ROG Rapture GT-AC5300 (Owners)

[OzarkEdge]

A better question though is should we really have to be doing this at all? We paid a top price for these routers.

Yes... that's the product deal... no amount of online complaining will change that.

I don't consider the price that premium for consumer routers. I do consider the power user flavors like gaming routers to not be worth the cost. They seem to have more quirks and less uptake and hence less support in the long run.

In your situation where your business depends on your IT infrastructure, you might consider affording warm spares to minimize your down time and to allow you to service key equipment offline without disabling your entire operation. I understand that's not an attractive cost and has to be weighed against the cost of being dead in the water at the worst possible time. You probably would not go with top price gaming routers with this approach.

Regardless, you'd still want to document your router settings.

OE

 

[pod3545]

Yes... that's the product deal... no amount of online complaining will change that.

I don't consider the price that premium for consumer routers. I do consider the power user flavors like gaming routers to not be worth the cost. They seem to have more quirks and less uptake and hence less support in the long run.

In your situation where your business depends on your IT infrastructure, you might consider affording warm spares to minimize your down time and to allow you to service key equipment offline without disabling your entire operation. I understand that's not an attractive cost and has to be weighed against the cost of being dead in the water at the worst possible time. You probably would not go with top price gaming routers with this approach.

Regardless, you'd still want to document your router settings.

OE

I can agree with it. My logic when buying this was that I wanted the one that had the most cores, most memory and what I thought would be the strongest, most robust router. It still kind of dumbfounds me that the most powerful router they offer is aimed at gaming with all this paint and lipstick on the interface. It seems to me like they'd be more interested in making the hardware work really well before building it up over nothing and cluttering the interface. lol

 

[Rolo]

I did not presume anything.

You could give your servers static IPs.

Except that when I connect my wireless camera, for example, with a static IP to a network on a completely different subnet, I'm screwed. It's why I stopped using static IPs.

Again, you presume that I haven't thought of these things or have a sound basis for my configuration.

And frankly, if your equipment can't stay networked without you looking at it, you should consider getting different equipment... router, IoT devices, whatever it takes.... smarter instead of harder.
OE

Welcome to what I already said days ago and it's the router, not all 30 devices attached to it...or everyone else's devices having these same problems with their GT-AC5300

I don't see how replacing everything else in the house is "smarter" and not "harder"

You asked me a question and I answered it. Bickering about it isn't going to change anything--it's OK to not agree on stuff or have different preferences...not the end of the world...

 

[Rolo]

Yes... that's the product deal... no amount of online complaining will change that.

Probably mostly true but it has gotten results from Asus devs in the past

I'm looking more toward the future when they wonder "why are our sales dropping in a growing market", these things may come to mind

Also, I look for stuff like this before buying a product, so I'm paying it forward, I suppose.

Finally, catharsis...

 

[OzarkEdge]

You asked me a question and I answered it. Bickering about it isn't going to change anything--it's OK to not agree on stuff or have different preferences...not the end of the world...

Actually, I never asked you any questions. I'm only entertaining the points you raised to me... just kicking it around with you, not bickering.

OE

 

[dwadj]

New version 3.0.0.4.384.45708 was posted, but Asus pulled it again.
But you can still find it for the Chinese version here: https://dlsvr04.asus.com/pub/ASUS/wireless/GT-AC5300/FW_GT_AC5300_300438445708_CNonly.zip

 

[cyberlipe]

hi...
I saw it being posted online on asus US, did not download it, and then it got pulled..
have anyone tried it?
tks

 

[RMerlin]

45708 has VLAN-related issues. I recommend you wait for the next release.

 

[cyberlipe]

Hi
In the particular case of this router and the very bad experience with all sorts of random bugs in previous firmware, if that was the only bug In this version for this router, this would be a immense improvement!

But I suspect that in this router specifically there might be more issues than that...

 

[Toad004]

My GT-AC5300 hates Amazon for some reason.
No, really. It will refuse DNS requests to Amazon domains. That applies to all my devices (and browsers), which is rather egregious on a kindle, hahaha.

It doesn't matter what the DNS is set to in the router itself. ISP, 1.1.1.1, 8.8.8.8, all same result.
If I manually enter the DNSes into the devices directly it will work just fine. But this is impractical to manually do that on so many devices and in some cases impossible (the aforementioned kindle doesn't appear to have a way to manually set DNS).

