TO-DO:
1. Problem with Radius/WPA2 Enterprise (since MultiWAN)
2. "Tweak" Switch3/4g/Watchdog
3. Slow 2.4GHz WiFi Netgear R6400
4. Problem with Wireless Client Mode (since MultiWAN)
5. Modeminfo in GUI
6. UPS ON/OFF in GUI
Code:TO-DO: 1. Problem with Radius/WPA2 Enterprise (since MultiWAN) 2. "Tweak" Switch3/4g/Watchdog 3. Slow 2.4GHz WiFi Netgear R6400 4. Problem with Wireless Client Mode (since MultiWAN) 5. Modeminfo in GUI 6. UPS ON/OFF in GUI
Will be #2 and #5 available in v140? Dont you know?
I've integrated tinc 1.1preX. Version 1.1 fixes some security vulnerabilities in the tinc 1.0 branch. Currently 1.1 is still in pre-releases. Each pre-release is incompatible with other pre-releases, so you must make sure to use the same version everywhere, at least until 1.1 final is released. The gui will display the current version you are running.
As a heads-up, you and the other Tomato maintainers might want to take a look at my recent changes to the gencert.sh script used to generate the httpd SSL certificate. A number of changes were recently made to it to better handle newer versions of Chrome and Firefox, which are deprecating the use of the CN field in favor of the SANs:
https://github.com/RMerl/asuswrt-merlin/commits/master/release/src/router/httpd/gencert.sh
There's a few pieces in it that are specific to Asuswrt which will need to be adjusted/removed (like the DDNS part or the hardcoded router.asus.com), but otherwise it would be a fairly simple adaptation for Tomato.
The discussion that sparked these changes:
https://www.snbforums.com/threads/warning-on-chrome-58.38671/
Regarding this:
Obsolete Connection Settings
The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).
I have no idea how to generate a key with a different algorithm.
Shibby implemented: https://bitbucket.org/pl_shibby/tomato-arm/commits/d5514b3cc69da85c17380920f978788e1be14aae
And yes I found by myself what broke. Rebooting the router, web interface starts before WAN, so router is still back at the start of UNIX's epoch time. Certificate gets created and is valid from that time until January 1st 1980.
I'm no good with OpenSSL, but I will try something to set these dates. Hacking back setstartsecs can be an option.
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112
That sounds like a plan I am looking forward!#1: Shibby would look at this problem, I don't know if he's done with any fix in version 140.
#2: It's my and Pedros project, we're testing it now. I come later with test versions 140.x that contain news for testing.
#3: According to Shibby, it's hard to fix it without new drivers.
#4: Has it ever worked?
#5: NeoX is working on this project, now he paused so I do not know when it's ready.
#6: Available in version 140.
#7: Pedro and I also work with, Clean/Modify Tomato UI according to the Web Consortium W3C standard.
#8: Tomato Autoupdate system will inform about new versions by Kille72 (in my builds).
There will be some more news in version 140 by Shibby, you'll see soon
Nice new Funktions I LIKE IT...That sounds like a plan I am looking forward!
Nice new Funktions I LIKE IT...
But no Date :/
NICE NICE NICE...Compiling version 139 right now, will publish it tomorrow I hope. Some new features, special thanks to AndreDVJ and Pedro!
https://pastebin.com/UcVNUFmS
https://bitbucket.org/kille72/tomato-arm-kille72/commits/all
kernel-arm: Disable router anycast address for /127 and /128 prefixes - https://goo.gl/BvNfzq
http://www.networkworld.com/article/2223366/cisco-subnet/the-case-for--127-subnets.htmlWhat does this mean for a "08/15" User???
We use essential cookies to make this site work, and optional cookies to enhance your experience.