ASUS RT-AX58U - devices kicked-off wifi over 60 times a day

[Lightivity]

I've been having gigantic issues for weeks now after a very stable period with my mesh network using an ASUS RT-AX58U as main unit. My connected devices gets kicked-off from wifi over 60 times a day.

As an example of the occurring issue, my Macbook stops getting internet, the wifi icon starts blinking, searching for a connection, then fails. Usually I can get the connection alive again by switching the Macbook wifi off and on. Other wireless devices are kicked out in the same manner, can confirm it as my daughter and wife's phones and computers disconnects. I'm not a technical guy by heart, but has still done massive amounts of error searching and tried different setting. Nothing, I mean nothing works.

1. I have AIMesh with two extra nodes besides the main unit: node AX53U (added this spring) and AX52 (added just a couple of weeks ago to replace an aging AirPort Extreme - this might be when the trouble started, see further down)
2. The mesh nodes is connected by an ethernet LAN backbone.
3. My house is built with a wooden frame, not stone or concrete.
4. The main unit AX58U is on the first floor, inside a closet (that's where the incoming internet arrives from the wall). The first node AX53U (added this spring with out issues) is also on the first floor but appreciate. 5 meters from the main unit. The reason for proximity is that the closeted main unit is situated in such a way that the signal gets blocked fast by a restroom; I also need the extra node on the first floor to extend the wifi further out into the garden outside to provide a good signal for my outdoor cameras. The third node (AX52, added a couple of weeks ago) is on the second floor tp provide coverage of that floor and the third floor.
5. My current firmware is 3.0.0.4.388_25139-g4bc5b40 (updated to latest version yesterday). Apparently did not fix anyhting.
6. Private Relay Service deactivated on all Apple devices.
7. The only change I can attribute to anything, might be the addition of the AX52, that replaces the AirPort Extreme in the same spot. Before this node switch, I didn't experience any issues. I have switched the AX52 off for a couple of hours but not long enough - the problem is my burglar alarm is connected to it.

This is the log of the latest disconnect (the "disassociation"-lines continues almost five times the length after the last quoted line) :

