What's new

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

On RT-N16 32E4 sirq ~ 90-100% on speedtest-cli at 65/40 MBit/s
HW acceleration is disabled due to IPTraffic.
 
Please try V28 release (there was a subsequent update to CTF in V29 due to continuing problems being reported on the Merlin code).

Some results here, but in a way the worst kind, somewhat inconclusive compared to what you said about the versions and what changed between them. Between these fw's no factory reset was made since they're all recent E versions.

Coming from 27E5 where everything was fine,
28E8: immediate high sirq%, around 1% per 1 Mbps.
29E2: just the same.
BUT, 32E4: less sirq, around 0.5% per 1 Mbps, but still higher than 27E5 which i'd estimate at 0.25% per 1 Mbps. REDACT: After some half an hour it's worse, way worse,sirq% going over 90% with just 50 Mbps total utilization :( why it keeps on going worse, no idea. Had to stop running 'top -d1' since it was taking too much cpu. This is just as bad as they come.

IF a factory reset would be required between 28-29 unfortunately that has to wait, just don't have time for such exercises now.

My previous upgrade cycle was 23E -> 31E, and then on to 32L. Never tried 32E4 before. But i did make a factory reset (from the menu, not any reset button magik) both when changing 23E -> 31E, and 31E -> 32L with manual input of all settings. And both were bad with very high sirq, 1% per 1 Mbps.

Just in case there would be some differences between AC66U versions, this is an old one 6 years old when it was Asus' top of the line model.
Model RT-AC66U
Firmware Version 3.0.0.4.374.43_32E4j9527
Firmware Build Mon Apr 2 17:06:08 UTC 2018 root@c0057afb0
Bootloader (CFE) 1.0.1.4
Jffs scripts were off while testing to eliminate user/config error possibility.

And finally, back to 27E5 which brings immediate relief after 32E4. Everything back to normal, sirq 0.25% per 1 Mbps, or less.
 
Last edited:
Just in case there would be some differences between AC66U versions, this is an old one 6 years old when it was Asus' top of the line model.
Looking at the code, I did run across some hardware rev differences. Apparently, there are at least two hw revs of the MIPS AC66U, A2 and B0 (I also think there is a B1, not to be confused with the AC66U_B1 that contains the ARM processor). At least one difference is that the A2 rev cannot support DFS channels on 5GHz.

That being said, I PM'd you a test build I'd like you to try.
 
Does latest L build support 1.1.1.1 and DNSSEC? Or how to setup this DNS for best practice?
 
Does latest L build support 1.1.1.1 and DNSSEC? Or how to setup this DNS for best practice?
Yes. Where it says "Enable DNSSEC support", enable it.

While I'm here, thanks John for your work on this fork. This seems to be the only fully working firmware left for the N66U that's still updated.
 
I think he meant DNS over TLS or HTTPS like described at https://1.1.1.1/

Ah, ok. In that case you can use the DNSCrypt option (DNS over HTTPS) which, afaik, provides the same function and complements DNSSEC. There's also an entware package "stubby" if you want DNS over TLS. So I don't think Merlin's DNS implementation supports it just yet though it's been a while since I've been on the forums, haven't kept up.

Now that I've looked, it'd be great if John would add Cloudflare's DNSCrypt servers to the option list.
 
I've been hunting for days for this weird wifi connectivity bug on AC66, now on 27E5 but this happens across releases, and think finally figured out what's going on:

When there are guest networks with Set AP Isolated Enabled, and Enable JFFS custom scripts and configs is set to No, everything works just fine. But when jffs customs scripts is turned on, no new guest wifi clients can connect anymore, and not just guest clients but any wifi clients. But the existing wifi connections are kept on, which made this so hard to find.

I reduced my custom scripts to a minimum, in the end only router default firewall rules were there, yet it happens. Turn Jffs scripts off again, and wifi works fine with AP isolation on. Or turn AP isolation off, and custom script boot works fine.
 
I've been hunting for days for this weird wifi connectivity bug on AC66, now on 27E5 but this happens across releases, and think finally figured out what's going on:

When there are guest networks with Set AP Isolated Enabled, and Enable JFFS custom scripts and configs is set to No, everything works just fine. But when jffs customs scripts is turned on, no new guest wifi clients can connect anymore, and not just guest clients but any wifi clients. But the existing wifi connections are kept on, which made this so hard to find.

I reduced my custom scripts to a minimum, in the end only router default firewall rules were there, yet it happens. Turn Jffs scripts off again, and wifi works fine with AP isolation on. Or turn AP isolation off, and custom script boot works fine.
Sorry, but this doesn't make sense. And I can't recreate it on my AC68.

AP_Isolate (wireless clients can't talk to one another) is entirely contained in the wireless driver....there's no intersection with either firewall rules or jffs.

BTW...also checked with Access Intranet on/off and again no problems.
 
Ah, ok. In that case you can use the DNSCrypt option (DNS over HTTPS) which, afaik, provides the same function and complements DNSSEC. There's also an entware package "stubby" if you want DNS over TLS. So I don't think Merlin's DNS implementation supports it just yet though it's been a while since I've been on the forums, haven't kept up.

Now that I've looked, it'd be great if John would add Cloudflare's DNSCrypt servers to the option list.

