What's new

[Beta] Asuswrt-Merlin 384.10 Beta is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Webui over https and OpenVPN server/client working fine, Haven`t noticed any speed difference on RT-AC87u on Beta 3
All good Thanks RMerlin :)
 
I have it running 24 hours and see no problems :)
 
Just another thing I found, when resetting the router to defaults (AX88U) from the webui and not checking the extra value, it still wiped my jffs. The way I read the feature is if you want to wipe the jffs you check that box....right?
 
And how does one go about acquiring the .crt for the https login (he asked hesitantly)?
If you are using pixelserv-tls, then continue. If not, then I do not know.

Short answer: Run the following as described in this wiki:
https://github.com/kvic-z/pixelserv-tls/wiki/[ASUSWRT]-Use-Pixelserv-CA-to-issue-a-certificate-for-WebGUI
Code:
$ sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"

My understanding is that there are four pieces to this puzzle:
  1. Certificate authority private key
  2. Certificate authority certificate
  3. Server private key
  4. Server certificate signed by certificate authority for an IP address or hostname (router.asus.com)
Pixelserv-tls creates 1 and 2 at installation. If you reinitialize the jffs filesystem, then pixelserv-tls will create a new set of 1 and 2.

Browsers or the OS they run on need to install 2. For example, on Windows, browsing https://{pixelserv-tls IP}/ca.crt and saving and double clicking on the CA certificate will bring up the OS "Manage computer certificates" where you need to import into "Trusted Root Certification Authorities". On iOS, you click on the ca.crt that you have saved to iCloud Drive, and Install it. Then in Settings > General > About > Certificate Trust Settings, enable Pixelserv CA root certificate.

Webservers need to install 4.

On the fly, pixelserv-tls creates 4 for https sites blocked by diversion. There is a named pipe interface in the /tmp directory that will accept IP/hostname as standard input and generate a server certificate. This interface is used by the WebGUI script above. It could also be used for other webservers on your LAN if you so dare.
 
Last edited:
I have removed all server and client keys in nvram but found some more keys in some places.
Where come this from? and can I remove them too?

vpn_client_cust2=
vpn_client5_cust2=
vpn_client1_cust2=
vpn_client4_cust2=
vpn_client4_custom2=
vpn_client3_cust2=
vpn_client_custom2=
vpn_client5_custom2=
vpn_client2_cust2=
vpn_client_custom=

vpn_server_custom=
vpn_server_cust2=
vpn_server1_cust2=
vpn_server2_custom2=
vpn_server2_cust2=
vpn_server_custom2=

@RMerlin
 
I dirty flashed beta 3 yesterday and and I am noticing some strange behaviors with amtm, Stubby, Skynet, pixelserv....

After I SSH’d in my router, I couldn’t use “amtm” to get to the menu. Then I tried the /jffs...shortcut to bring it up but it didn’t. Then I tried the entire curl command and in all of sudden that brought up the entire menu with Diversion installed, uninstalled Skynet and everything else was installed.

Then went into Diversion and upon exiting the script I noticed that Skynet was uninstalled along with Stubby and pixelserv. Had to reinstalled Skynet via menu but then its menu popped up immediately (so it was still there somehow) but some the content that I had whitelisted was gone. Then I checked the IOT settings and the function was disabled. So I enable it but none of my devices that I had blocked was there. So I decide to manually enter their IP’s and in all of sudden I get a message that the IP’s are already added. I backed out and went back in IOT setting and all my devices that I had previously blocked were there!

I had to install pixelserv again and Stubby(?!) but I did that with Stubby, it told me that it was already installed!!

By the way I still can’t access amtm via “amtm”. I entered the long curl command and the menu popped up again.

I will reboot the router and see if this resolves all of this, but I am curious if anyone is noticing any strange script behaviors after beta 3 upgrade or is my router possessed?


Sent from my iPhone using Tapatalk
 
I dirty flashed beta 3 yesterday and and I am noticing some strange behaviors with amtm, Stubby, Skynet, pixelserv....
Yes, I did on my AX88U. Stubby was all messed up. I had to manually reinstall it, the script didn't work through amtm. No such problems on the AC86U. See my post under amtm from yesterday.
 
I dirty flashed beta 3 yesterday and and I am noticing some strange behaviors with amtm, Stubby, Skynet, pixelserv....

After I SSH’d in my router, I couldn’t use “amtm” to get to the menu. Then I tried the /jffs...shortcut to bring it up but it didn’t. Then I tried the entire curl command and in all of sudden that brought up the entire menu with Diversion installed, uninstalled Skynet and everything else was installed.

