Asuswrt-Merlin 378.53 is now available

[RMerlin]

@RMerlin Do you have control over adblock. I think that functionality is not working as expected. Please visit this page (http://firstrowir.eu/) and you can see ads and popups not really blocked

No, it's completely handled by Trend Micro, and it's already known to have various issues, hence the experimental label.

In fact I will most likely remove it from the next release, because it's far too quirky to be reliable.

 

[NightOwl326]

No, it's completely handled by Trend Micro, and it's already known to have various issues, hence the experimental label.

In fact I will most likely remove it from the next release, because it's far too quirky to be reliable.

No, it's completely handled by Trend Micro, and it's already known to have various issues, hence the experimental label.

In fact I will most likely remove it from the next release, because it's far too quirky to be reliable.

Please don't remove it. Its just enough to be helpful and it can be toggled off for those that are expecting too much from it. It works great for my family! This addition is the kind of feature that makes your work great and always worth waiting for. No ad solution is perfect. Let it stay user selectable PLEASE.

 

[RMerlin]

Please don't remove it. Its just enough to be helpful and it can be toggled off for those that are expecting too much from it. It works great for my family! This addition is the kind of feature that makes your work great and always worth waiting for. No ad solution is perfect. Let it stay user selectable PLEASE.

It will depend on how many "Can you fix xyz with this ad blocker?" emails/PMs/requests I get. If there isn't enough for it to become a nuisance, I'm willing to leave the option in. Otherwise, if I start having to answer that same question every few days, I'll remove the setting.

One pretty common case where it makes the ad blocker completely unusable is with mobile devices. Some applications that display in-app ads will launch your browser every few minutes, as it wants to show you an error page stating that access to "this.adserver.com" has been blocked, making it impossible to even use that application.

Since so many users nowadays have smartphones and tablets, that already makes the ad blocker unusable for a large portion of the userbase. This reflects badly on this project as a whole when a popular feature does not work properly for, say, 75% of the users who might want to use it. This is why I'm currently leaning toward removing it.

 

[Sanchu]

It will depend on how many "Can you fix xyz with this ad blocker?" emails/PMs/requests I get. If there isn't enough for it to become a nuisance, I'm willing to leave the option in. Otherwise, if I start having to answer that same question every few days, I'll remove the setting.

One pretty common case where it makes the ad blocker completely unusable is with mobile devices. Some applications that display in-app ads will launch your browser every few minutes, as it wants to show you an error page stating that access to "this.adserver.com" has been blocked, making it impossible to even use that application.

Since so many users nowadays have smartphones and tablets, that already makes the ad blocker unusable for a large portion of the userbase. This reflects badly on this project as a whole when a popular feature does not work properly for, say, 75% of the users who might want to use it. This is why I'm currently leaning toward removing it.

Please dont remove it unless you find serious fault with the adblocker. I think many people are using it and they love it as well

 

[Sanchu]

i think you already have an adblocker based on the chrome extension adblock. This involves few manual steps. Is it possible to enable that option via web ui ?

 

[SmallNetGuy]

Please dont remove it unless you find serious fault with the adblocker. I think many people are using it and they love it as well

Isn't this what Merlin just said classified as adblocker's "serious fault"? I'd say so.

...
...
...
One pretty common case where it makes the ad blocker completely unusable is with mobile devices. Some applications that display in-app ads will launch your browser every few minutes, as it wants to show you an error page stating that access to "this.adserver.com" has been blocked, making it impossible to even use that application.

Since so many users nowadays have smartphones and tablets, that already makes the ad blocker unusable for a large portion of the userbase. This reflects badly on this project as a whole when a popular feature does not work properly for, say, 75% of the users who might want to use it. This is why I'm currently leaning toward removing it.

That is really annoying, apps get totally unusable, and as Merlin mentioned, there is a huge base of mobile device users out there. IMHO this falls under "serious fault". Sure, adblocker works... but in the same time, it is broken.

 

[RussellInCincinnati]

Adblocking is a feature that is overwhelmingly likely to vary in configuration and need and importance on a client by client and time of day and type of activity basis. It is hard to believe that there is one collection of adblocking settings that will fit for all of multiple clients in all of their daily use at all times of day.

It is also a feature that is straightforward to install on each client computer. Can't see what is the compelling argument for including it in a router that has many other important things to do, like operate wifi equipment and route things to and from the internet, that can only be done by the wifi part, or the router part, of a wifi router.

It's also pretty new to the Merlin project, it's not like there's a huge base of people in the world who have built an important part of their lives around this feature. Will be glad to see this feature go if it is taking up any of RMerlin's time that could be spent on improving things that are not easily duplicated by a firewall appliance or client software.

Am also pretty sure that it is a major burden on the tiny slow cpus that are inevitable on inexpensive consumer wifi routers, that is in conflict with the understandable desire of people that their router handle the ever-faster internet connection throughput that we are all increasingly getting access to.

