[Release] Asuswrt-Merlin 384.10 is now available

[RMerlin]

This is occuring under the VPN Client tab.

Ok, definitely different from the issue I recently fixed with the server then. I'll try once more to reproduce it, but so far it's been working fine for me.

 

[bobo27]

Can you guys provide the exact steps you are taking where you are experiencing problems changing the server's CA? The only scenario I can reproduce here is if you change the CA but do not provide a server certificate and server key, then the router would generate all three of them. This isn't a new issue, and must have been there for a very long time. I just fixed this specific scenario by having the router no longer check the presence of the server key/cert to determine if a CA mus tbe auto-generated. However, I am not experiencing any problem if I change the CA without changing or removing the server key/certs that are currently present (tho a client would fail to connect with that, as the cert must be signed by the same CA).

I have not yet had time to try the resets/setup described yesterday.
But what I did was upgrade a brand new AC-86U to 384.10. Enabled the JFFS part and rebooted. Then I copied all the keys and certificates from the AC-66U to the AC-86U through the GUI. Clicked save (checked after that and all is then still as entered). Then click apply and then when I open the GUI again, the top three boxes are overwritten with other keys/certificates (ASUS signed, mine are not). I can then change the keys/certs again, after which it will save all correctly except the CA. It is then using the ASUS one again. Also tried editing the CA through SSH (vi) and by exporting the JFFS completely and importing/putting it back with a changed CA. I have always done a reboot through the GUI. All with the same outcome..



Sent from my iPhone using Tapatalk

 

[RMerlin]

I have not yet had time to try the resets/setup described yesterday.
But what I did was upgrade a brand new AC-86U to 384.10. Enabled the JFFS part and rebooted. Then I copied all the keys and certificates from the AC-66U to the AC-86U through the GUI. Clicked save (checked after that and all is then still as entered). Then click apply and then when I open the GUI again, the top three boxes are overwritten with other keys/certificates (ASUS signed, mine are not). I can then change the keys/certs again, after which it will save all correctly except the CA. It is then using the ASUS one again. Also tried editing the CA through SSH (vi) and by exporting the JFFS completely and importing/putting it back with a changed CA. I have always done a reboot through the GUI. All with the same outcome..

Thanks. That seems probably tied to the fix I did this weekend, which would revert the CA, as well as server key and cert if any of these three were missing.

Was it on Server 1 or 2?

 

[RMerlin]

The only step I took/know to take regarding the CA was to generate new .OVPN files from my VPN provider. This did not seem to make a difference, and I had never had to manually edit anything regarding keys or certs. I figured that's what the convenience of the generated OVPN file was about.

Going to drop back to 348.9 and see if it makes a difference. Not wanting to do a full factory reset, but, if that's what it takes that's what it takes.

If there's any other data or troubleshooting that can be provided, let me know and I'll be glad to assist if at all possible.

Re-tested again editing the OpenVPN client CA here, and everything is working properly for me.

Do note that when you upload an ovpn file, it will erase all existing key/certificates from that instance. This is by design, as the router has no way of knowing if these should be blank or not. If the ovpn file contains any embedded key/cert, then these will get imported. Otherwise, you have to manually provide them after uploading the ovpn, not before.

Also note that if your previous certificate was very old and used an obsolete SHA1 digest for its signature, these are now deprecated under OpenSSL 1.1.1 (as well as under many modern operating systems), so you will need to replace these with newer versions from your provider.

 

[RMerlin]

384.10_1 test builds uploaded to https://asuswrt.lostrealm.ca/test-builds . Please re-test OpenVPN. If you are still having certificate issues, post the router model, and the exact steps you are doing to recreate the problem and in what order. Order is important with OpenVPN clients if you also upload an ovpn file.

 

[#TY]

https://sourceforge.net/blog/april-2019-community-choice-project-month-asuswrt-merlin/
Congratulations RMerlin (how do you tag someone in here) and a big thank you for everything you do man!

 

[RMerlin]

https://sourceforge.net/blog/april-2019-community-choice-project-month-asuswrt-merlin/
Congratulations RMerlin (how do you tag someone in here) and a big thank you for everything you do man!

Thanks, but we're ahead of you there

https://www.snbforums.com/threads/news-7th-year-anniversary-and-project-of-the-month-at-sf-net.55865/

 

[#TY]

Thanks, but we're ahead of you there

https://www.snbforums.com/threads/news-7th-year-anniversary-and-project-of-the-month-at-sf-net.55865/

LOL oops... sorry about that

 

[fearz]

I feel 384.11 soon?

 

[L&LD]

I feel 384.11 soon?

Test the builds in post 365 if you use the modules updated and help push it along!

