Menu
What's new
By:
Filters Better Search

Another weird AX86U issue - but not Malware?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

ahab

Occasional Visitor
RT-AX86U from 2020. Merlin 3004.388.8_2 (latest). I do not use ASUS DDNS and have never enabled AICloud. I have one port open for OVPN and one for VNC. All lights and WiFI work and MAC addresses are all normal so I really don't think this is related to the current malware situation but something went funky last night.

I have LAN-only access to the web config and from there I can still do speed tests (800mbps down / 900mbps up) and pinging my ISP still works on the Network Tools page so the router itself is getting out. None of this works from a machine on the LAN side and it appears my DNS is dead. Every webpage reports either "server not responding" or "DNS issue". I have tried reconfiguring DNS to every setting available, and removed DNScrypt from amtm, disabled Skynet, etc. I was unable to update anything in amtm so that made me think DNS was broken, no servers could be connected, but this doesn't explain no pinging from any machines on the inside. I placed one machine in the DMZ and still no love. Strangely, If I VPN in from the outside with both LAN and Internet enabled in the the tunnel, everything works fine for the VPN client. The LAN side also operates fine between local clients but anything on the inside can't get out, ever. I've restored the config and reloaded the JFFS from backups I took last week when everything worked but still the same result. The only thing I haven't done is a factory reset, I can but was hoping only as a last resort. Any ideas? Anyone have this situation before? Next steps? TIA.
 
Last edited:
ahab said:
RT-AX86U from 2020. Merlin 3004.388.8_2 (latest). I do not use ASUS DDNS and have never enabled AICloud. I have one port open for OVPN and one for VNC. All lights and WiFI work and MAC addresses are all normal so I really don't think this is related to the current malware situation but something went funky last night.

I have LAN-only access to the web config and from there I can still do speed tests (800mbps down / 900mbps up) and pinging my ISP still works on the Network Tools page so the router itself is getting out. None of this works from a machine on the LAN side and it appears my DNS is dead. Every webpage reports either "server not responding" or "DNS issue". I have tried reconfiguring DNS to every setting available, and removed DNScrypt from amtm, disabled Skynet, etc. I was unable to update anything in amtm so that made me thing DNS was broken, no servers could be connected, but this doesn't explain no pinging from any machines on the inside. I placed one machine in the DMZ and still no love. Strangely, If I VPN in from the outside with both LAN and Internet enabled in the the tunnel, everything works fine for the VPN client. The LAN side also operates fine between local clients but anything on the inside can't get out, ever. I've restored the config and reloaded the JFFS from backups I took last week when everything worked but still the same result. The only thing I haven't done is a factory reset, I can but was hoping only as a last resort. Any ideas? Anyone have this situation before? Next steps? TIA.
Click to expand...
Things usually go south fast after a factory reset, country code missing error most frequent
If it’s the same thing…
 
ahab said:
Any ideas?
Click to expand...

You obviously have DNS issues to clients. The router itself uses the servers defined in WAN settings and they work. Whatever you installed additionally - remove, reinstall, test again. Test with and without it and you'll find the issue. Keep it simple and your life will be better.
 
Factory reset from gui along with initialize may be best after all
 
Thanks for the responses! I left this out of my initial post because it seemed superfluous but I was streaming F1 in one room last night and paused it, then went into another room 10 minutes later to resume on a different PC. That PC has no mouse/keyboard so I VNC to it from my phone to control it. Wouldn't connect. Went back into the first room and that's when things started to unravel. Couldn't get any webpages to load. Work laptop wouldn't connect to its VPN, etc. It was late so I went to bed and sure enough, it wasn't a dream. When I got up everything was still effed. The reason I mention all this is because nothing changed, it suddenly broke. I updated the latest Merlin on the 9th (the date of my backups) and everything was fine until out of nowhere last night.

I'm not 100% sure on where the DNS resolution is coming from when I'm VPN'd in but the Traffic Analyzer in the gui definitely shows the traffic going across the ASUS. I tried running dnscheck.tools and got varying results from different machines that were VPN'd in through different cell providers. I assume this is the result of DNS caching?

