What's new

[Release] Asuswrt-Merlin 384.12 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

On my ac86u I run both OVPN server and client.

However since 384.11 when the OVPN client is active it does not permits traffic from the VPN Server's clients even in local network.

If the LAN resource your inbound OpenVPN Server clients are trying to reach is explicitly routed via the VPN, then you may need to create a split tunnel for the VPN Server subnet/interface tun2+

However, you should check the following rule tables when the issue occurs.

e.g. Selective routing for VPN Client 3
Code:
ip route show table ovpnc3
and the RPDB/firewall rules
Code:
ip rule

iptables  --line -t filter -nvL OVPN

iptables  --line -t filter -nvL FORWARD
 
If I do ' git merge master ' after 'git checkout mainline' , it doesn't add Master commits which are not yet merged to Mainline on github? because I do get 384.13_alpha1 FW file after compilation and not 384_12 (which gets compiled if I don't use 'git merge master') .

Thanks.
yep, git merge master while you on mainline will do the trick. but only merge part. reconfiguring way should be visible from the changes, if not, well... I'd suggest not to try to use it at this highly experimental stage
 
Since 384.12 (dirty flashed from 384.11.2) i cannot see my fire tv stick as a renderer. No probs with all previous versions.
 
Do you want the ping count box visible or hidden for Ping Continuous? It will still be there with the fix.
Leaving the ping count field exposed slows the speed of the graphs if a count greater than 1 is entered, since you're waiting for more than 1 ping reply before netool gets the current result. So I guess it really should be hidden for Continuous.
 
Since 384.12 (dirty flashed from 384.11.2) i cannot see my fire tv stick as a renderer. No probs with all previous versions.

What process have you tried to fix this issue? What router are you using? Does a reboot (of the whole network) help? :)
 
If the LAN resource your inbound OpenVPN Server clients are trying to reach is explicitly routed via the VPN, then you may need to create a split tunnel for the VPN Server subnet/interface tun2+

However, you should check the following rule tables when the issue occurs.

e.g. Selective routing for VPN Client 3
Code:
ip route show table ovpnc3
and the RPDB/firewall rules
Code:
ip rule

iptables  --line -t filter -nvL OVPN

iptables  --line -t filter -nvL FORWARD


Code:
10102:    from 10.8.0.2 lookup ovpnc1

Code:
Chain OVPN (2 references)

num   pkts bytes target     prot opt in     out     source               destination         

1       27  1754 ACCEPT     all  --  tun21  *       0.0.0.0/0            0.0.0.0/0           

2        0     0 DROP       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0

Code:
Chain FORWARD (policy DROP 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1        0     0 ACCEPT     udp  --  br0    ppp0    0.0.0.0/0            0.0.0.0/0            match-set Skynet-IOT src udp dpt:123

2        0     0 LOG        all  --  br0    !tun2+  0.0.0.0/0            0.0.0.0/0            match-set Skynet-IOT src LOG flags 7 level 4 prefix "[BLOCKED - 

3        0     0 DROP       all  --  br0    !tun2+  0.0.0.0/0            0.0.0.0/0            match-set Skynet-IOT src

4        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.0/4         

5      655 39652 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 TCPMSS clamp to PMTU

6    20735   10M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

7        0     0 other2wan  all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0           

8        0     0 logdrop    all  --  !br0   eth0    0.0.0.0/0            0.0.0.0/0           

9       29  1856 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0           

10     150  7010 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID

11     489 41621 NSFW       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

12     456 39491 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0           

13       6   376 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate DNAT

14      27  1754 OVPN       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW

15       0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0
 
Some people recommended the very extreme way, such as pulling out the power cord, with the intention to 100% ensure that the old firmware and its configs are totally wiped out with no remains, and the new firmware you flash in will be like virgin to the router.
In this way, there is a high probability of getting bad blocks in flash and throwing router into garbage.
 
Do you want the ping count box visible or hidden for Ping Continuous? It will still be there with the fix.

It probably should be hidden as well.
 
In official firmware, we expect the engineer to know inside-out of the differences between the old version and new version, and have every measures to make sure the new version works properly after the update
Care to share whatever it is you are smoking? :)

Just kidding, but I think your ideal world is unrealistic. Sometimes there are literally hundreds of people with their fingers in the code. Companies are rushing out updates and calling them release quality when they are, at best, beta versions. I'm not saying *all* companies, but certainly many, and unfortunately, many of the ones I deal with. As my router is a critical piece in my network, I tend to keep it up to date. However for internal facing devices, I certainly wait a while for a compelling reason to update to a new firmware version.
 
After a complete reset and reconfiguration, the router name is displayed three times in System/ Installed Server Certificate.

88u.png


:)
 
Upgrade RT-X88U from V384.11_2 Final to V384.12_0 Final, via firmware upgrade (first GUI rebooted the router as it had been up for 30+ days, working great with 40+ devices). All appears to be working, except for the following:

  • Under "Adaptive QOS" | "QOS", QOS Configuration was reverted to defaults and did not keep my customization settings
  • Under "Adaptive QOS" | "Bandwidth Monitor", any of my "Network Map" List clients that I normally had set from "Highest" to "Lowest" were all back to "Default" color

As per Merlin below, this is a known ASUS issue, has been fixed, and waiting on a firmware release for this.

https://www.snbforums.com/threads/r...-12-is-now-available.57220/page-8#post-500065
 
Last edited:
I'm rebooting the router every few minutes today in an attempt to find what is causing the no boot condition after soft reboot (more details here https://www.snbforums.com/threads/ac86u-sometimes-powers-completely-off-during-reboot.48296/) and in the process I noticed the following:

OpenVPN, Inbound Firewall - Block -> VPN speed is very low, 20/2 Mbps s in most cases, both down/up speeds are affected
OpenVPN, Inbound Firewall - Allow -> everything goes back to normal, I usually get around 150/10 Mbps through VPN

NordVPN, server is local and the same in all tests. Configuration is as per NordVPN, nothing much have been changed.
Anyone else seeing this?
 
what is a fix for being flooded by this?
Code:
kernel: icmpv6_send: no reply to icmp error

Edit: I figured it out.
 
Last edited:
I'm rebooting the router every few minutes today in an attempt to find what is causing the no boot condition after soft reboot (more details here https://www.snbforums.com/threads/ac86u-sometimes-powers-completely-off-during-reboot.48296/) and in the process I noticed the following:

OpenVPN, Inbound Firewall - Block -> VPN speed is very low, 20/2 Mbps s in most cases, both down/up speeds are affected
OpenVPN, Inbound Firewall - Allow -> everything goes back to normal, I usually get around 150/10 Mbps through VPN

NordVPN, server is local and the same in all tests. Configuration is as per NordVPN, nothing much have been changed.
Anyone else seeing this?

Just tested between my RT-AC86U router (client) and my customers RT-AC68U (server) and no such differences using OpenVPN (no paid VPN client here).

Are you sure they are connecting to the same server each time?

Do I have to make an atomic suggestion? :D
 
Are you sure they are connecting to the same server each time?

Do I have to make an atomic suggestion? :D

Same server for sure, same configuration, the Inbond Firewall state is the only difference. Could be something NordVPN specific, not sure yet. Will investigate this later after I finish playing with reboots. No atomic suggestions needed at this point, please. I'm going to take a little more scientific approach.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top