Visiondejavu
New Around Here
OpenVPN modifications in 386.3 on Asus AC5300 no longer allow ExpressVPN to hide IP address. Connects, but IP is leaked. Worked fine in previous versions, but had to revert back to 386.1 to work properly.
**Potential GUI Bug**
@RMerlin
Any time changes are made to the Administrator page, this error pops up.
View attachment 35296
Even though no attempts were made to change the Router Login Name.
Did all that, issue seems to go away when I unmount the harddrive.No such problem on my 386.3 - can mod any items on that page without getting the error you refer to.
Make sure your browser cache [or form fill] is not auto filling the Router Login Name over what is/was there. That may cause the error?
Your client isn't correctly configured. You need to set Redirect Internet traffic to Yes or to VPN Director and configure rules.OpenVPN modifications in 386.3 on Asus AC5300 no longer allow ExpressVPN to hide IP address. Connects, but IP is leaked. Worked fine in previous versions, but had to revert back to 386.1 to work properly.
Old, known issue - the disk sharing user list is invalid. There are a few posts on the forum explaining how to fix it/reset it.Did all that, issue seems to go away when I unmount the harddrive.
Fixed it but I had to manually do it. It turns outOld, known issue - the disk sharing user list is invalid. There are a few posts on the forum explaining how to fix it/reset it.
nvram set acc_num="1"
nvram set acc_list="$(nvram get http_username)>$(nvram get http_passwd)"
nvram set acc_webdavproxy="$(nvram get http_username)>1"
nvram commit
reboot
kernol you are the best. I am a noob (newbie), such a noob I had to look that up. Followed your very detailed instructions, operated the kill switch thus stopping all access to the internet. Ran your second command and restored internet service. You made it easy. I was certain the kill switch would work because rmerlin turns out only premium firmware. I just had to see it work for myself. You are a good person kernol for helping a stranger.To test the VPNClient killswitch you need to open a SSH session on your router. To do that you need to go to the Administration > System tab after logging in with your browser to the router. Half way down the page under "Service" - Enable SSH for LAN only - do not allow SSH Port Forwarding and choose a non-default port [say 222] and allow password login.
I use MobaXterm on my Windows 10 workstation as a terminal for SSH and several other useful remote tools. Use that or Putty or any other terminal of your choice to login to your Router under SSH terminal using your admin username and password.
At the command prompt you can issue those commands that I pointed out to you.
So if you have configured OpenVPN Client No 1 to route certain Local IP's through a VPN service provider - then with that OVPN1 enabled you would type this command at the Terminal prompt ...
Code:killall vpnclient1
[Change the 1 to a 2, 3 ,4 or 5 .... depending on which VPNClient you want to test].
Check whether the Local IP's that you had directed through the VPN Tunnel have now lost internet connection - and if so - the killswitch is working as designed. Now to bring the VPN Tunnel back up again issue this command at the terminal prompt ...
Code:service start_vpnclient1
Now check that the Local IP's that you had directed through the VPN tunnel have had their internet connection restored.
If my explanation above is "overkill" - sorry ... but I have no idea of your skills level ... but do remember all too well when I first joined this forum as a non-coder noob ... first posts are not always easy given the high skill levels of so many members .
PS - If you are a noob like I was - then if not done already - at that SSH command prompt - type "amtm" and open Pandora's Box to a huge array of awesome add-ons [like those in my signature]. Just follow the prompts and read here if stuck ...
Merlin get GPL directly from Asus so most likely they will included in next GPL Asus send to Merlin.Just curious RMerlin will you be implementing the security patches released by Asus in a recent stock fw update? Or do you avoid updating base code until their is a major revision change to keep it more in line with LTS?
Question might have already been asked apologies if it was.
==============
2021/07/08 66.29 MBytes
ASUS GT-AX11000 Firmware version 3.0.0.4.386.44266
1. Improved connection stability.
2. Modified the DNS setting and router's DNS can be assigned to the LAN side DNS.
3. Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.
4. Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
Define "broken".Router advertisement in 6in4 tunnels still broken after a reboot.
This is true, but @RMerlin has mentioned that there is some sort of GPL build problem with recent releases, and this is why we seem to have a relatively large gap (both in time and version number) between official Asus releases and Merlin's versions at the moment. Perhaps he could update us on that situation, please?Merlin get GPL directly from Asus so most likely they will included in next GPL Asus send to Merlin.
If you set up a 6in4 tunnel with RA on (default) and then reboot the router, RA stops working. You have to disable it, apply settings, then enable it again so it works until the next reboot. It's an upstream bug actually.Define "broken".
Latest news I got today was: "No ETA, recently generated a new test GPL for one model, awaiting validation".Perhaps he could update us on that situation, please?
Can you see if the issue still exists in newer stock firmware? If it was fixed upstream since 42095, then we just have to wait for a new GPL release for me to merge in.It's an upstream bug actually.
Please read https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-config-filesHi,
Can you please explain in a bit more detail as to which files I need to copy/ create in which folders - some sample content of the file would be very helpful.
All I mainly want to achieve is change the default IPSec ikev2 range from 10.10.10.0/24 to 192.168.2.0/24 as specified in the line rightsourceip=
@guho
What additional file(s) do I create where and what do I modify in the existing /etc/ipsec.conf to achieve this? Many thanks...
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!