Asuswrt-Merlin 376.49 is out

[RussellInCincinnati]

what version of Merlin have you reached with the T-mobile router?

Curious as to what you think may happen on a Tmobile AC1900 router which has not had the 1.0.2.0 CFE modification and is still running Tmobile's 2.1.2.1 CFE? I'm running an earlier Merlin build but did not swap out the CFE.

My guess is nothing good would come of it! As there is significant hex-editing of MAC addresses + WPS code when swapping out the CFE manually, which would not be done automatically in the 376.49.6 flash.

What Merlin build are you running?

If I were you I would just try updating to Merlin 49.6 using the standard Merlin menus. My experience with multiple T-mobile modems is that the T-mobile firmware is pretty good about simply resisting upgrading rather than bricking, if you are simply going through the menus.

So if your CFE is dead set against the upgrade, the upgrade simply will not happen. However if you DO manage to get to 49.6, everything will be fine from here on out.

By the way you don't HAVE to edit the WPS code, all you really have to do is note whatever the WPS code is in the new CFE if you plan to use WPS. But it is not very classy to have a router with a WPS code printed on the neat little label that does not match the internal WPS code.

 

[L&LD]

So if your CFE is dead set against the upgrade, the upgrade simply will not happen. However if you DO manage to get to 49.6, everything will be fine from here on out.

The 376.49_6 code is not released yet; I think you mean 376.49_5?

 

[RussellInCincinnati]

The 376.49_6 code is not released yet; I think you mean 376.49_5?

Was referring to the test CFE update code at https://www.mediafire.com/folder/bkfq2a6aebq68/Asuswrt-Merlin#ftf9kjixr1a5f

 

[NightOwl326]

In the not to distance future will you be able to blend in some of the other changes for the 87u from the most current firmware .3885 so I can have the best of both worlds?

 

[RMerlin]

In the not to distance future will you be able to blend in some of the other changes for the 87u from the most current firmware .3885 so I can have the best of both worlds?

Eventually. Merging, testing and debugging a new GPL takes a lot of time, especially in this case as a lot has changed between the 376 and 378 codebase. The initial merge and part of the debugging has already been merged into Github over the past week.

 

[NightOwl326]

Eventually. Merging, testing and debugging a new GPL takes a lot of time, especially in this case as a lot has changed between the 376 and 378 codebase. The initial merge and part of the debugging has already been merged into Github over the past week.

As usual, your the GREATEST!

 

[balotz]

SSH from WAN not working

I'm unable to get SSH from WAN working; currently using the 376.49_5 firmware.

Attempted connections time out, as though the port is not open.

On a possibly related note, I can't get the router to respond to pings from the WAN, even though the setting is enabled.

"Enable Web Access from WAN" does however work correctly...

Thanks

 

[gjf]

@RMerlin

In terms of security, hopefully the FIRST thing you do is to change the login name AND password from the defaults to something strong and unique. Secondly, if desired you can completely turn off WAN access to the router login. That seems pretty adequate for security without asking for additional coding just to remove the router model from the login dialog?

What about the situation when it is necessary to have remote access to the router? Sure login and passwords are set and changed from the default ones.

I can remember a number of issues in past when some exploit for exact model of router was found - and immediately hack company against these routers starts because everyone could find a model name even without login/password - simply from the web page.

 

[Ronv42]

Interesting 5G with 376.49 and RT-AC87R

I had a friend over last night and put his phone, a variant of Samsung's Android, on my router so we could do some "jack" party games on the Xbox. My 5G channel is set to 161 and 80 MHZ width. He phone would connect for a moment and then disconnect. If we disconnected manually and reconnected the same behavior was seen. The router log showed the phone requesting and receiving a DHCP address.

None of my family's phones (various Lumia's using 5 GHZ) are also using this connection along with Roku's and don't experience any issues. So I did a test and changed the control channel to 48 and submitted. His phone connected and worked just fine.

I did a site survey and didn't find any channel competition either.

I really have to wonder how many of the issues being pushed on Asus are actually poorly implemented drivers/firmware on the device vs. router.

 

[RMerlin]

I'm unable to get SSH from WAN working; currently using the 376.49_5 firmware.

Attempted connections time out, as though the port is not open.

On a possibly related note, I can't get the router to respond to pings from the WAN, even though the setting is enabled.

"Enable Web Access from WAN" does however work correctly...

Thanks

Then your modem is most likely firewalling or double NATting your connection. You will have to ensure the modem gets configured into bridged mode.

 

[RMerlin]

@RMerlin

What about the situation when it is necessary to have remote access to the router? Sure login and passwords are set and changed from the default ones.

Use a VPN. Exposing an home router's web interface to the WAN is never a good idea, those home devices are hardly hardened security-wise. As you said yourself, plenty of exploits in the wild, and just hiding a router's model brings zero security, as anyone could simply try different known exploits until one of them sticks.

I have no plan of changing the authentication realm (which uses the productid).

 

[balotz]

Then your modem is most likely firewalling or double NATting your connection. You will have to ensure the modem gets configured into bridged mode.

I do not think that is the case as I'm able to access the router's web GUI from the WAN on the same port (23456) that I'm trying for SSH.

Other types of incoming connection (remote desktop) are also working without issue using port forwarding.

EDIT: I tried connecting up my old Billion 7800N which responded to pings from the WAN.

