What's new

Asuswrt-Merlin 378.53 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Using PIA VPN with AC56U just fine with "Strict" setting. Always did. I also came from Shibby 1.28.

Knowing there is no issue using PIA I tried using free vpn server from vpngate.net and it turns out using Exclusive working good. So the problem is the settings from Ipvanish, but why using tomato shibby works fine with Ipvanish.
 

Attachments

  • vpngatelog.txt
    5.7 KB · Views: 519
  • ipvanishlog.txt
    5 KB · Views: 524
why you dont add under wan/lan google dns? It will fix your dns leak


thank you merlin for policy based routing

i understand correct if the vpn goes down my devices cant connect to the internet? (ipleak)


edit: i think i found a bug i was connected to vpn changed dns to 8.8.8.8 it leaked my REAL ip for 10-20seconds
 
Last edited:
Knowing there is no issue using PIA I tried using free vpn server from vpngate.net and it turns out using Exclusive working good. So the problem is the settings from Ipvanish, but why using tomato shibby works fine with Ipvanish.

I already explained which specific setting was causing the issue. Please re-read my previous answer on this topic.
 
Hi folks.

With 378.53 I lose WAN SSH access when the DMZ is turned on. Any ideas?
 
Last edited:
why you dont add under wan/lan google dns? It will fix your dns leak


thank you merlin for policy based routing

i understand correct if the vpn goes down my devices cant connect to the internet? (ipleak)


edit: i think i found a bug i was connected to vpn changed dns to 8.8.8.8 it leaked my REAL ip for 10-20seconds

I am using it now(with DNS relaxed) as a temporary solution, but would be better if Strict/Exclusive also worked :)

I already explained which specific setting was causing the issue. Please re-read my previous answer on this topic.

Ok Merlin I will look into that settings. Thank you :)
 
87u
everyone devices connected to LAN1 port i see <unknown> in tools menu.

Its normal ?
unk-png.3782


imo its a fw bug becouse in network map i see device and his mac adres
mac-png.3783
 

Attachments

  • unk.png
    unk.png
    1.3 KB · Views: 1,155
  • mac.png
    mac.png
    4.5 KB · Views: 1,010
Last edited:
87u
everyone devices connected to LAN1 port i see <unknown> in tools menu.

Its normal ?
unk-png.3782


imo its a fw bug becouse in network map i see device and his mac adres
mac-png.3783

It's not a bug, it's designed that way. Port 1 is not on the same switch as the three other ports, and that switch does not provide any method to determine what's the last MAC address it has seen connected to it. Therefore, it reports it as being unknown.
 
so why network map report correctly devices connected to this port ?
 
Hi RMerlin.
IP TV does not work in this firmware
Connection type - PPPoE
IGMP proxy - enable 4022

In 378.52_2 IPTV working perfectly
 
so why network map report correctly devices connected to this port ?

It does not report the MAC of a device seen on THAT specific port. It merely specifies "I see that MAC somewhere on one of my ports, no idea where it's plugged".
 
Hi RMerlin.
IP TV does not work in this firmware
Connection type - PPPoE
IGMP proxy - enable 4022

In 378.52_2 IPTV working perfectly

I haven't made any change to that code, and I have no way of testing it either. So if it broke with a recent Asus change, you will have to wait for Asus to fix it in a future release.
 
Hi. Did further testing on my RT-N66U, this time without wireless scheduling (see post in previous page for my problems with scheduling via web UI). The result is that when I disable wireless with "radio off" the radios get disabled but the acsd process keeps allocating more and more memory without any reason. The WPS button set to enable/disable radio works differently and closes the acsd process when disabling the radio. What is the command the WPS button uses? I'd like to make a cron job that allows me to schedule the radio availability that don't eat all the memory in a couple days.
 
As i understand, with policy rules for routing client traffic through vpn, we can't have "reverse" rules, right? I mean, it's not possible to have one device where all it's traffic is routed through the vpn, except when accessing certain specified external ip's?

Is this period, or could it be done with a custom script, or maybe a future feature?
 
As i understand, with policy rules for routing client traffic through vpn, we can't have "reverse" rules, right? I mean, it's not possible to have one device where all it's traffic is routed through the vpn, except when accessing certain specified external ip's?

Is this period, or could it be done with a custom script, or maybe a future feature?

You currently can't define exceptions through the webui, you have to rely on scripting for that.

I will probably eventually allow rules to specify which gateway they are meant for, but for now I'm on a break from development.
 
Just wanted to jump in and share that I have finally resolved my AirPlay not working/Apple TV not waking from sleep with iOS remote issues that have been bothering me on and off for the last month or two (always running latest Merlin), I was convinced my Apple TV was the problem but after setting NAT loopback to Asus the device works perfectly for the last few days (tried disabling first with no joy).

I went through a lot of trial an error with router settings and saw the issue regardless if the device was connected via cable or wifi.

I would expect this to be affecting quite a few others, but if you don't have an Apple TV then sorry for the spam!
 
And still, there is no dual wan working... ((

I've successfully used the code below on 378.52_2 for selective routing via Dual Wan and One VPN Tunnel Client; I have not try it in 378.53 though.

Code:
#!/bin/sh

logger -t "($(basename $0))" $$ Selective routing starting...

