[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[Chrysalis]

Now I'm baffled....off to take a look....

mine is set to 300000 and says 300000 for default. and yes i have moved to the public release version

 

[wiz]

I can't get openvpn to work on v12. Reverted to 11e1, and all is working again. dh.pem was generated on a linux machine and is 1024bits. And I saw my max connections was not at 300000 but that's no issue here.

 

[john9527]

I can't get openvpn to work on v12.

Can you provide a bit more info? Client or Server? What were the symptoms? Was there an error posted in the syslog? With a self-generated 1024bit DH, the code should not be making any changes to your setup.
Thanks for any additional info you can provide.

 

[Bobbar]

I could get OpenVPN server to work if everything was default settings, cleared all keys, and rebooted the router with the server turned off turning it on after boot. But the second I try to change any settings, init would get stuck again.

Also, I don't know if it could be related to the init process being tied up, but rebooting from the web-interface was flaky at best. I could only get the router to reboot via SSH.

Reverted back to V10 for now.

On a side note: I'd like to thank you for all your work, John. This is an awesome, best-of-both-worlds approach.

 

[Chrysalis]

I think I may know the issue.

If you use a DH larger than the key size on the cert I think wont work properly. It can be fine the other way round but using a 512bit cert e.g. with a 2048 bit DH might not work.

Guys try upgrading your certs to 2048 bits or higher.

 

[john9527]

I think I may know the issue.

If you use a DH larger than the key size on the cert I think wont work properly. It can be fine the other way round but using a 512bit cert e.g. with a 2048 bit DH might not work.

Guys try upgrading your certs to 2048 bits or higher.

DH should be independent.....I did all sorts of scenarios on the AC68 and it worked fine. The people having problems seem to be MIPS based routers (at least that's the only common thread I see so far).

 

[wiz]

Can you provide a bit more info? Client or Server? What were the symptoms? Was there an error posted in the syslog? With a self-generated 1024bit DH, the code should not be making any changes to your setup.
Thanks for any additional info you can provide.

Sure. Originally I had a wl500 which ran openvpn as a server. That one could not cope with the load, so I moved to a linux machine that runs openvpn as a server. I use the asus n66u as backup connection, so it has the same certificates and settings, only the port is different.

There was no error in the syslog whatsoever unfortunately. I did see /sbin/init noinitrd hogging the cpu of the asus, but other than that nothing that would indicate something wrong.

When I reverted to 11E1 openvpn server1 started straight away.

 

[john9527]

As a general note....all of the updated components in V12 have increased the size of the code images by about 100KB. For everyone, but especially N16,N66 and AC66 users, you should ensure you have a backup of your JFFS space in case it get reset by the code update.

 

[wiz]

In an hour or so I have the network for myself, i will flash the 12X version and report back.

 

[wiz]

I've flashed 12x. Unfortunately openvpn did not start. I've attached syslog and top.txt. I did not have to reformat jffs, but never the less I had it backed up prior to flashing. Is there any other diagnostics I could do?

 

[wiz]

I fired up openvpn openvpn --config /etc/openvpn/server1/config.ovpn and at first it complained there's no dh.pem and static key. I've added them to /etc/openvpn/server1 folder, and it complained it could not connect to tun. I then manually loaded the tun module and added it to br0.

Strangely openvpn starts, but it says it is bound to [undef]. If I state --verb 11 it does not come up with anything that makes sense.

If I stop the openvpn server from the gui init keeps hogging the cpu. Only if I restart the router with the openvpn server stopped it does not hog the cpu.

 

[john9527]

@wiz - Thanks for all your work. It looks like this has nothing specifically to do with the DH change, but may just be a problem with the integration of the newer OpenVPN/OpenSSL on at least the N66. I'll follow up with you in a conversation.

Thanks again.

 

[Deleted member 22229]

John I don't use open vpn is there any reason to upgrade to 12x ?

 

[john9527]

John I don't use open vpn is there any reason to upgrade to 12x ?

No, I'm actually going to take down that post. The 12x build was to try something with respect to VPN Server not starting on an N66 (and didn't work, but did provide some useful data).

As far as I can see, there is a problem with VPN Server on the N66 (and maybe other MIPS based routers) If you are not using VPN Server on MIPS or are on AC56 or AC68 you should be fine.

When I get to the bottom of this problem, I'll publish a general update. Wiz and I are working offline to try and get it pinned down (BIG THANKS to Wiz!)

 

[HawkInOz]

@wiz - Thanks for all your work. It looks like this has nothing specifically to do with the DH change, but may just be a problem with the integration of the newer OpenVPN/OpenSSL on at least the N66.

FWIW, I'm using OpenVPN with V12 on an N66U with no problems whatsoever.

 

[john9527]

FWIW, I'm using OpenVPN with V12 on an N66U with no problems whatsoever.

Server or Client? I should have been more specific that we are working VPN Server issue.

If you are running client successfully, that would help reinforce a hypothesis I have on what may be the issue.

 

[M1ch43lk]

Hi,

First of all thanks for a great firmware!

After updating to 374.43_2-12j9527 on my RT-N66U I noticed that the samba gets started even though it is disabled in the GUI.

458 admin 2404 S nmbd -D -s /etc/smb.conf
459 admin 2344 S nmbd -D -s /etc/smb.conf
460 admin 3240 S smbd -D -s /etc/smb.conf

# nvram show | grep enable_samba
enable_samba=0

I compared it to my RT-AC68U where it works fine and samba does not start automatically.

Any hints how to disable it?

Thanks in advance,

Michael

 

[john9527]

After updating to 374.43_2-12j9527 on my RT-N66U I noticed that the samba gets started even though it is disabled in the GUI.

Do you have either the Master Browser or WINS server option set? Either of those will also start SMB.

 

[HawkInOz]

Server or Client? I should have been more specific that we are working VPN Server issue.

If you are running client successfully, that would help reinforce a hypothesis I have on what may be the issue.

I'm running Server (OpenVPN Server 1). Strictly connecting from the outside to my N66U. I don't ever VPN out using the OpenVPN Client side - never even set that up. Never set up Server 2 either. Manually prepared and provided my own keys & certificates using OpenVPN eons ago while running Merlin's firmware - never used the automatic generation process.

 

[wiz]

thats interesting.

Mine uses vlan tagging on wan, I get internet through vlan34. I do have a guest wifi setup with some separate network settings, but I cannot get open vpn server started. It shows started in the gui, but in fact it won't start openvpn and connecting to it is not possible.