Menu
What's new
By:
Filters Better Search

Asuswrt-Merlin 380.59 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

fink.nottle said:
Openvpn server is not working as intended. Starting the vpn server doesn't add the firewall rule to allow inbound connections. pptp works though, but since it's insecure, I would like to avoid it. nmap output as follows:
Click to expand...

The firewall rule is definitely properly configured, otherwise the OpenVPN server wouldn't work for anyone. I note that you are scanning from inside your LAN, which won't test anything - the OpenVPN server is configured to listen to connections on the WAN interface. Therefore, firewall configuration is applied to the INPUT chain, not the FORWARD chain.

fink.nottle said:
The ovpn config files generated by the web ui have some syntax issues, at least as far as importing them into ubuntu's network manager gui goes. The html style formatting for certs embedded in the config file probably doesn't work in ubuntu. I have some other ovpn config files which work. They use separate files for the certs and keys in the same directory, and the ovpn file refers to those files.
Click to expand...

This formatting is directly supported by the OpenVPN binary. If Ubuntu does its own pre-processing, then there isn't much I can do about it - the config is designed for OpenVPN, not for Network Manager. This is a limitation in Ubuntu in that case, not a bug in the firmware's generated config.

fink.nottle said:
If is use the ddns name (even from inside the lan), it doesn't allow connection to services (for eg. httpd, ssh) that it normally would if i were to use 192.168.1.1 directly from the lan. I know that this used to work earlier. Edit: Tried changing nat loopback from asus to merlin, but didn't help.
Click to expand...

Asus tightened security in recent GPL code. httpd no longer listens to every available interface, it will only specifically bind to the LAN interface, or the WAN and LAN interfaces but ONLY if you set it to listen to both WAN and LAN. Using your DDNS hostname means you are trying to access it through the WAN interface, which is most likely not enabled in your case. This is the intended behaviour, and is far more secure than the old one.
 
Hi! I'm new here. Already replaced my RT-AC87U with RT-AC88U mostly for 8 LAN switch ;).

Using same WiFi 5GHz settings my BCM4352 card gets only 400Mbps connection vs. 866Mbps with 87U. Any idea what's wrong? Feel free to ask if more details needed.
 
wbwwa said:
Hi! I'm new here. Already replaced my RT-AC87U with RT-AC88U mostly for 8 LAN switch ;).

Using same WiFi 5GHz settings my BCM4352 card gets only 400Mbps connection vs. 866Mbps with 87U. Any idea what's wrong? Feel free to ask if more details needed.
Click to expand...
What do you have the channel bandwidth set to under 5mhz? Try setting it at 80 if it set to less.
 
wbwwa said:
80 with both routers ofcourse. Tested latest ofw and 380.59 by Merlin - same speed of connection.
Click to expand...
Interesting. I also shifted from the 87 to the 88, but the speeds seemed comparable or superior on 5G. Any chance you have a new source of interference? Could anything have changed with the client?
 
bradbort said:
Interesting. I also shifted from the 87 to the 88, but the speeds seemed comparable or superior on 5G. Any chance you have a new source of interference? Could anything have changed with the client?
Click to expand...
Same place, same ISP, nothing changed. Really no idea what's wrong there.
 
RMerlin said:
The firewall rule is definitely properly configured, otherwise the OpenVPN server wouldn't work for anyone. I note that you are scanning from inside your LAN, which won't test anything - the OpenVPN server is configured to listen to connections on the WAN interface. Therefore, firewall configuration is applied to the INPUT chain, not the FORWARD chain.
Click to expand...

So I checked this again. It looks like can't connect to the openvpn server from the lan if the server is set to ddns. I can connect to it from outside with the ddns, and I can connect to it from the lan if I use 192.168.1.1.

Another issue with ovpn is that even though it connects successfully from outside, I can't access the internet. I think I can access the lan. I was able to ssh to the router, but I wasn't able to open websites in the browser.
 
wbwwa said:
Same place, same ISP, nothing changed. Really no idea what's wrong there.
Click to expand...
Well, someone smarter than me needs to pitch in here. The only thing I can think of is that something has changed on the client side...driver update or somesuch, but I'm not experiencing the same issue, so am out of ideas. All of my 5G clients are behaving as expected after my update of routers....
 
Of all the updates on my AC87U, this is the BEST for me so far! Both the 2.4 & 5GHz band were very stable now with BeamForming ON.

