amtm amtm step-by-step install guide - L&LD

[elorimer]

Firstly big thanks to @RMerlin @L&LD
@Adamm @thelonelycoder @ColinTaylor and anybody else I'm forgetting for not only creating and sharing these amazing tools but for the documentation and guides to get everything up and running!

Finally built up the courage to install amtm, disk check, Entware, Skynet and Diversion (in that order). I know, installing Diversion installs Entware, but I didn't decide on that until after. Anyway, after installing Diversion it asks to confirm to reboot the router so I did that but it turned off my RT-AC86U instead. I was doing some reading on the forum waiting for it to reboot and looked up and saw all the lights were off. I pushed the power button off then on and it came back up just fine.

Curious to know if this is normal? I'm a bit OCD and it sort of threw off how smoothly and perfectly everything was going. Still all in all everything seems to be working fine and I'm very happy I decided to do this. Thanks to you all it was way easier than I expected.

Unfortunately it appears to be so. A reboot from the webgui for me invariable results in the 86U turning off.

 

[a5m]

Unfortunately it appears to be so. A reboot from the webgui for me invariable results in the 86U turning off.

Okay phew good to know. Not that the router turns off instead of rebooting, but that I'm not the only one experiencing that. Thank you.

 

[thelonelycoder]

Okay phew good to know. Not that the router turns off instead of rebooting, but that I'm not the only one experiencing that. Thank you.

It's a hardware or software or other problem some of the RT-AC86U's suffer from.
Only Asus can fix this, if the can.

 

[a5m]

Firstly big thanks to @RMerlin @L&LD
@Adamm @thelonelycoder @ColinTaylor and anybody else I'm forgetting for not only creating and sharing these amazing tools but for the documentation and guides to get everything up and running!

Finally built up the courage to install amtm, disk check, Entware, Skynet and Diversion (in that order). I know, installing Diversion installs Entware, but I didn't decide on that until after. Anyway, after installing Diversion it asks to confirm to reboot the router so I did that but it turned off my RT-AC86U instead. I was doing some reading on the forum waiting for it to reboot and looked up and saw all the lights were off. I pushed the power button off then on and it came back up just fine.

Curious to know if this is normal? I'm a bit OCD and it sort of threw off how smoothly and perfectly everything was going. Still all in all everything seems to be working fine and I'm very happy I decided to do this. Thanks to you all it was way easier than I expected.

So right after doing the above, I noticed the CPU Cores were at 50-60%. I figured this was normal. Last night (24 hours later) I checked and both were pegged at 97-99%. Doing a quick search I found that if you make any setting changes to Diversion this can happen and a reboot brings it back to normal. Yesterday earlier in the day I had forced an update for Skynet to try and get the WebGUI to work, so I thought maybe it was related so I rebooted last night and the cores went back to idling at 0%. Just checked now and they are both back up fluctuating between 45-70%. Is this normal?

 

[L&LD]

@a5m I don't know if it's normal (btw, what router do you have again?) but I always, always reboot the network at least once after making any changes.

First, to see that the changes 'stick'.

Secondly, to make sure that the router is not still in 're-configuration' mode internally (as you may be seeing with your report above).

With any change, I wait a minimum of 15 minutes before rebooting (at least once). With major changes and depending on how much time I have at that customer's location, I prefer to rebooting closer to an hour or more (the slower/older routers need that time to finalize their internal 're-configuration'.

Usually? I do both (once after about 15 to 20 minutes and then again after an additional hour).

On your own home network, these times are not as critical (if you can boot whenever you want).

But, when I'm at a customer's location, I find these guidelines to work well and help me from having to visit those customers again for issues that can simply be 'fixed' with a mere reboot.

Note; at the 15-minute mark, I usually reboot via the GUI. At the 1-hour mark, I usually pull the power plug and wait 2 minutes (or more) before I reconnect power to the router.

 

[a5m]

@a5m I don't know if it's normal (btw, what router do you have again?) but I always, always reboot the network at least once after making any changes.

First, to see that the changes 'stick'.

Secondly, to make sure that the router is not still in 're-configuration' mode internally (as you may be seeing with your report above).

With any change, I wait a minimum of 15 minutes before rebooting (at least once). With major changes and depending on how much time I have at that customer's location, I prefer to rebooting closer to an hour or more (the slower/older routers need that time to finalize their internal 're-configuration'.

Usually? I do both (once after about 15 to 20 minutes and then again after an additional hour).

On your own home network, these times are not as critical (if you can boot whenever you want).

