Does ASUSWRT-Merlin's XT12 firmware support ET12?

[Bucky2003]

I hope at some point you may reconsider as there seems to be a firmware issue with the ET12's regarding the WAN Port and connecting directly to an ONT by a fiber provider.
Several threads out there regarding extremely poor upload speeds, however the problem is 'fixed' if you either enable Dual-WAN and instead of using the WAN port, you use the 2.5g/1g LAN port as your second WAN or if you use a middle man, like a switch or another router.

I've read a few people mentioning it has something to do with the ONT and WAN Port not being able to negotiate correctly, but I can't tell if that's just something someone is saying and not really knowing anything as I can't find any source for this rumor.

Thank you for the response. I just swapped out my Ubiquity Dream Machine because it seemed to have a WAN port that would periodically drop. It was a a few years old and I wanted to get a router with more options. After a fair amount of searching, the ET-12 was at the top of the list on many searches. https://dongknows.com/asus-zenwifi-pro-et12-review/

The ET-12 is plugged directly the ISP fiber via a media converter. The second ET-12 is upstairs connected with a CAT-5 for backhaul.
With no VPN, I can see 850/900Mb/s down and about 100Mb/s up. There does seem to be an issue with upload speeds although that hasn't really impacted me. When connected to NordVPN server using OpenVPN speeds are about 250Mbs/100Mbs up down.

I may be able to return the ET-12 to Amazon. What is the best mesh style router that would support Merlin? I know "best" is subjective. For me, it means great coverage and looks nice as well. Since it would be running Merlin I know the UI is good.

Thank you for your input.

 

[DJones]

Thank you for the response. I just swapped out my Ubiquity Dream Machine because it seemed to have a WAN port that would periodically drop. It was a a few years old and I wanted to get a router with more options. After a fair amount of searching, the ET-12 was at the top of the list on many searches. https://dongknows.com/asus-zenwifi-pro-et12-review/

The ET-12 is plugged directly the ISP fiber via a media converter. The second ET-12 is upstairs connected with a CAT-5 for backhaul.
With no VPN, I can see 850/900Mb/s down and about 100Mb/s up. There does seem to be an issue with upload speeds although that hasn't really impacted me. When connected to NordVPN server using OpenVPN speeds are about 250Mbs/100Mbs up down.

I may be able to return the ET-12 to Amazon. What is the best mesh style router that would support Merlin? I know "best" is subjective. For me, it means great coverage and looks nice as well. Since it would be running Merlin I know the UI is good.

Thank you for your input.

When you get into those speeds I almost think it would be better to use a strong PFsense router for the ONT wan, and have it do the dhcp. Then on a Merlin router disable dhcp and use the router for your wifi and mesh. The cpus in even the top end routers aren’t super great and struggle without NAT hardware acceleration enabled.

Disabling dhcp and having it on another device does remove some of the nice amtm features that use dhcp, but pfsense can do much the same.

 

[Bucky2003]

When you get into those speeds I almost think it would be better to use a strong PFsense router for the ONT wan, and have it do the dhcp. Then on a Merlin router disable dhcp and use the router for your wifi and mesh. The cpus in even the top end routers aren’t super great and struggle without NAT hardware acceleration enabled.

Disabling dhcp and having it on another device does remove some of the nice amtm features that use dhcp, but pfsense can do much the same.

When you get into those speeds I almost think it would be better to use a strong PFsense router for the ONT wan, and have it do the dhcp. Then on a Merlin router disable dhcp and use the router for your wifi and mesh. The cpus in even the top end routers aren’t super great and struggle without NAT hardware acceleration enabled.

Disabling dhcp and having it on another device does remove some of the nice amtm features that use dhcp, but pfsense can do much the same.

Thank you for the response. As of now, I'm on the fence as to what to do. Keep the ET-12 (and hope for future Merlin support). The range is great, the download speed is great, up is poor. On Mac MBA (M2 2022) seeing 490Mb down and 21Mb up. Stock firmware is not awful. In your opinion, would putting a Pfsense in front of the ET-12 do the DHCP, IPS be benficial in terms of security and speed? Or return ET-12, get a Merlin supported Asus Mesh (because of robust Merlin features), and do a similar Pfsense configuration.

 

[DJones]

Thank you for the response. As of now, I'm on the fence as to what to do. Keep the ET-12 (and hope for future Merlin support). The range is great, the download speed is great, up is poor. On Mac MBA (M2 2022) seeing 490Mb down and 21Mb up. Stock firmware is not awful. In your opinion, would putting a Pfsense in front of the ET-12 do the DHCP, IPS be benficial in terms of security and speed? Or return ET-12, get a Merlin supported Asus Mesh (because of robust Merlin features), and do a similar Pfsense configuration.

