Asuswrt-Merlin 384.9 Parental Control Time Scheduling broken

SpeedyJDK

New Around Here
After finally upgrade from 380 to 384.9, full reset of the router.

Now the AiProtection > Parental Control > Time Scheduling is all messed up.

Randomly, has the devices been telling that they are blocked from the internet, when their time schedule sais they are allowed at this hour.
So my guess is that the time scheduling is broken in this firmware.
 

martinr

Part of the Furniture
“..upgrade from 380 to 384.9, full reset of the router.“

Can you confirm that the reset to factory default settings was carried out AFTER and not before you flashes? Also, how did you re-eatablish your custom settings afterwards; did you restore them from a backup or did you insert hem manually?
 

consorts

Senior Member
just a guess, but till the experts wake up and chime in;
384.9 incorporates vulnerability fixes that asus pushed out in december'2018
which unfortunately included bugs in how lan dhcp was reporting in real time.
384.8_2 is the latest merlin that does not include these asus inherited bugs,
so it's likely the latest version of firmware without your parental control issues.
keep in mind that merlin is not responsible for bugs that asus pushes out
because his code adds/enhances asus, it does not modify or fix asus.
 

SpeedyJDK

New Around Here
Yes, i reset the router to factory default after the flash. And typed everything i needed into it manually.
So far i had to turn off the parental time scheduling. And hope the bug will be found and fixed in a near future.
Step 1 was to tell about it, and hope somebody noticed :)
 

Zastoff

Very Senior Member
NAT-acceleration can mess up parental control, Do you have it disabled?
LAN/Switch Control/NAT-acceleration

Parental control/Time scheduling works fine for me on 384.9
 

SpeedyJDK

New Around Here
I read about the NAT acceleration. So i disabled it. Didn't change anything.
I ran with the firmware for about a week. All ipads are set to have internet access 08:00-20:00.
Thursday the first ipad said it was denied access to the internet and went to the routers page. I fixed it by allow it access all day.
Today a different ipad complained about denied internet access, around 09:00. When i gave that internet the entire day. It was still blocked. So i disabled the Parental Control Time Scheduling completely to get that ipad back online.
 

martinr

Part of the Furniture
I read about the NAT acceleration. So i disabled it. Didn't change anything.
I ran with the firmware for about a week. All ipads are set to have internet access 08:00-20:00.
Thursday the first ipad said it was denied access to the internet and went to the routers page. I fixed it by allow it access all day.
Today a different ipad complained about denied internet access, around 09:00. When i gave that internet the entire day. It was still blocked. So i disabled the Parental Control Time Scheduling completely to get that ipad back online.
Just a thought: can you check in syslog that the time-date stamp against the entries is a valid one? I’m sure it will be but worth a look.
 

martinr

Part of the Furniture
The log is quite empty.

I will enable the parental control and see if i can catch it in the act.
That is odd: I’ve never seen an empty syslog except for an instant after clearing it.. On the Systems Log page, my setting: Log only messages more urgent than - is set at the default “debug” and, above it, Default message log level - is set at “notice”, again, the default setting.

Perhaps your settings are “alert” and “emergency” or by some other method you have logging to syslog turned off? If I clear my syslog, it begins refilling almost instantly.
 

SpeedyJDK

New Around Here
I wonder if it has something to do with my log jump from Feb 15 to May 5 and back to Feb 15 :
Feb 15 09:43:00 Timemachine: daemon is stopped
May 5 07:05:03 syslogd started: BusyBox v1.25.1
May 5 07:05:03 kernel: klogd started: BusyBox v1.25.1 (2019-02-02 13:18:33 EST)
May 5 07:05:03 kernel: Linux version 2.6.36.4brcmarm ([email protected]) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Sat Feb 2 13:28:56 EST 2019
May 5 07:05:03 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
May 5 07:05:03 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
<Removed lotsa lines between this>
May 5 07:05:16 ntp: start NTP update
Feb 15 09:45:03 rc_service: ntp 554:notify_rc restart_diskmon
Feb 15 09:45:03 rc_service: waitting "start_firewall" via udhcpc ...
Since when it goes to May 5, 7:05 is a time the ipads ain't allowed.
Anyway, i enabled the Time Schedule. So i will catch it exactly when it happens again. And see what the logs sais.
 

