RT-AC68U lost settings.

[bbunge]

RT-AC68U running Merlin 378.51 and has been stable since I flashed the firmware a few days after it was released. Yes, I did a factory reset after the upgrade. Yesterday the port forwarding settings disappeared. Tonight I rebooted the router (connected via VPN as the router is 30 miles away) and now I can't connect with the router via VPN or an always on wired PC inside the remote lan running Teamviewer. My guess is all the router settings are messed up! Any recommendations? Oh a second RT-AC68U connected to the same Comcast cable modem is working fine. Possible I have a dud router? Thanks, Bill

 

[martinr]

Apologies if I've got hold of the wrong end of the stick, Bill, but to clarify: am I right in thinking the first part of your problem is that you are now locked out of the router, and are stuck 30 miles away? If so, do you have ssh enabled such that you could access the router's web gui via your browser through an ssh tnnnel set up by Putty or similar (ssh local port forwarding)?

By the way, was that OpenVPN or the PPTP vpn? I know that PPTP can be hacked, but I think there's possibly a case for leaving that server running in addition to the OpenVPN server(s) to test, in such situations, whether the glitch is associated with the vpn (and, if it is, then there's a (relatively) safe alternative route in.)

 

[Heath Kehoe]

If your router's NVRAM is full, the result is randomly disappearing configurations. I've had that happen on mine. I'm using both OpenVPN server instances, each with its own set of keys, which eats up a lot of the limited NVRAM storage. And the ASUS firmware doesn't gracefully handle if there's too much config to fit in NVRAM; so stuff gets lost.

In my case, the port forward settings were the first to go, too.

It also doesn't help that the networkmap code wants to save a bunch of crap into nvram; and if your LAN has a lot of devices, that can cause large strings to be written to nmp_client_list and client_info_tmp, using up precious space.

I made a custom build of the firmware in which I removed -DNMP_DB from CFLAGS in src/router/networkmap/Makefile which prevents the firmware from saving nmp_client_list; and I also commented out the nvram_set("client_info_tmp"....) in src/router/httpd/web.c

 

[Calisro]

The likely culprit is too large vpn certs. On the wiki, I created a page for offboarding the certs from nvram to jffs. Should stop you from filling up nvram.

https://github.com/RMerl/asuswrt-merlin/wiki/reducing-nvram-for-openvpn-certs

 

[bbunge]

Thanks for the input. I made the trip to reprogram the router yesterday and set up a PC that is connected to the two subnets in the building so I can remote into the PC to control either of the routers. Yes, I do have a lot of clients as we rebuild PC's to give to needy folks. I had been using an IPFire router/firewall that worked very well but wanted to get away from a PC based system for reliability. That is why I chose Asus after I had great luck with an RT-N66R at home. We are shut down till Tuesday so I have time to digest your recommendations. Would it be simpler to set up a script that reboots the routers nightly? Thanks, bb

 

[Calisro]

rebooting the router wont decrease nvram usage.

 

[bbunge]

What if I moved nmp_client_list and client_info_tmp to a USB drive and created symbolic links in their place? Is there a better way to keep these files smaller? bb

 

[Calisro]

You cant sym link to nvram.

 

[bbunge]

No, sym link from NVRAM to USB drive.
Also found this: http://www.snbforums.com/threads/nmp_client_list-eating-up-all-nvram-space.20491/

 

[Calisro]

same answer. lol. you cant symlink nvram to usb dtive. nvram is ram. usb is a disk.

You can do the workarounds in that thread but if you simply move your certificates you wont have issues. I've given you a fix besides conpiling your own firmware now its up to you.

 

[bbunge]

As a test I tried to clear the list with this:

nvram set nmp_client_list=
nvram commit

All devices that are not active on the network were cleared from the network map. Next, figure out a script to run daily to kep the list clear. Merlin, if you are following this, how about an option to do this on the next release?

bb

 

[RMerlin]

All devices that are not active on the network were cleared from the network map. Next, figure out a script to run daily to kep the list clear. Merlin, if you are following this, how about an option to do this on the next release?

bb

Already planned, but I had higher priorities ahead of adding this, so I didn't have the time yet.

