[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[Marsi4eg]

After about two weeks of observation I can state that disabling NAT Acceleration (aka Hardware Acceleration) fixes my RT-AC66U unexpected crashes caused by Android 8/9+ devices. It is rather workaround than a fix, but this is better than nothing.
A good explanation about NAT Acceleration feature can be found here: https://www.speedguide.net/faq/what-is-nat-acceleration-495

As I see from your signature - you're using E build and that means it uses the newest wireless drivers, actually the same as officilal or Merlin's firmware.
When I was using Merlin's 380.70 - disabilng HW NAT Acceleration didn't fix those crashes. I'm really curious how it fixes it in this fork, when it doesn't on Merlin's and official...

 

[lev]

I second the request for non-popup login form if that doesn't hurt to security, i.e. malicious scripts ran in browsers to guess router's admin password.
Popup is very hideous on Windows 10 IE11, meaning that popup goes under current page of browser.

http://username:password@router.lan works in firefox (although prompts to confirm credential entry)

@john9527 any chance you would consider adding support for a user script a la: https://stackoverflow.com/questions...cript-to-auto-login-using-http-authentication

 

[sm8000]

I'm not sure this is a firmware or even a router problem but I figured I'd ask for some insight.

I have an RT-AC66u that I got from Sprint a few years ago, and recently flashed to the last version of Merlin that supported this model. This was to get SMB2 working with my NAS, which is just a USB HDD plugged into the USB port on the router.

While that's working with my Windows laptops, I can't get my Chromebook to connect. From some cursory Googling, it sounds like I might need to enable SMB3 in the router - which is not an option in the current settings.

Is this something that could be resolved by updating my firmware to a version on this fork?

 

[dave14305]

I'm not sure this is a firmware or even a router problem but I figured I'd ask for some insight.

I have an RT-AC66u that I got from Sprint a few years ago, and recently flashed to the last version of Merlin that supported this model. This was to get SMB2 working with my NAS, which is just a USB HDD plugged into the USB port on the router.

While that's working with my Windows laptops, I can't get my Chromebook to connect. From some cursory Googling, it sounds like I might need to enable SMB3 in the router - which is not an option in the current settings.

Is this something that could be resolved by updating my firmware to a version on this fork?

None of the Merlin firmware offers SMB3. But you’d still be wise to upgrade to John’s fork over the older Merlin 380.70.

 

[mark76]

As I see from your signature - you're using E build and that means it uses the newest wireless drivers, actually the same as officilal or Merlin's firmware.
When I was using Merlin's 380.70 - disabilng HW NAT Acceleration didn't fix those crashes. I'm really curious how it fixes it in this fork, when it doesn't on Merlin's and official...

Earlier, when NAT acceleration was enabled, I had far fewer than 9 days of uptime (~9 days ago I manually rebooted the router), I had from 0 to max 3 days of uptime. This workaround (disabling NAT acceleration) helped in my situation.

 

[PringoBo]

Earlier, when NAT acceleration was enabled, I had far fewer than 9 days of uptime (~9 days ago I manually rebooted the router), I had from 0 to max 3 days of uptime. This workaround (disabling NAT acceleration) helped in my situation.
View attachment 19666

@Marsi4eg i'm at 0 reboots (outside of manual ones) since i enabled that switch over 75 days ago. not sure why this fork makes that work and Merlin's doesn't even if the wifi drivers are the same... but it's what fixes it in john's build.

 

[restinpeace]

Hello,
im using the v40E4 Version on a ac56u and trying to establish a openvpn connection. I use a free provider which is working in Windows but not on the ac56u. Here is a log from the output. I also looked at the route and even there is no created route . What im doing wrong ? I use the freeopenvpn org service which is providing me a opvn file to connect and to integrate the certs into the router. It shows me also a green service state but on the first VPN Status Page it shows connection. so im assuming there is something wrong with the Openvpn Client.
I have nothing changed in the config, only removed mute 3 for the logfile and the redirect internet traffic so i can use the vpn on my clients.
only uploaded the opvn file from the Site including the provided password and username. which i have uploaded. i also tried to use the policy based routing but even this doesnt work.... can someone help me ? thank you.

here is the logoutput.

Oct 27 17:31:38 rc_service: httpd 4987:notify_rc start_vpnclient1
Oct 27 17:31:38 openvpn[7490]: DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
Oct 27 17:31:38 openvpn[7490]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 20 2019
Oct 27 17:31:38 openvpn[7490]: library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.09
Oct 27 17:31:38 openvpn[7497]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 27 17:31:38 openvpn[7497]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 27 17:31:38 openvpn[7497]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 27 17:31:38 openvpn[7497]: TCP/UDP: Preserving recently used remote address: [AF_INET]5.149.254.26:10986
Oct 27 17:31:38 openvpn[7497]: UDP link local: (not bound)
Oct 27 17:31:38 openvpn[7497]: UDP link remote: [AF_INET]5.149.254.26:10986
Oct 27 17:31:38 openvpn[7497]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 27 17:31:38 openvpn[7497]: VERIFY OK: depth=1, O=5b7d7da41997ee35a547c363, CN=5b7d7da41997ee35a547c364
Oct 27 17:31:38 openvpn[7497]: VERIFY KU OK
Oct 27 17:31:38 openvpn[7497]: Validating certificate extended key usage
Oct 27 17:31:38 openvpn[7497]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 27 17:31:38 openvpn[7497]: VERIFY EKU OK
Oct 27 17:31:38 openvpn[7497]: VERIFY OK: depth=0, O=5b7d7da41997ee35a547c363, CN=5b7d7da41997ee35a547c36c
Oct 27 17:32:38 openvpn[7497]: [5b7d7da41997ee35a547c36c] Inactivity timeout (--ping-restart), restarting
Oct 27 17:32:38 openvpn[7497]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 27 17:32:43 openvpn[7497]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 27 17:32:43 openvpn[7497]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 27 17:32:43 openvpn[7497]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 27 17:32:43 openvpn[7497]: TCP/UDP: Preserving recently used remote address: [AF_INET]5.149.254.26:10986
Oct 27 17:32:43 openvpn[7497]: UDP link local: (not bound)
Oct 27 17:32:43 openvpn[7497]: UDP link remote: [AF_INET]5.149.254.26:10986
Oct 27 17:32:43 openvpn[7497]: VERIFY OK: depth=1, O=5b7d7da41997ee35a547c363, CN=5b7d7da41997ee35a547c364
Oct 27 17:32:43 openvpn[7497]: VERIFY KU OK
Oct 27 17:32:43 openvpn[7497]: Validating certificate extended key usage
Oct 27 17:32:43 openvpn[7497]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 27 17:32:43 openvpn[7497]: VERIFY EKU OK
Oct 27 17:32:43 openvpn[7497]: VERIFY OK: depth=0, O=5b7d7da41997ee35a547c363, CN=5b7d7da41997ee35a547c36c

