Github snapshot test builds (Updated 30-May-2015)

[RMerlin]

Howdy folks,

As I'm feeling too lazy to go through the trouble of a proper beta release this weekend, and there are a few things I'd like tested more widely over the common weeks as I work on other things, I decided to upload test builds of 378.54 Alpha 3 to a separate folder on Mediafire:

https://www.mediafire.com/folder/bj94sbhrh7e49/Test_Builds

Things I'm most interested in obtaining feedback about:

• OpenSSL upgrade to 1.0.2a. Please confirm it didn't introduce any new issue with OpenVPN, Asuswebstorage syncing, https access to the router's webui and AiCloud access.
• OpenVPN policy rules: exception rules. You can now define a rule that will force traffic through the WAN. This is most useful if, for example, you want all traffic from your 192.168.1.100 PC to get through the VPN tunnel, except for traffic for a specific server (for instamce, your ISP's SMTP server). Rules directing traffic to the WAN will have priority over rules pointing to the VPN.
• I also rewrote a lot of the code surrounding policy ruling, so please confirm that it resolved any previous issues, and didn't introduce new ones.
• New option to optimize OpenVPN server performance. Please let me know your results when enabling and disabling the new "Let the OS manage socket buffers" setting on the OpenVPN server page
• Reverted part of the incomplete printing fix, to see if it resolves the NEW issues that were introduced with recent releases

For details of what was changed please consult the Changelog (found in that same directory on Mediafire).

 

[RMerlin]

Fixed issues:

• Router not seen as an IGD device by Windows (commit)

 

[sadoneli]

Great work! but openVPN is way too complex for me.
I'am running soft ether VPN now, config is simple enough for both server and client

btw: could it be possible to upgrade the dnsmasq to dnsmasq-full ? I think most of the user from China would like the ipset support in dnsmasq, so that they can add blocked domain to policy forwarding.

 

[Sanchu]

I can

Howdy folks,

As I'm feeling too lazy to go through the trouble of a proper beta release this weekend, and there are a few things I'd like tested more widely over the common weeks as I work on other things, I decided to upload test builds of 378.54 Alpha 3 to a separate folder on Mediafire:

https://www.mediafire.com/folder/bj94sbhrh7e49/Test_Builds

Things I'm most interested in obtaining feedback about:

• OpenSSL upgrade to 1.0.2a. Please confirm it didn't introduce any new issue with OpenVPN, Asuswebstorage syncing, https access to the router's webui and AiCloud access.
• OpenVPN policy rules: exception rules. You can now define a rule that will force traffic through the WAN. This is most useful if, for example, you want all traffic from your 192.168.1.100 PC to get through the VPN tunnel, except for traffic for a specific server (for instamce, your ISP's SMTP server). Rules directing traffic to the WAN will have priority over rules pointing to the VPN.
• I also rewrote a lot of the code surrounding policy ruling, so please confirm that it resolved any previous issues, and didn't introduce new ones.
• New option to optimize OpenVPN server performance. Please let me know your results when enabling and disabling the new "Let the OS manage socket buffers" setting on the OpenVPN server page
• Reverted part of the incomplete printing fix, to see if it resolves the NEW issues that were introduced with recent releases

For details of what was changed please consult the Changelog (found in that same directory on Mediafire).

IPVanish bug is resolved in this version. This is now clearing the resolv files and working butt expected.

 

[Marsi4eg]

Will test this in a few days, thx RMerlin

 

[Eet_46]

I'm trying out the OpenVPN policy rules, but i can't get it to work as expected..

I'm routing a single device (my laptop - static ip) through the openvpn tunnel, but want to add an exception, when accessing a certain website (a streaming service in my country). But unfortunately, it doesn't seem to be working..

First of all, if i understand the readme correctly, it's possible to add an ip range, such as 91.238.152.1 to 255, but if i write 91.238.152.1/255 it says it's an invalid ip address. But maybe i'm misunderstanding the instructions? Point is, i'm unsure how many ip's are used in total on the website i'm visiting, although i know at least .180, .198 and .200 are..

Second, if i enter my laptops ip as source, and the destination ips (the 3 i mention above), using WAN as interface- it won't work. If i enter nothing (0.0.0.0) as s ource; same result. Also after rebooting router and flushing dns cache and clearing browser cache..

Perhaps the image i attached explains it better

Am i doing something wrong??

I know it's possible, in the past i've used the Astrill VPN applet to do the same, which worked. So i hope it can work with the built in feature here aswell

 

[john9527]

but if i write 91.238.152.1/255 it says it's an invalid ip address

Let's take it one step at a time. The ranges are entered in CIDR notation, where the value after the slash is the number of bits in the netmask. Lot's of references if you do a search.

So, to do what you want....

Rule 1: src=laptop ip, dest=0.0.0.0 iface=VPN (route all traffic from laptop through VPN)
Rule 2: src=laptop ip, dest=91.238.152.180 iface=WAN (exception, repeat as necessary)

or if you want to use CIDR, one possibility is to use 91.238.152.128/25 for the dest in Rule 2, which will cover the address range 91.238.152.128 through 91.238.152.255

 

[Eet_46]

Let's take it one step at a time. The ranges are entered in CIDR notation, where the value after the slash is the number of bits in the netmask. Lot's of references if you do a search.

