Advice on replacing ZenWifi

[sebmack]

I'm running an old version of Merlin with a couple of the grey ASUS ZenWifi bricks. The AIMesh works fine, but I can't upgrade the firmware and I need to now because a bug in my version interferes with Apple iCloud. ChatGPT says it's because Merlin insists boxes be on the same code, and the XD Zenwifi boxes don't run Merlin.

Does that make sense...and if so...what do I replace those boxes with? All tips welcome.

 

[jksmurf]

Trying to decipher your message… no it does not make sense and you’ll get a better answer if you take a deep breath, slow down and supply some basic details please .

Can you please state your exact main router model (it’s written on the back). If you have mesh nodes or APs coupled with the main router please state them too, plus the FW you are running and the configuration (AIMesh, APs).

You refer to ZenWifi and your reference to XD suggests ZenWiFi XD4, XD5 or XD6. You can absolutely use non-Merlin FW (stock) with a Merlin Main Router, if what ChatGPT is telling is that you need Merlin on both it’s talking through a hole in its head.

The only ZenWifi model supported by Merlin is the Zenwifi XT12 device. Gnuton Merlin FW supports two other ZenWifi models XT8 and ET8, see here.

For latest ZenWifi XDx Stock FW see here.

 

[Tech9]

Does that make sense...

No. What's the exact model of your "boxes"?

ChatGPT says it's because Merlin insists boxes be on the same code

ChatGPT is wrong. "Merlin" has nothing to do with AiMesh.

 

[sebmack]

Trying to decipher your message… no it does not make sense and you’ll get a better answer if you take a deep breath, slow down and supply some basic details please .

Can you please state your exact main router model (it’s written on the back). If you have mesh nodes or APs coupled with the main router please state them too, plus the FW you are running and the configuration (AIMesh, APs).

You refer to ZenWifi and your reference to XD suggests ZenWiFi XD4, XD5 or XD6. You can absolutely use non-Merlin FW (stock) with a Merlin Main Router, if what ChatGPT is telling is that you need Merlin on both it’s talking through a hole in its head.

The only ZenWifi model supported by Merlin is the Zenwifi XT12 device. Gnuton Merlin FW supports two other ZenWifi models XT8 and ET8, see here.

For latest ZenWifi XDx Stock FW see here.

Sorry and fair comment. I have a primary RT-AX88U running Merlin and the ControlD daemon for DNS on the JFFS. Hosting a couple of VPN's too. I have a trio of XD4s around the house, an RT-AX58U, all in an AIMesh. I'm running 3004.388.8.4. When I try to update the RT-AX88U firmware, it just goes back to the same version every time. ChatGPT may have been talking through a hole in its head - but it said that in versions after that version, all AI mesh members had to be on the same firmware, and that because the XD4 doesn't have a Merlin version, I won't get there without replacing the XD4s. The problem I'm having is that even though I delete the domain suffix from the DHCP settings (asus.com) and leave it blank, it keeps coming back. And for some mad reason iCloud is grabbing it and asking for config.apple.com.asus.com and not getting anywhere. For now I've SSH'd in and added a DNSMasq setting to have a blank domain. It works but I hate messing with that as I'm a total amateur on this stuff. But also I'm now worried about security and just want to get up to latest version.

 

[sebmack]

...if not this ChatGPT invention...what could be stopping me upgrading? I didn't think that a JFFS partition with CTRLD could block upgrades?

 

[jksmurf]

Ok let’s break this down into bits.

1. Forget ChatGPT for now. I don’t hate AI engines but if you don’t know the answer, approximately, don’t follow incorrect information down the rabbit hole. Nothing is stopping you upgrading bar the method you attempt to do so.
2. I can’t help you with ControlD. I suggest you focus on upgrading all units as far as they can go, set it up again, then start a separate thread on that.
3. I have VPNs but 2 applies here. They can be set up again.
4. The latest FW for your presumably non pro RT-AX88U and your RT-AX58U is 3003.388.11. Find it here.
5. The conventional wisdom for bigger upgrade steps is a HARD factory reset after the upgrade and reinstall your screenshot settings by hand, NOT a saved config. Don’t even think about it. It is highly unlikely ControlD is blocking upgrades, search on “Cannot Upgrade” or similar and sort by date and you will see there are many many people that struggle getting even recent FW updated.
6. If your RT-AX??U machines won’t upgrade in the first instance you have a number of options, in rough order, try upgrading to stock then Merlin, try a hard factory reset then an upgrade to latest Merlin, try installing MerlinAU via amtm and upgrading that way, try the rescue method, finally, panic.
7. For your XD4s follow the link I gave you above for the latest stock FW amd once you have upgraded the main and the AX node, add all of them back as AiMesh nodes. You do NOT need Merlin FW nodes for compatibility. Many say stock is actually better, Merlin says the original reasons for that are long overtaken by events and either will do.
8. Once you have updated the AX Main and configured your skeleton network from your SAVED screenshots, then added your nodes, you can add back ControlD and your VPNS and pfaff around with DNSmasq to your hearts content, but I’d highly recommend not trying to do it all at once or you will just end up in a big pile of poo. You might even discover some other addons, that replace or add to these, but one step at a time.

Done.

 

[bbunge]

I would also dump the ControlD install on the router. From my quick read of its operation it gets into your network far more than what I consider safe. Use something you control locally such as Pi-Hole or Diversion.

 

[Viktor Jaep]

If you are having a hard time getting firmware installed, may I suggest you look into MerlinAU? It can not only auto-update your router's firmware, but it can optionally also force an update on your router right now, or at least tell you why it might be failing?

