[Release] Asuswrt-Merlin 384.10 is now available

[SNBForums User]

Wow, so knowledgeable.
So, you want to run things the way you want to run things and also insist that others respect your choice and do as you ask.

I love it when I get a laugh on a lousy day. Thanks!

I won't bother to list my network security qualifications for you as they would likely go right over your head, but suffice to say they are substantial. That little tidbit of information notwithstanding, my question was quite a simple one with regard to a single function, not one in which any request for network security education or training was requested, desired, or needed.

Thanks for your time.

 

[#TY]

No issues, I have downloaded and checked the hash too, literally 1 minute ago.

It seems to be coming back up for me. The only thing I can think of is perhaps some portion of the Cloudflare network was affected yesterday and it happened to be where my connection is going. Who knows. I didn't change anything on my end.

 

[cmkelley]

It seems to be coming back up for me. The only thing I can think of is perhaps some portion of the Cloudflare network was affected yesterday and it happened to be where my connection is going. Who knows. I didn't change anything on my end.

Cloudfare was out for me for about an hour or so a few days ago. There's always https://downdetector.com/status/cloudflare from a mobile.

 

[RMerlin]

The website isn't behind Cloudflare, only the separate firmware update server is.

 

[#TY]

The website isn't behind Cloudflare, only the separate firmware update server is.

It's really odd. This is day 2 and I still can't access it: https://asuswrt.lostrealm.ca/download

 

[Zonkd]

Wow, so knowledgeable.
So, you want to run things the way you want to run things and also insist that others respect your choice and do as you ask.

I love it when I get a laugh on a lousy day. Thanks!

I laughed too funny af but then I remember how often merlin has to read this nonsense. Best to ignore don’t reply to it or mention them and hope they remain an occasional visitor.

 

[RMerlin]

It's really odd. This is day 2 and I still can't access it: https://asuswrt.lostrealm.ca/download

What IP address does your DNS return for asuswrt.lostrealm.ca?

 

[#TY]

What IP address does your DNS return for asuswrt.lostrealm.ca?

174.142.221.134

 

[RMerlin]

174.142.221.134

That's the correct address.

Check that you don't have any security suite / ad blocker / etc... blocking access to it.

Unless my hoster implements some kind of blacklisting on their end, there isn't anything configured on my hosting account to block you.

You can check your route to see if it gets blocked at a specific hop. The last few hops look like this for me:

 7    20 ms    16 ms    11 ms  ae9-1963.cr0-mtl1.ip4.gtt.net [69.174.17.105]
  8    17 ms    10 ms    11 ms  iweb-gw.ip4.gtt.net [199.229.229.62]
  9    12 ms    14 ms    10 ms  te8-4.dr10.mtl.iweb.com [67.205.127.82]
 10    12 ms    12 ms     9 ms  174.142.221.134

Trace complete.

 

[#TY]

Check that you don't have any security suite / ad blocker / etc... blocking access to it.

I don't believe I do. It was working fine up until 2 days ago then it stopped. I tried disabling Skynet temporarily in case it was interfering but no change. The only other thing on my network is OpenVPN Client connected to ExpressVPN but that was always the case and it was fine before. This is why Im a little baffled by the whole thing. There are no ad blockers, anti-virus, etc on my computer.

 

[Butterfly Bones]

I don't believe I do. It was working fine up until 2 days ago then it stopped. I tried disabling Skynet temporarily in case it was interfering but no change. The only other thing on my network is OpenVPN Client connected to ExpressVPN but that was always the case and it was fine before. This is why Im a little baffled by the whole thing. There are no ad blockers, anti-virus, etc on my computer.

Are you running Diversion as well? You might going into it and use the [f] follow the log file, blocked domains. Then try to open the site to see if you are blocks. Sometimes ok sites end up in a blocking file when it updates. Try disabling both Skynet and Diversion and test too.

 

[Clark Griswald]

It's really odd. This is day 2 and I still can't access it: https://asuswrt.lostrealm.ca/download

I just accessed, and downloaded the latest alpha for my "new" AX-88U.
Edit: I am using Firefox.

 

[#TY]

Are you running Diversion as well? You might going into it and use the [f] follow the log file, blocked domains. Then try to open the site to see if you are blocks. Sometimes ok sites end up in a blocking file when it updates. Try disabling both Skynet and Diversion and test too.

Tried all that unfortunately to no avail. When I follow the logs, nothing shows up (I chose to filter by blocked domains). I tried disabling both Skynet and Diversion but no change as well. Im really at loss and hoping it will just resume working on its own.

 

[RMerlin]

Tried all that unfortunately to no avail. When I follow the logs, nothing shows up (I chose to filter by blocked domains). I tried disabling both Skynet and Diversion but no change as well. Im really at loss and hoping it will just resume working on its own.

Try disabling the VPN then, in case my provider might be blocking its IP.

All I can say is that the site is definitely up and running.

 

[#TY]

Try disabling the VPN then, in case my provider might be blocking its IP.

That was it. Why would your ISP disable it like this out of the blue?
I switched to another VPN country and I can access the site again.
Where can I provide you with the IP in question?

 

[RMerlin]

That was it. Why would your ISP disable it like this out of the blue?

A lot of VPN users use them for nefarious purposes. It's possible they were hit by a DoS coming from them, and they ended up blocking that IP at some point. Or the block might even be upstream from my hosting provider, I don't know.

Where can I provide you with the IP in question?

Nothing I can do about that.

 

[#TY]

Cool, no worries. I simply switched to another OpenVPN client for now and all is well.

I have another question (noob alert )

I am currently able to connect remotely to my OpenVPN server and take advantage of everything on it. However, I just noticed that when doing that, my IP is still local and not going through the OpenVPN client which is connected to an ExpressVPN server in Spain.

I did some digging on this forum and I think found the answer. @Martineau had posted it 2 years ago here:
https://www.snbforums.com/threads/openvpn-server-and-client-question.38378/#post-316743

If I understood it correctly, I simply need to add the following to:
/jffs/scripts/firewall-start

iptables -I POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun1+ -j MASQUERADE
iptables -I POSTROUTING -t nat -s $(nvram get vpn_server2_sn)/24 -o tun1+ -j MASQUERADE

I haven't changed the defaults on the OpenVPN Server so theoretically, this should do the trick right?

My problem right now is I have no idea how to edit the firewall-start script Is there an easy way to do it from the command line?

Also, am I correct in my understanding of having to paste the above rules to firewall-start and not anywhere else?

Thanks again.

 

[Dabombber]

Also, am I correct in my understanding of having to paste the above rules to firewall-start and not anywhere else?

As Martineau said, try them directly in the console first to see if they even work. If so, a firewall-start script might be enough, but you'd really want to add them in openvpn-event so they only apply when the vpn is up.

 

[#TY]

As Martineau said, try them directly in the console first to see if they even work. If so, a firewall-start script might be enough, but you'd really want to add them in openvpn-event so they only apply when the vpn is up.

Unfortunately, this is the part that is still unfamiliar to me.
How would you test in the console? I SSH to the router, and then?

Thanks again for all help.

 

[Dabombber]

How would you test in the console? I SSH to the router, and then?

Just paste each line and press enter. There's lots of guides for SSH, maybe play around and get familiar with it. You could even use an online emulator if you're worried about messing anything up, although it will be slightly different from your router.