What's new

[DSL-AC68U] AsusWrt Merlin builds for DSL routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I totally agree with kernol GNUton / Merlin firmware will not alter the hardware capabilities of this DSL Router, if your AC68U can handle 1Gb/100M speeds with Asus stock firmware, GNUton / Merlin firmware will do the same.

As for CPU load, I have 100Mb/s connection and it barely touches 50% of CPU load with almost maximum usage of the line. (yes there are some spikes up to 95% but that is for a few seconds)
 
I totally agree with kernol GNUton / Merlin firmware will not alter the hardware capabilities of this DSL Router, if your AC68U can handle 1Gb/100M speeds with Asus stock firmware, GNUton / Merlin firmware will do the same.

As for CPU load, I have 100Mb/s connection and it barely touches 50% of CPU load with almost maximum usage of the line. (yes there are some spikes up to 95% but that is for a few seconds)
Presumably you don't have the same AIProtection etc settings as me, as mine definitely goes to nearly full utilisation if I kick off a Steam download. Throttling downloads to 5MB/s drops it to 50% (or maybe mine is just ready to be put out to pasture!)

Just looked into it and the AC68U can handle gigabit internet if it's used in AP mode, but as a router you're going to be be taking a bigger speed hit the more features you enable. It's a perfectly fine router for VDSL kind of speeds, but it's definitely not something I'd consider using if I was lucky enough to get gigabit.

Definitely going well off topic here - apologies GNUton and thanks for the firmware!
 
@GNUton - suggest you skip 384.18 and await the release of RMerlin 384.19 which is already in Beta and which includes all the latest security patches from Asus closed source code relevant to our DSL-AC68U's (by being borrowed from RT-AC68U Merlin code)

In the meantime your GNUton 384.17 remains stable and a pleasure to use. :D.
 
Hello everyone.
First of all big thanks goes to @GNUton for support of DSL-AC68U! I use it with pleasure and effectively.
I'm running 384.17_0-gnuton1 release and behind of CGNAT, I don't care to open any port to public usage. But port forwarding even does not work on LAN.

What I want to do?
I want to forward port 80 from 192.168.1.202 to 192.168.1.1:8080

Which steps I followed;
  • Asus Firewall turned off.
  • Windows Firewall turned off.
  • Static IP assigned to LAN device.
  • NAT activated on router and rule defined.
  • Router restarted.
But no luck at all :(

Here is my iptables configuration;

Code:
****@ASUS-ROUTER:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
logaccept  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
other2wan  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere
logaccept  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
NSFW       all  --  anywhere             anywhere
logaccept  all  --  anywhere             anywhere             ctstate DNAT
OVPN       all  --  anywhere             anywhere             state NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain DNSFILTER_DOT (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain INPUT_ICMP (0 references)
target     prot opt source               destination

Chain INPUT_PING (0 references)
target     prot opt source               destination

Chain NSFW (1 references)
target     prot opt source               destination
DROP       ipv6-auth--  anywhere             anywhere
DROP       ipv6-crypt--  anywhere             anywhere
DROP       udp  --  anywhere             anywhere             udp dpt:4500
DROP       udp  --  anywhere             anywhere             udp dpt:500
DROP       udp  --  anywhere             anywhere             udp dpt:1701
DROP       gre  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere             tcp dpt:1723

Chain OVPN (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PControls (0 references)
target     prot opt source               destination
logaccept  all  --  anywhere             anywhere

Chain PTCSRVLAN (0 references)
target     prot opt source               destination

Chain PTCSRVWAN (0 references)
target     prot opt source               destination

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain default_block (0 references)
target     prot opt source               destination

Chain logaccept (4 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (6 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "DROP "
DROP       all  --  anywhere             anywhere

Chain other2wan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere


I shared screenshots of my other configurations on attachments. I don't know from where I have mistake. I was using exactly same configuration for years.

Thanks in advance for your help and support.
 

Attachments

  • firewall.PNG
    firewall.PNG
    210.6 KB · Views: 295
  • nat.PNG
    nat.PNG
    369.2 KB · Views: 286
  • route.PNG
    route.PNG
    142.5 KB · Views: 275
  • refused.PNG
    refused.PNG
    129.7 KB · Views: 286
  • webserver.PNG
    webserver.PNG
    137.6 KB · Views: 237
Last edited:
Hello everyone.
First of all big thanks goes to @GNUton for support of DSL-AC68U! I use it with pleasure and effectively.
I'm running 384.17_0-gnuton1 release and behind of CGNAT, I don't care to open any port to public usage. But port forwarding even does not work on LAN.

