1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How a n00b installed Skynet, AB-Solution, pixelserv-tls, and DNSCrypt

Discussion in 'Asuswrt-Merlin' started by JaimeZX, Mar 30, 2018.

  1. JaimeZX

    JaimeZX Regular Contributor

    Mar 10, 2018
    A caveat: I take zero credit for any of this and am documenting it as much for next time I need to set up a router as anything else... but if another n00b shows up trying to figure out exactly where to start, this may be of some help.
    NOTE: Links included where relevant. If much time has passed, the links may be dead. If you are already a regular Linux user then I am certainly going into unnecessary detail. I assume my reader is a Windows user.
    NOTE: In some cases I need to phonetically spell a command out because otherwise this forum will block it. So for example if the command were chk I would type CharlieHotelKilo.

    I will assume that anyone already in here has installed the latest version of Merlin. If not, that would be...

    STEP 1: Install the latest version of Asuswrt-Merlin.

    STEP 2: Lock that $--t down.

    STEP 3: If you don't have one already, locate a suitable SSH terminal program. On the advice of someone here I selected Xshell 5 (free for home use.) Seems to be working okay, YMMV.

    STEP 4: Locate a thumbdrive of at least 1GB.

    STEP 5: Format this thumbdrive in (Linux file system format) ext2 or ext4. Not ext3. The simplest way to do this is to use the unwieldly-titled-but-easy-to-use MiniTool Partition Wizard Free 10.2.3. Simply plug in the thumbdrive into the computer, locate it in MTPWF10.2.3,
    5A) Right-click > Delete (to kill the FAT32 partition)
    5B) Right-click > (New? or Create?) to create a new primary partition. Type should be ext4 or ext2. Name not necessary yet.
    5C) Right-click > Format. Again, choose ext4. Or ext2. Name it something memorable like USBStick or FirewallUSB or YourMom. Whatevs. I'll stick with YourMom from now on.
    5D) In the top-left of MTPWF10.2.3, click the "Apply" button.

    ALTERNATE TECHNIQUE if you're comfortable at a command prompt:
    5i) SSH into the router. The thumbdrive needs to be plugged in but unmounted. In MerlinWRT, you can click the USB symbol at top right, then click "Eject." That'll unmount it, not make it fall out of the router. Haha.
    5ii) Assuming it's the only USB device plugged in, it should be at /dev/sda1. You can type mkfs.ext2 /dev/sda1 -L YourMom. The router SHOULD do its business. But really, the MTPWF10.2.3 technique is much easier. Plus our routers don't seem to be capable of building an ext4 partition, only ext3.
    NOTE: Do your own research on which file system you want to use. Read about journaling and flash media. ext2 is a non-journaling file system. OTOH ext4 is a more efficient file system and you may be able to disable journaling. If you have access to a linux liveCD or other bootable media, try formatting in ext4 using mkfs.ext4 -O ^has_journal /dev/sda1 -L YourMom
    Alternatively, after formatting in ext4, you may be able to remove the journal at the SSH command line using tune2fs -O ^has_journal /dev/sda1
    I have not tried this, however. YMMV.

    STEP 6: Leave YourMom plugged in and reboot the router. The router should then mount YourMom and there will only be one instance of it. [Too many times when I tried to manually mount YourMom I wound up with YourMom and YourMom(1)... which then confused follow-on steps.]

    STEP 7: (EDIT: AB-Solution is now Diversion. I am not going to find-and-replace all instances, please do that in your head. I'll update this link though.) Install Diversion using the script at the top of its thread in this forum.
    NOTE: If any of these installs fail, scroll up in your terminal program to see what the error(s) were. When they fail out they tend to blank the screen and return to the previous menu, but the "blank screen" is just a bunch of blank lines, so you can still scroll back to see what happened.

    STEP 8: Run AMTM using the script at the top of its thread in this forum.

    STEP 9: From the AMTM menu, install Skynet. (Item 5) How big of a cache file you select will depend on how big YourMom is. I am using a 4GB thumbdrive and selected 1GB for the cache size. I have no idea if that's optimal but I wanted to leave room for other stuff.
    * NOTE: If you want to see what Skynet is actually doing you'll need to enable the Debugging Mode option during install. Otherwise you have no idea what's going on when you can't get to a particular website because you can't view the logs.
    * NOTE: Once Skynet starts, if you're in the Merlin WebGUI you'll see the processor usage going bonkers. This lasts for a few minutes. Don't worry about it.

