What's new

[Experimental] Asuswrt-Merlin 384.13 test - AiMesh/DNSSEC through OpenSSL

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Can someone tell me if aimesh extends guest networks as well?
 
Can someone tell me if aimesh extends guest networks as well?
It does not because of the nature of how the router guest network behaves v.s. How an AP guest network behaves.
 
Thanks a lot to point me in the right direction. I will check on GitHub next time ;) Sorry I'm just a newbie with Asuswrt-Merlin.

The used GPL is always documented in the Changelog file.
 
Can someone tell me if aimesh extends guest networks as well?
you could add guest wifi on Aimesh nodes via SSH, but clients connected to it on nodes will have full access same as on main SSID, master wont see the difference!
Same behavior as running AP-mode on nodes.
 
Last edited:
Regarding https://rootcanary.org/test.html test behavior.
Browser tries to resolve secure.dNaNnN.rootcanary.net & bogus.dNaNnN.rootcanary.net domains.
After that, following happen:
1. If bogus.* was resolved - test concludes resolver doesn't validate answers (yellow)
2. If bogus.* was not resolved but secure.* was - test concludes resolver performs validation. (green)
3. If bogus.* was not resolved and secure.* was not too - test concludes resolver doesn;t support algo in general. (red)

So, if upstream DNS performs validation on its own (i.e cloudflare) - bogus.* requests will not be validated upstream and therefore will not be replied to dnsmasq, and in turn - to client too.
Therefore test will be unable to test dnsmasq against 1st case at all (dnsmasq / client have no bogus.* reply), instead it actually will be test of upstream DNS server.
In as much as it's so confusing how DNSSEC works for me, do you recommend enabling DNSSEC in case 1 scenario or not? In case 1 it seems, dnsmasq validation is non functional, is that the case?
 
Set up AIMesh between my RT-AC86U & RT-AC68U(node) seemed to work fine, however, I then
realized there is no way to turn guest networks on or add disks to be servers on the node. So I reverted back to standard AP mode because I need both of these operational from my AP.

Should I turn AIMesh software off on my RT-AC86U if so how do I do this.
 
It does not because of the nature of how the router guest network behaves v.s. How an AP guest network behaves.
Can I accomplish the same thing by flipping the guest networks for the main networks and setting the "AP to Isolated" and allowing access to LAN on the newly named guest networks? Follow me?
 
Set up AIMesh between my RT-AC86U & RT-AC68U(node) seemed to work fine, however, I then
realized there is no way to turn guest networks on or add disks to be servers on the node. So I reverted back to standard AP mode because I need both of these operational from my AP.

Should I turn AIMesh software off on my RT-AC86U if so how do I do this.
read Merlins post on first page: https://www.snbforums.com/threads/e...esh-dnssec-through-openssl.57489/#post-503479
and there is a way if you would read this if it fits your needs: https://www.snbforums.com/threads/e...ssec-through-openssl.57489/page-5#post-503679
With AP-mode your guests have full access to main router too (by default)!
 
  • Like
Reactions: WET
upload_2019-7-10_14-38-8.png

i suppose you could restrict access to AP using this maybe idk though, maybe a method can be replicated to do something similar to this.

Also, if you know how to use IP tables it should be easy enough to implement rules to drop traffic coming from specific IP's to the destination IP and port of the webui.

and also set AP isolated keeps the devices from communicating with each other.

i mean that is mostly alot of what Yazfi script does is IPtable and etable rules.
 
Last edited:
I think this is due to a problem with the DNSSEC at their end. The domain sa.gov.au looks OK, but that site redirects you to www.sa.gov.au which according to Verisign is not so OK.

Good catch!
This site is the only one I have bother with, & disabling DNSSEC makes everything happy.
I’ve tested it extensively, disabling scripts, AiProtect, dns rebind etc etc, but DNSSEC is the gold medallist ;-)
 
I may have missed something, think I read the whole thread. After flashing do I just disable DoT and let it do its thing? Won't need mesh but prefer the DoT bypass. Maybe I missed the point of this Alpha.
 
I may have missed something, think I read the whole thread. After flashing do I just disable DoT and let it do its thing? Won't need mesh but prefer the DoT bypass. Maybe I missed the point of this Alpha.

DoT status not the issue here, enable or disable to suit your own requirements.
This Alphas’ main point is the experimental enhancement of both the DNSSEC function, & the addition of aimesh.
 
I may have missed something, think I read the whole thread. After flashing do I just disable DoT and let it do its thing? Won't need mesh but prefer the DoT bypass. Maybe I missed the point of this Alpha.
The changes offered up in this alpha have nothing to do with whether you should or shouldn't use DoT.
 
Last edited:
DoT status not the issue here, enable or disable to suit your own requirements.
This Alphas’ main point is the experimental enhancement of both the DNSSEC function, & the addition of aimesh.
Dnssec's effectiveness is enhanced so part of the benefit of Dot is unnecessary, is that a better interpretation of it?
 
Dnssec's effectiveness is enhanced so part of the benefit of Dot is unnecessary, is that a better interpretation of it?

As others have said, DoT have nothing to do with DNSSEC, they offer two completely different, complementary security layers.
 
As others have said, DoT have nothing to do with DNSSEC, they offer two completely different, complementary security layers.
You mentioned not using DoT personally, so I thought this version might be a substitute in some way. Referring to post #19.
 
Last edited:
Well I give up. Can not get AX88U and AC68U to mesh wirelessly. Even with stock firmware. Works with ethernet connection but not without it. Thought I had it working after adding the node with a cable, took it out to my shop and it connected but any clients trying to connect on the 2.4 would not get any internet. 5ghz and LAN connections worked.
Think I'll try an AC86U and see if that works.
 
Last edited:
Works fine with the alpha :) thank you for @RMerlin

@Gitsum,

Set both to factory reset. Then Merlin alpha on the main router and on the node the stock firmware. Then make an Aimesh connection over WiFi (you want that anyway?). Both routers must then stand side by side for the connection. Does it work afterwards?

Is the roaming option on? that the connection is lost because the node is farther away than is set there?
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top