Transfer settings from one router to another

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Michael Clifford

Occasional Visitor
I have a spanking new RT-AX86U and wish to transfer the settings from an AC68U to it. The AC68 is running Merlin 384.5 and the new one will (temporarily) run the latest stock firmware.

Screen caps have been taken of all panels of the old but I'm worried about the manual transfer of DHCP reservations and dozens of port forwardings.

Would the NVRAM save/restore utility transfer across the gulf of hardware and stock/Merlin software? I've used it years ago to migrate from different hardware but to merlin software.

Please advise. Thanks in advance.

mjclifford
 

MarkyPancake

Senior Member
I've never used the config utility, but you can manually save your DHCP and Port Forwarding settings to a USB drive via SSH and then upload them via SSH, as these are model agnostic. Might be quicker to do partial manual config and use SSH, than fiddling about with the config utility.
 

eibgrad

Very Senior Member
I've never found these various backup/restore utilities to be all that reliable when migrating across significant hardware/firmware changes. Such a utility needs to be a whole lot smarter than something that does a backup/restore to the same hardware/firmware in order to avoid mistakes. And most developers are NOT willing to make that kind of *ongoing* investment. The cost vs. benefit ratio is just too high.

For this reason, I'm not a fan of loading up the GUI w/ large lists. It's fine and convenient to, for example, define 3 or 4 static leases, but you get to a point where migration will get very difficult, or at least a tedious, error-prone process. When lists become that large, I try to find a way to avoid the GUI.

For example, in the case of static leases, I find it far easier to manage via a separate configuration file that I make available to DNSMasq using the conf-file directive.

You could do the same w/ port forwarding and the firewall script. Esp. if you have *dozens* of them. But frankly, I'd be very concerned about anyone using *any* port forwarding these days (let alone dozens) except for a VPN server. Because port forwarding means you're exposing all these services directly to the internet, and as we've seen all too much lately, doing so can lead to hackers exploiting known vulnerabilities (e.g., RDP). At least a VPN server limits your exposure to *one* port, and one more likely to be far better hardened. In my own case, I'm so paranoid these days, I even have my VPN server on a separate device, which itself is power-managed using an wifi-enabled, AC smartplug so I can keep it OFF by default and only enabled on-demand.

All that said, I realize there are special cases where you can't avoid port forwards. But it's best to avoid them as much as possible.
 

L&LD

Part of the Furniture
You don't really want to do that if you want to see the best the new router can do. :)

I would search for the commands (from RMerlin) to save those DHCP reservations to a human-readable text file.

You can also update your router to at least 384.19_0 to use @Jack Yaz's YazDHCP script too (I'm not sure if you can save/restore those to a new router though).

Download | Asuswrt-Merlin (asuswrt-merlin.net)

YazDHCP - feature expansion of DHCP assignments (increasing limit on the number of DHCP reservations) | SmallNetBuilder Forums (snbforums.com)

Update/Reset Mini Guide

Media Bridge Mode

Reset Mini Guide + Control Channel Setup Details

Control Channel Setup 2021

I've tried to highlight the links in the correct order above (but the last link has the most complete info, in the reverse order of how you would use it, sorry for so many nested links, but it is the best I can do right now).
 

GSpock

Senior Member
.... I even have my VPN server on a separate device, which itself is power-managed using an wifi-enabled, AC smartplug so I can keep it OFF by default and only enabled on-demand.

All that said, I realize there are special cases where you can't avoid port forwards. But it's best to avoid them as much as possible.

Hi,
I am trying to put in place the same but struggling with some access issues. Here is my set-up what I try to achieve:
- main router is 192.168.1.1
- second router gets WAN IP from main as 192.168.1.98
- second router has LAN IP 192.168.98.1

I want that any devices on 192.168.1.x has access to any devices on 192.168.98.x but also vice-versa.
From another post, if I issue on second router the following: iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT then I can access 192.168.1.x from a PC connected to second router.
But I still cannot access 192.168.98.x devices from 192.168.1.x devices ....

In addition, the second router seems to have issues in synchronizing date/time

any ideas/hints ?
thanks,
GS
 

eibgrad

Very Senior Member
Hi,
I am trying to put in place the same but struggling with some access issues. Here is my set-up what I try to achieve:
- main router is 192.168.1.1
- second router gets WAN IP from main as 192.168.1.98
- second router has LAN IP 192.168.98.1

I want that any devices on 192.168.1.x has access to any devices on 192.168.98.x but also vice-versa.
From another post, if I issue on second router the following: iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT then I can access 192.168.1.x from a PC connected to second router.
But I still cannot access 192.168.98.x devices from 192.168.1.x devices ....

In addition, the second router seems to have issues in synchronizing date/time

any ideas/hints ?
thanks,
GS

Is the issue here just gaining access in general between the two router's local networks, or specifically supporting OpenVPN server on its own router?
 

