[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[MON@H Rasta]

Well, there are pretty much prints in my log file (VPN reconnections, DNS-lists updates etc.), so at least I want to relocate it to reduce usage of nvram that has a limited read/write cycles, I guess

 

[ColinTaylor]

Well, there are pretty much prints in my log file (VPN reconnections, DNS-lists updates etc.), so at least I want to relocate it to reduce usage of nvram that has a limited read/write cycles, I guess

I don't know what "prints in my log file" means, but writing to nvram isn't an issue (unless you're doing something usual that's spamming the syslog) because everything is buffered in memory and only occasionally committed. This has been discussed many times.

 

[MON@H Rasta]

Sorry, I was trying to use search but... Let's say just I had bad luck )))
Thanks for your replies. Then I will not do that.

 

[truva]

I am having trouble connecting the VPN server from a remote network.

RT-N66U firmware version V44EA

I have enabled both PPTP VPN server and OpenVPN server... both seems to be running on the router.

Local connection (windows built in VPN for PPTP and OpenVPN connect for OpenVPN) both connects... no problems.

But when I try to connect from a remote network neither one connects. There is nothing on the log about connection attempts.

What can I do from here? How can I troubleshoot? Any idea on how to get either PPTP or Openvpn server to run?

Thanks for the great firmware.

 

[ColinTaylor]

I am having trouble connecting the VPN server from a remote network.

RT-N66U firmware version V44EA

I have enabled both PPTP VPN server and OpenVPN server... both seems to be running on the router.

Local connection (windows built in VPN for PPTP and OpenVPN connect for OpenVPN) both connects... no problems.

But when I try to connect from a remote network neither one connects. There is nothing on the log about connection attempts.

What can I do from here? How can I troubleshoot? Any idea on how to get either PPTP or Openvpn server to run?

Thanks for the great firmware.

Check the IP address your client is trying to connect to. Go to https://canyouseeme.org/ Does the IP address shown there match the WAN IP shown on the router (Network Map > Internet status)?

 

[truva]

Check the IP address your client is trying to connect to. Go to https://canyouseeme.org/ Does the IP address shown there match the WAN IP shown on the router (Network Map > Internet status)?

Yes. I have tried with both with wan IP address of the router plus DDNS of the router. Server address is ok. PPTP on windows even asks for username and password upon newly created connected, but does not connect. The weird thing is that there is nothing on the router's log about any VPN connection attempt.

 

[ColinTaylor]

Yes. I have tried with both with wan IP address of the router plus DDNS of the router. Server address is ok. PPTP on windows even asks for username and password upon newly created connected, but does not connect. The weird thing is that there is nothing on the router's log about any VPN connection attempt.

Are you sure about the IP address and that you don't have double NAT? It's just that I've never seen a situation where connection attempts didn't show up in the syslog. Or have you changed the logging level to suppress them? Do the successful (local) connections show in the syslog?

 

[truva]

Are you sure about the IP address and that you don't have double NAT? It's just that I've never seen a situation where connection attempts didn't show up in the syslog. Or have you changed the logging level to suppress them? Do the successful (local) connections show in the syslog?

Yes, IP address is true. VPN connections made from the LAN shows in the log.

The weird thing is that I enabled "respond ping requests from the wan" option to test. With this option enabled ___.asuscomm.com or direct wan IP of the router does not respond to pings from the outside. I think the router is not reachable from the outside but why? How to troubleshoot? I disabled the firewall on the router and tried but same result.

 

[ColinTaylor]

@truva Maybe your ISP blocks VPN connections? If you're testing over a mobile connection the mobile operator might block VPN. Try using a non-standard high port for your OpenVPN server.

EDIT: I think I remember another member having problems establishing a VPN connection over his mobile connection. IIRC that was caused because his mobile operator only gave him an IPv6 connection, not an IPv4 connection. Can you try connecting via a different route, like an internet cafe?

 

[ColinTaylor]

I just noticed that my router's WAN IP id different from the ones that shows on "what is my ip". Maybe this is causing problems. Again any suggestion is appreciated.

This contradicts the answers you gave previously.

 

[Bob.Dig]

This contradicts the answers you gave previously.

