Finally I was able to update from 384.19 to 386.1 after a complete reset, on an RT-AC66U B1.
After about 20 mins the UI worked fine, so I spent some time to see what's changed.
Then I tried connecting to my VPN server running on router.
There are some warning never seen before, but connection to VPN server is fine.
Rich (BB code):
2021-02-05 19:43:22 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2021-02-05 19:43:22 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-02-05 19:43:22 Windows version 10.0 (Windows 10 or greater) 64bit
2021-02-05 19:43:22 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-02-05 19:43:25 ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!
2021-02-05 19:43:25 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:9999
2021-02-05 19:43:25 UDP link local: (not bound)
2021-02-05 19:43:25 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:9999
2021-02-05 19:43:25 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-02-05 19:43:26 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1537', remote='link-mtu 1521'
2021-02-05 19:43:26 [RT-AC68U] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:9999
2021-02-05 19:43:26 open_tun
2021-02-05 19:43:26 tap-windows6 device [Connessione alla rete locale (LAN)] opened
2021-02-05 19:43:26 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2021-02-05 19:43:26 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {5567ACE7-D52C-4F8A-B5B2-DFC040B207A7} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2021-02-05 19:43:26 Successful ARP Flush on interface [9] {5567ACE7-D52C-4F8A-B5B2-DFC040B207A7}
2021-02-05 19:43:26 IPv4 MTU set to 1500 on interface 9 using service
2021-02-05 19:43:31 Initialization Sequence Completed
This is the old client1.ovpn file generated by 384.19:
Code:
client
dev tun
proto udp
remote myddnshostname 9999
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
auth none
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
LINES REMOVED
-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind
Then I decided to generate a new client.ovpn with updated firmware release.
Edited the remote address and replaced conf file in Windows 10 OpenVPN client:
Code:
# Config generated by Asuswrt-Merlin 386.1, requires OpenVPN 2.4.0 or newer.
client
dev tun
proto udp
remote myddnshostname 9999
resolv-retry infinite
nobind
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
auth none
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
LINES REMOVED
-----END PRIVATE KEY-----
</key>
With this configuration file I'm not able to connect to VPN server, this is Windows OpenVPN client log:
Rich (BB code):
2021-02-05 20:19:47 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2021-02-05 20:19:47 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-02-05 20:19:47 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-02-05 20:19:47 Windows version 10.0 (Windows 10 or greater) 64bit
2021-02-05 20:19:47 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-02-05 20:19:50 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.2:9999
2021-02-05 20:19:50 UDP link local: (not bound)
2021-02-05 20:19:50 UDP link remote: [AF_INET]192.168.0.2:9999
2021-02-05 20:20:50 [UNDEF] Inactivity timeout (--ping-restart), restarting
2021-02-05 20:20:50 SIGUSR1[soft,ping-restart] received, process restarting
2021-02-05 20:20:55 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.2:9999
2021-02-05 20:20:55 UDP link local: (not bound)
2021-02-05 20:20:55 UDP link remote: [AF_INET]192.168.0.2:9999
2021-02-05 20:21:46 SIGTERM[hard,] received, process exiting
And a spinning wheel appear on router VPN server page, near the export CFG file, that will spin until I reboot the router:
View attachment 30349
As I can see the only missing cfg line in the new client1 is cipher AES-128-CBC, but adding this line to the newly generated conf file doesn't help.
Am I the only one?
My actual workaround is to restart router to stop the spinning wheel and use the old client1.ovpn file from 384.19.
Thanks to Merlin for the great job and to all users who can help me to fix this small problem.
Max
EDIT: Post modified, my apologies for posting an invented domain resulting in a live domain.
I'm sorry.