What's new

Couple Questions

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

djtech2k

Senior Member
I have a couple quick questions.

1) I am using the RT-AC68U with RMerlin version 384.8_2. I had to do a complete wipe and rebuild not long ago because I was on a VERY old version that was not safe to upgrade. I am getting the flashing exclamation mark for new version available. What is the path to safely upgrade? Is there one that I do not have to wipe all of my settings? It took me a while last time to replay my files/settings so I am hoping not to have to.

2) I just put 2 new switches on my network. When I look in my Merlin CP at the connected devices, I see the new switches, but it is not discovering the device type. It always says "Loading Manufacturer". I have a few other switches of the same exact mode in an older revision and it picks up those device types just fine. In fact, all my devices are detected right except these 2 new ones. Any ideas how to get it to correctly identity them?
 
1) You're still on a very old version. Full wipe (M&M Config) is suggested, but you may want to see how your network is functioning first to see if it is needed, now. :)

2) Does a reboot of the router affect this issue (or possibly a complete network power down/restart)? What specific switches are we talking about?
 
1) You're still on a very old version. Full wipe (M&M Config) is suggested, but you may want to see how your network is functioning first to see if it is needed, now. :)

2) Does a reboot of the router affect this issue (or possibly a complete network power down/restart)? What specific switches are we talking about?

Thanks.

Sorry, but whats the M&M Config you mentioned? Is there a backup/restore capability? I really do not want to have to manually put back every file and every setting.

I have not rebooted yet to check on the Device lookup, but I could try one.
 
Going from RMerlin 384.8_2 to 384.16_0 is a huge step and will invariably need a full reset. But you're welcome to try to use the network as-is afterward and see what (if any) issues you may encounter.

A minimal and manual configuration is required after a full reset to factory defaults/Initialize all settings process to ensure that the new firmware is in a good/known state. Using a backup config file will undo any benefits that the reset/Initialize process offers.

Are you also using scripts and Entware in your router? The following links may be useful then too. :)

https://www.snbforums.com/threads/ax88-packet-loss.62891/#post-563326

M&M Config https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

Nuclear Reset https://www.snbforums.com/threads/major-issues-w-rt-ac86u.56342/page-4#post-495710

amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421

Keep in mind for the last link above that the installation of amtm isn't required when using RMerlin firmware v384.15_0 or later. :)
 
Going from RMerlin 384.8_2 to 384.16_0 is a huge step and will invariably need a full reset. But you're welcome to try to use the network as-is afterward and see what (if any) issues you may encounter.

A minimal and manual configuration is required after a full reset to factory defaults/Initialize all settings process to ensure that the new firmware is in a good/known state. Using a backup config file will undo any benefits that the reset/Initialize process offers.

Are you also using scripts and Entware in your router? The following links may be useful then too. :)

https://www.snbforums.com/threads/ax88-packet-loss.62891/#post-563326

M&M Config https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

Nuclear Reset https://www.snbforums.com/threads/major-issues-w-rt-ac86u.56342/page-4#post-495710

amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421

Keep in mind for the last link above that the installation of amtm isn't required when using RMerlin firmware v384.15_0 or later. :)

Yes, I am using scripts, have Entware installed, have a usb drive mounted with swapfile/etc, using skynet, using the settings backup script, etc. I also have a few of the post script configs in-place as well, although I know some of them are for skynet. Trying to replay all of that and then put in all the ipconfigs, MAC reservations, and varius other settings on a manual basis is painful. I do not touch this thing that often, unless I need to change something, so it not something that I remember all the time.
 
Copy your scripts and put them in a safe place. Copy and backup the entire installation too. But don't blindly install them either.

I suggest you do a clean install of all the scripts you need and use the opportunity to get your entire network fully modernized and benefit from the many improvements all the scripts and the firmware offers us today. :)

And afterward, keep it up to date so that this isn't needed as often/drastically in the future. :)
 
Copy your scripts and put them in a safe place. Copy and backup the entire installation too. But don't blindly install them either.

I suggest you do a clean install of all the scripts you need and use the opportunity to get your entire network fully modernized and benefit from the many improvements all the scripts and the firmware offers us today. :)

And afterward, keep it up to date so that this isn't needed as often/drastically in the future. :)

Ok, I have some dumb questions then.

I can backup my configs and script directories.

What do you mean by backup the entire installation?

What do you mean by clean install of all the scripts?

As for keeping up to date, in the UI it prompts to upgrade to newer version. Does that process upgrade to the stock Asus FW or is it for the newest Merlin builds? With more recent versions, is it possible to just upgrade in-place instead of the whole tear-down and rebuild approach?

