What's new

[Beta] Asuswrt-Merlin 384.14 Beta is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Switched to Merlins pre-compiled test build as it seems its on a different commit to the github repo, turns out QOS is working for downloads but not uploads.

To test this limited my connection to 10/10 with Adaptive QOS

8846146148.png

I haven't used the build Merlin released yesterday for the AX88U yet. However I am on the Beta3 release. The other day I noticed something similar going on, when I had Adaptive QoS enabled. I ended up setting the "wan packet overhead" to cable. Had it on the default at first. After I applied that change, I rebooted the router. After that, speedtest showed things being limited both ways. It was weird overall.

I will probably load this new build on in the next couple hours, and see how things go.
 
I haven't used the build Merlin released yesterday for the AX88U yet. However I am on the Beta3 release. The other day I noticed something similar going on, when I had Adaptive QoS enabled. I ended up setting the "wan packet overhead" to cable. Had it on the default at first. After I applied that change, I rebooted the router. After that, speedtest showed things being limited both ways. It was weird overall.

I will probably load this new build on in the next couple hours, and see how things go.

Definitely a bit buggy, looks like speed shaping is working bidirectionally for LAN clients but on my wireless clients its only applying to downloads.
 
BTW, what is the difference between "Enabled" and "Enabled+NAT Helper"? I've tried to look for some simple explanation, but didn't found.

Click on the label for a description of all three settings.
 
Click on the label for a description of all three settings.

Thank you, Eric! But I still cannot catch the meaning of
Code:
Enabled + NAT Helper: Allow NAT traffic, and use of Netfilter module to help handle NAT forwarding for that protocol's traffic
when compared with much simpler and understandable
Code:
Enabled: Allow NAT traffic through the protocol's port
:oops:
 
Definitely a bit buggy, looks like speed shaping is working bidirectionally for LAN clients but on my wireless clients its only applying to downloads.

I did the upgrade just a little bit ago, and I can confirm with the new SDK. Adaptive QoS isn't properly limiting wireless devices, at least on the upstream. As I was able to hit my upstream max of around 37-38mbps, when I had the limit set at 28mbps. I can't fully comment on the downstream side, as my mobile device can't hit the limit I have set.

Also I looked, and even with the new SDK build for the AX88U. With Adaptive QoS enabled, "Runner" shows as disabled, due to QoS. I just figured I would mention this.

Ultimately I will flash back to the previous Beta3 build, as this build isn't ready to be used for someone's primary router. Especially if QoS is important to you, and being able to limit your overall bandwidth. Anyways hopefully Merlin can give his asus contact a heads up, that QoS is currently broken with the newest build. I cannot comment on if QoS is still sending packets out based on priority. I just know on wireless devices, bandwidth limits are being ignore, and overall that isn't good.
 
My log is now flooded with the following messages for several devices:

syslog: WLCEVENTD wlceventd_proc_event(420) eth2: [Auth MACADDRESS], status: 0, reason: d11 RC reserved (0)
 
My log is now flooded with the following messages for several devices:

syslog: WLCEVENTD wlceventd_proc_event(420) eth2: [Auth MACADDRESS], status: 0, reason: d11 RC reserved (0)

As repeatedly mentionned before, this is normal, and outside of my control. Asus decided to log wireless event to syslog with a priority that is visible by default.
 
I cant seem to mount an nfs folder. I know I can mount the nfs on other computers with version 3 and 4. What am I doing wrong? it is my understanding that nfs4 does not work with Merlin's FW.

mount -t 192.168.1.241:/RTRR/Router /tmp/mnt/Router -o nfsvers=3

Code:
pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection timed out
mount: RPC: Remote system error - Connection refused
mount: mounting 192.168.1.241:/RTRR/Router on /tmp/mnt/Router failed: Bad file descriptor
 
Last edited:
As repeatedly mentionned before, this is normal, and outside of my control. Asus decided to log wireless event to syslog with a priority that is visible by default.
Sorry my bad I apparently missed that one :-D
 
Sorry my bad I apparently missed that one :-D

My only device that spams that is my Samsung TV, it repeatedly does it every 30 seconds until i completely cut the power to it. All my other devices only do this once when turned off.
 
Thank you, Eric! But I still cannot catch the meaning of
Code:
Enabled + NAT Helper: Allow NAT traffic, and use of Netfilter module to help handle NAT forwarding for that protocol's traffic

I believe "enabled" just means port 5060 is allowed, eg not blocked like a firewall.

For Nat helper:
It is difficult for an application running inside a network using nat to know it's correct public IP. So often applications will incorrectly use their internal IP address or a wrong public ip when setting up communications.
It is correct for the ipv4 header to be built using the internal IP so is it wrong for the payload data inside ipv4 packets to also use the internal IP?

Nat helper is normally called ALG.
It attempts to inspect the payload data inside sip packets and rewrites internal IP addressing with your public address. Nat itself rewrites internal IP with public IP in ipv4 headers, sip alg(Nat helper) does the same inside sip packets. Sip algs also often attempt to correct sip data it deems wrong, eg it may alter timers, remove or add fields.
.

