[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[cybrnook]

Thanks John. And FYI, after my wipe and manual setup, everything has been fine as expected.

 

[john9527]

An update to the beta. Thanks to all that contributed feedback!

BETA RELEASE: Update-26B6
27-June-2017
Merlin fork 374.43_2-26B6j9527
Download http://bit.ly/1UGjcOX
============================

Following are the major changes (full changelog is in the zip files)

Update-26B6 Highlights

• An enhancement to force a re-validation of http credentials after an auto logoff or disconnect
  This turned out to be much more complex than I originally thought, since the original httpd server code had limited awareness when checking credentials that you may have logged into the web gui from different clients (one at a time of course). Feedback will be appreciated.
• A new option to clear existing miniupnpd leases
• Update with additional fixes included in the latest stable release
  • Fix incomplete/corrupt JFFS backup
  • Fix reversed miniupnpd config external and internal port definitions

Update-26B5 Highlights

• Updated versions of:
  • OpenVPN to 2.4.3
  • OpenSSL to 1.0.2l
  • miniupnp to 2.0 with a new Port Forwarding syslog page (Any XBox gamers willing to test?)
  • samba - update to 3.6.25 which includes SMB2 support (enable on the USB servers page)
  • nano to 2.8.4
  • dropbear to 2017.75
  • ipset-arm to 6.32
  • avahi to 0.6.32
  • dnscrypt to 1.9.5
  • curl to 7.54
  • ASUS protection server to 380.7627
• Several backports from the latest Merlin builds

As always, a reminder to have a backup of /jffs in case the jffs space needs to be reformatted due to increases in firmware size.

SHA256

26b4ebf49253161dadf0410fb1c9241ba3f45ecbc860ffb609a5fb6d471b9808  RT-AC68U_3.0.0.4_374.43_2-26B6j9527.trx
476da1a82668efd69a61a9b220a6ee15425a4c70bc62d2bad725e7d44a939b5c  RT-AC56U_3.0.0.4_374.43_2-26B6j9527.trx
536eb50ca4514352986997142f732a6b2331bf0a5f45214bf0e5ad47e51a9e25  RT-N16_3.0.0.4_374.43_2-26B6j9527.trx
8626ffece5e33d2d50e95c856f6ffe9a8a90680795a6f596ce79b29a0b1e5302  RT-AC66U_3.0.0.4_374.43_2-26B6j9527.trx
63b3116843db7bbed834e13738d2e5a6f26c4af2fe3df7f798f2e853ab128794  RT-N66U_3.0.0.4_374.43_2-26B6j9527.trx

 

[cybrnook]

Thanks John, will test tonight.

Anything I need to consider when going from B5 to B6, seeing that I setup by hand on a fresh B5 install? I do use VPN and have both my CA cert on jffs as well as my public key for ssh on jffs.

And side bar question, does your nvram tool also cover objects normally stored in nvram space but moved to jffs? Or are you dividing the line, and thinking that a. your tool covers nvram, b. jffs backup from webui covers moved items?

 

[john9527]

Thanks John, will test tonight.

Anything I need to consider when going from B5 to B6, seeing that I setup by hand on a fresh B5 install? I do use VPN and have both my CA cert on jffs as well as my public key for ssh on jffs.

Should be a simple update. All your settings should stay in place.

And side bar question, does your nvram tool also cover objects normally stored in nvram space but moved to jffs? Or are you dividing the line, and thinking that a. your tool covers nvram, b. jffs backup from webui covers moved items?

My tool also creates a jffs backup (did it before we had the gui option). So if you run my tool, you will automatically get both the nvram and jffs. The jffs restore needs to be run separately, jffs-restore.sh

 

[Builder71]

Grabbed V25E8. Thx!

 

[cybrnook]

Loaded up 26B6, so far uneventful. Waiting for my 60 min timeout

 

[cybrnook]

First timeout and re-login works as expected.

Need to test it one more time though..... I am the typo king and thinking I fat fingered by PW on the first re-login attempt and was challenged a second time. Log shows one failed, one successful. Pretty sure self-inflicted, but will now in 60+ minutes....

EDIT: Worked fine.

Side note, hitting the back button after logout does take you to a full view of the last page you were on, but you are instantly challenged to re-auth, as expected.

 

[jrmwvu04]

Well I never got around to reverting, but I loaded 26B6 and the upnp port forwards are back to persisting long after the consoles are shut off, which I’m 95% sure was the case in versions prior to beta 5.

