Asuswrt-Merlin 3.0.0.4.246.19 is out

[RogerSC]

How safe is to run open WiFi with filter that would allow only specified MAC address to access it?

Not very, MAC addresses are easy to spoof.

 

[RMerlin]

How safe is to run open WiFi with filter that would allow only specified MAC address to access it?

Unsafe. MAC addresses can be spoofed by a client. If you leave your network wide open and unencrypted, it would be trivial for anyone to sniff out the traffic, determine the MAC address of working clients, and clone it so they can also connect.

 

[DaveMishSr]

How safe is to run open WiFi with filter that would allow only specified MAC address to access it?

First of all its very unsafe. Spoofing a MAC address is very easy to do on an unsecured network. Once a hacker gains your list of MAC addresses for connected clients they simply set one as their MAC address and they now have unfettered access to your network. Second, why would you want to? That would require you to enter each and every MAC address that you wish to access your network. Time consuming and depending on your network topology it could take forever to manually reconstruct your settings if you had to do so (and many of us have had to). Set up your network with the highest level of security allowed by your clients, WPA or WPA2, AES if WPA2, if at all possible. I also use random password generators to set up encryption keys and regularly change them. A simple Google search will turn up password generators.

 

[TT7]

Thank you all who replied.
I'm running OpenVPN client 24/7. Would that prevent sniffing and MAC Address Spoofing?

 

[RMerlin]

Thank you all who replied.
I'm running OpenVPN client 24/7. Would that prevent sniffing and MAC Address Spoofing?

No. OpenVPN only encrypts the traffic between the server and the client. The LAN wireless traffic would remain unencrypted if you don't enable strong wireless encryption. The TCP/IP header will also be wrapped around the encrypted packet, leaving it vulnerable to sniffing.

 

[TT7]

Great to know. Thank you Merlin.

 

[jerry6]

Well made the switch to Merlin build 219.b , so far all works well and like the extras .

 

[Apex]

Just upgraded from the stock firmware to this in order i hoped to solve a few niggling issues.

UPNP is broke [more details on this later]
Ping from WAN is not working <- this is what is concerning me.

I had to put my pc into the dmz to get games and other apps that used upnp to work with this router - otherwise it would not work now it apears that putting the machine into the dmz broke the repsond to ping from wan as a number of online ping me tests keep timing out, this didn't work in the stock firmware and it apears doesn't work in this firmware either.

If i try to take out the host from the DMZ ie i select all and delete the entry i get a warning sayings fields can not be blank so i have to leave something in there [put 0.0.0.0 in for now] - is there a way to remove the entry via telnet or can this be fixed some other way ?

 

[lfbb]

3.0.0.4.246.20:
- NEW: Wifi status icon will be half colored if only one radio is enabled.
- NEW: Wifi status icon popup will report the state of each radios.
- NEW: upnp custom config file for miniupnpd
- NEW: unmount user script
- NEW: led_ctrl, makemime applet (for use in conjunction with sendmail)
- NEW: Implemented control for network switch LED (all four at once)
- NEW: Stealth Mode: option to disable all LEDs
- FIXED: Radio toggle through WPS button would be overriden by a scheduled
radio. Reverted "switch" to "toggle" code to prevent this.
- FIXED: You couldn't disable DMZ by clearing the IP field.
- FIXED: You couldn't edit entered text in DHCP/MAC/etc name field
- FIXED: clientid passing for some ISPs requiring it (like Sky UK)
was broken with the DHCP client change of build 220.
- FIXED: No longer reboot the router three times during boot time if one
of the radios is disabled by the user. (RT-N66U)
- FIXED: Changing the router login name to anything other than "admin"
would prevent radvd, ecmh and the cru script from working
properly - they all assumed "admin". Made then use
http_username instead (which is tied to the superuser)
- CHANGED: Improved SMB and vsftpd read performance by up to 30%

https://github.com/RMerl/asuswrt-merlin/blob/master/README-merlin.txt

You will have to wait until this build is released.

- lfbb

 

[RMerlin]

I had to put my pc into the dmz to get games and other apps that used upnp to work with this router - otherwise it would not work now it apears that putting the machine into the dmz broke the repsond to ping from wan as a number of online ping me tests keep timing out, this didn't work in the stock firmware and it apears doesn't work in this firmware either.

I have no problem with upnp here. Make sure you don't have a double NAT situation, where your modem would apply its own NAT layer before the router.

WAN ping also works for me. Again, make sure your modem isn't also doing its own layer of NATting, and make sure you have "Respond Ping Request from WAN" set to "Yes" on the Firewall page.

If i try to take out the host from the DMZ ie i select all and delete the entry i get a warning sayings fields can not be blank so i have to leave something in there [put 0.0.0.0 in for now] - is there a way to remove the entry via telnet or can this be fixed some other way ?

I fixed it in my next build, and Asus has also fixed it in build 260. For now you can clear it through telnet:

nvram set dmz_ip=""
nvram commit

Reboot your router to apply the change.