GSpock

Senior Member
Is the issue here just gaining access in general between the two router's local networks, or specifically supporting OpenVPN server on its own router?

Hi,
there are 2 issues (probably linked):
1) I cannot access any second router devices (192.168.98.x) from my PC on the "main" network (192.168.1.13).
I have more details here, and many thanks already @Martineau for his patience:

2) on second router, no way to sync. time with ntp server

Thanks,
GS

PS: After this is solved, I will tackle accessing via OpenVPN Server on second router (I guess I will have to define one port fwd from main to second)
 

eibgrad

Very Senior Member
Hi,
there are 2 issues (probably linked):
1) I cannot access any second router devices (192.168.98.x) from my PC on the "main" network (192.168.1.13).
I have more details here, and many thanks already @Martineau for his patience:

2) on second router, no way to sync. time with ntp server

Thanks,
GS

PS: After this is solved, I will tackle accessing via OpenVPN Server on second router (I guess I will have to define one port fwd from main to second)

Did you add a static route to the primary router that points to the WAN ip of the second router as the gateway to the network behind the second router? Without that, the primary network doesn't know how to find the second router's network.
 

eibgrad

Very Senior Member
PS: After this is solved, I will tackle accessing via OpenVPN Server on second router (I guess I will have to define one port fwd from main to second)

Well if ultimately that's the goal of this setup. let it be known that *I* haven't configured my second router in a WAN to LAN config, but LAN to LAN. And you may want to do the same, making all these other issues moot. That's why I wanted a clarification about whether this is or isn't related to OpenVPN server.
 

GSpock

Senior Member
Did you add a static route to the primary router that points to the WAN ip of the second router as the gateway to the network behind the second router? Without that, the primary network doesn't know how to find the second router's network.

Thanks. No, I did not do that and I think I should better restart from scratch and follow all the necessary steps to have this work, making sure to only have what is really needed. This is where I would need further help because I must admit all those ip rules are a bit complicated to me.

So, here are the steps I see so far:
1) static route on main router ==> 192.168.98.0 / 255.255.255.0 / 192.168.1.98 / LAN ?
2) do I need iptables to be defined on main router besides that ?
3) do I need iptables to be defined on second router ?
4) why is this ntp not working on second router ?

thanks,
GS
 

ColinTaylor

Part of the Furniture
@GSpock Can you not cross-post the same problem into different threads please. It makes it difficult to follow and wastes the time of the people that are trying to help you. Thanks.
 

GSpock

Senior Member
Well if ultimately that's the goal of this setup. let it be known that *I* haven't configured my second router in a WAN to LAN config, but LAN to LAN. And you may want to do the same, making all these other issues moot. That's why I wanted a clarification about whether this is or isn't related to OpenVPN server.

Where I am also bit confused than, in your set-up (LAN to LAN) does it mean your second router is part of the same subnet as your main router ? Would this not create routing issues ? Have you then disable DHCP on second router and if yes, what happens to devices connected to it (via LAN port or Wifi) ?
 

eibgrad

Very Senior Member
Thanks. No, I did not do that and I think I should better restart from scratch and follow all the necessary steps to have this work, making sure to only have what is really needed. This is where I would need further help because I must admit all those ip rules are a bit complicated to me.
So, here are the steps I see so far:
1) static route on main router ==> 192.168.98.0 / 255.255.255.0 / 192.168.1.98 / LAN ?
2) do I need iptables to be defined on main router besides that ?
3) do I need iptables to be defined on second router ?
4) why is this ntp not working on second router ?

thanks,
GS

1) Yes
2) No
3) Yes, to allow access by the private network into the second router's network over its WAN.
4) If you mean as a client and it's not updating the time for some reason, I'm not sure. If it's configured as a router, I see no reason it shouldn't work without further changes.
 

eibgrad

Very Senior Member
Where I am also bit confused than, in your set-up (LAN to LAN) does it mean your second router is part of the same subnet as your main router ? Would this not create routing issues ? Have you then disable DHCP on second router and if yes, what happens to devices connected to it (via LAN port or Wifi) ?

Yes, the second router is just another LAN device on the same network as every other device on the private network. And yes, I had to disable its DHCP server. It does NOT create routing issues since it is just bridged to the private network. In fact, the WAN is disabled. It's essentially configured in AP mode. And like anything in AP mode, wired and wireless clients are configured by the private network and its DHCP server.
 

eibgrad

Very Senior Member
Btw, I'm using an FT (FreshTomato) router to support my OpenVPN server. Fortunately FT binds OpenVPN server to *all* network interfaces, making it possible to access it either in a routed (WAN to LAN) or bridged (LAN to LAN) configuration. But that may NOT be true of all firmwares (and I'm not sure about Merlin). If the firmware is *only* bound to the WAN, then you're forced to use a WAN to LAN configuration, which complicates things a bit if for some reason you need access to the network behind that same router (why you would even care about that network if the only intent is to make the OpenVPN server accessible to the private network is unclear).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top