Nov 11 19:58:21 pptpd[14749]: CTRL: EOF or bad error reading ctrl packet length.
Nov 11 19:58:21 pptpd[14749]: CTRL: couldn't read packet header (exit)
Nov 11 19:58:21 pptpd[14749]: CTRL: CTRL read failed
Nov 11 19:58:31 pptpd[14837]: CTRL: Couldn't write packet to client.
Nov 11 19:59:31 pptpd[14837]: CTRL: Couldn't write packet to client.
Nov 11 20:00:31 pptpd[14837]: CTRL: EOF or bad error reading ctrl packet length.
Nov 11 20:00:31 pptpd[14837]: CTRL: couldn't read packet header (exit)
Nov 11 20:00:31 pptpd[14837]: CTRL: CTRL read failed
Nov 11 20:00:34 kernel: tdts_core_ioctl_udb_op_prog_ctrl() fail!
Nov 11 20:01:09 wlceventd: wlceventd_proc_event(685): eth3: Auth 46:32:11:53:89:60, status: Successful (0), rssi:-61
Nov 11 20:02:14 wlceventd: wlceventd_proc_event(695): eth3: ReAssoc 46:32:11:53:89:60, status: Successful (0), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(685): eth3: Auth EA:7B3:CD:1D2, status: Successful (0), rssi:-70
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(695): eth3: ReAssoc EA:7B3:CD:1D2, status: Successful (0), rssi:-70
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(685): eth3: Auth 223:FB:38:31:2C, status: Successful (0), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(695): eth3: ReAssoc 223:FB:38:31:2C, status: Successful (0), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind 46:32:11:53:89:60, status: 0, reason: 4-way handshake timeout (f), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(662): eth3: Disassoc 46:32:11:53:89:60, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind EA:7B3:CD:1D2, status: 0, reason: 4-way handshake timeout (f), rssi:-70
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(662): eth3: Disassoc EA:7B3:CD:1D2, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:-70
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind 223:FB:38:31:2C, status: 0, reason: 4-way handshake timeout (f), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(662): eth3: Disassoc 223:FB:38:31:2C, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(685): eth3: Auth 46:32:11:53:89:60, status: Successful (0), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(722): eth3: Assoc 46:32:11:53:89:60, status: Successful (0), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(685): eth3: Auth EA:7B3:CD:1D2, status: Successful (0), rssi:-70
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(722): eth3: Assoc EA:7B3:CD:1D2, status: Successful (0), rssi:-70
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(685): eth3: Auth 223:FB:38:31:2C, status: Successful (0), rssi:0
Nov 11 20:03:16 wlceventd: wlceventd_proc_event(722): eth3: Assoc 223:FB:38:31:2C, status: Successful (0), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind 46:32:11:53:89:60, status: 0, reason: 4-way handshake timeout (f), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(662): eth3: Disassoc 46:32:11:53:89:60, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(685): eth2: Auth 00:04:20:FA:F4:05, status: Successful (0), rssi:-74
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(722): eth2: Assoc 00:04:20:FA:F4:05, status: Successful (0), rssi:-74
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind EA:7B3:CD:1D2, status: 0, reason: 4-way handshake timeout (f), rssi:-69
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(662): eth3: Disassoc EA:7B3:CD:1D2, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:-69
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind 223:FB:38:31:2C, status: 0, reason: 4-way handshake timeout (f), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(662): eth3: Disassoc 223:FB:38:31:2C, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(685): eth3: Auth 46:32:11:53:89:60, status: Successful (0), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(695): eth3: ReAssoc 46:32:11:53:89:60, status: Successful (0), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(685): eth3: Auth EA:7B3:CD:1D2, status: Successful (0), rssi:-69
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(695): eth3: ReAssoc EA:7B3:CD:1D2, status: Successful (0), rssi:-69
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(685): eth3: Auth 223:FB:38:31:2C, status: Successful (0), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(695): eth3: ReAssoc 223:FB:38:31:2C, status: Successful (0), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind 46:32:11:53:89:60, status: 0, reason: 4-way handshake timeout (f), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(662): eth3: Disassoc 46:32:11:53:89:60, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(645): eth3: Deauth_ind EA:7B3:CD:1D2, status: 0, reason: 4-way handshake timeout (f), rssi:-69
Nov 11 20:02:15 wlceventd: wlceventd_proc_event(662): eth3: Disassoc EA:7B3:CD:1D2, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:-69

 

[Lightivity]

For some reason the PPTP VPN service automatically turns on occasionally. I've turned it off some days, but just now noticed it had turned on again (?).

 

[ColinTaylor]

For some reason the PPTP VPN service automatically turns on occasionally. I've turned it off some days, but just now noticed it had turned on again (?).

This usually indicates that your router has malware.

Enable SSH access to the router (LAN only) and SSH into the router and run this command. Post all the output here for us to look at.

top -bn1

 

[Lightivity]

Thanks, trying to learn how to active and login using ssh. Not going well…

 

[ColinTaylor]

Thanks, trying to learn how to active and login using ssh. Not going well…

On the router: Administration - System > Enable SSH = LAN only

Then from your PC: ssh admin@192.168.50.1
(change the username as appropriate)

 

[Lightivity]

is the username the ssid of the router?

 

[ColinTaylor]

No, it's the same username and password you use to log into the router's web interface.

 

[Lightivity]

No, it's the same username and password you use to log into the router's web interface.

Ssh connection in CMD times out, or it says wrong password.

 

[ColinTaylor]

The username and password are case sensitive.