 

[Chrysalis]

I use adblocking via some hostname lists I load into dnsmasq and then use lighthttpd to serve those pages on my lan from the router using a blank.gif, so this prevents the issues merlin mentioned as the app will still see a 2xx response.

To use the method I use check for combined hosts with lighthttpd guide on this forum, but I dont use all the lists on that thread, as one has too many false positives.

The adblocking on the router is actually decent, it stops me seeing ads on nbc sports coverage (which stuff like adblock plus cannot block) and it also gives ad blocking on IE flash (IE's tracking protection whilst good doesnt work on flash).

So the answer to the merlin filter is to reroute those requests to a local http server so there is a connection success not some kind of failure. This should make smartphone apps play nicely.

 

[RMerlin]

So the answer to the merlin filter is to reroute those requests to a local http server so there is a connection success not some kind of failure. This should make smartphone apps play nicely.

The whole implementation is closed source. I can't change anything about it.

 

[Sanchu]

I want to connect to a american video site and then the disconnect the vpn as soon as the video starts playing. But the video player is detecting that some thing is changed and showing me a geo blocked message. Is is possible in openvpn to avoid these kind of problems ? any custom configuration or any thing .

Is it possible to do some thing like this

 

[mattiL]

I hope someone will be able to help this n00b with his problem. I've noticed this started happening after the latest 378.53 firmware, and I did not have this problem before. Not sure if it's directly connected to the new firmware, but it's my observation and it won't hurt to ask.

Lately I've noticed it takes good 3-6 seconds for my Chrome (even Firefox) to open simple Google search page. I don't use any proxies. The only thing that's different is, I started blocking one URL in my router (don't want my kid to play that game, it has some very bad, not very healthy reviews). I tried network tools / PING and this is my result now:



Before my ping was 24 - 40 ms, but this is unusually high now...

I'd appreciate any input guys. Thanks in advance!

@SmallNetGuy

Maybe traceroute can help you see what takes time.

For Windows run tracert www.google.com,
for Mac OS X/GNU Linux run traceroute www.google.com.

It will give you something like this:

#traceroute www.google.com
traceroute to www.google.com (216.58.209.132), 64 hops max, 52 byte packets
1 router.asus.com (192.168.1.1) 3.099 ms 2.265 ms 2.185 ms
2 c213-200-154-13.bredband.comhem.se (213.200.154.13) 3.392 ms 3.746 ms 3.491 ms
3 213.200.165.169 (213.200.165.169) 16.452 ms
213.200.165.171 (213.200.165.171) 15.065 ms 14.934 ms
4 213.200.163.97 (213.200.163.97) 21.353 ms 21.184 ms 21.013 ms
5 mtc-core-1-be6.net.comhem.se (213.200.162.65) 15.377 ms
nap-core-1-be7.net.comhem.se (213.200.162.67) 20.823 ms
nap-core-1-be6.net.comhem.se (213.200.162.63) 19.902 ms
6 216.239.49.217 (216.239.49.217) 19.557 ms 15.113 ms 18.188 ms
7 arn09s05-in-f4.1e100.net (216.58.209.132) 22.489 ms 20.458 ms
216.239.40.178 (216.239.40.178) 43.429 ms

 

[SmallNetGuy]

@SmallNetGuy

Maybe traceroute can help you see what takes time.

For Windows run tracert www.google.com,
for Mac OS X/GNU Linux run traceroute www.google.com.
...
...
...

Thank you for your help mattiL, greatly appreciated.

I've ran traceroute in my router Network Tools / Network Analysis / Traceroute. I have to say, yesterday I opened CMD as admin, and ran ipconfig /flushdns first. After that, my PING instantly went back to normal readings around 22-26 ms. Now, when I run traceroute, all those routes are showing 19 - 22 ms only, which is great. I'd have to wait until my PING is very bad again, and then try traceroute.

Thanks again for your input!

 

[stevocz]

Hi. my ISP gave me 1Gbit connection.

but when i test max speed. router crash.
On speedtest.net is download over 800Mbit and upload over 900Mbit. but when i try download bigger file with max speed, router crash, after poweroff, router works again.

Is nessesary change some settings?
is log after reboot somewhere saved?

 

[Amateur273]

I have DualWAN, one channel used for default, second channel used to work VPN.
I check if channels is live by own script, how I can to disable any "Dual WAN Mode" checking from firmware side?
RT-AC66U v.378.53 by Merlin.

 

[thedenoggin1zer]

Asuswrt-Merlin 378.53 is now available for all supported models.

As finally the flow of bug fixing has started to slow down, I was able to spend time on implementing something that's been on my ToDo list for well over a year. So while this release's changelog is much shorter than the 4-5 last ones, it still brings some significant changes.

