[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[nash16]

I need to see the syslog on the client when it's connecting. Please upload it to a file sharing site and PM me the link.

Hi @john9527 the info has been sent via the conversation

Best regards.

 

[john9527]

V.32E4 is working, that seems to have fixed it. Thanks!

Thanks for confirming the fix. Appreciated!

 

[tyspeed42]

Did a whooops and updated to E4 without thinking about it, glad to went back to L6 without issues lol

Have never seen it on the windows systray icon (just checking that's what you are referring to). I have see it in Firefox as a transient message bar that goes away once the reboot completes, but have never been able to figure out why. There's a chance that change I'm working on for the 32E3 DNS issues may be part of it, so give it a try when that final release come out.

Ya it comes from the sys tray, click it opens a browser window, thats about it, close it and wonder why it thinks it isn't connect when it clearly is.

 

[il2]

Does 32E4 instead of 32L4 for RT-N16 mean that it contains KRACK fix?

 

[rtn66uftw]

@rotareneg @rtn66uftw

I've uploaded V32E4 for you to try (as well as anyone else that would like to give it a test prior to release). Hopefully this will resolve the access issue on the new build.
It's in a new download url
https://1drv.ms/f/s!Ainhp1nBLzMJmAFmjjskkJjm8Sei

The previous V32E3 has been pulled.

Problem solved. Thanks so much for your time John!

 

[rtn66uftw]

Does 32E4 instead of 32L4 for RT-N16 mean that it contains KRACK fix?

• A separate firmware release is provided which only supports the older AC68U rev A1,A2,B1 ('L' Builds). Users of the earlier rev AC68U's can continue on the original fork SDK/wireless drivers by moving to this release branch. IMPORTANT: Some fixes available in the 'E' Builds may not be included in the legacy build if they require new wireless drivers or the new ARM SDK. Please review the release notes/Changelog for further information.

https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v31e6.18914/

 

[john9527]

Does 32E4 instead of 32L4 for RT-N16 mean that it contains KRACK fix?

ASUS never released a KRACK fix for the N16. On the N16, there's very little difference between the E and L builds (there may be a couple of kernel changes in the N16/E, I'd have to double check).

 

[il2]

• A separate firmware release is provided which only supports the older AC68U rev A1,A2,B1 ('L' Builds). Users of the earlier rev AC68U's can continue on the original fork SDK/wireless drivers by moving to this release branch. IMPORTANT: Some fixes available in the 'E' Builds may not be included in the legacy build if they require new wireless drivers or the new ARM SDK. Please review the release notes/Changelog for further information.

https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v31e6.18914/

That's why L build only was available for RT-N16 recently. But now it is E build again.
32E4 running fine on RT-N16. Thanks John!

 

[john9527]

That's why L build only was available for RT-N16 recently. But now it is E build again.

I just haven't built the L Builds yet....they'll be coming with the final release.

 

[il2]

Btw, after switching Samba to V2 only something new in the log:

Apr  2 23:56:23 smbd[799]: [2018/04/02 23:56:23.740369,  0] smbd/negprot.c:706(reply_negprot)
Apr  2 23:56:23 smbd[799]:   No protocol supported !
Apr  2 23:56:24 smbd[800]: [2018/04/02 23:56:24.746564,  0] smbd/negprot.c:706(reply_negprot)
Apr  2 23:56:24 smbd[800]:   No protocol supported !
Apr  2 23:56:25 smbd[802]: [2018/04/02 23:56:25.778148,  0] smbd/negprot.c:706(reply_negprot)
Apr  2 23:56:25 smbd[802]:   No protocol supported !
Apr  2 23:56:26 smbd[803]: [2018/04/02 23:56:26.796577,  0] smbd/negprot.c:706(reply_negprot)
Apr  2 23:56:26 smbd[803]:   No protocol supported !

Just these messages, but it works from Windows 10.

 

[john9527]

Hi @john9527 the info has been sent via the conversation

Best regards.

