[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[keeka]

@treboR2Robert Try this:

1. Disable DNSSEC
2. Uninstall Diversion Script
3. Use Accept DNS Configuration "Disabled" or "Strict" in the Client
4. Use Compression "Disabled" or "None" on the Server and the Client (in both)
5. Add these Old or New Custom options (test both, do not add the 2 options at the same time) on the Client: (after Reboot)

• Old:
  • comp-lzo no
  • push "comp-lzo no"
• New:
  • compress

Maybe this problem is the same as this one:

Earlier in the thread I posted an observation that, if you disabled user-password auth and instead used only client certs, the reconnect issue with 34E3+ is gone. With user-pass auth enabled, a second vpn login stops at the call to the pam plugin. This applies whether the 2nd attempt is from the same client or another device.
BTW I am not using Diversion or any other custom scripts when testing the new firmwares. Nor do I have DNSSEC or any other DNS securty options turned on.

 

[HowIFix]

@treboR2Robert @keeka

It should just work with the default settings. I'm not sure what you mean by "the IP for VPN and my home devices is coming from router and they are on the same subnet". Don't try and be clever and use the same subnet for the VPN and your LAN, you'll just break things. Leave the VPN as 10.8.0.x and the LAN and 192.168.2.x for example.

 

[ColinTaylor]

@treboR2Robert @keeka

Thanks for quoting me but TBH I don't think these users problems are anything to do with their configuration settings. It looks more like a bug in the VPN/PAM code on the MIPS routers.

@john9527 I haven't tried it on my own N66U (because it's packed away), but if you want me to dig it out and do some testing just let me know.

 

[john9527]

but if you want me to dig it out and do some testing just let me know.

Thanks, but no need....

@keeka @treboR2Robert @MarkyMarkMark
I have good news and I have bad news

First the good news....I got my N66 set up and have been able to recreate the problem and collect some data. So it's not anything unique to Android.
Turns out the pam-unix.so module is crashing on it's second invocation with a segfault and taking openvpn server with it. Here's an strace....

stat("/usr/lib/pam_unix.so", {st_mode=S_IFREG|0555, st_size=4456, ...}) = 0
stat("/usr/lib/", {st_mode=S_IFDIR|0755, st_size=1883, ...}) = 0
stat("/usr/", {st_mode=S_IFDIR|0755, st_size=105, ...}) = 0
open("/usr/lib/pam_unix.so", O_RDONLY)  = 4
fstat(4, {st_mode=S_IFREG|0555, st_size=4456, ...}) = 0
close(4)                                = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x2ae7110c} ---
+++ killed by SIGSEGV +++

Now the bad news....I don't have a clue as to why it's decided to do this now. Haven't touched anything in openpam, openssl or openvpn that would possibly account for it. At this point, I'm suspecting some build quirk or configuration problem when I added the compiles for libyaml/getdns/stubby, but at this point haven't been able to find anything. I'll keep plugging away.

I even went back to my 33E7 backup and rebuilt everything from scratch. I simplified/consolidated a lot of changes from V34/V35 in the process to make it easier for me to work with. So a potential warning for the future for anyone who pulled a copy of my repo, at some point I'm thinking about doing a force reset back to 33E7 and you'll need to do a fresh pull..

 

[keeka]

Thanks, but no need....

@keeka @treboR2Robert @MarkyMarkMark
I have good news and I have bad news

First the good news....I got my N66 set up and have been able to recreate the problem and collect some data. So it's not anything unique to Android.
Turns out the pam-unix.so module is crashing on it's second invocation with a segfault and taking openvpn server with it.

Many thanks for your work supporting the N66. Appreciate your taking the time to detail it here on the forum too.

 

[treboR2Robert]

Thanks, but no need....

@keeka @treboR2Robert @MarkyMarkMark
I have good news and I have bad news

First the good news....I got my N66 set up and have been able to recreate the problem and collect some data. So it's not anything unique to Android.
Turns out the pam-unix.so module is crashing on it's second invocation with a segfault and taking openvpn server with it. Here's an strace....

stat("/usr/lib/pam_unix.so", {st_mode=S_IFREG|0555, st_size=4456, ...}) = 0
stat("/usr/lib/", {st_mode=S_IFDIR|0755, st_size=1883, ...}) = 0
stat("/usr/", {st_mode=S_IFDIR|0755, st_size=105, ...}) = 0
open("/usr/lib/pam_unix.so", O_RDONLY)  = 4
fstat(4, {st_mode=S_IFREG|0555, st_size=4456, ...}) = 0
close(4)                                = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x2ae7110c} ---
+++ killed by SIGSEGV +++

Now the bad news....I don't have a clue as to why it's decided to do this now. Haven't touched anything in openpam, openssl or openvpn that would possibly account for it. At this point, I'm suspecting some build quirk or configuration problem when I added the compiles for libyaml/getdns/stubby, but at this point haven't been able to find anything. I'll keep plugging away.

I even went back to my 33E7 backup and rebuilt everything from scratch. I simplified/consolidated a lot of changes from V34/V35 in the process to make it easier for me to work with. So a potential warning for the future for anyone who pulled a copy of my repo, at some point I'm thinking about doing a force reset back to 33E7 and you'll need to do a fresh pull..

Thanks for looking into it John.
Hopefully it's something simple and you don't have to much of a hard time figuring it out.
Let me know if there's anything I can do.
Good luck !

