Release Asuswrt-Merlin 3006.102.4 is now available

[ExtremeFiretop]

AMTM ??? No idea.

Cheers,
Bob.

In ssh, enter "amtm" for the repo of available scripts. If your manually installing scripts you'll fall behind on any script moved to OSR.

 

[TonyK132]

Seriously, just try it out. That is how some of us figured all this stuff out, through trial and error, for our use case since there isn't much documentation from Asus on the specifics of the Guest Network Pro feature.

If you put your IoT devices in an IP range like 52.xx, then how does a device on the main IP range, say 2.xx, communicate with it to get status, reports, or change settings? For example, I could put my thermostat on 52.xx, but my computer is on 2.xx. They will not talk unless there is a path from 2.xx for that device to the other device on 52.xx.

Also, are all the devices on 52.xx isolated from each other, or can each of those devices all the other devices on that addr range?

 

[Dedel66]

It depends...
If you set the AP isolated the devices are isolated.

 

[bennor]

If you put your IoT devices in an IP range like 52.xx, then how does a device on the main IP range, say 2.xx, communicate with it to get status, reports, or change settings? For example, I could put my thermostat on 52.xx, but my computer is on 2.xx. They will not talk unless there is a path from 2.xx for that device to the other device on 52.xx.

Also, are all the devices on 52.xx isolated from each other, or can each of those devices all the other devices on that addr range?

People are finding that certain IoT devices work best if kept on the main LAN and not on a Guest Network Pro network.

If one has set the Guest Network Pro profile Use same subnet as main network to disable but still need to have communication between the main LAN and the Guest Network Pro Profile clients then try enabling Access Intranet option in the Guest Network Pro Profile. If that Access Intranet option doesn't work (reports are mixed) then one can try using the IPTables scripting with a firewall-start script file that has been extensively discussed in several other posts/discussions. Here are a few of those past discussions:

Trying to understand Guest Network Pro limitations

Using an AX-86U Pro on FW 3006.102.4_beta1, I'm experimenting with Guest Network Pro and VLANs and I must be missing something. I've created a VLAN (tagged as 3) and set ethernet port 3 as an access port tagged with that VLAN. I've then created a new guest network with that same VLAN, turned on...

www.snbforums.com

Iptables functionality on 3006.102.4

Dirty upgrade from 3004 to 3006.102.4 on my AX88u-Pro a couple days ago. All looked good so far, except I have some iptables rules in firewall-start that do not seem to work anymore. One set of rules dnat'd any DNS other than those in the cleanbrowsing ranges. Ie, if a device used any...

www.snbforums.com

mDNs / Bonjour / Multicast

Hi everyone, I am having issues with 3 HomePods in my home. I have 2 AirPlay receivers which work flawlessly, however my HomePods are very hit and miss to work, I took one on holiday and noticed it was much better than at home. Are there any settings or things to enable/check to ensure mDNs /...

www.snbforums.com

In particular see my post here that goes through some examples that worked in my testing.

PS: Also check that AP Isolated isn't enabled on the Guest Network Pro Profile. If it is it may block access between Guest Network Pro Profile clients on the same IP address subnet.

 

[ArashT]

I have GT-AX6000 with asuswrt-merlin GT-AX6000_3006_102.4_0 firmware
Sometimes (randomly) the router become unresponsive, web panel won't work, ssh won't work, even I loose internet access
In this case I can't do anything except a hard reboot by turn the router off and on
I have no idea how can I debug this issue, How can I check the logs after boot ?

I don't know why but I just find out the router doesn't use swap file even if memory become 100% full
This is a critical bug

 

[ColDen]

I don't know why but I just find out the router doesn't use swap file even if memory become 100% full
This is a critical bug
View attachment 66229

I don't believe so, I have this router since more than two years and I have never seen the swap file higher than 0.

 

[ArashT]

No it is not, I have this router since more than two years and I have never seen the swap file higher than 0.
View attachment 66230

Emmm, so what is the purpose of swap file ?
I have some apps on it that can easily fill up the memory!
Some times the router become unresponsive because of this (low free memory) and I have to do a hard reboot !!

 

[ColDen]

Emmm, so what is the purpose of swap file ?
I have some apps on it that can easily fill up the memory!
Some times the router become unresponsive because of this (low free memory) and I have to do a hard reboot !!

On my previous router (RT-AC86C) the swap file was really needed but I have never noticed its use on this router (and I use some add-ons that cannot be installed without the swap file be present).

 

[ArashT]

On my previous router (RT-AC86C) the swap file was really needed but I have never noticed its use on this router (and I use some add-ons that cannot be installed without the swap file be present).

When the router should use swap file ? It's like I don't have swap file at all
My router hangs and freezes !!
This is 100% a critical bug.

 

[ColDen]

When the router should use swap file ? It's like I don't have swap file at all
My router hangs and freezes !!
This is 100% a critical bug.

Since I have never experienced memory issues with this router and never had to reboot-it (other than when required by an application or hardware updates) then I hope others with far more experience than me with this router will be able to help you. Good luck.

 

[bluzfanmr1]

I don't know why but I just find out the router doesn't use swap file even if memory become 100% full
This is a critical bug
View attachment 66229

Edit: Here's the link - Enable GT-AX6000 Swap

You have to enable it on this router model. I'll see if I can find the link.

 

[ArashT]

Edit: Here's the link - Enable GT-AX6000 Swap

You have to enable it on this router model. I'll see if I can find the link.

