Shaun4BigBlocks
New Around Here
Hello forum first time poster here. I have never had to ask a question before as this forum’s search function usually does the trick for me. My searches are at a loss, which is good because it gave me an excuse to sign up 
. Sorry if I overlooked answers using the search engine. Post junkies- feel free to fire away at me for not using the search engine if it is that important for you to raise your post count…
Sarcasm aside, here is my issue. I have experience with DD-WRT and various Tomato flavors and recently got an ASUS RT-AC88U (stock firmware upgraded to 3.0.0.4.384_32799) since I have been wanting to play with Merlin (Tomato-ish) for a while. My issues arise when I upgrade to Merlin 384.7.
First off, I was shocked to see that the firmware does not perform a fresh install, but instead appears to add a layer over the stock firmware (or at least installs fresh and then retains/adds settings from the stock firmware. Not used to this, but it is a handy feature for the more complex your setup becomes.
My issue: when using the stock firmware my various firewall settings work fine (VPN- open VPN client). Upon flashing the Merlin firmware, my internet drops on all my computers except for one unless if I turn the VPN off. All my IP’s are set to auto within the specified range, I have not yet looked into how and why the one computer, always the same one stays connected. It is, however, not the computer that I am administering the router from. Also, the stock firmware changes tabs and applies settings lightning fast. Merlin on the other hand is painfully slow, like 45 sec to a min to change tabs and painfully slow applying settings. Not fun for trial and error style playing around.
I do not get a lot of time to play with it. My wife does medical coding all day so needs the internet for work. I temporarily put her on another network, but my ATT (yes I know ATT sucks) modem gets finicky at times when playing with all this and I need to reset it. In the evening the kids are home and cry whenever I take the internet down. What caused this is what I am referring to as “The Great VPN Block of Oct 2018”- I know a handful of us have felt the sting. Life was good when I ran everything under one routered VPN umbrella. Now the kids cry about Netflix getting blocked and the wife about Amazon Prime (Amazon has proven especially difficult). The problem is that I am not always around to keep playing with different servers- it is getting old.
So, the first attempt at help that I will probably get hurled at me is a band-aid- already done. I am looking for a technical solution, not a band-aid. The band aid is to use another router isolated from the VPN. This is how I am currently doing it but again this is a band aid and aside from my OCD being bothered it is more of a cop-out than a solution. Band-aids, in my opinion, equal no SNB bragging rights. I want the Merlin set up right so as to split tunnel- guest network no VPN. I have found the various ways to do that on this forum, but can’t even get that far as I am having the stupid no internet issue on most of my terminals whenever any of my VPS’s are turned on.
My set up- irrelevant but will provide it if it makes any difference. First off, stuck with the horrible ATTNVG510 that does not offer a true bridge mode, just IP pass through with the ability to turn NAT and DNS off. I live in a rural community, my cable company sucks. They not only monitor all usage, but limit monthly data cap pretty low and cut you off if you are behind a proxy/VPN/Smart DNS (basically if they see too much encryption you get suspended). Satellite- no need to really explain right? But primarily EXTREMELY low data cap. So, at 1TB per month and a lack of being “snoopy” ATT gets my business. I used to be able to use a standard “dumb” modem, but when they upgraded to the VDSL2+ architecture they also decided to have control over MAC addresses. Yes, cloning a MAC address to an old “dummy” brick is on my shelf of projects for another day but until then…
So, ATT NVG510 set for IP pass through, connected to a Linksys EG008W (yes, I said NAT and DNS turned off, but obviously those settings don’t work since the switch will still provide internet/WAN regardless), one switch port to Asus RT-AC88U (double NAT’ed and DSN’ed for VPN purposes, not ideal but a necessary evil – works flawlessly in my case at the expense of a 20ns latency hit), one switch port to my master bedroom feeding another switch (Linksys SE-4008) with various DD-WRT and Tomato routers used for my TOR stuff and for playing with/learning DD-WRT/Tomato, and the remainder of the switches feeding non VPN requirements (the whole Netflix/Amazon Prime “issue”)such as televisions, son’s Xbox, ect. Oh yeah, and one switch port currently feeding one of my WRT-54(X)’s as a repeater so as to provide non VPN’ed internet to my kids wireless devices (the band aid I am trying to resolve) as my master bedroom is too far away to provide a good signal.
My gut instinct is to reset the RT-AC88U to a clean factory state and then perform the upgrade and then set the settings, but I don’t see why I should have to do that. I feel RMerlin would not have designed the firmware upgrade process to be the way he did if he felt it was not a stable way of doing it. For the record, I did try isolating the RT-AC88U directly to the NVG510 after flashing back to factory 3.0.0.4.384_32799 and attempting to re-install Merlin 384.7 with the same issue. Then for sh$ts and giggles I loaded my 3.0.0.4.384_32799 settings backup file over the Merlin 384.7. For five minutes everything worked great and I thought I was ready to start tweaking for the split tunnel and then bam all but one computer lost internet connection. And yes, I wasted time playing with reboots and ipconfig commands (even though I really should not have to do that) wih no success. Finally I just flashed back to 3.0.0.4.384_32799 followed by uploading my backup file and of course all is working… except for without Merlin I can’t play with the split tunnel on the RT-AC88U. That is where I am now. I figured I would reach out, between Martineau and everyone else someone has to have either had or stumbled on this issue. I can re-flash to take any screen shots if that helps. Oh yeah, the RT-AC88U is set to 192.168.2.1 (well at least while I troubleshoot, it will be a bit more creative than that when complete) just to rule conflict out. Oh, and as far as VPN’s I am using Proton, Air, and Express (Express is getting hit just as hard by the blocks BTW so be careful when you see the marketing hype).