 

[nitrogene]

Hello,

I have an RT-ACC66U, running the latest merlin firmware available, 380.70. Today I have found this thread, and I would to flash this firmware. I am slightly confused, because I don't really understand wether I can perform the upgrade via the router web GUI or not. The top post says that I should use Asus restoration tool and the upgrade matrix that I can just use the web GUI without doing any factory reset.

Any help would be greatly appreciate

 

[Grisu]

I use GUI and do a factory reset. If you notice any troubles do it again with restauration tool and factory reset before searching too long for a solution when there are no except doing it this way.

 

[blueshark]

Hello,

I have an RT-ACC66U, running the latest merlin firmware available, 380.70. Today I have found this thread, and I would to flash this firmware. I am slightly confused, because I don't really understand wether I can perform the upgrade via the router web GUI or not. The top post says that I should use Asus restoration tool and the upgrade matrix that I can just use the web GUI without doing any factory reset.

Any help would be greatly appreciate

do factor reset, put router in recovery mod and flash with "Asus Utility>Firmware Restoration" thats the only way.

 

[JWoo]

When is the next release planned and what are the contents. Sleepless in Seattle!

 

[RypeDub]

This is the firmware that allows 500mW on the US region, correct?

Does this include the fix for the 2017 WPA2 hack on its latest revision form August 2018?

I like RMerlin's firmware cause it's a modification of the stock firmware with extra goodies, but he has stated multiple times that he is not going to provide the fully unlocked regions and power settings for whatever reason.

 

[ColinTaylor]

Does this include the fix for the 2017 WPA2 hack on its latest revision form August 2018?

If you're referring to the KRACK exploit then this is explained in post #1 under Installation Notes.

 

[RypeDub]

If you're referring to the KRACK exploit then this is explained in post #1 under Installation Notes.

It just mentions that his project DOES include Security information.

Here is the latest changelog from August 27th, 2018:
https://github.com/john9527/asuswrt-merlin/blob/374.43_2-update/Changelog.txt

 

[jrmwvu04]

This is the firmware that allows 500mW on the US region, correct?

Does this include the fix for the 2017 WPA2 hack on its latest revision form August 2018?

I like RMerlin's firmware cause it's a modification of the stock firmware with extra goodies, but he has stated multiple times that he is not going to provide the fully unlocked regions and power settings for whatever reason.

Max is 200mw. Krack fixes are in the builds with the newer wireless driver, E series generally speaking.

 

[ColinTaylor]

It just mentions that his project DOES include Security information.

Sorry, I'm not sure what extra information you're looking for. The change log details each model and version that the fix was aplpied to and when. And post #1 says:

Currently, two build streams are maintained.

• The 'E' Builds are the recommended builds and contain the latest wireless drivers and related fixes, including the fixes for the KRACK exploit on all supported models except the N16 (ASUS never released a KRACK fix for the N16). The 'E' Builds for ARM routers also contain the latest ARM SDK providing support for the newer rev level AC68U and it's variations.
• The 'L' Builds contain the original wireless drivers (2014 release) and DO NOT address the KRACK exploit, and for ARM routers DO NOT contain the latest SDK providing support for the latest AC68U rev levels. In addition, some fixes dependent on either the latest wireless drivers or latest ARM SDK may not be included in the 'L' builds. Please review the release notes/Changelog for further information.

 

[RypeDub]

Krack fixes are in the builds with the newer wireless driver, E series generally speaking.

I'm still reading the change log.

I forgot how the drivers went so as long as I see a date as close as today as possible then it's an update for me.

I haven't updated my firmware in over a year and a half.

Max is 200mw.

Why is 200mW the max?

If the firmware used to support the 500mW option, why is it now limited to 200mW?

I am NOT in any way asking about or referring to "does it work", regarding the discussions over noise and what not in the thread.

I am ONLY asking: will the hardware allow this setting to be applied and operate at this output of 500mW?

Thank you!

 

[jrmwvu04]

I'm still reading the change log.

I forgot how the drivers went so as long as I see a date as close as today as possible then it's an update for me.

I haven't updated my firmware in over a year and a half.


Why is 200mW the max?

If the firmware used to support the 500mW option, why is it now limited to 200mW?

I am NOT in any way asking about or referring to "does it work", regarding the discussions over noise and what not in the thread.

I am ONLY asking: will the hardware allow this setting to be applied and operate at this output of 500mW?

Thank you!

https://www.snbforums.com/threads/f...-ac68u-routers-v27bi.40610/page-3#post-341023

 

[RypeDub]

I have a RT-N66R with a Broadcom BCM5300 chip rev 1 pkg 0 SoC.

Is my CPU overclockable?

 

[RypeDub]

I have a problem.

When I make changes to my wifi networks, an older configuration for name and password shows up.

Idk why this is happening and I've factory reset and now upgraded my firmware from those old SSID and password settings.

Is this a known bug?

 

[john9527]

When is the next release planned and what are the contents. Sleepless in Seattle!

I've been holding off trying to get a handle on why vpnserver password logons are failing after the first logon on the MIPS routers.
(and failing miserably so far.....sorry guys ).
If I don't make any progress over the weekend, I'm going to put out the next release while I keep working on it.

The next release is going to be a V36 release (V35 has been 'abandoned' with the above work).
Major changes:

• Stability improvements for DNS over TLS
• DDNS HTTPS support
• New QoS reserved minimum bandwidth settings for download
• New NTPD filter to force use of routers NTP server
• Updated releases of OpenSSL, dnsmasq, wget and curl
• DNS rebind protection via the gui