[Beta 382] Asuswrt-Merlin 382.2 Beta is now available

[samw5]

That feature wasn't removed.

I don't see any options to upload my certs somehow... I've looked everywhere but thought it was under that page at some point... Am I missing something???

 

[Wingsfan87]

I don't see any options to upload my certs somehow... I've looked everywhere but thought it was under that page at some point... Am I missing something???

WAN > DDNS

It was moved. This was detailed in the change log. Last line below from change log excerpt.

Asuswrt-Merlin 382 Changelog
============================

382.2 Beta (xx-xxx-xxxx)
   - NOTE: The official IRC channel has moved to
           Freenode (#asuswrt).

   - NEW: Merged with GPL 382_18991.
          Most notable changes (will vary between models):
            - Added IPSec VPN server
            - Added IFTTT and Alexa support
            - Let's Encrypt support (DDNS page)
            - Better support for some longer settings (RT-AC86U)
   - NEW: Merged HND SDK + binary components from 382_18848
          (RT-AC86U)
   - NEW: Added IPSec VPN status on the VPNStatus page.
   - NEW: Added support for RT-AC56U and RT-AC68U
          (and all of its variants)
   - NEW: Enabled support for Let's Encrypt on RT-AC56U and
          RT-AC68U (in addition to RT-AC88U/3100)
   - CHANGED: Moved HTTPS cert management to the DDNS page (where
              Asus has put theirs, as Let's Encrypt is tied to
              the DDNS configuration)

 

[skeal]

@RMerlin I have tried to get an answer for this error from google and asus and have heard nothing and seen nothing,

Jan  3 07:01:14 kernel: ERR[update_qos_data_by_mac:3568] Failed to find udb entry by skb src-MAC!

We talked about this before I know, but, is this a warning is this QOS failing and it needs a restart? Should we be concerned are there any fixes being considered? Thanks I know you're busy I don't want to be a bother.

 

[samw5]

WAN > DDNS
It was moved. This was detailed in the change log. Last line below from change log excerpt.

TY Sir! That did the trick.

Now I guess I need to figure out what's up with the IFTTT not properly linking... Wondering if the 2FA on my IFTTT account has anything to do with it though it's not prevented me from linking it to other devices/services in the past.

 

[Netbug]

so anyone else having problem where you generate a certificate, WAN > DDNS, add it to in my case (keychain) as using mac, shows secure in browser but once you reboot router a new certificate is generated so get insecure again unless i add new generated certificate to keychain? it's not persistent after reboots. cheers.

 

[skeal]

so anyone else having problem where you generate a certificate, WAN > DDNS, add it to in my case (keychain) as using mac, shows secure in browser but once you reboot router a new certificate is generated so get insecure again unless i add new generated certificate at bootup to keychain? it's not persistent after reboots. cheers.

If you can, use letsencrypt it may not be available on your model though. Located on the DDNS page.

 

[Netbug]

If you can, use letsencrypt it may not be available on your model though. Located on the DDNS page.

yeah it's there but to use lets encrypt would i need to enable 'Enable Web Access from WAN' ? i keep that setting disabled. i just like having secure connection to router (https) when logging in to router on lan side not wan hence a self signed one always been fine before. certificate just seems to regenerate a new one at reboot, is this a bug or something?

 

[skeal]

yeah it's there but to use lets encrypt would i need to enable 'Enable Web Access from WAN' ? i keep that setting disabled. i just like having secure connection to router (https) when logging in to router on lan side not wan hence a self signed one always been fine before. certificate just seems to regenerate a new one at reboot, is this a bug or something?

Yes web access to wan needs to be enabled but I find that if you assign an obscure port like in the 10000 range or higher and allow only HTTPS connections. I have yet to have had a scan on mine it just works real well.

 

[skeal]

yeah it's there but to use lets encrypt would i need to enable 'Enable Web Access from WAN' ? i keep that setting disabled. i just like having secure connection to router (https) when logging in to router on lan side not wan hence a self signed one always been fine before. certificate just seems to regenerate a new one at reboot, is this a bug or something?

When setup you use HTTPS connection locally as well.

 

[Netbug]

When setup you use HTTPS connection locally as well.

think we getting our wires crossed, to use let's encrypt you have to enable 'Enable Web Access from WAN'. I don't want to enable it, i only login to my router via lan hence a self signed one generated by router does me fine but it just regenerates a new one when router reboots. I choose let's encrypt and got all kinds of problems with the ui not loading properly etc because i did not enable 'Enable Web Access from WAN'.