And yes, it seems to be exclusive to amazon, including amazon payments, mturk, etc.. No other website or domain appears to be blocked.

Edit: Turning off VPN Fusion fixes it. That's a problem since VPN Fusion is the reason I bought this thing...

Edit 2: Ok, I fixed it.
The problem is that VPN Fusion will force all devices to connect using the VPN DNS - regardless of what the router's DNS settings are, even devices that are supposed to not use the VPN. Devices outside the tunnel will use the ISP IP address but the VPN DNS resolver.

The fix was to manually assign DNS (but only DNS - the router's IP assignment works just fine) to ONLY devices that were meant to be outside the tunnel since device-end settings override whatever the router says. It was a lot easier to assign 5 or 6 devices manually then all 23.

As for why this broke Amazon and seemingly nothing else? ...I still don't know.
Devices fully in the VPN tunnel can connect to Amazon just fine...

 

[Jerie-]

Hey Toad004.

I had a similar problem with my GT as well when using NordVPN (on all devices), which NordVPN has acknowledge the problem but has yet to release a fix other than recommending the use of their VPN software. Amazon would load very slowly or constantly time out with some error about "unable to establish secure connection". When I’m able to logon to Amazon or some other sites, their services would always challenge my authentication with additional verification methods constantly. I think this was done purposely by Amazon and other sites due to abuse from NordVPN users.

Early on I was able to fix this by using a 3rd Party DNS (Google, Cloudflare, Norton, etc.) other than my VPNs. But ever since Asus released firmware post GT-AC5300_3.0.0.4_384_45149-g467037b mid last year, even using 3rd Party DNS did not help. After many attempts than, my only solution was to abandon my GT or manually setup DNS for all devices using VPN. Currently using pfSense and Ubiquiti AP and haven't looked back. My Brother-in-law got himself a GT this Xmas and had the exact problems I had with his VPN. Anyways, long story short, to fix his problem, we disabled DHCP server on the GT and ran the DHCP on his Pi-hole server (Raspberry Pi 3B+) that he was using as a network ad-blocker. That seems to fix the issue. It's been months and no issues since. So, pick your solution and hope it helps. Good luck!

 

[Toad004]

Hey Toad004.

I had a similar problem with my GT as well when using NordVPN (on all devices), which NordVPN has acknowledge the problem but has yet to release a fix other than recommending the use of their VPN software. Amazon would load very slowly or constantly time out with some error about "unable to establish secure connection". When I’m able to logon to Amazon or some other sites, their services would always challenge my authentication with additional verification methods constantly. I think this was done purposely by Amazon and other sites due to abuse from NordVPN users.

Early on I was able to fix this by using a 3rd Party DNS (Google, Cloudflare, Norton, etc.) other than my VPNs. But ever since Asus released firmware post GT-AC5300_3.0.0.4_384_45149-g467037b mid last year, even using 3rd Party DNS did not help. After many attempts than, my only solution was to abandon my GT or manually setup DNS for all devices using VPN. Currently using pfSense and Ubiquiti AP and haven't looked back. My Brother-in-law got himself a GT this Xmas and had the exact problems I had with his VPN. Anyways, long story short, to fix his problem, we disabled DHCP server on the GT and ran the DHCP on his Pi-hole server (Raspberry Pi 3B+) that he was using as a network ad-blocker. That seems to fix the issue. It's been months and no issues since. So, pick your solution and hope it helps. Good luck!

Thank you. I actually use PIA, but yeah I had similar issues. My amazon wouldn't load at all though - I got a time out error.

I remember have the opposite problem with the VPN - that is, devices that SHOULD use the VPN's DNS were using whatever was set in the router instead (or the ISPs if blank). I'm betting what that firmware update did was simply reverse it. I guess that's a net improvement (since the router does indeed hide the DNS like this - it didn't used to before the update). Of course, what it SHOULD do is VPN those in the tunnel and use whatever the settings are otherwise.

I'm curious about how disabling DHCP effects VPN fusion - do VPN tunneled devices still use the VPN DNS or whatever the DNS settings are on the other device? Too bad I just threw out my old N66 a month ago, or I would dust it off and test.

 

[Jerie-]

Thank you. I actually use PIA, but yeah I had similar issues. My amazon wouldn't load at all though - I got a time out error.

