Asuswrt-Merlin 378.53 is now available

[theCrow]

Check your system log when you restart dnsmasq, it will provide some feedback as to what happens with your custom configuration.

All I see after "service dnsmasq_restart" is this line:
May 16 01:04:25 rc_service: service 1625:notify_rc dnsmasq_restart

This is from the web UI. Is there a more thorough log somewhere else? Could the permissions of dnsmasq.conf.add be somehow wrong?

 

[Chrysalis]

service restart_dnsmasq is the correct command.

 

[RogerSC]

I have an RT-AC68P, and would like to know having which firmware features enabled blocks FA? I usually turn very little on, no qos, no per-ip traffic, no VPN, no dlna/nas, none of the Trend Micro features, etc., but I don't see FA enabled. Any idea what might be causing this? I do see "CTF" enabled, but I also expect to see "FA" enabled and it isn't.

I do see this via telnet:

ctf_fa_mode=0

which I interpret to mean that FA is turned off, but see no apparent reason for it.

Thanks!

 

[theCrow]

service restart_dnsmasq is the correct command.

Thanks! Here's the log after the correct command:

May 16 13:27:47 rc_service: service 4189:notify_rc restart_dnsmasq
May 16 13:27:48 dnsmasq[462]: exiting on receipt of SIGTERM
May 16 13:27:48 custom config: Appending content of /jffs/configs/dnsmasq.conf.add.
May 16 13:27:48 dnsmasq[4194]: started, version 2.73rc1 cachesize 1500
May 16 13:27:48 dnsmasq[4194]: warning: interface ppp1* does not currently exist
May 16 13:27:48 dnsmasq[4194]: asynchronous logging enabled, queue limit is 5 messages
May 16 13:27:48 dnsmasq-dhcp[4194]: DHCP, IP range 192.168.11.100 -- 192.168.11.254, lease time 1d
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: read /etc/hosts - 5 addresses
May 16 13:27:48 dnsmasq[4194]: read /etc/hosts.dnsmasq - 12 addresses
May 16 13:27:48 dnsmasq-dhcp[4194]: read /etc/ethers - 12 addresses
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.245#53 for domain local
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.246#53 for domain local
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.246#53
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.245#53

 

[shpankey]

I have an RT-AC68P, and would like to know having which firmware features enabled blocks FA? I usually turn very little on, no qos, no per-ip traffic, no VPN, no dlna/nas, none of the Trend Micro features, etc., but I don't see FA enabled. Any idea what might be causing this? I do see "CTF" enabled, but I also expect to see "FA" enabled and it isn't.

I do see this via telnet:

ctf_fa_mode=0

which I interpret to mean that FA is turned off, but see no apparent reason for it.

Thanks!

From an earlier post:

You have to disable everything in the traffic analyzer, adaptive qos & ai protection tabs for it to turn back on FA. I found this out as I had the same issue as you. You may also have to (not sure myself as I had them disabled already) all or some of the stuff in the usb application and ai tools tabs. I can't confirm what though. I do however have a usb disk plugged in and working fine and FA is still on.

But the first 3 tabs I mentioned are a must... and I mean everything in them. Someone else said they had to disable STP and that did the trick for them, but I can say that I had mine enabled an FA was on, so not sure about that.

 

[RogerSC]

From an earlier post:

You have to disable everything in the traffic analyzer, adaptive qos & ai protection tabs for it to turn back on FA. I found this out as I had the same issue as you. You may also have to (not sure myself as I had them disabled already) all or some of the stuff in the usb application and ai tools tabs. I can't confirm what though. I do however have a usb disk plugged in and working fine and FA is still on.

But the first 3 tabs I mentioned are a must... and I mean everything in them. Someone else said they had to disable STP and that did the trick for them, but I can say that I had mine enabled an FA was on, so not sure about that.

I had all of that stuff disabled, and no FA. I did turn on the traffic analyzer thing after a couple of hours, but before that, no QoS, no AI protection stuff, and no traffic analyzer stuff on. I also have no USB apps or AI tools, etc. turned on. No FA.

I just tried turning off STP and the traffic analyzer, and FA is still not on. I have virtually nothing turned on that I'm aware of.