. Sorry if I overlooked answers using the search engine. Post junkies- feel free to fire away at me for not using the search engine if it is that important for you to raise your post count…Sarcasm aside, here is my issue. I have experience with DD-WRT and various Tomato flavors and recently got an ASUS RT-AC88U (stock firmware upgraded to 3.0.0.4.384_32799) since I have been wanting to play with Merlin (Tomato-ish) for a while. My issues arise when I upgrade to Merlin 384.7.
First off, I was shocked to see that the firmware does not perform a fresh install, but instead appears to add a layer over the stock firmware (or at least installs fresh and then retains/adds settings from the stock firmware. Not used to this, but it is a handy feature for the more complex your setup becomes.
My issue: when using the stock firmware my various firewall settings work fine (VPN- open VPN client). Upon flashing the Merlin firmware, my internet drops on all my computers except for one unless if I turn the VPN off. All my IP’s are set to auto within the specified range, I have not yet looked into how and why the one computer, always the same one stays connected. It is, however, not the computer that I am administering the router from. Also, the stock firmware changes tabs and applies settings lightning fast. Merlin on the other hand is painfully slow, like 45 sec to a min to change tabs and painfully slow applying settings. Not fun for trial and error style playing around.
I do not get a lot of time to play with it. My wife does medical coding all day so needs the internet for work. I temporarily put her on another network, but my ATT (yes I know ATT sucks) modem gets finicky at times when playing with all this and I need to reset it. In the evening the kids are home and cry whenever I take the internet down. What caused this is what I am referring to as “The Great VPN Block of Oct 2018”- I know a handful of us have felt the sting. Life was good when I ran everything under one routered VPN umbrella. Now the kids cry about Netflix getting blocked and the wife about Amazon Prime (Amazon has proven especially difficult). The problem is that I am not always around to keep playing with different servers- it is getting old.
So, the first attempt at help that I will probably get hurled at me is a band-aid- already done. I am looking for a technical solution, not a band-aid. The band aid is to use another router isolated from the VPN. This is how I am currently doing it but again this is a band aid and aside from my OCD being bothered it is more of a cop-out than a solution. Band-aids, in my opinion, equal no SNB bragging rights. I want the Merlin set up right so as to split tunnel- guest network no VPN. I have found the various ways to do that on this forum, but can’t even get that far as I am having the stupid no internet issue on most of my terminals whenever any of my VPS’s are turned on.
My set up- irrelevant but will provide it if it makes any difference. First off, stuck with the horrible ATTNVG510 that does not offer a true bridge mode, just IP pass through with the ability to turn NAT and DNS off. I live in a rural community, my cable company sucks. They not only monitor all usage, but limit monthly data cap pretty low and cut you off if you are behind a proxy/VPN/Smart DNS (basically if they see too much encryption you get suspended). Satellite- no need to really explain right? But primarily EXTREMELY low data cap. So, at 1TB per month and a lack of being “snoopy” ATT gets my business. I used to be able to use a standard “dumb” modem, but when they upgraded to the VDSL2+ architecture they also decided to have control over MAC addresses. Yes, cloning a MAC address to an old “dummy” brick is on my shelf of projects for another day but until then…
So, ATT NVG510 set for IP pass through, connected to a Linksys EG008W (yes, I said NAT and DNS turned off, but obviously those settings don’t work since the switch will still provide internet/WAN regardless), one switch port to Asus RT-AC88U (double NAT’ed and DSN’ed for VPN purposes, not ideal but a necessary evil – works flawlessly in my case at the expense of a 20ns latency hit), one switch port to my master bedroom feeding another switch (Linksys SE-4008) with various DD-WRT and Tomato routers used for my TOR stuff and for playing with/learning DD-WRT/Tomato, and the remainder of the switches feeding non VPN requirements (the whole Netflix/Amazon Prime “issue”)such as televisions, son’s Xbox, ect. Oh yeah, and one switch port currently feeding one of my WRT-54(X)’s as a repeater so as to provide non VPN’ed internet to my kids wireless devices (the band aid I am trying to resolve) as my master bedroom is too far away to provide a good signal.
My gut instinct is to reset the RT-AC88U to a clean factory state and then perform the upgrade and then set the settings, but I don’t see why I should have to do that. I feel RMerlin would not have designed the firmware upgrade process to be the way he did if he felt it was not a stable way of doing it. For the record, I did try isolating the RT-AC88U directly to the NVG510 after flashing back to factory 3.0.0.4.384_32799 and attempting to re-install Merlin 384.7 with the same issue. Then for sh$ts and giggles I loaded my 3.0.0.4.384_32799 settings backup file over the Merlin 384.7. For five minutes everything worked great and I thought I was ready to start tweaking for the split tunnel and then bam all but one computer lost internet connection. And yes, I wasted time playing with reboots and ipconfig commands (even though I really should not have to do that) wih no success. Finally I just flashed back to 3.0.0.4.384_32799 followed by uploading my backup file and of course all is working… except for without Merlin I can’t play with the split tunnel on the RT-AC88U. That is where I am now. I figured I would reach out, between Martineau and everyone else someone has to have either had or stumbled on this issue. I can re-flash to take any screen shots if that helps. Oh yeah, the RT-AC88U is set to 192.168.2.1 (well at least while I troubleshoot, it will be a bit more creative than that when complete) just to rule conflict out. Oh, and as far as VPN’s I am using Proton, Air, and Express (Express is getting hit just as hard by the blocks BTW so be careful when you see the marketing hype).