I remember have the opposite problem with the VPN - that is, devices that SHOULD use the VPN's DNS were using whatever was set in the router instead (or the ISPs if blank). I'm betting what that firmware update did was simply reverse it. I guess that's a net improvement (since the router does indeed hide the DNS like this - it didn't used to before the update). Of course, what it SHOULD do is VPN those in the tunnel and use whatever the settings are otherwise.

I'm curious about how disabling DHCP effects VPN fusion - do VPN tunneled devices still use the VPN DNS or whatever the DNS settings are on the other device? Too bad I just threw out my old N66 a month ago, or I would dust it off and test.

I was originally worried about that when I had my GT that's why I decided on selling it and replacing it with pfSense last fall. Besides, my GT had been RMA'ed and still same problem and still random reboots with the NEW replacement. Modifying the ovpn and adding "dhcp-option DNS x.x.x.x" didn't completely solve the problem. In my Brother-in-law's case, we took a chance and perhaps Asus firmware did get more stable aside from the force VPN DNS use. Anyways, all functions that he uses was intact even with disabling DHCP server on the GT. Parental Blocking, AiProtection, and VPN Fusion still functions. By default, all his devices, including DNS, go through his VPN tunnel and only use local DNS specified in pi-hole DHCP. Only a few that require local IP to function (Ruku, ShieldTV, etc.) was routed outside the VPN tunnel. And best of all, no DNS leaks and Amazon works. Hope that helps.

Edit: I should add that Pi-hole is using Unbound DNS to resolve DNS and not 3rd party (Google, Cloudflare, etc.). See pi-hole site for info if needed.

 

[Vicente Damiani]

New firmware available

 

[Traveler2100]

New firmware available

Does not appear to have fixed the two issues I was hoping would change, the loss of 5.2 band due to dedicated 5.2 backhaul and the VPN DNS issue that seems to be a problem for many. I am disappointed that after all of the online discussion, Asus doesn't seem interested in fixing these issues. I have used Asus routers for years with custom firmware but the GT and AImesh keeps me on ASUSWRT lately. If I had anticipated the issues and lack of responsiveness, I would have run pfsense or something else. The hardware is excellent but I really wish they would release a non gaming firmware with more flexibility. I guess there is little or no business upside to do so.

 

[L&LD]

Does not appear to have fixed the two issues I was hoping would change, the loss of 5.2 band due to dedicated 5.2 backhaul and the VPN DNS issue that seems to be a problem for many. I am disappointed that after all of the online discussion, Asus doesn't seem interested in fixing these issues. I have used Asus routers for years with custom firmware but the GT and AImesh keeps me on ASUSWRT lately. If I had anticipated the issues and lack of responsiveness, I would have run pfsense or something else. The hardware is excellent but I really wish they would release a non gaming firmware with more flexibility. I guess there is little or no business upside to do so.

Is this observation after doing a full reset to factory defaults and a minimal and manual configuration afterward (and not using a saved config file)?

If not, please do a full M&M Config (see signature below) to really confirm that the new firmware doesn't fix these two issues.

 

[Rolo]

Does not appear to have fixed the two issues I was hoping would change, the loss of 5.2 band due to dedicated 5.2 backhaul and the VPN DNS issue that seems to be a problem for many. I am disappointed that after all of the online discussion, Asus doesn't seem interested in fixing these issues. I have used Asus routers for years with custom firmware but the GT and AImesh keeps me on ASUSWRT lately. If I had anticipated the issues and lack of responsiveness, I would have run pfsense or something else. The hardware is excellent but I really wish they would release a non gaming firmware with more flexibility. I guess there is little or no business upside to do so.

Did you use the feedback tool? I've gotten responses a couple of times from Asus with it on major issues.

 

[Traveler2100]

Did you use the feedback tool? I've gotten responses a couple of times from Asus with it on major issues.

