Beta Asuswrt-Merlin 386.1 Beta (stage 2) is now available

[Amiga]

Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?

 

[Martineau]

@RMerlin there is a critical bug with 386.1_beta3 on AX88U while using OpenVPN client. If option " Force Internet traffic through tunnel " is set to Yes and IPV6 is set to Disable, the connecting process will crash. Here's the log:

Jan 11 22:36:49 ovpn-client1[32047]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Jan 11 22:36:49 ovpn-client1[32047]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Jan 11 22:36:49 ovpn-client1[32047]: OpenVPN 2.5.0 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 28 2020
Jan 11 22:36:49 ovpn-client1[32047]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.08
Jan 11 22:36:49 ovpn-client1[32048]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 11 22:36:49 ovpn-client1[32048]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 22:36:49 ovpn-client1[32048]: TCP/UDP: Preserving recently used remote address: [AF_INET]174.128.180.120:443
Jan 11 22:36:49 ovpn-client1[32048]: UDP link local: (not bound)
Jan 11 22:36:49 ovpn-client1[32048]: UDP link remote: [AF_INET]174.128.180.120:443
Jan 11 22:36:49 ovpn-client1[32048]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 11 22:36:51 ovpn-client1[32048]: [7618/server] Peer Connection Initiated with [AF_INET]174.128.180.120:443
Jan 11 22:36:52 ovpn-client1[32048]: TUN/TAP device tun11 opened
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip addr add dev tun11 local 172.18.13.190 peer 172.18.13.189
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip link set dev tun11 up
Jan 11 22:36:52 ovpn-client1[32048]: /usr/sbin/ip -6 addr add fde4:8dba:82e3::102e/64 dev tun11
Jan 11 22:36:52 ovpn-client1[32048]: Linux ip -6 addr add failed: external program exited with error status: 2
Jan 11 22:36:52 ovpn-client1[32048]: Exiting due to fatal error

IPv6 over VPN is not supported

Naitive IPV6 And VPN.

Hi. I've manage to set my VPN up with my from my seedbox provider on my router no issues. However, because my Isp supports naitive IPV6 the VPN doesn't work only when I disable ipv6 and just ipv4 it works for all clients, I know can select different policy rules, so only certain devices can...

www.snbforums.com

 

[francovilar]

Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?

adaptive qos

 

[Martineau]

Going in circles with the RT-AC86U Beta 4b webui trying to find the built-in speedtest. Where is it please?

 

[beerglass007]

Silly question but has anyone got SSH access using beta 4 ?

I'm getting connection refused

SSH is enabled on standard port 22 for LAN only

 

[GHammer]

Silly question but has anyone got SSH access using beta 4 ?

I'm getting connection refused

SSH is enabled on standard port 22 for LAN only

Just used it, working fine. Same settings as you outlined.

 

[clweb]

No problem here with the same SSH configuration. Router is RT-AX58U.

 

[beerglass007]

Just used it, working fine. Same settings as you outlined.

nightmare

Wireshark is showing RST ACK....

Internet Protocol Version 4, Src: 192.168.0.1, Dst: 192.168.0.77
Transmission Control Protocol, Src Port: 22, Dst Port: 52510, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52510

Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xf1be [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]

 

[Calkulin]

Anyone else want to take a stab at replicating @nzwayne 's results?
Anyone else with gigabit cable or even maybe fiber that has or is willing to compare beta4b and beta4-gb9 for speedtests?

As mentioned I'd be happy to be the one to test and replicate this, but I won't see anything higher than I do now with my 300Mbps download speeds lol

Performance on the AX88U v1.1 that I just received has been all over the place with either Beta 4(new build) or Beta 4b. The first 2 500Mbps speedtest in the screenshot were on Beta 4b, the next 700Mbps was on Beta 4(new build) and the last 900Mbps was back on Beta 4b. Also doing speedtest over WiFi varies a lot more on this AX88U than the AX58U it just replaced, as the AX58U was pretty consistent at 750-800Mbps over WiFi. Now it varies from 400-800Mbps on the AX88U, which I never saw the AX58U do in the 6 months I had it. Now on the router itself it did vary but that was because the speedtest on the AX58U pegged 2 CPU cores to 100% sometimes. And this was with TM completely off(withdrawn),

 

[beerglass007]

nightmare

Wireshark is showing RST ACK....