 

[jksmurf]

If you are having a hard time getting firmware installed, may I suggest you look into MerlinAU? It can not only auto-update your router's firmware, but it can optionally also force an update on your router right now, or at least tell you why it might be failing?

Item 6 above, and yeah I agree, it’s a great option. However … some folks might not be so deep into installing addons so that in itself can be a steep learning curve. I think the OP can manage though.

 

[sebmack]

If you are having a hard time getting firmware installed, may I suggest you look into MerlinAU? It can not only auto-update your router's firmware, but it can optionally also force an update on your router right now, or at least tell you why it might be failing?

Thanks for the tip. Would be great but I'm beneath the minimum!

 

[Tech9]

Similar subject thread here with advice what to do:

RT-AX88U stuck on 386.2_6

Hey everyone, I inherited an RT‑AX88U from a friend that’s currently running 386.2_6. When I log into the GUI, I see a yellow exclamation mark in the top‑right corner telling me there’s an update available. But when I go to the firmware update page and click Check, nothing happens. If I try...

www.snbforums.com

It's on the second page of new threads. Use Search.

 

[ColinTaylor]

The problem I'm having is that even though I delete the domain suffix from the DHCP settings (asus.com) and leave it blank, it keeps coming back.

This is because the router is infected with malware. This particular malware has been reported a few times. Factory reset the router and re-flash the current firmware. Manually configure the router. Do not restore settings from an old backup as that may also contain the malware.

Manually DHCP List and Domain Name Showing Unremovable Items

I used WireGuard to connect two routers, RT-AX86U & GT-AX6600 running newest merlin firmware, and everything was working fine. However, over the past few days I noticed something strange: ．In both routers, the manual DHCP list and the domain name field started showing unusual entries that I...

www.snbforums.com

 

[jksmurf]

This is because the router is infected with malware.

Awesome pick up @ColinTaylor, amazing eye for the details that flag the underlying issue .

 

[sebmack]

This is because the router is infected with malware. This particular malware has been reported a few times. Factory reset the router and re-flash the current firmware. Manually configure the router. Do not restore settings from an old backup as that may also contain the malware.

Manually DHCP List and Domain Name Showing Unremovable Items

I used WireGuard to connect two routers, RT-AX86U & GT-AX6600 running newest merlin firmware, and everything was working fine. However, over the past few days I noticed something strange: ．In both routers, the manual DHCP list and the domain name field started showing unusual entries that I...

www.snbforums.com

I did the test it said on one of those articles a while back - didn't

This is because the router is infected with malware. This particular malware has been reported a few times. Factory reset the router and re-flash the current firmware. Manually configure the router. Do not restore settings from an old backup as that may also contain the malware.

Manually DHCP List and Domain Name Showing Unremovable Items

I used WireGuard to connect two routers, RT-AX86U & GT-AX6600 running newest merlin firmware, and everything was working fine. However, over the past few days I noticed something strange: ．In both routers, the manual DHCP list and the domain name field started showing unusual entries that I...

www.snbforums.com

But thank you - there's quite a bit it's doing odd at this point - I don't think I mentioned that it is also adding some asus addresses to the fixed address list. Dual WAN also doesn't work properly but that hasn't worked for a couple of years. Gaaahhhh...

 

[Viktor Jaep]

I did the test it said on one of those articles a while back - didn't

But thank you - there's quite a bit it's doing odd at this point - I don't think I mentioned that it is also adding some asus addresses to the fixed address list. Dual WAN also doesn't work properly but that hasn't worked for a couple of years. Gaaahhhh...

Better change some passwords... and what not. Hope it's a valuable lesson on not relying on extraneous unsecure services, and being able to keeping a better an eye on what's coming in/going out.

 

[sebmack]

So I fully hard reset the router. Ended up using Firmware recovery to latest ASUS then to Merlin. But it is totally refusing to add any AI mesh nodes. Standard refusal. Any suggestions?

 

[degrub]

Flash it back to stock ASUS firmware. factory reset again, manual config basic. Do the same on the nodes before trying to add back. Best if all are on the same firmware, at least major revision if not identical.
If that doesn't fly, contact ColinTaylor here via DM. There may need to be some manual fixes applied.

 

[jksmurf]

So I fully hard reset the router. Ended up using Firmware recovery to latest ASUS then to Merlin. But it is totally refusing to add any AI mesh nodes. Standard refusal. Any suggestions?

What is the message or behaviour that you actually see that equates to this refusal.

Did you hard reset the nodes before adding, did you use a cable. Also have the nodes got the latest FW, best they do albeit may not be imperative.

 

[sebmack]

What is the message or behaviour that you actually see that equates to this refusal.

Did you hard reset the nodes before adding, did you use a cable. Also have the nodes got the latest FW, best they do albeit may not be imperative.

HI - I got these: fg80211: Calling CRDA to update world regulatory domainCFG80211-ERROR) dhd_config_dongle : Dongle is already upcfg80211: Calling CRDA to update world regulatory domaincfg80211: Calling CRDA to update world regulatory domainCFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not setCFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not setcfg80211: Calling CRDA to update world regulatory domainCFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not set

Nothing fixes it. I think the malware torched my router. I've tried setting the regulatory domains manually, and they just get over-written with #a or blanked. Is that consistent with other reports?

 

[jksmurf]

Nothing fixes it. I think the malware torched my router.

Thanks for providing the details, appreciated.

Sorry, I’m really not familiar enough with the effects of the relatively recent spate of malware that has been affecting some ASUS Routers below specific firmware versions.

So, unfortunately, if it is malware as Colin suspects, it’s way beyond my capabilities and I can only refer you back to @ColinTaylor or maybe @CrashXRu if you can get hold of him, for some offline assistance. Best of luck!