[Dev] Asuswrt-Merlin 388.1 development

[Rajjco]

Wireguard Client stopped again. Nothing in Logs.

 

[skeal]

Wireguard Client stopped again. Nothing in Logs.

I had a couple issues like this, and since I rest to defaults and hand configured the router again, it now works as expected.

 

[Rajjco]

I had a couple issues like this, and since I rest to defaults and hand configured the router again, it now works as expected.

Do you mean reset and not restore backed up settings?

 

[skeal]

Do you mean reset and not restore backed up settings?

Yes. Do not import the problem back to your router. JFFS is okay to back up and import again.

 

[skeal]

I used screen shots.

 

[Rajjco]

Yes. Do not import the problem back to your router. JFFS is okay to back up and import again.

Ok will do that and report if any issues arise.

 

[Ramlal]

Apparently that Qualcomm's FE acceleration works better with the Wireguard protocol. Maybe eventually Broadcom will decide it will be worth the effort of also ensuring better support for that protocol within their SDK stack, but we're not there at the moment.

Please add kill switch. Which will kill internet if VPN disconnects for any reason.

 

[SomeWhereOverTheRainBow]

Fullcone is currently not working on any of the HND 5.04 models due to the kernel missing Broadcom's patch to implement it. This isn't new to 388.

Maybe if you mention something, those guys over at broadcom will get right on it ASAP!

 

[Ramlal]

Why is no one talking about the most important part here? VPN routers absolutely need kill switch.

 

[LimJK]

@RMerlin

Small alignment issue for the "SAN:" field, it has been around for a while ... thought that, I should report it.

WAN -> DDNS -> Webui SSL Certificate

 

[Ramlal]

thanks, never knew of such a company or product I just watched a few YT vids and this looked like it would be just my ticket, one german user here showed 370+ speeds which is very great and it looks even more simpler to set up being a one click and done system.

I was thinking where is the catch otherwise this GI.iNet router would be replacing many Asus routers surely if its this cheap and WG VPN being potentially 550Mbps faster, then I noticed the catch.... can't see no VPN device routing ability. Would need some devices to be WAN otherwise can't watch Cable TV.

Back to square one, was so close!

These are dedicated vpn routers.

 

[RMerlin]

Maybe if you mention something, those guys over at broadcom will get right on it ASAP!

I already contacted Asus about it, since this also affects them.

Why is no one talking about the most important part here? VPN routers absolutely need kill switch.

You need to read up on how WireGuard works. It has already been explained multiple times why it is not necessary with WireGuard.

 

[Ramlal]

I already contacted Asus about it, since this also affects them.


You need to read up on how WireGuard works. It has already been explained multiple times why it is not necessary with WireGuard.

But in case of power failure and router reboots after power restoration, don’t wan gets exposed until tunnel is established?

 

[bennor]

Please add kill switch. Which will kill internet if VPN disconnects for any reason.

Why is no one talking about the most important part here? VPN routers absolutely need kill switch.

If you read through this discussion People ARE talking and asking, repeatedly, for a Killswitch (namely with WireGuard). RMerlin has already stated, in post #108, the reason/answer why there currently isn't one for WireGuard.
https://www.snbforums.com/threads/dev-asuswrt-merlin-388-1-development.81087/page-6#post-794669

No killswitch for Wireguard, and no VPN Fusion in my firmware.

In fact, a killswitch isn't really possible with Wireguard, because Wireguard isn't a typical client that connects/disconnects. It's a network interface that communicates with another peer, with no way of knowing for sure if that other peer is gone. That's why after you "disconnect" a client, the peer still shows up in the Wireguard output.

 

[egc]

A kill switch in its simplest form is just an iptables rule which blocks FORWARD traffic going out of the WAN and as such is always possible.
After routing is setup for WireGuard this rule can be adjusted if needed.
I agree you do not need it as bad as you need it for OpenVPN but there sure is a use case for it.
So yes I use WireGuard and yes I have a killswitch

 

[Smokey613]

I have never needed a “killswitch” for my vpns, but I don’t use a vpn for security.

 

[skeal]

I have never needed a “killswitch” for my vpns, but I don’t use a vpn for security.

Some people in countries with more restrictive rights and privileges rely on a "killswitch" to protect themselves from authorities. These are people trying to get outside world information otherwise not allowed in those countries. It's not all about Netflix.

 

[Ramlal]

A kill switch in its simplest form is just an iptables rule which blocks FORWARD traffic going out of the WAN and as such is always possible.
After routing is setup for WireGuard this rule can be adjusted if needed.
I agree you do not need it as bad as you need it for OpenVPN but there sure is a use case for it.
So yes I use WireGuard and yes I have a killswitch

Can you share your kill switch please. Thanks

 

[gerardr]

No, it's still 1.1.1, which is an LTS release that's still current and actively maintained.

Just in case you missed it, 1.1.1 was updated to 1.1.1s 2022-11-01 with bug fixes (alongside the high-severity security fixes affecting only OpenSSL 3.0 with a 3.0.7 release).

 

[Elmer]

Ax88/Firmware: 388.1_alpha1-g0ca7941c3e

Update: Oops! I switched ports and it started working fine. Looks like I have a failing port on my AX88. Sorry for the post.

So I toook the plunge and upgraded to 388.1. Oddly, my computer could not connect using the wired connection - I had to use wireless. Here is a screen pic of the network connection box:

It appears that the wired connections can see (communicate) with local wired devices, but cannot obtain internet connectivity.

After about 5 minutes and a couple reboots, this came up:

Very nice! But still, only wireless provides connectivity to the internet.