 

[fearz]

384.10_1 test builds uploaded to https://asuswrt.lostrealm.ca/test-builds . Please re-test OpenVPN. If you are still having certificate issues, post the router model, and the exact steps you are doing to recreate the problem and in what order. Order is important with OpenVPN clients if you also upload an ovpn file.

Does this address only openvpn client issues?

 

[L&LD]

Does this address only openvpn client issues?

Did you read the text you quoted?

 

[fearz]

Did you read the text you quoted?

There are no quoted texts in the post you mentioned, it only mentioned openvpn client tests, im just asking to make sure there aren’t any other updates for that alpha to at least try to test other features and support.

 

[L&LD]

There are no quoted texts in the post you mentioned, it only mentioned openvpn client tests, im just asking to make sure there aren’t any other updates for that alpha to at least try to test other features and support.

No, read your post 371. You quoted RMerlin.

These are test builds for OpenVPN. If there was added testing to be done, it would have been specified too.

Hope they fix your issue!

 

[fearz]

No, read your post 371. You quoted RMerlin.

These are test builds for OpenVPN. If there was added testing to be done, it would have been specified too.

Hope they fix your issue!

Thank you dear, was just trying to make sure, thats it.

 

[RMerlin]

Does this address only openvpn client issues?

OpenVPN server, there was no change to the client code.

There are a few other minor fixes, like the broken Moviestar support, or the missing tooltip on the Other Settings page.

9410bcd604 (HEAD -> mainline) Merge branch 'master' into mainline
ac3190bf98 (master) Updated documentation
a3abf470a7 httpd: validate correct variable in websRedirect*() (backport from 384_5948)
ce29820072 (origin/master, origin/HEAD) rc: openvpn: only re-generate server CA if it's missing, ignore server key/cert
c2d2fd7890 rc: openvpn: increase interface queue length from 100 to 1000 bytes
9f7da28be1 webui: fix typo in local DNS resolution setting's tooltip
8e7045e066 Updated documentation
3dfa990152 webui: set Bandwidth Monitor FAQ URL to old one, new one is MIA on Asus servers
7a783fff91 webui: fix missing space in Wireless Log flags legend
2bc62226a6 rc: reset new firmware notification flag in case update check fails to run post-upgrade
33ab4d7550 (origin/mainline) webui: fix Wireless Client layout for some models without Phy/NSS/BW report capabilities
aac833dabd webui: added tooltip to the "Use local caching" Tools setting
def11e32da Bumped revision to 384.10_1
1f35105eca quagga: drop obsolete config samples

 

[Mihai]

i try

Sure, here is my password: April_><>

i try git push
Username for 'https://github.com': rmerl
Password for 'https://rmerl@github.com':
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/RMerl/asuswrt-merlin.ng.git/'

 

[L&LD]

i try

i try git push
Username for 'https://github.com': rmerl
Password for 'https://rmerl@github.com':
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/RMerl/asuswrt-merlin.ng.git/'

No one will give you their password. RMerlin was being sarcastic and having a little fun at the same time (April 1st! Get it?).

See the previous posts right after your original rather forward, request. At least one reply offers the proper way to achieve what you need (not what you want).

 

[fearz]

OpenVPN server, there was no change to the client code.

There are a few other minor fixes, like the broken Moviestar support, or the missing tooltip on the Other Settings page.

9410bcd604 (HEAD -> mainline) Merge branch 'master' into mainline
ac3190bf98 (master) Updated documentation
a3abf470a7 httpd: validate correct variable in websRedirect*() (backport from 384_5948)
ce29820072 (origin/master, origin/HEAD) rc: openvpn: only re-generate server CA if it's missing, ignore server key/cert
c2d2fd7890 rc: openvpn: increase interface queue length from 100 to 1000 bytes
9f7da28be1 webui: fix typo in local DNS resolution setting's tooltip
8e7045e066 Updated documentation
3dfa990152 webui: set Bandwidth Monitor FAQ URL to old one, new one is MIA on Asus servers
7a783fff91 webui: fix missing space in Wireless Log flags legend
2bc62226a6 rc: reset new firmware notification flag in case update check fails to run post-upgrade
33ab4d7550 (origin/mainline) webui: fix Wireless Client layout for some models without Phy/NSS/BW report capabilities
aac833dabd webui: added tooltip to the "Use local caching" Tools setting
def11e32da Bumped revision to 384.10_1
1f35105eca quagga: drop obsolete config samples

Excelent! Updating...

 

[Mihai]

i try to help it but i can not

No one will give you their password. RMerlin was being sarcastic and having a little fun at the same time (April 1st! Get it?).

See the previous posts right after your original rather forward, request. At least one reply offers the proper way to achieve what you need (not what you want).