Development update

[RMerlin]

I tried the new beta and it seems you fixed the Export ovpn file "Export" button.
It now gives the lines to paste my own client keys and not put in the routers own generated crap.

client.ovpn:

...
<cert>
    paste client certificate data here
</cert>
<key>
    paste client key data here
</key>
...

I use my own keys, so router generated client keys give problems like I reported earlier.

(I installed the beta without resetting to defaults this time.)

Thanks for testing this. Now, the router will actually check if the client cert is signed by the CA cert it has stored. If not (like in your case where you changed the CA), then you get those notices.

I will imrpove a bit more on this in the next release. Right now, anyone who wants to rely strictly on username/password based auth will end up with an ovpn file that won't work (as they won't be aware about those fields needing to be completely removed).

What I will do is not include these fields at all if someone enables both "Username/Password Authentication" and "Username/Password Auth. Only" (that second option is one I added a release or two ago to better integrate with Asus's changes). That way we should have an optimal ovpn file for all the different authentication scenarios.

BTW, Asus still has a few improvements underway regarding OpenVPN. Like the ability to email the .ovpn file directly from the web interface...

 

[Builder71]

Well done!

Thank you.

 

[mstrom62]

uPNP Naming

I would put in a request to have the Router name used by uPNP updateable. All my routers on the network appear as RT-AC66U. It's be nice to differentiate them.

Thank you so much Merlin.

 

[RMerlin]

I would put in a request to have the Router name used by uPNP updateable. All my routers on the network appear as RT-AC66U. It's be nice to differentiate them.

Thank you so much Merlin.

Too advanced to be worth adding all the code required to do this. Can easily be done with the new postconf scripts however. upnp.postconf:

     #!/bin/sh
     CONFIG=$1

     sed "s/friendly_name=RT-AC66U/friendly_name=MyNewName/" -i $CONFIG

 

[mstrom62]

Too advanced to be worth adding all the code required to do this. Can easily be done with the new postconf scripts however. upnp.postconf:

     #!/bin/sh
     CONFIG=$1

     sed "s/friendly_name=RT-AC66U/friendly_name=MyNewName/" -i $CONFIG

There ya go!! you will be adding what I want, through scripting options, which is a great way to do it.

 

[RMerlin]

BTW, having two uPNP daemon running on the same network segment might not be a good idea. I don't know how your network topology is organized, but that would be an unusual setup if you had two routers in routing mode with their LAN linked together. If you are handling two separate connections, then you might want to disable uPNP on whichever router you consider to be secondary.

 

[sinshiva]

upgraded from 34_2 to 36_beta1. nothing to report other than i like the vpn UI improvements, very smooth. old configuration took np, i assume because i didn't use the sdk5 version, which is what i hoped for. cool stuff.

 

[mstrom62]

BTW, having two uPNP daemon running on the same network segment might not be a good idea. I don't know how your network topology is organized, but that would be an unusual setup if you had two routers in routing mode with their LAN linked together. If you are handling two separate connections, then you might want to disable uPNP on whichever router you consider to be secondary.

I have a router at each end of a Bridged VPN, so they both show up on my network

 

[RMerlin]

I have a router at each end of a Bridged VPN, so they both show up on my network

Ahhh, that makes sense then.

 

[RMerlin]

upgraded from 34_2 to 36_beta1. nothing to report other than i like the vpn UI improvements

A lot of the VPN UI design credit goes to Asus (the basic VPN server and client pages were designed by them). I really like some of their changes (like moving keys to a popup). I did my best to integrate their changes without losing the benefits of the advanced VPN pages that I already had. That way, both Asus users and old Asuswrt-Merlin users will feel right at home with this combined layout.

Asus merged more pages together in 374_501, down to just one Server and one Client page, but I won't be going that route. There's a few of their additions to 501 that I did add however.

 

[mobileman88]

A lot of the VPN UI design credit goes to Asus (the basic VPN server and client pages were designed by them). I really like some of their changes (like moving keys to a popup). I did my best to integrate their changes without losing the benefits of the advanced VPN pages that I already had. That way, both Asus users and old Asuswrt-Merlin users will feel right at home with this combined layout.

Asus merged more pages together in 374_501, down to just one Server and one Client page, but I won't be going that route. There's a few of their additions to 501 that I did add however.

Will they're be any issues if I upgrade to your latest beta from 35_4 if I am using open VPN and also entire? How to not lose any of my apps or settings.

 

[RMerlin]

Will they're be any issues if I upgrade to your latest beta from 35_4 if I am using open VPN and also entire? How to not lose any of my apps or settings.

No problem if you are going from Asuswrt-Merlin to Asuswrt-Merlin.

Going from Asus to Asuswrt-Merlin will require accessing the OpenVPN key page, and re-save the content of that page to properly encode the keys.

 

[plun]

Looks like he had to backport it from possibly a newer kernel. In that case that's something I'd rather not do, sorry. Otherwise it will become a support headache for me as everyone will ask for their own favorite device, and I would never even be able to test any of what I would be adding. I prefer stability over new features, sorry.

Ok, checked it and cdc_ncm is just ported to 2.6.38 kernels...

Your version:

Linux version 2.6.36.4brcmarm (merlin@mint-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Mon Dec 23 17:18:12 EST 2013
Jan 1 01:00:09 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f

cdc_ncm
http://lxr.free-electrons.com/source/drivers/net/usb/cdc_ncm.c?v=2.6.38;a=arm

Well, this was a hard one....

 

[RMerlin]

Ok, checked it and cdc_ncm is just ported to 2.6.38 kernels...

Your version:


cdc_ncm
http://lxr.free-electrons.com/source/drivers/net/usb/cdc_ncm.c?v=2.6.38;a=arm

Well, this was a hard one....

Only the AC56/AC68 use 2.6.38. All other models are based on 2.6.22.19.

 

[plun]

Only the AC56/AC68 use 2.6.38. All other models are based on 2.6.22.19.

Aha, so in your firmware you are using 2.6.36 but ASUS uses 2.6.38 with AC68?

It makes it easier....

 

[mstrom62]

Too advanced to be worth adding all the code required to do this. Can easily be done with the new postconf scripts however. upnp.postconf:

     #!/bin/sh
     CONFIG=$1

     sed "s/friendly_name=RT-AC66U/friendly_name=MyNewName/" -i $CONFIG

Completed, works great

 

[RMerlin]

Aha, so in your firmware you are using 2.6.36 but ASUS uses 2.6.38 with AC68?

It makes it easier....

Sorry, typo. We both use the exact same kernel (aside from some additional patches I applied). 2.6.36.4 on the ARM devices, and 2.6.22.19 on the MIPS devices.

 

[TeHashX]

The kernel on rt-ac66u can be updated to 2.6.26 at least?

Sent from my HTC One using Tapatalk

 

[RMerlin]

The kernel on rt-ac66u can be updated to 2.6.26 at least?

Sent from my HTC One using Tapatalk

No. That would prevent all the binary blob from loading, starting with the wireless drivers and CTF.

 

[saulos]

Hi Marlin,
did you think it will be possible to add more DNS setting on the LAN page ?
I will like to have the DHCP passing other 2 DNS to the clients.

Thanks.