[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[Deleted member 22229]

Quick question, will this fork also work on the DSL-AC68U?

NO...

 

[john9527]

I've posted a quick update to the beta, primarily to fix client selection from the pulldown on the Bandwidth Limiter rules page (surprised that nobody has complained it was broke! )

PREVIEW RELEASE: Update-17B9
27-January-2015
Merlin fork 374.43_2-17B9j9527
Download http://1drv.ms/1sDtB1V
============================

Update-17B9

• Fix client selection from Target pulldown on Bandwidth Limiter rules page
• Updated Target hint/placeholder on Bandwidth Limiter rules page
  I've now verified that input of a guest interface works so added that to the hint (use wl0.1 for first 2.4GHz Guest, wl1.1 for first 5GHz Guest, etc).

Full Update Summary
see http://www.snbforums.com/threads/fork-update-for-374-43-available-v16e1.18914/page-153#post-233992


The code images have grown by 60K-100K...MIPS users make sure to have a jffs backup!

SHA256

30a28bd7a28bf0fad5187ffdb6e74b275bf319a43c25ceccd5b1298874204f15 *RT-AC56U_3.0.0.4_374.43_2-17B9j9527.trx
a489a5e25b9049172254dabd17aee5d806ad192f8471de527c7b8ebde7e24c98 *RT-AC66U_3.0.0.4_374.43_2-17B9j9527.trx
7a6a375d6cd95f684b59f771967acfb9c20c6890da667bb71457d9430de0310c *RT-AC68U_3.0.0.4_374.43_2-17B9j9527.trx
e37610f429258153a7aecbf8beea9ae13f94c68989df96c128da4572ce85def3 *RT-N16_3.0.0.4_374.43_2-17B9j9527.trx
8cab50cd7a5cb401da5c07688015eb0603132038c1a2cd12c2d24ed9727196c4 *RT-N66U_3.0.0.4_374.43_2-17B9j9527.trx

 

[shooter40sw]

Hi @john9527 when I tested it pulled down ok, but I placed the ranged and thats it, another thing that´s different from the original is that in the fork you need to put the complete IP address range 192.168.0.1-.192.168.0.30, as opposed to 192.168.0.1-30... just to let you know for me as long as it works I dont care ,
Just curious like you worked on the bandwidth limiter, did you check the part with the hardware acceleration? and that you have to turn on QoS for Bandwidth limiter to work?
Thanks again, I´ll be testing this FW soon.

I've posted a quick update to the beta, primarily to fix client selection from the pulldown on the Bandwidth Limiter rules page (surprised that nobody has complained it was broke! )

 

[scaramonga]

Hi John.

Thank you again for all the hard work

Just set up PIA on your latest Beta 17B9, and think its working OK?, can you, or someone who is using PIA, check my settings to see if they are correct please.

RSA-2048: ca_rsa2048.crt added in keys & certs section.

Custom config section contains:

pia-signal-settings
auth sha1
tls-client
auth-nocache
ns-cert-type server
remote-cert-tls server
reneg-sec 0
verb 1
comp-lzo
mssfix 0
route-nopull
script-security 2
route-up /jffs/scripts/VPN_Select.sh

Copy of my Syslog after fresh reboot.

Thanking you kindly guys!

 

[john9527]

Just set up PIA on your latest Beta 17B9, and think its working OK?, can you, or someone who is using PIA, check my settings to see if they are correct please.

looks basically OK....except I have a couple of questions on your custom options.

verb 1
The default is verb 3, so you are minimizing the log messages. May not see everything that is going on.

route-nopull
This usually isn't necessary. Is there a special reason you are using it?

route-up /jffs/scripts/VPN_Select.sh
Several of the commands here are being rejected. Again, usually not necessary to replace the default route-up.

I also don't see that you are actually using the PIA DNS servers, so you may have a DNS leak condition. Probably due to one of the above.

If you are trying to login to your local network through the VPN client address, I'm not sure that's possible with PIA.

 

[john9527]

Just curious like you worked on the bandwidth limiter, did you check the part with the hardware acceleration? and that you have to turn on QoS for Bandwidth limiter to work?

It's actually that you are turning off hardware acceleration. I did some test builds, leaving CTF on, and as I thought, the bandwidth limiter stopped working. I can see where it would be possible to leave CTF on, since the bandwidth limiter uses defined addresses, and it should be possible to implement code to bypass CTF for those specific addresses. I tried updating the CTF code, but it failed to compile (that is usually co-req'd with other components). My guess is that they may be borrowing some code from the Adaptive QOS functions to perform the CTF bypass.

Net, for the fork, the bandwidth limiter and CTF are going to be mutually exclusive, just like the Traditional QoS function. Best I can do.

 

[scaramonga]

Hi John, thx for getting back to me.