EDIT 2: I figured it out. I had set the DMZ to the IP of my computer, which seems to redirect all incoming traffic (including SSH and ICMP pings) to that IP. Disabling the DMZ enabled me to SSH into the router from the WAN.

Thanks

 

[Waylo]

What Merlin build are you running?

If I were you I would just try updating to Merlin 49.6 using the standard Merlin menus. My experience with multiple T-mobile modems is that the T-mobile firmware is pretty good about simply resisting upgrading rather than bricking, if you are simply going through the menus.

So if your CFE is dead set against the upgrade, the upgrade simply will not happen. However if you DO manage to get to 49.6, everything will be fine from here on out.

By the way you don't HAVE to edit the WPS code, all you really have to do is note whatever the WPS code is in the new CFE if you plan to use WPS. But it is not very classy to have a router with a WPS code printed on the neat little label that does not match the internal WPS code.

I am running 3.0.0.4.376.48.1 still (see my sig). I do not really put the router through its paces so I do not need most of the benefits Merlin affords us over the T-Mobile branded firmware.

Agree with everything you wrote above, hard to brick this thing!

 

[RogerSC]

Don't know if this is a singular experience, but I had 49_5 up for 4 days, and found that the wireless signal had drifted down in strength some. I use "WiFi Analyzer", and I don't move my router, and use the same seat on the couch in the living room when I'm looking at the signals. And hold my Android phone in the same place relative to the router. Also, I look at each signal for about 5 minutes, to get a good sampling to average out the variability.

What I found was that over the 4 days, I had lost around 5dB for the average signal strength on both 2.4 and 5GHz. from what the signal strength had been when I looked initially.

Just wondering if others are seeing this with the RT-AC68P? I'm currently looking at the R7000 to see if this happens, and will go back to the RT-AC68P after about 4 days to re-check my results there.

 

[L&LD]

Signal strength is not what I look for typically. Throughput tells a more complete story.

And based on throughput, 49_5 has been as good or better than any previous firmware for a long time now on RT-N66U, RT-AC66U, RT-AC56U and RT-AC68U routers. In some cases as much as a 20% jump for short periods (11MB/s to over 13MB/s).

 

[AndreaS]

The WIFI range/throughput can be a matter of CFE and not of Firmware, at least it was in my case.

I own the AC68 since its arrival in Europe. Since then, whatever fimware I installed, the NSR ratio was stuck at -89 dbm at 2.4 GHz and at - 90 dbm at 5 GHz.

With Merlin .49.4 (not tried .5 yet) I had the same results with my original Bootloader, then I started playng with bootloaders. I first tried 1.0.2.0 EU and I had the same results, then tried 1.0.2.0 US and 5 GHz stayed at -90 dbm, but 2.4 dbm started at -92 dbm and in few hours degraded to -85 dbm. So I gave a try to 1.0.2.1 US and now I see -92 dbm stable on both frequencies since several days. I didn't test the troughput but the room of the older of my doughters (two floors above, opposite side of the house) that, even with 9 dbi antennas was unstably covered with 1 to 2 bars, now gets three bars (yes I increased even the transmitted power a bit unlocking the CFE) but, what's more important, now the connection is stable.
Mine is not a particularly wifi crowded location: I normally see roughly 10 other networks and just a couple with similar or higher strength than mine. So I'd suggest in limit situations like mine to give CFE a try (if you know what you're doing), as it can make the difference.

 

[WRobertE]

I first tried 1.0.2.0 EU and I had the same results, then tried 1.0.2.0 US and 5 GHz stayed at -90 dbm, but 2.4 dbm started at -92 dbm and in few hours degraded to -85 dbm.

-85 dbm is a BETTER signal strength than -92 dbm, by the way. In other words, it's LESS NEGATIVE which is a better signal.

 

[AndreaS]

-85 dbm is a BETTER signal strength than -92 dbm, by the way. In other words, it's LESS NEGATIVE which is a better signal.

It's the Noise to Signal Ratio, detected by the router, that is located in the cellar, so same Signal, less Noise, the more is negative, the better it is. I edited my previous message, as I normally use the SNR for other Jobs, but that's not the case of the wireless log page. Otherwise you can interpret this datum as detected noise referred to 1mW. In any case the less, the better.

 

[pheenyx]

I have a RT-N66U. Since I updated to FW 376.49_5 I'm not able connect to my internal Teamspeak Server via my WAN-Domainname or WAN-IP. I forward port 9987 to internal 9987. For another aplication i forward external port 444 to internal 443 and everything is fine.
If I disable NAT Acceleration it works but my download speed drops to 100Mbit.
I have a 200Mbit cable connection and I want to use the full speed.
Do I have a possibility to use both, 200Mbit and the loopback?

I am having the same issue with my Teamspeak server behind a RT-AC66U with .49_5 firmware.
Every other port forward (21,22,25,80,443,993,3690,8080,...) is working but port 9987 just won't forward. I can log on to the TS3 Server with my local IP on port 9987, so it is not a server problem I guess. Is it something about TS3 using UDP (I used BOTH and UDP with the same result)?

I went back to .47 and have no problem with the ports there.
Has anyone found something out here?

 

[pirx73]

Merlin, do you have any plans to base next firmware version on:

ASUS RT-N66U Firmware version 3.0.0.4.376.3754, released on 12th January
-Fixed infosvr security issue.
-Fixed Cross-site request forgery security issue


Especially seeing that they fixed infosvr security bug mentioned here.