But, when I'm at a customer's location, I find these guidelines to work well and help me from having to visit those customers again for issues that can simply be 'fixed' with a mere reboot.

Note; at the 15-minute mark, I usually reboot via the GUI. At the 1-hour mark, I usually pull the power plug and wait 2 minutes (or more) before I reconnect power to the router.

Thanks for your quick reply!

I have the RT-AC86U. I followed your guide and rebooted and waited 10 minutes after changing the SSH Port and enabling 'SSH Brute Force Protection'.

Then I installed amtm which I don't think required a reboot. I proceeded to install the USB drive, format it, create a swap file, install disk check, and reboot the router. Checked and the USB drive passed.

Then I installed Entware, after which I believe the router needed to be rebooted. Then Skynet, again after which I think a reboot was required. Then finally Diversion and I definitely remember a reboot being required, but as discussed earlier, it actually turned the router off. I of course manually powered it back up.

I didn't wait between the above 3 reboots. I did all this at midnight. The next morning around 10am I was trying to get the Skynet WebGUI to work so forced an update but that was it. I noticed the cores were around 50-60%. I didn't reboot or anything. Then last night at around midnight I saw both cores were maxed out. I rebooted and for at least 10 minutes saw they were just idling. I should have checked them again but didn't until just a while ago, where I saw them back at around 45-70%.

I was just wondering assuming everything goes right what the CPU usage should be.

 

[CaptainSTX]

I was just wondering assuming everything goes right what the CPU usage should be

I have an AC86. I do not run diversion but I run amtm, entware, skynet, spdMerlin, scMerlin, connmon. I do have one VPN server running along with two VPN clients. Both WiFi radios are on including guest networks.

The CPU on both cores usually shows 0 - 3% utilization except when spdMerlin automatically runs speed tests then the usage jumps up particularly when it is running a speed test on one of the VPN tunnel connections.

 

[L&LD]

@a5m that CPU usage is too high. You are using the 384.15 Alpha firmware, correct (for the Skynet GUI to work)?

Another check before you dive into what follows below: do you have AiProtection enabled? If so, disable it.

In the order of your steps above, I see you installed Entware and afterward Diversion. I don't recommend doing it like that (although amtm should have checks and balances to integrate them properly either way).

In your case, I would be tempted to 'nuke' everything and start again, with regards to the scripts.

Specifically;

• Backup any files you deem important to be saved from both the USB drive and the JFFS partition.
• I don't recommend using these files though while we are determining the cause of the high CPU usage.
• Remove the USB drive and format it in a computer as NTFS.
• Format the JFFS partition on the next reboot (via the GUI option) and then reboot twice waiting 15 minutes between boots.
• After allowing the router to settle after the second reboot, install amtm to the JFFS partition.
• Insert the NTFS formatted USB drive and proceed to format it as Ext4 with journalling on.
• Enable the disk checker. Create a swap file (I recommend the maximum 2GB size). Reboot the router as required and wait at least 10 minutes after it reboots before continuing with the scripts (the network can be used as normal otherwise).
• Install Skynet. Wait for 5 to 10 minutes (or until you can go to the Skynet menu and it doesn't show a 'locked file').
• Install Diversion (which will install Entware properly) - follow the first post in this guide for more details.
• At the main screen of amtm, ensure that all the scripts and Entware are updated by typing 'u' and hitting enter.
• Update any indicated out-of-date files.
• After 15 minutes, reboot the router via the GUI.
• After about an hour (or longer), I would pull the power plug and wait 2 minutes before powering up the router again.
• After every reboot; check the disk checker logs. Be patient for a good 10 minutes before trying to see any true 'idle' CPU's or interacting with the scripts or GUI additions.

 

[dave14305]

Thanks for your quick reply!

I have the RT-AC86U. I followed your guide and rebooted and waited 10 minutes after changing the SSH Port and enabling 'SSH Brute Force Protection'.

Then I installed amtm which I don't think required a reboot. I proceeded to install the USB drive, format it, create a swap file, install disk check, and reboot the router. Checked and the USB drive passed.

Then I installed Entware, after which I believe the router needed to be rebooted. Then Skynet, again after which I think a reboot was required. Then finally Diversion and I definitely remember a reboot being required, but as discussed earlier, it actually turned the router off. I of course manually powered it back up.

I didn't wait between the above 3 reboots. I did all this at midnight. The next morning around 10am I was trying to get the Skynet WebGUI to work so forced an update but that was it. I noticed the cores were around 50-60%. I didn't reboot or anything. Then last night at around midnight I saw both cores were maxed out. I rebooted and for at least 10 minutes saw they were just idling. I should have checked them again but didn't until just a while ago, where I saw them back at around 45-70%.

