Asuswrt-Merlin 374.39 is out

[Bobcat00]

SDK5 builds for the RT-N66U are officially discontinued. The recent EM builds has shown that they are good enough to replace what was a painfully hacked together build (those sdk5 builds).

So would you recommend I use the vanilla 39_0 or the 39_0-em build for my NT-R66U ?

 

[jim769]

So would you recommend I use the vanilla 39_0 or the 39_0-em build for my NT-R66U ?

Use the EM build for the N66 better signal output.

 

[bilboSNB]

No idea. You will have to give it a try, just make sure your rules are applied before the DNSFilter rule in the PREROUTING chain.

Actually my nat-start script seems to have stopped working, I have not enabled the dns filtering yet, how should I modify this to work with the new firmware?

#!/bin/sh

iptables -I PREROUTING -t nat -p udp -s `nvram get lan_ipaddr`/`nvram get lan_netmask` ! -d `nvram get lan_ipaddr`/`nvram get lan_netmask` --dport 53 -j DNAT --to-destination `$
iptables -t nat -A PREROUTING -i br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d 216.239.32.20 --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d bing.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d uk.search.yahoo.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -I POSTROUTING -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp -j SNAT --to `nvram get lan_ipaddr`
iptables -I FORWARD -i br0 -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp --dport 8118 -j ACCEPT

 

[geops]

QoS is pretty useful when configured right. probably the most useful thing is that it can completely nullify the impact of torrents while gaming. tcp streams, though, need to be limited or a more powerful device used to get the same results at high bandwidth

whereas merely limiting torrent bandwidth still destroys in-game latency

Nullifying the impact of torrents while gaming is a myth. Do you think your provider has QoS favoring your game? I've done excessive testing with QoS and found it completely useless outside of Regional Provider Network and up. Aside from my home setup with about 30 devices fed from an AC68 I am managing an educational network with thousands of switches/routers and APs and I've tested QoS at large scale too. It is quite useless with close to 0 impact and just uses processor time. Your game latency will go up only if there is a bottleneck on the route to the game server OR if your pipe gets completely filled up OR if the game server is overloaded. The second you can manage by capping your download speed while playing. The first and third are just a fact of life and happens occasionally.

 

[RMerlin]

Actually my nat-start script seems to have stopped working, I have not enabled the dns filtering yet, how should I modify this to work with the new firmware?

#!/bin/sh

iptables -I PREROUTING -t nat -p udp -s `nvram get lan_ipaddr`/`nvram get lan_netmask` ! -d `nvram get lan_ipaddr`/`nvram get lan_netmask` --dport 53 -j DNAT --to-destination `$
iptables -t nat -A PREROUTING -i br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d 216.239.32.20 --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d bing.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d uk.search.yahoo.com --dport 80 -j DNAT --to 192.168.0.1:8118
iptables -t nat -I POSTROUTING -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp -j SNAT --to `nvram get lan_ipaddr`
iptables -I FORWARD -i br0 -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp --dport 8118 -j ACCEPT

Check the actual content of the PREROUTING/POSTROUTING tables, that should give you hints as to why the rules might have stopped working. There's a good chance the issue might be in the rule order.

 

[geops]

Is there any way to enable channels 52-64 and 100-140 on the AC68U(US)?

 

[BobMCT]

Wireless printers not functioning on vers 39.0

I've been using my RT-N66U with Merlin firmware for a year and a half now with excellent results (thank you merlin). But when I recently upgraded to version 39.0 both my wireless Brother printers started to hang. No ping contact, no printing, etc. I tried everything I could to clear the queues and restart the printers with no luck. So knowing that the only thing that changed was the router firmware, so I reloaded version 35.2 and now my printers work again. Also while on version 39.0 I started receiving network drop outs on my ASUS notebook with an Intel Centrino wireless adapter. Don't know yet if that will be corrected but I thought it important to mention both of these issues on this threat. Hopefully someone (Merlin) can figure out why this occurs and provide a fix in the next version.

 

[KGB7]

I've been using my RT-N66U with Merlin firmware for a year and a half now with excellent results (thank you merlin). But when I recently upgraded to version 39.0 both my wireless Brother printers started to hang. No ping contact, no printing, etc. I tried everything I could to clear the queues and restart the printers with no luck. So knowing that the only thing that changed was the router firmware, so I reloaded version 35.2 and now my printers work again. Also while on version 39.0 I started receiving network drop outs on my ASUS notebook with an Intel Centrino wireless adapter. Don't know yet if that will be corrected but I thought it important to mention both of these issues on this threat. Hopefully someone (Merlin) can figure out why this occurs and provide a fix in the next version.

Which model of Centrino card are you using? Is it 2230? Because Intel forum has many complaints that this card does not work for many people with other routers. Even new 7260N cards are buggy as well. Some have found a solution by switching to Atheros based wifi cards.

If its none of the above, then try a much older driver for your wifi card.