Is there any way that I can find out what's blocking FA?

Note: I do have IPv6 turned on, haven't tried turning that off yet...maybe the network stack is treated differently for dual-stack?

Next note: I've turned off STP and rebooted, since I did read a note by RMerlin that STP is incompatible with FA. Still no FA. Don't know that I have anything else I can turn off other than IPv6 *smile*.

Another note: Turned off IPv6 and rebooted, still no FA. Got no clue here.

And: I'm going to try resetting to defaults, turning off STP, and seeing if FA is enabled at that point. I haven't tried that yet *smile*. When I get a chance that is, my user community is on the internet at the moment...

Finally: Re-flashed and reset to defaults and FA was enabled (despite STP being enabled). So I started to configure the router and looked at the state of CTF/FA after every step. FA was disabled after doing the wireless "professional" config. All I do there is to switch to short preamble, and turn off the "reduce USB 3.0 interference". After doing the "Apply" on the 2.4GHz. "professional" config, FA was no longer enabled. So I thought maybe it was the "reduce USB 3.0 interference", and re-enabled that and rebooted. FA is still disabled. So I guess that FA is just too fragile here to be enabled after I've done my normal configuration. Too bad, I guess I'll have to give up on it. The upside is that I'll stop wasting time with it. The downside is that it doesn't work.

One last final note: Reset to defaults again, and FA enabled again. Disabling STP first thing immediately disabled FA. That's it for me.

Well, one last final final note: Being a persistent person, I reset to defaults one last time. Reconfigured, and didn't touch either the "reduce USB 3.0 interference" setting or STP. FA was good until I enabled IPv6 at which point FA went off. Funny thing, after rebooting to get IPv6 addresses from my ISP, FA was back on, and is on now. Don't really get it, seems like rolling the dice. But not going to argue at this point, even though "hit or miss" makes me nervous.

 

[Chazall1]

Been running 378.53 for 3 days now. All functioning very well.

Thanks Merlin

 

[Raiu]

I like the add blocker

 

[Ryansr]

Thanks Merlin. Only recently joined this forum and you're the main reason why. I'm on version 378.52_2 of your firmware on my three year old RT-N66U which as a router behind my Huawei HG532f ADSL Router. The main reason I'm using your firmware is for the closeness to stock ASUS firmware and the monitoring of my ADSL line usage from the various connected devices in my place. Since I am on a capped 50GB account, and my wife and our daughter also uses it together with me, your firmware has proofed invaluable with monitoring usage and throttling speed for devices.

Would you recommend that your latest firmware, version 378.53 is stable enough for me to still continue using the functions as outlined above?

 

[shpankey]

I had all of that stuff disabled, and no FA. I did turn on the traffic analyzer thing after a couple of hours, but before that, no QoS, no AI protection stuff, and no traffic analyzer stuff on. I also have no USB apps or AI tools, etc. turned on. No FA.

I just tried turning off STP and the traffic analyzer, and FA is still not on. I have virtually nothing turned on that I'm aware of.

Is there any way that I can find out what's blocking FA?

Note: I do have IPv6 turned on, haven't tried turning that off yet...maybe the network stack is treated differently for dual-stack?

Next note: I've turned off STP and rebooted, since I did read a note by RMerlin that STP is incompatible with FA. Still no FA. Don't know that I have anything else I can turn off other than IPv6 *smile*.

Another note: Turned off IPv6 and rebooted, still no FA. Got no clue here.

And: I'm going to try resetting to defaults, turning off STP, and seeing if FA is enabled at that point. I haven't tried that yet *smile*. When I get a chance that is, my user community is on the internet at the moment...

Finally: Re-flashed and reset to defaults and FA was enabled (despite STP being enabled). So I started to configure the router and looked at the state of CTF/FA after every step. FA was disabled after doing the wireless "professional" config. All I do there is to switch to short preamble, and turn off the "reduce USB 3.0 interference". After doing the "Apply" on the 2.4GHz. "professional" config, FA was no longer enabled. So I thought maybe it was the "reduce USB 3.0 interference", and re-enabled that and rebooted. FA is still disabled. So I guess that FA is just too fragile here to be enabled after I've done my normal configuration. Too bad, I guess I'll have to give up on it. The upside is that I'll stop wasting time with it. The downside is that it doesn't work.