@ATLga, are you saying that the factory reset could cause the malware to wreak more havoc, if that's in fact what's going on?
 
ahab said:
Thanks for the responses! I left this out of my initial post because it seemed superfluous but I was streaming F1 in one room last night and paused it, then went into another room 10 minutes later to resume on a different PC. That PC has no mouse/keyboard so I VNC to it from my phone to control it. Wouldn't connect. Went back into the first room and that's when things started to unravel. Couldn't get any webpages to load. Work laptop wouldn't connect to its VPN, etc. It was late so I went to bed and sure enough, it wasn't a dream. When I got up everything was still effed. The reason I mention all this is because nothing changed, it suddenly broke. I updated the latest Merlin on the 9th (the date of my backups) and everything was fine until out of nowhere last night.

I'm not 100% sure on where the DNS resolution is coming from when I'm VPN'd in but the Traffic Analyzer in the gui definitely shows the traffic going across the ASUS. I tried running dnscheck.tools and got varying results from different machines that were VPN'd in through different cell providers. I assume this is the result of DNS caching?

@ATLga, are you saying that the factory reset could cause the malware to wreak more havoc, if that's in fact what's going on?
Click to expand...
If you read the various ongoing malware threads, there are several that did a factory reset and that’s when the missing country code error started showing. That’s why I would caution about doing that. Give it a bit and see if someone else jumps in with some troubleshooting tips on the dns
 
Post 3 has good advice
 
OK, I had read that. Just wanted to be clear in that mine shows none of the reported symptoms. I'm not 100% certain that's not what's going on however. I plan to continue to troubleshoot and run off the old VZ router for now. Thanks again.
 
I agree with Tech9 with regard to a simple methodic approach for sure but apart from the latest Merlin, I haven't made any changes to the router's config in months.
 
Ports open? Open port for VNC not good. For OVPN? Best to change the default port on the router OVPN server and there is no need to open any ports.
 
You must log in or register to reply here.

Similar threads

C
From AC86U to AX86U
Replies
4
Views
328
charlesbuzz
C
Cr00zng
Weird DNS issue....
Replies
4
Views
543
Cr00zng
Cr00zng
onthego41
RT-AX86U, Parental Control, and VPN
Replies
1
Views
285
128bit
128bit
J
Asus AX86U poor WAN speeds
2
Replies
21
Views
921
vit5421
vit5421
C
Mesh - GuestWiFi - IoT - MerlinWRT - 2.4ghz issues
Replies
0
Views
189
cyberbooster
C
Similar threads
Thread starter Title Forum Replies Date
V Another RT-AX86U Slow Speeds (<400mbs) ASUS AX Routers & Adapters (Wi-Fi 6/6e) 19
P Transferring the cfg file to another model ASUS AX Routers & Adapters (Wi-Fi 6/6e) 4
M Yet another question about VLAN w/ RT-AX88U Pro in AP mode. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9
D RT-AX58U broadcasts weird SSID when WPA3 enabled ASUS AX Routers & Adapters (Wi-Fi 6/6e) 3
T Solved GT-AX6000 Weird issue ASUS AX Routers & Adapters (Wi-Fi 6/6e) 4
R ZEN WIFI Pro ET12 AIMesh (weird MAC address) ASUS AX Routers & Adapters (Wi-Fi 6/6e) 16
S RT-AX88U Pro Behaving really weird (syslog, attached) ASUS AX Routers & Adapters (Wi-Fi 6/6e) 1
Q Weird issue with an GT-AX6000 when maxing out ISP provided speeds. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9
V GT-ax11000 PRO weird issues ASUS AX Routers & Adapters (Wi-Fi 6/6e) 6
K Weird Wake on LAN problem with GT-AXE16000 ASUS AX Routers & Adapters (Wi-Fi 6/6e) 15

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 677 (members: 18, guests: 659)
Top