[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[john9527]

I don't know why it's appending that mask, but if it's being applied when the user wants to match specific IPv6 address rather than a network, the result would also be wrong since it's ignoring the first 64 bits.

Specifying the default route address 'fooled' the test for being able to specify EULA addresses for the rule. I just wrote a fix for the next release.
6e81c80e3 firewall: allow ipv6 default route ::/0 as destination address

 

[trisk]

Specifying the default route address 'fooled' the test for being able to specify EULA addresses for the rule. I just wrote a fix for the next release.
6e81c80e3 firewall: allow ipv6 default route ::/0 as destination address

Thanks for the quick response! I was able to work around the problem by setting the destination for the rules to my IPv6 prefix/64 instead.

The problem was causing me headaches for months and I'm really glad I understand what's behind it now.

 

[trisk]

Thanks for the quick response! I was able to work around the problem by setting the destination for the rules to my IPv6 prefix/64 instead.

The problem was causing me headaches for months and I'm really glad I understand what's behind it now.

Actually, now that I think of it, the reason I put ::/0 in is that the form doesn't allow the local/destination address to be blank (but it allows the remote/source one to be). Can we change that so the form (and nvram variable) accepts a blank destination? That would be consistent with the form for IPv4 which allows both to be blank.

 

[john9527]

That would be consistent with the form for IPv4 which allows both to be blank.

Which IPv4 page are you referring to....if it's the Network Services filter, that's a 'DROP' rule being defined, so it makes sense to default DROP for all addresses. For the IPv6 firewall it's an ACCEPT rule, so I think I want to keep it as is to specify the destination.

 

[john9527]

Update-32E3 is up in the downloads folder. I know it's a short cycle from the last update, but there has been a lot of security related activity as of late and wanted to make this update available.

Right now, only the E-build is available and the only doc is the Changelog (will provide the normal update info later today/tomorrow).

 

[trisk]

Which IPv4 page are you referring to....if it's the Network Services filter, that's a 'DROP' rule being defined, so it makes sense to default DROP for all addresses. For the IPv6 firewall it's an ACCEPT rule, so I think I want to keep it as is to specify the destination.

Yep, that's the page I meant. I guess it makes sense to have the extra validation for ACCEPT rules.

I'm checking out the new release now.

Edit: ::/0 works! Now I don't have to hardcode my prefix in the settings any more!

 

[john9527]

Edit: ::/0 works! Now I don't have to hardcode my prefix in the settings any more!

Got it in just under the wire

 

[rotareneg]

I just tried to update from 31E6 to 32E3 on my RT-N16 and was unable to access the internet until I rolled back to 31E6. The internet status on the network map page said connected, but no addresses would resolve. I didn't think to try pinging any IPs directly to see if it was a DNS issue as I was in a hurry to revert back to the older working version as everyone was giving me the irritated "You said it'd only be a few minutes!" look the whole time.

My connection uses PPPoE, in case that is relevant. Tomorrow I'll give it another go, what should I do to gather relevant info and/or troubleshoot the issue?

 

[rtn66uftw]

Update-32E3 is up in the downloads folder. I know it's a short cycle from the last update, but there has been a lot of security related activity as of late and wanted to make this update available.

Right now, only the E-build is available and the only doc is the Changelog (will provide the normal update info later today/tomorrow).

It's really strange. I successfully updated one AC68U and one AC68R to 32E3 (over WiFi if it matters) but after that I couldn't connect to the internet on neither of them (2 routers on 2 separated internet lines). I have tried turning both routers and modems off and on several times.

In the interface, it said connected & displayed a valid WAN IP from my ISP but no website will load.

> ping www.google.com
Ping request could not find host www.google.com. Please check the name and try again.

Can you tell me what went wrong? Thanks!

P.S: before the update I check SHA256 and it matched

Edit 1: I'm using PPPoE on those 2 connections as well
Edit 2: Things back to normal after downgrading to 31E6

 

[john9527]

@rotareneg @rtn66uftw
My first guess would be a DNS/dnsmasq issue of some sort.
Are you using DNSCrypt or DNSSEC?

I tried multiple combinations and can't recreate a problem (but can't test PPPoE). If you can try it again, please capture a syslog.

 

[rotareneg]

DNSCrypt and DNSSEC are both off. I'll try it again in the morning, get the syslog, and play around with it in more detail when I don't have to worry about being yelled at for killing the internet.

 

[rtn66uftw]

@rotareneg @rtn66uftw
My first guess would be a DNS/dnsmasq issue of some sort.
Are you using DNSCrypt or DNSSEC?

I tried multiple combinations and can't recreate a problem (but can't test PPPoE). If you can try it again, please capture a syslog.

Thanks John! I didn't use any of those you mentioned. Only used DNS from OpenDNS (208.67.220.220). "Enable VPN + DHCP Connection" was enable under Advanced_WAN_Content.asp (but I didn't use VPN either)

 

[tyspeed42]

I have noticed that when I reboot the router, all systems had the yellow questions mark with that network dialog box saying this connection requires additional login, but lan connections were all connected already and working. I have like 9+ lan connected systems running and they all had same log in dialog box coming from the lan icon giving that same message, I click on the lan icon to go open says Im not connected but yet it was connected and working fine. It's more of an inconvenience, hasn't affected performance.

 

[john9527]

@rotareneg @rtn66uftw
Pretty sure I found the problem.....hold off on any further testing until the next release.

 

[iaTa]

Will TxPower adjustments (up to 500) work ok on AC68U E builds or do we have to use L?

 

[nash16]

Hi @john9527 thank you for your fork, it is awesome and my RT-AC66U has a new life

I have an issue with the latest firmware (V31E6), when the OpenVPN client is connected using as negotiable ciphers: AES-256-GCM:AES-128-GCM the VPN status always remain in "Connecting..." however it is connected successfully and I have the tunnel enabled with my another RT-AC86U using Merlin FW.

Also, if I check on the server side in my RT-AC86U, you can see it connected:

Could you check why it is happening on the client side (RT-AC66U) with the Fork? Maybe it is only a "grammar/typo" bug.

Thanks in advance and again, congrats for your fork!

 

[john9527]

I have an issue with the latest firmware (V31E6), when the OpenVPN client is connected using as negotiable ciphers: AES-256-GCM:AES-128-GCM the VPN status always remain in "Connecting..." however it is connected successfully and I have the tunnel enabled with my another RT-AC86U using Merlin FW.

I need to see the syslog on the client when it's connecting. Please upload it to a file sharing site and PM me the link.

 

[john9527]

I have noticed that when I reboot the router, all systems had the yellow questions mark with that network dialog box saying this connection requires additional login, but lan connections were all connected already and working. I have like 9+ lan connected systems running and they all had same log in dialog box coming from the lan icon giving that same message, I click on the lan icon to go open says Im not connected but yet it was connected and working fine. It's more of an inconvenience, hasn't affected performance.

Have never seen it on the windows systray icon (just checking that's what you are referring to). I have see it in Firefox as a transient message bar that goes away once the reboot completes, but have never been able to figure out why. There's a chance that change I'm working on for the 32E3 DNS issues may be part of it, so give it a try when that final release come out.

 

[john9527]

@rotareneg @rtn66uftw

I've uploaded V32E4 for you to try (as well as anyone else that would like to give it a test prior to release). Hopefully this will resolve the access issue on the new build.
It's in a new download url
https://1drv.ms/f/s!Ainhp1nBLzMJmAFmjjskkJjm8Sei

The previous V32E3 has been pulled.

 

[rotareneg]

V.32E4 is working, that seems to have fixed it. Thanks!