I had quite a few very serious security issues some time ago (man in the middle attack), which pushed me to get this router to have a double VPN, in addition to the one on my PC. My router has been suddenly malfunctioning lately, which raised some suspicions. Eventually, I lost access to the internet and had to connect to my router.
Simply connecting to my router was complicated, as the login page wouldn't load. I had to restart the router several times to make it work.
Here is the Syslog file that I managed to extract. Would anyone have the analysis capabilities to tell me if there is anything suspicious, or if I can rest easy?
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
In essence, yes it's an openWRT version from Asus, although I haven't personally changed the OS.
May 5 07:05:13 kernel: Linux version 5.4.182 (root@asus) (gcc version 8.4.0 (OpenWrt GCC 8.4.0 r0-db7dd77)) #1 SMP Sun Aug 20 02:06:05 CST 2023
Regarding a VPN client failure, it is indeed possible, but when I noticed the amount of text in the Syslog, along with the significant difficulty in reaching the connection interface, I preferred to disconnect everything while waiting to figure out what to do...
I understand your point of view, but I am not trying to solve a technical problem. I am simply trying to eliminate or confirm a hypothesis. Installing a new OS would amount to destroying evidence if there has been an intrusion.
indeed, but the OS you're asking about, is a black box to us.
if you want to dive deeper into the issue, isolate the router + a client, and see what you can find.
assume the client have to be reinstalled once your detective work's done.
No, we do not. We wouldn't know about non-OpenWrt logs.
Rebooting official OpenWrt would have destroyed the logs (or "evidence" as you call it) anyways, so this is another indication the software in question isn't similar to OpenWrt
You don't trust your router anyway, so I don't understand why you wouldn't desire to flash it with known good firmware