Hi all! & A few initial troubles

as_poco

New Around Here
Router AX86S connected to ISP Modem @Win10 // Asuswrt-Merlin 386.7.2

Hi all, i'm almost a total noob regarding routers, this is my 1st non ISP router, recently bought with an Asus Promo. Discovered Asuswrt-Merlin and a very healthy community around it so thanks all who have been developing the sw and helping the community.

Already flashed latest firmware and followed M&M config; everything seems to be working okay except for a few glitches, that may or may not belong here, please be patient and point the right direction if i'm posting at the wrong place. A few searches didn't bring much enlightenment (up until now) so i decided to ask a few q's here.

- I have Safing Portmaster Firewall and as soon as I enable that firewall service I can't connect to the router page. Even if I disable the service somehow it seems to corrupt something and I already ended reseting the router 3 times. As of now Portamaster is disabled and I have access to the router page. If I enable portmaster all is lost and I end up resetting the router and starting from scratch (reboot does not seem to work). With the previous ISP modem no such thing occurred, the modem page was always reachable with that specific firewall.

- With a VPN service I'm not able to reach the Asus Router Page. If I disconnect the VPN i reach it again without further nuisances. All this seems to point to some DNS corruption but I'm not sure why can't the router page be reached (configured to be reached through https)

- With a VPN I can´t seem to make ookla speedtest page reach a server, thus I can't test each server VPN speeds. I can browse different pages but somewhow that specific service gets lostand It keeps searching for a server forever and never starts the speed test. If I disable the VPN It's doable again but I can only test my ISP and not the servers. In the previous ISP modem I had no such problem, I could always reach the speedtest page and reach a test server with any chosen vpn server. Somehow this part seems this router related.

Any suggestions appreciated.
 

Crimliar

Senior Member
How and where on your network are you running Portmaster? Is the modem set up as a "bridge"?

Regards resetting things, you may just need to turn the connection on and off or just release and renew it, rather than having to start from scratch every time.
 

as_poco

New Around Here
How and where on your network are you running Portmaster? Is the modem set up as a "bridge"?

Regards resetting things, you may just need to turn the connection on and off or just release and renew it, rather than having to start from scratch every time.
Hi Crimliar,
Running Portmaster at startup (inhibited atm) in windows environment (windows firewall also running but does not seem to be the culprit here otherwise I would not have access to the router page). Modem as bridge, yes, on lan port 4 to wan router port.

After closing portmaster I already tried several reset methods on/ff, router off, windows reboot, etc. Sfc /scannow seems to put some system files in order after some mess but I'm a bit sad because I'd like to be able to use portmaster, or similar due to being quite easy to configure (and perhaps break stuff).
 

Crimliar

Senior Member
Okay, so not the problems I was expecting (double/triple NAT, network-wide firewall on a spur, etc), which means no easy answers. Thing is that using filtering DNS servers, diversion, and Skynet or AiProtection, you should be able to achieve similar levels of protection with much lower overhead.
It's also worthwhile remembering that Portmaster is still in Alpha and there's another discussion about the use of monolithic code and the interaction of windows firewall with portmaster.

So maybe another quick question: Rather than how you are trying to achieve things, what are you trying to achieve?
 

as_poco

New Around Here
"what are you trying to achieve?"

Some degree of control of what goes out of the network, to know (possibly block) which application is communicating, etc. All this is probably achievable through the asus router but for a noob the portmaster offers a fast and easy access to establishing dns throughout the system/blocking apps, etc.

I already read about installing some scripts namely skynet, dns filters, as you suggested but it is unknown territory yet.

Another weird thing is I have Pushbullet as a easy way to transfer files/text between lap/android/pc and with this router it refuses to work saying there a "network issue and is unable to connect to server".
 

Crimliar

Senior Member
So is PM (Portmaster) working as a system-wide DNS (and possibly DHCP server), and if so have you set up the router to reflect this?
If PM is working as a DHCP server, you'd need to be running PM 24/7 and have DHCP disabled on the router. Or if it's just as a system-wide DNS server again PM would need to run 24/7 but you'd just point the DNS server addresses at PM (from LAN> DHCP-Server, using the WAN setting may be possible but could cause issues).

As for PushBullet (quick test before posting this), I used to use this all the time, and with a regular set up it still works as well as it ever did. I just moved to using MS Phone Link, and selective use of Google Drive, thanks to the better integration.

*There are ways a device/program can hijack DNS/DHCP on a local network, but they're messy and tend to cause problems (I have a horrible little Fing Box that is never used). I also think you'd be surprised how easy it is to set up Diversion on the router. As for Skynet/AiProtection, for most of us they're overkill, and only end up reporting the unsolicited connection attempts that the router has already blocked! If you can dive into your router WebUI, you might want to take a look at not just the System Log> Connections, but also, in Adaptive QoS> Bandwidth Monitor you can turn on the Apps analysis and then click on devices to get an overview of what they are doing.

**I feel dirty, as if I'm trying to sell you something!
 

as_poco

New Around Here
So is PM (Portmaster) working as a system-wide DNS (and possibly DHCP server), and if so have you set up the router to reflect this?
PM working as system wide DNS, yes. Possibly DHCP too? Unknown. Router setup to reflect this? No.

If PM is working as a DHCP server, you'd need to be running PM 24/7 and have DHCP disabled on the router. Or if it's just as a system-wide DNS server again PM would need to run 24/7 but you'd just point the DNS server addresses at PM (from LAN> DHCP-Server, using the WAN setting may be possible but could cause issues).
1. How to know if PM is working as DHCP sever? Id' prefer DHCP centralized on the router, not disabled.
2. I can see the router performing DNS duties concerned to PM, namely Secure DNS and DNS Filtering. Might have to disable in PM and enable at the router?

