[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[treboR2Robert]

@john9527
Sorry to say the new test build still doesn't work
1st connection worked fine. I then disconnected, waited for the client to disappear from "VPN Status" page on router and then tried to reconnect.

I think the errors are the same.


21:07 OpenVPN 2.5-icsopenvpn [git:v2.4_rc2-301-g14adf04a] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 3 2018

21:07 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

21:07 TCP/UDP: Preserving recently used remote address: [AF_INET]

21:07 UDP link local: (not bound)

21:07 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

21:08 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

21:08 TLS Error: TLS handshake failed

21:08 SIGUSR1[soft,tls-error] received, process restarting


I removed my ip from this incase you were wondering.

I tried it a few times on both android apps ( openvpn for android and openvpn connect )

Anything else i can try ?

 

[airman98]

@john9527 - Hey just wanted to say THANKS!

After lurking these forums for the past year, and having previously used everything from stock firmwares to DDWRT to Tomato to Merlin, I have finally got around to installing this fork and giving it a go. Did the full ASUS firmware restore on the router, installed John's 34E3, all went smooth. Boy am I happy, finally there are no tradeoffs - after setting it all up everything works perfectly. My uPnp network receivers (one Sony, one Yamaha, on different floors of the house) both stream music without dropouts or signal interruptions - I can stream over the network from my PC, airplay from iPhone - everything. Previously (old firmware) had tons of interference, cutouts, signal loss, especially the Sony receiver which can only get the 2.4Ghz channel, had lots of interference. My entire household network is now just completely perfect, the Sony works perfectly now, seems to get a much stronger signal from my router with John's fork.

My home theater TV used to only get a poor 5Ghz signal, and "Ultraflix" 4k streaming would only get a 30mbps stream on my previous firmware, with John's fork I get a much better 5ghz signal and Ultraflix is streaming at over 60mbps, DOUBLE what it used to. No more "hiccups"!!

My router is an RT-AC66U, and it is finally singing at full voice. Thanks John, great work! Your efforts are appreciated.

 

[vx46hD]

Oops I'm on 34E3, not 33E7 as mentioned above, post edited.

It the modem is one of these...:https://kitz.co.uk/routers/hg612hacking.htm

It is, but I'm not really keen to flash it. Maybe once I've read up on it a bit more.

 

[john9527]

My router is an RT-AC66U, and it is finally singing at full voice.

Thanks for the feedback....very much appreciated!

 

[vx46hD]

Not much to be seen, but a couple of observations....
- It took 6 attempts to sync the time. That's unusual. It may indicate an ISP problem or you are just saturating the connection.
- You have a client with a domain name of .local (used by Apple for mDNS) and that has been known to cause problems. I admit I'm not well versed on this one, but you may want to change that if you can.

Thanks John.
- My time servers are pool.ntp.org/time.nist.gov, and my connection is unlikely to be saturated (74/16 Mbit and not hammering it). It looks like it usually takes 2-6 attempts. Maybe an ISP problem, I don't know, but it's fine for everything else. Maybe the pool servers are overworked.
- I'll do some reading up on mDNS.

Other than that, the only other suggestions I would have are
- do a factory reset/reconfigure in case something got corrupted somewhere
- to set up a swap file on a USB stick

Sorry I can't be of more help on this one.

No problem, I'll reset it if it happens again.

 

[papypaprika]

I actually spend most of yesterday working on it....and MAY have found something. I wanted to swap out my AC68 (which I confirmed works properly) for the N66 before posting, but if you want to try it first, I can send you a PM with a private build.

Looking forward to it, as I have exactly the same issue with OpenVPN.

Thank you very much for looking into it.

 

[il2]

Those of you who have OpenVPN reconnection failing on 34E3 do you have hardware acceleration turned on? It might be unrelated at all, but could HW accel change how conntraq handles closing connection after VPN client disconnects? Do you see connection still present?

 

[treboR2Robert]

Those of you who have OpenVPN reconnection failing on 34E3 do you have hardware acceleration turned on? It might be unrelated at all, but could HW accel change how conntraq handles closing connection after VPN client disconnects? Do you see connection still present?

Sounds plausible i spose.
I will give it a try.
Thanks for the idea.

 

[treboR2Robert]

Those of you who have OpenVPN reconnection failing on 34E3 do you have hardware acceleration turned on? It might be unrelated at all, but could HW accel change how conntraq handles closing connection after VPN client disconnects? Do you see connection still present?

So I had a look and could not find a way to disable hardware acceleration.

In the "tools" menu i can see that hardware acceleration is enabled but no option to turn it off.

 

[jpedty]

So I had a look and could not find a way to disable hardware acceleration.

In the "tools" menu i can see that hardware acceleration is enabled but no option to turn it off.

It’s under lan/switch control
Or turn on qos

 

[tyspeed42]

Those of you who have OpenVPN reconnection failing on 34E3 do you have hardware acceleration turned on? It might be unrelated at all, but could HW accel change how conntraq handles closing connection after VPN client disconnects? Do you see connection still present?

I believe there is a setting under VPN/OpenVPNClient tab were it says Block routed clients if tunnel goes down 3 settings there Always, Only when client is enabled, Never/ Unblock. Set this to (never / unblock) or (Only when client is enabled) if you want internet access if vpn disconnects. If I understood you correctly this should fix the issue choosing one of these settings.

