What's new

[Beta 382] Asuswrt-Merlin 382.2 Beta is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
1. Look up on google about the date that the DST is changing in your country and input it manually. This will make that message disappear.
Thanks, I guess, it worked. ;)
2. For a certificate to be validated with Let's Encrypt, a way must exist for Let's Encrypt to actually verify that the web page is actually real and reachable over the Internet. It doesnt matter if you get a web address like i.e. : mygreatrouter.asuscomm.com since afterwards you can set up up to 100 SANs on the available line but all of them need to be reachable over the Internet. I uploaded my own certs from Let's Encrypt to the router because my Synology NAS creates them automatically. What is exactly the problem with using Asus DDNS?
Problem is, that my ISP, second or third biggest Cable-Provider in Germany, is not showing the WAN-IP to the Router. Every DDNS Client I have seen allows an external IP-Check, only Asus implementation doesn't, so I use a client for Windows instead. :mad:
3. You need to deactivate the WPS function in order to swap between bands.
Thanks, I guess again, it worked. ;)
 
Problem is, that my ISP, second or third biggest Cable-Provider in Germany, is not showing the WAN-IP to the Router. Every DDNS Client I have seen allows an external IP-Check, only Asus implementation doesn't. :mad:

So if I understand you correctly, your ISP gives you an internal IP instead for a real one. Doesn't this create a problem if you want to create a server and need to forward ports to your computer? My ISP in Sweden does something similar, however they have an automated system that allows you to register your device's MAC address in order to give you a real WAN IP.
 
Just to clarify, are we talking about the same thing? I have no issues with the OpenVPN client on the router...that’s working as expected. I’m having issues with the OpenVPN server. If clients connect to the OpenVPN server on my router, they can reach the LAN but not the WAN...the firewall is dropping all the traffic.

Sorry didn't get it at first. Issue this command to the router through SSH and Internet will work on the router's internal server:

Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
 
So if I understand you correctly, your ISP gives you an internal IP instead for a real one. Doesn't this create a problem if you want to create a server and need to forward ports to your computer? My ISP in Sweden does something similar, however they have an automated system that allows you to register your device's MAC address in order to give you a real WAN IP.
No problem here and no registration necessary. It is just, that the router can't see it, but sees some different IP, beginning with 100.65.*.*
Sry for OT
 
No problem here and no registration necessary. It is just, that the router can't see it, but sees some different IP, beginning with 100.65.*.*
Sry for OT

I had a similar problem and I solved it by factory reseting the router but I'm sure you have already tried that, haven't you?
 
Again, it is no problem and is ongoing for years. Cheers. :)

btt:
OpenVPN Server for Local network only works; with Internet and local network it seems to work only for the Local network again.
 
Last edited:
I've seen the changelog that says that it implements fixes, but I was under the impression that it's only fixes for when the router works in the wifi client mode or repeater.


Also, someone with Alexa should try to link it to the router to try one of those commands.
https://www.asus.com/us/support/FAQ/1033393/

I would try it myself, but I don't own one.

Alexa and IFTTT with Asuswrt-Merlin RT-AC88U_382.2_beta1 I've tried for two days and the code continues to fail.
 
OpenVPN for Local network only works; with Internet and local network it seems to work only for the Local network again.

Can you try typing the following command in SSH and let me know if it worked?

Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
 
Can you try typing the following command in SSH and let me know if it worked?

Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE

No, that didn't work:

Dec 31 18:37:33 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.248.145.209 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55306 DPT=443 SEQ=3868757424 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F64149C0000000004020000) MARK=0x1
Dec 31 18:37:33 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.248.145.150 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55307 DPT=443 SEQ=1653328160 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F64159D0000000004020000) MARK=0x1
Dec 31 18:37:33 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.248.145.47 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55308 DPT=443 SEQ=1930588479 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F64169C0000000004020000) MARK=0x1
Dec 31 18:37:49 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F6452B00000000004020000) MARK=0x1
Dec 31 18:37:50 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F6456980000000004020000) MARK=0x1
Dec 31 18:37:51 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F645A800000000004020000) MARK=0x1
Dec 31 18:37:52 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F645E680000000004020000) MARK=0x1
Dec 31 18:37:53 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F6462500000000004020000) MARK=0x1
Dec 31 18:37:54 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F6466380000000004020000) MARK=0x1
Dec 31 18:37:56 kernel: DROP IN=tun21 OUT=eth0 SRC=10.8.0.2 DST=17.252.43.246 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55311 DPT=443 SEQ=1686038007 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A2F646E080000000004020000) MARK=0x1
 
Can you try setting the server to local network only and see if it works then?
I tried that earlier just to see what would happen. If I set to local network only, the client’s traffic is routed over its local WAN connection instead of routing over the VPN.
 
I tried that earlier just to see what would happen. If I set to local network only, the client’s traffic is routed over its local WAN connection instead of routing over the VPN.

Although its not suppose to work like that, we could try and edit the config file of the server manually until its fixed. However all my edits end up being overwritten by the routers script. I don't know if there is any way editing the config file without the server overwriting it.
 
RT-AC1900P - On my client list all the 5Ghz clients are displaying the wired icon. 2.4Ghz clients are correctly displayed. I usually have 20-25 devices connected at the same time. FYI.
 
Let's Encrypt is only active when you're using the built-in DDNS, but I can't because Asus is to stupid to implement an optional external IP-Check. So it would be nice to give the domain-name once manually for Let's Encrypt to work.

Let's Encrypt implemented is closed source, I cannot change it.

* Reminder: The System time zone is different from your locale setting. I had this before and it is wrong, I even cannot change the time in the GUI anyway, right?

The webui checks the timezone against what is used by your browser. Make sure they match.

I have an asus ac68u with the alpha2 and had no problems, when I did the update for the 382.2.beta1 openvpn crashed, I can connect to the server but I have no internet and the vpn option is for internet and network. Did a downgrade to 380.69 and everything was fine again.

We'll need log output to be able to determine what is happening.
 
I found a little bug. The VPN connection is not restored after a reboot with the correct client. E.g. if client 3 is active and you reboot, after rebooting client 1 is active and client 3 is deactivated....

You need to enable the option Start with WAN.
 
Folks, when reporting please make sure to mention at the very least your router model. Also when reporting OpenVPN-related issue, make sure you properly report whether you are talking about the OpenVPN server or client - they are two very different things.
 
Folks, when reporting please make sure to mention at the very least your router model. Also when reporting OpenVPN-related issue, make sure you properly report whether you are talking about the OpenVPN server or client - they are two very different things.

It’s a OpenVPN server problem on the RT-AC68U router! There is no internet connection possible. (Option is on) The firewall seems to block everything.

The Alpha firmware didn’t have this problem.

Where is the difference?
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top