RT-AC3200 upgraded to NG (384.6) Apple Devices do not work properly in dual wan lb setup anymore.

[Astuni]

Hello there,
i was sitting on 380.69 since many months as of now so i've recently decided to flash newer version, mainly for security purposes.

My network spans across 2 isps so i have dual wan setup to load balance traffic and i had some custom rules (made with the help of this awesome community) to route some specific traffic through a specific wan, however i believe that this is not my actual source of problems.

The problem i am facing now is that all the apple devices have erratic issues with internet browsing, for example, if i open the apple app store on my phone, it simply does't connect unless i refresh multiple times, then when it does it does it for some time then wont work once again, that led me to believe it's something related to dual wan balancing.

The only way i have found while tinkering with the router config to make it work consistently is to actually force the routing of the apple devices ip addresses through a single wan. If i leave them open to load balancing they won't work consistently.

My dual wan are setup differently, one is ppoe connection throught the modem, the other one has dhcp so it gets a private ip from the isp modem.

What i can tell you is that on the previous version (380.69) of merlin the dual wan setup was working properly for the apple devices, without forcing any devices through a specific wan.

Anyone else had these kind of issues on NG firmwares?

Thanks for your help!

 

[ApexRon]

I am going to take a leap here, if you haven't already, use a common DNS server for both ISP connections. Google DNS or OpenDNS. Don't use the DNS from your ISP.

 

[st3v3n]

Astuni, Have had up to 11 tablets and phones routed through our AC3200, all quick and happy through our OPVN. Sat on v380.xx for months, then since there were no major issues revealed and security is paramount we upgraded to v384.6, still have no issues. The VPN providers we use have their own private DNS that's coded into the config, no lag, no issues and no logging. We've tried the public DNS such as google, Quad9 and Cloud Flare, but we get the best speed, privacy and security running the devices through OPVN, and keep Trend Micro running as well. Quite interesting when you see all the Asian hackers hammering away at the ISP's servers but none yet have ever made it into our Lan (that we know of). Don't know how much distance in length/width/height you have to deal with, but if you haven't yet gone to a VPN solution from a provider that offers their own private 'smart' DNS, it can make a difference. We'd no more run devices over the ISP's serverw/DNS than jog nude during rush hour. Apple does a better job than anyone on keeping the device encrypted, but unless the data/apps you use are protected by a VPN, it can be very revealing. Some ideas, hope it helps. Merry Christmas.

 

[ApexRon]

Another thing you could try is to configure a Apple device to use Google DNS or OpenDNS. I have done this on my mobile devices and it works great at home or on the road. Of course on the road I use a VPN connection, always.

 

[Astuni]

I am almost 100% sure it's not a dns issue, i have google dns set at router level for both wan's and even if i set them locally it doesn't make any difference.

The only setting that makes my apple devices browse the app store or whatever other network activity flawlessly is by setting their ip address to route through a single wan in the dual wan page.
If i let them free to be load balanced by the router they go bonkers.

It wasn't happening on 380.69. So i guess something in dual wan code changed in between that causes this.

 

[ApexRon]

Since you have Apple products, perhaps one of them is a Mac. If so, if you're willing and able, and the Mac is experiencing the same issue, I would recommend installing Wireshark, a network trace utility which will detail at the packet level.

One thing that is unclear to me. Do the Apple devices have an issue with web browsing using Safari? If so and if you have a Mac, perhaps you could run a traceroute using the terminal app.

 

[Astuni]

I just have 5 apple mobile devices and an apple tv, everything else is on windows, which doesn't seem to have this issue at all.

Issues are widespread across each single iOS app that makes use of the network, so it includes safari, all the stores, whatsapp facebook and whatever, it works, then it won't then it works again and on and on. It's worth to mention it never drops wifi.

As soon as i stick those devices to a specific wan (either wan 0 or 1 doesnt matter) through routing rules in the dual wan page they work consistently.

 

[ApexRon]

I just installed an app on my iPad called iNetTools with which I was able to traceroute to apple.com . If could do the same, run traceroute to Apple.com several times to make certain that it is using both WAN.

As soon as i stick those devices to a specific wan through routing rules in the dual wan page they work consistently.

Have you tried to do this for each WAN?

everything else is on windows, which doesn't seem to have this issue at all.

Please try using iTunes on your Windows platform and advise of results.

 

[st3v3n]

Astuni, If the devices worked well through DHCP and assigning each one to an IP for assignment to (whichever) WAN / private IP on your ISP's servers (before and now) that's as close to an OVPN tunnel as one can get these days, dependent on the ISP's DNS. Have a hunch it's not a defect or bug in the newer FW, it's running quite well here. Have you asked your ISP (tier II or III) support what they think, perhaps they might shed some light on the situation? After all, if it worked before on the same router, and you have it routed the same way, they 'might' be full of holiday spirit and help. Most techs are aware that Merlin's work is good. We're running NG on both of our routers, same basic configurations that we've always used, Apple iPads up to and including iPad Pro, no slow downs. Good luck.

 

[Astuni]

THIS:
https://thomascoward.co.uk/networks/asus-dual-wan-issue-solutions-webpages-assets-failing-load/
Also this:
https://github.com/RMerl/asuswrt-merlin.ng/issues/124

This is my exact situation.
Everything was working fine on 380.69 and then on NG it's a mess. I find myself to have applied basically the same workarounds the guy did in his case, still i would like to know if anyone of the devs here have some kind of clue of what could be the root cause, and if it will ever have a fix.

Also, is it possible to downgrade back to 380.70 from NG?

 

[Sanna1967]

Also, is it possible to downgrade back to 380.70 from NG?

If the normal way by the UI does not work, then maybe with this :
https://www.asus.com/support/FAQ/1000814/