One last final note: Reset to defaults again, and FA enabled again. Disabling STP first thing immediately disabled FA. That's it for me.

Well, one last final final note: Being a persistent person, I reset to defaults one last time. Reconfigured, and didn't touch either the "reduce USB 3.0 interference" setting or STP. FA was good until I enabled IPv6 at which point FA went off. Funny thing, after rebooting to get IPv6 addresses from my ISP, FA was back on, and is on now. Don't really get it, seems like rolling the dice. But not going to argue at this point, even though "hit or miss" makes me nervous.

Yeah, those are good words for it.... fragile and nervous. I ran STP for a long time with FA on, but as you said, it seems to go either way. You pretty much have to go super vanilla router to get it to work so probably not even worth it anyhow.

 

[RMerlin]

Would you recommend that your latest firmware, version 378.53 is stable enough for me to still continue using the functions as outlined above?

There was no major regression reported in 378.53.

 

[martinr]

.....,,

Would you recommend that your latest firmware, version 378.53 is stable enough for me to still continue using the functions as outlined above?

One can tell that you "only recently joined this forum": this firmware isn't like other open-source firmwares such as DD-WRT. You never need ask which version is stable: they're all rock stable. Merlin's philosophy is that stability takes priority over everything; therefore, there's not much reason to be running older versions of the firmware.

Update in total confidence! And especially if an update fixes security issues. But if it only adds a feature you aren't interested in, then there's no shame in waiting till the next one. But never fear for the stability of an update.

From Merlin's site: "Asuswrt-Merlin is an alternative, custom version of that firmware. Developped by Eric Sauvageau, its primary goals are to enhance upon the existing firmware without bringing any radical changes, and to fix some of the known issues and limitations, while maintaining the same level of performance as the original firmware. This means Asuswrt-Merlin retains full support for NAT acceleration (sometimes referred to as "hardware acceleration"), enhanced NTFS performance (through the proprietary drivers used by Asus from either Paragon or Tuxera), and the Asus exclusive features such as AiCloud or the TrendMicro-powered AiProtection. New feature addition is very low on the list of priorities in this project."

 

[RogerSC]

Yeah, those are good words for it.... fragile and nervous. I ran STP for a long time with FA on, but as you said, it seems to go either way. You pretty much have to go super vanilla router to get it to work so probably not even worth it anyhow.

Yes, I haven't been able to get it to turn back on by disabling what I changed that turned it off and rebooting. That's really frustrating, I've had to reset to defaults and reconfigure without touching what looked like caused FA to be disabled. It most likely isn't doing anything for me, anyways, but I just wanted to see if I could manage to get FA to be enabled and still have my router configured *smile*. Yes, I can if I'm really careful, but am not feeling great about it for the long term. I also saved my settings with FA on, and will see at some point if resetting and restoring that saved settings file will end up with FA enabled. Seems like a coin flip at the moment, but I'd also be surprised if that worked.

 

[theCrow]

Thanks! Here's the log after the correct command:

May 16 13:27:47 rc_service: service 4189:notify_rc restart_dnsmasq
May 16 13:27:48 dnsmasq[462]: exiting on receipt of SIGTERM
May 16 13:27:48 custom config: Appending content of /jffs/configs/dnsmasq.conf.add.
May 16 13:27:48 dnsmasq[4194]: started, version 2.73rc1 cachesize 1500
May 16 13:27:48 dnsmasq[4194]: warning: interface ppp1* does not currently exist
May 16 13:27:48 dnsmasq[4194]: asynchronous logging enabled, queue limit is 5 messages
May 16 13:27:48 dnsmasq-dhcp[4194]: DHCP, IP range 192.168.11.100 -- 192.168.11.254, lease time 1d
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: read /etc/hosts - 5 addresses
May 16 13:27:48 dnsmasq[4194]: read /etc/hosts.dnsmasq - 12 addresses
May 16 13:27:48 dnsmasq-dhcp[4194]: read /etc/ethers - 12 addresses
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.245#53 for domain local
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.246#53 for domain local
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain bbc.co.uk
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain netflix.com
May 16 13:27:48 dnsmasq[4194]: using nameserver 64.145.73.2#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: using nameserver 209.107.219.3#53 for domain overplay.net
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.246#53
May 16 13:27:48 dnsmasq[4194]: using nameserver 62.241.198.245#53

Could someone wiser than me comment if this is of any use? I can't figure out from this why the DNS redirects don't work...

