SwampKracker
Senior Member
I have upgraded two RT-AC68U routers to 384.4 and manage both via HTTPS with Firefox 59.X. Sounds like there might be a certificate issue with your browser.
[Release 384/NG] Asuswrt-Merlin 384.4 is now available
- Thread starter RMerlin
- Start date
- Status
Stephen Harrington
Very Senior Member
Likewise I'm not seeing that behaviour at all ...
I just tried in on my AC68U with a fresh 384.4 and HTTPS (port 8443, LAN side) is working fine with Firefox 59.0.1 here, see screen shot. Tried it from 2 different macOS 10.13.3 High Sierra machines if that makes any difference?
StephenH
That's normal. That setting is merely a preset that gets applied to various options on the Advanced page. Custom means that those settings were manually configured in a way that doesn't match either settings. When you select a proper preset, then the custom option disappears, since you cannot apply a "custom preset", if you understand what I mean.
This is all getting overhauled in 384.5. I am removing various broken/useless/duplicate settings, and replacing this preset selector with an actual setting that will allow one to chose between giving access to the LAN only, the Internet only, or both LAN and Internet. This setting will combine the previous manual options of Redirect Gateway, Push LAN, Firewall.
The Advanced page will now be a bit less filled with useless or confusing settings:
The new Internet Only option will prevent access to anything on the LAN including the router itself. It's intended to allow you to give someone access to your Internet connection without being able to access your LAN. This option was actually previously available as the cryptic "External" option for the Firewall setting. It was not only cryptic, but it also didn't even work properly... Now it's more visible, and it actually works.
I have a RT-AC5300 running Firmware Version:384.4. Every time I make changes to the WIFI, the wifi totally stop working. Reboot doesn't work unless I completely pull out the power and plug it back in. Please fix
Mar 22 22:29:29 rc_service: httpd 383:notify_rc restart_wireless
Mar 22 22:29:29 rc_service: waitting "restart_wireless" via httpd ...
Mar 22 22:29:44 rc_service: skip the event: restart_wireless.
Mar 22 22:36:21 kernel: net_ratelimit: 1 callbacks suppressed
Mar 22 22:38:12 rc_service: httpd 383:notify_rc restart_usb_idle;restart_time;restart_upnp;
Mar 22 22:38:12 rc_service: waitting "restart_wireless" via httpd ...
Mar 22 22:38:27 rc_service: skip the event: restart_usb_idle;restart_time;restart_upnp;.
Mar 22 22:40:59 rc_service: httpd 383:notify_rc reboot
Mar 22 22:40:59 rc_service: waitting "restart_wireless" via httpd ...
Mar 22 22:41:14 rc_service: skip the event: reboot.
Mar 22 22:29:29 rc_service: httpd 383:notify_rc restart_wireless
Mar 22 22:29:29 rc_service: waitting "restart_wireless" via httpd ...
Mar 22 22:29:44 rc_service: skip the event: restart_wireless.
Mar 22 22:36:21 kernel: net_ratelimit: 1 callbacks suppressed
Mar 22 22:38:12 rc_service: httpd 383:notify_rc restart_usb_idle;restart_time;restart_upnp;
Mar 22 22:38:12 rc_service: waitting "restart_wireless" via httpd ...
Mar 22 22:38:27 rc_service: skip the event: restart_usb_idle;restart_time;restart_upnp;.
Mar 22 22:40:59 rc_service: httpd 383:notify_rc reboot
Mar 22 22:40:59 rc_service: waitting "restart_wireless" via httpd ...
Mar 22 22:41:14 rc_service: skip the event: reboot.
Firefox broke something with SSL when they moved to the Quantum engine, and things seem to have gotten even worse with their recent release. Not sure what happened, so far the only 100% working solution that I've found is to generate your own CA + signed certificate, and to import the CA into the trusted CA store. I suspect that Firefox is trying to validate something with the self-signed certificate (and failing miserably at doing so).
Some people have also had some success deleting the previously stored certificate from Firefox, and accepting it again.
I wish I knew what was going on (Chrome has a similar issue, except it's more random, and usually manifests itself with pages failing to fully load), but it seems that it would take someone with low-level knowledge of the TLS protocol to properly troubleshoot this. This is not a new issue, it's been happening for a few years now, but somehow has become worse with recent browser updates.
A search only showed a similar issue happened with Firefox a few years ago, where Firefox would choke on any certificate missing the email attribute. At the time it was marked as a bug in Firefox, and I believe it was eventually fixed.
Some people have also had some success deleting the previously stored certificate from Firefox, and accepting it again.
I wish I knew what was going on (Chrome has a similar issue, except it's more random, and usually manifests itself with pages failing to fully load), but it seems that it would take someone with low-level knowledge of the TLS protocol to properly troubleshoot this. This is not a new issue, it's been happening for a few years now, but somehow has become worse with recent browser updates.
