What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Well, I had no idea what the output of the curl command would be so I just posted it all. Obviously, I'm a lot wronger than you are. :)
 
[*] Private IP Detected - Please Put Your Modem In Bridge Mode / Disable CG-NAT

First of all your ISP modem ideally should be put in bridge mode as you are currently in a Double-NAT situation which isn't ideal.

Looking For Available Partitions
[1] --> /tmp/mnt/swpfile - (/dev/sda2)
[2] --> /tmp/mnt/extras - (/dev/sda3)
[3] --> /tmp/mnt/entware - (/dev/sda1)

Secondly I highly recommend one unified partition rather then 3 separate, there isn't any good reason on these devices to-do so and this can cause issues with scripts.

[*] Updating chart.js Failed
[*] Updating chartjs-plugin-zoom.js Failed
[*] Updating hammerjs.js Failed
[*] Updating skynet.asp Failed

Consolidating Blacklist | curl: no URL specified!


This indicates some sort of connection issue between your router and GitHub rather then Skynet its-self as Skynet fails to download necessary files
 
Hey,
I have an RT-AC86U router.
I've checked as if I activate skynet, the download speed drops from 590Mbps to 420Mbps. If I disable skynet, the original speed is restored. Is it normal? Is it possible to do something in the skynet configuration so that it doesn't slow down so much?
Thanks !
 
Hey,
I have an RT-AC86U router.
I've checked as if I activate skynet, the download speed drops from 590Mbps to 420Mbps. If I disable skynet, the original speed is restored. Is it normal? Is it possible to do something in the skynet configuration so that it doesn't slow down so much?
Thanks !

I've never had a user successfully confirm Skynet being a cause of slowdowns, but we can rule it out definitively with the following.

Run a speedtest from the same client before and after the following commands;

Code:
firewall debug run Unload_IPTables
firewall debug run Unload_LogIPTables

I suggest a hardwired client for testing as with an AC86U you will never be able to max a gigabit connection wirelessly with 80MHz channels and will get inconsistent results depending on environmental factors.
 
I've never had a user successfully confirm Skynet being a cause of slowdowns, but we can rule it out definitively with the following.

Run a speedtest from the same client before and after the following commands;

Code:
firewall debug run Unload_IPTables
firewall debug run Unload_LogIPTables

I suggest a hardwired client for testing as with an AC86U you will never be able to max a gigabit connection wirelessly with 80MHz channels and will get inconsistent results depending on environmental factors.

Hey,

I confirm the results obtained with Skynet and SpdMerlin.
1) With Skynet actived and using Spdmerlin using as server Sarenet_Zamudio (Spain): Download 422.28 Mbps, Upload: 521.61 Mbps.
2) If I disable Skynet and using Spdmerlin using as server Sarenet_Zamudio (Spain): Download 599.94 Mbps, Upload: 581.49 Mbps.

Then I launched the two commands you suggested:

firewall debug run Unload_IPTables
firewall debug run Unload_LogIPTables

but Skynet shows me the following warning :
********************************************************
Router Model; RT-AC86U
Skynet Version; v7.2.1 (17/08/2020) (460ae9383266597dcbe0a8c9f2de29df)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (79.151.207.161)
FW Version; 384.19_0 (Aug 14 2020) (4.1.27)
Install Dir; /tmp/mnt/hdd_asus/skynet (24.7G / 28.3G Space Available)
SWAP File; /tmp/mnt/hdd_asus/myswap.swp (2.0G)

IPTables Rules | [Failed]
***********************************************************

If at that moment I launch the speed test, I get values close to 600Mbps.

I don't know if Skynet is working after launching these commands. So I restarted Skynet and the speedtest dropped again below 450Mbps...
 

Attachments

  • screenshot.28.jpg
    screenshot.28.jpg
    66.9 KB · Views: 138
  • screenshot.31.jpg
    screenshot.31.jpg
    28.1 KB · Views: 117
  • screenshot.30.jpg
    screenshot.30.jpg
    56.2 KB · Views: 116
  • screenshot.29.jpg
    screenshot.29.jpg
    28.3 KB · Views: 115
1) With Skynet actived and using Spdmerlin using as server Sarenet_Zamudio (Spain): Download 422.28 Mbps, Upload: 521.61 Mbps.
2) If I disable Skynet and using Spdmerlin using as server Sarenet_Zamudio (Spain): Download 599.94 Mbps, Upload: 581.49 Mbps.

Spdmerlin isn't accurate at high speeds, use a lan client.
 