Not necessarily.

Again any suggestion is appreciated.

That probably means, that your internet connection is not reachable from the outside. Try to contact your ISP about it.

 

[truva]

Not necessarily.
That probably means, that your internet connection is not reachable from the outside. Try to contact your ISP about it.

Thanks. Yes, It is because of the ISP. Still not solved but in progress. I tried many things over 2 days for nothing because ISP's technical support is very weak.

 

[Bob.Dig]

Still not solved but in progress.

If it get fixed but your IP on WAN is still not your internet IP, that could mean that you won't be able to use the DDNS Feature in this Firmware, because, if I remember correct, it is not capable of doing an external IP-lookup.

 

[ColinTaylor]

Not necessarily.

Yes it does contradict what he had said. I explicitly asked him twice if his router's WAN IP address matched his publicly seen IP address and twice he said it did. Now he's saying they're different.

 

[smyr]

Hello fellow Merliners!

Been thinking about posting this for some time so here goes....

Question 1:
I am currently running the latest developer firmware on my RT-AC66U router - 374.43_45D5j9527 (13-August-2020) and working fine... never any issues really. Well, I did install and test Entware and all sort of tools. I want to undo what I did so only option is to do a factory reset thats the fastes way to get back clean it out... but then I have to go through all the "welcome to asus setup...." and that takes time. Is there another way to undo all the tools I installed via SSH.... ?! If I for example disable jffs and scripting will that work?

Qustion 2:
Latest official firmware is 374.43_44EAj9527 (12-July-2020) and I don't know if I should change back to the official firmware or stay with the one I got now. I am not a developer and just want the best most stable firmware... are you going to make the latest developer version official?! Or still work in progress... ?

Question 3:
I want to switch firmware , or at least give it a test, to Freshtomato. Latest build is from 2020-09-30.
But I can not install it. Does not work using the webinterface and when the firmware restoration util I seem to work fine.... but I can not login to the router interface, keeps asking for a password....... !? I have not tried the latest Freshtomato however... need to know before I try that again.... I know that this question is probably the wrong forum to ask but hey why not... I keep thinking its the merlin firmware that is the cause. Should I get an older asus official firmware and then flash?! Any help or links whould be great. I plan to use the AIO version RT-AC66U_RT-AC6x-2020.7-AIO-64K btw...

Freshtomato:

Index of /downloads/

Index of /downloads/freshtomato-mips/2020/2020.7/K26RT-AC/

Thanks.

 

[dave14305]

Is there another way to undo all the tools I installed via SSH.... ?! If I for example disable jffs and scripting will that work?

Disabling JFFS scripts in the GUI is certainly an option, but it’s overkill. Entware can be removed by:

• Eject the USB from the GUI to stop any installed services that may be running from Entware.
• Delete the Entware line from /jffs/scripts/post-mount or just delete the /jffs/scripts/post-mount script if nothing else is using it. Same for unmount and services-stop scripts.
• rm /tmp/opt
• Plug the USB back in and remove the /tmp/mnt/<usbname>/entware directory.

There may be better prescribed ways to get rid of Entware, but this is what I’d do.

EDIT: added 3rd bullet to remove link

 

[guss]

Hello everybody

I have an Asus RT-N66U with Firmware:374.43_44EAj9527.

On it I use two OpenVPN servers for many years without a problem. One does direct clients to redirect Internet traffic and one does not.

Since the latest update I have the problem that the option "Push LAN to clients" seems not longer to work. I can connect to the RT-N66U without any problem but I can't connect or ping any devices in my LAN. Normally I only connect to my Ubuntu desktop where a vnc server runs. But I can't connect to my Raspberry Pi either. Only the LAN ip of the RT-N66U itself does respond.

There is no firewall running on the Raspberry Pi and I didn't change the ufw settings on the Ubuntu client:
Anywhere ALLOW IN 192.168.1.0/24
Anywhere ALLOW IN 10.8.0.0/24
Anywhere ALLOW IN 10.8.1.0/24

Does anyone have the same problem?

Can I add something via the custom configuration to fix my problem or has anyone another suggestion for me?

Many thanks in advance
Guss

 

[ColinTaylor]

Does anyone have the same problem?

