What's new

Completely tired to customize settings AX88U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Galgofa

Occasional Visitor
Fellow friends, really tired to try all possible solutions and settings with Merlin and installed Unbound/Diversion/Skynet/CakeQos and rest of the statistics.
My problem is that with present settings reached so far (reading this great forum), i have considerable latency in respond of web surfing, also i'm not sure that my config is optimal as being not so much familiar to understand some fundamental principles of working of dnsmasq/DNS/DBSSEC/Doh/DNS Privacy and QOS. Aiming that i'm very limited in time and age to be sure i will learn it on, thus i like to ask you guys to recommend your founding or setup for optimal settings of WAN and LAN (Unbound/Diversion including dnscrypt/adblock filtering) to try here. Nothing special, just ensure somebody confirm it is working upto their knowledge.
So far i disabled dnsmasq in Unbound/adblock on (diverson disabled), o/w set to default, no significant change, adds blocked, dns leakage seems A as per test.
Skynet set to default

I have copper VDSL bridged connection 100/10 (as per spdMerlin overage 85/9).

Settings:
LAN - DHCP Server - DNS Server 1,2 - empty
DNSFilter - ON/Router (DNS empty)
Screens:
WAN - Internet Connection
QoS - QoS to configuration
CakeQOS-Merlin
AMTM
Amtma.jpgCakeQOS-Merlin.jpgQoS - QoS to configuration.jpgWAN - Internet Connection.jpg

Will appreciate a lot.
 
I waited a while to see if someone else would tackle your issue. Guess not so here goes...
First, do a hard factory reset on your router. See: https://www.asus.com/support/FAQ/1039078 and remove any USB devices.
Manually configure your router.
Use Dual Band SmartConnect: the same SSID for both bands
Set 2.4 GHZ to 20 MHZ on channel 1, 6 or 11. 5 GHZ to 80 MHZ on channel 36 or 149. Disable Airtime Fairness and Universal Beamforming.
Set WAN Connect to DNS Server automatically to No. Enter values for DNS Server 1 and 2. Use a DNS server that is geographically close to you. I recommend Cloudflare Secure 1.1.1.2 and 1.0.0.2. Disable UPnP.
Check the time zone and other settings in Administration/System
Enable Network Protection
Enable Adaptive QOS manual settings with the upload/download set to 95% of your tested bandwidth. Do not use CAKE!
Enable DNS Filter Global Router.

That is it for basic settings. Run with those for a while to verify it works which it should. I would enable DoT/DNSSEC to a DNS provider geographically close to you. Quad9 or Cloudflare Secure are good DNS. I would not use Unbound or Skynet unless you know what you are doing. Diversion seems to work OK but my family complained of things being blocked too often and it became a management headache. I use Firefox with UBlockOrigin to block adds on my PC's. If a swap is needed I use a swap partition in the beginning of the thumbdrive with the rest formatted to EXT4. I have had issues with swap files becoming corrupted.

One thing I do is to take backups of the system settings and /jffs before I make any changes to the router or add features. Place the backup files in a folder named by date and time. If something goes FUBAR It is easy to go back to the way it worked before.

Oh, if 160 GHZ is important to you, enable it and set your 5 GHZ to channel 36 at 160 MHZ. With these settings your clients that do not like DFS channels will still work.
 
what's wrong with cake?
 
One single advice - you don't have to install all the scripts available in AMTM.
Thanks, no i didn't, just trying to keep minimum, most intentions is to block adds and have QOS, the rest is just statistic which always interesting to look.
 
Fellow friends, really tired to try all possible solutions and settings with Merlin and installed Unbound/Diversion/Skynet/CakeQos and rest of the statistics.
My problem is that with present settings reached so far (reading this great forum), i have considerable latency in respond of web surfing, also i'm not sure that my config is optimal as being not so much familiar to understand some fundamental principles of working of dnsmasq/DNS/DBSSEC/Doh/DNS Privacy and QOS. Aiming that i'm very limited in time and age to be sure i will learn it on, thus i like to ask you guys to recommend your founding or setup for optimal settings of WAN and LAN (Unbound/Diversion including dnscrypt/adblock filtering) to try here. Nothing special, just ensure somebody confirm it is working upto their knowledge.
So far i disabled dnsmasq in Unbound/adblock on (diverson disabled), o/w set to default, no significant change, adds blocked, dns leakage seems A as per test.
Skynet set to default

I have copper VDSL bridged connection 100/10 (as per spdMerlin overage 85/9).

Settings:
LAN - DHCP Server - DNS Server 1,2 - empty
DNSFilter - ON/Router (DNS empty)
Screens:
WAN - Internet Connection
QoS - QoS to configuration
CakeQOS-Merlin
AMTM
View attachment 33228View attachment 33229View attachment 33230View attachment 33231

Will appreciate a lot.

Try
Tools/Other Settings:
Wan: Use local caching DNS server as system resolver (default: No) - Set to YES
 
the rest is just statistic which always interesting to look.

Not just statistics. The scripts run additional processes to generate the interesting things for you to look. One is pinging frequently for a long time, another is stealing your entire available bandwidth multiple times a day. The resulting slowdown in web performance you heal with QoS incompatible with Runner and Flow Acceleration. Look closely what scripts/options in firmware do and how they do it. Your ISP is relatively slow and with perhaps higher latency. You have to decide what do you want - make the UI pretty or squeeze all the performance you can from your ISP.
 
Ok, reset again all, did setup only unbound for adds removal (annoying to much on android).
will test then for a while and if all ok, will add Skynet, by the way, is it necessary ? I mean the merlin firewall is good enough ?
I have a big issue with hacked Synology in the past, i was happy that time that only unneeded files has been affected by hackers, but i don't want to risk again, too many family photos there.
 
Ok, reset again all, did setup only unbound for adds removal (annoying to much on android).
will test then for a while and if all ok, will add Skynet, by the way, is it necessary ? I mean the merlin firewall is good enough ?
I have a big issue with hacked Synology in the past, i was happy that time that only unneeded files has been affected by hackers, but i don't want to risk again, too many family photos there.
Hacked Synology interests me. Could you be more specific about what and how happened?
 
Could you be more specific about what and how happened?
It was straight hack, they used backdoor to encrypt the files, then putted the txt file among of each encrypted file with demand to pay money to get files decrypted. Since it was only some downloaded stuff i just simply deleted all after checking the most sensitive (family video and photos) stuff are untouched by them. Still have some bad filling that something lost, but too late already. I read internet about this particular case and encryption, a lot of people has been suffered this wave.
From that time i keep sinology offline, it is really annoying me, synology is useless then while it is offline...
 
Last edited:
Ok, reset again all, did setup only unbound for adds removal (annoying to much on android).
will test then for a while and if all ok, will add Skynet, by the way, is it necessary ? I mean the merlin firewall is good enough ?
I have a big issue with hacked Synology in the past, i was happy that time that only unneeded files has been affected by hackers, but i don't want to risk again, too many family photos there.
Unbound does not remove adds. Diversion does.
 
It was straight hack, they used backdoor to encrypt the files, then putted the txt file among of each encrypted file with demand to pay money to get files decrypted. Since it was only some downloaded stuff i just simply deleted all after checking the most sensitive (family video and photos) stuff are untouched by them. Still have some bad filling that something lost, but too late already. I read internet about this particular case and encryption, a lot of people has been suffered this wave.
From that time i keep sinology offline, it is really annoying me, synology is useless then while it is offline...
I probably wasn't clear about "what". Would you happen to know what was the vector to get in? What was the "backdoor" in your case? There are ways to get in, but with decent security settings, it's pretty robust.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top