standard configuration, or use the second VPN server.
 
I'm rather confused about DNSSEC I'm afraid:

I'm using unbound with DNS over TLS (DoT) and DNSSEC with Cloudflare's DNS server(s). If I enable DNSSEC in the LAN / DHCP Server page in the router GUI (Asuswrt-merlin firmware) Cloudfare's test page http://1.1.1.1/help does not detect my connection to 1.1.1.1 nor that I'm using DoT. However, if I disable DNSSEC in the router GUI that test page does detect my connection to 1.1.1.1 and that I'm using DoT... No matter whether I enable or disable the DNSSEC setting in the router GUI, the test on https://internet.nl/connection/ always says DNSSEC is working fine.

Can anyone explain this behaviour?

And tell me what setting I should best use in the router GUI?
Your system still works. Better tests are done with dig or kdig. DNSSEC has always made the https://1.1.1.1/help page mess up, when used with DoT. This is the test sites issue not ours. Again read up on dig commands or kdig commands from an Ubuntu desktop.
 
Last edited:
I don't check the contents of the System Log very often, but just happened to take a look and noticed some strange "netdata" lines which I copy/pasted (see below). Should I worry? Do they look normal to you?

One 2.4 GHz wireless Windows 10 Pro client randomly loses connection and I have to manually disconnect and reconnect from Windows 10, but otherwise I don't have problems with the router anyway.

Fw version is 384.8_2.

Code:
Jan 21 03:41:40 netdata[1220]: CGROUP: cannot find cpuacct mountinfo. Assuming default: /sys/fs/cgroup/cpuacct
Jan 21 03:41:40 netdata[1220]: CGROUP: cannot find blkio mountinfo. Assuming default: /sys/fs/cgroup/blkio
Jan 21 03:41:40 netdata[1220]: CGROUP: cannot find memory mountinfo. Assuming default: /sys/fs/cgroup/memory
Jan 21 03:41:40 netdata[1220]: CGROUP: cannot find devices mountinfo. Assuming default: /sys/fs/cgroup/devices

Code:
Jan 21 03:41:43 netdata[1220]: PROCFILE: Cannot open file '/sys/kernel/mm/ksm/pages_shared'
Jan 21 03:41:43 netdata[1220]: PROCFILE: Cannot open file '/sys/kernel/mm/ksm/pages_sharing'
Jan 21 03:41:43 netdata[1220]: PROCFILE: Cannot open file '/sys/kernel/mm/ksm/pages_unshared'
Jan 21 03:41:43 netdata[1220]: PROCFILE: Cannot open file '/sys/kernel/mm/ksm/pages_volatile'
Jan 21 03:41:43 netdata[1220]: Cannot read ECC memory errors directory '/sys/devices/system/edac/mc'
Jan 21 03:41:43 netdata[1220]: Cannot read NUMA node directory '/sys/devices/system/node'
Code:
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram0', 1:0): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram0', 1:0): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram1', 1:1): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram1', 1:1): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram2', 1:2): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram2', 1:2): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram3', 1:3): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram3', 1:3): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram4', 1:4): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram4', 1:4): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram5', 1:5): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram5', 1:5): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram6', 1:6): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram6', 1:6): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram7', 1:7): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram7', 1:7): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram8', 1:8): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram8', 1:8): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram9', 1:9): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram9', 1:9): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram10', 1:10): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram10', 1:10): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram11', 1:11): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram11', 1:11): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram12', 1:12): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram12', 1:12): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram13', 1:13): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram13', 1:13): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram14', 1:14): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram14', 1:14): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram15', 1:15): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('ram15', 1:15): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop0', 7:0): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop0', 7:0): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop1', 7:1): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop1', 7:1): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop2', 7:2): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop2', 7:2): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop3', 7:3): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop3', 7:3): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop4', 7:4): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop4', 7:4): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop5', 7:5): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop5', 7:5): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop6', 7:6): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop6', 7:6): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop7', 7:7): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('loop7', 7:7): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock0', 31:0): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock0', 31:0): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock1', 31:1): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock1', 31:1): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock2', 31:2): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock2', 31:2): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock3', 31:3): Cannot open directory '/dev/mapper'. Disabling device-mapper support.
Jan 21 03:41:44 netdata[1220]: DEVICE-MAPPER ('mtdblock3', 31:3): Cannot open directory '/dev/disk/by-label'. Disabling device-mapper support.
Code:
Jan 21 03:42:03 netdata[1220]: CGROUP: cannot read directory '/sys/fs/cgroup/cpuacct'
Jan 21 03:42:03 netdata[1220]: CGROUP: disabled cpu statistics.
Jan 21 03:42:03 netdata[1220]: CGROUP: cannot read directory '/sys/fs/cgroup/blkio'
Jan 21 03:42:03 netdata[1220]: CGROUP: disabled blkio statistics.
Jan 21 03:42:03 netdata[1220]: CGROUP: cannot read directory '/sys/fs/cgroup/memory'
Jan 21 03:42:03 netdata[1220]: CGROUP: disabled memory statistics.
Jan 21 03:42:03 netdata[1220]: CGROUP: cannot read directory '/sys/fs/cgroup/devices'
Jan 21 03:42:03 netdata[1220]: CGROUP: disabled devices statistics.
Jan 21 03:42:11 netdata[1220]: heartbeat missed 1993251 microseconds
 