BTW, I also have the OpenVPN Client and OpenVPN Server configured to use as well.
 
Yes, you can backup your configs and script directories. You can also use the backup features in the scripts that support them.

To back up the 'entire' installation is to basically do a clone of your USB drive and be able to restore it at will.

The clean install of scripts is to actually just install them from scratch. Use them and only modify the (new/current) defaults if or when needed. I suggest this method as it is the only one that will confidentially and explicitly set things up as the new firmware and the script in question requires things to be. It will automatically remove old assumptions that are not applicable to the current firmware and/or scripts and is a good test of the hardware too, by indicating how easily each script is installed, enabled, and running smoothly too.

The RMerlin builds will only show RMerlin upgrades and the equivalent for stock Asus firmware too. :)

Once you have the router to a current firmware which is stable, reliable and dependable (which is what the guides above offer) and you then keep up with each available (stable) firmware as it is released or shortly thereafter, you should be able to continue using your network as usual, without needing a reset each time (this would be called a 'dirty' upgrade, btw). The firmware changelog will state whether a reset is needed and for what conditions too, but your particular set up may need (or not need) a reset sooner or later, depending on the scripts and expectations you have of your network and router. :)

I would offer the same suggestion for the OpenVPN Client and Server as for the scripts above. Do them again from scratch with no previous assumptions entering the process.

HTH. :)
 
Yes, you can backup your configs and script directories. You can also use the backup features in the scripts that support them.

To back up the 'entire' installation is to basically do a clone of your USB drive and be able to restore it at will.

The clean install of scripts is to actually just install them from scratch. Use them and only modify the (new/current) defaults if or when needed. I suggest this method as it is the only one that will confidentially and explicitly set things up as the new firmware and the script in question requires things to be. It will automatically remove old assumptions that are not applicable to the current firmware and/or scripts and is a good test of the hardware too, by indicating how easily each script is installed, enabled, and running smoothly too.

The RMerlin builds will only show RMerlin upgrades and the equivalent for stock Asus firmware too. :)

Once you have the router to a current firmware which is stable, reliable and dependable (which is what the guides above offer) and you then keep up with each available (stable) firmware as it is released or shortly thereafter, you should be able to continue using your network as usual, without needing a reset each time (this would be called a 'dirty' upgrade, btw). The firmware changelog will state whether a reset is needed and for what conditions too, but your particular set up may need (or not need) a reset sooner or later, depending on the scripts and expectations you have of your network and router. :)

I would offer the same suggestion for the OpenVPN Client and Server as for the scripts above. Do them again from scratch with no previous assumptions entering the process.

HTH. :)

I get your point. I do hate doing things from scratch but I know there can be benefits. Some of it I can do rom scratch, out of necessity, but some things I really just do not want to do at all. For example, can I export/import my skynet config? I really do not want to do that from scratch. Also the VPN is another. I do not want to deal with the certificates and all that. I use the VPN Server to connect home from remote and I have the client setup so I can tunnel my whole network to a VPN. Both will be a pain to manually redo, so I'd like to be able to export/import somehow.

One thing I remember that was a pain from last time was MAC Address reservations. Is there a way to export/import those?
 
@djtech2k I understand it can be daunting to do a full reset, and yes, search the forums and you'll find ways to accomplish all you want above just a little bit faster. But if/when a show-stopping issue occurs, what is the next step then? At that point, you will have done more work than simply doing it from scratch. :)

Everything has benefits and drawbacks. The biggest benefit for me (and for my customers) is to do things once and do it properly too. :)
 
@djtech2k I understand it can be daunting to do a full reset, and yes, search the forums and you'll find ways to accomplish all you want above just a little bit faster. But if/when a show-stopping issue occurs, what is the next step then? At that point, you will have done more work than simply doing it from scratch. :)

Everything has benefits and drawbacks. The biggest benefit for me (and for my customers) is to do things once and do it properly too. :)

Ok, I have read a lot of that stuff. On the 2nd link...the NOOB method.... Is it critical to format the jffs partition? I mean if it is just file storage, then couldn't I keep the files on there and just plug it in?

Also, I have not been able to find any way to backup/restore the skynet config or the vpn. For skynet, I have too many IP's on the whitelist and blacklist to redo them. For the VPN, I just have not set it up in a long time and I would rather not do the whole self-signed cert and all that again if I don't have to. The VPN is less critical but the firewall config is more important to me.

And what about the MAC address reservations? Can I export/import those somehow?

UPDATE: I found the nvram command to view the MAC reservations so I can work with that to manually replace them.
 
Last edited:
The JFFS partition is a part of the routers NVRAM storage device. It is used internally by the router and isn't just 'file storage'. It can't be plugged in or removed either.

