[Release] Asuswrt-Merlin 380.65 is now available

[unsynaps]

BOOOO!

Seems some of the new features for OpenVPN 2.4 are broken on the iOS client. The same client1.ovpn works fine in Windows but iOS the server throws "tls-crypt unwrap error: packet too short" errors.

No fault of Merlin. Man does fantastic work. Just throwing this out there in case anyone else runs into issues.

EDIT: Odd ball thing I found out in the process. AT&T wireless has native ipv6. Didn't know this.

 

[Zirescu]

BOOOO!

Seems some of the new features for OpenVPN 2.4 are broken on the iOS client. The same client1.ovpn works fine in Windows but iOS the server throws "tls-crypt unwrap error: packet too short" errors.

No fault of Merlin. Man does fantastic work. Just throwing this out there in case anyone else runs into issues.

EDIT: Odd ball thing I found out in the process. AT&T wireless has native ipv6. Didn't know this.

Seems to work fine for my configuration, I set the server to Cipher Negotiation: Enable, Compression: LZ4, left the Negotiable Ciphers as default. The iOS Client version I have is 1.0.5 build 177.

Where I did run into an issue was with Tunnelblick 3.7.0, it wouldn't connect and then figured out I had to manually change the OpenVPN version to 2.4.0 - OpenSSL v.1.0.2.k on my newly imported config and then I was able to connect from the Mac.

 

[armsAC3100]

Asuswrt-Merlin 380.65 is now available for all supported models.

380.65 running well on my AC3100. One issue. Traffic monitor always show "0" incoming traffic on both 2.4 and 5ghz wireless. Wired and WAN are OK.
Al

 

[unsynaps]

Seems to work fine for my configuration, I set the server to Cipher Negotiation: Enable, Compression: LZ4, left the Negotiable Ciphers as default. The iOS Client version I have is 1.0.5 build 177.

Where I did run into an issue was with Tunnelblick 3.7.0, it wouldn't connect and then figured out I had to manually change the OpenVPN version to 2.4.0 - OpenSSL v.1.0.2.k on my newly imported config and then I was able to connect from the Mac.

I think the problem is setting "TLS control channel security" to "Encrypt Channel".

Funny thing is a update to the iOS client came out not 2-3 days ago. >.>

Running iOS version 1.1.1 build 212

EDIT: Yep. Setting "TLS control channel security" back to "Bi-directional Auth" which I used on the last version of merlins firmware (OpenVPN 2.3) iOS can now connect with no issues. I even have LZ4 enabled and it works. So its something broken with the new "TLS control channel security" on iOS.

EDIT2: Seems iOS is not doing Negotiable ciphers properly. I have OpenVPN set to "AES-256-GCM:AES-256-CBC" cause it was bitching about insecure 128 bit. But with the server and client file set to the above iOS keeps connecting with BF-CBC. If I force it to AEs-256-CBC it does what its told.

 

[Wutikorn]

I think the problem is setting "TLS control channel security" to "Encrypt Channel".

Funny thing is a update to the iOS client came out not 2-3 days ago. >.>

Running iOS version 1.1.1 build 212

EDIT: Yep. Setting "TLS control channel security" back to "Bi-directional Auth" which I used on the last version of merlins firmware (OpenVPN 2.3) iOS can now connect with no issues. I even have LZ4 enabled and it works. So its something broken with the new "TLS control channel security" on iOS.

They probably just haven't updated the app yet, but LZ4 has been supported for some time already before 2.4.0 release.

 

[unsynaps]

They probably just haven't updated the app yet, but LZ4 has been supported for some time already before 2.4.0 release.

Ahh well that explains that.

Again they pushed an update today (FEB 3rd) and that does not contain a fix. Go fig... At least the app does not look like a iOS 4 app anymore.

EDIT: Well deleting the app fixed the cert issue (it picking BF-CBC) but it didnt fix the tls-crypt error.

 

[Zirescu]

I think the problem is setting "TLS control channel security" to "Encrypt Channel".

Funny thing is a update to the iOS client came out not 2-3 days ago. >.>

Running iOS version 1.1.1 build 212

EDIT: Yep. Setting "TLS control channel security" back to "Bi-directional Auth" which I used on the last version of merlins firmware (OpenVPN 2.3) iOS can now connect with no issues. I even have LZ4 enabled and it works. So its something broken with the new "TLS control channel security" on iOS.

EDIT2: Seems iOS is not doing Negotiable ciphers properly. I have OpenVPN set to "AES-256-GCM:AES-256-CBC" cause it was bitching about insecure 128 bit. But with the server and client file set to the above iOS keeps connecting with BF-CBC. If I force it to AEs-256-CBC it does what its told.

Weird the About on mine shows 1.0.5 but I've got the 1.1.1 client according to the App store.
Edit - Just nuked my client and downloaded the app again and now it's reporting the correct version number 1.1.1. Didn't have any errors connecting after importing the new profile.

 

[Naftali Oziel]

Updated from beta 4 to stable 5 on my 88U. It seems to be running fine. The only issue I'm seeing is with the GUI. When I look at the device map, while it shows the speed of the connection, it no longer shows the strength of the connection. They are all black. I've always had my doubts about how reliable the strength indicators were, but thought I would mention it. I'm also noticing that the screen where I put in my id and password to enter the GUI now has a black background. It looks pretty cool, but I seem to recall that it was different in the past.