 

[Lightivity]

Mem: 475792K used, 33420K free, 2664K shrd, 5552K buff, 202656K cached
CPU: 0.0% usr 4.6% sys 0.0% nic 72.0% idle 23.2% io 0.0% irq 0.0% sirq
Load average: 2.55 0.83 0.29 2/242 4242
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
2250 2232 Darktivi S 17512 3.4 2 1.8 amas_portstatus
4026 4025 Darktivi R N 12516 2.4 1 0.9 minidlna -f /etc/minidlna.conf -r
4242 4145 Darktivi R 3100 0.6 2 0.9 top -bn1
703 2 Darktivi SW 0 0.0 1 0.9 [wl1-kthrd]
2144 2143 Darktivi S 35016 6.8 2 0.0 /usr/lib/ipsec/charon --use-syslog
3833 1 Darktivi S 20548 4.0 0 0.0 wred -B
2281 1 Darktivi S 19960 3.9 2 0.0 amas_lib
2232 1 Darktivi S 18636 3.6 2 0.0 conn_diag
2230 1 Darktivi S 18464 3.6 1 0.0 roamast
3601 1 Darktivi S 18268 3.5 0 0.0 aaews --sdk_log_dir=/tmp
2223 1 Darktivi S 15432 3.0 2 0.0 /usr/sbin/lighttpd -f /tmp/lighttpd.conf -D
2256 1 Darktivi S 14948 2.9 2 0.0 cfg_server
3823 1 Darktivi S < 14668 2.8 1 0.0 dcd -i 3600 -p 43200 -b -d /tmp/bwdpi/
1946 1 Darktivi S 14364 2.8 2 0.0 /sbin/netool
2209 1 Darktivi S 14056 2.7 1 0.0 networkmap --bootwait
1 0 Darktivi S 13468 2.6 2 0.0 /sbin/init
1944 1 Darktivi S 13188 2.5 2 0.0 nt_monitor
2084 1 Darktivi S 13116 2.5 2 0.0 ahs
2805 1 Darktivi S 12796 2.5 2 0.0 /usr/sbin/lighttpd-arpping -f br0
2085 1 Darktivi S 12312 2.4 2 0.0 watchdog
2087 1 Darktivi S 12312 2.4 2 0.0 alt_watchdog
1329 1 Darktivi S 12312 2.4 2 0.0 /sbin/wanduck
2234 1 Darktivi S 12312 2.4 0 0.0 erp_monitor
2420 1 Darktivi S 12312 2.4 0 0.0 ntp
2086 1 Darktivi S 12312 2.4 0 0.0 check_watchdog
2088 1 Darktivi S 12312 2.4 0 0.0 amas_lanctrl
2674 1 Darktivi S 12312 2.4 0 0.0 usbled
2228 1 Darktivi S 12312 2.4 2 0.0 hour_monitor
2229 1 Darktivi S 12312 2.4 1 0.0 pctime
2282 1 Darktivi S 12312 2.4 2 0.0 sched_daemon
2704 1 Darktivi S 12312 2.4 1 0.0 disk_monitor
2023 1 Darktivi S 12312 2.4 0 0.0 wpsaide
2227 1 Darktivi S 12312 2.4 2 0.0 bwdpi_check
2233 1 Darktivi S 12312 2.4 0 0.0 amas_ssd_cd
3889 1 Darktivi S 12312 2.4 2 0.0 bwdpi_wred_alive
2224 1 Darktivi S 12052 2.3 2 0.0 /usr/sbin/lighttpd-monitor
4025 1 Darktivi S 11584 2.2 2 0.0 minidlna -f /etc/minidlna.conf -r
2226 1 Darktivi S 11500 2.2 0 0.0 mastiff
1939 1 Darktivi S 11312 2.2 1 0.0 asd
1960 1 Darktivi S 11164 2.1 2 0.0 nt_center
2079 1 Darktivi S 11148 2.1 2 0.0 httpds -s -i br0 -p 8443
2080 1 Darktivi S 10324 2.0 2 0.0 httpd -i br0
4017 1 Darktivi S 10264 2.0 0 0.0 /usr/sbin/smbd -D -s /etc/smb.conf
2027 1 Darktivi S 9996 1.9 1 0.0 /usr/sbin/awsiot
4016 1 Darktivi S 9968 1.9 2 0.0 /usr/sbin/nmbd -D -s /etc/smb.conf
2022 1 Darktivi S 8888 1.7 2 0.0 wps_pbcd
2675 1 Darktivi S 7536 1.4 1 0.0 usbmuxd
1979 1 Darktivi S 7488 1.4 0 0.0 hostapd -B /tmp/wl0_hapd.conf