What I want to do?
I want to forward port 80 from 192.168.1.202 to 192.168.1.1:8080

Which steps I followed;
  • Asus Firewall turned off.
  • Windows Firewall turned off.
  • Static IP assigned to LAN device.
  • NAT activated on router and rule defined.
  • Router restarted.
But no luck at all :(

Here is my iptables configuration;

Code:
****@ASUS-ROUTER:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
logaccept  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
other2wan  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere
logaccept  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
NSFW       all  --  anywhere             anywhere
logaccept  all  --  anywhere             anywhere             ctstate DNAT
OVPN       all  --  anywhere             anywhere             state NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain DNSFILTER_DOT (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain INPUT_ICMP (0 references)
target     prot opt source               destination

Chain INPUT_PING (0 references)
target     prot opt source               destination

Chain NSFW (1 references)
target     prot opt source               destination
DROP       ipv6-auth--  anywhere             anywhere
DROP       ipv6-crypt--  anywhere             anywhere
DROP       udp  --  anywhere             anywhere             udp dpt:4500
DROP       udp  --  anywhere             anywhere             udp dpt:500
DROP       udp  --  anywhere             anywhere             udp dpt:1701
DROP       gre  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere             tcp dpt:1723

Chain OVPN (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PControls (0 references)
target     prot opt source               destination
logaccept  all  --  anywhere             anywhere

Chain PTCSRVLAN (0 references)
target     prot opt source               destination

Chain PTCSRVWAN (0 references)
target     prot opt source               destination

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain default_block (0 references)
target     prot opt source               destination

Chain logaccept (4 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (6 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "DROP "
DROP       all  --  anywhere             anywhere

Chain other2wan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere


I shared screenshots of my other configurations on attachments. I don't know from where I have mistake. I was using exactly same configuration for years.

Thanks in advance for your help and support.

Sorry - I don't have a clue how to help you as I have never had occasion to do port forwards inside my LAN.
I don't believe this issue is specific to @GNUton firmware however - so perhaps best you re-post in a thread of your own where you will likely get a better response from a much wider field of experts.
Otherwise- try this link ? https://community.ui.com/questions/...-network/e16a8502-1842-423e-bc46-2c7c564f33d3
 
I totally agree with kernol GNUton / Merlin firmware will not alter the hardware capabilities of this DSL Router, if your AC68U can handle 1Gb/100M speeds with Asus stock firmware, GNUton / Merlin firmware will do the same.

As for CPU load, I have 100Mb/s connection and it barely touches 50% of CPU load with almost maximum usage of the line. (yes there are some spikes up to 95% but that is for a few seconds)
OK, it's why I afraid to use my RT-ACT68 with my fiber connection (ISP Free, FTTH with 1 Gbps for download and 700 Mbps for up)
And with the new modem (boxes) provided by ISP Free, it could be SFP+ connectors or 2.5 Gbps RJ45. Today I'm using my RT648U as an accesspoint.
For the future, I must find a multiGig Switch and or multigig router by prices for home usage are not the same.....
 
New official ASUS firmware is out.

ASUS DSL-AC68U Firmware version 3.0.0.4.386_39648 (This product supports both Annex A and Annex B)
Security Fix and Improvement:
- Fixed buffer overflow with shellcode of blocking_request.cgi..

Bug Fixes and Improvements:
- Fixed and enhanced AiMesh related issues.
- Fixed the abnormal detect when WAN is set as static ip.
- Fixed web response slow issue in Web History page.
- Fixed link status error which cause sometimes cannot access internet in Load Balance mode.
- Fixed OUI may not be found in networkmap.
- Fixed Parental Control not work.
- Fixed udp proxy and igmpproxy issue in bridge mode.
- Enhanced nvram space usage.
- Fixed memory leak issue.
- Fixed deleting the events of AiProtection incorrectly.
- Fixed AiMesh RE sync wrong wep key.
- Fixed missing host keys to start ssh server.
- Fixed no client traffic data on APP.
- Fixed Load Balance Primary WAN disconnect cause Secondary WAN show disconnect too.
- Fixed crash issue if control Primary WAN in NetworkMap.
- Fixed DSL WAN MAC clone not work.
- Fixed DSL WAN PPP option not work.
- Fixed restart wan while editting multiple WAN PVC/Service list.
- Fixed Network Map internet status WAN control issue.
- Fixed WPS Button Behaivour is missing on GUI.
- Updated DSL ISP list and support more IPTV profile.