So, to do what you want....

Rule 1: src=laptop ip, dest=0.0.0.0 iface=VPN (route all traffic from laptop through VPN)
Rule 2: src=laptop ip, dest=91.238.152.180 iface=WAN (exception, repeat as necessary)

or if you want to use CIDR, one possibility is to use 91.238.152.128/25 for the dest in Rule 2, which will cover the address range 91.238.152.128 through 91.238.152.255

Ah, yes, so i completely misunderstood the method with CIDR Thanks for explaining it. And i can confirm it now works flawlessly!

 

[RMerlin]

Great work! but openVPN is way too complex for me.
I'am running soft ether VPN now, config is simple enough for both server and client

btw: could it be possible to upgrade the dnsmasq to dnsmasq-full ? I think most of the user from China would like the ipset support in dnsmasq, so that they can add blocked domain to policy forwarding.

ipset support requires a bunch of additional dependencies that aren't in the firmware, such as libnflink, and backporting a newer version of ipset - it's not just a matter of compiling dnsmasq with the option enabled.

 

[charlie2alpha]

Just installed it on my RT-AC56U, first thing I noticed, Windows no longer sees the router as an UPNP IGD device, it just appears as "other upnp device" with a generic icon. My torrent client won't see it either unless I instruct it to use NAT-PMP which still works.

 

[RMerlin]

Just installed it on my RT-AC56U, first thing I noticed, Windows no longer sees the router as an UPNP IGD device, it just appears as "other upnp device" with a generic icon. My torrent client won't see it either unless I instruct it to use NAT-PMP which still works.

Anyone else? It does show up as an RT-AC87U here in Windows's Network window, and the test client can also detect the IGD on the network:

merlin@mint-dev ~/miniupnp/tempo/miniupnpc $ ./upnpc-static -l
upnpc : miniupnpc library test client, version 1.9.
(c) 2005-2014 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.10.1:36897/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.10.1:36897/ctl/IPConn
Local LAN ip address : 192.168.10.107
Connection Type : IP_Routed
Status : Connected, uptime=45166s, LastConnectionError : ERROR_NONE
  Time started : Mon May 25 01:27:20 2015
MaxBitRateDown : 10000000 bps (10.0 Mbps)  MaxBitRateUp 10000000 bps (10.0 Mbps)
ExternalIPAddress = 198.xx.xx.xx
i protocol exPort->inAddr:inPort description remoteHost leaseTime
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)

merlin@mint-dev ~/miniupnp/tempo/miniupnpc $ ./upnpc-static -a 192.168.10.107 2222 2222 tcp 30
upnpc : miniupnpc library test client, version 1.9.
 (c) 2005-2014 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.10.1:36897/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.10.1:36897/ctl/IPConn
Local LAN ip address : 192.168.10.107
ExternalIPAddress = 198.xx.xx.xx
InternalIP:Port = 192.168.10.107:2222
external 198.xx.xx.xx:2222 TCP is redirected to internal 192.168.10.107:2222 (duration=30)

 

[charlie2alpha]

This is from my Linux server, directly connected to the AC56U:

defiant ~ # upnpc -l
upnpc : miniupnpc library test client. (c) 2005-2013 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
No IGD UPnP Device found on the network !

 

[VANT]

- CHANGED: Removed AiProtection's ad blocker, as it's too buggy to
be usable, breaking numerous mobile applications,
and not being configurable in any way.

Too bad.

 

[NightOwl326]

Too bad.

I 2nd That!

 

[greggy101]

Anyone else? It does show up as an RT-AC87U here in Windows's Network window, and the test client can also detect the IGD on the network:

No problems with UPNP on Win7-64

 

[VANT]

Too bad.

One more thing., all aiprotection function is not configurable, only on/off. So maybe leave ad blocker. Who don't wont use this, simply disable this funcionality in menu. ???

 

[emax.b]

No AD-Blocker, No upgrade ... i love this function

 

[bigmag]

No AD-Blocker, No upgrade ... i love this function Too

 

[RMerlin]

Folks, the ad blocker is broken. It makes many mobile applications impossible to use, because every 20-30 seconds, the browser opens as it wants to display a blocked add notification. And there's no way to whitelist anything, and since this is something Asus is no longer developing, it will never be fixed.

I also ran into a legitimate website that no longer worked at all until I disabled the ad blocker.

I'm not releasing a firmware with a known broken feature, where I will have to regularly have to deal with people asking me why they can't access this website, or why they can't use that mobile application, and having to constantly repeat the same answer.

I don't release knowingly broken stuff which will never be fixed because it simply cannot be fixed.

 

[RMerlin]

This is from my Linux server, directly connected to the AC56U:

defiant ~ # upnpc -l
upnpc : miniupnpc library test client. (c) 2005-2013 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
No IGD UPnP Device found on the network !

I just re-tested with the RT-AC56U and my laptop, and it was still working fine for me - upnpc was able to detect the router, and report its settings.