Thanks Merlin!
 
wbwwa said:
Hi! I'm new here. Already replaced my RT-AC87U with RT-AC88U mostly for 8 LAN switch ;).

Using same WiFi 5GHz settings my BCM4352 card gets only 400Mbps connection vs. 866Mbps with 87U. Any idea what's wrong? Feel free to ask if more details needed.
Click to expand...
Try to forget/delete and recreate your connection profiles on the clients, or set up a new SSID on the router to connect to.
 
wbwwa said:
Hi! I'm new here. Already replaced my RT-AC87U with RT-AC88U mostly for 8 LAN switch ;).

Using same WiFi 5GHz settings my BCM4352 card gets only 400Mbps connection vs. 866Mbps with 87U. Any idea what's wrong? Feel free to ask if more details needed.
Click to expand...

Disable MU-MIMO.
 
First and foremost, thanks to @RMerlin for such a wonderful firmware.
This is my update:
380.59 running as a champ for more than 7 days straight without any hiccups on my RT-AC68P.
Latency has been considerably reduced (in my case), CTF enabled on a 40Mbps FTTH connection.
VPN Client, Selective Routing and DNS Filtering are all performing as expected.
No issues with Samba shares, all locally (WIFI & Wired) accessible (incl: Win-10, iOS-9, Kody 16 and Android M devices), and remotely through AiCloud as well.
Transmission and Custom DDNS (inadyn) operational under Entware-NG.
Also Tor and Selected countries IPsec Blocking plus Smart DNS IP update with a croned script.
 
fink.nottle said:
So I checked this again. It looks like can't connect to the openvpn server from the lan if the server is set to ddns. I can connect to it from outside with the ddns, and I can connect to it from the lan if I use 192.168.1.1.

Another issue with ovpn is that even though it connects successfully from outside, I can't access the internet. I think I can access the lan. I was able to ssh to the router, but I wasn't able to open websites in the browser.
Click to expand...
A maybe similar issue I had with my NVR, this fixed it for me
-Firewall
--General
----NAT Loopback set it to "Asus"
and or try my settings on 2 pages before this, just a suggestion.
 
Last edited:
I haven't had a chance to read all of the discussion on QoS, however, from my experience so far, 'fq_codel' seems to work the best for me. I use QoS primarily for VoIP, I have VoIP telephone service that I added a custom rule for MAC address, and I also use TeamSpeak 3 where I added the upload port to a rule. I have much better results now with fq_codel versus sfq, particularly when my FTP server is getting hit hard.
I'd love to see the 3 options stay in any upcoming releases so we have the choice for QoS to use fq_codel.
 
You must log in or register to reply here.

Similar threads

RMerlin
Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices
2 3 4
Replies
62
Views
6K
RMerlin
RMerlin
RMerlin
  • Locked
Release Asuswrt-Merlin 3004.388.8_2 is now available
22 23 24
Replies
469
Views
59K
aitor_mtb
A
RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
2 3 4
Replies
70
Views
11K
RMerlin
RMerlin
RMerlin
Release Asuswrt-Merlin 386.13 / 386.13_2 is now available for AC models
2 3 4
Replies
79
Views
19K
Tech9
Tech9
RMerlin
  • Locked
Release Asuswrt-Merlin 3004.388.7 is now available
20 21 22
Replies
435
Views
65K
KronFace
K
Similar threads
Thread starter Title Forum Replies Date
RMerlin Release Asuswrt-Merlin 3004.388.8_4 is now available Asuswrt-Merlin 9
RMerlin Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices Asuswrt-Merlin 62
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
F Several Questions Re:Asuswrt-Merlin Feature Implementation Asuswrt-Merlin 2
Yota How to enable port randomization in Asuswrt-Merlin? Asuswrt-Merlin 4
RMerlin Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices Asuswrt-Merlin 70
J Does Asuswrt-Merlin support AiMesh over Wifi? Asuswrt-Merlin 4
Siff Printing from Guest Network (ASUSWRT-Merlin 3004.388.8_2) Asuswrt-Merlin 5
Siff Setting dnsmasq on Asuswrt-Merlin Asuswrt-Merlin 8
Rob Bowlby fwupdate.asuswrt-merlin.net - diversion.ch Down? Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 632 (members: 16, guests: 616)
Top