Internet Protocol Version 4, Src: 192.168.0.1, Dst: 192.168.0.77
Transmission Control Protocol, Src Port: 22, Dst Port: 52510, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52510

Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xf1be [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]

Looks like when I enable SSH it can't make the keys

Jan 13 15:47:36 syslogd started: BusyBox v1.25.1
Jan 13 15:47:36 kernel: klogd started: BusyBox v1.25.1 (2021-01-08 17:43:19 EST)
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 15:47:43 dropbear[16261]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.

 

[Mutzli]

Looks like when I enable SSH it can't make the keys

Jan 13 15:47:36 syslogd started: BusyBox v1.25.1
Jan 13 15:47:36 kernel: klogd started: BusyBox v1.25.1 (2021-01-08 17:43:19 EST)
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 15:47:43 dropbear[16261]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 15:47:43 dropbear[16261]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.

What is your setting for 'Local Access Control' - HTTP or HTTPS? If HTTPS you might have an issue with your certificate. You can renew it under DDNS under WAN settings.

 

[panpanbebe]

Will this version fix the freezing issues with RT-AC68R/U?

 

[Makaveli]

Will this version fix the freezing issues with RT-AC68R/U?

What Freezing issue?

 

[beerglass007]

What is your setting for 'Local Access Control' - HTTP or HTTPS? If HTTPS you might have an issue with your certificate. You can renew it under DDNS under WAN settings.

It was using HTTP but enabled HTTPS and its created a cert fine

I have no idea what its unable to generate a RSA key pair for SSH very odd

Anyone seen this before please ?


Here is the output from the client but its router which isn't listening because it cannot generate a RSA key pair

❯ ssh -vvv admin@192.168.0.1
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: connect to address 192.168.0.1 port 22: Connection refused
ssh: connect to host 192.168.0.1 port 22: Connection refused

Looking at the logs and trying to force it to read to the JFFS Partition is failing. Anyone know how I can fix this please as I'm guessing this might be the root cause of the RSA key generation failing

Jan 13 17:30:00 kernel: mkdir: can't create directory '/jffs/.le/': Read-only file system

 

[John Fitzgerald]

It was using HTTP but enabled HTTPS and its created a cert fine

I have no idea what its unable to generate a RSA key pair for SSH very odd

Anyone seen this before please ?


Here is the output from the client but its router which isn't listening because it cannot generate a RSA key pair

❯ ssh -vvv admin@192.168.0.1
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: connect to address 192.168.0.1 port 22: Connection refused
ssh: connect to host 192.168.0.1 port 22: Connection refused

So If your IP range starts at 192.168.0.1 (reserved range / login address)
Shouldn't the Cert be on 192.168.0.2 (reserved range / Holds Cert key)
And your range for everything else starts at 192.168.0.3---(245) or limited to say (75)?

 

[beerglass007]

So If your IP range starts at 192.168.0.1
Shouldn't the Cert be on 192.168.0.2
And your range starts at 192.168.0.3---(245 or limited to say 75)?

Not sure I follow any of that. The AX86u is 192.168.0.1 and I've SSH to that IP address. The cert would also be applied to that management IP address

Not sure what you mean by Cert on 192.168.0.2 and what the IP range .03 - 245 has got anything to do with it sorry

 

[John Fitzgerald]

Not sure I follow any of that. The AX86u is 192.168.0.1 and I've SSH to that IP address. The cert would also be applied to that management IP address

Not sure what you mean by Cert on 192.168.0.2 and what the IP range .03 - 245 has got anything to do with it sorry

The Cert being applied to a reserved range on 0.2

EDIT: do you mean Key and not Cert?

 

[beerglass007]

The Cert being applied to a reserved range on 0.2

Sorry total lost me here. What has the cert got to do with SSH and 0.2 ?

 

[John Fitzgerald]

Sorry total lost me here. What has the cert got to do with SSH and 0.2 ?

Where is the Cert coming from?

 

[beerglass007]

Where is the Cert coming from?

I'm using a password based SSH access. When enabling SSH on a linux system it will generate a SSH key pair but looking at the logs I'm getting this

Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Jan 13 17:47:04 dropbear[3465]: Failed loading /etc/dropbear/dropbear_ed25519_host_key
Jan 13 17:47:04 dropbear[3465]: Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
Jan 13 17:47:04 hour_monitor: daemon is starting

Looking at more logs I think its because the JFFS Partition is read-only, or not mounted but hard to tell without SSH access

I did a nuclear reset the other day and formatted on next boot the JFFS Partition and its the first time enabling SSH again and assume its all linked

Not sure what you mean about CERT, I assume you mean the management SSL CERT or DDNS