 

[bbunge]

Created a script in jffs:

cat << EOF > /jffs/scripts/services-start
#!/bin/sh
/usr/sbin/cru a CleanNVRAM "0 6 * * * nvram set nmp_client_list= && nvram set client_info.tmp= && nvram commit"
EOF

Followed this: http://www.snbforums.com/threads/scheduling-rebooting.11044/

Running commands manually gives me more NVRAM. Will see how it works on my home router over the weekend.

Bill

 

[bbunge]

Update to the script to clean NVRAM. I discovered that in addition to the two files, webdav_smb_pc also contains data I want to clear on a daily basis. So the script now contains:

nvram set nmp_client_list= && nvram set client_info_tmp= && nvram set webdav_smb_pc= && nvram commit

One problem is that the data in webdav_smb_pc comes back shortly after the setting is cleared. This means that the old device info still shows up in AiCloud.

Would appreciate any input to keep Samba from showing devices that are no longer in use on my LAN.

Thanks,
Bill

 

[bbunge]

After a couple of days running the script to clean up the NVRAM I am satisfied with the results for my application. Should note that this is on two RT-AC68Us and an RT-N66R.

Enable SSH and allow scripts in JFFS.

Created a script in jffs I logged in with Putty and used the following commands:

Note: (Enter) is not a command you type in but when you should press the Enter key. Sometimes the long lines wrap in the forum and are confusing. If you do not like the term CleanNVRAM use what you like.

cat << EOF > /jffs/scripts/services-start (Enter)
#!/bin/sh (Enter)
/usr/sbin/cru a CleanNVRAM "0 1 * * * nvram set nmp_client_list= && nvram set client_info_tmp= && nvram set webdav_smb_pc= && nvram commit" (Enter)
EOF (Enter)

Next:

chmod a+rx /jffs/scripts/services-start (Enter)

Start your script:
/jffs/scripts/services-start (Enter)

To see if your cron is running:
cru l (Enter)

You should see: 0 1 * * * nvram set nmp_client_list= && nvram set client_info_tmp= && nvram set webdav_smb_pc= && nvram commit followed by the name of the job, in my case CleanNVRAM


This will give you a cron job that will run at 0100 every day and clean your routers NVRAM in three areas. My experience is that the values are rebuilt in NVRAM as SMB (Windows or Samba) devices become active and talk with each other and enabling devices to show up on AiCloud. Cleaning out the webdav_smb_pc= area may not be necessary for you and likely will mess up some things like traffic analysis. Your call to use this. As for me it is more important to keep the router running than to see who is surfing where.

 

[bbunge]

The likely culprit is too large vpn certs. On the wiki, I created a page for offboarding the certs from nvram to jffs. Should stop you from filling up nvram.

https://github.com/RMerl/asuswrt-merlin/wiki/reducing-nvram-for-openvpn-certs

I also did this to free up some space. Had problems the first time through so I factory reset my router, manually configured everything and read the instructions carefully the second time. I did use WinSCP to create the cert files, copied the certs from the Asus GUI and pasted them into WinSCP Editor. Also changed permissions on the files to 0666. Two more routers to do but will not do them remotely in case something does not go right. Thanks! Bill

 

[Josh T]

Wow. I wish I found this earlier. I've been going mad with my DSLAC68U where NAT settings disappear. This is the first sensible explanation of what is going on. In my case I set up a cron in usbmount (the non-Merlin workaround) to just clear client_info_tmp. And that fixed the issue.

As previously mentioned too many network devices is filling up nvram and NAT is the first to go. Everytime my router resets or reboots I loose NAT. Worse, I couldn't recreate the entries in the GUI, I had to create a script to keep updating them in nvram.

Well no longer, thank you all for this.

 

[crapinon]

Just out of interest how many is 'too many network devices'?
Do you guys have 50? 100? 200?

TIA

 

[Josh T]

In my case 25 but it wouldn't help that almost all require static IP as they are smart devices. I notice this creates a pretty big entry in nvram. So in my case that is probably what tipped me over.

 

[bbunge]

Oh boy! Is this an old post!!!

F.Y.I. Johns fork is still running on these RT-AC68U routers. About to upgrade the firmware again. And if you are in need of moving certs to jffs to free up nvram John has some built in scripts to do this for you!
The DNSSEC and DoT are great as well!

Sent from my P01M using Tapatalk