[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[ColinTaylor]

I'm asking those questions because I did flashed over the latest firmware using asus recovering tool and everything went fine apparently (did a factory reset after), but the web interface is kinda messed up in some places, for exemple some horizontal tab menus are misplaced, there's text behind buttons etc. Is this normal for this fork? Maybe it's the browser's cache?

Welcome to the forum.

You did everything correctly. But there was a recent browser update that caused this problem. See this post for the work around.

 

[Fernando Pena]

Welcome to the forum.

You did everything correctly. But there was a recent browser update that caused this problem. See this post for the work around.

Thanks!!! This worked.
Another problem is with manually assigned IPs, when I enable this option only those devices assigned can connect to the network, any other device not in the list can't connect via DHCP, not sure why... maybe a bug? Any workaround?

 

[dave14305]

Thanks!!! This worked.
Another problem is with manually assigned IPs, when I enable this option only those devices assigned can connect to the network, any other device not in the list can't connect via DHCP, not sure why... maybe a bug? Any workaround?

This shouldn't happen. If this is a new firmware and new IP address scheme for your LAN (e.g. 192.168.1.x), perhaps you need to reboot the devices to force them to request a new IP from the new DHCP server. Sometimes they get confused when changing firmware.

What are the DHCP pool starting/ending IP addresses?

 

[Fernando Pena]

This shouldn't happen. If this is a new firmware and new IP address scheme for your LAN (e.g. 192.168.1.x), perhaps you need to reboot the devices to force them to request a new IP from the new DHCP server. Sometimes they get confused when changing firmware.

What are the DHCP pool starting/ending IP addresses?

I'm trying to use the exact same setup that I was using before flashing john's fork.
Only 2 devices have fixed IP, my wemo smart plug (this is actually working now even without fixed ip) and my computer for Plex server.
My DHCP pool is 192.168.1.2-192.168.1.254, same as before...

 

[dave14305]

I'm trying to use the exact same setup that I was using before flashing john's fork.
Only 2 devices have fixed IP, my wemo smart plug (this is actually working now even without fixed ip) and my computer for Plex server.
My DHCP pool is 192.168.1.2-192.168.1.254, same as before...

Do you have any System Log messages from dnsmasq-dhcp for any device MAC address that cannot get an IP? What is on the System Log / DHCP Leases tab?

 

[Fernando Pena]

Do you have any System Log messages from dnsmasq-dhcp for any device MAC address that cannot get an IP? What is on the System Log / DHCP Leases tab?

I've realize I don't really need fixed IPs for now, I'll test more in the future.
I was wondering what are the differences between john's fork and the last Merlin version for N66U (380.70), are there any bugs or security issues? Is it unsave by any means to run Merlin's version at this point? Is the performance worse?

Just asking because I was hoping to use VeeKee app (https://play.google.com/store/apps/details?id=com.zarek.veekee) to quick toggle VPN and it seems to be working on version 380, but on 374 the app keeps crashing for me.

 

[dave14305]

I've realize I don't really need fixed IPs for now, I'll test more in the future.
I was wondering what are the differences between john's fork and the last Merlin version for N66U (380.70), are there any bugs or security issues? Is it unsave by any means to run Merlin's version at this point? Is the performance worse?

Just asking because I was hoping to use VeeKee app (https://play.google.com/store/apps/details?id=com.zarek.veekee) to quick toggle VPN and it seems to be working on version 380, but on 374 the app keeps crashing for me.

John’s fork only supports 2 vpn clients instead of 5. I don’t know if the app expects 5.

John has backported many fixes from the newer Merlin firmware to his fork. 380.70 hasn’t been updated in 19 months. 39E3 was updated in April and we see signs that 40EB version is in the works by John, incorporating many more backported fixes since April.

 

[szimat]

I was happily using John's fork, set CF DoT as upstream DNS. My DHCP dns is set to a Pihole box (in Pihole my upstream DNS is the router). It worked really good, until recently, when everything started to be way slower. It looks like initial loading of web pages are way slower, like I jave to wait few seconds before it starts to load, after that, speed is great. I don't think problem is with the Pihole box. Maybe something wrong with the CF and/or John's fork and CF DoT? Could it be related to TLS 1.2 vs 1.3?

Should I just configure Pihole to use Cloudflared as upstream DNS and maybe that would solve the issue?

 

[slobodan]

Yup, you may use PiHole as DoT or DoH.

 

[szimat]

Yup, you may use PiHole as DoT or DoH.

Thanks. So you think it might be related to some recent change in CF or the way John's fork handles it?

I might switch to CF DoH as it uses Cloudflared and perhaps stable amd better supoorted by CF, as being their own app. Will do the switch and see the results.