I was just wondering assuming everything goes right what the CPU usage should be.

Diversion and Skynet should use no CPU normally, because they don't DO anything. By this I mean that they enhance dnsmasq and the iptables firewall (respectively). They run periodic maintenance tasks but they shouldn't create long-lasting CPU usage.

You need to get comfy with the "top" utility (or better yet install htop from Entware "opkg install htop"). If you see diversion ash_history at the top of the CPU list, that had been a problem for some people from time to time. I think you can still use Diversion to reset ash_history.

Post some top/htop results when you see high CPU. We'll help you diagnose.

 

[CaptainSTX]

Another check before you dive into what follows below: do you have AiProtection enabled? If so, disable it.

FYI I have AiProtection enabled and don't have any issues. However, with Skynet enabled it seldom blocks anything so disabling it won't decrease your your security.

I agree that the OP probably needs to follow the steps you recommend including a nuclear reset. It may not be the solution as one of the dud AC86s ASUS sent me had similar issues with memory and no number of nuclear resets would fix it. At some point in time an RMA may be necessary.

 

[a5m]

You guys are awesome. Thank you so much for your help

@CaptainSTX Thank you for sharing this. So clearly my CPU usage is way above what it should be.

@L&LD Sorry for leaving that out. No I'm still on 384.13. I realized after forcing the Skynet update that I needed 384.15 Alpha for the WebGUI to work Decided to just wait for the final release, but now tempted to use this as an excuse to try 384.14_2. Though not before I sort this out first.

I do not have AiProtection enabled. Yes, I installed Diversion afterwards. I know this isn't the recommended method, but I changed my mind and decided to use Diversion after all was said and done.

I agree. I'm tempted to nuke and start over. As a result of being OCD I'm a bit silly, so can I format the drive using amtm or is it better to do it on the PC? If I first format through amtm (Step 6), remove it (Step 3), then follow from Step 4 would that be a bad idea? Sorry for seeming ungrateful, I'm not, but it just felt more right (?) to format on the router using amtm. I know, I'll just use the PC

I should've already mentioned this, but since first setting up this router I've had a script running to forward ports using iptables to my NAS that's on a OpenVPN connection. OpenVPN is running on the router, with a policy rule to only route the NAS through it. Here are the instructions I followed for that script, but mine looks as follows:

#!/bin/sh
iptables -I FORWARD -i tun11 -p udp -d destIP --dport Port -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d destIP --dport Port -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport Port -j DNAT --to-destination DestIP
iptables -t nat -I PREROUTING -i tun11 -p udp --dport Port -j DNAT --to-destination DestIP

@dave14305 Thanks for confirming what the normal CPU usage should be.

Yes I saw "top" and "htop" mentioned in that thread that suggested a reboot after making changes to Diversion to see what was hogging resources. I looked in amtm and that script wasn't there, but I'll follow your suggestion tonight first to pinpoint where the problem is, just in case it gives us any useful information. Worst case I'll just nuke and start over and see what happens.

 

[a5m]

Thought I'd make a new post so everyone can see this update:

Was poking around in Diversion's settings and saw Skynet was suggesting to enable additional hosts files, so I did. Don't know if that had anything to do with it, or the router just needed yet another restart, but after doing so the CPU usage is now <10%, and mostly <5%. Yay

Thanks again for everyone's help. I believe it was that common issue reported with Diversion and high CPU usage. Not sure what fixed it but I'm leaving well enough alone for a while

 

[TheLyppardMan]

amtm not installing on my RT-AX88U. If I paste in the install command, I see amtm with all the options to install other scripts and I've just used it to format my USB flash drive, but if I theh log in with xShell and type /jffs/scripts/amtm, I just get an error that amtm cannot be found. This is what I see if I log in with WinSCP.

 

[dave14305]

amtm not installing on my RT-AX88U. If I paste in the install command, I see amtm with all the options to install other scripts and I've just used it to format my USB flash drive, but if I theh log in with xShell and type /jffs/scripts/amtm, I just get an error that amtm cannot be found. This is what I see if I log in with WinSCP.
View attachment 21376
View attachment 21377

If you are on 384.15, type

/usr/sbin/amtm

the first time and it should cleanup the old alias or entware link. Logout and login again. Then you should be able to just enter amtm without any path.

 

[TheLyppardMan]

If you are on 384.15, type

/usr/sbin/amtm

the first time and it should cleanup the old alias or entware link. Logout and login again. Then you should be able to just enter amtm without any path.