I've never had a user successfully confirm Skynet being a cause of slowdowns, but we can rule it out definitively with the following.
The only notable change has been the size of the ipsets over time. In April, mine were ~190K IPs. Today, there are ~320K IPs. Could be a factor if this test supports the notion.
 
Your issue has to be related to something else. If Skynet did cause a measurable slowdown, I'd be able to reproduce it and have tens of thousands of Skynet users posting about it over the last 6 years. The only suggestion I have is to nuke your router and start fresh.
I just did a factory reset. I then install Entware, create swap, spdMerlin and Skynet. The results again shows that the speedtest drops significantly when Skynet is active.

I read your above post and ran speedtest in between these commands

Code:
firewall debug run Unload_IPTables
firewall debug run Unload_LogIPTables

Here is the output from syslog. I masked some of the info using XXXX. The speed dropped from 856 Mbps to 498Mbps.

Please let me know if there is any other actions I can take. Thanks.

Code:
Aug 20 23:24:30 spdMerlin: Starting speedtest using XXX for WAN interface
Aug 20 23:24:53 spdMerlin: Speedtest results - Download: 497.50 Mbps (data used: 479.1 MB) - Upload: 917.79 Mbps (data used: 1.2 GB)
Aug 20 23:24:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:79:3e:00:10:f3:11:29:5f:47:08:00 SRC=45.129.33.101 DST=116.88.237.136 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48119 PROTO=TCP SPT=54283 DPT=3411 SEQ=3169213228 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 20 23:25:06 wlceventd: WLCEVENTD wlceventd_proc_event(500): eth6: Auth 70:A2:B3:DC:92:A7, status: Successful (0)
Aug 20 23:25:06 wlceventd: WLCEVENTD wlceventd_proc_event(529): eth6: Assoc 70:A2:B3:DC:92:A7, status: Successful (0)
Aug 20 23:25:09 wlceventd: WLCEVENTD wlceventd_proc_event(481): eth6: Disassoc 70:A2:B3:DC:92:A7, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPDISCOVER(br0) 70:a2:b3:dcXXXXX
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPOFFER(br0) 192.168.1.157 70:a2:b3:XXXXX
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPDISCOVER(br0) 70:a2:b3:XXXXX
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPOFFER(br0) 192.168.1.157 70:a2:b3:XXXXX
Aug 20 23:25:14 Skynet: [#] 323094 IPs (+0) -- 1664 Ranges Banned (+0) ||  Inbound --  Outbound Connections Blocked! [debug] [2s]
Aug 20 23:25:28 Skynet: [#] 323094 IPs (+0) -- 1664 Ranges Banned (+0) ||  Inbound --  Outbound Connections Blocked! [debug] [2s]
Aug 20 23:25:32 spdMerlin: Starting speedtest using XXXX for WAN interface
Aug 20 23:25:47 spdMerlin: Speedtest results - Download: 855.77 Mbps (data used: 644.1 MB) - Upload: 914.75 Mbps (data used: 470.2 MB)
 
I just did a factory reset. I then install Entware, create swap, spdMerlin and Skynet. The results again shows that the speedtest drops significantly when Skynet is active.

I read your above post and ran speedtest in between these commands

Code:
firewall debug run Unload_IPTables
firewall debug run Unload_LogIPTables

Here is the output from syslog. I masked some of the info using XXXX. The speed dropped from 856 Mbps to 498Mbps.

Please let me know if there is any other actions I can take. Thanks.

