Asuswrt-Merlin 378.53 is now available

V

vtol

Guest
The router has no way of knowing what URLs are in that webpage you are loading, so there's nothing the routing table can do about it.
You will have to define a whole subnet, or multiple rules. Domain names are not supported, because a routing table needs a specific IP or subnet - it has no way of doing any name resolution at routing time (which would be half-useless anyway, as your browser might have resolved a different IP than what the router would resolve, if that hostname uses a round-robin entry for instance).
Thanks for the clarification, which however is a bit disappointing as I was looking forward to this feature in order to escape all traffic/devices to be routed through VPN. It would be very tedious to figure the IP for each content delivered to a tunnelled VPN.

What I am not getting is how the browser would eventually resolve an IP differently than the router since the browser is relying on the router for the task? And why a domain name resolution at routing time is not possible?
 

armand

Occasional Visitor
on my tr-ac66u I seen some wireless clients which are registered as wired and I see a wired client which says it had static ip (pretty sure I just set up dhcp)
 

RMerlin

Asuswrt-Merlin dev
Thanks for the clarification, which however is a bit disappointing as I was looking forward to this feature in order to escape all traffic/devices to be routed through VPN. It would be very tedious to figure the IP for each content delivered to a tunnelled VPN.

What I am not getting is how the browser would eventually resolve an IP differently than the router since the browser is relying on the router for the task? And why a domain name resolution at routing time is not possible?

A DNS record can have different IPs assigned to a given hostname. There's no guarantee that two separate resolve requests will return the same IP - they are rotated. That's called a Round-Robin. So one request from the router might get 1.1.1.1, and a request from your browser might get 1.1.1.2 instead. Your browser sends one request, then reuses the results for all future resolve attempts (until it expires from its cache).

When the kernel reaches the point where it's time to decide where to route a packet, the only thing it does is look at the IP addresses in the packet headers, match them against a table that also contains IP addresses, then send the packet to the proper destination. A routing table cannot contain hostnames, only IPs. And a table entry can only contain one single IP, and one netmask to determine the width of that IP's network.
 

Ronv42

Senior Member
Merlin I use john's fork as you know but a question.

Do you know if asus ipv6 dnsmasq implementation will send the right MTU to lan clients?

As you may possibly know that I noticed on shibby with dnsmasq MTU sent to lan clients was always 1500 regardless of the PPP MTU value.

I will be testing the IPv6 this weekend. In the past none of the Asus code were able to set the proper MTU on the LAN with AT&T U-Verse implemented IPv6. AT&T tunnels it though the IPv4 network with a 6RD build into the residential gateway. Usually I just give up and just use IPv4 after testing.
 

Eet_46

Occasional Visitor
I don't fully understand the selective routing feature here..
Is it possible to setup an openvpn client connection, then have only a single device using the tunnel? If so, what should the destination ip say?

Or is this still only possible through scripts?
 

RMerlin

Asuswrt-Merlin dev
I don't fully understand the selective routing feature here..
Is it possible to setup an openvpn client connection, then have only a single device using the tunnel? If so, what should the destination ip say?

Or is this still only possible through scripts?

This has been answered a few times already in this thread, and I also documented how to use the OpenVPN policy routing in the included README. Please take the time to check the existing documentation there.
 

defcon

Occasional Visitor
Whats a good way to make my cifs shares not share each folder as a different share? I'd like to only have 3 shares, one per partition. Thanks.
 

Chrysalis

Senior Member
I will be testing the IPv6 this weekend. In the past none of the Asus code were able to set the proper MTU on the LAN with AT&T U-Verse implemented IPv6. AT&T tunnels it though the IPv4 network with a 6RD build into the residential gateway. Usually I just give up and just use IPv4 after testing.

thanks.

john has fixed mtu issue on his fork now but that uses radvd, whilst since then asus have moved to dnsmasq, please report back if it is correct or not :)
 

chrisloup

Occasional Visitor
hi, I've read the readme on policy routing but it seems to be route only if rule exists? how can I do the reverse/inverted rule?

ie: route all internet traffic through vpn tunnel except those used by diablo3.

(frankly would love to route all traffic based on protocol (eg: http, https, bittorrent) yet leave 3389 alone for incoming rdp)

I've the list of blizzard ip address ranges.

5.42.160.0/20
5.42.176.0/32
5.42.176.0/20
5.42.192.0/32
185.60.112.0/23
185.60.114.0/32
185.60.114.0/23
185.60.116.0/32
12.129.222.0/23
12.129.224.0/32
12.129.254.0/23
12.130.0.0/32
12.130.244.0/22
12.130.248.0/32
199.108.32.0/20
199.108.48.0/32
199.108.48.0/20
199.108.64.0/32
12.0.0.0/8
103.4.114.0/23
 

superkrups20056

Occasional Visitor
Wouldn't it be the assigned IP of the router as the source then ?
I know but I am worried that if I assign 192.168.1.1 the selective VPN then ALL traffic will go through the VPN because all my computers connect to the Internet through the router. Is this what happens, or is this not the case? Thanks!
 