How should I enable swap ?
I created it via amtm
Edit: I'll take a look at it, thanks

 

[visortgw]

If you put your IoT devices in an IP range like 52.xx, then how does a device on the main IP range, say 2.xx, communicate with it to get status, reports, or change settings? For example, I could put my thermostat on 52.xx, but my computer is on 2.xx. They will not talk unless there is a path from 2.xx for that device to the other device on 52.xx.

Also, are all the devices on 52.xx isolated from each other, or can each of those devices all the other devices on that addr range?

Typically, IoT devices are accessible from "anywhere" — the device is connected to the Internet, and it is reachable using a "secured" (account with password, fingerprint, 2FA. ...) app or website. In your example, cannot you control your thermostat remotely? Cannot you view your cameras or doorbells from anywhere? This broad access to your IoT devices is why it is important to segregate them from your intranet (different subnet, VLAN, intranet access disabled) — in your example, you don't want your thermostat to talk to your computer.

There are some exceptions to where you do need access between an IoT device and a computer/tablet/phone or another IoT device, but these should be exceptions, e.g.:

1. Casting video from your phone to your TV; or
2. Streaming music to a WiFI-enabled soundbar.

 

[aru]

I currently have no hands-on experience with VLANs, but I’m planning to set up the following network structure:

• LAN (VLAN 1 - Default)
  For server-related devices such as servers, NAS, and managed switches.
  → IP range: 192.168.168.0/24
  → Managed by dnsmasq for DHCP, with Unbound, Diversion, and Skynet providing DNS, ad-blocking, and firewall protection.
• 2.4GHz Wi-Fi (VLAN 52 - IoT)
  Dedicated for IoT devices such as cameras, smart plugs, and smart home appliances.
  → IP range: 192.168.167.0/24
  → Separate dnsmasq instance, also using Unbound, Diversion, and Skynet.
• 5GHz Wi-Fi / LAN Ports (VLAN 53 - Trusted)
  For trusted devices like PCs, laptops, TV boxes, mobile phones, and printers.
  → IP range: 192.168.166.0/24
  → Also managed by dnsmasq, with Unbound, Diversion, and Skynet applied.

---

From what I understand, dnsmasq supports assigning different subnets to different VLANs, allowing IP address expansion across segments.
What I’d like to confirm is: in a VLAN-separated setup like this, will Unbound, Diversion, and Skynet still function correctly for each VLAN?
For example, will devices on all VLANs receive DNS filtering via Unbound, and also be protected by Diversion and Skynet?

 

[bennor]

From what I understand, dnsmasq supports assigning different subnets to different VLANs, allowing IP address expansion across segments.
What I’d like to confirm is: in a VLAN-separated setup like this, will Unbound, Diversion, and Skynet still function correctly for each VLAN?
For example, will devices on all VLANs receive DNS filtering via Unbound, and also be protected by Diversion and Skynet?

Cannot comment specifically on Diversion or Skynet because I do not use them. However, I do use Pi-Hole on the local network, and using DNS Director, I do have my Guest Network Pro IoT Profile's using the local network Pi-Hole's for DNS resolution. So I would assume one could configure the same for Diversion and Skynet possibly either in the Guest Network Pro Profile's DNS field or in DNS Director if one needs to assign Diversion/Skynet explicitly.

 

[FourthandShort]

How should I enable swap ?
I created it via amtm
Edit: I'll take a look at it, thanks

Not sure if this helps, but with my GTAX6000, while using Skynet and AdGuard, along with Tailmon, and a couple other smaller scripts, I started having the same exact issues. Router would lock up and the entire network would crash. Very few indicators in the logs, but the resolution was to power cycle the router. I am curious if this was another instance where the router was maxing out on memory and not leveraging the swap correctly.

If anyone has any suggestions on how to more effectively manage the swap and assist with it stepping in to prevent the memory maxing out and crashing the router, I would be very appreciative.

 

[jksmurf]

If anyone has any suggestions on how to more effectively manage the swap and assist with it stepping in to prevent the memory maxing out and crashing the router, I would be very appreciative.

It’s a shot in the dark but if you’re using a USB thumb drive and it’s going bad, that might explain the lockups. There’s quite a few forum posts on that. If you’re using an SSD then it’s unlikely to be that.

 

[tiko]

Not sure if this helps, but with my GTAX6000, while using Skynet and AdGuard, along with Tailmon, and a couple other smaller scripts, I started having the same exact issues. Router would lock up and the entire network would crash. Very few indicators in the logs, but the resolution was to power cycle the router. I am curious if this was another instance where the router was maxing out on memory and not leveraging the swap correctly.

If anyone has any suggestions on how to more effectively manage the swap and assist with it stepping in to prevent the memory maxing out and crashing the router, I would be very appreciative.

I used a brand new Samsung 64gb usb 3.0 to fix my issues. For some reason, a AX88U keep destroying all cheap USBs. For my ax11000pro did the same and years passed and it is working fine

 

[Unisoft]

For those EU/UK people running BE98 who read this thread - GNUTON (and contributors) has released a production version today over at GNUTON's github.
It's now on par with Merlin's release (well, actually derived mostly from that anyway).

Available in CLASSIC UI or ROG UI here:
3006.102.4_1-gnuton1

Do not post comments about GNUTON's firmware here, and use the discussion board on his github instead.

 

[MarkusI]

On my AX88U Pro with that firmware OpenVPN / Client will use VPN to access internet only does no longer work.
All clients can also access the VPN server side LAN IPs.

@RMerlin

Anybody else witnessing that issue?
LAN isolation from VPN clients is no longer working.

Any idea, how I can enforce that manually in the meantime until it gets fixed?
Tried to mess around with iptables already but without luck...