Code:
Aug 20 23:24:30 spdMerlin: Starting speedtest using XXX for WAN interface
Aug 20 23:24:53 spdMerlin: Speedtest results - Download: 497.50 Mbps (data used: 479.1 MB) - Upload: 917.79 Mbps (data used: 1.2 GB)
Aug 20 23:24:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=d4:5d:64:79:3e:00:10:f3:11:29:5f:47:08:00 SRC=45.129.33.101 DST=116.88.237.136 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48119 PROTO=TCP SPT=54283 DPT=3411 SEQ=3169213228 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 20 23:25:06 wlceventd: WLCEVENTD wlceventd_proc_event(500): eth6: Auth 70:A2:B3:DC:92:A7, status: Successful (0)
Aug 20 23:25:06 wlceventd: WLCEVENTD wlceventd_proc_event(529): eth6: Assoc 70:A2:B3:DC:92:A7, status: Successful (0)
Aug 20 23:25:09 wlceventd: WLCEVENTD wlceventd_proc_event(481): eth6: Disassoc 70:A2:B3:DC:92:A7, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPDISCOVER(br0) 70:a2:b3:dcXXXXX
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPOFFER(br0) 192.168.1.157 70:a2:b3:XXXXX
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPDISCOVER(br0) 70:a2:b3:XXXXX
Aug 20 23:25:10 dnsmasq-dhcp[10277]: DHCPOFFER(br0) 192.168.1.157 70:a2:b3:XXXXX
Aug 20 23:25:14 Skynet: [#] 323094 IPs (+0) -- 1664 Ranges Banned (+0) ||  Inbound --  Outbound Connections Blocked! [debug] [2s]
Aug 20 23:25:28 Skynet: [#] 323094 IPs (+0) -- 1664 Ranges Banned (+0) ||  Inbound --  Outbound Connections Blocked! [debug] [2s]
Aug 20 23:25:32 spdMerlin: Starting speedtest using XXXX for WAN interface
Aug 20 23:25:47 spdMerlin: Speedtest results - Download: 855.77 Mbps (data used: 644.1 MB) - Upload: 914.75 Mbps (data used: 470.2 MB)

Spdmerlin isn't accurate at high speeds, use a lan client.
 
Spdmerlin isn't accurate at high speeds, use a lan client.
You were right. I've run tests on multiple servers and on each one, 20 measurements repeatedly. I have done the tests by activating and deactivating Skynet. I've used a PC with gigaeth interface as LAN client. There are no appreciable differences in speed. But if I run the speed tests with SpdMerlin, I can see a 20% drop when Skynet is working. I assume this difference is due to the limited capability of the AC86 processor to digest the data stream while Skynet is working.

Thanks.
 
You were right. I've run tests on multiple servers and on each one, 20 measurements repeatedly. I have done the tests by activating and deactivating Skynet. I've used a PC with gigaeth interface as LAN client. There are no appreciable differences in speed. But if I run the speed tests with SpdMerlin, I can see a 20% drop when Skynet is working. I assume this difference is due to the limited capability of the AC86 processor to digest the data stream while Skynet is working.

Thanks.

Good to hear and confirm my suspicions, thanks for testing. This is most definitely a CPU limitation on the router side as the speedtest binary is quite resource intensive.
 
Good to hear and confirm my suspicions, thanks for testing. This is most definitely a CPU limitation on the router side as the speedtest binary is quite resource intensive.

Perhaps this could be added to "spdmerlin" as a known issue ...
 
Perhaps this could be added to "spdmerlin" as a known issue ...

As per the fourth paragraph of the spdmerlin thread;

If the speeds from this utility are significantly lower than those you see from the desktop app/browser test, the limiting factor will be your router's CPU. That being said, there is probably room for improvement/optimisation by the Ookla team in the CLI binary itself. Please direct feedback about speed issues to Ookla via the above link. There is nothing that I can do about them.
 
Spend a couple of hours to make "firewall import whitelist file.txt "Apples"" work.
Searched like an idiot but I did not find a solution for "[*] No Content Detected - Stopping Import".

Figured finally out why, was almost giving up.

I made an text file with Notepad++, although the file was in UTF-8 it had Windows CR LF endings. Changed to Unix LF and everything works!!! If this solution is posted before, then sorry for missing that. Any way, I hope this saves people time.
 
Hi good people.

I just installed the latest 384.19 firmware. Had 384.18 before. I have ax88u.
Skynet has disappeared. Is that normal, do I need to install it again?
 
@LaMpiR, have you rebooted the router after the firmware reboot it does? Are amtm and all other scripts (including Entware) fully updated?

If you have, you may have to remove Skynet (manually) and re-install.
 
Spend a couple of hours to make "firewall import whitelist file.txt "Apples"" work.
Searched like an idiot but I did not find a solution for "[*] No Content Detected - Stopping Import".

Figured finally out why, was almost giving up.

I made an text file with Notepad++, although the file was in UTF-8 it had Windows CR LF endings. Changed to Unix LF and everything works!!! If this solution is posted before, then sorry for missing that. Any way, I hope this saves people time.

Thanks, oversight on my behalf, we checked the content of remote files before converting the line endings (local files were converted properly though). I've gone ahead and pushed a hotfix.
 
Hi good people.

I just installed the latest 384.19 firmware. Had 384.18 before. I have ax88u.
Skynet has disappeared. Is that normal, do I need to install it again?

Check your syslog, Skynet will log any reason it fails to start if that is the case.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top