 

[Lightivity]

2007 1 Darktivi S 7488 1.4 1 0.0 hostapd -B /tmp/wl1_hapd.conf
1945 1 Darktivi S 6872 1.3 2 0.0 protect_srv
4027 1 Darktivi S 6804 1.3 1 0.0 afpd -F /tmp/netatalk/afp.conf
2143 1 Darktivi S 6664 1.3 0 0.0 /usr/lib/ipsec/starter --daemon charon
2081 1 Darktivi S 6648 1.3 2 0.0 /usr/sbin/infosvr br0
2042 1 Darktivi S 6004 1.1 2 0.0 /usr/sbin/bsd
3377 1 Darktivi S 5108 1.0 0 0.0 /usr/sbin/pppd file /tmp/ppp/vpnc5_options.pptp
2041 1 Darktivi S 5104 1.0 2 0.0 /usr/sbin/wlceventd
1985 1 Darktivi S 4980 0.9 1 0.0 nt_actMail
2294 1 Darktivi S 4912 0.9 2 0.0 fsmd
2024 1 Darktivi S 4836 0.9 0 0.0 /usr/sbin/wlc_nt
2025 1 Darktivi S 4832 0.9 2 0.0 /usr/sbin/wlc_monitor
4030 1 Darktivi S 4524 0.8 2 0.0 cnid_metad -F /tmp/netatalk/afp.conf
2090 1 Darktivi S 4396 0.8 2 0.0 rstats
2239 1 Darktivi S 3620 0.7 1 0.0 /usr/sbin/acsd2
2083 1 Darktivi S 3608 0.7 2 0.0 sysstate
3998 2291 Darktivi S 3504 0.6 1 0.0 dropbear -p 192.168.50.1:22 -a
2291 1 Darktivi S 3376 0.6 0 0.0 dropbear -p 192.168.50.1:22 -a
2249 2245 nobody S 3272 0.6 1 0.0 lldpd -L /usr/sbin/lldpcli -I eth1,eth2,eth3,wds0.*.*,wds1.*.* -s RT-AX58U_V2
2245 1 Darktivi S 3272 0.6 2 0.0 lldpd -L /usr/sbin/lldpcli -I eth1,eth2,eth3,wds0.*.*,wds1.*.* -s RT-AX58U_V2
4035 1 Darktivi S 3104 0.6 2 0.0 avahi-daemon: running [RT-AX58U-0758.local]
1268 1 Darktivi S 3100 0.6 2 0.0 /sbin/syslogd -m 0 -S -O /jffs/syslog.log -s 256 -l 6
4145 3998 Darktivi S 3100 0.6 2 0.0 -sh
1270 1 Darktivi S 3100 0.6 0 0.0 /sbin/klogd -c 5
2060 1 Darktivi S 3100 0.6 2 0.0 crond
4091 1 Darktivi S 3100 0.6 0 0.0 /sbin/udhcpc -i eth0 -p /var/run/udhcpc0.pid -s /tmp/udhcpc_wan -A5 -O33 -O249
1954 1 Darktivi S 3032 0.5 0 0.0 /bin/eapd
2045 1 Darktivi S 3028 0.5 2 0.0 /bin/ceventd
2048 1 Darktivi S 3008 0.5 1 0.0 /usr/sbin/debug_monitor /data
4038 1 nobody S 2676 0.5 2 0.0 dnsmasq --log-async

 

[Lightivity]