I only use a VPN for a certain device in home (just the one), nothing else I use it for. I have this set on a fixed IP permanently, all my other devices use normal connection, including main PC.

I use the following script to do this (the contents of VPN_Select.sh), and added the directives as shown in the script:

------------------------------------------------------------------------------------------------------------------
#!/bin/sh

MY_VPNTAB=100 # Now read from /jffs/configs/VPNSelect

TAG_MARK=1 # Now read from /jffs/configs/VPNSelect

# Use the OpenVPN environment variables

if [ "X$dev" = "X" ]; then

logger -s -t "($(basename $0))" $$ "*** ERROR not called by VPN Client route-up?...ABORTing!"

exit 1

fi

# Create new table to route VPN traffic when tagged with MARK. (Credit to SmallNetBuilder member DJR747)

# or to be associated with a WiFi Guest SSID.

ip route flush table $MY_VPNTAB

ip rule del fwmark $TAG_MARK

ip rule del table $MY_VPNTAB

ip route flush cache

iptables -t mangle -F PREROUTING

# Disable Reverse Path Filtering on current VPN network interface:

echo 0 > /proc/sys/net/ipv4/conf/$dev/rp_filter


ip route add default via $ifconfig_local dev $dev table $MY_VPNTAB

ip rule add fwmark $TAG_MARK table $MY_VPNTAB


# Route .105 via VPN

iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.105 -j MARK --set-mark $TAG_MARK


#Add the directives


#route-nopull

#script-security 2

#route-up /jffs/scripts/VPN_Select.sh

------------------------------------------------------------------------------------------------------------------

This script I have been using for a while now, but is probably way outdated, and could use some help refining it.

As for the DNS servers. Well, I used to have it set via Google's, for the VPN IP separately, but for some reason I dont see that option now?

Should I also have DNSSEC support enabled in WAN?

Also, is QOS on by default now?, as in AUTO or configured, but never off?

Sorry for all the questions John, as its all beyond me now lol!! I'm an 'as long as it works guy' at my age now

Thank you once again.

 

[Markmaster]

Time Machine BackUp does not work on Update-16E1. Please, fix.

 

[john9527]

@john9527 can you please logically explain the "9527" suffix of your nickname? I need a mnemonic or something because my brain has trouble remembering seemingly chaotic numbers. Keeping it a mystery is acceptable.

Sorry, the 9527 is just a number that wouldn't mean anything to anybody but me. I'm not sure I like it, but a phone keypad mnemonic would be 9lbs....of what, I don't know

Additionally, is there anything I or the ignorant masses (including myself, no offense intended) can do to help your fork? Putting a Beta onto my router seems ill-advised, but perhaps there is an automated "this firmware update is not optimal so immediately revert" script we could work on? I ashamedly admit that convenience is king for far too many things...

I'm always open to ideas and help! But, things like detecting non-optimal configs always makes me nervous as at least right now humans are smarter that anything I could code .

 

[john9527]

Time Machine BackUp does not work on Update-16E1. Please, fix.

Haven't changed anything in Time Machine. Seems as if Apple may have broken a lot of the 3rd party implementations. See this thread.
http://www.snbforums.com/threads/os...have-broken-time-capsule-functionality.30091/

 

[Nullity]

Sorry, the 9527 is just a number that wouldn't mean anything to anybody but me. I'm not sure I like it, but a phone keypad mnemonic would be 9lbs....of what, I don't know


I'm always open to ideas and help! But, things like detecting non-optimal configs always makes me nervous as at least right now humans are smarter that anything I could code .

I say we leave the detection of problems to the humans as well.

My interest was in streamlining a process of reverting to an old build (and config?) once we find problems with a new firmware. I guess it is not too tedious already, but making the process eaiser might increase the number of people willing to beta test.

Can't the firmwares be loaded through the SSH command line? I suppose automating the restoration of an old nvram save after down/up-grading would be too dangerous though...

 

[john9527]

I only use a VPN for a certain device in home (just the one), nothing else I use it for. I have this set on a fixed IP permanently, all my other devices use normal connection, including main PC.

In the fork now it's no longer necessary to use scripts to specify which devices use the VPN. Under 'Redirect internet traffic' change to Policy rules. Then specify what device you want to use the VPN (the default is that no devices are VPN....you can then add devices or ranges to use, and exceptions to those rules by specifically setting a WAN interface destination).

So, for you, I would delete your route-nopull and route-up statements and use policy rules (and use verb 3 to see more of what is going on).

As for the DNS servers. Well, I used to have it set via Google's, for the VPN IP separately, but for some reason I dont see that option now?