# This Script only works with Dual Wan and one VPN Client enabled (VPN Client 1 or 2)
# Table 100 -> Default via wan0   -> automatically created by enabling Dual WAN
# Table 200 -> Default via wan1   -> automatically created by enabling Dual WAN
# Table  10 -> Default via tun_if -> created by this script

# Source LAN IP Ranges
# Range routed to VPN Tunnel
IP_RANGE1="192.168.100.64-192.168.100.127"
# Range routed to WAN0 by default - This range does not need special handling
IP_RANGE2="192.168.100.2-192.168.100.63"
# Range routed to WAN1
IP_RANGE3="192.168.100.128-192.168.100.254"

# Delete table 10 and fwmark 1 and 2 if they exist

ip route flush table 10
ip route del default table 10
ip rule del fwmark 1 table 10
ip rule del fwmark 2 table 200
ip route flush cache
iptables -t mangle -F PREROUTING
logger -t "($(basename $0))" $$ Deleted table 10, fwmark 1 and 2 if they exist and flush cache

# It is necessary to disable Reverse Path Filtering on all current and future network interfaces:

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
  echo 0 > $i
done
logger -t "($(basename $0))" $$ Disabled Reverse Path Filtering for all interfaces

# Let's find out the tunnel interface 'tun_if' ( (tun_if="tun11") )

iface_lst=`route | awk ' {print $8}'`
for tun_if in $iface_lst; do
    if [ $tun_if == "tun11" ] || [ $tun_if == "tun12" ]; then
        break
    fi
done

# Let's get the tunnel interface IP address 'tun_ip'

tun_ip=$(ifconfig $tun_if | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}')
logger -t "($(basename $0))" $$ Tunnel interface is $tun_if with IP $tun_ip

# Copy all non-default and non-VPN routes from table 200 into table 10
ip route show table 200 | grep -Ev ^default | grep -Ev $tun_if | grep -Ev ppp0\
  | while read ROUTE ; do
      ip route add table 10 $ROUTE
done
logger -t "($(basename $0))" $$ Copied all non-default and non-vpn routes from table 200

# Add default to VPN and fwmark 1 on table 10
ip route add default via $tun_ip dev $tun_if table 10
ip rule add fwmark 1 table 10
logger -t "($(basename $0))" $$ Default added to $tun_if on $tun_ip table 10 mark 1

# Add rule fwmark 2 to table 200
ip rule add fwmark 2 table 200
logger -t "($(basename $0))" $$ Added rule Fwmark 2 to table 200 via $(nvram get wan1_gateway)

# Mark Traffic for WAN1 (table 200)
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $IP_RANGE3 -j MARK --set-mark 2
logger -t "($(basename $0))" $$ $IP_RANGE3 mark set 2

# Mark Traffic for VPN Tunnel
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $IP_RANGE1 -j MARK --set-mark 1
logger -t "($(basename $0))" $$ $IP_RANGE1 mark set 1

# Drop traffic for Range 1 if VPN is down
iptables -I FORWARD -i br0 -s $IP_RANGE1 -o eth0 -j DROP
logger -t "($(basename $0))" $$ $IP_RANGE1 traffic dropped if VPN down

logger -t "($(basename $0))" $$ Completed " $0${*:+ $*}."

The proper DNS must be assigned to each LAN client on the corresponding range to avoid leaks.
 
Just wanted to jump in and share that I have finally resolved my AirPlay not working/Apple TV not waking from sleep with iOS remote issues that have been bothering me on and off for the last month or two (always running latest Merlin), I was convinced my Apple TV was the problem but after setting NAT loopback to Asus the device works perfectly for the last few days (tried disabling first with no joy).

I went through a lot of trial an error with router settings and saw the issue regardless if the device was connected via cable or wifi.

I would expect this to be affecting quite a few others, but if you don't have an Apple TV then sorry for the spam!

Thanks. I have a Apple TV but have not experienced and issues so far. Will keep this in mind if I start having weird issues.
--bill
 
I haven't made any change to that code, and I have no way of testing it either. So if it broke with a recent Asus change, you will have to wait for Asus to fix it in a future release.
I can concur that igmpproxy appears not to be working in this release when using a PPOE connection, for some odd reason /tmp/igmpproxy.conf does not exist and hence IGMP multicast proxy will not start breaking IPTV. Even if i manually create igmpproxy.conf, taken from a copy from the previous merlin firmware, igmpproxy will not start complaining of undefined ViFs
 
Asuswrt-Merlin 378.53 is now available for all supported models.

As finally the flow of bug fixing has started to slow down, I was able to spend time on implementing something that's been on my ToDo list for well over a year. So while this release's changelog is much shorter than the 4-5 last ones, it still brings some significant changes.

  • Merged with Asus's 378_4980 AC3200 GPL. A few pieces were retrieved from 4850 and 5183 for the other router models.
  • Policy routing has been added to the VPN client page. This will allow you to select specific clients and/or destinations to route through the VPN tunnel. Source and destination IPs can be entire subnet, in CIDR format (i.e. 192.168.1.128/30 for IPs 128 to 131.
  • Experimental ad blocker based on Trend Micro's Web Reputation System (a component of AiProtection). This feature developed by Asus was never finished or enabled in the official firmware for various reasons. I decided to enable it in this build as an experimental feature. Note that this won't be as effective nor as flexible as dedicated solutions such as AdBlock. You cannot whitelist or blacklist any URLs, for instance. This feature is only available on the DPI-enabled models (AC56/AC68/AC87/AC3200).
  • Tor was updated to 0.2.5.12
  • A few IPv6-related fixes and tweaks: Comcast's hack changed to a new nvram setting (ipv6_ns_drop), and is now disabled by default. Set it to "1" to enable. Also, some fixes were backported from upstream dnsmasq.
  • A few other bugfixes and tweaks, see the changelog for the details.


Downloads are here.
Changelog is here.

@RMerlin

This update seemed to have changes Wi-Fi behavior.
On one hand 5GHz seems to be having better coverage range, which is good.

On another, both Wi-Fi sometimes become stale and clients are having problems to connect until channel assignment was not changed.

Just wanted to report and also see if other users observed something similar.

Regards
 
NAT loopback was not working for me in this release.... It was set to Merlin, I had to change it to ASUS and it started working again.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top