• Merged with Asus's 378_4980 AC3200 GPL. A few pieces were retrieved from 4850 and 5183 for the other router models.
• Policy routing has been added to the VPN client page. This will allow you to select specific clients and/or destinations to route through the VPN tunnel. Source and destination IPs can be entire subnet, in CIDR format (i.e. 192.168.1.128/30 for IPs 128 to 131.
• Experimental ad blocker based on Trend Micro's Web Reputation System (a component of AiProtection). This feature developed by Asus was never finished or enabled in the official firmware for various reasons. I decided to enable it in this build as an experimental feature. Note that this won't be as effective nor as flexible as dedicated solutions such as AdBlock. You cannot whitelist or blacklist any URLs, for instance. This feature is only available on the DPI-enabled models (AC56/AC68/AC87/AC3200).
• Tor was updated to 0.2.5.12
• A few IPv6-related fixes and tweaks: Comcast's hack changed to a new nvram setting (ipv6_ns_drop), and is now disabled by default. Set it to "1" to enable. Also, some fixes were backported from upstream dnsmasq.
• A few other bugfixes and tweaks, see the changelog for the details.

Downloads are here.
Changelog is here.

Merlin,

I am having a strange issue I am hoping you can help me with. I have the RT-N66U router and I'm having an issue connecting to my companies Teradata server from home. I use my companies VPN software (Juniper Network Connect). This started after I upgraded my firmware to 378.53. I can connect to everything else except the Teradata servers. I can connect to Teradata if I plug into the modem directly but not through the router. Is there any setting that may help with this issue? I tried going back to an earlier version of 376.48_3 but that did not help. I also forwarded a port of 1025 (Teradata standard port) but that did not help either.

 

[RMerlin]

Merlin,

I am having a strange issue I am hoping you can help me with. I have the RT-N66U router and I'm having an issue connecting to my companies Teradata server from home. I use my companies VPN software (Juniper Network Connect). This started after I upgraded my firmware to 378.53. I can connect to everything else except the Teradata servers. I can connect to Teradata if I plug into the modem directly but not through the router. Is there any setting that may help with this issue? I tried going back to an earlier version of 376.48_3 but that did not help. I also forwarded a port of 1025 (Teradata standard port) but that did not help either.

I have no idea how Juniper's VPN client works. The only things I can think of would be to ensure that your home LAN isn't in the same subnet as either the VPN tunnel or the work office's LAN, and to experiment with the filter options under WAN -> NAT Passthrough (in case they are IPSec-based).

 

[thedenoggin1zer]

I have no idea how Juniper's VPN client works. The only things I can think of would be to ensure that your home LAN isn't in the same subnet as either the VPN tunnel or the work office's LAN, and to experiment with the filter options under WAN -> NAT Passthrough (in case they are IPSec-based).

Cool, Thanks for your response and the firmware! I'll check the LAN and play around with the Passthrough settings.

 

[CiASpook]

Love your custom firmware! Keep up the good work

 

[theCrow]

First, thank you for the awesome firmware. I couldn't live without it anymore.

Unfortunately, after upgrading my RT-AC56U to the latest version (378.53), it seems that my DNSMasq settings for Overplay have stopped working. I tried formating JFFS using the "Format JFFS partition at next boot" -setting and then running these commands (which have worked earlier if I haven't forgotten to write something down) after restarting the router:

echo "server=/overplay.net/209.107.219.3" >> /jffs/configs/dnsmasq.conf.add
echo "server=/overplay.net/64.145.73.2" >> /jffs/configs/dnsmasq.conf.add
echo "server=/netflix.com/209.107.219.3" >> /jffs/configs/dnsmasq.conf.add
echo "server=/netflix.com/64.145.73.2" >> /jffs/configs/dnsmasq.conf.add
echo "server=/bbc.co.uk/209.107.219.3" >> /jffs/configs/dnsmasq.conf.add
echo "server=/bbc.co.uk/64.145.73.2" >> /jffs/configs/dnsmasq.conf.add

After that I've tried restarting both the router and my devices but to no avail. I tested these IP's and they work correctly if I set them straight in my computer's settings. Is there a bug or am I missing something?

 

[RMerlin]

First, thank you for the awesome firmware. I couldn't live without it anymore.

Unfortunately, after upgrading my RT-AC56U to the latest version (378.53), it seems that my DNSMasq settings for Overplay have stopped working. I tried formating JFFS using the "Format JFFS partition at next boot" -setting and then running these commands (which have worked earlier if I haven't forgotten to write something down) after restarting the router:

echo "server=/overplay.net/209.107.219.3" >> /jffs/configs/dnsmasq.conf.add
echo "server=/overplay.net/64.145.73.2" >> /jffs/configs/dnsmasq.conf.add
echo "server=/netflix.com/209.107.219.3" >> /jffs/configs/dnsmasq.conf.add
echo "server=/netflix.com/64.145.73.2" >> /jffs/configs/dnsmasq.conf.add
echo "server=/bbc.co.uk/209.107.219.3" >> /jffs/configs/dnsmasq.conf.add
echo "server=/bbc.co.uk/64.145.73.2" >> /jffs/configs/dnsmasq.conf.add

After that I've tried restarting both the router and my devices but to no avail. I tested these IP's and they work correctly if I set them straight in my computer's settings. Is there a bug or am I missing something?

Check your system log when you restart dnsmasq, it will provide some feedback as to what happens with your custom configuration.