A search only showed a similar issue happened with Firefox a few years ago, where Firefox would choke on any certificate missing the email attribute. At the time it was marked as a bug in Firefox, and I believe it was eventually fixed.
bozo29
Occasional Visitor
Thank You Merlin,
Indeed, the cable was to blame.
I've changed it and now everything is all right.
Stephen Harrington
Very Senior Member
Treadler
Very Senior Member
I had the same problem, fixed by doing a Firefox browser reset to default. (In the browser settings).
Now HTTPS works fine.
Grisu
Part of the Furniture
easier way instead resetting complete FF to default not loosing them:
open FF and wait more than an hour, update only router page not working correct, dont touch other tabs.
go to chronik/history and click delete newest chronik/history
you are asked choose delete last hour and let them all be deleted
now it works for me again with old profile ...
Bagu
New Around Here
Not here.
I generate a new certificate...But the nothing change :
No problem or conflict with air web cloud service, i change the port to 1443.
Access http://192.168.1.1 work fine
Access https://192.168.1.1 don't work (Timeout)
bbunge
Part of the Furniture
Another fix is to move back the Firefox ESR version. FF 58 seemed to be OK but FF 59 seemed to bring on problems.
Sent from my P01M using Tapatalk
skeal
Part of the Furniture
You need to use https://192.168.1.1:443 for example.Not here.
I generate a new certificate...But the nothing change :
No problem or conflict with air web cloud service, i change the port to 1443.
Access http://192.168.1.1 work fine
Access https://192.168.1.1 don't work (Timeout)
Bagu
New Around Here
S
Same result - Already try
Bagu
New Around Here
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
mikelees2
Regular Contributor
I don't recommend restoring settings on this new firmware 384.4 from any firmware. If you did and are still having problems you need to build the router from scratch. Factory Reset and reprogram the router. Yes it sucks but it's the only way you can insure that you are not corrupting the routers new firmware by restoring settings from an old build. Take some screen shots and time and just do it. It will be worth the time. Until you do you will have nothing but problems. So to me if you wish to continue with the newest software you will have to take the leap and just do it.
The other thing to think about as with some who have also had troubles after restoring and having it work, If the restore works this time will it continue to work on the next update? Sometimes you just need to start fresh.
SkOrPn
Occasional Visitor
Hello again,
I am wondering what people think "overall" of the new generation 384 Asus Merlin software? What does it have to bring to the table that the older software didn't? Is it stability, performance, design flaw or security issue that Asus improved with 384?
The reason I am wondering if I should upgrade to 384 (from 380.69_2) is because all of my Wemo wifi smart switches do not reconnect after a power outage reboot or even a simple router reboot. Belkin tells me they believe its the router or its firmware and to update it, lol. All my other wifi switches and wifi devices work and connect just fine though.
So, for the past Month I keep thinking to myself maybe this new 384 GPL branch could make a difference just because the software is newer? My AC66U_B1 (same as AC68U) is still running 380.69_2. Of course I will wait for 384.5 because that sounds like it will come with some substantial but needed changes to the UI. Thanks again at Merlin for this great and much appreciated work.
So do you all get the feeling that the 384 branch is better than the old 380 branch?
I am wondering what people think "overall" of the new generation 384 Asus Merlin software? What does it have to bring to the table that the older software didn't? Is it stability, performance, design flaw or security issue that Asus improved with 384?
The reason I am wondering if I should upgrade to 384 (from 380.69_2) is because all of my Wemo wifi smart switches do not reconnect after a power outage reboot or even a simple router reboot. Belkin tells me they believe its the router or its firmware and to update it, lol. All my other wifi switches and wifi devices work and connect just fine though.
So, for the past Month I keep thinking to myself maybe this new 384 GPL branch could make a difference just because the software is newer? My AC66U_B1 (same as AC68U) is still running 380.69_2. Of course I will wait for 384.5 because that sounds like it will come with some substantial but needed changes to the UI. Thanks again at Merlin for this great and much appreciated work.
So do you all get the feeling that the 384 branch is better than the old 380 branch?
bland328
Occasional Visitor
tl;dr: I've been through multiple 384.4 installations on my RT-AC3200, but many Wi-Fi devices in my home that are perfectly happy with 384.3 are then unable to connect.
I'm the guy who reported Ubuntu laptop, Ecobee thermostat and LIFX bulb Wi-Fi connection woes with 384.4 (but not 384.3) back in post 391079.
Today I sat down with my RT-AC3200 to do a slow, patient, meticulous flash, factory reset, and manual configuration.