4039 4038 Darktivi S 2676 0.5 0 0.0 dnsmasq --log-async
550 1 Darktivi S 2040 0.4 0 0.0 /usr/sbin/envrams
1938 1 Darktivi S 2012 0.3 2 0.0 /usr/sbin/jitterentropy-rngd -p /var/run/jitterentropy-rngd.pid
2554 1 Darktivi S 1976 0.3 2 0.0 /bin/mcpd
4060 1 Darktivi S 1880 0.3 0 0.0 /usr/sbin/wsdd2 -d -w -i br0 -b sku:RT-AX58U,serial:c87f54990758
498 1 Darktivi S 1740 0.3 0 0.0 hotplug2 --persistent --no-coldplug
496 1 Darktivi S 1596 0.3 0 0.0 {wdtctl} wdtd
389 2 Darktivi SW 0 0.0 0 0.0 [bcmsw_rx]
695 2 Darktivi SW 0 0.0 0 0.0 [wl0-kthrd]
382 2 Darktivi SW 0 0.0 3 0.0 [bcm_archer_us]
106 2 Darktivi IW 0 0.0 2 0.0 [kworker/2:1-mm_]
54 2 Darktivi SW 0 0.0 2 0.0 [kswapd0]
383 2 Darktivi IW 0 0.0 1 0.0 [kworker/1:2-eve]
14 2 Darktivi IW 0 0.0 0 0.0 [kworker/0:1-eve]
2011 2 Darktivi IW 0 0.0 0 0.0 [kworker/0:4-eve]
10 2 Darktivi IW 0 0.0 0 0.0 [rcu_preempt]
376 2 Darktivi SW 0 0.0 2 0.0 [fc_evt]
636 2 Darktivi IW 0 0.0 0 0.0 [kworker/u8:2-fl]
377 2 Darktivi SW 0 0.0 0 0.0 [fc_timer]
390 2 Darktivi SW 0 0.0 2 0.0 [bcmsw_recycle]
3674 2 Darktivi IW 0 0.0 0 0.0 [kworker/u8:3-ev]
5 2 Darktivi IW 0 0.0 0 0.0 [kworker/0:0-eve]
19 2 Darktivi IW 0 0.0 1 0.0 [kworker/1:0-eve]
2012 2 Darktivi IW 0 0.0 1 0.0 [kworker/1:3-eve]
18 2 Darktivi SW 0 0.0 1 0.0 [ksoftirqd/1]
23 2 Darktivi SW 0 0.0 2 0.0 [ksoftirqd/2]
9 2 Darktivi SW 0 0.0 0 0.0 [ksoftirqd/0]
37 2 Darktivi SW 0 0.0 0 0.0 [skb_free_task]
89 2 Darktivi IW 0 0.0 1 0.0 [kworker/1:1-eve]
103 2 Darktivi SW 0 0.0 1 0.0 [ubi_bgt0d]
384 2 Darktivi SW 0 0.0 2 0.0 [bcm_archer_wlan]
388 2 Darktivi IW 0 0.0 2 0.0 [kworker/2:2-eve]
93 2 Darktivi IW 0 0.0 0 0.0 [kworker/0:2-eve]
105 2 Darktivi IW< 0 0.0 2 0.0 [kworker/2:1H-kb]
244 2 Darktivi SW 0 0.0 2 0.0 [ubifs_bgt0_13]
704 2 Darktivi SW 0 0.0 2 0.0 [bcm_awl_xfer_1]
2603 2 Darktivi SW 0 0.0 0 0.0 [usb-storage]
2 0 Darktivi SW 0 0.0 1 0.0 [kthreadd]
3 2 Darktivi IW< 0 0.0 0 0.0 [rcu_gp]
4 2 Darktivi IW< 0 0.0 0 0.0 [rcu_par_gp]
6 2 Darktivi IW< 0 0.0 0 0.0 [kworker/0:0H-kb]
7 2 Darktivi IW 0 0.0 1 0.0 [kworker/u8:0-ev]