As for PushBullet (quick test before posting this), I used to use this all the time, and with a regular set up it still works as well as it ever did. I just moved to using MS Phone Link, and selective use of Google Drive, thanks to the better integration.
My mistake, it was an Ublock rule causing the impediment.


*There are ways a device/program can hijack DNS/DHCP on a local network, but they're messy and tend to cause problems (I have a horrible little Fing Box that is never used). I also think you'd be surprised how easy it is to set up Diversion on the router.
You mentioned Diversion. Easier than advanced Ublock rules? More easily Configurable? With Ublock I can transfer all my rules to all the browsers, but initially Unblock is a PITA. Is Diversion adaptable to Android (is it possible to create rules for specific clients, phone for ex?

As for Skynet/AiProtection, for most of us they're overkill, and only end up reporting the unsolicited connection attempts that the router has already blocked! If you can dive into your router WebUI, you might want to take a look at not just the System Log> Connections, but also, in Adaptive QoS> Bandwidth Monitor you can turn on the Apps analysis and then click on devices to get an overview of what they are doing.

**I feel dirty, as if I'm trying to sell you something!
The bandwidth monitor is useful, though PM seems to give more detailed info about who is communicating to, nevertheless a good tip.

Despite a few tries at PM Rules I can't seem to get to the Asus Router Page (using PM at laptop, desktop with PM disabled). Also why can´t I access router page through VPN? Any explanation?
 

as_poco

New Around Here

Solution to access router page (finally)

1 - Disable Portmaster completely (service/startup, etc)

2 - Reset TCP/IP
1) Open Command Prompt as an administrator.

2) When Command Prompt opens, type netsh winsock reset and hit Enter.
3) Then type netsh int ip reset and hit Enter.
4) restart

Still can't get Portmaster to get to the router page without scrambling the whole network.
 

Crimliar

Senior Member
In normal circumstances, if you are going to use a LAN device as a DNS server, you need to be changing settings on the router to reflect this. If you were to look at the DNS addresses on other devices on your network and they are not either the router, or external to your network, but are the device running PM, then it's likely that PM is spamming the local network telling everything it's the DHCP server. If that's what is happening, then stop using PM, it's a VERY problematic technique.
Personally, no matter what, right now I'd not be using Portmaster (alpha) no matter what it promises, it seems to be the cause of the issues you are seeing!
 

as_poco

New Around Here
In normal circumstances, if you are going to use a LAN device as a DNS server, you need to be changing settings on the router to reflect this. If you were to look at the DNS addresses on other devices on your network and they are not either the router, or external to your network, but are the device running PM, then it's likely that PM is spamming the local network telling everything it's the DHCP server. If that's what is happening, then stop using PM, it's a VERY problematic technique.
Personally, no matter what, right now I'd not be using Portmaster (alpha) no matter what it promises, it seems to be the cause of the issues you are seeing!
Indeed it seems that PM is spamming! Already opened an issue at PM to see if they are interested in following the trouble. Also read some complaints relatively similar to mine.

As I have a spare laptop will try either: to override all the DNS filtering done by PM (they have a Developer Mode that seems to disable it); or, as they also use DoT, use the same servers as the router and assigning the same at LAN. I'll post here if it's successful.

Already assigned DoT DNS servers at WAN. For now, I don't need specific LAN Settings for any device, except maybe for the Android Phone, which despite using Quad does not seem to block a few annoying ads mostly app related. Apparently, after a few tests, all queries are being done through the servers established at the router level (PM off, of course) even if it's not sure if the encryption is working, because according to this page DNS Privacy there may be a few glitches.

On another matter when trying to access the router page through a VPN it happens the same, it's inacessible. Some router definition may be causing this trouble also? I defined the admin page to be acessible by https/wan disabled/restricted to two local ip's. The VPN may also have it's own DNS Servers conflicting with the router's ones, is it also acting as DHCP?

It seems to be possible to introduce the VPN Client data (ovpn, access, etc) directly at the router level, but I'm afraid I make some mistake and disconnect myself out and have to reset everything all over again. Do you use any VPN Client at router level?
 

heysoundude

Part of the Furniture
Indeed it seems that PM is spamming! Already opened an issue at PM to see if they are interested in following the trouble. Also read some complaints relatively similar to mine.

As I have a spare laptop will try either: to override all the DNS filtering done by PM (they have a Developer Mode that seems to disable it); or, as they also use DoT, use the same servers as the router and assigning the same at LAN. I'll post here if it's successful.

Already assigned DoT DNS servers at WAN. For now, I don't need specific LAN Settings for any device, except maybe for the Android Phone, which despite using Quad does not seem to block a few annoying ads mostly app related. Apparently, after a few tests, all queries are being done through the servers established at the router level (PM off, of course) even if it's not sure if the encryption is working, because according to this page DNS Privacy there may be a few glitches.

On another matter when trying to access the router page through a VPN it happens the same, it's inacessible. Some router definition may be causing this trouble also? I defined the admin page to be acessible by https/wan disabled/restricted to two local ip's. The VPN may also have it's own DNS Servers conflicting with the router's ones, is it also acting as DHCP?

It seems to be possible to introduce the VPN Client data (ovpn, access, etc) directly at the router level, but I'm afraid I make some mistake and disconnect myself out and have to reset everything all over again. Do you use any VPN Client at router level?
wow, you're using all the stuff and things, trying to protect your privacy and maintain network security.
Why is none of my business, but have you considered turning everything off and then enabling the things one at a time to resolve the problems as they are introduced?
Also - you probably want to stay away from alpha software. Period. and beta stuff too, probably. until it's been vetted/proven, you may be opening your network up to greater risks than what youre trying to protect it from.
May I suggest you look into WireGuard?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top