The JFFS needs to be fully formatted to remove any previous settings/files that are not appropriate or applicable for the new firmware.

For Skynet, copy your whitelist and blacklists in a safe place. And after doing a fresh Skynet install, import them then.

Are you using OpenVPN or a commercial option? Either way, recreate from scratch is my recommendation. Too many changes (to the VPN options) from your old firmware to the new.

You can import/export the reservations, you can search for those commands/scripts, but you won't see them via the GUI anymore (I'm pretty sure about that). Again, a screenshot or two and configured manually is much preferred if you want the same as you have now.
 
The JFFS partition is a part of the routers NVRAM storage device. It is used internally by the router and isn't just 'file storage'. It can't be plugged in or removed either.

The JFFS needs to be fully formatted to remove any previous settings/files that are not appropriate or applicable for the new firmware.

For Skynet, copy your whitelist and blacklists in a safe place. And after doing a fresh Skynet install, import them then.

Are you using OpenVPN or a commercial option? Either way, recreate from scratch is my recommendation. Too many changes (to the VPN options) from your old firmware to the new.

You can import/export the reservations, you can search for those commands/scripts, but you won't see them via the GUI anymore (I'm pretty sure about that). Again, a screenshot or two and configured manually is much preferred if you want the same as you have now.

Sorry, I misspoke. I did not mean the jffs partition. I meant the USB drive. It has several things on it, like skynet and entware. Can I just plug it in the new firmware and use it as-is? My mistake on saying jffs when I meant the USB.
 
Ok, so I did the reset and update. Still trying to get the features/functions back to where they were. I have many done and working, I think, but I cannot get the VPN Server to connect.

My 68U does have a 10.x.x.x WAN IP because it is inside of my ISP modem. That is fine with me because it worked fine before. I just turned it on and allowed it to use its self-signed cert. I have DDNS setup just like before. One thing I did notice that is different is that my name/ip resolution is different. So if I ping my DDNS name, it is now resolving to the 10.x.x.x WAN IP from my AC68U. It used to reply with the true WAN IP of my modem.

The VPN Server starts but I cannot connect to it. Here is the excerpt from the ovpn log on my client.

Thu Apr 23 18:37:44 2020 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Thu Apr 23 18:37:44 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Thu Apr 23 18:37:44 2020 TLS_ERROR: BIO read tls_read_plaintext error
Thu Apr 23 18:37:44 2020 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 23 18:37:44 2020 TLS Error: TLS handshake failed
Thu Apr 23 18:37:44 2020 SIGUSR1[soft,tls-error] received, process restarting
 
Do you have the External method selected on the DDNS page?
 
I did not so I fixed that. I also disabled the VPN, then re-enabled it. I grabbed a new config and it began to connect. So I think that is done now.

For the reset/build of this thing, I followed the NOOB method posted and I used AMTM to install Entware and Skynet. Besides the VPN issues, something does appear to be different in the section where you use the LetsEncrypt certificate. On my old version, I have a screenshot that shows multiple SAN's for that certificate, which make sense because I access this router from different addresses depending on where I am coming from. Now it only has the 192.168.x.x address as a SAN. I do not remember how I did that before so I am not sure where to look. I know now it is on the DDNS page, but I do not think it was there before.

I do wish there was some good way to export DHCP MAC reservations and they a way to import them. I have several devices that I like to reserve so it makes it easier to find them. I also like to tag hostnames for devices in the connected devices section. It would be nice to be able to save/restore those as well.

So as far as I can tell, it seems to be working. I have not tried to do any kind of performance tests or anything but I at least know it is routing.
 
I do wish there was some good way to export DHCP MAC reservations and they a way to import them. I have several devices that I like to reserve so it makes it easier to find them. I also like to tag hostnames for devices in the connected devices section. It would be nice to be able to save/restore those as well.

see @Xentrk's script or the resurrected NVRAM save/restore script also hosted by him.
 
Thanks.

I saw the nvram script but I thought that would not work in my case because it was recommended that I do a reset. I thought that by backing up nvram and then restoring it, I would be defeating that purpose? Maybe I am wrong.

I just looked at the dhcp staticlist post. It says it is only compatible with v384.13.
 
Thanks.

I saw the nvram script but I thought that would not work in my case because it was recommended that I do a reset. I thought that by backing up nvram and then restoring it, I would be defeating that purpose? Maybe I am wrong.

I just looked at the dhcp staticlist post. It says it is only compatible with v384.13.
See the usage instructions for the save-mynvram.sh script. I may retire the dhcp utility as this is a better method.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top