 

[drmr]

I am experiencing a problem with my OpenVPN client. It is not reconnecting after inactivity timeouts on the (remote) server of my VPN provider.
I have to reboot the router to get it working again, but after each longer period of inactivity the problem repeats.
My router log shows the same entries as SNB-forum user Deceiver posts here.
It seems as if the router can't reach the DNS server after disconnecting with the vpn.
So as a temporarily solution I have entered my vpn providers server IP adress in the OpenVPN client settings instead of the URL, which seems to be working.
Other settings:
Redirect Internet traffic = Policy Rules (only selected local ip's routed through VPN)
Block routed clients if tunnel goes down = YES
Furthermore my VPN provider is not IPvanish, nor is there a line "explicit-exit-notify 1" in my VPN's config.
(see: http://www.snbforums.com/threads/asuswrt-merlin-378-53-is-now-available.24172/page-8#post-180828)
Can someone shed some light on this?

 

[Sanchu]

I am experiencing a problem with my OpenVPN client. It is not reconnecting after inactivity timeouts on the (remote) server of my VPN provider.
I have to reboot the router to get it working again, but after each longer period of inactivity the problem repeats.
My router log shows the same entries as SNB-forum user Deceiver posts here.
It seems as if the router can't reach the DNS server after disconnecting with the vpn.
So as a temporarily solution I have entered my vpn providers server IP adress in the OpenVPN client settings instead of the URL, which seems to be working.
Other settings:
Redirect Internet traffic = Policy Rules (only selected local ip's routed through VPN)
Block routed clients if tunnel goes down = YES
Furthermore my VPN provider is not IPvanish, nor is there a line "explicit-exit-notify 1" in my VPN's config.
(see: http://www.snbforums.com/threads/asuswrt-merlin-378-53-is-now-available.24172/page-8#post-180828)
Can someone shed some light on this?

I am having the same problem .. I ran a script to fix the issue manually

 

[Sanchu]

I am having the same problem .. I ran a script to fix the issue manually

Contents of scripts is below

admin@RT-AC87U-1C70:/jffs/scripts# cat a.sh
#!/bin/sh
RESOLV_DNSMASQ=/tmp/resolv.dnsmasq
RESOV_CONF=/tmp/resolv.conf
NO_OF_LINES="$(cat $RESOLV_DNSMASQ | wc -l)"
echo "No of lines == $NO_OF_LINES"
if [ $NO_OF_LINES -eq 4 ]; then
sed -i '1,2d' $RESOLV_DNSMASQ
fi
ID1="$(ps | grep openvpn | grep -v grep | grep -v 'openvpn-event' | awk '{print $1}')"
echo $ID1
IS_VPN_RUNNING="X$ID1"
echo $IS_VPN_RUNNING
if [ "$IS_VPN_RUNNING" == "X" ]; then
echo "VPN IS NOT RUNNING"
NO_OF_LINES="$(cat $RESOV_CONF | wc -l)"
echo "No of lines == $NO_OF_LINES"
if [ $NO_OF_LINES -eq 5 ]; then
sed -i '1,3d' $RESOV_CONF
ps | grep dnsmasq | grep -v grep | awk '{print "kill " $1}' | sh
dnsmasq --log-async
fi
fi
ping -c 1 google.com

 

[Sanchu]

Could someone wiser than me comment if this is of any use? I can't figure out from this why the DNS redirects don't work...

Can you check the contents of this file
/tmp/resolv.conf

 

[theCrow]

Can you check the contents of this file
/tmp/resolv.conf

There are two lines:
nameserver 62.241.198.246
nameserver 62.241.198.245

 

[Sanchu]

There are two lines:
nameserver 62.241.198.246
nameserver 62.241.198.245

I cant ping those 2 servers. Are they private ip addresses ?