Try clearing your browser cache

 

[12darline]

RT-AC5300 is running very well (no problems at all) with 380.65. I really do not recall a time when my WiFi was longer or stronger. This is a winner and I am very happy...

 

[Xentrk]

Hello,
I just upgraded from 380.64_2 to 380.65 and I am having a problem connecting to my VPN provider Torguard, I am not sure what I need to change to connect?
Thanks For your help.
Paul

Shouldn't need to change anything, worked fine here. Any error messages in the system log?

Torguard not working for me either. At first attempt, the VPN client did not connect/work. It did not like the default options as I use port 1194 for no encryption. So, I changed the configs to use no encryption on the gui. Same error. I looked in the log and saw this message:

Feb  4 02:04:19 openvpn[26966]: --mtu-disc is not supported on this OS

I removed the mtu-disc yes option from additional configs. I then was able to connect to my private VPN IP. However, I could not access any websites. I could ping my private VPN IP though.

I have the following in Additional Config. I removed all of the lines except the first two as they are required by Torguard. Same result.

persist-key
persist-tun
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
tun-mtu 1500
mssfix 1450
nobind
pull
fast-io
auth-nocache

I see a lot of these messages:

Feb  4 02:13:51 openvpn[10875]: event_wait : Interrupted system call (code=4)

For now, I reverted back to 380.64_2 as we are hosting movie night for some kids tonight and I need everything working. Tomorrow, I may try again with AES-128-CBC to see if that makes a difference.

Can you post a pic of your settings for the two new fields regarding encryption so I can try with the same? Thanks!!

EDIT: Also noticed the status percentage goes to 200% after applying changes. I'll see if I can reproduce next attempt.

 

[bradbort]

Try clearing your browser cache

I tried that on Chrome. No difference. Signal strenght indications are all black instead of showing amount. I'm also seeing, on the first page, that the icons on the far left that are on the menu showing various functions are also blank. I just confirmed this is an issue with Chrome. When I use IE that is built into windows 10, everything shows as it should.

 

[pignon]

The TOR/Mac address configuration page is broken with this update.
Switched back to previous release 380.64.2 and recovered all features.

 

[bradbort]

I tried that on Chrome. No difference. Signal strenght indications are all black instead of showing amount. I'm also seeing, on the first page, that the icons on the far left that are on the menu showing various functions are also blank. I just confirmed this is an issue with Chrome. When I use IE that is built into windows 10, everything shows as it should.

After noticing some blackboxes in other web sites using Chrome, I found a beta test of chrome called chrome canary. I downloaded it, and it resolved the problem. In other words, its a Chrome issue, and they have addressed it in their newest beta test version.

 

[shooter40sw]

Hi, I just updated and factory reset my router, I installed almost everything back with no issues but transmission is not starting automatically when restarting the router anymore, in the past version it did.
Thanks for the help

 

[bradbort]

After noticing some blackboxes in other web sites using Chrome, I found a beta test of chrome called chrome canary. I downloaded it, and it resolved the problem. In other words, its a Chrome issue, and they have addressed it in their newest beta test version.

.hmmm. This is more subtle then I thought. Despite my earlier post, other clients running chrome on this network do not have the same issue. So, on this client, chrome has the black issue, but chrome canary does not. On other clients, chrome does not have the issue. Clearing the cache, and resetting chrome, and uninstalling and reinstalling chrome does not help. I'll stop writing about it, since I don't think this is unique to the router GUI at this point.

 

[Deleted member 22630]

.hmmm. This is more subtle then I thought. Despite my earlier post, other clients running chrome on this network do not have the same issue. So, on this client, chrome has the black issue, but chrome canary does not. On other clients, chrome does not have the issue. Clearing the cache, and resetting chrome, and uninstalling and reinstalling chrome does not help. I'll stop writing about it, since I don't think this is unique to the router GUI at this point.

Just a thought: Try disabling all your Chrome extensions. If it then works, then re-enable one-by-one to find out which one is the cause. Also, check your privacy/cookie settings.

 

[Deleted member 22630]

Working great so far on my RT-AC66U. OpenVPN tested with Windows and Android clients, also fine with no need to create a new configuration file. Completely subjective opinion, but network performance to the attached hard-disk seems much faster.

 

[bradbort]

Just a thought: Try disabling all your Chrome extensions. If it then works, then re-enable one-by-one to find out which one is the cause. Also, check your privacy/cookie settings.

Thanks. I tried all of that. No joy. The only other thing I can think of is graphic card related. Maybe the latest NVIDIA update is causing issues. I'm actually swapping cards Sunday, so I will see

 

[Wutikorn]

.hmmm. This is more subtle then I thought. Despite my earlier post, other clients running chrome on this network do not have the same issue. So, on this client, chrome has the black issue, but chrome canary does not. On other clients, chrome does not have the issue. Clearing the cache, and resetting chrome, and uninstalling and reinstalling chrome does not help. I'll stop writing about it, since I don't think this is unique to the router GUI at this point.

Have you checked Chrome version of other clients? I suspect that new chrome version is causing issue, and your clients that work properly may not have up-to-date chrome.

 

[bradbort]

Have you checked Chrome version of other clients? I suspect that new chrome version is causing issue, and your clients that work properly may not have up-to-date chrome.

Thanks, but no joy. They are both running the latest. There must be some corruption somewhere, although the beta version of chrome runs fine.