[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[tocophonic]

Hi John,
I am very happy that you put your free time into keeping my beloved RT-AC66U alive and maintained - thanks so much for the great work. <3

Although since I bought a Google Pixel 2 I have very annoying problems with router hard resets (almost) every time the phone tries to connect to the router's WiFi. This also happened with Asuswrt-Merlin. Both router and the phone's firmware are current. I read some threads in other forums that this is a common issue between Pixel phones and ASUS routers but neither ASUS nor Google want to be responsible for it, they allegedly keep blaming the other party.
So my question is: could you do anything against that or does the problem maybe lie deeper, like in the very core of the firmware code? If you can/want to have a look into it, tell me if I can assist you, e.g. by sending you logs or trying out different stuff/settings.

Cheers!
toco

 

[Zonkd]

Could Johns Fork on an AC68U do what I need in the attached image?

My reasons for needing this less-than-ideal triple NAT setup:
1. Ethernet isn't possible due to Landlord Sad panda.
2. Having AC68U in router mode allows for jffs scripts like diversion dnsmasq filtering, stubby and skynet firewall to protect against the UPnP enabled AC86U (can't change that due to roommates Mad panda).
3. Roku needs to stream 4K videos from PC SMB share.
4. Console has crappy inbuilt wireless card and would benefit from ethernet connection to a decent router.

If johnsfork couldn't do it, any other suggestions? Would DD-WRT do it? I don't think the AC68U supports openwrt. I know it can be done with my gl-inet travel router running openwrt .

 

[ColinTaylor]

Could Johns Fork on an AC68U do what I need in the attached image?

My reasons for needing this less-than-ideal triple NAT setup:
1. Ethernet isn't possible due to Landlord Sad panda.
2. Having AC68U in router mode allows for jffs scripts like diversion dnsmasq filtering, stubby and skynet firewall to protect against the UPnP enabled AC86U (can't change that due to roommates Mad panda).
3. Roku needs to stream 4K videos from PC SMB share.
4. Console has crappy inbuilt wireless card and would benefit from ethernet connection to a decent router.

If johnsfork couldn't do it, any other suggestions? Would DD-WRT do it? I don't think the AC68U supports openwrt. I know it can be done with my gl-inet travel router running openwrt .

View attachment 17504

No. This question has been asked a few times recently, i.e. Travel router/Hotel WiFi/wireless WAN. Wireless WAN is not a supported mode of operation, sorry.

Could you use your travel router as a wireless Ethernet bridge connected to your router's WAN port?

 

[Bob.Dig]

Hi everyone. I found out that I got some serious problems with johns fork when I use a VPN-Client in the router. Some weird problems with DNS occurred when I tried to connect to a teamspeakserver with an afraid.org DDNS- address for example, took ages to connect. Hadn't touched DoT and stuff.
(VPN with policy rules strict, DNS exclusive and without WAN, problems outside the VPN)

With Merlin no problem. So I will stick to that, although I didn't get any updates.

 

[Uncle_Gadget]

Hi everyone. I found out that I got some serious problems with johns fork when I use a VPN-Client in the router. Some weird problems with DNS occurred when I tried to connect to a teamspeakserver with an afraid.org DDNS- address for example, took ages to connect.

John's implementation of DNS in the VPN client is different than Merlin's. See below for a complete explanation.

The pulldown controls what DNS servers are used by dnsmasq. The checkbox option on the same line controls routing WAN clients' DNS requests to bypass dnsmasq and go directly to a different set of DNS servers in policy rules mode.

Accept DNS Configuration

• Disabled
  The VPN DNS servers are ignored, and all clients use the current non-VPN servers via dnsmasq.
• Relaxed
  The VPN DNS servers are added to the list of servers that dnsmasq can use along with your default servers. Any server can be selected for any DNS request (will tend to use the fastest servers), so this can result in DNS leaks. DNSCrypt is not used even if configured.
• Strict
  The VPN DNS servers are prepended to the list of servers that dnsmasq can use followed by your default servers. DNS requests are sent to each server in order, starting with the VPN servers. If you have slow or poorly configred VPN servers, you will have DNS leaks. DNScrypt is not used even if configured.
• Exclusive
  The VPN DNS servers are the only servers used by dnsmasq. The checkbox option can change the DNS servers used by WAN clients, but then the WAN clients cannot use ABSolution.
• DNSCrypt
  If you have DNSCrypt configured, only the DNSCrypt servers are configured for use by dnsmasq. The checkbox option can change the DNS servers used by WAN clients, but then the WAN clients cannot use ABSolution.