 

[RMerlin]

I've been using my RT-N66U with Merlin firmware for a year and a half now with excellent results (thank you merlin). But when I recently upgraded to version 39.0 both my wireless Brother printers started to hang. No ping contact, no printing, etc. I tried everything I could to clear the queues and restart the printers with no luck. So knowing that the only thing that changed was the router firmware, so I reloaded version 35.2 and now my printers work again.

You are jumping from a quite older version, and a quite different wireless driver. Make sure you do a factory default reset and manually reconfigure your router afterwards.

 

[Kris404]

Is OpenVPN server 1 enabled by default on .39?

I switched from 583 to 39 and found the server running when checking the logs. Kind of freaked out a little bit as my authentication is still default but then realized I'm probably saved by the cert.

 

[GoNz0]

Is there any way to enable channels 52-64 and 100-140 on the AC68U(US)?

drop me a pm as I have the script on my laptop as the old UK one no longer works. I will be home in 12 ish hours.

 

[sinshiva]

Nullifying the impact of torrents while gaming is a myth. Do you think your provider has QoS favoring your game? I've done excessive testing with QoS and found it completely useless outside of Regional Provider Network and up. Aside from my home setup with about 30 devices fed from an AC68 I am managing an educational network with thousands of switches/routers and APs and I've tested QoS at large scale too. It is quite useless with close to 0 impact and just uses processor time. Your game latency will go up only if there is a bottleneck on the route to the game server OR if your pipe gets completely filled up OR if the game server is overloaded. The second you can manage by capping your download speed while playing. The first and third are just a fact of life and happens occasionally.

it's not a myth lol.

setup qos like thus;

53 highest
80 high
443 high
27015 highest (game server port)

leave torrents undefined and dont use 'medium' or below.

 

[przemekwawa]

OpenVPN problem

Hi,
I have just flashed new firmware (before was .374.34_2) and has reconfigured everything (nvram cleaned).
In new version I have problem with tunnelling all traffic through OpenVPN (Mac OS only tested for now(tunnelblick), windows will test in few days).
Not everything is tunnelled, e.g.
sudo tcpdump -i en0 -vvv -X -s 0 | grep SOMESITE
returns "Referer: SOMESITE". So something is transferred outside tunnel.

When I was using .374.34_2 everything was tunnelled. Configuration is the same (rewritten manually).

All these settings are ON:
Push LAN to clients
Direct clients to redirect Internet traffic
Respond to DNS
Advertise DNS to clients

My openvpn config file:
client
dev tun
proto tcp
remote IP PORT

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert X.crt
key X.key
tls-auth ta.keYy 1
ns-cert-type server

comp-lzo
verb 4

So, any ideas what to change, to route whole traffic through tunnel?

Update: On windows everything seems still fine, only mac os 10.9 problem. Tried installing newest beta version of tunnelblick, nothing helped.

 

[burt]

I have problem with AC68U/Merlin 3.0.0.4.374.39_0 on TV Samsung UE40ES7000 (Cabled LAN utp cat5e). With the version 3.0.0.4.374.38_2 any problem!

what happens? simple; the television will turn off and turn on automatically every 4 minutes.

Before bringing the fw 3.0.0.4.374.38_2 you know how to recommend me thing I have to verify? have ideas?

 

[RMerlin]

Is OpenVPN server 1 enabled by default on .39?

I switched from 583 to 39 and found the server running when checking the logs. Kind of freaked out a little bit as my authentication is still default but then realized I'm probably saved by the cert.

I don't enable it by default, however something in 583 might have enabled it since we don't fully handle VPN servers exactly the same way.

 

[pr0jects]

still have 3.0.0.4.374.35_4 installed on my RT-AC66U and now I want upgrade to the lasted .39 version.
Is it necessary to do a full-reset and config everything again?

 

[RMerlin]

still have 3.0.0.4.374.35_4 installed on my RT-AC66U and now I want upgrade to the lasted .39 version.
Is it necessary to do a full-reset and config everything again?

Not mandatory on the RT-AC66U. If you do experience wireless issues afterward be prepared to do a factory default reset + reconfiguration. Sometimes just recreating the wireless profile on your computer (delete connection and reconnect it) is enough.

 

[bilboSNB]

Check the actual content of the PREROUTING/POSTROUTING tables, that should give you hints as to why the rules might have stopped working. There's a good chance the issue might be in the rule order.

Found the issue, I had some how deleted a " ` "

 

[cdysthe]

After a few days with 39_0em my NAS was suddenly inaccessible except for through FTP. I went back to 38_2em and it works again. What could be wrong?

See here:

http://forums.smallnetbuilder.com/showthread.php?p=104041#post104041

This is really bugging me since I would like to use the DNS filtering in 39 but can't when I lose access to my NAS

 

[AndreaS]

Looks like something is causing the web server to crash on your router. I'm unable to reproduce it, so it might be something that's different in your environment.

First thing I would try is to isolate the cause. See if it's caused by a specific device on your network that might have an invalid hostname, for instance. Turn off the router, unplug all devices but the modem and one single computer. Turn it back on, and try to access the Tools page with that computer. If it works properly, start adding more computers on your network to see if it's one of them causing it.

I had to reset the router to default to get rid of this problem. There is any nvram setting that can affect the web gui functionality?