 

[dave14305]

I was happily using John's fork, set CF DoT as upstream DNS. My DHCP dns is set to a Pihole box (in Pihole my upstream DNS is the router). It worked really good, until recently, when everything started to be way slower. It looks like initial loading of web pages are way slower, like I jave to wait few seconds before it starts to load, after that, speed is great. I don't think problem is with the Pihole box. Maybe something wrong with the CF and/or John's fork and CF DoT? Could it be related to TLS 1.2 vs 1.3?

Should I just configure Pihole to use Cloudflared as upstream DNS and maybe that would solve the issue?

Did you try the suggestion from this post a few days ago?

[Fork] Asuswrt-Merlin 374.43 LTS releases (V39E3)

 

[szimat]

Did you try the suggestion from this post a few dats ago?

[Fork] Asuswrt-Merlin 374.43 LTS releases (V39E3)

You mean I should remove the line for TLS 1.3 in stubby? No, I didn't try that.

 

[szimat]

Until the CloudFlare situation stabilizes, I would recommend that anyone using DoT on the fork use this stubby.postconf:

#!/bin/sh

. /usr/sbin/helper.sh

CONFIG="$1"

pc_delete "tls_min_version: GETDNS_TLS1_3" "$CONFIG"

This will use the stubby default GETDNS_TLS1_2. Better than a stubby.yml.add which would end up with 2 different tls_min_version directives in the same file.

Could you please help me how to apply this on my router? I ssh into the router, and...

 

[dave14305]

Could you please help me how to apply this on my router? I ssh into the router, and...

First go to the GUI Administration System tab and enable JFFS scripts and configs if not enabled. Then do this:

cd /jffs/scripts
nano stubby.postconf

• <paste the code into the window>
• Ctrl-X to exit, (Y)es to save

chmod u+x stubby.postconf
service restart_stubby

 

[dave14305]

I probably should have asked that question first. The reason being is that in my experience Traditional QoS on my RT-AC68U @ 1.2GHz becomes unreliable at speeds over about 210Mbps. The exact number varies, predominantly based on CPU speed*, but also the number of rules and the number of concurrent data streams. As such even though my download bandwidth is 380Mbps I have to cap it in QoS to 200Mbps. (When I started down this QoS rabbit hole my ISP speed was 150Mbps).

* That is the reason I overclock my router from 800MHz.

I experimented this morning with the 39E3 with TQoS and watched my CPU while running a speedtest. CPU 1 was maxing out and I wasn't even hitting the 170 Mbps defined in QoS. But upload bandwidth was way above 17 Mbps (defined as Upload bandwidth in QoS). At 800 MHz, I can't afford to lose CTF, if I want to maintain a happy family LAN.

So my options are obviously:

1. Don't use traditional QoS and keep CTF+FA enabled.
2. Go back to Merlin and Adaptive QoS.
3. Overclock and add a cooling fan.
4. Suck it up and take it like a man.

With the U.S. Holiday coming up I'm opting for #2 for now.

 

[ColinTaylor]

So my options are obviously:

1. Don't use traditional QoS and keep CTF+FA enabled.
2. Go back to Merlin and Adaptive QoS.
3. Overclock and add a cooling fan.
4. Suck it up and take it like a man.

1. This is what I've ended up doing. Even though it was nice looking at the tc graphs there really was no reason for me to use QoS with a 380Mbps feed.
2. I've tried Merlin's build a couple of times by way of comparison but prefer the stability of John's firmware and the simpler UI. Of course if I buy a new router (e.g. RT-AC86U) I will have not have the choice.
3. I overclock without a fan.
4. Or get a faster internet service.

 

[szimat]

First go to the GUI Administration System tab and enable JFFS scripts and configs if not enabled. Then do this:

cd /jffs/scripts
nano stubby.postconf

• <paste the code into the window>
• Ctrl-X to exit, (Y)es to save

chmod u+x stubby.postconf
service restart_stubby

Thanks, I did this. I'm not sure how to test if it is working fine or not. I tried 1.1.1.1/help and there is no for DoT if I enable the stubby script. I guess it is not reliable to test it. I also tried to enable DNSSEC, but not working.

I installed cloudflared on pihole, configured DoH and set the upstream DNS in router to pihole address, and now it works, I have DoH enabled. Still, if I enable DNSSEC is pihole, it doesn't work. I don't mind about DNSSEC. It looks that everything is way faster now again with DoH. Still, I believe DoT is the better way to go, am I correct?

 

[jrmwvu04]

Sounds a lot like the 1.3 issue - depending on which backend server you reach you get a different result. Cloudflare growing pains.

Checking in to say that switching off mandatory 1.3 for stubby has returned things to normal. A few days and no problems, like it used to be.

 

[joe a]

Would it be possible to compile a working version of John's Merlin LTS without the proprietary components such as AI Cloud, Network Printer Server, etc?

 

[ColinTaylor]

Would it be possible to compile a working version of John's Merlin LTS without the proprietary components such as AI Cloud, Network Printer Server, etc?

To what end? There are many proprietary components that are not obvious, such as the wireless and disk filesystem drivers.