What's new

Asuswrt-Merlin 376.49 is out

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes, exactly. Glad to see that you're on the right track.

Thank you! I did it last night and it worked perfectly the first time I tried it the way you guys suggested. My router is on the newest Merlin firmware now.

One thing that still tortures me is why mtd-erase2 nvram command doesn't do anything when I try it in Putty. Yes, I've enabled SSH in my router, set the Authentication Key in both, Putty and the router, even set the password for the authentication key. I can connect to my router using Putty and SSH just fine... but the only weird thing is that after executing mtd-erase2 nvram command, I don't get any confirmation like nvram successfully erased or anything like that. My cursor just jumps down one prompt line like nothing happened. Almost as if I only pressed Enter without even entering that command.

Thanks again everybody!
 
Strange... I'm on TWC here in metro Dallas - on their fastest 100 Mb service, with latest Motorola DOCSIS3 modem, and I get nothing when I enable IPv6. Have it set to "Native" like you, and DNS set to automatic, and get absolutely nothing at all.

Dallas, did not mention that after activating IPv6, had to turn off router. Then cycle power on Time Warner cable modem (white-box Motorola SB6141 DocSis 3.0). Then wait for modem to retrain/stabilize. Then turn on router and wait a couple of minutes.

Eventually everything settles down and you can navigate to http://test-ipv6.com/. Ideally you will see something like this:

Code:
	Your IPv4 address on the public Internet appears to be 174.103.1xx.xxx

Your IPv6 address on the public Internet appears to be xxxx:xxxx:xxxx:c06c:d194:xxxx:xxxx:xxxx

Your Internet Service Provider (ISP) appears to be SCRR-xxxxx - Time Warner Cable Internet LLC,US

Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]

Good news! Your current configuration will continue to work as web sites enable IPv6.

Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.

As mentioned an even simpler test at a Windows Command prompt is simply to "ping ipv6.google.com". You should get a response within 26 to 30 milliseconds.

Hmm, am running latest 49_6 "CFEupdate" Merlin for AC68u router. On the WAN setup page everything's automatic except that the WAN DNS server "Connect to DNS Server automatically" is set to NO, and thus the primary and secondary DNS server addresses had to be set to something like 8.8.8.8 and 8.8.4.4 (that's the Google Public DNS server). The only thing touched on the IPv6 Merlin page is setting Connection Type to "native" as we described.

As mentioned my test client is a Microsoft Windows 7 machine cabled to the RT-AC68u router, with the Windows default IPv6 and IPv4 protocol stacks left as installed, defaults and automatic everything. Test browser is latest Google Chrome 64-bit.

Another clue about all this is that my knowledge of IPv6 is practically zero. About the only things I know include that you can ping ipv6.google.com. And that if you uncheck the ipv4 protocol in the adapter settings of a windows machine, you can still browse the web, and google and wikipedia work. But most other websites do not respond, as of 2015 January. My curiosity is further activated by noticing that with an IPv6-only Windows client machine, it's not clear to me how to browser-navigate to the Merlin router setup pages yet. Can ping to the ridiculously long IPv6 default gateway address at a command prompt from the Windows machine, but danged if I know how to browse to the Asus Merlin router setup pages with an IPv6-only machine.

There's plenty of Internet discussion about Time Warner ipV6 implementation being incomplete and possibly different in various parts of the United States.

Am interested in hearing about your further experiments with IPv6 and Merlin _49.
 
Last edited:
Dallas, did not mention that after activating IPv6, had to turn off router. Then cycle power on Time Warner cable modem (white-box Motorola SB6141 DocSis 3.0). Then wait for modem to retrain/stabilize. Then turn on router and wait a couple of minutes.

Eventually everything settles down and you can navigate to http://test-ipv6.com/.
Have done all that, more than once.
There's plenty of Internet discussion about Time Warner ipV6 implementation being incomplete and possibly different in various parts of the United States.

Am interested in hearing about your further experiments with IPv6 and Merlin _49.
Yep, apparently they don't have it configured in my service area. Will post here if that changes at some point - unless I move from TWC to AT&T Uverse, which I'm contemplating...
 
... but the only weird thing is that after executing mtd-erase2 nvram command, I don't get any confirmation like nvram successfully erased or anything like that. My cursor just jumps down one prompt line like nothing happened. Almost as if I only pressed Enter without even entering that command.