When you are stuck at Connecting, please log into the router and post the output of
nvram show | grep vpn_client. | grep -e 'state\|errno'

 

[nash16]

When you are stuck at Connecting, please log into the router and post the output of
nvram show | grep vpn_client. | grep -e 'state\|errno'

Here you go:

RT-AC66U:/tmp/home/root# nvram show | grep vpn_client. | grep -e 'state\|errno'
size: 54038 bytes (11498 left)
vpn_client1_errno=2
vpn_client2_state=0
vpn_client1_state=-1
vpn_client2_errno=0

Best regards.

 

[xMaPuOx]

Hi John, I was wondering if you could help me out. I have n66u and when I connect it to Comcast's xb6 modem I get 950mb down no problem, but recently I got myself a mb8600 and now I only get around 600mb, if I connect my pc directly to mb8600 then its 950 but with router around 600. I tried your firmware, merlin's and stock, same results. How come it can pull 950 with xb6 but only 600 with mb8600, any ideas?

 

[john9527]

Here you go:

RT-AC66U:/tmp/home/root# nvram show | grep vpn_client. | grep -e 'state\|errno'
size: 54038 bytes (11498 left)
vpn_client1_errno=2
vpn_client2_state=0
vpn_client1_state=-1
vpn_client2_errno=0

Best regards.

OK...here's the scoop. Even though it's working, it is also detecting an error that is preventing the status from moving to 'Running' (adding the error reporting to the status page is on my todo list, but hasn't made it to the top yet)

In this case, it's detecting a routing conflict. My guess would be duplicate addresses on the server and client.
If you look in the syslog when first starting the client, you should see an entry
Ignoring conflicting routing rule
followed by the address subnet it's concerned about.

 

[nash16]

OK...here's the scoop. Even though it's working, it is also detecting an error that is preventing the status from moving to 'Running' (adding the error reporting to the status page is on my todo list, but hasn't made it to the top yet)

In this case, it's detecting a routing conflict. My guess would be duplicate addresses on the server and client.
If you look in the syslog when first starting the client, you should see an entry
Ignoring conflicting routing rule
followed by the address subnet it's concerned about.

Hi John,

What do you mean? My client side network address is: 192.168.1.0/24 and my server side network address is: 192.168.2.0/24, the OpenVPN address is: 10.0.0.0/24, so, the addresses are different.

I have the commands below in my cutom config in the server:
client-config-dir /jffs/configs/openvpn/ccd
route 192.168.1.0 255.255.255.0
client-to-client
push "route 192.168.1.0 255.255.255.0"

Maybe I have something wrong in this custom config?

Could you tell me how can I check the error showed in nvram and fix it by OpenVPN client?

Thanks in advance!

 

[john9527]

Could you tell me how can I check the error showed in nvram and fix it by OpenVPN client?

Did you restart the client and look for the syslog message I referenced?

 

[john9527]

Update-32E4/32L4 is now available!

This release contains many security related updates along with a few bug fixes and feature updates.

A quick comment on some of the security updates, primarily those referenced by ASUS in their OEM releases. In most cases there are no details available beyond their one-line description of the update. This means the best I can do is to compare releases and look for changes that appear to fit their description, and in some cases pick up closed source components which are likely related. Sometimes its easy to match the changes/description, others it's just my best 'engineering judgement'. I can finish by saying I use this fork for my own home network, and feel comfortable doing so.

Update-32E4 Highlights

• Updated OpenSSL to 1.0.2o
• Upstream update for DNSMASQ to address DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
• Upstream update for DNSMASQ to use SIGINT instead of SIGHUP for DNSSEC timestamp notification
• AICloud update to address XSS vulnerability (ASUS backport)
• Update ASUSWEBSTORAGE support (ASUS backport)
• Tighten security around some of the system config files found in /etc (Merlin backport)
• Fix potential resource leak if an error occured when creating OpenVPN passwd/group/shadow files (Merlin backport)
• Fix CVE-2018-8879 potential buffer overrun in check_xss_blacklist (Merlin backport)
• Fix CVE-2018-8826 remote code code execution vulnerability (ASUS backport)
• Fix NETWORKMAP hang with attached Logitech Harmony Hub
• Fix setting of SAMBA dns proxy with wins server instead of master browser
• Enable BUSYBOX applets tty, depmod and blockdev, and enable fdisk support for large disks and lscolor (Merlin backport - features sync)

Please review the 'Installation Notes' section in the first post for further information on installing this fork.

