[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[john9527]

Do you set CTF to enabled by default, or disabled? So I know for the future.

Should be enabled by default unless you are connected with a USB modem.

Gear switch, you think there are any limitations on why the RT-AC1900P would not run this fork? With is close similarities tot he RT-AC68U, would it not be possible? Granted Flash and RAM are larger....

Sorry, won't work. It has a different processor and requires a different SDK (same as the AC-68U revs above B1)

 

[cybrnook]

Should be enabled by default unless you are connected with a USB modem

Okay, maybe I will wipe and test again just for giggles to make sure it's nothing. My goal is only to help you fine tune, that's why I bring this stuff up. And no, no USB modem, single line from a linksys modem on Xfinity.

Sorry, won't work. It has a different processor and requires a different SDK (same as the AC-68U revs above B1)

Fair enough, I had a couple, was going to offer to send one. But seems there is a hard limit anyways....

 

[maurer]

thank you very much, John
my ssh access is restored !

 

[slobodan]

I may need to remove some features (like DNSCrypt) from the N16 builds.

No, please don't. Dnscrypt is great.

 

[Ford Prefect]

...just came across a strange effect with a N66U (running E20.x) in repeater mode.
I installed this box at a friends house, connecting via the 5GHz to the main router and providing I-Net to clients over the 2.4GHz link.

Sometimes the N66 looses connection to the main router and would not successfully re-connect.
When you then enter the UI of the N66, it basically shows the Information that the master AP might be down (so W-WAN Link is down) and offers you the option to do a rescan via a button in the UI.
Actually this sounds quite noob-safe, doesn't it.
Well, it isn't -
As I've seen that the rescan apparently will be performed for the 2.4GHz link only and not for the 5GHz link as well (but what it does in a site survey from the main Wireless config page).

Is this a bug or a feature...it appears that repeater mode would assume that the default link used is only on 2.4GHz ?
Any ideas? I gather this might not be originally bound to the fork and my bet is that this bug is preset in the ASUS firmware as well.

However, can we get it fixed?
The easy fix to help my friend with is is, to show him how to do a reboot
The more complicated thing is me driving over to his site and perform that thing myself

regards,
Ford

 

[Uncle_Gadget]

I thought I'd try one more time in case my last request was lost in the noise...

What I'm trying to do is use a couple of subdomains I own to resolve to resources locally on my internal network (NAS, media players, etc.) . Nothing I've tried works. For complete details see my earlier post here. Thanks, in advance for any ideas.

 

[john9527]

As I've seen that the rescan apparently will be performed for the 2.4GHz link only and not for the 5GHz link as well (but what it does in a site survey from the main Wireless config page).

Is this a bug or a feature...it appears that repeater mode would assume that the default link used is only on 2.4GHz ?
Any ideas? I gather this might not be originally bound to the fork and my bet is that this bug is preset in the ASUS firmware as well.

Whew.....this will require some digging...

A couple of questions though....was this a fresh install with a factory reset? Are you using mac filtering? or if it was a re-purposed router, was mac filtering ever enabled?

 

[john9527]

I thought I'd try one more time in case my last request was lost in the noise...

What I'm trying to do is use a couple of subdomains I own to resolve to resources locally on my internal network (NAS, media players, etc.) . Nothing I've tried works. For complete details see my earlier post here. Thanks, in advance for any ideas.

I can see why none of the hosts options are working based on the options you have set up.
You may need to make some tradeoffs.....
Which is more important, VPN clients or non-VPN clients accessing the subdomains?
Can you tolerate an occasional DNS leak from the VPN clients to your WAN DNS servers?
Will your VPN DNS accept DNS queries not coming from a VPN client?

 

[Uncle_Gadget]

I can see why none of the hosts options are working based on the options you have set up.
You may need to make some tradeoffs.....

First off, thanks John, for taking the time to reply!

Which is more important, VPN clients or non-VPN clients accessing the subdomains?
It's more important that the non-VPN clients access these subdomains. I could do without VPN clients having access to the subdomains.

Can you tolerate an occasional DNS leak from the VPN clients to your WAN DNS servers?
I probably could, but would prefer not to. I do manually change my IP address every couple of days to add a modicum of anonymity to my non VPN clients. And, seeing that I am not using my ISP's DNS servers, I would still have a pretty good level of anonymity if I did this, right?

Will your VPN DNS accept DNS queries not coming from a VPN client?
I'm almost certain that my VPN's DNS servers only work from the tunnel.​

Based on my answers above what might be my options?

 

[john9527]

Based on my answers above what might be my options?

Based on the first answer, give this a try.....
On the VPN page, set Accept DNS configuration to Disabled.
On the LAN-DCHP page, set Advertise Router's IP to Yes
Leave the other settings as is, including the DNS Filter page where you point the VPN clients at the VPN DNS

Now when you use change dnsmasq.conf.add or hosts.add the new domains should be recognized by the non-VPN clients...the VPN clients won't be able to resolve the new domains however.