Most sip algs do a poor job. They may replace the IP in the from and contact fields but do not replace in the asserted id or other.
Because use of internal IP inside sip data is such a common problem most providers servers can tolerate internal IP addresses so long as the payload is consistent.
Eg it is better to have all fields with internal IP than to have some but not all fields "fixed" by alg.

The typical suggested configuration is to turn off sip alg aka Nat helper. Let your sip client send what it believe is correct and let the provider sort out if internal ip's were used.

Some sip providers can not tolerate internal IP addresses and a sip alg may assist.
 
Last edited:
Some SIP clients have their own features that allows them to work through NAT without the need of a Netfilter NAT helper.
 
give a go at forgetting the network in your devices and re connecting them again, see if that helps at all.
Makes no difference at all, beta 3 unstable and previous version 384.13 is stable

Is there anything I can capture when these disconnects occur to find out why?
 
ok beta 1 was perfect, and opvn worked
but with beta 3 i cant even connect with out issues. :./

anyone have any advice ?

----------------------------------------------------------
Log:

Dec 12 21:54:12 ovpn-client1[3623]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Dec 12 21:54:12 ovpn-client1[3623]: OpenVPN 2.4.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 7 2019
Dec 12 21:54:12 ovpn-client1[3623]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.08
Dec 12 21:54:12 ovpn-client1[3624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 21:54:12 ovpn-client1[3624]: NOTE: --fast-io is disabled since we are not using UDP
Dec 12 21:54:12 ovpn-client1[3624]: TCP/UDP: Preserving recently used remote address: [AF_INET]141.98.252.136:1197
Dec 12 21:54:12 ovpn-client1[3624]: Socket Buffers: R=[87380->245760] S=[16384->245760]
Dec 12 21:54:12 ovpn-client1[3624]: Attempting to establish TCP connection with [AF_INET]141.98.252.136:1197 [nonblock]
Dec 12 21:54:13 ovpn-client1[3624]: TCP: connect to [AF_INET]141.98.252.136:1197 failed: Connection refused
Dec 12 21:54:14 ovpn-client1[3624]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Dec 12 21:54:14 ovpn-client1[3624]: Restart pause, 5 second(s)
Dec 12 21:54:19 ovpn-client1[3624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 21:54:19 ovpn-client1[3624]: NOTE: --fast-io is disabled since we are not using UDP
Dec 12 21:54:19 ovpn-client1[3624]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.16.85.170:1197
Dec 12 21:54:19 ovpn-client1[3624]: Socket Buffers: R=[87380->245760] S=[16384->245760]
Dec 12 21:54:19 ovpn-client1[3624]: Attempting to establish TCP connection with [AF_INET]185.16.85.170:1197 [nonblock]
Dec 12 21:54:20 ovpn-client1[3624]: TCP: connect to [AF_INET]185.16.85.170:1197 failed: Connection refused
Dec 12 21:54:20 ovpn-client1[3624]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Dec 12 21:54:20 ovpn-client1[3624]: Restart pause, 5 second(s)
Dec 12 21:54:25 ovpn-client1[3624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 21:54:25 ovpn-client1[3624]: NOTE: --fast-io is disabled since we are not using UDP
Dec 12 21:54:25 ovpn-client1[3624]: TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.183.100:1197
Dec 12 21:54:25 ovpn-client1[3624]: Socket Buffers: R=[87380->245760] S=[16384->245760]
Dec 12 21:54:25 ovpn-client1[3624]: Attempting to establish TCP connection with [AF_INET]88.xxx.183.xxx:1197 [nonblock]
Dec 12 21:54:26 ovpn-client1[3624]: TCP: connect to [AF_INET]88.xxx.183.xxx:1197 failed: Connection refused
Dec 12 21:54:26 ovpn-client1[3624]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Dec 12 21:54:26 ovpn-client1[3624]: Restart pause, 5 second(s)

--------------------------------------------------------------------

No idea why its failing ?
 
I believe "enabled" just means port 5060 is allowed, eg not blocked like a firewall.

For Nat helper:
It is difficult for an application running inside a network using nat to know it's correct public IP. So often applications will incorrectly use their internal IP address or a wrong public ip when setting up communications.
It is correct for the ipv4 header to be built using the internal IP so is it wrong for the payload data inside ipv4 packets to also use the internal IP?

Nat helper is normally called ALG.
It attempts to inspect the payload data inside sip packets and rewrites internal IP addressing with your public address. Nat itself rewrites internal IP with public IP in ipv4 headers, sip alg(Nat helper) does the same inside sip packets. Sip algs also often attempt to correct sip data it deems wrong, eg it may alter timers, remove or add fields.
.

Most sip algs do a poor job. They may replace the IP in the from and contact fields but do not replace in the asserted id or other.
Because use of internal IP inside sip data is such a common problem most providers servers can tolerate internal IP addresses so long as the payload is consistent.
Eg it is better to have all fields with internal IP than to have some but not all fields "fixed" by alg.

