There is already Asus-Merlin Alpha 3006.102.4 firmware for the GT-AX6000.it looks like I won't be able to flash Asuswrt-Merlin, at least not until that gets onto the 3006 codebase.
In this single case, the ISP was knocked offline in the latest round of cyber attacks, and when their network failed, both killswitches in our Merlin/Asus OPVN clients worked instantly. Nothing apparently got through, however what I took to be the 'stock' Asus agreement began popping up the instant I logged into the router and on every single tab in the interface, demanding 'OK' be clicked. I couldn't track anything in the log where it came from or if ticking the OK (that I had read, not accepted, any Asus agreement, so since couldn't block it, it was just so out of the ordinary I instantly pulled the router out of service for testing.Thank you for your thoughts @bennor. Re-flashing and restoring a previous known good config & JFFS restored normal operation. I agree that h/w failure can cause Wi-Fi issues, but I think in my case this can be ruled out because replacing the 1s and 0s fixed it.
@st3v3n different issue resulting from change to ASUS privacy policy. There are many posts on that irritating feature, and there is a browser script blocking work-around given by @Yota that I found useful: https://www.snbforums.com/threads/a...ilable-for-ac-models.91060/page-9#post-928691 The present issue affects guest network clients.
Stock 3.0.0.4.386_51733 would be my next port of call if this happens again (which I'm expecting it will eventually).
It would be great to know if 386.14_2 already has the security improvements of 3.0.0.4.386_51733 (I suspect it does not), but I think if we asked @RMerlin he would probably say (as he has said before) that the info provided by ASUS is insufficient to answer this.
Is that correct?
Am slowly testing/working forward from Merlin v386.10, to v386. 12, to v386.14
Might it be an unexpected manifestation of this issue: https://www.snbforums.com/threads/r...when-access-intranet-is-set-to-disable.90551/ ?.. similar (if not identical to) the random failure of the original guest network that had been running fine for months. Did LG, iOS and Android recently update to enforce using some newer more secure 'wireless stuff' that is not supported by the EOL 386 firmware ? (reaching here, but could there be rational alternative explanation to being griefed by hackers?)
Does that apply to just Asuswrt-Merlin or does it also apply to stock Asuswrt?We always advise, as we were always advised, to not use the first guest network. Unless things have changed.....
Primary and secondary DNS are specified in LAN-DHCP settings (Quad9). DNS director is OFF. I assumed that Intranet Disabled guest networks (1) would obtain DNS from the router (Quad9) unless clients request a different DNS server via their own DNS settings. Is this correct? Or, would DNS queries from clients on GN1 be passed through to the evil ISP?
.. Is using DNS Director and selecting 'router' and 'Quad9' better than just specifying the Quad9 DNS addresses in the DHCP settings?
Yep, I concur, they sure 'nuff snuck that notice in, however this particular 'privacy/upgrade notice' never previously appeared in any form, on v386.14 or v386.14.2. Both versions always ran ran perfectly without notices or interuption, and without the continuous barrage of Asus 'click OK' notices on every dang tab in the GUI, so I call it not only irritation but an obvious abberation. TrendMicro's agreement/notice has always been once and done, tame by comparison. The circumstances which caused this sudden barrage of the notices, began only one the day following the latest cyberattacks which took down our ISP, breaking through our node into/through all of our security and possibly into the router. If true, then the breach would have been measured in milliseconds as our VPN cutoff alone should never have permitted our router security to be breached, but, 'never say never' again. Unlikely as I had thought, the GT-AC2900 may have been corrupted. Our second identical backup GT-AC2900 is in service, running v386.14 with no sign of said Asus privacy notice. The newest GT-AC2900 is the one we pulled from the system. We'd gone back up to 386.13, but as of this morning after more questionable behavior, it's been wiped and rebuilt from scratch.No, you can still flash 3004 Asuswrt-Merlin in Recovery.
The privacy notice came with Asuswrt-Merlin 386.14 and it's not present in stock Asuswrt.
I'd still like to understand the GN DNS question of post #32 to be sure my GN issue is not simply bad DNS configuration, if someone could please educate me on that?Don't be surprised to see pop up notices upon first login with this firmware update. These are the same notices reported in other recent stock Asus firmware threads. You can accept or decline some of the notices.
PS: Text from the notices is attached in a text file in case anyone wants to read them before flashing the firmware.
Conspiracy theories about hacking aside, I've just tested the GN#1 DNS behaviour...I'd still like to understand the GN DNS question of post #32 to be sure my GN issue is not simply bad DNS configuration, if someone could please educate me on that?
Mar 29 20:53:36 dnsmasq[792]: possible DNS-rebind attack detected: ag.dns-finder.com
Mar 29 20:53:37 dnsmasq[792]: possible DNS-rebind attack detected: ag.dns-finder.com
It's still possible for ISPs to monitor or hijack plain DNS requests regardless of what you've chosen (not that I'm suggesting they're doing this). The only way to protect against that is to use the DNS Privacy Protocol = DoT option (or DoH on the client).If WAN ISP DNS was used, the ISP was messing things up on the DNS side of things might be a plausible explanation. However, I can confirm that WAN DNS is assigned to Quad9, which rules out ISP meddling.
This reminded me that DNS rebind attack messages had appeared in the log about a week before my OP. I see there was another instance about 15min after I had posted this thread:
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!