joegreat
Very Senior Member
Simply give it some time to populate the list - look again tomorrow and you will see!...I just updated to 23E1 (dirty flashed) on two AC68U's. ...my network map only shows the other AC68U on both units.
Simply give it some time to populate the list - look again tomorrow and you will see!...I just updated to 23E1 (dirty flashed) on two AC68U's. ...my network map only shows the other AC68U on both units.
Simply give it some time to populate the list - look again tomorrow and you will see!
WARNING: Bad encapsulated packet length from peer (3338), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Connection reset, restarting [0]
'broken' doesn't say really tell me anything. I put some changes for some timer problems I was able to create/test in Dual WAN mode in V23. Frankly, if it the timer doesn't work for Dual WAN, I'll probably just disable it if Dual WAN is active in the next release.WAN Uptime seems to be broken in Dual WAN, it seems 22E4 was the last working version (went back as far as 23B2 and it was not working).
100% True, my bad! Both WAN Uptime counters (Total/Current) are 0(hh/mm/ss), and I see the "WAN is down" legend as well'broken' doesn't say really tell me anything
Code:WARNING: Bad encapsulated packet length from peer (3338), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Connection reset, restarting [0]
Got multiple such notifications in the log over just the last 2 minutes and i confirmed with my brother that he wasn't trying to connect to the network. Seems someone attacking my server. I have disabled openvpn as of now. Connection wasn't successful though.
Any clues as to how they found I have a server running?
Edit2: Apparently the attack only went on for 2min 20seconds and the duration only had a repitition of these lines. No penetration. probably.
Code:WARNING: Bad encapsulated packet length from peer (3338), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Connection reset, restarting [0]
Got multiple such notifications in the log over just the last 2 minutes and i confirmed with my brother that he wasn't trying to connect to the network. Seems someone attacking my server. I have disabled openvpn as of now. Connection wasn't successful though.
Any clues as to how they found I have a server running?
Edit: The ip was apparently from Chicago.
Edit2: Apparently the attack only went on for 2min 20seconds and the duration only had a repitition of these lines. No penetration. probably.
I’d recommend setting up HMAC Auth which will make your server discard every connection atempt that does not have that key before exposing a larger attack surface.@john9527 John, would changing the default openvpn port help with these sort of attacks?
Can you post what default settings you use for your OpenVpn Client/PIA if you use those, or whats the best security/performance options.I’d recommend setting up HMAC Auth which will make your server discard every connection atempt that does not have that key before exposing a larger attack surface.
https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-auth
I’d recommend setting up HMAC Auth which will make your server discard every connection atempt that does not have that key before exposing a larger attack surface.
https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-auth
It is in fact tls-crypt and it'll be better, but not backwards compatible and you will need v2.4 in your clientsThanks for the recommendation, if I enable the encrypt channel option in extra HMAC auth (which I assume is tls-crypt), will it offer the same benefits?
It is in fact tls-crypt and it'll be better, but not backwards compatible and you will need v2.4 in your clients
Haven't see that one before....do you have both routers set to act as 'Master browser'? In fact, I'm not sure that the Master browser designation will work when the router is configured as a MB or AP. Maybe someone can confirm that will work?Updated to 23E1 on both RT-ac66u and RT-ac68u
Found the following errors tossed on the 66
Notes
66u is in Media Bridge x.x.x.2
68 is AP x.x.x.1
Both routers were factory defaulted
Mar 12 09:00:27 nmbd[340]: [2017/03/12 09:00:27, 0] nmbd/nmbd_nameregister.c:register_name_response(130)
Mar 12 09:00:27 nmbd[340]: register_name_response: server at IP x.x.x.1 rejected our name registration of WORKGROUP<1d> IP x.x.x.2 with error code 6.
Mar 12 09:00:27 nmbd[340]: [2017/03/12 09:00:27, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(411)
Mar 12 09:00:27 nmbd[340]: become_local_master_fail2: failed to register name WORKGROUP<1d> on subnet x.x.x.2. Failed to become a local master browser.
Mar 12 09:00:27 nmbd[340]: [2017/03/12 09:00:27, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(304)
Mar 12 09:00:27 nmbd[340]: standard_fail_register: Failed to register/refresh name WORKGROUP<1d> on subnet x.x.x.2
Haven't see that one before....do you have both routers set to act as 'Master browser'? In fact, I'm not sure that the Master browser designation will work when the router is configured as a MB or AP. Maybe someone can confirm that will work?
It's the guy that maintains the ipt_account code. Have you not seen similar messages before for other Linux modules, i.e.On another note, who is this
Dec 31 16:00:12 kernel: ipt_account 0.1.21 : Piotr Gasidlo <quaker@barbara.eu.org>, http://code.google.com/p/ipt-account/
Jan 1 00:00:12 kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
Jan 1 00:00:12 kernel: All bugs added by David S. Miller <davem@redhat.com>
There are a couple of places where people who worked on parts of the kernel code 'signed' their work. I particularly like the second line of this oneOn another note, who is this
Dec 31 16:00:12 kernel: ipt_account 0.1.21 : Piotr Gasidlo <quaker@barbara.eu.org>, http://code.google.com/p/ipt-account/
As it appears in each reboot
That is correct, the update is still pending.EDIT: Probably I'm wrong and ios openvpn client hasn't been updated to 2.4 :/
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!