[Beta 382] Asuswrt-Merlin 382.2 Beta is now available

[DonnyJohnny]

I have upgraded my AC68U from 380.69 to 382.2 beta 2 and I’m having problems establishing the VPN connection using same settings (all configured manually from scratch). I’m using AES-256-CBC in configuration but I can see in log that AES-256-CTR is used regardless of the algorithm selected in OVPN config and I think that’s the reason of my issue.

Log detail with AES-256-CBC selected in OVPN configuration pages.

Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jan 4 05:01:37 ovpn-server1[2479]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 4 05:01:37 ovpn-server1[2479]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jan 4 05:01:37 ovpn-server1[2479]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

Regards.

CTR is used when using tls-crypt I think... check your setting in that area... like tls-Auth must be disable and TLS control channel security is set to encrypt channel. If u not using that, then set the TLS control channel security to zero (0) and use tls-Auth,

 

[EdoAsus]

Is the General Log still filled with debug messages below warning level? hope they fixed it.
RT-AC88U

 

[hotsauce2007]

You will need to run the "top" command over SSH to determine what is using your CPU. Most common source is the DLNA media server doing a USB scan.

You are being targeted by a malware trying to see if your router is vulnerable, and the IPS is properly blocking and reporting them. Working as expected there. Welcome to today's Internet, malware scans are part of the Internet's background noise these days.

I turned the QoS off and did a reboot, let´s see if the CPU and Memory drops a little bit, thanks for the explanation about the malware, probably is because I have a seedbox at the same place

 

[RMerlin]

Just upgraded to the 382.2 beta2 on my 68U and when trying to login to my https router admin interface through Firefox 57 I just get booted back onto my login screen with the following error in the console:

Disable your browser extensions then try again.

 

[bradbort]

I've been running this beta 2 since it was posted for the 88u. Everything seems solid.

I just noticed that asus posted its new aimesh version of their firmware for this router. Any plans to have a Merlin build of it? I have no pressing need for such, just curious.

 

[MacG32]

@RMerlin Any chance of 384.10007 for the 86U making it's way in to this release?

 

[RMerlin]

@RMerlin Any chance of 384.10007 for the 86U making it's way in to this release?

Same as usual: until I see some source code, I cannot answer.

 

[rtn66uftw]

are you using a network wider than a /24?

Thanks for checking! What did you mean above? Sorry I heard it the first time. FYI my LAN IP is 192.168.29.1 / Subnet mask: 255.255.255.0. Also I only have about 60 entries in DHCP list

 

[samw5]

Thanks for checking! What did you mean above? Sorry I heard it the first time. FYI my LAN IP is 192.168.29.1 / Subnet mask: 255.255.255.0. Also I only have about 60 entries in DHCP list

/24 means that you have 255 addresses... Subnet mask is 255.255.255.0 (0-255 available).
/26 means that you have half that available or 128 addresses. Subnet mask would be 255.255.255.128 (0-128 or 129-255 depending on gateway up).

Smaller networks would be easier for the router to manage.
/23 would increase the number ips and make our little box work harder.

 

[SMS786]

Disable your browser extensions then try again.

That did the trick..now to figure out which extension was the culprit..

Thank you RMerlin!

 

[Iwakan]

CTR is used when using tls-crypt I think... check your setting in that area... like tls-Auth must be disable and TLS control channel security is set to encrypt channel. If u not using that, then set the TLS control channel security to zero (0) and use tls-Auth,

Problem solved. As @DonnyJohnny suggested, problem was related to tls-auth settings. Thank you.

@RMerlin Thank you for your suggestion about disabling cipher negotiation (was already disabled)

 

[Iwakan]

I’m currently testing my AC68u with 382.2 beta2 and I’m getting a lot of log messages with this info:

What’s this?

On the other hand this version is eating about 50% of ram as long as other versions 28% Max with the same configuration.

Finally I’m experiencing some issues with 5g WiFi while using a pair of wireless speakers. Randomly WiFi is disconnected in all devices for about two or three minutes. With lower versions I didn’t have this problem.

 

[skeal]

I’m currently testing my AC68u with 382.2 beta2 and I’m getting a lot of log messages with this info:

What’s this?

On the other hand this version is eating about 50% of ram as long as other versions 28% Max with the same configuration.

Finally I’m experiencing some issues with 5g WiFi while using a pair of wireless speakers. Randomly WiFi is disconnected in all devices for about two or three minutes. With lower versions I didn’t have this problem.

Did you do a factory reset without importing any saved settings? If not I know its a hassle but it works most of the time for weirdness.

 

[Iwakan]

Did you do a factory reset without importing any saved settings? If not I know its a hassle but it works most of the time for weirdness.

Yes, configured all manually from scratch.

 

[Iwakan]

To restore configuration to factory default, what’s the difference between “Restore” and “initialize”?

 

[OOo]

That did the trick..now to figure out which extension was the culprit..

Thank you RMerlin!

Check in Mozilla, type config:about, search for media.peerconnection.enabled
if it says "FALSE" this could be causing it. Try switching it to "TRUE".

I think I turned mine to "FALSE" because it was leaking my IP.
As soon as I did that, I got the same thing, I could not log into the router.
Other browsers worked though. And for some reason beyond me, this setting is tied to extensions.

Let us know if that was it.

 

[hotsauce2007]

I turned the QoS off and did a reboot, let´s see if the CPU and Memory drops a little bit, thanks for the explanation about the malware, probably is because I have a seedbox at the same place

Everything is off, only Internet Protection is ON, QoS is off and now the speed is showing 1000 / 1000, the cpu is still high, lets see whats happen when I exchange this unit for a AC86U

 

[RMerlin]

That did the trick..now to figure out which extension was the culprit..

Thank you RMerlin!

Check your error message, that's how I figured it was caused by an extension.

Thanks for checking! What did you mean above? Sorry I heard it the first time. FYI my LAN IP is 192.168.29.1 / Subnet mask: 255.255.255.0. Also I only have about 60 entries in DHCP list

That's a /24, which is fine.

Check your DHCP list that you don't have any unusual/invalid hostname. A valid hostname should only contain digits, letters, dash or underscore characters.

What’s this?

You are using a DFS channel, and there's some activity on that channel that requires your router to check to determine if it's a radar signal (in which case it must free up the channel). Use a non DFS channel if you get too many of these (36-48).

 

[mister]

Just a question from a newbie. I installed a pptp vpn server with all port forwarding included. It works well.
But if a openvpn client is active, the router is not reachable any more via vpn. is that normal or not?
is there a configuration for reaching the router possible,if vpn client is active?
thanks a lot.

 

[pattiri]

Just a question from a newbie. I installed a pptp vpn server with all port forwarding included. It works well.
But if a openvpn client is active, the router is not reachable any more via vpn. is that normal or not?
is there a configuration for reaching the router possible,if vpn client is active?
thanks a lot.

You can check the subnets of all VPNs (servers and clients). Maybe same subnets are being used.

I don't use PPTP but, both OpenVPN server and client is active on my router and all working fine.