Unfortunately, the mtd commands for the ARM based routers as provided by Asus don't provide any feedback (success or fail)...your system isn't broken.
 
Last edited:
Unfortunately, the mtd commands as provided by Asus don't provide any feedback (success or fail)...your system isn't broken.

Thank you John. It's all good now, I did it manually like other good members of this board suggested. Doing it through Putty and not getting any results was little confusing for me since I watched this video:
https://www.youtube.com/watch?v=rG3fVNT18Pc&t=87

At the 1:27 sec mark, guy is executing mtd-erase -d nvram (MIPS-based router) and he got confirmation nvram was successfully erased. You have to watch video in full HD and full screen in order to see his Putty window and what he's typing...

Here I took a screenshot of his window:
7D4cq3K.jpg


As I said, it's all good and I thank you all a million for your generous help and all the assistance provided. Greatly appreciated.
 
@SmallNetGuy.....Difference is the MIPS version, mtd-erase, vs the ARM version, mtd-erase2....
 
This new build .49_5 is cutting off the 5g wifi at 50/20mbit where .48_1 was giving me 300/300mbit.

I havent tested the 2.4g wifi...
And wired connections was the same.

Tested with MacBook Pro OS X 10.10.1
 
One thing that still tortures me is why mtd-erase2 nvram command doesn't do anything when I try it in Putty. Yes, I've enabled SSH in my router, set the Authentication Key in both, Putty and the router, even set the password for the authentication key. I can connect to my router using Putty and SSH just fine... but the only weird thing is that after executing mtd-erase2 nvram command, I don't get any confirmation like nvram successfully erased or anything like that. My cursor just jumps down one prompt line like nothing happened. Almost as if I only pressed Enter without even entering that command.

After doing the telnet or ssh nvram mtd-erase2 and rebooting the router, just having the router go into the same "find an internet connection" mode that it did when you first got the router is a simple, first level verification that the nvram was erased. This tells you that your settings are back to factory defaults, just like when you bought and first powered up the router.

So, while Asus didn't see fit to have the verification "nvram successfully erased" after the mtd-erase2 command for their ARM-based routers (too bad, I liked that, too), the behavior of your router, and having default settings, after a reboot will verify that your router's nvram was cleared *smile*.
 
After doing the telnet or ssh nvram mtd-erase2 and rebooting the router, just having the router go into the same "find an internet connection" mode that it did when you first got the router is a simple, first level verification that the nvram was erased. This tells you that your settings are back to factory defaults, just like when you bought and first powered up the router.

So, while Asus didn't see fit to have the verification "nvram successfully erased" after the mtd-erase2 command for their ARM-based routers (too bad, I liked that, too), the behavior of your router, and having default settings, after a reboot will verify that your router's nvram was cleared *smile*.

Thank you RogerSC! All good now, I understand how mtd-erase2 is handled differently than what it was with command for MIPS based routers. No textual feedback. I know I am bugging you, but if I never asked, I'd probably never find out about this. Thanks a lot!
 
Currently running _5 and very happy with it.
I'm sure this question has been asked before but the one gripe I have with the RT-AC68U is that, in WAP mode (Asus and Merlin), the Guest network does not enable LAN isolation. I realise that the firewall etc is turned off when using the device in WAP mode but wouldn't it be just a simple matter of disallowing access to anything on the same sub-network as the main router?
Currently, anyone who uses "Guest" in our house has to connect with the main DSL-AC68U with a weaker signal. It would be nice to be able to enable the Guest network on the RT also but, currently, this would enable full LAN access.
 
Last edited:
Currently running _5 and very happy with it.
I'm sure this question has been asked before but the one gripe I have with the RT-AC68U is that, in WAP mode (Asus and Merlin), the Guest network does not enable LAN isolation. I realise that the firewall etc is turned off when using the device in WAP mode but wouldn't it be just a simple matter of disallowing access to anything on the same sub-network as the main router?
Currently, anyone who uses "Guest" in our house has to connect with the main DSL-AC68U with a weaker signal. It would be nice to be able to enable the Guest network on the RT also but, currently, this would enable full LAN access.

When in AP mode, your router needs to be able to access at least the upstream router, which will be on the same subnet. At that point, the AP has no control as to how the upstream router (your DSL-AC68U) decides to route the traffic on your LAN.

What you suggest would most likely need to be configured on the main router rather than the AP.
 
When in AP mode, your router needs to be able to access at least the upstream router, which will be on the same subnet. At that point, the AP has no control as to how the upstream router (your DSL-AC68U) decides to route the traffic on your LAN.
.