Note that my implementation of 'Exclusive' is different from Merlin's. In Merlin builds with policy rules, 'Exclusive' uses dnsmasq for your default DNS servers/WAN clients, and VPN clients are automatically routed to bybass dnsmasq and go directly to the VPN DNS server. This is why under Merlin, VPN clients with Exclusive DNS set cannot make use of ABSolution (they don't use dnsmasq).

Alternatively, the downside to my implementation is that applications that hardcode requests to specific DNS servers, like Chromecast and google DNS, will have a leak to the google DNS server even if the Chromecast is in the VPN. If this is important to you, you can override the DNS handling with DNSFilter for those clients, but then those clients would loose the ability to use ABSolution.

But honestly, I've given up on trying to use VPNs on clients that are media players (unless you are using a VPN provider that specifically supports geo location hiding) . Applications like Netflix, Amazon Prime and other streaming apps now use the hardcoded DNS calls as part of their VPN/proxy checking and fail if you try and force the VPN DNS servers.

 

[TAGTRAUM]

Is encrypted SNI planned for integration on router level in future builds, or it's strictly browser thing?

 

[ColinTaylor]

Is encrypted SNI planned for integration on router level in future builds, or it's strictly browser thing?

It looks to me to be a browser thing, or more accurately a TLS thing. So AFAICT it needs to be done by the browser or if you're using a web proxy server, done there. I believe pixelserv-tls supports SNI.

 

[TAGTRAUM]

It looks to me to be a browser thing, or more accurately a TLS thing. So AFAICT it needs to be done by the browser or if you're using a web proxy server, done there. I believe pixelserv-tls supports SNI.

Yes, same here cause i archieved SNI green checkbox on https://www.cloudflare.com/ssl/encrypted-sni/ only with DoH enabled in Firefox, beside DoT/DNSSEC was already enabled

 

[mark76]

Hi John,
I am very happy that you put your free time into keeping my beloved RT-AC66U alive and maintained - thanks so much for the great work. <3

Although since I bought a Google Pixel 2 I have very annoying problems with router hard resets (almost) every time the phone tries to connect to the router's WiFi. This also happened with Asuswrt-Merlin. Both router and the phone's firmware are current. I read some threads in other forums that this is a common issue between Pixel phones and ASUS routers but neither ASUS nor Google want to be responsible for it, they allegedly keep blaming the other party.
So my question is: could you do anything against that or does the problem maybe lie deeper, like in the very core of the firmware code? If you can/want to have a look into it, tell me if I can assist you, e.g. by sending you logs or trying out different stuff/settings.

Cheers!
toco

Do you use manual MAC <-> IP address assignment on DHCP server for every device in your network? If not, try to configure it. After configuring assignment for all devices, reboot router to start using configured MAC <-> IP assignments (reservations).
I had not the same problem as your, but my RT-AC66U was unexpectedly rebooting every 3-6 hours until I configured manual MAC <-> IP assignment for every device in my network (about 20 active devices, phones, TVs, PCs, etc.). Since then my router is working stable without unexpected reboots.

EDIT 2019-05-12: One more suggestion is to disable UPnP on the WAN settings page.
EDIT 2019-05-16: I have noticed that actually my router is rebooting unexpectedly every 2-3 days with the latest firmware version 39E3. It worked more stable with older firmware version 38E4.

 

[Waylo]

Recently I've been having issues when logging into the router with having repeated user/password requests. I thought it was when I updated to 39L3, so I reverted to 38L4. However, the problem still persists.

This happens only with Chrome. Firefox does not have this issue.

Essentially, I access 192.168.1.1 and the standard user/password prompt shows. After I enter the correct one, the page mostly loads. The 'system status' panel does not. Another login prompt pops up. After putting that in, the page completely loads. 2 seconds later, another login prompt pops up. It's infuriating.

Interestingly, when I load chrome in incognito, I do not get this problem.

Any thoughts on what browser issue could be causing this?

 

[frooty]

Recently I've been having issues when logging into the router with having repeated user/password requests. I thought it was when I updated to 39L3, so I reverted to 38L4. However, the problem still persists.

This happens only with Chrome. Firefox does not have this issue.

Essentially, I access 192.168.1.1 and the standard user/password prompt shows. After I enter the correct one, the page mostly loads. The 'system status' panel does not. Another login prompt pops up. After putting that in, the page completely loads. 2 seconds later, another login prompt pops up. It's infuriating.