Thanks for the Advice L&LD and Rolo. I did not do a factory reset as I do not see a need since there is no mention of changes in these areas in the changelog and the router is heavily used and configured. As for the feedback tool, I don't see these 2 items as faults in as much as they are policy decisions by Asus. The 5.2 band was dedicated to backhaul on the firmware change before this latest and the forums are filled with complaints from users like me that have a wired backhaul. The VPN DNS issue was changed a few firmware releases before that. Both changes are likely to eliminate tech support issues from inexperienced users and the associated problems it causes are likely only noticed by a handful of heavier users. BTW both changes showed up in firmware upgrades without a factory reset. The two issues I am concerned about are:

- 5.2 band dedicated as a backhaul to AIMesh routers. I have only dual band AIMesh nodes and both are wired backhaul. The 5.2 band on the GT is now labeled as dedicated backhaul and not available to SmartConnect. There is enough flexibility in the settings to broadcast a separate 5.2 SSID but not within Smartconnect. I am sure this eliminated some connection and stability issues for those with wireless backhaul but cost the rest of us a band. There should be an option to select dedicated backhaul or not.

- The VPN issue is similar. All traffic on the router is routed to the first VPN DNS. Originally all traffic was routed to the WAN configured DNS which caused DNS leaks on VPN clients. The change fixes the leaks that users experienced but for someone that uses the ability to route client specific traffic thru different paths, it renders the entire VPN Fusion option useless. I can't route smart TV (and other) traffic through a VPN or even a VPN DNS since it blocks some features like Amazon Prime, Netflix and others. Consequently I can't use a VPN at all on the router. Also if any client uses a router configured VPN, my manual DNS family filter is bypassed for all clients. Again, this is a widely known issue and another one that is probably not worth the time for the Asus team to set up correctly as it only affects a small number of heavy users.

This is why we need Merlin or other custom firmware on the GT. If I had realized that custom firmware will never happen on this router, I would have done something different. I might still.

Traveler

 

[L&LD]

Thanks for the Advice L&LD and Rolo. I did not do a factory reset as I do not see a need since there is no mention of changes in these areas in the changelog and the router is heavily used and configured. As for the feedback tool, I don't see these 2 items as faults in as much as they are policy decisions by Asus. The 5.2 band was dedicated to backhaul on the firmware change before this latest and the forums are filled with complaints from users like me that have a wired backhaul. The VPN DNS issue was changed a few firmware releases before that. Both changes are likely to eliminate tech support issues from inexperienced users and the associated problems it causes are likely only noticed by a handful of heavier users. BTW both changes showed up in firmware upgrades without a factory reset. The two issues I am concerned about are:

- 5.2 band dedicated as a backhaul to AIMesh routers. I have only dual band AIMesh nodes and both are wired backhaul. The 5.2 band on the GT is now labeled as dedicated backhaul and not available to SmartConnect. There is enough flexibility in the settings to broadcast a separate 5.2 SSID but not within Smartconnect. I am sure this eliminated some connection and stability issues for those with wireless backhaul but cost the rest of us a band. There should be an option to select dedicated backhaul or not.

- The VPN issue is similar. All traffic on the router is routed to the first VPN DNS. Originally all traffic was routed to the WAN configured DNS which caused DNS leaks on VPN clients. The change fixes the leaks that users experienced but for someone that uses the ability to route client specific traffic thru different paths, it renders the entire VPN Fusion option useless. I can't route smart TV (and other) traffic through a VPN or even a VPN DNS since it blocks some features like Amazon Prime, Netflix and others. Consequently I can't use a VPN at all on the router. Also if any client uses a router configured VPN, my manual DNS family filter is bypassed for all clients. Again, this is a widely known issue and another one that is probably not worth the time for the Asus team to set up correctly as it only affects a small number of heavy users.

This is why we need Merlin or other custom firmware on the GT. If I had realized that custom firmware will never happen on this router, I would have done something different. I might still.

Traveler

I can't say for certain that doing a full M&M Config will change any behavior for the better here, but relying on what the changelog states before doing a full reset is also not how things actually work either. There are many examples where bigger changes are made with no specific mention by 'official' sources. Yet, the benefits were there.

The very reason that the 'router is heavily used and configured' would be my reason to want the router in a good/known state as possible.

That would include possibly forgetting about past customizations as being 'automatically' applied to the freshly reset router and trying to feel out the new possibilities and settings that the latest firmware brings in terms of performance and stability too. At the very least, I would be testing at bare defaults to see what happens when changing the options (one by one, testing continuously) does to the network experience.

 

[NSNE]

As I posted in the firmware update thread: I can confirm that, even with the current firmware, the 5GHz #2 radio is lost to dedicated backhaul on an AiMesh setup on a fresh, straight-out-of-the-box GT-AC5300.