Thanks for the quick response. Maybe just lock direct access to local IPs except the Gateway. I don't proclaim to be an internals expert so I'll defer to your far greater technical expertise but maybe it's something that you can consider to see if there's a way to do it. It would certainly be another great feature to differentiate the Merlin code from the base Asus code.
 
Last edited:
@RMerlin
Is it possible to include the feature discussed in this topic?
In that thread you ask for:
Hi!

When trying to connect to the router via Web Interface the authorization page informs about the model of router.

In my case it shows: RT-AC68U.

Is it possible to remove it or rename it due to security thoughts? Maybe it would be good to change it to the "Device name" from the LAN page?
In terms of security, hopefully the FIRST thing you do is to change the login name AND password from the defaults to something strong and unique. Secondly, if desired you can completely turn off WAN access to the router login. That seems pretty adequate for security without asking for additional coding just to remove the router model from the login dialog?
 
In that thread you ask for:

In terms of security, hopefully the FIRST thing you do is to change the login name AND password from the defaults to something strong and unique. Secondly, if desired you can completely turn off WAN access to the router login. That seems pretty adequate for security without asking for additional coding just to remove the router model from the login dialog?

Beside, determining the router manufacturer is trivial for anyone that sits on your LAN. One look at an ARP rentry, one OUI lookup, and you're done.
 
Updated today from 376.48_1 to 376.49_5 on AC68U, now I have some issue with the openVPN Server:

I was using TLS-auth Incoming (0) and was working well.

Now under advanced configuration / Authorization Mode I can't add my tlsauth static key.

If in 376.48_1 was:
attachment.php


now in 376.49_5 is:
attachment.php


Sometimes the webui say that can't load openvpn stance for an error in the server configuration, and in syslog say:
"openvpn[13813]: Options error: Bad port number: 0"
but in the webui the port is setted to 1194

I noticed also that now when I turn OFF/ON the openVPN server also the openVPN client on the router reset his connection.

EDIT:
Temporary solution is to add this on "custom configuration" box
Code:
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
HERE YOUR AUTH KEY
-----END OpenVPN Static key V1-----
</tls-auth>
 

Attachments

  • Screen Shot 2015-01-15 at 19.14.jpg
    Screen Shot 2015-01-15 at 19.14.jpg
    12.1 KB · Views: 650
  • 2014-12-21_17-00-24.jpg
    2014-12-21_17-00-24.jpg
    43.3 KB · Views: 859
Last edited:
Updated today from 376.48_1 to 376.49_5 on AC68U, now I have some issue with the openVPN Server:

I was using TLS-auth Incoming (0) and was working well.

Now under advanced configuration / Authorization Mode I can't add my tlsauth static key.

Set Authentication to "Static Key", after that you will be able to access the Static Key field. Asus changed it so it only shows when auth is set to that mode.
 
Thanks for the reply,

I'm using TLS + Static Key. Not only static key.

From your answer i understand that i can only choose one or another authentication system, not both.

or i misunderstood?

However with solution i found I can use both TLS and Static Key
 
Take the case of one of my Tmobile routers. Have changed these TMAC1900 routers to more generic RT-AC68u devices. Did this by uploading the 1.0.2.0 US CFE throught the Linux prompt with mtd-write V2. Then after resetting them, loading Merlin firmware (376.49_4) into the now-generic RT-AC68u using standard menu options.

Anyway, can report that upgraded the RT-AC68u to the 376.49_6 firmware, that RMerlin says will handle larger-than-32-megabyte CFE bootloaders in the future, has proceeded without incident.

Curious as to what you think may happen on a Tmobile AC1900 router which has not had the 1.0.2.0 CFE modification and is still running Tmobile's 2.1.2.1 CFE? I'm running an earlier Merlin build but did not swap out the CFE.

My guess is nothing good would come of it! As there is significant hex-editing of MAC addresses + WPS code when swapping out the CFE manually, which would not be done automatically in the 376.49.6 flash.
 
Thanks for the reply,

I'm using TLS + Static Key. Not only static key.

From your answer i understand that i can only choose one or another authentication system, not both.

or i misunderstood?

However with solution i found I can use both TLS and Static Key

I'm not sure, as I've never looked at static key authentication. Test by having it set to static key. If it doesn't work, switch back to TLS - what you entered as your static key will still be saved.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top