With this configuration, my other two questions won't apply

 

[cybrnook]

@john9527

Yep, I verified it (RT-AC68P) this evening. After a nvram erase && reboot (on your latest build), on first boot (no config done outside of setup wizard) tools page states CTF enabled (which would signify Level 1 CTF), but Switch Control Tab states NAT acceleration is "Disabled". Without changing anything, I rebooted 2 x again just to validate your theory of rebooting it, and that did not change anything.

So, I set NAT to Level 2 (CTF+FA) from "Disabled", rebooted, and now tools page reflects CTF+FA, and switch control also shows Level 2.

So maybe when you have some time, visually, it seems to be incorrect out of the box. Doesn't hurt anything, but might want to look at it if we are ironing out all the small things.

EDIT: Wanted to let you know I tested in Chrome and Firefox, so not a browser/cache issue.

 

[Ford Prefect]

Whew.....this will require some digging...

A couple of questions though....was this a fresh install with a factory reset? Are you using mac filtering? or if it was a re-purposed router, was mac filtering ever enabled?

Hi John,

yes, i guess so.
No, that install is about 1.5years old...started with the fork from scratch aqt that time...works like a charm.
I noticed this behaviour the last time when I visited and the link was down.
The normal way of fixing the link for the owner was a (hard-)reboot...this was actually the first time, I was there and tried to use the UI.
There is nothing special activated, repeater mode, IPs per dhcp from the main router...the SSIDs and link to the repeater has been set manually...no mac-filters.

As said, when entering the normal UI and doing a site-survey, SSIDs for both links get collected...only when doing the "rescan", only 2.4GHz links apear.

 

[Santiago C]

Possible fix for WAN uptime timer not working in a dualwan environment - @Santiago C

Thanks! I'll update as soon as I can find some spare time and let you know!

BTW, I will stop being a Dual WAN user soon (my bkp ISP cut out the plan I was grandfathered in for which I had a 10MB/3MB for USD10, makes no sense paying up full price of USD40+) so at least I'll stop nagging you with those issues, right?

 

[Uncle_Gadget]

Based on the first answer, give this a try.....
On the VPN page, set Accept DNS configuration to Disabled.
On the LAN-DCHP page, set Advertise Router's IP to Yes
Leave the other settings as is, including the DNS Filter page where you point the VPN clients at the VPN DNS

Now when you use change dnsmasq.conf.add or hosts.add the new domains should be recognized by the non-VPN clients...the VPN clients won't be able to resolve the new domains however.

Thank you, John, for the suggestion above. Everything seems to be working as I need it. Now I need to figure out how to add my Let's Encrypt certs to the router and my HomeGenie Server and I should be good to go.

 

[thelonelycoder]

@john9527 and all Firefox 52 users:
When downloading the firmware, you might encounter the (silent) error:

This file is not commonly downloaded.

And it promptly skips the download.

To get Firefox 52 to work with "untrusted" download locations do this:
Check the settings under menu path Tools -> Options -> Security.
Uncheck "Warn me about unwanted and uncommon software"

Now you can download John's latest and greatest!

 

[john9527]

@thelonelycoder - Thanks for the Firefox info, but there must be something else at play. Just did a download with 52.0.1, with the "Warn me about unwanted and uncommon software" checked, and it worked just fine. Windows 7.

 

[Santiago C]

Possible fix for WAN uptime timer not working in a dualwan environment - @Santiago C

Hi @john9527

I have just tested with 23E3 (actually a recompiled mod with a few unrelated tweaks in openvpn). It wasn't working on boot but after restarting wan the timers seem to be working fine:

Now that I think about it, I don't think I've ever restarted wan in 23E1 to see what happens...

 

[lepa71]

I'm having some media bridge mode issues. I have R7000 as a primary(192.168.1.1) and AC68U as a media bridge. I assigned static IP to AC68U I can connect to it anytime I need. Xbox and htpc is connected to AC68U. Xbox has assigned IP at R7000 and htpc uses dynamic IP. DHCP runs on R7000 only. My problem is that overnight Xbox and htpc looses connectivity to internet. I have to reboot AC68U to gain it back.

This is how I have it setup. Is this correct?

I could use R7000 to reserve IP for AC68U, but I'm not sure if this would be better.
There is nothing in logs and it seems in media bridge mode I can't change the verbose level for log.

Is there anything I can to do to help to debug it? Any other ideas that I can try?

Thanks

 

[thelonelycoder]

@thelonelycoder - Thanks for the Firefox info, but there must be something else at play. Just did a download with 52.0.1, with the "Warn me about unwanted and uncommon software" checked, and it worked just fine. Windows 7.

This may be different for Window 10 and the addons I have installed.
Also, maybe AB-Solution has a say in this as well. Who knows.
I just noticed it won't download the file and did not receive an error. Just the tiny little note saying that in the download window.

 

[cybrnook]

This may be different for Window 10 and the addons I have installed.
Also, maybe AB-Solution has a say in this as well. Who knows.
I just noticed it won't download the file and did not receive an error. Just the tiny little note saying that in the download window.

I am on Windows 10, Firefox 52.0.1 and was able to just download without issue. (I do not have AB solution active on my main router at the moment)

Are you downloading the entire folder, or just the firmware specific zip file?