What's new

Beta Asuswrt-Merlin 386.2 Beta is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
RT-AC86u Master 386.2.beta 1
2x RT-AC88U (Nodes) 386.2 beta 1

all running since two days without any issues.
 
I experienced the same thing on RT-AC88U. Router is able to establish WAN and VPN routes/connections. But clients have no internet. RPDB rules are getting wiped. I see they are getting created in the System Log. Bouncing the VPN Clients restores the RPDB rules. No clues that I can spot in the System Log at the moment. Restoring to 386.1_2 restores internet access for clients and no issues with RPDB rules.
Do you see the same awkward firewall files in /tmp with bad WAN interface values?
 
If it’s a compile issue, other users with the same router should see the same behavior, and it should be easy to spot.
There were few cases already by other users, so this is definitely not an single ocurance. Maybe, it is specific for some permutation of model/settings/something else. Still looks VERY strange, as manual check of code and corresponding nvram values - shows nothing. Looks like it should work fine, but it doesnt. Already checked all sequence starting from identifying _proto and multiwan values and up to _ifname - and didnt find anything suspicious
 
In your quest to help others [laudable], I would find it really useful if you included your router model and add-ons in your signature. I had to dig back to your very first post to see that your issues are with the RT-AC3100 [or as it is also known RT-AC88U].

A search of this thread reveals that there are at least 4 other members having similar problems ...
https://www.snbforums.com/search/147549/?q=ac88u&t=post&c[thread]=71038&o=date

Probably find that @dave14305 has nailed it with a compile hiccup relevant to this model only?
http://www.snbforums.com/threads/asuswrt-merlin-386-2-beta-is-now-available.71038/post-672455
Tnx, i'll fill my profile. I was always a reader on SnB, this is first time i have to write something :)
 
There were few cases already by other users, so this is definitely not an single ocurance. Maybe, it is specific for some permutation of model/settings/something else. Still looks VERY strange, as manual check of code and corresponding nvram values - shows nothing. Looks like it should work fine, but it doesnt. Already checked all sequence starting from identifying _proto and multiwan values and up to _ifname - and didnt find anything suspicious
If you enable Cake QoS, does the right WAN interface name get written to /etc/cake-qos.conf as variable ULIF?
 
OpenVPN Android client fails authentication to server in AX86U. Using the Arne Schawbe Android client. User authentication set in server. 1024 bit, changed default port.
My fault. Fumblefingered password. Works now.
 
  • Like
Reactions: MvW
In your quest to help others [laudable], I would find it really useful if you included your router model and add-ons in your signature. I had to dig back to your very first post to see that your issues are with the RT-AC3100 [or as it is also known RT-AC88U].

A search of this thread reveals that there are at least 4 other members having similar problems ...
https://www.snbforums.com/search/147549/?q=ac88u&t=post&c[thread]=71038&o=date

Probably find that @dave14305 has nailed it with a compile hiccup relevant to this model only?
http://www.snbforums.com/threads/asuswrt-merlin-386-2-beta-is-now-available.71038/post-672455
Unless they also provided the content of their firewall rules, we cannot assume they were experiencing the exact same problem. For instance, I always suspected that Asus' recent DNS routing changes may impact certain configurations.
 
Do you see the same awkward firewall files in /tmp with bad WAN interface values?
What makes even less sense is that in this instance, the variable is directly retrieved from nvram, it's not even using libshared functions:

(there are two instances, one relies on direct nvram, the other relies on libshared).
 
Last edited:
I might have a lead here, or at least something to work with. On my RT-AX88U or my RT-AC66U_B1 I guet:

Code:
-A FORWARD -o eth0 ! -i br0 -j other2wan

And on my RT-AC88U, I get:

Code:
-A FORWARD -o  ! -i br0 -j other2wan

So while I don't get random data, I don't get any interface at all here. Time to carpet bomb the code with logging...
 
Probably found it. The wanx_if content gets garbed after a call to config_ic_rule_string(ic_list, fp, logaccept, logdrop, 1); . That function calls a cleanup function at the end, which ends with nvram_commit(). That probably has the effect of trashing any existing pointer to an nvram value. I will have to make copies of any existing nvram pointer to ensure their content stays valid through this function call.

Code:
Mar 13 14:11:48 wanx: Just got eth0
Mar 13 14:11:48 wanx: 1 eth0
Mar 13 14:11:48 wanx: 2 eth0
Mar 13 14:11:48 wanx: 3 eth0
Mar 13 14:11:48 wanx: 3a eth0
Mar 13 14:11:48 wanx: 3aa eth0
Mar 13 14:11:48 wanx: 3ab 
Mar 13 14:11:48 wanx: 3b 
Mar 13 14:11:48 wanx: 3c 
Mar 13 14:11:48 wanx: 4 
Mar 13 14:11:48 wanx: 5 
Mar 13 14:11:48 wanx: 6 
Mar 13 14:11:48 wanx: 7 
Mar 13 14:11:48 wanx: 8 
Mar 13 14:11:48 wanx: 9 
Mar 13 14:11:48 wanx: 10 
Mar 13 14:11:48 wanx: 11 
Mar 13 14:11:48 wanx: strcmp
 
AC86U. Nothing significant to report after 24 hours.

Upgraded to 386.2 beta 1 from 386.1_2 (dirty upgrade). 386.1_2 had been dirty upgraded from a clean 386.1.
Approx. 15 wifi clients. Only one Ethernet cable pluggedin for the LAN, coming from an 8 port switch.
connmon active. spdMerlin stopped. cake-qos uninstalled before upgrade.

Thank you RMerlin.

Cake gives the A+/A/A+ that I used to get on dslreports with cake-qos.
Note that, just as with cake-qos, I see a discrepancy (up to 10%-20%) between the target bandwidth in the router settings and the experienced bandwidth. My line is 125 down, 7 up (promised and measured); DOCSIS/cable. My cake config is 130 down (not the recommended approach; keep reading please), 6.5 up. My line measures at approx. 115 down with cake. Setting cake at the recommended 90%-95% target results in much lower bandwidth; like 100Mbps down.
When I was using cake-qos with diffserv8 (out of curiosity), I sometimes got weird statistics (like high priority tins with worse figures). The built-in cake, with diffser3 seems to work just as expected.
By the way, I have used a mangle/postrouting rule to tag all my UDP traffic (quite brutal I reckon, but if besteffort works fine anyway; a brutal classification with diffserv3 can't be really bad).
Thank you very much dave14305 for the examples (more refined than my brutal approach).



Take care
Best regards
 
Last edited:
  • Like
Reactions: pmm
Is this for all models or only certain models ?
So far I could only reproduce it on the RT-AC88U, works fine on AC68 and AX88, so it may be either SDK-specific, or be totally random depending on whether the nvram content is moved around or not during the firewall configuration.
 
So far I could only reproduce it on the RT-AC88U, works fine on AC68 and AX88, so it may be either SDK-specific, or be totally random depending on whether the nvram content is moved around or not during the firewall configuration.
Any chance to update current builds with this fix for at least AC88 and AC3100?
 
Any chance to update current builds with this fix for at least AC88 and AC3100?
Probably only with the beta 2 release, unless I actually have time to generate test builds before that.
 
Probably only with the beta 2 release, unless I actually have time to generate test builds before that.
Sure, np. I can live some time without addons that are triggering firewall restart (like skynet), it is easy to pick file from /tmp/err_rules, fix two lines and restore with iptables-restore - that gives stable working router until firewall service will be restarted (without addons - most probably till the router reboot). Anyway - this is Beta, so we know what we are doing there :)
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top