 

[lfbb]

UPNP is broke [more details on this later]
Ping from WAN is not working <- this is what is concerning me.

UPnP is working without flaws for me.

What do you mean by 'Ping from WAN is not working'? You want your computer to give ping reply from WAN?

- lfbb

 

[Apex]

I'll try that when i can get the connection idle - got shouted at for taking it off them for 5mins while i upgraded to this version

Connection to the net is via nTL/VM Cable modem [Ambit 250 modem] so there is no double nat going off - simple modem > router set up

Respond to ping from wan is ticked and has been since i got this router - it seems that if you have a host in the dmz this option becomes redundent due to all packets getting passed to the dmz host or at least that is my thinking

The upnp is a odd one - i use to be on WinXP 64bit via a buffalo router - all the programs that used upnp for their networ services ie xfire / msn / bit torrent and steam games worked without me needing to open ports - i am now on a new pc Win7 64bit and this router and upnp is not working right for the programs even though every upnp tester i run says it's working the ports that the programs need that would be open via upnp aren't getting open anymore - why i don't know.

I'll update if i figure out whats going on.

 

[Apex]

UPnP is working without flaws for me.

What do you mean by 'Ping from WAN is not working'? You want your computer to give ping reply from WAN?

- lfbb

No - i want the router to respond to ping from the wan - there are several monitoring services out there one being http://www.thinkbroadband.com/ping/monitors.html and currently it is showing that my packetloss is 100% because the router is not responding to ping - even though i have the option ticked but again i think this is down to the fact that my machine was till 5 mins ago was in the dmz and thus all packets coming in where set to go to my machine and with the default windows firewall rules set to drop this type of traffic it might explain it.

For now till i get chance to reset/reboot it will have to stay as is -

And i have just figured it out - if you put a host into the dmz the respond to ping from wan does become redundent because it fwds all packets to that host - because i have the inbuilt windows firewall turned on it blocks icmp ping replys [why this works on the local lan i dont understand] i have just added a new inbound rule on this machine for the firewall to allow the icmp replys and gone and checked the monitoring service i linked to - my connection is now showing up and not showing 100% packet loss [i can also see that the connection is been fwd to my machine in the 'connections list' thats built into this firmware - i guess this will be the case till i make the change that was pointed out to me before



^_^

 

[burdonc]

Added Features

Hello Merlin

Thank you for all your hard work making the asus even better than it already is.
I have been looking at the tomato USB firmware and have found an interesting feature called TOR.

Is their any way you could implement this into the asus firmware perhaps you could include a URL list and when ever you go to these sites it uses this feature?

P.S cant wait for the V20 firmware as i rely on the sky additional settings for fibre.

Keep up the good work

 

[Nerre]

Tor is available as entware, not sure if it works straight out of the box though.

 

[RMerlin]

Hello Merlin

Thank you for all your hard work making the asus even better than it already is.
I have been looking at the tomato USB firmware and have found an interesting feature called TOR.

Is their any way you could implement this into the asus firmware perhaps you could include a URL list and when ever you go to these sites it uses this feature?

No plan to integrate TOR, no.

 

[M4G101]

Hi,
i have a litte Problem with my RT-N66U running Asuswrt-Merlin 3.0.0.4.246.19.
The Firmware was running great so far. But yesterday i added some WOL targets(using Safari) and now the WOL-Page is corrupt.
I can't see any entries. And i also can't delete them.
I think i could solve the problem by resetting the router settings but is there a workaround so i can get the page to work again?
I saw that it was a known bug in an earlier version of Asuswrt-Merlin.

 

[RMerlin]

Hi,
i have a litte Problem with my RT-N66U running Asuswrt-Merlin 3.0.0.4.246.19.
The Firmware was running great so far. But yesterday i added some WOL targets(using Safari) and now the WOL-Page is corrupt.
I can't see any entries. And i also can't delete them.
I think i could solve the problem by resetting the router settings but is there a workaround so i can get the page to work again?
I saw that it was a known bug in an earlier version of Asuswrt-Merlin.

Invalid characters should no longer be allowed, unless possibly you entered them a few versions ago before I added input validation.

You can erase the list over telnet with the following commands:

nvram set wol_list=""
nvram commit

 

[wirelessroute]

restart_diskmon asus

Asus is working on implementing a new disk monitor which can be used to schedule automated filesystem checks. That work isn't finished yet, so they haven't exposed it to the webui at this point, altho if you are crafty enough, you can dig out a test webui that's hidden in there.

Upgraded to .260 and kept getting the following error every hour
restart_diskmon asus Downgraded to .246 get same restart every hour
It causes a legacy alarm monitoring to go offline and has to be manually rebooted. What a Hugh annoyance. Woke me up 5 times last night because this legacy device beeps continuously after going offline. Now back to .220 that I''ve been using for several months without any issues. Hopefully all is ok now

 

[Kritiker]

Wirelessroute, see Hourly daemon restarts.