What's new

Beta Asuswrt-Merlin 386.1 Beta (stage 2) is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?
 
@RMerlin there is a critical bug with 386.1_beta3 on AX88U while using OpenVPN client. If option " Force Internet traffic through tunnel " is set to Yes and IPV6 is set to Disable, the connecting process will crash. Here's the log:

Jan 11 22:36:49 ovpn-client1[32047]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Jan 11 22:36:49 ovpn-client1[32047]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Jan 11 22:36:49 ovpn-client1[32047]: OpenVPN 2.5.0 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 28 2020
Jan 11 22:36:49 ovpn-client1[32047]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.08
Jan 11 22:36:49 ovpn-client1[32048]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 11 22:36:49 ovpn-client1[32048]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 22:36:49 ovpn-client1[32048]: TCP/UDP: Preserving recently used remote address: [AF_INET]174.128.180.120:443
Jan 11 22:36:49 ovpn-client1[32048]: UDP link local: (not bound)
Jan 11 22:36:49 ovpn-client1[32048]: UDP link remote: [AF_INET]174.128.180.120:443
Jan 11 22:36:49 ovpn-client1[32048]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 11 22:36:51 ovpn-client1[32048]: [7618/server] Peer Connection Initiated with [AF_INET]174.128.180.120:443
Jan 11 22:36:52 ovpn-client1[32048]: TUN/TAP device tun11 opened
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip addr add dev tun11 local 172.18.13.190 peer 172.18.13.189
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip -6 addr add fde4:8dba:82e3::102e/64 dev tun11
Jan 11 22:36:52 ovpn-client1[32048]: Linux ip -6 addr add failed: external program exited with error status: 2
Jan 11 22:36:52 ovpn-client1[32048]: Exiting due to fatal error

IPv6 over VPN is not supported
 
Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?
1610546926296.png
 
Silly question but has anyone got SSH access using beta 4 ?

I'm getting connection refused

SSH is enabled on standard port 22 for LAN only
 
Just used it, working fine. Same settings as you outlined.

nightmare

Wireshark is showing RST ACK....

Internet Protocol Version 4, Src: 192.168.0.1, Dst: 192.168.0.77
Transmission Control Protocol, Src Port: 22, Dst Port: 52510, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52510

Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xf1be [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]
 

Attachments

  • Screenshot 2021-01-13 at 15.36.18.png
    Screenshot 2021-01-13 at 15.36.18.png
    133 KB · Views: 153
Anyone else want to take a stab at replicating @nzwayne 's results?
Anyone else with gigabit cable or even maybe fiber that has or is willing to compare beta4b and beta4-gb9 for speedtests?

As mentioned I'd be happy to be the one to test and replicate this, but I won't see anything higher than I do now with my 300Mbps download speeds lol


Performance on the AX88U v1.1 that I just received has been all over the place with either Beta 4(new build) or Beta 4b. The first 2 500Mbps speedtest in the screenshot were on Beta 4b, the next 700Mbps was on Beta 4(new build) and the last 900Mbps was back on Beta 4b. Also doing speedtest over WiFi varies a lot more on this AX88U than the AX58U it just replaced, as the AX58U was pretty consistent at 750-800Mbps over WiFi. Now it varies from 400-800Mbps on the AX88U, which I never saw the AX58U do in the 6 months I had it. Now on the router itself it did vary but that was because the speedtest on the AX58U pegged 2 CPU cores to 100% sometimes. And this was with TM completely off(withdrawn),
 

Attachments

  • Capture.PNG
    Capture.PNG
    65.6 KB · Views: 140
nightmare

Wireshark is showing RST ACK....

Internet Protocol Version 4, Src: 192.168.0.1, Dst: 192.168.0.77
Transmission Control Protocol, Src Port: 22, Dst Port: 52510, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52510

Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xf1be [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]



Looks like when I enable SSH it can't make the keys

Code:
Jan 13 15:47:36 syslogd started: BusyBox v1.25.1
Jan 13 15:47:36 kernel: klogd started: BusyBox v1.25.1 (2021-01-08 17:43:19 EST)
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 15:47:43 dropbear[16261]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
 
Looks like when I enable SSH it can't make the keys

Code:
Jan 13 15:47:36 syslogd started: BusyBox v1.25.1
Jan 13 15:47:36 kernel: klogd started: BusyBox v1.25.1 (2021-01-08 17:43:19 EST)
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 15:47:43 dropbear[16261]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
What is your setting for 'Local Access Control' - HTTP or HTTPS? If HTTPS you might have an issue with your certificate. You can renew it under DDNS under WAN settings.
 
What is your setting for 'Local Access Control' - HTTP or HTTPS? If HTTPS you might have an issue with your certificate. You can renew it under DDNS under WAN settings.

It was using HTTP but enabled HTTPS and its created a cert fine

I have no idea what its unable to generate a RSA key pair for SSH very odd

Anyone seen this before please ?


Here is the output from the client but its router which isn't listening because it cannot generate a RSA key pair

Code:
❯ ssh -vvv admin@192.168.0.1
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: connect to address 192.168.0.1 port 22: Connection refused
ssh: connect to host 192.168.0.1 port 22: Connection refused

Looking at the logs and trying to force it to read to the JFFS Partition is failing. Anyone know how I can fix this please as I'm guessing this might be the root cause of the RSA key generation failing

Jan 13 17:30:00 kernel: mkdir: can't create directory '/jffs/.le/': Read-only file system
 
Last edited:
It was using HTTP but enabled HTTPS and its created a cert fine

I have no idea what its unable to generate a RSA key pair for SSH very odd

Anyone seen this before please ?


Here is the output from the client but its router which isn't listening because it cannot generate a RSA key pair

Code:
❯ ssh -vvv admin@192.168.0.1
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: connect to address 192.168.0.1 port 22: Connection refused
ssh: connect to host 192.168.0.1 port 22: Connection refused

So If your IP range starts at 192.168.0.1 (reserved range / login address)
Shouldn't the Cert be on 192.168.0.2 (reserved range / Holds Cert key)
And your range for everything else starts at 192.168.0.3---(245) or limited to say (75)?
 
Last edited:
So If your IP range starts at 192.168.0.1
Shouldn't the Cert be on 192.168.0.2
And your range starts at 192.168.0.3---(245 or limited to say 75)?

Not sure I follow any of that. The AX86u is 192.168.0.1 and I've SSH to that IP address. The cert would also be applied to that management IP address

Not sure what you mean by Cert on 192.168.0.2 and what the IP range .03 - 245 has got anything to do with it sorry
 
Not sure I follow any of that. The AX86u is 192.168.0.1 and I've SSH to that IP address. The cert would also be applied to that management IP address

Not sure what you mean by Cert on 192.168.0.2 and what the IP range .03 - 245 has got anything to do with it sorry

The Cert being applied to a reserved range on 0.2

EDIT: do you mean Key and not Cert?
 
Where is the Cert coming from?



I'm using a password based SSH access. When enabling SSH on a linux system it will generate a SSH key pair but looking at the logs I'm getting this

Code:
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 17:47:04 dropbear[3465]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
Jan 13 17:47:04 hour_monitor: daemon is starting

Looking at more logs I think its because the JFFS Partition is read-only, or not mounted but hard to tell without SSH access

I did a nuclear reset the other day and formatted on next boot the JFFS Partition and its the first time enabling SSH again and assume its all linked

Not sure what you mean about CERT, I assume you mean the management SSL CERT or DDNS
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top