[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[alfie]

Can you log into the router and post the output of this command:

ls -l /etc/cert.pem /etc/key.pem

ls: /etc/cert.pem: No such file or directory
ls: /etc/key.pem: No such file or directory

 

[alfie]

Can you log into the router and post the output of this command:

ls -l /etc/cert.pem /etc/key.pem

I see cert.pem is here

ls: /etc/ssl/key.pem: No such file or directory
lrwxrwxrwx    1 admin    root            17 Jan 22 22:04 /etc/ssl/cert.pem -> rom/ca-bundle.crt

 

[ualdrivr]

There are some here:
https://onedrive.live.com/?authkey=!AKXdaMzjqVKbGsc&id=9332FC159A7E129!1117&cid=09332FC159A7E129

WTF is going on? is John here or he's not?

 

[slobodan]

WTF is going on? is John here or he's not?

Both are true.

 

[ualdrivr]

This is a fork of Merlin's firmware that has been maintained by @john9527 since 2014 based on the older 374.43 code base. It's only available for routers that were in production at the time of that 374.43 release. You can't use it with your "modern" 88U.

John has taken a hiatus from the forums, but continues to post new builds of his firmware in his Onedrive folder, without announcing any official release.

 

[joe a]

WTF is going on? is John here or he's not?

He is not actively posting or responding on the forum, but new releases of his firmware are still available from time to time.

 

[wh7qq]

As a new "beta" has been posted to his dev folder on one drive, I suppose he is releasing new stuff without needing to support it...which can be very time consuming. I am running 40ED as we speak on my RTN66U without problems. If that makes you squeamish, use it or not at your discretion. An alternative is the "Fresh Tomato" fork of the Shibby approach...may or may not be a better bet. It doesn't look like the Merlin/Asus stuff at all but like the old Tomato that we knew and loved. Your hardware, your call but best to be recent to avoid invasive problems. As for John, this isn't like Windows with paid developers...he owes nobody here anything.

 

[RMerlin]

Both are true.

 

[sto]

And installed 41E6 on my RT-N66U without problems. Thx John.

Is DoT working on your N66?

 

[wh7qq]

I am not even aware of DoT...WTF is it? In answer to your question, I have no idea.

 

[SevenFactors]

Hello.

Is there a way to add DNS resolvers at our end to the list of available DoT servers list within Johns' fork? I'm running version 39E3j9527. Basically what I'm asking is, can the list be accessed and edited via SSH? If so, what would the path to the list be?

The reason I ask is because I recently became aware of https://pi-dns.com/ which is a DNS resolver based on pi-hole (no associations between the two)

 

[SevenFactors]

Is DoT working on your N66?

Edit: My bad. I didn't notice you were asking on regard to an unreleased firmware.

DoT works fine for me on N66. I use it with 9.9.9.9 secure ips and 1.1.1.1
I also have DNSSEC enabled. DNSSEC method: dnsmsq and strict DNSSEC enforcement.

 

[dave14305]

Hello.

Is there a way to add DNS resolvers at our end to the list of available DoT servers list within Johns' fork? I'm running version 39E3j9527. Basically what I'm asking is, can the list be accessed and edited via SSH? If so, what would the path to the list be?

The reason I ask is because I recently became aware of https://pi-dns.com/ which is a DNS resolver based on pi-hole (no associations between the two)

Login via ssh and run /usr/sbin/stubby-update-resolvers.sh. Then find the file now editable at /jffs/etc/stubby-resolvers.csv. Pay attention to the required columns. If you mess it up, you can revert by running "/usr/sbin/stubby-update-resolvers.sh default" and it will reset to the default ROM version of the file. I'm 99% sure the path to the script is /usr/sbin.

 

[dave14305]

The reason I ask is because I recently became aware of https://pi-dns.com/ which is a DNS resolver based on pi-hole (no associations between the two)

It might also be worth giving nextdns.io a look. They allow many different filter lists and support many DNS methods (i.e. Stubby), including their own DoH client on John's fork. They will likely turn into a fee-based service, but for now they are in beta and very neat features.

 

[sto]

I am not even aware of DoT...WTF is it? In answer to your question, I have no idea.

DoT is DNS over TLS, which works on my N66U with John's 39E3 firmware. I'm curious whether it works on the as yet unreleased 41E6 firmware on his development drive. The question was meant for Builder71, but thanks for your reply.

 

[phx28777]

DoT is DNS over TLS, which works on my N66U with John's 39E3 firmware. I'm curious whether it works on the as yet unreleased 41E6 firmware on his development drive. The question was meant for Builder71, but thanks for your reply.

From 41E3 Changelog

* FIXED: stubby: re-add getaddrinfo workaround for MIPS dropped in last release

I have an AC router running 41E6 and DoT works fine but I believe with this fix it also works on the N66U with 41E6

 

[SevenFactors]

Login via ssh and run /usr/sbin/stubby-update-resolvers.sh. Then find the file now editable at /jffs/etc/stubby-resolvers.csv. Pay attention to the required columns. If you mess it up, you can revert by running "/usr/sbin/stubby-update-resolvers.sh default" and it will reset to the default ROM version of the file. I'm 99% sure the path to the script is /usr/sbin.

Thank you very much, Dave. This was right on point.
I was able to edit, enter and successfully add the necessary information for the pi-dns servers to the DoT server list.

"pi-dns EastUS",185.213.26.187,2a0d:5600:33:3::abcd,853,"dot.eastus.pi-dns.com",,,yes,yes,yes
"pi-dns WestUS",45.67.219.208,2a04:bdc7:100:70::abcd,853,"dot.westus.pi-dns.com",,,yes,yes,yes

Everything is sound. Names are resolving. DNS Leak Test is as expected.

Side note/comment:
I was surprised to see that several of the DNS on the list do not provide a "tls_pubkey" To me it sounds like something necessary but I guess not since 1.1.1.1 nor Quad9 have one, at least on the DoT list. Thought after noticing this, it made it easier on me for adding the pi-dns:

 

[SevenFactors]

It might also be worth giving nextdns.io a look. They allow many different filter lists and support many DNS methods (i.e. Stubby), including their own DoH client on John's fork. They will likely turn into a fee-based service, but for now they are in beta and very neat features.

This is very nice. I was not aware of nextdns.io They have some neat features like giving you control over your own black/white listing and services. Rewrites sounds very useful. For so much control I can see them charging a fee after the beta. Value for value.

The fact they support so many platform including ASUS-Merlin stand them out to me.

Thanks

 

[sto]

From 41E3 Changelog

* FIXED: stubby: re-add getaddrinfo workaround for MIPS dropped in last release

I have an AC router running 41E6 and DoT works fine but I believe with this fix it also works on the N66U with 41E6

Good to know. Thanks!

 

[dave14305]

This is very nice. I was not aware of nextdns.io They have some neat features like giving you control over your own black/white listing and services. Rewrites sounds very useful. For so much control I can see them charging a fee after the beta. Value for value.

The fact they support so many platform including ASUS-Merlin stand them out to me.

Thanks

If you haven’t seen it, one of the founders (@Olivier Poitrey) maintains a thread here: https://www.snbforums.com/threads/nextdns-installer.61002/