 

[treboR2Robert]

I believe there is a setting under VPN/OpenVPNClient tab were it says Block routed clients if tunnel goes down 3 settings there Always, Only when client is enabled, Never/ Unblock. Set this to (never / unblock) or (Only when client is enabled) if you want internet access if vpn disconnects. If I understood you correctly this should fix the issue choosing one of these settings.

I don't see this setting and I don't think it would affect the VPN Server anyway.

 

[treboR2Robert]

Those of you who have OpenVPN reconnection failing on 34E3 do you have hardware acceleration turned on? It might be unrelated at all, but could HW accel change how conntraq handles closing connection after VPN client disconnects? Do you see connection still present?

Disabling NAT acceleration didn't help. My phone will still not reconnect.

One thing I noticed though,

While using the app "OpenVPN Connect" when I disconnect the client disappears from the "VPN Status" page almost instantly ( press refresh once or twice and it's gone )

While using the app "OpenVPN for Android" the client takes forever to disappear from the "VPN Status" page. ( refresh 20 odd times till i get bored and just sit waiting for a min or so before another refresh and its usually gone by then )

Probably doesn't help you @john9527 but thought I would mention it.


EDIT: This behavior is the same on 33E7 though on which of course reconnecting is not a problem.

 

[Arimil]

Has anyone else had their hosts file stop working recently? My hosts file only has one custom entry in it an it appears to not be functioning. I noticed that the default asus rules are also not functioning. For reference I included my hosts file below.

127.0.0.1 localhost.localdomain localhost
192.168.1.1 RT-N66U-BAE8. RT-N66U-BAE8
192.168.1.1 router.asus.com
192.168.1.1 www.asusnetwork.net
192.168.1.1 www.asusrouter.com
192.168.1.101 media.arimil.com

 

[john9527]

Disabling NAT acceleration didn't help. My phone will still not reconnect.

One thing I noticed though,

While using the app "OpenVPN Connect" when I disconnect the client disappears from the "VPN Status" page almost instantly ( press refresh once or twice and it's gone )

While using the app "OpenVPN for Android" the client takes forever to disappear from the "VPN Status" page. ( refresh 20 odd times till i get bored and just sit waiting for a min or so before another refresh and its usually gone by then )

Probably doesn't help you @john9527 but thought I would mention it.


EDIT: This behavior is the same on 33E7 though on which of course reconnecting is not a problem.

Depends on the options set on the client if you are using UDP connection. One is probably setting 'explicit-exit-notify' and the other not. Without it, it takes about 2 min for the client to be ended.

Or you can do like I do, and add the line
push "explicit-exit-notify"
to the server custom config section for UDP connects

 

[treboR2Robert]

Depends on the options set on the client if you are using UDP connection. One is probably setting 'explicit-exit-notify' and the other not. Without it, it takes about 2 min for the client to be ended.

Or you can do like I do, and add the line
push "explicit-exit-notify"
to the server custom config section for UDP connects

Yes it is using UDP.

Once it is all working correctly with the latest firmware I will probably just use "OpenVPN connect" anyway.

For now I'm sticking with the latest firmware and not using the VPN server because I like the DNS over TLS.

I may setup OpenVPN on a raspberry pi for the time being until you figure out whats wrong.

As you have probably guessed by now I don't know much and can't really help you.

If you get some time to work on it though I'm happy to keep testing stuff.

Thanks

 

[HowIFix]

@treboR2Robert Disable DNSSEC, reboot and test.

 

[treboR2Robert]

@treboR2Robert Disable DNSSEC, reboot and test.

Tried that already.

 

[HowIFix]

@treboR2Robert Try this:

1. Disable DNSSEC
2. Uninstall Diversion Script
3. Use Accept DNS Configuration "Disabled" or "Strict" in the Client
4. Use Compression "Disabled" or "None" on the Server and the Client (in both)
5. Add these Old or New Custom options (test both, do not add the 2 options at the same time) on the Client: (after Reboot)

• Old:
  • comp-lzo no
  • push "comp-lzo no"
• New:
  • compress

Maybe this problem is the same as this one:

According to the OpenVPN man page this command is DEPRECATED This option will be removed in a future OpenVPN release. Use the newer --compress instead.

FWIW: If using comp-lzo no in my OpenVPN client config fails to connect to my AC86U OpenVPN gateway server w/Merlin 384.6 flashed and I have to use just compress with empty value instead because the OpenVPN server running on my router is set for no compression...

https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

 

[treboR2Robert]

@treboR2Robert Try this:

1. Disable DNSSEC
2. Uninstall Diversion Script
3. Use Accept DNS Configuration "Disabled" or "Strict" in the Client
4. Use Compression "Disabled" or "None" on the Server and the Client (in both)
5. Add these Old or New Custom options (test both, do not add the 2 options at the same time) on the Client: (after Reboot)

• Old:
  • comp-lzo no
  • push "comp-lzo no"
• New:
  • compress

Maybe this problem is the same as this one:

It connects fine.
Reconnecting once disconnected is the problem.
Thanks anyway