Brings up a good discussion. DNSCrypt v1 which is currently in the code does not support DNS over TLS, so there is no point in adding it to the server list.
Things I'm thinking about now....
  • DNSCrypt v2
    • Is only available as a binary (written in 'Go'). I have some uneasiness about including a third-party binary in the code.
    • Does not support MIPS routers (kernel is too old....I spent a couple of weeks trying to patch the MIPS kernel to make it work without success)
    • Does also support DNS over TLS which is a plus
  • DNS over TLS (stubby)
    • Seems to be the new direction. Will be included in android in the near future.
    • Supported by Cloudfare/Quad9
    • Available as c source
    • Should also work on MIPS routers
    • Potential code sharing with Tomato
So, right now I'm thinking of removing the old DNSCrypt v1 and replacing it with DNS over TLS support. ARM users who want DNSCrypt can use @bigeyes0x0 DNSCrypt installer (it should work on my fork, but needs to be tested). MIPS routers, sorry, no more DNSCrypt, but you should get DNS over TLS.
 
So with my N66U, if I want to keep my higher than normal transmit power output, I should use the "L" builds?
Sorry for asking this again, but could someone give a definitive answer for this so I know for sure once and for all?
 
Sorry for asking this again, but could someone give a definitive answer for this so I know for sure once and for all?
I don't think anyone can give you a definitive answer. Apart from the fact that you haven't identified what country you're in (there is a world outside of the US of A), there's the issue of what is/was legally allowed and what is actually implemented in a particular driver. Additionally, the power varies depending on what channel is currently being used. So while one channel may have increased in power another may have been reduced. The only way to know for sure is to try one firmware build and then the other. If you can't tell the difference then it doesn't matter which you use.
 
Hi guys, it seems to be that the time to move to John's fork arrived. :)

I am a long time (since 2013) happy user of Merlin's FW. I have RT-N66U B1 (EU) running Merlin's 380.70 FW. About 4 years ago I also flashed CFE 1.0.1.4 over the original CFE 1.0.1.2 in order to overclock the router. I am also running Entware from embedded MicroSD card. While I am a regular forum member I never followed this thread in details. Now thread is very long and very difficult to orient myself even using search. So I will appreciate if you take some of your valuable time to answer on the following questions:

1. I understood that the Asus FW Restoration Tool is required to perform the transition. Unfortunately I never found it on RT-N66U page on the Asus site. Where to download it from? I am using Windows 10 Pro on my client PCs.

2. I never used Asus FW Restoration Tool yet, so I am not familiar what exactly will be done. What will happen with CFE? Will it survive or will be restored to original 1.0.1.2 version?

3. Which version of Entware is supported in 374.43 LTS - the old one or NG?

4. I am running two OpenVPN servers. Their certificates and keys are stored in jffs. What should be done with them after transition? Shall I move them back to NVRAM or I may continue to use jffs?

Thank you!
 
1. I understood that the Asus FW Restoration Tool is required to perform the transition. Unfortunately I never found it on RT-N66U page on the Asus site. Where to download it from? I am using Windows 10 Pro on my client PCs.
On the support page choose Driver & Tools, then your OS. Under Utilities click on See All Downloads. There is a link to this: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC3200/Rescue_2000.zip

2. I never used Asus FW Restoration Tool yet, so I am not familiar what exactly will be done. What will happen with CFE? Will it survive or will be restored to original 1.0.1.2 version?
The CFE should be untouched. But personally I found the Restoration Tool to be unreliable for the N66U. I prefer to just use the built-in CFE miniWeb Server after putting the router into recovery mode. Be warned though that it can take up to 45 minutes to flash the new firmware in recovery mode.
 
3. Which version of Entware is supported in 374.43 LTS - the old one or NG?
There isn't an NG version for MIPS based routers. The built-in entware-setup.sh script will install the correct version.

4. I am running two OpenVPN servers. Their certificates and keys are stored in jffs. What should be done with them after transition? Shall I move them back to NVRAM or I may continue to use jffs?
You will need to reformat jffs after the move due to the size difference of the firmware. After that, set up your servers thru the gui (which will save the certs in nvram), and then log into the router and run
ovpn2jffs server1
ovpn2jffs server2
which will move the certs to jffs.
 
Thank you, John and Colin!

My last question is: Which version is recommended for my configuration - L or E? I do NOT plan to use my N66 in Repeater or Media Bridge modes. My understanding is that the only differences between two versions are old/new wireless drivers and absence/existence of KRACK fix. Is this correct?
 
My last question is: Which version is recommended for my configuration - L or E?
I'd personally try the 'E' version first. It contains a later regulation db, so for 5GHz band you may actually see better performance. If you have older clients or see a degradation, then fall back to the 'L' version.
 
Hi. I'm on Asuswrt-Merlin 380.70 @N66U.
And my Wi-Fi losts it's signal from time to time. Merlin said he won't update our router anymore and recommended your version.
I've downloaded latest "RT-N66U_374.43_32E4j9527" and tried to update my router, but it's said :
"Invalid Firmware Upload
To comply with regulatory amendments, we have modified our certification rule to ensure better firmware quality. This version is not compatible with all previously released ASUS firmware and uncertified third party firmware. Please check our official websites for the certified firmware."
So, what should I do? Thx.

UPD.
I've managed to install it. Thx a lot! ;)
 
Last edited:
.....
UPD.
I've managed to install it. Thx a lot! ;)

How did you managed? By Asus FW Restoration Tool or by CFE Mini Web Server?
I am asking because I am going to migrate also.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top