I mean it’s really up to you they seem like nice AP’s and just using them as nodes for a mesh wouldn’t be terrible if you got a ASUS router as a main one that supports Merlin perhaps that way you get Merlin on the main and can do those extra features like skynet or diversion and have it affect the whole network even the et-12.

If you want IPS some stock ASUS routers have that with AIprotection feature, but honestly I’ve found it really does nothing for me. I’ve never had a hit on my GT-AX11000.

IDS (Intrusion detection system) for security like Snort or Suricata is way more taxing on the cpu and ram and would be better suited for a pfsense box, but in terms of security it might be better then IPS. Honestly though just using skynet and diversion on my Merlin router has been enough for me.

I only suggested pfsense as they might have better cpus to handle faster wan without bottlenecks. But you can still get those speeds using a ASUS router it only really becomes a concern when you want to use Cake QoS because it disables NAT hardware acceleration which might tax the cpu more. People with 1gbe connections have issues with diminished speeds. Pfsense has extra modules you can install to do Adblocking and such as well. Either way is fine.

As for why your only getting 21Mbps up on a MBA that seems really odd, I don’t really have a answer for why that is unless you have a setting on QoS and the upload is set to low. But besides that nothing should impair the upload over wifi if your download is so high.

 

[Bucky2003]

I mean it’s really up to you they seem like nice AP’s and just using them as nodes for a mesh wouldn’t be terrible if you got a ASUS router as a main one that supports Merlin perhaps that way you get Merlin on the main and can do those extra features like skynet or diversion and have it affect the whole network even the et-12.

If you want IPS some stock ASUS routers have that with AIprotection feature, but honestly I’ve found it really does nothing for me. I’ve never had a hit on my GT-AX11000.

IDS (Intrusion detection system) for security like Snort or Suricata is way more taxing on the cpu and ram and would be better suited for a pfsense box, but in terms of security it might be better then IPS. Honestly though just using skynet and diversion on my Merlin router has been enough for me.

I only suggested pfsense as they might have better cpus to handle faster wan without bottlenecks. But you can still get those speeds using a ASUS router it only really becomes a concern when you want to use Cake QoS because it disables NAT hardware acceleration which might tax the cpu more. People with 1gbe connections have issues with diminished speeds. Pfsense has extra modules you can install to do Adblocking and such as well. Either way is fine.

As for why your only getting 21Mbps up on a MBA that seems really odd, I don’t really have a answer for why that is unless you have a setting on QoS and the upload is set to low. But besides that nothing should impair the upload over wifi if your download is so high.

Probably going to keep the ET-12s. Overall, quite happy with them in terms of performance. Apparently others have seen that upload speed issue as well. There's a Reddit thread on the topic:

https://www.reddit.com/r/ASUS/comments/v6znmu

The ET-12 has built in IPS through the AIProtect. I didn't turn AI on, only turned on the Firewall and DoS by selecting the radio button in the Firewall tab. Not sure how comprehensive it would be on stopping any sort of attack.

Do you know of a site or app that could be used to do a penetration test on the Asus? I've used grc.com but basically only scans for open ports.

 

[DJones]

Probably going to keep the ET-12s. Overall, quite happy with them in terms of performance. Apparently others have seen that upload speed issue as well. There's a Reddit thread on the topic:

https://www.reddit.com/r/ASUS/comments/v6znmu

The ET-12 has built in IPS through the AIProtect. I didn't turn AI on, only turned on the Firewall and DoS by selecting the radio button in the Firewall tab. Not sure how comprehensive it would be on stopping any sort of attack.

Do you know of a site or app that could be used to do a penetration test on the Asus? I've used grc.com but basically only scans for open ports.

“Each time I interacted with ASUS support they made a point to ask me if Ai Protection and QOS were disabled”

They asked this because QoS can disable NAT HW Acceleration in modes of Cake & Bandwidth limiter. QoS will diminish some speed, but a loss of 100 down and 200 up is quite aggressive even for QoS on adaptive or traditional.

Yeah I’ve mainly used https://www.grc.com/ but primarily to check for dns spoof ability. Haven’t looked for any pen tests because I have a hard time really trusting them. Checking for open ports is a good thing. Never use UPnP for port forwarding, and unless you really need to just don’t port forward. A router will randomly use a port when it needs to but the difference is it’s only from the inside out and the router does not allow direct connections into the router from the outside unless you port forward.

Using skynet I geoblock countries 90% of the world and whitelist the domains I need. Most big providers use CDN’s so content is local within your country so most sites are still accessible even if they are from another country.

