What's new

Asuswrt-Merlin 378.53 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

regarding the policy routing for openvpn client.

I've tested using 0.0.0.0 for the client IP to catch all clients and this leaves no clients using the VPN instead of all going through the tunnel. This is opposite behavior from the documentation.

I can confirm that 0.0.0.0 for destination IP DOES work for all IP that I've tested.
 
I thought I had tried every possible scenarios without having any issue.

I might just revert it back to Asus's code and forget about trying to handle dual wan properly. That page's code is a mess as you have seen.
Well, I haven't tried building it myself yet, I've just been using the inspector. It does seem that nvram_get("wan1_upnp_enable") either isn't getting set to 0 when I save the UPnP Settings on the WAN page. I'm not using dual WAN btw.

Trying just building it with the if statement as
Code:
if(wan0_unpn_enable == 0 && wan1_upnp_enable == 0){
, it will at least stop the error from being thrown.

bF1088D.png
 
Last edited:
regarding the policy routing for openvpn client.

I've tested using 0.0.0.0 for the client IP to catch all clients and this leaves no clients using the VPN instead of all going through the tunnel. This is opposite behavior from the documentation.

I can confirm that 0.0.0.0 for destination IP DOES work for all IP that I've tested.

Don't use policy-based routing if you want to redirect all traffic to all destinations - use the "All traffic" mode instead. I suspect the kernel "optimizes" something when you create a rule "all to all", because "all to something" and "something to all" cases both work correctly.
 
Don't use policy-based routing if you want to redirect all traffic to all destinations - use the "All traffic" mode instead. I suspect the kernel "optimizes" something when you create a rule "all to all", because "all to something" and "something to all" cases both work correctly.

thanks. what is the difference now between "no" and "all traffic" ?
 
Had to thank RMerlin for this release and all his hard work in general.

I use and love tomato on my RT-n66u, especially for it's excellent QOS, and "Access Restriction" filtering features, and general ease of use. But when I upgraded one of my routers to the RT-AC68u, tomato was just not ready for it. I installed RMerlin's 376.47 and it has served me well.

RMerlin's 376.47 has served me well, but it's time to upgrade, as I understand that there are many security holes that have been plugged since then. I have been following the change logs and github changes, and in testimony to the trust I place in RMerlin's judgement to do the right thing with respect to making a usable and as trouble-free build as possible, I will be installing 378.53 over the next week.

Maybe it's because I'm getting older, but I value stability over not yet ready for prime-time features more and more. RMerlin, thanks for taking care of many minor bugs and annoyances, and for making all our lives just a little easier and more pleasant. I also appreciate every contribution you make to Shibby's tomato project, as I love that firmware's design, but can't afford to spend more days trouble-shooting things that aren't working properly than I already do. I've been following that project too, and notice progress being made, but I think it needs a few more builds for it's stability to mature.

Thanks for taking care of us.
 
Last edited:
Can somebody please help me.

When I was on 378.51, I was able to telnet to the router without any problem but after upgrading to 378.53, why am I seeing all these strange text when I use PuTTY to telnet to the router? Thanks.

SSH_zpsybgzdd4v.png~original


PUTTY1_zpsd1uaw6cc.jpg~original


PUTTY2_zpsibapcfug.jpg~original

you have SSH enabled in the router but you're using telnet in putty. you should make sure telnet is disabled in the router and use the SSH setting for putty.
 
Thanks for your work and feedback; especially for the ad blocker. It does affect a little the performance ( 880-900 mbps ad blocker enabled, 930+ with it disabled ) but that is somehow to be expected I guess, more processing power required; it's not a big impact and it's worth it. I'll need a few more days to test the blocking functionality on multiple devices, but it's a great feature to have.
Edit: I'm using AC56U
 
you have SSH enabled in the router but you're using telnet in putty. you should make sure telnet is disabled in the router and use the SSH setting for putty.

Thanks cosmoxl!!! :)
 
thanks. what is the difference now between "no" and "all traffic" ?

No means that no Internet traffic will go through the tunnel. This is mostly useful if you are using a tunnel to connect to a remote network, rather than a way to hide your Internet traffic. "all traffic" means all Internet traffic gets redirected, which is the same as the former "Yes" setting.
 
Is there a command to verify the code was accepted or just wait and see if the log does not log any overflow errors ?

Just reboot your router afterward to ensure it gets immediately applied.
 
I tried the Ad Blocker a month or two ago using a self compiled firmware, I had issues with pages never finish loading. Merlin's recommendation to use an adblock extension is the best way unless for some reason you can't use such extension.

I also found a website that was completely blocked (Bethesda's online store) by WRS, forcing me to disable it to be able to access the site and proceed with my purchase.

To be really useful, the ad blocker would need at least some kind of whitelist/blacklisting capability, something currently not possible, and probably never going to appear since Asus has dropped work on the ad blocker.
 
yes, I tested at ipleak.net and dnsleaktest.com
perhaps you should specify something else instead of using ISP DNS. not only for the openvpn DNS switching to work properly but because ISP DNS are usually bad anyway.
There's been no change to the DNS handling code.
I did reinstall but this time I erase nvram before upgrade then I clear browser cookies and now works. Maybe it was nvram or cookies problem. Thank you
 
I did reinstall but this time I erase nvram before upgrade then I clear browser cookies and now works. Maybe it was nvram or cookies problem. Thank you

Most likely was that you already had the previous IP resolved and in cache. A reboot of either the router or the computer might have done the trick as well.
 
Tip for features that rely on the Web Reputation System (ad blocker, malware site blocker and parental control): the following command shows what URLs were processed, what category they were classified in (I don't know the list, but 88 is for an ad site), and whether an URL was allowed or blocked. Over SSH:

Code:
bwdpi wrs_url
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top