    STEP 10: From the AMTM menu, run [1] AB-Solution. From the AB-Solution menu, type ps to start the Pixelserv-TLS install.
    * NOTE: If this install fails it MAY be due to an issue with Entware. TheLonelyCoder has suggested going into the WebGUI and telling the router to wipe the JFFS partition on reboot, then rebooting, then trying the install again. I would try that first. If the problem persists, you can also (at the command prompt) type: entware-setup.sh which should reinstall it, then repeat step 10.
    * NOTE: Reference the Pixelserv-TLS thread to best understand that software. I used for my Pixelserv IP.
    * NOTE: To extract the certificates, exit out of all menus to the command prompt. Type:
    CharlieDelta /tmp/mnt/YourMom/entware/var/cache/pixelserv [enter]
    LimaSierra -l [enter]

    That will show you ca.crt and ca.key.
    You will need to copy the former to each computer you plan to use on the router. The easiest way is:

    STEP 11a: In the Merlin GUI, go to USB Applications -> Media Services and Servers -> Network Place (Samba) Share. - Enable Share [ON], Enable Guest Login [ON].
    STEP 11b: In Windows Explorer, in the address bar, type \\your router address, like \\192.168.x.1
    That should show you YourMom. Then click in to \\192.168.x.1\YourMom\entware\var\cache\pixelserv
    You will see ca.crt; copy that onto your local machine and distribute it to all relevant devices.

    STEP 12: Install the certificate into your browser(s) of choice. Firefox. Chrome. IE. Android. Safari.

    STEP 13: From the amtm menu, install DNSCrypt. This is pretty straightforward. The only possibly confusing question is "Fastest / b2 / bhalf / random." Next time I set it up I'll choose bhalf, but I think I picked "random" the other day. (It's a question about which DNS server to pick, based on tracking server speeds. Fastest on list / from the top 2 / top half of list/ random from the whole list)

    That's it for installation. Read the threads to understand expected behavior. Monitor for things that don't work correctly so you can see about whitelisting them in AB-Solution or Skynet.

    NOTE: If you've tried this several times and are dying of frustration because it ain't working, try a different thumbdrive.

    EDIT: I have now also installed the YazFi script because I not only wanted my guest networks to have different IP ranges but also give them access to the Pixelserv IP for Pixelserving purposes. The only downside of this is that clients on the guest network will no longer show up in "Network Map" because that only displays clients on the main subnet; Merlin can't change this because it's a closed-source part of the firmware.
    Last edited: Oct 12, 2018
    Karlston, momall, mrbagpipe and 8 others like this.
  2. heysoundude

    heysoundude Senior Member

    Sep 20, 2016
    @RMerlin this needs to be stickied at the top of the forum please.
    aavvaallooss likes this.
  3. JaimeZX

    JaimeZX Regular Contributor

    Mar 10, 2018
    If you don't have the certificate installed in your browsers, then Pixelserv-tls will not give a proper response to ads that send their request via HTTPS. Otherwise it's not a big deal.
    Note: if you have computers on your "Guest" wifi, they will not benefit from the Pixelserv-tls script, so it's irrelevant there.
    HowIFix and Gasutr 45 like this.
  4. JaimeZX

    JaimeZX Regular Contributor

    Mar 10, 2018
    Post 1 edited to add YazFi.
  5. snakebite3

    snakebite3 Senior Member

    Sep 16, 2014
    I want to thank your mom for this write up. Do you know if the Samba Server or FTP will work with ext2 ?
  6. JaimeZX

    JaimeZX Regular Contributor

    Mar 10, 2018
    Happy to help. :) I'm not sure I understand the question though. Are you also thinking of using the extra space on the thumbdrive as a Samba share? I don't see why this would be a problem; ext2 is just an older version of the Linux file system.
  7. punkinduster

    punkinduster Regular Contributor

    Dec 6, 2012
    Nice place to find it all in one location. :)
    Kingp1n and JaimeZX like this.
  8. Kingp1n

    Kingp1n Regular Contributor

    Feb 27, 2018
    Great post...thanks really helped!!!
    JaimeZX and HowIFix like this.