The typical suggested configuration is to turn off sip alg aka Nat helper. Let your sip client send what it believe is correct and let the provider sort out if internal ip's were used.

Some sip providers can not tolerate internal IP addresses and a sip alg may assist.

Thank you! That's very clear explanation.
 
ok beta 1 was perfect, and opvn worked
but with beta 3 i cant even connect with out issues. :./

anyone have any advice ?

----------------------------------------------------------
Log:

Dec 12 21:54:12 ovpn-client1[3623]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Dec 12 21:54:12 ovpn-client1[3623]: OpenVPN 2.4.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 7 2019
Dec 12 21:54:12 ovpn-client1[3623]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.08
Dec 12 21:54:12 ovpn-client1[3624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 21:54:12 ovpn-client1[3624]: NOTE: --fast-io is disabled since we are not using UDP
Dec 12 21:54:12 ovpn-client1[3624]: TCP/UDP: Preserving recently used remote address: [AF_INET]141.98.252.136:1197
Dec 12 21:54:12 ovpn-client1[3624]: Socket Buffers: R=[87380->245760] S=[16384->245760]
Dec 12 21:54:12 ovpn-client1[3624]: Attempting to establish TCP connection with [AF_INET]141.98.252.136:1197 [nonblock]
Dec 12 21:54:13 ovpn-client1[3624]: TCP: connect to [AF_INET]141.98.252.136:1197 failed: Connection refused
Dec 12 21:54:14 ovpn-client1[3624]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Dec 12 21:54:14 ovpn-client1[3624]: Restart pause, 5 second(s)
Dec 12 21:54:19 ovpn-client1[3624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 21:54:19 ovpn-client1[3624]: NOTE: --fast-io is disabled since we are not using UDP
Dec 12 21:54:19 ovpn-client1[3624]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.16.85.170:1197
Dec 12 21:54:19 ovpn-client1[3624]: Socket Buffers: R=[87380->245760] S=[16384->245760]
Dec 12 21:54:19 ovpn-client1[3624]: Attempting to establish TCP connection with [AF_INET]185.16.85.170:1197 [nonblock]
Dec 12 21:54:20 ovpn-client1[3624]: TCP: connect to [AF_INET]185.16.85.170:1197 failed: Connection refused
Dec 12 21:54:20 ovpn-client1[3624]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Dec 12 21:54:20 ovpn-client1[3624]: Restart pause, 5 second(s)
Dec 12 21:54:25 ovpn-client1[3624]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 21:54:25 ovpn-client1[3624]: NOTE: --fast-io is disabled since we are not using UDP
Dec 12 21:54:25 ovpn-client1[3624]: TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.183.100:1197
Dec 12 21:54:25 ovpn-client1[3624]: Socket Buffers: R=[87380->245760] S=[16384->245760]
Dec 12 21:54:25 ovpn-client1[3624]: Attempting to establish TCP connection with [AF_INET]88.xxx.183.xxx:1197 [nonblock]
Dec 12 21:54:26 ovpn-client1[3624]: TCP: connect to [AF_INET]88.xxx.183.xxx:1197 failed: Connection refused
Dec 12 21:54:26 ovpn-client1[3624]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Dec 12 21:54:26 ovpn-client1[3624]: Restart pause, 5 second(s)

--------------------------------------------------------------------

No idea why its failing ?
The server you are trying to connect to refused the connection.
Dec 12 21:54:26 ovpn-client1[3624]: TCP: connect to [AF_INET]88.xxx.183.xxx:1197 failed: Connection refused

Double check your username and password or certificate / login credentials. If the server is an issue, try another server.
 
Some SIP clients have their own features that allows them to work through NAT without the need of a Netfilter NAT helper.
Thanks for checking on this, I haven't had time to see if disabling the NAT helper works.
 
The server you are trying to connect to refused the connection.
Dec 12 21:54:26 ovpn-client1[3624]: TCP: connect to [AF_INET]88.xxx.183.xxx:1197 failed: Connection refused

Double check your username and password or certificate / login credentials. If the server is an issue, try another server.
Ok i managed to get connected ;)
now i have another issue its showing my public ip as 0.0.0.0 and not routing traffic through my vpn
i set routing to stricked and set 192.168.1.0/24 and set vpn but still i even manually added the correct ip and nothing seems to get routed, the vpn is active but the internet is still my own ip :/
 
Ok i managed to get connected ;)
now i have another issue its showing my public ip as 0.0.0.0 and not routing traffic through my vpn
i set routing to stricked and set 192.168.1.0/24 and set vpn but still i even manually added the correct ip and nothing seems to get routed, the vpn is active but the internet is still my own ip :/
I suggest you add the router to only access the WAN, try and see if that helps. Like this:

Description Source IP Destination IP Iface

router 192.168.1.1 0.0.0.0 WAN
lan 192.168.1.0/24 0.0.0.0 VPN
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top