Soft-bricked AC3200?

[ipkpjersi]

Hi everyone,

I attempted to install amtm, entware, netdata, and connmon and through the process it seems like my AC3200 router is somehow soft bricked. It no longer functions as a router. My AC3200 currently has Merlin 384.12 installed.

I installed amtm via:
curl -Os https://diversion.ch/amtm/install && sh install

I then ran amtm, ran "fd" (format disk) on a USB drive I had attached, then I installed entware with "ep" I believe. After that, I installed connmon with "j1" and then I installed netdata with "opkg update" and "opkg install netdata". I had to manually create some netdata directories (the "netdata" command kept failing because it said directories didn't exist) on my AC3200 just like I had to for my AC68U, I then created a firewall-start and allowed connections from * for netdata as I did in here for testing: https://www.snbforums.com/threads/netdata-portforwarding-on-ac68u.57551/#post-504292

However, now my router no longer functions as a router. LAN IP addresses are still assigned via LAN DHCP, however, traceroute to google or any other website or WAN IP fails, and ping does not work either. It is not just Ethernet that does not produce an Internet connection, my phone connected via WiFi does not work either. However, on the router itself, I can ping any WAN IP or WAN website like google.com and it works just fine.

I am attaching an image of the dead traceroute (I believe the router hostname used to be router.asus.com but is now _gateway) as well as a successful traceroute from the router and an image of the JFFS scripts folder (I also tried removing the firewall-start script, it's still not working) and I believe a list of all iptables rules. In addition to removing the firewall-start script, I also unplugged the USB but it is not helping.

I can:
access the router via LAN SSH.
access the router with all buttons physically.
I cannot:
ping or traceroute any WAN IP when connected to the router.
access the web GUI of the router.

I would appreciate any help or advice or things to try, and if it's not against the forum rules, I am willing to pay someone to help me with this if I can get my router working again (and preferably all set up with the software mentioned in my first post like it works on my AC68U).

 

[ColinTaylor]

Turn off the "Enable WAN down browser redirect notice" option in the router's GUI (Administration > System) and test again.

 

[ipkpjersi]

Turn off the "Enable WAN down browser redirect notice" option in the router's GUI (Administration > System) and test again.

Sorry, I forgot to mention, I cannot access the router's GUI - I can only access the router via SSH or physically (8 hours from now when the work day is over and I will have many hours after work to troubleshoot more), that's why I think it's soft-bricked. Is there a way to do this via SSH?

 

[ColinTaylor]

Try:

nvram set web_redirect="0"
nvram commit
service reboot

 

[ipkpjersi]

Try:

nvram set web_redirect="0"
nvram commit
service reboot

Still no luck, I can ping google via the router itself but I cannot ping google via any LAN connected devices.

Just in case I need to, how do I perform a factory reset of the AC3200 (preferably with an option for how to do so via command line/SSH versus how to do so physically), and if I perform a factory reset it doesn't remove my Merlin firmware does it? Merlin has been great for me for the past couple of years other than this weird issue I'm experiencing.

 

[ColinTaylor]

For some reason the router thinks it's WAN interface is not connected to the internet. What do you get if you do your traceroute from the PC now? Is it still trying to go to 10.0.0.1?

The best way IMHO to reset the router is to press and hold the Reset button for 5 seconds while the router is running. From the command line you could try "nvram erase && reboot".

A reset doesn't change the firmware, it just resets the nvram variables to their default values.

 

[ipkpjersi]

For some reason the router thinks it's WAN interface is not connected to the internet. What do you get if you do your traceroute from the PC now? Is it still trying to go to 10.0.0.1?

The best way IMHO to reset the router is to press and hold the Reset button for 5 seconds while the router is running. From the command line you could try "nvram erase && reboot".

A reset doesn't change the firmware, it just resets the nvram variables to their default values.

Thank you for that information, that's really good to know.

Yes, it is still trying to go to 10.0.0.1. Only the first hop works, it's 1-4ms to 192.168.1.1.

I did nvram show | grep 10.0 but I could not find any configuration values with networks with that subnet.

I have verified that web_redirect is 0 with nvram show | grep web displaying web_redirect=0

Any other idea for any other things I can check?

 

[ColinTaylor]

Any other idea for any other things I can check?

Don't waste any more time. Just do a factory reset and set it up again from scratch. This time make sure everything is working (even after a reboot) after each piece of third-party software is installed.

 

[Jack Yaz]

That dns filter rule looks suspect

 

[ColinTaylor]

That dns filter rule looks suspect

All the rules are wrong. That's because it thinks there is no internet connection so it is redirecting all web traffic to its own error page.

 

[ipkpjersi]

All the rules are wrong. That's because it thinks there is no internet connection so it is redirecting all web traffic to its own error page.

I'm still going to do a factory reset when I get home (I might have had the same config since like 2017 or 2018, in all honesty, shame on me for being so damn lazy) but the error page I get in my web browser is not one generated by the router, it's the generic error page "This site can't be reached" or something similar. Also I should still be able to access the default gateway/router web UI if I can ping the default gateway (even without a WAN/Internet connection), right?

Edit: so I did the factory reset, I can now access my web UI via https on both Chrome and Firefox instead of only Firefox, I am now getting my full 500 down (600 down thanks to overprovisioning) instead of only 300 down, and all of the software installed including netdata, connmon, etc is all working perfectly. I am not sure why this required a factory reset, but I am glad it did because everything is now working better than before.