Ahriman

New Around Here
Hi Merlin,

First of all, congratulations! I've been a user for a few years now and I always recommend your firmware to whoever asks me. :D

Not sure if I'm doing something wrong, but DNS Filtering is not working on my router (RT-N66U, 378.53).

I've set up Global Filter Mode as Norton Children with no custom/user-defined DNS servers, plus a couple of clients (my own personal gadgets ;)) set to No Filtering.

My DHCP server in the LAN tab doesn't contain any DNS server. In the WAN tab I do have two DNS servers defined (OpenDNS), which at the end are the ones my LAN is using.

When I check online, for instance from my kid's tablet, for DNS leaks all that I see are the OpenDNS servers and not the Norton ones. The same from my own gadgets.

Please, do you have any idea of what can be wrong? I remember that this was working a few firmware updates ago and I didn't change it since then.

Thanks.
 

RMerlin

Asuswrt-Merlin dev
hi, I've read the readme on policy routing but it seems to be route only if rule exists? how can I do the reverse/inverted rule?

You can't.
 

RMerlin

Asuswrt-Merlin dev
Hi Merlin,

First of all, congratulations! I've been a user for a few years now and I always recommend your firmware to whoever asks me. :D

Not sure if I'm doing something wrong, but DNS Filtering is not working on my router (RT-N66U, 378.53).

I've set up Global Filter Mode as Norton Children with no custom/user-defined DNS servers, plus a couple of clients (my own personal gadgets ;)) set to No Filtering.

My DHCP server in the LAN tab doesn't contain any DNS server. In the WAN tab I do have two DNS servers defined (OpenDNS), which at the end are the ones my LAN is using.

When I check online, for instance from my kid's tablet, for DNS leaks all that I see are the OpenDNS servers and not the Norton ones. The same from my own gadgets.

Please, do you have any idea of what can be wrong? I remember that this was working a few firmware updates ago and I didn't change it since then.

Thanks.

I just tested it with the same setup as you mention and it's working fine for me.

Keep in mind that DNS lookups get cached both by the OS and by the web browser. You have to either try a different browser, or make sure you do shut down your browser and restart it before testing with a different DNS setup.
 

icornish

Occasional Visitor
It seems there is an issue with using MS Direct Access for corporate networking through this version of the firmware.
I downgraded to 378.52_2 and it worked, upgraded to 378.53, and I could not make a connection.

How can I go about troubleshooting this issue?
As far as I know, I have a fairly standard configuration, but do have 4 specific devices under "Parental Control". The laptop used for DA is not one of those:)
 

pietjepuk100

Regular Contributor
Sorry for this question but I somehow can't find the OpenVPN policy routing setting that has been added in the latest firmware. I probably have missed this but could use a pointer into the right direction.

Thanks in advance
 

octopus

Part of the Furniture
VPN => openVPN clients => Redirect Internet traffic => Rules for routing client traffic through the tunnel
 

brill

New Around Here
I know but I am worried that if I assign 192.168.1.1 the selective VPN then ALL traffic will go through the VPN because all my computers connect to the Internet through the router. Is this what happens, or is this not the case? Thanks!

That is your gateway IP so I believe the router itself, if added to the policy rules, would then tunnel. The specified client IPs would only tunnel when added to the PBR rules. If you want to confirm it, place a hub between your ASUS and ISP router and run wireshark then initiate some traffic. I havent used the feature your describing but wireshark would quickly show you.

Also you could, once the gateway is added, then play with another device (dont add it to the PBR rules) then goto ipchicken website to confirm the externally facing IP. You would know very quickly and not need wireshark.
 

Kannan M

New Around Here
Running 378.53 on RT-AC68U configured as a media bridge. In system log->wireless log->Rx/Tx rate is always shown as 6 Mbps. What does this mean? And also, SNR shows up always as 0 dB although signal is at -29 dBm and noise level is at -92 dBm. Are these just a interface bug?
[RT-AC68U is able to connect to my main router (WRT1900AC). I have measured speeds at above 400 Mbps between the two.]
 

ml70

Regular Contributor
AC66 5G weirdness: can't connect to 5G radio with any settings with Intel AC7260 card, didn't try all combinations though, but auto/auto, n/ac auto, and n/ac 80 MHZ. Professional options tried to reduce advanced options to disabled until only AMPDU RTS and TX Bursting are on.