The 'E' Build series supports all the support routers, including the newer rev AC68U and similar routers, and is the default fork version. The biggest change is the inclusion of the KRACK fix for the N66, AC66, AC56 and AC68 routers when used as a Repeater or Media Bridge. The N16 will NOT be updated for the KRACK fix.

For those of you with early rev (A1,A2,B1) AC68U's who wish to remain with the earlier wireless drivers, I've included a build directory that continues to be based on the earlier drivers/SDK, Update-nnLx (Legacy 'L' Build). IMPORTANT: The legacy builds do NOT include the KRACK fix for any supported router since part of the fix requires new wireless drivers.

I've also included a file @UpgradeMatrix.txt in the download directory. This shows the options for each router and build combination, including the need for a Factory Default reset or possible JFFS reformat.


Thanks again for everyone's support!


LATEST RELEASE: Update-32E4, including support new rev AC68 class routers
2-April-2018
Merlin fork 374.43_32E4j9527
Download http://bit.ly/1YdgUcP
============================

SHA256

(Default Build - All supported routers)
7d9472b1423684536d8c4982d62e0bc039d8f82daa456f1c4d718784b3e27e9f  RT-N16_374.43_32E4j9527.trx
73fe76d0e3f07353a2262bcf5772324f7ca54db10ba176ec758a9bfb6f6a4b1f  RT-AC66U_374.43_32E4j9527.trx
505201654883992d91daca74dcaab9a2e3dcf52cae27cc7c60382a51f9390a54  RT-N66U_374.43_32E4j9527.trx
e7f57dd8592d14ba242c3b6d073e81225f43e4ad0fc8e83e7d3e0ab3d8d63293  RT-AC68U_374.43_32E4j9527.trx
6974ef96b6081b639f22d363cd89c8e6f68ec7f8294bda554f2b55f7c087d14e  RT-AC56U_374.43_32E4j9527.trx

(Legacy Only Builds)
bbaadce84aa236c0d65e4cdb42280a292f26c5c1bc8214c6df6f6e80d279ef9e  RT-AC68U_3.0.0.4_374.43_2-32L4j9527.trx
9199eccc6f17cdf636256a67654ad1f6ed610e05cb45a30d6d475b652e1d9211  RT-AC56U_3.0.0.4_374.43_2-32L4j9527.trx
13ae59a557402ce11a5aa364a4e0314b36f9065cccaea7ce2e3f96da74721caf  RT-N16_3.0.0.4_374.43_2-32L4j9527.trx
7feafa4c95770d3df4abf7835feb05418331562c30a4843fda20a898a18ccf90  RT-AC66U_3.0.0.4_374.43_2-32L4j9527.trx
07b4ce97757a97800e848aae8ad91a45072e78dc3a43457ad46d6e7f059ac776  RT-N66U_3.0.0.4_374.43_2-32L4j9527.trx

 

[MysticGold04]

Thank you, Sir for the update. Greatly appreciate your work adding in the backported security updates! I am still on 31E6, but will upgrade soon.

 

[il2]

It's no point to upgrade from 32E4 to 32L4 on RT-N16, isn't it?

 

[nash16]

Did you restart the client and look for the syslog message I referenced?

You are right john! Could you tell me how can I fix that?

Apr 4 21:43:33 openvpn[9198]: Ignore conflicted routing rule: 192.168.1.0/24


[EDITED]: Fixed & working!

Thank you very much for your help and congrats for the update!