Recent content by guetech

You could really do without the snark. I (and apparently many others) struggled all day to stay online because of an update that asus pushed to our devices. Does it matter if the update is a list of strings or a full firmware? Not at all, they broke our devices remotely. We're "whining" that asd...

Maybe Merlin will remove the surfshark ads. Not that they're a big deal, but it's the principle, you know? We all paid a fair amount for our routers.

Your best bet is to use a hostname (DDNS or otherwise). I used to regenerate the SSL cert when my WAN IP changed but it introduces a lot of quirks to use certs mapped to IPs. Let's encrypt + a custom DDNS works much better. I'm having the same issue with IPv6 and I wish Merlin would add a...

That won't work for me because I'm using an AX55 as the repeater and there's no scripting support, but it might be a solution for others yes. Something like nvram set wl0_closed=0 nvram set wl1_closed=0 Would need a cron because aimesh propagates config every now and then.

Something along those lines: * * * * * fix-guest-networks-cron #!/bin/sh PREV_VALUE="$(cat /tmp/fix-guest-status 2> /dev/null)" CURR_VALUE="$(brctl show)$(ebtables -t broute)" if [ "$PREV_VALUE" != "$CURR_VALUE" ]; then /jffs/scripts/fix-guest-networks echo "$(brctl show)$(ebtables -t...

Thank you for the insight! Do you know if it's possible with ebtables to drop packets going from other interface to the guest/wds interface? With the current rules the guest can't send broadcasts but it will still receive them from other interfaces (asuswrt relies on client isolation to stop...

I had the same feeling so I tried dropping traffic to cfg_server (UDP 7788 and TCP 7788) and infosvr (UDP 9999) on the primary to see if it would help. The primary no longer knew the SSIDs of the repeater (they were visible in nvram show before) and no longer knew it was an AX-55, so that's...

The interface is automatically created when the repeater connects, it isn't present before that. Edit: Let me know if I can enable a more verbose logging mode to follow more closely what happens when the repeater connects to the primary!

The log from my post here was taken from the primary router, it shows what happens when the repeater connects to it. All this talk about WDS is a red herring because both repeater mode and aimesh use a modified WDS that is unrelated to enabling/disabling WDS in the GUI on the primary router...

Agreed this is clearly a flaw. I shouldn't be able to trivially access someone's intranet if they give me their isolated guest ssid password... Can you tell me more about this pro firmware? Where to find it, is it compatible with the regular ax86u?

You are correct that AiMesh does carry the guest 1 isolation. However AiMesh also doesn't allow to disable the main SSID on the node. I don't want devices connected to my main SSID to roam to it. Manually pinning all my clients to stay on the master isn't realistic either.

I just tried, it is NOT fixed. Steps: - Create guest network 1 with intranet disabled on main router (388.2, tried both latest stock and merlin). - Connect to the guest network, confirm I am indeed in the vlan. - Setup second router as Repeater mode, connect it to the guest network - Connect...

It's now 2 years later and I have the exact same issue with AX86U (main, 388) + AX55 (repeater, 386). Basically if someone knows your guest network password and buys an asus router they can get full access to your main network. This is a major flaw in my opinion and a shame that asus refuses to...