8 2 Darktivi IW< 0 0.0 0 0.0 [mm_percpu_wq]
11 2 Darktivi IW 0 0.0 1 0.0 [rcu_sched]
12 2 Darktivi IW 0 0.0 0 0.0 [rcu_bh]
13 2 Darktivi SW 0 0.0 0 0.0 [migration/0]
15 2 Darktivi SW 0 0.0 0 0.0 [cpuhp/0]
16 2 Darktivi SW 0 0.0 1 0.0 [cpuhp/1]
17 2 Darktivi SW 0 0.0 1 0.0 [migration/1]
20 2 Darktivi IW< 0 0.0 1 0.0 [kworker/1:0H-kb]
21 2 Darktivi SW 0 0.0 2 0.0 [cpuhp/2]
22 2 Darktivi SW 0 0.0 2 0.0 [migration/2]
24 2 Darktivi IW 0 0.0 2 0.0 [kworker/2:0-eve]
25 2 Darktivi IW< 0 0.0 2 0.0 [kworker/2:0H-kb]
26 2 Darktivi SW 0 0.0 3 0.0 [cpuhp/3]
27 2 Darktivi SW 0 0.0 3 0.0 [migration/3]
28 2 Darktivi SW 0 0.0 3 0.0 [ksoftirqd/3]
29 2 Darktivi IW 0 0.0 3 0.0 [kworker/3:0-mm_]
30 2 Darktivi IW< 0 0.0 3 0.0 [kworker/3:0H]
31 2 Darktivi SW 0 0.0 2 0.0 [kdevtmpfs]
32 2 Darktivi SW 0 0.0 1 0.0 [rcu_tasks_kthre]
33 2 Darktivi SW 0 0.0 2 0.0 [oom_reaper]
34 2 Darktivi IW< 0 0.0 1 0.0 [writeback]
35 2 Darktivi IW< 0 0.0 2 0.0 [crypto]
36 2 Darktivi IW< 0 0.0 1 0.0 [kblockd]
38 2 Darktivi SW 0 0.0 2 0.0 [watchdogd]
39 2 Darktivi IW< 0 0.0 2 0.0 [mptcp_wq]
88 2 Darktivi SW 0 0.0 1 0.0 [hwrng]
90 2 Darktivi IW 0 0.0 2 0.0 [kworker/u8:1-fl]
91 2 Darktivi SW 0 0.0 1 0.0 [spi1]
92 2 Darktivi SW 0 0.0 0 0.0 [irq/61-mmc0]
94 2 Darktivi IW< 0 0.0 1 0.0 [ipv6_addrconf]
104 2 Darktivi IW< 0 0.0 0 0.0 [kworker/0:1H-kb]
107 2 Darktivi IW< 0 0.0 1 0.0 [kworker/1:1H-kb]
198 2 Darktivi SW 0 0.0 0 0.0 [ubifs_bgt0_10]
214 2 Darktivi SW 0 0.0 2 0.0 [ubifs_bgt0_11]
370 2 Darktivi SW 0 0.0 1 0.0 [bpm_monitor]
378 2 Darktivi SW 0 0.0 0 0.0 [bcmFlwStatsTask]
391 2 Darktivi SW 0 0.0 2 0.0 [enet-kthrd]
398 2 Darktivi SW 0 0.0 0 0.0 [pdc_rx]
682 2 Darktivi IW< 0 0.0 2 0.0 [cfg80211]
696 2 Darktivi SW 0 0.0 2 0.0 [bcm_awl_xfer_0]
1260 2 Darktivi IW 0 0.0 0 0.0 [kworker/0:3-eve]
2168 2 Darktivi IW 0 0.0 3 0.0 [kworker/3:1-mm_]
2600 2 Darktivi SW 0 0.0 2 0.0 [scsi_eh_0]
2601 2 Darktivi IW< 0 0.0 2 0.0 [scsi_tmf_0]
2612 2 Darktivi IW< 0 0.0 1 0.0 [uas]
2613 2 Darktivi SW 0 0.0 1 0.0 [scsi_eh_1]
2614 2 Darktivi IW< 0 0.0 1 0.0 [scsi_tmf_1]