ColinTaylor

Part of the Furniture
I wonder if it has something to do with my log jump from Feb 15 to May 5 and back to Feb 15 :
The date and time changed for a short period because you rebooted the router at 9:43.
 

psipro_1989

New Around Here
I will catch it next time and post a log, if any is created for it.
Hello

My new Asus AC66U_B1 was just updated to 184.9 and I've also seen this issue. My sons Xbox One is the only device being restricted.

When Time Scheduling is enabled and current time is within the permitted window, games (first person online) will not connect to their servers. You Tube will alternately connect and drop (display the access not permitted to the internet page) on a (subjective) 10 minute interval.

I've increased logging level and will upload relevant information.


FYI, I just noticed that this is the wireless forum. This report should have been filed under wired connections because the Xbox is hard wired. I'll leave it here and post again in the appropriate forum.
 

ColinTaylor

Part of the Furniture
FYI, I just noticed that this is the wireless forum. This report should have been filed under wired connections because the Xbox is hard wired. I'll leave it here and post again in the appropriate forum.
If you're running Merlin's firmware then this is the correct forum. FYI Don't double post as it's against forum rules.
 

SpeedyJDK

New Around Here
This morning. Around 7. I grabbed a few pictures from the router.
As the ipads ain't allowed access before 8:00. And they worked fine on the router. The log sais nothing. The router just tell that they are blocked.
So the timing is broken somewhere in the time scheduler.
 

Attachments

55e87607

New Around Here
I came across this thread on google and have to post my findings - the FW version in use is 384.10 and parental controls have been broken like this for years (I tried to use it on my N66U) but there seems to be little fuss about it...

Today I tried to put rules in to allow access to the internet from 8am to 12am. It seemed fine for an hour or 2 until my internet cut off at approx 6pm... weird. It was as if the rule had triggered early (and the UI said my machine was blocked).

I double checked the system time and all seemed fine. I SSH'd onto the router and the system time on there was fine as well. I tried to reboot the router and still the internet was off...

I started playing around with the parental controls menu until I produced this: https://i.imgur.com/tDJg3C7.png

My internet was still blocked even though it was just after 7pm. The image you see there is the minimum number of boxes that I could leave blank or else the internet would start working again.

As time ticked over to 8pm my connection sprung back to life... so I decided to try checking the next box, as you can see here: https://i.imgur.com/I421zSs.png

Low and behold I lost my access again. Now, bear in mind I'm an hour ahead because of summer time, and the fact that I had just rebooted the router this seems quite fishy... it's as if the parental controls are somehow measuring "time since reboot" as being 00:00

I checked iptables and the times in there match what's on the UI:

-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --weekdays Sun --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --weekdays Mon,Tue,Wed --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --timestart 03:00:00 --timestop 23:59:59 --weekdays Thu --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --timestart 01:00:00 --timestop 23:59:59 --weekdays Fri --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --weekdays Sat --kerneltz -j ACCEPT

So this issue points to whatever component is making the decision to drop the packets time being out of sync? That's where my knowledge ends...

The network services filter on the firewall also seems to suffer from a similar issue, except it decides it will let some traffic through and some not, leading to half loaded / hanging pages. Is there any other way to reliably stop traffic at certain times? Bandwidth limiter only lets you set a minimum throughput of 0.1mbps....

The whole thing is woeful. How are there so few threads on this considering I know this hasn't worked for years now. Any input / pointing in the right direction would be helpful. I need ONE way to work because I'm setting it up for a friend
 

L&LD

Part of the Furniture
I came across this thread on google and have to post my findings - the FW version in use is 384.10 and parental controls have been broken like this for years (I tried to use it on my N66U) but there seems to be little fuss about it...

