I believe the Entware OpenSSL is taking precedence over /usr/sbin/openssl, and causing the error.
EDIT: it turns out that the openssl-util package is a dependency for unbound-control-setup package, which is installed by Unbound Manager. But once Unbound is installed, I see no reason to keep unbound-control-setup installed, so I would suggest to remove both packages as a workaround. Not sure if @thelonelycoder wants to fully-qualify the openssl call in an update.
Ran the two commands - and it broke the email ability - see code below ...
Code:
Continue? [1=Yes e=Exit] 1
bad decrypt
4151317712:error:06065064:lib(6):func(101):reason(100):NA:0:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
curl: (67) Login denied
✖ sending testmail failed
Note the curl: error above and check your settings
! Press Enter to return to menu
Ran the two commands - and it broke the email ability - see code below ...
Code:
Continue? [1=Yes e=Exit] 1
bad decrypt
4151317712:error:06065064:lib(6):func(101):reason(100):NA:0:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
curl: (67) Login denied
✖ sending testmail failed
Note the curl: error above and check your settings
! Press Enter to return to menu
Due to the fancy ajax-y design of the router GUI, it is constantly making requests back to router.asus.com to refresh the GUI display. In the Diversion dnsmasq log it can look like this (many queries per second):
Code:
Feb 12 13:15:23 dnsmasq[9208]: 23547 192.168.1.18/59811 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 /etc hosts router.asus.com is 192.168.1.1
This is because the entries from the hosts file are assigned a time-to-live of zero, so neither the LAN client nor the browser will cache this name and IP. This can also skew the Diversion stats if you leave your router GUI open for a long time like I do.
My solution is to add a host-record to dnsmasq.postconf to dynamically add the router.asus.com plus the custom lan hostname and domain name with a TTL of 1 hour. This will cut down on the repetitive logs greatly, in my opinion.
This is what the relevant section of my /jffs/scripts/dnsmasq.postconf looks like:
Code:
#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
. /usr/sbin/helper.sh
CONFIG="$1"
pc_append "host-record=$(nvram get lan_hostname).$(nvram get lan_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
pc_append "host-record=$(nvram get local_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
You could also add the ipv6 address after the lan_ipaddr if you have IPv6 enabled using the proper nvram variable (ipv6_rtr_addr?).
Nice. And for those that use the IP address, disabling "Redirect webui access to router.asus.com" should eliminate these messages (Administration > System > Basic Config).
Random question, with the world moving to IPv6 eventually will this break DNS blocking if apps just start hard coding static IPv6 addresses? Dunno, just a thought.
Just done full reset and reconfigure of my RT-AC86U from scratch 384.15 - all running well ... but for one setting in Diversion for email under option "c" ... threw up a problem View attachment 21347
Sorry - couldn't screen grab it all - 86U too quick - but note email works despite the error.
Just curious - never had this before ???
Due to the fancy ajax-y design of the router GUI, it is constantly making requests back to router.asus.com to refresh the GUI display. In the Diversion dnsmasq log it can look like this (many queries per second):
Code:
Feb 12 13:15:23 dnsmasq[9208]: 23547 192.168.1.18/59811 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 /etc hosts router.asus.com is 192.168.1.1
This is because the entries from the hosts file are assigned a time-to-live of zero, so neither the LAN client nor the browser will cache this name and IP. This can also skew the Diversion stats if you leave your router GUI open for a long time like I do.
My solution is to add a host-record to dnsmasq.postconf to dynamically add the router.asus.com plus the custom lan hostname and domain name with a TTL of 1 hour. This will cut down on the repetitive logs greatly, in my opinion.
This is what the relevant section of my /jffs/scripts/dnsmasq.postconf looks like:
Code:
#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
. /usr/sbin/helper.sh
CONFIG="$1"
pc_append "host-record=$(nvram get lan_hostname).$(nvram get lan_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
pc_append "host-record=$(nvram get local_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
You could also add the ipv6 address after the lan_ipaddr if you have IPv6 enabled using the proper nvram variable (ipv6_rtr_addr?).
If you run a backup within diversion it should backup your Pixelserv CA and you can restore that on your new router, so you don't have to regenerate the CA and reimport. Never done it on a new router, but plenty of times when changing firmware.
Question on using IPV6 with Diversion. Prior to loading Diversion, I had both IPV6 and IPV4 servers selected under DoT presets with IPV6 as my first choice. Both worked well with my provider. After loading Diversion I was seeing that ads were not being blocked. I removed the IPV6 servers and all seems to work well under the IP4 servers. After reading through this thread, I checked my local network info and the IPV4 DNS server is shown as my LAN IP (192.168.xxx.1); the LAN IPV6 is not (2600:1700:xxxx.xxxx::1).
What am I missing in my setup to use IPV6 with Diversion? Running 384.15/ 86U
Question on using IPV6 with Diversion. Prior to loading Diversion, I had both IPV6 and IPV4 servers selected under DoT presets with IPV6 as my first choice. Both worked well with my provider. After loading Diversion I was seeing that ads were not being blocked. I removed the IPV6 servers and all seems to work well under the IP4 servers. After reading through this thread, I checked my local network info and the IPV4 DNS server is shown as my LAN IP (192.168.xxx.1); the LAN IPV6 is not (2600:1700:xxxx.xxxx::1).
What am I missing in my setup to use IPV6 with Diversion? Running 384.15/ 86U
Be sure to update the blocking list after enabling IPv6 on the router so that Diversion will add AAAA (IPv6) entries for blocked domains. Your browser was probably requesting AAAA DNS lookups and Diversion only had A (IPv4) hostnames to block.
Question on using IPV6 with Diversion. Prior to loading Diversion, I had both IPV6 and IPV4 servers selected under DoT presets with IPV6 as my first choice. Both worked well with my provider. After loading Diversion I was seeing that ads were not being blocked. I removed the IPV6 servers and all seems to work well under the IP4 servers. After reading through this thread, I checked my local network info and the IPV4 DNS server is shown as my LAN IP (192.168.xxx.1); the LAN IPV6 is not (2600:1700:xxxx.xxxx::1).
Be sure to update the blocking list after enabling IPv6 on the router so that Diversion will add AAAA (IPv6) entries for blocked domains. Your browser was probably requesting AAAA DNS lookups and Diversion only had A (IPv4) hostnames to block.
Diversion auto-generates the IPv6 entries when Dnsmasq is restarted and no entries are found in the blocking list.
Disabling logging, ad-blocking or Diversion itself and re-enabling it does the trick.
Updating the blocking list works just as well.
Be sure to update the blocking list after enabling IPv6 on the router so that Diversion will add AAAA (IPv6) entries for blocked domains. Your browser was probably requesting AAAA DNS lookups and Diversion only had A (IPv4) hostnames to block.
Another question for you. Prior to running Diversion, I was using Malwarebytes browser guard to block ads. I disabled the option to block ads/trackers once Diversion was up and running. I re-enabled it to see if it was blocking ads and it still showed a "blocked" count. Is this a duplication of what Diversion is blocking or additional ads/trackers that it has found?
Another question for you. Prior to running Diversion, I was using Malwarebytes browser guard to block ads. I disabled the option to block ads/trackers once Diversion was up and running. I re-enabled it to see if it was blocking ads and it still showed a "blocked" count. Is this a duplication of what Diversion is blocking or additional ads/trackers that it has found?
Diversion blocks outgoing requests from browsers, devices, apps. In-browser ad-blockerS do it within the website.
So one still sees the blocked content, but Diversion likely would block it too, if it had a chance.
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
you got it ... as usual and to be expected ... 