 

[Lightivity]

The username and password are case sensitive.

I missed a letter on the password, sigh. I got the status report, see the three posts above.

 

[ColinTaylor]

It looks like you've still got AiCloud 2.0 enabled (Cloud Disk and/or Smart Access). You should disable those immediately. They were used recently to infect Asus routers which is why Asus has issued firmware updates in the last few days. But it's only a matter of time before it happens again.

As a consequence of that I suspect there's lingering malware on your router. I can't see a PPTP VPN server running at the moment but you do have a PPTP VPN client running (VPN Fusion). Is that intentional? If not it could also be part of the malware.

From the SSH command line can you post the output of:

/tmp/ppp/vpnc5_options.pptp

 

[Lightivity]

Thank you so much for the assessment. I've deactivated cloud services. The VPN client is not intentional. The /tmp/ppp/vpnc5_options.pptp prompt returns a "permission denied". I've turned off all VPN services, but there's a "user1" populating the settings. I removed that user some days ago, now it's back.

I guess I'm using Samba (?), since I'm on a Mac and needs to access the USB discs from time to time (inside the LAN).

 

[ColinTaylor]

Sorry, there was an error in the command I gave you it should have been:

cat /tmp/ppp/vpnc5_options.pptp

Check the VPN client options as well under the VPN Fusion tab.

You shouldn't need to enable any Samba related options in any of the VPN settings if you're only accessing it from inside your LAN.

IIRC there must always be at least one VPN user account defined even if the VPN is not being used.

 

[Lightivity]

Sorry, there was an error in the command I gave you it should have been:

cat /tmp/ppp/vpnc5_options.pptp

Check the VPN client options as well under the VPN Fusion tab.

You shouldn't need to enable any Samba related options in any of the VPN settings if you're only accessing it from inside your LAN.

IIRC there must always be at least one VPN user account defined even if the VPN is not being used.

Here's the output:

Darktivity@RT-AX58U-0758:/tmp/home/root# cat /tmp/ppp/vpnc5_options.pptp
noauth
refuse-eap
user 'user1'
password 'admin123'
plugin pptp.so
pptp_server 'router.asus.com'
nomppe-stateful mtu 1400
require-mppe-40
require-mppe-56
require-mppe-128
persist
holdoff 10
maxfail 0
usepeerdns
ipcp-accept-remote ipcp-accept-local noipdefault
ktune
default-asyncmap nopcomp noaccomp
novj nobsdcomp nodeflate
lcp-echo-interval 6
lcp-echo-failure 10
lcp-echo-adaptive
unit 5
linkname vpn5
ip-up-script /tmp/ppp/vpnc-ip-up
ip-down-script /tmp/ppp/vpnc-ip-down
ip-pre-up-script /tmp/ppp/vpnc-ip-pre-up
auth-fail-script /tmp/ppp/vpnc-auth-fail

And here's the screen from the VPN Fusion view. I've deactivated everything:

 

[ColinTaylor]

I think if I were you I'd perform a hard factory reset on this router and then set it up again by hand (i.e. not reloading an old configuration file).

[Wireless Router] ASUS router Hard Factory Reset - Method 2 | Official Support | ASUS Global

I suspect this rogue VPN client is the cause of your other issues.

 

[Lightivity]

I suspected as much. Thank you. If the VPN is all closed and shut down, could there still be activities or malware on the router? Or is hard reset the only way?

 

[ColinTaylor]

I suspected as much. Thank you. If the VPN is all closed and shut down, could there still be activities or malware on the router?

Yes, I suspect there is something installed on the router which keeps recreating the VPN each time you disable it. That's why I suggested a hard factory reset as that should wipe the router's internal storage completely.