If you still can connect with the vpn server then it is probably the same issue than in this thread:On my 86U the openVPN seems to freeze showing this message:
Initialinzing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection.
This message does not go away unless I reboot my router.
Yes it is. Thanks for putting me on track to that thread. Obviously a bug that isn't solved in the .18 final .. Coming from Asus stock, where I did not have this issue, I guess it is something in the Merlin implementation of open VPN?
Merlin firmware probably has a newer version of OpenVPN then in the stock firmware.
I agree -> keep it until you have a good performance, support or cost $ reason to update. Today, if I were buying a new front-door router: RT-AC86U or RT-AX88U (more cpus) I think those are the top recommendations around here.
I'm likely going to do the same. My 87U was a replacement from Asus for a RT-AC68W that went bad under warranty. That was 3 years ago, and this 87U has been rock solid running Asus-Merlin FW.
What do you mean, it "doesn't work"? I've been using DoT with the DNS servers you name for months, if not a year or more without issue. How could it not work?
I updated my post. Unable to resolve hostnames is the issue. Can't browse a page. VPN Clients are unable to resolve host names to the VPN server. If I recall correctly, in one of the earlier DoT builds, there was an issue with DoT has it was compiled using an older openssl version for the RT-AC88U. My inquiry is to see if the issue I have is a model specific issue based on the previous issue with the RT-AC88U.
only https://github.com/RMerl/asuswrt-merlin.ng/wiki/DNS-Privacy
and run
That seems like a long time ago now. It does look like a cipher issue which gives me something to go on now. I'll do some more analysis.There was a guy who wrote a blog post and a script to install stubby on routers a while back, with many documented commands to confirm it works. Check it out. His name was @Xentrk.
stubby -l
[05:47:16.044321] STUBBY: Stubby version: Stubby 0.3.0
[05:47:16.155987] STUBBY: Read config from file /etc/stubby/stubby.yml
[05:47:16.156548] STUBBY: DNSSEC Validation is ON
[05:47:16.156655] STUBBY: Transport list is:
[05:47:16.156738] STUBBY: - TLS
[05:47:16.156822] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[05:47:16.156907] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[05:47:16.156985] STUBBY: Starting DAEMON....
[05:47:16.888432] STUBBY: --- SETUP(TLS): : This version of OpenSSL does not support configuring cipher suites
Could not schedule query: The library did not have the requested API feature implemented.
<snip>
Might try to disable DNSSEC in Stubby to see if that helps. The only two mods I use in Stubby is round_robin and DNSSEC. Other settings for Stubby at Merlin defaults.
Appears to look okay.
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2ac98000)
libpthread.so.0 => /lib/libpthread.so.0 (0x2abc7000)
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x2abe1000)
libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x2acaa000)
libc.so.0 => /lib/libc.so.0 (0x2ae8e000)
libdl.so.0 => /lib/libdl.so.0 (0x2ac46000)
ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2ab0b000)What’s in your stubby.yml?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!