 

[cybrnook]

Well I never got around to reverting, but I loaded 26B6 and the upnp port forwards are back to persisting long after the consoles are shut off, which I’m 95% sure was the case in versions prior to beta 5.

Which I would believe is good, right? I don't use upnp, but I believe in other firmware (DD-WRT/OpenWRT(LEDE) comes to mind), it is the default behavior to hold rules, unless specified to clean after x amount of time, or on reboot.

 

[john9527]

EDIT: Worked fine.

Side note, hitting the back button after logout does take you to a full view of the last page you were on, but you are instantly challenged to re-auth, as expected.

Seems to depend on the browser. Chrome will show the last cached page on the back button, then authenticate.....Firefox authenticates then shows the cached page.

I really don't want to disable caching for performance reasons.

 

[cybrnook]

Interesting, my test case WAS actually in FF v54 64bit. As well, I have firefox set to "Never remember any history".

I personally don't see an issue with the cached page (at least not in the scope of our home routers), if that is in fact what causes this as you and I seem to have a small mismatch with the results. That is much less of a risk than being able to fully log back in with the back button.

 

[jrmwvu04]

An enhancement to force a re-validation of http credentials after an auto logoff or disconnect. This turned out to be much more complex than I originally thought, since the original httpd server code had limited awareness when checking credentials that you may have logged into the web gui from different clients (one at a time of course). Feedback will be appreciated.

I let a session time out and it did require reauth, which is a first for safari. It normally keeps authentication even with a specific manual user logout, clears only with a full cache reset. iOS 11 beta 2, fwiw.

 

[jrmwvu04]

Which I would believe is good, right? I don't use upnp, but I believe in other firmware (DD-WRT/OpenWRT(LEDE) comes to mind), it is the default behavior to hold rules, unless specified to clean after x amount of time, or on reboot.

I don’t know if it’s better or worse to be honest. I think in theory it would be better if things were clear and tidy like in beta 5 but the Xbox(es) get all emotional about the ports changing on them because they (Xbox) don’t renegotiate properly under some conditions.

Edit: that’s the reason that troubleshooting tip #1 on any Xbox networking issue is “hard reset the box” because it forces a clean renegotiation.

 

[punchsuckr]

I recently setup a raspberry pi to host an openvpn server since the speed on the n66u would max out at ~10mbps...a highly successful plan and now I easily hit 50mbps which is a major step up from the n66. The problem was that transfers from the disks I had attached to the router would still max out at only 5-600kBps over the new server while transfers from my computers would hit 3-4MBps no problem. The rpi which hosts the server is connected via lan to the router. I transferred the disks to a PC and transfer speeds are fine again over the server. The server being on the rpi also would let me update it regardless of router firmware updates.

At the risk of being ignored again (still dont know whether shadow banned or something), I wanted to know what could be the cause for this apparent bottleneck when actually NAS transfer speeds could saturate a 100mbps lan connection?

 

[tyspeed42]

Running the 26B6 on my AC68W, and AC68U and nothing to report, running smooth. Thanks John.

 

[john9527]

At the risk of being ignored again (still dont know whether shadow banned or something), I wanted to know what could be the cause for this apparent bottleneck

What's your addressing scheme for the pi? Is it on the same subnet as the router?
Do you have QoS enabled on the router?

 

[punchsuckr]

What's your addressing scheme for the pi? Is it on the same subnet as the router?
Do you have QoS enabled on the router?

Yes it is. I have switched to 10.93.69.x scheme to prevent conflicts on the client side.

 

[john9527]

Yes it is. I have switched to 10.93.69.x scheme to prevent conflicts on the client side.

Sorry, I don't follow the 'prevent conflicts' part.....
What is the router address, pi address, and address range for the clients.

 

[punchsuckr]

Sorry, I don't follow the 'prevent conflicts' part.....
What is the router address, pi address, and address range for the clients.

Conflicts as in if the client location also uses the default 192.168.1.x scheme.

Router addr is 10.93.69.1
Rpi is at 10.93.69.61
Addr range for clients is 10.8.0.x

 

[ColinTaylor]

Update-26B6 Highlights

• An enhancement to force a re-validation of http credentials after an auto logoff or disconnect
  
• Fix incomplete/corrupt JFFS backup

Both appear to be working fine. Thanks John.