Thanks Dave - that's solved it.

 

[L&LD]

@TheLyppardMan, yes, I have to update these instructions as RMerlin 384.15_0 forward has amtm included.

 

[thelonelycoder]

@TheLyppardMan, yes, I have to update these instructions as RMerlin 384.15_0 forward has amtm included.

Let them know that the r in the firmware version resets amtm, starting fresh after.
If the error "-sh: /jffs/scripts/amtm: not found" comes up, LOG OUT OF SSH, then back in. If it still persists, run amtm with the full path to the file:

/usr/sbin/amtm

Then after amtm started the firmware version LOG OUT OF SSH.
It is impossible to remove an alias in an active SSH session. Logging out of SSH is the only way to clear it.

 

[RMerlin]

AMTM step-by-step:

1) Upgrade to Asuswrt-Merlin 384.13_4 or 384.15.
2) You're done.

 

[elrengo]

Enable JFFS custom scripts and configs ​

1. Go to Administration and select the System Tab
2. Click 'Yes' to the 'Enable JFFS custom scripts and configs' option
3. Click USB Mode option to use 'USB 2.0'
4. Enable SSH to 'LAN Only'
5. Change SSH Port to '51111'. (Example port number)
   1. We want to use a different 'default' than Port '22'
   2. Anything between '49152 - 65535' is allowed for Dynamic and/or Private Ports
6. Make sure 'Allow Password Login' is 'Yes'
7. Set 'Enable SSH Brute Force Protection' to 'Yes'
8. Finally, make sure to hit the Apply Button at the bottom of the screen

Great post! I really enjoyed reading your post. You explain very well. All my configuration on my RT-AC3100 I did it following old guides from HQT (https://hqt.ro/how-to-install-new-generation-entware/ | https://hqt.ro/rutorrent-on-asuswrt-router-through-entware/) a few month ago I update Entware and new version of ruTorrent. Your explain is great because explain more details. I'have two doubts about your explanation:

1. Why USB 2.0? I have a WD 1TB HDD USB 3.0 connected to USB 3.0 port from my RT-AC3100.-
2. SWAP file or SWAP Fylesystem. I like the filesystem instead of file. I've configure a 1GB of SWAP Filesystem. Is better to change my configuration?

My External drive is formatted before I installed everything. With my EXT4 filesystem and SWAP filesystem.

 

[AntonK]

This is a step-by-step guide that will show how to optimally set up a USB drive for Asus’ RMerlin powered routers that will at the very minimum allow for use of a swap file for your supported router. It will optionally install Entware properly too, all with the help of amtm by @thelonelycoder. The world of scripts will soon become child’s-play with these powerful tools and allow to make your network, more your own.

The full power and control this will give you over your network and clients have not fully been understood yet, but do not worry! Time will give to those who wait. In return, please consider any contribution you can to those that create and continue to support these scripts for us. They really and truly deserve our full support, including @RMerlin for providing such a powerful and stable platform for us to fully use and enjoy.

This guide will make a few assumptions to try to keep it as concise as possible. First, I am assuming that we are using a supported RMerlin Asus router. Second, I am assuming that your router is stable and is in a good/known state. Thirdly, I take no responsibility for what the following steps and scripts may potentially do to your router, your USB drive, or your network. Not that there is anything wrong with the steps or scripts as presented and used correctly, but I have no control over your use of these steps and scripts. Follow the steps closely, please ask questions if you need to ask, but the final decision and responsibilty to go ahead with this guide is yours alone. For support on these scripts, please use the appropriate thread that each developer has created for their script(s).

Hope this guide leads you a little more gently down the scripting path for some of the same rewarding discoveries I have found on it too. Let's begin.

Enable JFFS custom scripts and configs ​

1. Go to Administration and select the System Tab
2. Click 'Yes' to the 'Enable JFFS custom scripts and configs' option
3. Click USB Mode option to use 'USB 2.0'
4. Enable SSH to 'LAN Only'
5. Change SSH Port to '51111'. (Example port number)
   1. We want to use a different 'default' than Port '22'
   2. Anything between '49152 - 65535' is allowed for Dynamic and/or Private Ports
6. Make sure 'Allow Password Login' is 'Yes'
7. Set 'Enable SSH Brute Force Protection' to 'Yes'
8. Finally, make sure to hit the Apply Button at the bottom of the screen

Hi L&LD,

I have an 88U with a front-facing USB 3.0 port, and a USB 3.0 stick. Do you still recommend "Click USB Mode option to use 'USB 2.0'" in the router's firmware?

Thanks,
Anton