History: jumped to 378.52_2 from John's fork 374.43_2-10, cleared nvram, updated fw, made factory reset. Worked well for a few days, then cut internet connection but both radios still on. Poweroff-on, and the 5G radio won't come up anymore, and router goes into all leds blank state.

Trying to update to *any* John or Merlin fw via fw recovery, no go. Only installing Asus' own 30043763861 (this is 378.53, right?) brought it back to life. 5G radio works ok with AC7260. Updated to Merlin 378.53 and can't connect to 5G with AC7260 anymore. But some other devices do connect to it.
 

ml70

Regular Contributor
OOM-KILLER makes it sure i can't do anything on my router anymore. Only 1 GB of free swap left (file, not a partition) and it kills whatever process is using memory... Can't run rsync anymore, or anything that uses a lot of ram. Renders the router pretty useless.

Code:
May  2 11:41:58 kernel: printk: 287 messages suppressed.
May  2 11:41:58 kernel: top invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0
May  2 11:41:58 kernel: Call Trace:
May  2 11:41:58 kernel: [<80011fcc>] dump_stack+0x8/0x34
May  2 11:41:58 kernel: [<8005a0c8>] out_of_memory+0x1fc/0x264
May  2 11:41:58 kernel: [<8005bf3c>] __alloc_pages+0x318/0x360
May  2 11:41:58 kernel: [<8005bfac>] __get_free_pages+0x28/0x4c
May  2 11:41:58 kernel: [<800c331c>] proc_info_read+0x58/0x174
May  2 11:41:58 kernel: [<80080444>] vfs_read+0xbc/0x164
May  2 11:41:58 kernel: [<80080a0c>] sys_read+0x50/0xbc
May  2 11:41:58 kernel: [<80013d70>] stack_done+0x20/0x44
May  2 11:41:58 kernel: Mem-info:
May  2 11:41:58 kernel: Normal per-cpu:
May  2 11:41:58 kernel: CPU    0: Hot: hi:  186, btch:  31 usd:  32   Cold: hi:   62, btch:  15 usd:  51
May  2 11:41:58 kernel: HighMem per-cpu:
May  2 11:41:58 kernel: CPU    0: Hot: hi:  186, btch:  31 usd: 185   Cold: hi:   62, btch:  15 usd:  10
May  2 11:41:58 kernel: Active:17186 inactive:5488 dirty:0 writeback:0 unstable:0
May  2 11:41:58 kernel:  free:19609 slab:6139 mapped:1711 pagetables:186 bounce:0
May  2 11:41:58 kernel: Normal free:4048kB min:4096kB low:5120kB high:6144kB active:20476kB inactive:20748kB present:520192kB pages_scanned:68836 all_unreclaimable? yes
May  2 11:41:58 kernel: lowmem_reserve[]: 0 14224
May  2 11:41:58 kernel: HighMem free:74388kB min:512kB low:4096kB high:7680kB active:48268kB inactive:1204kB present:1820672kB pages_scanned:0 all_unreclaimable? no
May  2 11:41:58 kernel: lowmem_reserve[]: 0 0
May  2 11:41:58 kernel: Normal: 0*4kB 140*8kB 17*16kB 1*32kB 1*64kB 0*128kB 0*256kB 1*512kB 0*1024kB 1*2048kB 0*4096kB = 4048kB
May  2 11:41:58 kernel: HighMem: 9*4kB 10*8kB 502*16kB 706*32kB 398*64kB 118*128kB 10*256kB 1*512kB 0*1024kB 0*2048kB 0*4096kB = 74388kB
May  2 11:41:58 kernel: Swap cache: add 5033, delete 5031, find 122/192, race 0+0
May  2 11:41:59 kernel: Free swap  = 1043728kB
May  2 11:41:59 kernel: Total swap = 1048568kB
May  2 11:41:59 kernel: Free swap:       1043728kB
May  2 11:41:59 kernel: 589823 pages of RAM
May  2 11:41:59 kernel: 458751 pages of HIGHMEM
May  2 11:41:59 kernel: 529940 reserved pages
May  2 11:41:59 kernel: 16046 pages shared
May  2 11:41:59 kernel: 2 pages swap cached
May  2 11:42:00 kernel: Out of memory: kill process 19389 (rsync) score 1661 or a child
May  2 11:42:00 kernel: Killed process 19390 (rsync)
May  2 11:42:00 kernel:  task 19366 (sh) got 30 points
May  2 11:42:02 kernel:  task 19366 (sh) got 30 points

on another occasion
May  2 12:02:59 kernel: EXT3-fs error (device sdc1) in ext3_prepare_write: Out of memory
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top