Interestingly, when I load chrome in incognito, I do not get this problem.

Any thoughts on what browser issue could be causing this?

I'm also experiencing this problem. At first I thought it was an incompatability problem with KeePass, but disabling it didn't make any difference. For me it happens on both Firefox (default browser) & Chrome, but moreso on Firefox.

 

[dave14305]

Recently I've been having issues when logging into the router with having repeated user/password requests. I thought it was when I updated to 39L3, so I reverted to 38L4. However, the problem still persists.

This happens only with Chrome. Firefox does not have this issue.

Essentially, I access 192.168.1.1 and the standard user/password prompt shows. After I enter the correct one, the page mostly loads. The 'system status' panel does not. Another login prompt pops up. After putting that in, the page completely loads. 2 seconds later, another login prompt pops up. It's infuriating.

Interestingly, when I load chrome in incognito, I do not get this problem.

Any thoughts on what browser issue could be causing this?

I was using a different browser, but you can try this workaround, in case Chrome now behaves similarly.
[Fork] Asuswrt-Merlin 374.43 LTS releases (V39E3)
YMMV

 

[Waylo]

I'm also experiencing this problem. At first I thought it was an incompatability problem with KeePass, but disabling it didn't make any difference. For me it happens on both Firefox (default browser) & Chrome, but moreso on Firefox.

I too thought it might be extension related, so I definitely took a good look at what was enabled. Incognito mode does disable some extensions. But it's not ublock origin, nor lastpass. Not sure what else would cause this effect.

Chrome cache wipe doesn't fix anything either.

Dirty-flashed to 39E3 without improvement.

EDIT: To be thorough, I factory reset it and then nvram restored with John's util. Still have same issue.

 

[fatspirit]

Any thoughts on what browser issue could be causing this?

Are you using https?

 

[thealphonso]

Cannot find UPNP setting on/off in E3 for N66U.
Thanks!

 

[ColinTaylor]

Cannot find UPNP setting on/off in E3 for N66U.
Thanks!

WAN > Internet Connection > Basic Config > Enable UPnP

 

[Waylo]

Are you using https?

Good idea. I've now tried it with both. If I just use plain "192.168.1.1" it is http only and get the error.

Unfortunately HTTPS does not help. I get a NET::ERR_CERT_AUTHORITY_INVALID error and Chrome warns me about proceeding. And I still get the repeat login prompts.

 

[mark76]

Do you use manual MAC <-> IP address assignment on DHCP server for every device in your network? If not, try to configure it. After configuring assignment for all devices, reboot router to start using configured MAC <-> IP assignments (reservations).
I had not the same problem as your, but my RT-AC66U was unexpectedly rebooting every 3-6 hours until I configured manual MAC <-> IP assignment for every device in my network (about 20 active devices, phones, TVs, PCs, etc.). Since then my router is working stable without unexpected reboots.

EDIT 2019-05-12: One more suggestion is to disable UPnP on the WAN settings page.
EDIT 2019-05-16: I have noticed that actually my router is rebooting unexpectedly every 2-3 days with the latest firmware version 39E3. It worked more stable with older firmware version 38E4.

Possibly I have found what caused my Wi-Fi router's unexpected reboots. Probably it was my Philips Android TV. In TV Guide it was set to retrieve TV channels information from the Internet (using Wi-Fi), not from broadcasters of TV channels via TV cable. I think this somehow "overloaded" my router. I have set to retrieve TV channels information from broadcasters via TV cable and since then my router is working stable with no unexpected reboots.
Maybe this information will help someone.

 

[Waylo]

Good idea. I've now tried it with both. If I just use plain "192.168.1.1" it is http only and get the error.

Unfortunately HTTPS does not help. I get a NET::ERR_CERT_AUTHORITY_INVALID error and Chrome warns me about proceeding. And I still get the repeat login prompts.

Figured it out. Private Internet Access (PIA) extension was blocking a lot of things, even though it wasn't 'activated' or running its VPN. A new 'feature' for v2.1 that no one asked for or needed. Annoying!

 

[iaTa]

My ISP supports native IPv6 and I've had it working in the past with Merlin 380.xx builds.

However I can't seem to get it working on this build.

Previously I just selected Native, DHCP-PD and Stateless and I was good to go.

Does anyone have any suggestions as to how to diagnose?

EDIT: Tried a factory reset but no luck so switched to clean Merlin 384.11_2 and IPv6 started working straight away.