You can try https://www.wicar.org/test-malware.html for a pen test but idk if it works.

 

[fax]

For reference, the issue of upload speed on ONT has been resolved in the latest firmware: 3.0.0.4.388_21739

 

[rexet]

I also purchase a pair of ET12 and they work pretty good. I had a AX11000 before that but wanted to upgrade to the Wifi 6E.
I don't use the USB related features but would love to benefit from the VPN kill switch with Merlin firmware

 

[blueice89]

I would like to add in on those asking for ET12 Merlin. I came from RT ax88u and i swear the century link fiber was faster on that rig with Merlin’s.
1 gig network

Sample WiFi test:

 

[Lurking]

ET12 support is unlikely to happen at this time.

I added XT12 support because I wanted to have two different devices based on the new HND 5.04 SDK at the time, and also to test the waters with a Zen Wifi device.

The XT12 barely has any users. Roughly 80 downloads on the week the firmware was released, versus over 200 for the GT-AX6000 released at the same time. The RT-AX86U gets 3000-4000 downloads on a new release week. That's simply nowhere popular enough to justify the added workload, so for now, I am not going to support the ET12.

One of the problems with the XT12 and ET12 is the lack of USB port, which greatly reduces the usefulness of running Asuswrt-Merlin: it means no Entware, and most addons won't work either. So even if these routers sold more, there would be a less compelling incentive in running Asuswrt-Merlin. People specifically wanting to run it would rather go for a model with USB ports, to allow them to use addons such as Diversion.

OK... If we were to set up a GoFundMe for dev work to port to the ET12, what would it take?
Seriously.

 

[RMerlin]

OK... If we were to set up a GoFundMe for dev work to port to the ET12, what would it take?
Seriously.

Development decisions are not dictated by financial reasons. There are too many models to support for a single developer, each model increases the workload for every new release and not just for the initial implementation, and each additional model also delays new releases even further as Asus needs to then provide an additional GPL archive for that model, and new releases for the currently supported models are already taking them 6+ weeks to provide GPLs for all of these.

I am already supporting too many models. Being sent money would not change any of these factors.

 

[blueice89]

Development decisions are not dictated by financial reasons. There are too many models to support for a single developer, each model increases the workload for every new release and not just for the initial implementation, and each additional model also delays new releases even further as Asus needs to then provide an additional GPL archive for that model, and new releases for the currently supported models are already taking them 6+ weeks to provide GPLs for all of these.

I am already supporting too many models. Being sent money would not change any of these factors.

The future is zenwifi and 6e eventually it should be supported. Name your price.

 

[Smokey613]

The future is zenwifi and 6e eventually it should be supported. Name your price.

ZenWiFi does not have as large a user base as the other Asus wifi routers and I daresay most of it’s users are not prone to use third party firmware.

As for 6e, it’s not all that useful for 90% of wifi products and Wifi 7 is right around the corner.

 

[Lurking]

Development decisions are not dictated by financial reasons. There are too many models to support for a single developer, each model increases the workload for every new release and not just for the initial implementation, and each additional model also delays new releases even further as Asus needs to then provide an additional GPL archive for that model, and new releases for the currently supported models are already taking them 6+ weeks to provide GPLs for all of these.

I am already supporting too many models. Being sent money would not change any of these factors.

Understood. And I see the points you make.
Certainly not your problem, but (the assumed) Merlin was a factor in buying theses units.
My overall satisfaction of the units makes it pretty clear I will not be replacing them any time soon - so, just hoping.

 

[blueice89]

Understood. And I see the points you make.
Certainly not your problem, but (the assumed) Merlin was a factor in buying theses units.
My overall satisfaction of the units makes it pretty clear I will not be replacing them any time soon - so, just hoping.

Yes I agree we love our Zenwifi I believe it is the future I have no doubt it’s a solid piece of hardware and beautiful design.

 

[L&LD]

If the future is ZenWifi, we're doomed.

Asus/RMerlin is the future, today.

 

[blueice89]

The future Zenwifi requires me to have a hub plugged in before serving the WAN for internet. ASUS needs to fix this how to file a bug ?

 

[Tech9]

The future Zenwifi requires me to have a hub plugged in before serving the WAN for internet.

Requires what?

 

[blueice89]

Requires what?

It’s explained here :

https://www.reddit.com/r/ASUS/comments/vkvjcc

 

[Dayone]

It’s explained here :

https://www.reddit.com/r/ASUS/comments/vkvjcc

that was fixed 1-2 firmware updates ago.

OK... If we were to set up a GoFundMe for dev work to port to the ET12, what would it take?
Seriously.

i would chime in aswell, really missing the advanced qos options from merlin in the et12