I did the following:
- Unplugged all USB devices
- Flashed 384.4 and waited for reboot to finish
- Followed DaveMishSr's instructions on holding the WPS button at power up multiple times to get a good factory reset (as he describes, I did witness the power light pulsating at the 20-second mark the first time through, and at the 5-second mark the second time through)
- Followed RMerlin's instructions on power cycling with a complete electrical reset
- Turned the router on and waited 10 full minutes, per skeal's advice
- Stepped through the simple three-step GUI wizard to get the fundamentals configured
- Observed, as I always do, the WAN light was red, and since initiating a Reboot via the GUI has never cured that for me, followed RMerlin's instructions on power cycling with a complete electrical reset once more, for good measure.
Any thoughts? Did I miss a trick? Any data I can gather for anyone?
The only thing left to do, I think, is to record the router - Ubuntu exchange with Wireshark. You would need to record two sessions, one with a router firmware version that works, and one with 384.4 loaded. Here's what I would do:
1. Turn off all other wifi devices.
2. Turn off the router or turn off the wifi on the router, your choice.
3. Fire up the Ubuntu laptop and start recording with Wireshark.
4. Start the router, or, turn on the router's wifi. Let the Wireshark recording session run until it appears that the router's wifi is up and running and then let it run for another two or three minutes. Wireshark should, I believe, pick up and record the incoming and outgoing data from the wifi adapter when the router wifi starts up and attempts to connect with any device on its network.
5. Save the recorded session.
Reload the router with the other firmware. When complete, follow the same steps. When that session has been recorded, bring up both data sets in seperate Wireshark instances. When you select (click or double click on) the data file it will start a Wireshark instance with that data. You can filter the data to show the conversation between specific IP addresses, but, in the case of the data archive where the laptop doesn't connect, that might not work. So, what you will have to do is go thru the data to the start point where the Ubuntu laptop does connect with the previous version. Once you find that, you should be able to find the same start point in the other archive. From there, its a matter of examining the data to see where they diverge. This is more than a pain in the ***, but, without a method of seeing the two way conversation at the start of the connection attempt, I don't see any other way around this.
If you had another Ubuntu laptop around, you might be able to set its wifi adapter to run in Monitor or Promiscuous mode to capture the two way traffic between the router and original Ubuntu laptop. From there, you would have to step thru the data to see where the connection attempt occurs and where it fails.
In either case, hopefully you would find the problem point and be able to provide that info to Merlin or Asus.
Edit: Just thinking about this, I wonder if you would have to use a second Ubuntu/linux laptop with Monitor or Promiscuous mode set in order to capture the raw data exchange between the router and original laptop. I suspect that a good portion of the raw data would be filtered by the adapter card on the original laptop as the card would be running in its normal operating mode. That raw data would probably contain the lower level exchange that occurs when the laptop starts the login sequence with the router.
1. Turn off all other wifi devices.
2. Turn off the router or turn off the wifi on the router, your choice.
3. Fire up the Ubuntu laptop and start recording with Wireshark.
4. Start the router, or, turn on the router's wifi. Let the Wireshark recording session run until it appears that the router's wifi is up and running and then let it run for another two or three minutes. Wireshark should, I believe, pick up and record the incoming and outgoing data from the wifi adapter when the router wifi starts up and attempts to connect with any device on its network.
5. Save the recorded session.
Reload the router with the other firmware. When complete, follow the same steps. When that session has been recorded, bring up both data sets in seperate Wireshark instances. When you select (click or double click on) the data file it will start a Wireshark instance with that data. You can filter the data to show the conversation between specific IP addresses, but, in the case of the data archive where the laptop doesn't connect, that might not work. So, what you will have to do is go thru the data to the start point where the Ubuntu laptop does connect with the previous version. Once you find that, you should be able to find the same start point in the other archive. From there, its a matter of examining the data to see where they diverge. This is more than a pain in the ***, but, without a method of seeing the two way conversation at the start of the connection attempt, I don't see any other way around this.
If you had another Ubuntu laptop around, you might be able to set its wifi adapter to run in Monitor or Promiscuous mode to capture the two way traffic between the router and original Ubuntu laptop. From there, you would have to step thru the data to see where the connection attempt occurs and where it fails.
In either case, hopefully you would find the problem point and be able to provide that info to Merlin or Asus.
Edit: Just thinking about this, I wonder if you would have to use a second Ubuntu/linux laptop with Monitor or Promiscuous mode set in order to capture the raw data exchange between the router and original laptop. I suspect that a good portion of the raw data would be filtered by the adapter card on the original laptop as the card would be running in its normal operating mode. That raw data would probably contain the lower level exchange that occurs when the laptop starts the login sequence with the router.
Last edited:
- Status
Similar threads
Similar threads
Similar threads
-
-
-
-
Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW
- Started by WishForTheStars
- Replies: 6
-
-
RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!)
- Started by itibi
- Replies: 14
-
-
Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices
- Started by RMerlin
- Replies: 62
-
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
- Started by B0GDAN
- Replies: 1
-
Several Questions Re:Asuswrt-Merlin Feature Implementation
- Started by fenixreign
- Replies: 2