If you want to override the VPN DNS, it was probably done under Parental Controls/DNS Filter. But again, unless there is a specific reason do so, it's generally not needed. The only reason would be if you didn't want to use the PIA DNS servers for your non-VPN clients.

Should I also have DNSSEC support enabled in WAN?

Personal choice. As I said, the PIA DNS servers support it, but I wouldn't worry too much either way.

Also, is QOS on by default now?, as in AUTO or configured, but never off?

On the fork, QOS is off by default. Only turned on if you select Traditional or Bandwidth Limiter (on the beta). The main thing with QOS, is that it will disable HW acceleration (only significant if you have over 150-200 Mbs/sec ISP connection on MIPS routers, or 300 on the ARM routers).

 

[scaramonga]

Awesome stuff John! Some things I never knew there, thank you very much.

On the fork, QOS is off by default. Only turned on if you select Traditional or Bandwidth Limiter (on the beta). The main thing with QOS, is that it will disable HW acceleration (only significant if you have over 150-200 Mbs/sec ISP connection on MIPS routers, or 300 on the ARM routers).

The reason I ask about QOS though, is I was sure there used to be an on/off switch for this, but all I have are the drop down options? I only have the Traditional or Bandwidth choice, as you mentioned, which would imply that it is on regardless? Unless I'm missing something?

To enable QoS function, Click the QoS slide switch

I have no such switch

 

[john9527]

I have no such switch

And, you're also missing some other elements besides the switch. What browser are you using?

EDIT: Nevermind...was able to recreate it. I'll post up a refresh for the beta shortly.

 

[bmb]

I'm using V16E1 and have been with the fork since the beginning, so thought I should post my problem here first. Though probably not firmware related, I'm wondering if my RT-N66U is faulty.

I'm constantly losing access to the GUI, the router fails to respond until I turn it off and on again. It will be OK for about a day, but sooner or later I can't access via browser (any browser, I have Firefox, Google and IE).

I also lose access the attached USB drives, other than that, Internet access, VPN and WiFi etc all work normally.

I've now done a factory reset and reloaded all settings manually, and 24hrs later the same problem returned. Its probably been like this for several months, various firmware updates make no difference, a power down and up seems the only solution. I had it set to reboot daily at midnight, but when trying to access the GUI later that day it was unresponsive.

Any suggestions as to what I can try before condemning it?

 

[terribell]

I'm using V16E1 and have been with the fork since the beginning, so thought I should post my problem here first. Though probably not firmware related, I'm wondering if my RT-N66U is faulty.

I'm constantly losing access to the GUI, the router fails to respond until I turn it off and on again. It will be OK for about a day, but sooner or later I can't access via browser (any browser, I have Firefox, Google and IE).

I also lose access the attached USB drives, other than that, Internet access, VPN and WiFi etc all work normally.

I've now done a factory reset and reloaded all settings manually, and 24hrs later the same problem returned. Its probably been like this for several months, various firmware updates make no difference, a power down and up seems the only solution. I had it set to reboot daily at midnight, but when trying to access the GUI later that day it was unresponsive.

Any suggestions as to what I can try before condemning it?

I also have that problem appear some times but mostly I related it when the Download Master is handling lots of torrents.
Do you have it enabled?

 

[bmb]

Thanks for the suggestion.

I don't have Download Master enabled, just the basic functions used really plus VPN so I can access my Internet connection when abroad.

 

[john9527]

I'm constantly losing access to the GUI, the router fails to respond until I turn it off and on again. It will be OK for about a day, but sooner or later I can't access via browser (any browser, I have Firefox, Google and IE).

A couple of questions.....
- When this happens can you try and access the router by starting your browser in 'no-addons' mode? With Chrome, in particular, I've had some addons not play well with the gui.
- How are you accessing, via http or https?
- Do you have a session timeout set on the administration page and tend to leave the gui up so it auto logs off?
- Are you always accessing from the same client, or does this happen when accessing from a different client from the previous access?

 

[terribell]

A couple of questions.....
- When this happens can you try and access the router by starting your browser in 'no-addons' mode? With Chrome, in particular, I've had some addons not play well with the gui.
- How are you accessing, via http or https?
- Do you have a session timeout set on the administration page and tend to leave the gui up so it auto logs off?
- Are you always accessing from the same client, or does this happen when accessing from a different client from the previous access?

I don't know if my problem is the same as bmb, but on my case even the ssh cannot logon.
I always get timeouts when trying to interact with the router but as far as I can tell all the functionalities remain working.

 

[john9527]

I don't know if my problem is the same as bmb, but on my case even the ssh cannot logon.
I always get timeouts when trying to interact with the router but as far as I can tell all the functionalities remain working.

A generic problem like that can be caused by Anti-virus programs (ESET Nod is one that always comes up).. Whatever one you use, make sure all it's features are disabled for the router ip.