also with new
GPL of ASUS DSL-AC68U for firmware 3.0.0.4.386_39648


Hopefully GNUton will surprise us with new release sometime soon
 
Merlin is on a different branch - we are on 386 and Merlin is on 384 - but it looks like he has started work on the new branch so they will hopefully be in alignment soon :)
 
Merlin is on a different branch - we are on 386 and Merlin is on 384 - but it looks like he has started work on the new branch so they will hopefully be in alignment soon :)

+1 ... looking forward to @GNUton working on the 386 code after RMerlin has worked his magic ... but patience will be very necessary as there are LOTS of changes in the code ... and many new bugs introduced which will need patching after Asus has corrected its closed source sections.
To comprehend the scale of the task - see this data lifted off Github ...
Code:
Prepare platform for 386 merge; merge 386_39179 + binary blobs [RT-AC86U]
This commit does not belong to any branch on this repository. @RMerl
RMerl committed 7 days ago
Showing 3,205 changed files with 653,790 additions and 201,830 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.

Happily - GNUton 384.17 remains stable and steady ... even though it lacks some security patches released recently.
 
Hello everyone.
First of all big thanks goes to @GNUton for support of DSL-AC68U! I use it with pleasure and effectively.
I'm running 384.17_0-gnuton1 release and behind of CGNAT, I don't care to open any port to public usage. But port forwarding even does not work on LAN.

What I want to do?
I want to forward port 80 from 192.168.1.202 to 192.168.1.1:8080

Which steps I followed;
  • Asus Firewall turned off.
  • Windows Firewall turned off.
  • Static IP assigned to LAN device.
  • NAT activated on router and rule defined.
  • Router restarted.
But no luck at all :(

Here is my iptables configuration;

Code:
****@ASUS-ROUTER:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
logaccept  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
other2wan  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere
logaccept  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
NSFW       all  --  anywhere             anywhere
logaccept  all  --  anywhere             anywhere             ctstate DNAT
OVPN       all  --  anywhere             anywhere             state NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain DNSFILTER_DOT (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain INPUT_ICMP (0 references)
target     prot opt source               destination

Chain INPUT_PING (0 references)
target     prot opt source               destination

Chain NSFW (1 references)
target     prot opt source               destination
DROP       ipv6-auth--  anywhere             anywhere
DROP       ipv6-crypt--  anywhere             anywhere
DROP       udp  --  anywhere             anywhere             udp dpt:4500
DROP       udp  --  anywhere             anywhere             udp dpt:500
DROP       udp  --  anywhere             anywhere             udp dpt:1701
DROP       gre  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere             tcp dpt:1723

Chain OVPN (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PControls (0 references)
target     prot opt source               destination
logaccept  all  --  anywhere             anywhere

Chain PTCSRVLAN (0 references)
target     prot opt source               destination

Chain PTCSRVWAN (0 references)
target     prot opt source               destination

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain default_block (0 references)
target     prot opt source               destination

Chain logaccept (4 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (6 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "DROP "
DROP       all  --  anywhere             anywhere

Chain other2wan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere


I shared screenshots of my other configurations on attachments. I don't know from where I have mistake. I was using exactly same configuration for years.

Thanks in advance for your help and support.

I do not think the web GUI is designed for this, you have to do your own rules. Please check this post, but as it states in best answer - web proxy is the right way to go, I think that too.
 
Last edited:
Hi,
I've been using Gnuton's firmware for month, recently the DSL firmware part dissapeared and flashing it with Gnuton's or original ASUS doesn't help. Most likely it is connected with recent power loss, no flashing withi last month done. Any advice pls.

Rest of the router is working ok.

Maurycy
 
If the DSL part disappeared then I bet you flashed your DSL-AC68U with the RT-AC68U custom firmware. Only way I can see you losing the DSL part of the firmware.
 
Download and use the latest restoration firmware tool from asus site. (follow the instructions given by asus)
Then after setting up your connection and see that everything is ok, you can flash Gnuton's 384.17_0-gnuton1 again.
 
Thank you for replies. No I haven't touched firmware in last few months. Only thing that happened was power loss.
Restoration tool didn't help. After reseting and reflashing with any firmware version the DSL part is missing. Maybe flash ram got broken?
 
Have you verified what mode the router is in?
 
What if the dsl chip die and router no longer can detect it, will the dsl option will still be there or it will dissapear ?
 
Hello. Is it possible to run dsl-ac68u as aiMesh node (Ethernet backhaul) with this firmware? Stock asus does not support this functionality. Thank you.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top