[Thread-1] [ 386.1_Alpha Build(s) ] Testing available build(s)

[cooloutac]

WHEW!!! Took me some time to find where I found that information. I've only been trying to wrap my mind around the issue since 7:39PM last night. and then posting on this thread when I could try to ask a coherent question, expressing my concern and to discover mitigations.

NOTE: Toward the End of the Security Now Podcast (I love that show too) They do emphasize that the problem resides with the DNS server being spoofed to provide you the Client with incorrect DNS. Bind, Unbound, and DNSmasq are vulnerable.

Solved - Are you SAD DNS? a.k.a. CVE-2020-25705

CVE-2020-25705 https://www.saddns.net/ [Discussion starts 1:15:13 into podcast] https://blog.cloudflare.com/sad-dns-explained/ https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html...

www.snbforums.com

[At 1:54:43 into podcast] Leo Laporte mentions that the researchers told DNS Public Resolvers including Cloudflare about this issue before they published their paper.

nice catch.

 

[SomeWhereOverTheRainBow]

The shortcoming of this is that a relatively low percentage of domains on the internet are using DNSSEC.

I have to say the slight delay in resolution is definitely worth the slight improvement in security. The likely hood that "relevant" places we visit on the web would not implement dnssec seems to be mind boggling as to why they wouldn't.

 

[bbunge]

I have to say the slight delay in resolution is definitely worth the slight improvement in security. The likely hood that "relevant" places we visit on the web would not implement dnssec seems to be mind boggling as to why they wouldn't.

That's because DNSSEC is for Domain Name Servers. https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

 

[SomeWhereOverTheRainBow]

That's because DNSSEC is for Domain Name Servers. https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

For sure, I think we are all in full accordance with that.

 

[anotherengineer]

Hope v386 works good on the 68U

 

[RMerlin]

Hope v386 works good on the 68U

No reason for it not to. My main test platform these days is an RT-AC66U_B1 (since it's a quick compile).

I'm currently awaiting GPL updates from Asus, which contains a couple of fixes/changes they've done specifically for Asuswrt-Merlin.

 

[SomeWhereOverTheRainBow]

No reason for it not to. My main test platform these days is an RT-AC66U_B1 (since it's a quick compile).

I'm currently awaiting GPL updates from Asus, which contains a couple of fixes/changes they've done specifically for Asuswrt-Merlin.

Hopefully the changes are for the better and not for the worst. It is nice to see the Asus Dev's working with you and not against you to provide asus(and asuswrt-merlin) users a secure platform for their routers.

 

[brummygit]

I'm currently awaiting GPL updates from Asus, which contains a couple of fixes/changes they've done specifically for Asuswrt-Merlin.

That's great news for 2 reasons:

1. It's a significant public demonstration of their continued support for your project
2. Newer GPL will be great as the Official 386_40947 code in RC8 seems to be solving a few more issues

 

[RMerlin]

Hopefully the changes are for the better and not for the worst. It is nice to see the Asus Dev's working with you and not against you to provide asus(and asuswrt-merlin) users a secure platform for their routers.

Some of these changes are to allow me to support some previously unsupported features, like their new security daemon.

Newer GPL will be great as the Official 386_40947 code in RC8 seems to be solving a few more issues

This new GPL is based on 386_40996.

 

[JoJoDaClown]

Am I doing something wrong?
I have an RT-AC5300 as my main router and an RC-AC88U as my AiMesh Node.
I can set them up as mesh with 384.19, but if I update my node, then router to 386.1 alpha3, it no longer connects to the node, nor does it see the node during a search.
If I do a factory reset on the routers I still can't set up a mesh.
I revert them back to 384.19 and I can set the AiMesh back up, granted I need to connect via Ethernet cable and have no other devices on the wired network to get it to set up without issue.

 

[bbunge]

Am I doing something wrong?
I have an RT-AC5300 as my main router and an RC-AC88U as my AiMesh Node.
I can set them up as mesh with 384.19, but if I update my node, then router to 386.1 alpha3, it no longer connects to the node, nor does it see the node during a search.
If I do a factory reset on the routers I still can't set up a mesh.
I revert them back to 384.19 and I can set the AiMesh back up, granted I need to connect via Ethernet cable and have no other devices on the wired network to get it to set up without issue.

Make sure you are doing the right hard factory reset for the routers. See: https://www.asus.com/support/FAQ/1039074/
DO a min config on your router. Make sure WPS is enabled. Disconnect the node from the wired lan and move it close to the router. Add a mesh node. After it is up and running, power off the node and move it to its location and connect the Ethernet to the WAN port. Set the mesh backhaul method to Ethernet if you want.

 

[JoJoDaClown]

Make sure you are doing the right hard factory reset for the routers. See: https://www.asus.com/support/FAQ/1039074/
DO a min config on your router. Make sure WPS is enabled. Disconnect the node from the wired lan and move it close to the router. Add a mesh node. After it is up and running, power off the node and move it to its location and connect the Ethernet to the WAN port. Set the mesh backhaul method to Ethernet if you want.

Thanks for the reply.
Yes, I've reset using the WPS button method.
I set up the main router to the extent of login and wifi SSID and password, leaving the rest default (WPS is on).
I don't even touch the Node after the WPS method factory reset.
Leaving the Node as wireless, but close to the Router (6ft away), Click AiMesh Node Circle, search for AiMesh Node. The circle spins... forever. It doesn't stop and it doesn't find anything.
I've tried restarting both; connecting router to node WAN via Ethernet; Turning SmartConnect off and reducing Channel band width to 20Hz with Fixed Channel and N Only; Reset the node again using the reset button this time.
Just no change, and it never detects it or stops the spinning circle.

 

[Nasua]

PIA now supports OpenVPN 2.5 when using the ovpn-config-generator

 

[Blind@Spot]

Is there any changes on Dual WAN module in 386 base. ?

 

[bluecatus]

Is there isolated guest wifi on AP mode in 386 ver.?

 

[Srikanth]

Signature update is not working. It keeps failing.

 

[L&LD]

The signature update is working for my RT-AX88U.

 

[brianward317]

The signature update is working for my RT-AX88U as well.


2.204 Updated : 2020/11/03 08:04

Just ran it to see if it worked and would expect this if no update is present.
Signature is up to date

 

[Srikanth]

RMerlin, I have 2 AC86U and both of them allow region change to a different country using web UI. When these 2 are connected in mesh, if I change the region on main router and select a 5g channel from that region, node is not able to connect because node still uses the default region. Shouldn't the node also change to the same region as main router ?

 

[RMerlin]

Shouldn't the node also use the same region as main router ?

I don't know, ask Asus. Everything related to AiMesh is out of my control.