Today I tried to put rules in to allow access to the internet from 8am to 12am. It seemed fine for an hour or 2 until my internet cut off at approx 6pm... weird. It was as if the rule had triggered early (and the UI said my machine was blocked).

I double checked the system time and all seemed fine. I SSH'd onto the router and the system time on there was fine as well. I tried to reboot the router and still the internet was off...

I started playing around with the parental controls menu until I produced this: https://i.imgur.com/tDJg3C7.png

My internet was still blocked even though it was just after 7pm. The image you see there is the minimum number of boxes that I could leave blank or else the internet would start working again.

As time ticked over to 8pm my connection sprung back to life... so I decided to try checking the next box, as you can see here: https://i.imgur.com/I421zSs.png

Low and behold I lost my access again. Now, bear in mind I'm an hour ahead because of summer time, and the fact that I had just rebooted the router this seems quite fishy... it's as if the parental controls are somehow measuring "time since reboot" as being 00:00

I checked iptables and the times in there match what's on the UI:

-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --weekdays Sun --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --weekdays Mon,Tue,Wed --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --timestart 03:00:00 --timestop 23:59:59 --weekdays Thu --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --timestart 01:00:00 --timestop 23:59:59 --weekdays Fri --kerneltz -j ACCEPT
-A PCREDIRECT -s 192.168.1.253/32 -i br0 -m time --weekdays Sat --kerneltz -j ACCEPT

So this issue points to whatever component is making the decision to drop the packets time being out of sync? That's where my knowledge ends...

The network services filter on the firewall also seems to suffer from a similar issue, except it decides it will let some traffic through and some not, leading to half loaded / hanging pages. Is there any other way to reliably stop traffic at certain times? Bandwidth limiter only lets you set a minimum throughput of 0.1mbps....

The whole thing is woeful. How are there so few threads on this considering I know this hasn't worked for years now. Any input / pointing in the right direction would be helpful. I need ONE way to work because I'm setting it up for a friend

Your post is a little confusing. I don't think that an 'N66U can run 384.10 RMerlin firmware... Also, why isn't 384.10_2 loaded, if it can accept it?

As for this not working for years? Uh, I have many customers who bought Asus routers exactly for this reason and it works without a hitch for them. For at least the past three or four years now. If they had issues, I would have heard.

Tell us your router model and firmware installed. When was the last time you have performed a full reset to factory defaults on this router?

What was the previous version firmware installed?

I think you need to perform a reset to factory defaults and then minimally and manually configure the router to secure it and connect to your ISP.

Only enable the most important feature needed first, test that it works, then proceed slowly adding more features and customizations as required. But continue testing with each change and verifying that the last change didn't break anything first.

Please see my signature for the link to the M&M Config guide which will help you get your router to a good/known state. It is not there now.
 

55e87607

New Around Here
Sorry I mean that previously I had an N66U with the old merlin firmware but had to upgrade to an AC-68U because of a bug which caused my oneplus 6 to reset it every time I came home from work... I had these exact same issues with the scheduling.

I've just put 384.10_2 on my AC-68U and the same issue occurs... it's 22:40 on saturday and if I set the router to deny only thursday from 00:00 to 02:00 then my traffic is blocked.

Full reset on this router will have been whatever the latest merlin firmware was 6 months ago
 
Last edited:

L&LD

Part of the Furniture
Sorry I mean that previously I had an N66U with the old merlin firmware but had to upgrade to an AC-68U because of a bug which caused my oneplus 6 to reset it every time I came home from work... I had these exact same issues with the scheduling.

I've just put 384.10_2 on my AC-68U and the same issue occurs... it's 22:40 on sunday and if I set the router to deny only thursday from 00:00 to 02:00 then my traffic is blocked.

Full reset on this router will have been whatever the latest merlin firmware was 6 months ago
That six-month-old reset is six months beyond the best-before-date. :)

The M&M Config is highly recommended.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top