Then went into Diversion and upon exiting the script I noticed that Skynet was uninstalled along with Stubby and pixelserv. Had to reinstalled Skynet via menu but then its menu popped up immediately (so it was still there somehow) but some the content that I had whitelisted was gone. Then I checked the IOT settings and the function was disabled. So I enable it but none of my devices that I had blocked was there. So I decide to manually enter their IP’s and in all of sudden I get a message that the IP’s are already added. I backed out and went back in IOT setting and all my devices that I had previously blocked were there!

I had to install pixelserv again and Stubby(?!) but I did that with Stubby, it told me that it was already installed!!

By the way I still can’t access amtm via “amtm”. I entered the long curl command and the menu popped up again.

I will reboot the router and see if this resolves all of this, but I am curious if anyone is noticing any strange script behaviors after beta 3 upgrade or is my router possessed?


Sent from my iPhone using Tapatalk


On which router?

I also did a dirty flash on a customers RT-AC68U a couple of days ago now and no issues so far.

amtm, Skynet, FreshJR QoS, 2GB swap file and Diversion all running and responding normally.
 
On which router?

I also did a dirty flash on a customers RT-AC68U a couple of days ago now and no issues so far.

amtm, Skynet, FreshJR QoS, 2GB swap file and Diversion all running and responding normally.

AX88U. Had to Initialize and reset everything, reformatted my USB and as we speak installing all scripts one by one. I am slowly getting there[emoji106].


Sent from my iPhone using Tapatalk
 
AX88U. Had to Initialize and reset everything, reformatted my USB and as we speak installing all scripts one by one. I am slowly getting there[emoji106].


Sent from my iPhone using Tapatalk

Yes, it seems like the AX routers are almost there, but not quite. ;)
 
Beta 3 Dirty flash on RT AC-5300. Smooth flash and normal ops so far!
Thanks, Eric...
 
Yes.. Dnsmasq log spam.. It happens when Asus drop the last stable firmware in December.

Sent from my Pixel 2 XL using Tapatalk

I can confirm this. I have the same after upgrading my RT-AC88u to the latest AsusWRT (3.0.0.4.384.45149 ) in Dec/18, the dnsmasq log spam started. When reverting back to the September release (3.0.0.4.384.32799) it stopped.
 
The RT-AX88U stores these in the jffs partition. If that partition is corrupted/wiped/unmounted, then these settings will be lost.

I don't know what to say. On BETA3 these settings just won't survive a reboot. I have to input them manually after every reboot. I have tried to factory default and everything DHCP Static List, Port Forwarding and Static Routes keeps clearing on every reboot.

Going back to 384.8_2 and it works as intended again.
 
I don't know what to say. On BETA3 these settings just won't survive a reboot. I have to input them manually after every reboot. I have tried to factory default and everything DHCP Static List, Port Forwarding and Static Routes keeps clearing on every reboot.

Going back to 384.8_2 and it works as intended again.
I've not had any issues in that regard wtih beta 3 my experience has been smooth all my scripts survived a reboot.

But I am running an ac88u though
 
Where come this from? and can I remove them too?

They are not keys. They are base64 encoded Custom settings. The Base64 encoding is used to ensure that characters that can break the webui (like quotes) will be properly handled.
I don't know what to say. On BETA3 these settings just won't survive a reboot. I have to input them manually after every reboot. I have tried to factory default and everything DHCP Static List, Port Forwarding and Static Routes keeps clearing on every reboot.

Going back to 384.8_2 and it works as intended again.

I use an RT-AX88U personally with no problem with my jffs content. Try reformating the JFFS partition.
 
Can you look into the USB Android tethering on the RT-AC86U please.

I'm using an AT&T Netgear MR1100 hotspot in fail over mode and when the Adroid Tethering is turned on and the hotspot is connected to the RT-AC86U via USB 3.0 for the first time it mounts and works perfectly but if the ASUS router is rebooted, new settings are saved, or the USB cable is disconnected then the router won't detect and re-mount the hotspot.

Simply turning Android Tethering off and on again doesn't fix it. In order to fix it I have to unplug the Netgear hotspot, reboot the RT-AC86U, turn off the Adroid tethering and turn it back on again, and then plug the hotspot back in. The RT-AC86U then shows the Netgear MR1100 by name under USB 3.0 devices and within a few seconds gets a working internet connection from it.

In searching I found a few other users running into similar issues with Android tethering.

https://www.snbforums.com/threads/usb-tether-cell-to-asus-merlin-rt-ac68u-in-failover-mode.54502/
 
Last edited:
I recently did a dirty flash upgrade from beta 2 to beta 3. Tested OpenVPN client and server separately and together. When tested separately all worked as expected. When tested together server worked as expected but client with ip filtering did not however, correct me if I am wrong, that is expected as I seem to remember you can not run both together. Anyway great update especially for the 3200 - it lives! Thanks again for all your work and great output.
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top