 

[skeal]

think we getting our wires crossed, to use let's encrypt you have to enable 'Enable Web Access from WAN'. I don't want to enable it, i only login to my router via lan hence a self signed one generated by router does me fine but it just regenerates a new one when router reboots. I choose let's encrypt and got all kinds of problems with the ui not loading properly etc because i did not enable 'Enable Web Access from WAN'.

IMHO: I'm sorry but I don't see any problem with http access on the lan. Why would you want https on your own network. The router is password protected which can be made as complex as required.

 

[Netbug]

IMHO: I'm sorry but I don't see any problem with http access on the lan. Why would you want https on your own network. The router is password protected which can be made as complex as required.

enabling wan access to router is not secure in my opinion, i use openvpn and access lan and router via openvpn externally, i know there is nothing wrong with http access on lan but i still like to use https, my password is complex but that means nothing if someone on my wifi is sniffing the packets with summit like wireshark if using http instead of https on router, i know it will not happen i know what's on my network etc but i'm just a security concious i guess, i'll see what merlin says, on 380.69 the certificate was persistent and did not regenerate after reboots on 382.2 Beta it just regenerates a new one. Thanks for your time though

 

[Wingsfan87]

enabling wan access to router is not secure in my opinion, i use openvpn and access lan and router via openvpn externally, i know there is nothing wrong with http access on lan but i still like to use https, my password is complex but that means nothing if someone on my wifi is sniffing the packets with summit like wireshark if using http instead of https on router, i know it will not happen i know what's on my network etc but i'm just a security concious i guess, i'll see what merlin says, on 380.69 the certificate was persistent and did not regenerate after reboots on 382.2 Beta it just regenerates a new one. Thanks for your time though

Agreed, I don't allow WAN access to my router either and use the locally generated/signed cert but I am not seeing the regeneration issue you are. What model are you running? Did you do a Factory Reset when updating to the new beta? I factory reset mine and I'm not experiencing it regenerating on reboots.

 

[Netbug]

Agreed, I don't allow WAN access to my router either and use the locally generated/signed cert but I am not seeing the regeneration issue you are. What model are you running? Did you do a Factory Reset when updating to the new beta? I factory reset mine and I'm not experiencing it regenerating on reboots.

Hi,

Im running RT-AC68U, i did a factory reset before updating to new firmware and then again once i installed new firmware just to be on safe side.

 

[RMerlin]

when i was on version 380.69 and below when i rebooted router the ssl certificate stayed the same so when accessing web gui it showed green (https), i did full router reset and upgraded to 382.2 beta, every time i reboot router a new certificate seems to be created so i get the not secure in browser, i use mac and added certificate to my keychain like i always have before and it shows green until router is rebooted and a new one seems to be generated, is this a bug or some change?

This is known. The certificate location has changed to be in sync with Asus's new code, so you have to generate/reupload your certificate.

 

[RMerlin]

Should we be concerned are there any fixes being considered? Thanks I know you're busy I don't want to be a bother.

This is in Asus's proprietary code, therefore I have no idea what it means.

 

[Netbug]

This is known. The certificate location has changed to be in sync with Asus's new code, so you have to generate/reupload your certificate.

Wingsfan87 said he doesn't have that issue and he using latest beta by sounds of it either way thanks for letting me know, much appreciated.

 

[Bob.Dig]

I can confirm this problem, too. But it says "Import/Persistent Auto-generated". Maybe you have to stop this and then it will stay the same?
No, doesn't help. Looks like a bug to me. Even if it says No, every restart of the Router, there is a new certificate given to the browser.

 

[Vishnu Rao]

The RT-AC86U is the only model with jffs-stored nvram.



Overclocking through nvram hasn't been supported for a few years now. The value from the bootloader gets copied to nvram at boot time.

Weird. I wonder how overclocking worked on my RT-AC68U with the 380.xx builds? Maybe it wasn't overclocked at all. . I never checked the BogoMIPS, only checked the clkfreq. Will need to look for other alternatives. I see a few other responses to my post.

 

[s3n0]

Looks like over clocking is broken with this beta on a RT-AC68U

Steps:
upgraded to 382 beta 2
Factory restet
Configured to desired settings
Login via ssh
nvram get clkfreq reports 800,666

nvram set clkfreq=1200,800 (previously working stetting with 380.xx release)

nvram commit
reboot

After reboot, still reads 800,666.

Anyone else see this?

Maybe the bash scripts help you .-) , especially services-stop and services-start:
https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts

Thread with overclocking is here (read especially pages 6 and 7):
https://www.snbforums.com/threads/o...in-378-56_2-rt-ac68u-and-rt-n66u.28043/page-6

I think CPU overclocking is not a problem related to the beta testing firmware ^^.