Works fine for me. Post a link to your syslog for us to look at.

 

[dave14305]

Since the latest update I have the problem that the option "Push LAN to clients" seems not longer to work. I can connect to the RT-N66U without any problem but I can't connect or ping any devices in my LAN.

Is there an IP subnet conflict between the network you are connecting FROM and your LAN subnet? Are they both 192.168.1.0/24?

DISCLAIMER: I'm not a VPN user, but I've seen Colin answer enough questions that I remember some of his answers.

 

[guss]

Thanks for your comments.

@dave14305
Good idea, but the subnets are different. There is no conflict there.

@ColinTaylor
Here is the syslog from starting the openvpn server to connecting with the client.

Oct  9 23:46:14 rc_service: httpd 1042:notify_rc start_vpnserver2
Oct  9 23:46:14 kernel: device tun22 entered promiscuous mode
Oct  9 23:46:17 openvpn[2207]: OpenVPN 2.4.9 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 12 2020
Oct  9 23:46:17 openvpn[2207]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.09
Oct  9 23:46:17 openvpn[2209]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Oct  9 23:46:17 openvpn[2209]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct  9 23:46:17 openvpn[2209]: Diffie-Hellman initialized with 2048 bit key
Oct  9 23:46:17 openvpn[2209]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct  9 23:46:17 openvpn[2209]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct  9 23:46:17 openvpn[2209]: TUN/TAP device tun22 opened
Oct  9 23:46:17 openvpn[2209]: TUN/TAP TX queue length set to 1000
Oct  9 23:46:17 openvpn[2209]: /usr/sbin/ip link set dev tun22 up mtu 1500
Oct  9 23:46:17 openvpn[2209]: /usr/sbin/ip addr add dev tun22 10.8.1.1/24 broadcast 10.8.1.255
Oct  9 23:46:17 openvpn[2209]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct  9 23:46:17 openvpn[2209]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Oct  9 23:46:17 openvpn[2209]: UDPv4 link local (bound): [AF_INET]xx.xx.xx.xx:1194
Oct  9 23:46:17 openvpn[2209]: UDPv4 link remote: [AF_UNSPEC]
Oct  9 23:46:17 openvpn[2209]: MULTI: multi_init called, r=256 v=256
Oct  9 23:46:17 openvpn[2209]: IFCONFIG POOL: base=10.8.1.2 size=252, ipv6=0
Oct  9 23:46:17 openvpn[2209]: Initialization Sequence Completed
Oct  9 23:46:52 openvpn[2209]: yy.yy.yy.yy:58127 TLS: Initial packet from [AF_INET]yy.yy.yy.yy:58127, sid=83341d68 35fbcaec
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_VER=2.4.6
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_PLAT=win
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_PROTO=2
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_NCP=2
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_LZ4=1
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_LZ4v2=1
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_LZO=1
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_COMP_STUB=1
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_COMP_STUBv2=1
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_TCPNL=1
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 TLS: Username/Password authentication succeeded for username 'mustermann'
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Oct  9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 [client] Peer Connection Initiated with [AF_INET]yy.yy.yy.yy:58127
Oct  9 23:46:53 openvpn[2209]: client/yy.yy.yy.yy:58127 MULTI_sva: pool returned IPv4=10.8.1.2, IPv6=(Not enabled)
Oct  9 23:46:53 openvpn[2209]: client/yy.yy.yy.yy:58127 MULTI: Learn: 10.8.1.2 -> client/yy.yy.yy.yy:58127
Oct  9 23:46:53 openvpn[2209]: client/yy.yy.yy.yy:58127 MULTI: primary virtual IP for client/yy.yy.yy.yy:58127: 10.8.1.2
Oct  9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 PUSH: Received control message: 'PUSH_REQUEST'
Oct  9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.1.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.1.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Oct  9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 Data Channel: using negotiated cipher 'AES-128-GCM'
Oct  9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct  9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key

Edit: I'm wondering about the "dhcp-option DNS 192.168.1.1". Maybe that could be the problem, because my DNS Server runs at 192.168.1.2 (unbound on a raspberry pi)? But as I said, it worked before with 374.43_44E5j9527.