I don't check the contents of the System Log very often, but just happened to take a look and noticed some strange "netdata" lines which I copy/pasted (see below). Should I worry? Do they look normal to you?

That netdata is not part of the firmware.
 
merlin, just chiming in to pay you a well deserved compliment. overnight i had to uninstall 3 apps (diversion stubby skynet) and reinstall 2 apps (diversion stubby) to deal with a problem (skynet), and i was relieved how merlin itself remained stable during the process - i even managed to do it all with soft instead of hard reboots. months ago when i had to do something similar, i had to also reinstall merlin itself to get back to normal, so i was relieved to see such additional work was not needed anymore several merlin updates since. keep up the great work and don't let them pressure you into "serving good wine before it's time" ;)
 
I don't check the contents of the System Log very often, but just happened to take a look and noticed some strange "netdata" lines which I copy/pasted (see below). Should I worry? Do they look normal to you?
If you didn't deliberately install netdata from entware, then see which entware package depends on it by running
Code:
opkg whatdepends netdata
 
merlin, just chiming in to pay you a well deserved compliment. overnight i had to uninstall 3 apps (diversion stubby skynet) and reinstall 2 apps (diversion stubby) to deal with a problem (skynet), and i was relieved how merlin itself remained stable during the process - i even managed to do it all with soft instead of hard reboots. months ago when i had to do something similar, i had to also reinstall merlin itself to get back to normal, so i was relieved to see such additional work was not needed anymore several merlin updates since. keep up the great work and don't let them pressure you into "serving good wine before it's time" ;)

Credit probably goes to the authors of these apps rather than me, as the uninstaller code was entirely written by them.

In no case should it be necessary to reflash a firmware, since the firmware partition is read-only, and therefore cannot be modified by any application.
 
If you didn't deliberately install netdata from entware, then see which entware package depends on it by running
I have indeed installed netdata (and htop) on purpose earlier. Very long time ago. Didn't even remember the name of netdata.. :oops:

And as RMerlin mentioned, netdata is not part of the fw. So, my earlier message was a bit off-topic. Sorry.
 
Merlin, thank you for all your hard work and excellent FW.

There may be a bug or conflict with 384_8.2 on the RT-AC88U. DNSCrypt & NTP Daemon are also installed. Custom configurations are unable to be deleted from the OpenVPN client page. Observation: Custom configs all seem to be loading Client 3 custom config data.

Deleting custom configs with 384_8.2 works without issue on the RT-AC1900P. Reverting back to 384_7.2 on the RT-AC88U resolved the custom config issue. Your thoughts?
 
Merlin, thank you for all your hard work and excellent FW.

There may be a bug or conflict with 384_8.2 on the RT-AC88U. DNSCrypt & NTP Daemon are also installed. Custom configurations are unable to be deleted from the OpenVPN client page. Observation: Custom configs all seem to be loading Client 3 custom config data.

Deleting custom configs with 384_8.2 works without issue on the RT-AC1900P. Reverting back to 384_7.2 on the RT-AC88U resolved the custom config issue. Your thoughts?

Custom settings handling code is identical on the RT-AC88U and RT-AC1900P, there's no reason why it should behave differently on these two models.
 
Is it necessary to remove a USB drive prior to flashing new FW?

Recommended, rather than "necessary". I've never had trouble flashing with the USB mounted, but some have, and ejecting it frees up memory which helps ensure a successful flash.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top