 

[restinpeace]

i fixed the issue in going back to older version. there is the openvpn working. so i think because john did some update to the openvpn backport, and there must be something broken. cheers

 

[atkinsom]

Hi Everyone. I'm running an AC68U with John's latest official fork and I've noticed the following message in my logs kernel: TCP: Possible SYN flooding on port 443. Sending cookies. I know this is happening as soon as I connect to my AC68U OpenVPN server from my remote computer using the latest OpenVPN client. I never noticed this before so it may have been happening for quite awhile. Does anyone know why this would happen when I connect from a remote system using the openvpn client? I'm really stumped here after reading and googling on all the reasons why but nothing seems to apply to me. Thanks for any insight.

 

[ColinTaylor]

Hi Everyone. I'm running an AC68U with John's latest official fork and I've noticed the following message in my logs kernel: TCP: Possible SYN flooding on port 443. Sending cookies. I know this is happening as soon as I connect to my AC68U OpenVPN server from my remote computer using the latest OpenVPN client. I never noticed this before so it may have been happening for quite awhile. Does anyone know why this would happen when I connect from a remote system using the openvpn client? I'm really stumped here after reading and googling on all the reasons why but nothing seems to apply to me. Thanks for any insight.

If you're only seeing the message once or twice when connecting I would just ignore it. It's probably caused by a slow internet connection. If the message is appearing continuously it would be worth investigating further.

Side note: I expect most people would be using UDP and therefore this message would never appear for them.

 

[atkinsom]

Thanks Colin. The message is happening continuously which is why it's so weird. I just can't understand why it's doing this. I have a 75 down 15 up connection with a big pipe at work so speed shouldn't be an issue. TCP/443 is used in order for me to get around some of the protocol and port restrictions within certain locations. Any hints from your experience as googling gives me tons of reasons but nothing specific. Thanks very much.

 

[ColinTaylor]

Thanks Colin. The message is happening continuously which is why it's so weird. I just can't understand why it's doing this. I have a 75 down 15 up connection with a big pipe at work so speed shouldn't be an issue. TCP/443 is used in order for me to get around some of the protocol and port restrictions within certain locations. Any hints from your experience as googling gives me tons of reasons but nothing specific. Thanks very much.

So you're saying that these messages are continuous and only occur whilst the VPN connection is active? My first suspicion would be the client device or the local network the client is connected to, especially if you're going through some sort of proxy server. That should be easy to test, just go to different locations and connect from those. Also, try connecting with different client devices. You should be able determine whether the issue is specific to a client or location. If it's neither it would be time to start looking at the router side.

There's some information about the message and its cause here.

 

[atkinsom]

Thanks very much Colin. Excellent suggestions and the Redhat site is a good start. Somehow I missed that site among the thousand pages I googled. Cheers

 

[phx28777]

I believe I had a similar problem using port 443 with TCP. Changing the port number to the 119x range worked for me.

 

[JarleH]

Is there a easily readable list of what features this firmware have in addition (new/different features) to the Asus firmware?

Edit:
Or is it more or less the same as other Merlin?
https://www.asuswrt-merlin.net/features

 

[sbailey4]

Is there a easily readable list of what features this firmware have in addition (new/different features) to the Asus firmware?

Edit:
Or is it more or less the same as other Merlin?
https://www.asuswrt-merlin.net/features

See the first post in this thread for that info. It is based on Merlin firmware (version 374.43) so same features as that but kept up to date with current versions with security updates and other certain items.

 

[JarleH]

See the first post in this thread for that info. It is based on Merlin firmware (version 374.43) so same features as that but kept up to date with current versions with security updates and other certain items.

Well, I am wondering what is added/removed/fixed compared to the standard Asus firmwave. I do not see that being specified.

 

[slobodan]

Well, I am wondering what is added/removed/fixed compared to the standard Asus firmwave. I do not see that being specified.

Security patches for devices no longer supported by Asus. Other software updates.

 

[jrmwvu04]

Well, I am wondering what is added/removed/fixed compared to the standard Asus firmwave. I do not see that being specified.

It’s 5+ years worth of tweaks both large and small, there’s no granular list. In a nutshell, it’s a base feature set of asuswrt Merlin 374.43, with the majority of asuswrt Merlin fixes thereafter (back ported where they were possible). But he also made little changes here and there at the suggestion of various forum members over the years. As a for instance, the fork allows for customization of afp.conf that I requested. I doubt there’s a comprehensive list, unless you’re willing to read the entirety of this thread (I personally would not be)

 

[mithril]

Is it safe to downgrad 384.13_0 to this ?