What's new

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

...I am not able to establish a connection to any of my devices...
What are you connecting from and what are you connecting to?
What protocol are you using, ftp, http, SMB, etc?
How are you addressing the device, by IP address, hostname, fully qualified domain name?
 
What are you connecting from and what are you connecting to?
What protocol are you using, ftp, http, SMB, etc?
How are you addressing the device, by IP address, hostname, fully qualified domain name?


I am just trying to connect my devices, like my phone, computer and TV, to the internet. So when I reboot while the DNS filtering is on, I am not able to establish a connection to the internet using any of the devices until I turn DNS filtering off first then turning it on.

Here are my settings on the DNS filtering page.

Enable DNS Based Filtering: ON
Global Filter mode: Norton Safe

Under the client list, I have all my devices listed twice. I am using 2 filter modes for each device. I am assuming one is a backup in case the other is not working. So for all devices I am using Norton Safe and Comodo Secure DNS).

I am using the drop down menu on the left that uses ip address to add the devices.

I did have ftp turned on. And i had this problem. Right now it is turned off because I did a system restore and I still am facing the same problem.

Network Samba is Off

DLNA server is on and I have an attached USB drive.

I am not using VPN
 
Under the client list, I have all my devices listed twice. I am using 2 filter modes for each device. I am assuming one is a backup in case the other is not working. So for all devices I am using Norton Safe and Comodo Secure DNS).
No that's not how it works, there is no "backup" DNS server with DNS-based Filtering. You need to choose one DNS for each device.

If you end up using the same DNS server for all your devices (i.e. Norton Safe) then there is no point putting anything at all in the Client List. You just need to set it in the Global Filter and that will apply to everything.

A better approach would be to:
a) remove everything from the Client List
b) set the Global Filter to "Router"
c) set WAN > WAN DNS Setting > Connect to DNS Server automatically = No
and then (for Norton ConnectSafe) set DNS Server 1 = 199.85.126.10 and DNS Server 2 = 199.85.127.10
or for Comodo Secure DNS set DNS Server 1 = 8.26.56.26 and DNS Server 2 = 8.20.247.20


https://dns.norton.com/faq.html
https://www.comodo.com/secure-dns/switch/router.html
 
Last edited:
I removed persist-tun from the Custom Configuration and rebooted the router
Taking it out of the Custom Configuration won't make a difference (it's automatically added by the firmware.....your entry was redundant). You need to make a /jffs/scripts/openvpnclient1.postconf with the following to disable persist-tun
Code:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "persist-tun" "#persist-tun" $CONFIG
 
No that's not how it works, there is no "backup" DNS server with DNS-based Filtering. You need to choose one DNS for each device.

If you end up using the same DNS server for all your devices (i.e. Norton Safe) then there is no point putting anything at all in the Client List. You just need to set it in the Global Filter and that will apply to everything.

A better approach would be to:
a) remove everything from the Client List
b) set the Global Filter to "Router"
c) set WAN > WAN DNS Setting > Connect to DNS Server automatically = No
and then (for Norton ConnectSafe) set DNS Server 1 = 199.85.126.10 and DNS Server 2 = 199.85.127.10
or for Comodo Secure DNS set DNS Server 1 = 8.26.56.26 and DNS Server 2 = 8.20.247.20


https://dns.norton.com/faq.html
https://www.comodo.com/secure-dns/switch/router.html


Thanks for the explanation....I have been using the setting I mentioned on AC68U, RT-N66U and RT-N16 using merlin software and I never had any issues even though I was not setting it the right way. I only started seeing this issue once I tried using John's fork on RT-N16 and RT-N66U.

I did some adjustments just to test things out again on the RT-N66U. Here are my settings:

Enable DNS filtering: ON
Global filter Mode: Norton Family

Under the client list, I added all my 6 devices using only one filter mode: Norton safe

I did a reboot using the reboot button on the top. Once it reboots I am not able to connect any device to the internet until I turn the DNS filter off first then turning it on. The same problem again !!

I tried doing a reboot from my computer that is attached to the router by ethernet and also another reboot using my phone wifi and the same problem persists.
 
Last edited:
@mustafa803 That sounds very strange indeed.

Can you check the following: Reboot the router and then before changing anything go to Firewall > Network Services Filter. Can you confirm that the Network Services Filter is not enabled.

Then, from a PC that can't get to the internet type the following commands into the Windows Command Prompt.

Code:
nslookup www.google.com
ipconfig
 
I tried rebooting a few times using a computer connected by ethernet using the new configuration I mentined above with only one DNS filter mode for each device. I rebooted it like 5-6. Sometimes the computer will connect after reboot and sometimes it will not connect. When the PC does not connect to the internet I tried connecting to the internet using my phone and it too will not connect.

I checked the firewall and the network services filter is not enabled.

In my last trial using the PC, I did a reboot and I was not able to connect to the internet afterwards. I then opened cmd while the pc was not able to connect and typed nslookup www.google.com and got:
server: router.asus.com
address:192.168.1.1

non authoritative answer:
name: www.google.com
address: (long number and then followed by 16 ip address)



I then typed ipconfig and got these results

Lan 4: media disconnected
Lan3: IP6 address, Ip4 address, subnet mask
Lan: IP6 address, IP4 address, subnet mask, default gateway
tunnel adapter isatap: media disconnected
tunnel adapter isatap: media disconnected
tunnel adapter isatap: media disconnected

I then turned the dns filter off then on and was then able to connect my pc to the internet.
 
@mustafa803 Well I can't see anything obviously wrong with your setup.

It's strange that even when you couldn't get to the internet (I'm assuming with a web browser) your nslookup was working. So DNS requests were getting to the internet OK, but not web traffic.

All I can suggest is that you post the complete, unedited syslog for us to look at. Maybe we can get a clue from that.
 
@mustafa803
A couple of questions...
- What are the settings under WAN, DNS Setting?
- What are the settings under LAN > DHCP Servers, DNS and WINS settings (no DHCP servers should be entered here)?
- Are you also running a VPN Client on the router?
- Are you using any of the firewall filters (URL, Keyword or Network Services)

All these options can end up fighting with one another if you aren't careful.
 
I actually installed V18B9 on RT-N66U a few hours ago and did a system restore right after that and configured everything from scratch. So this is the one I have done the testing on over the last few hours until now but I faced the same issue when I ran V17E8 on both RT-N16 and RT-N66U.

WAN DNS Setting:
Connect to DNS Server automatically: Yes
Enable DNSSEC support: No

The only setting change I did on the Wan page when I set it up was disable UPnP. No other changes have been made.

Under Firewall:
URL filter: disabled
Keyword filter: disabled

I am not using VPN and did not set up one either.
 

Attachments

  • Setting1.jpg
    Setting1.jpg
    92.2 KB · Views: 652
  • Setting2.jpg
    Setting2.jpg
    83 KB · Views: 754
  • Setting3.jpg
    Setting3.jpg
    45.6 KB · Views: 735
Taking it out of the Custom Configuration won't make a difference (it's automatically added by the firmware.....your entry was redundant). You need to make a /jffs/scripts/openvpnclient1.postconf with the following to disable persist-tun
Code:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "persist-tun" "#persist-tun" $CONFIG

Okay I was not aware of this. I will try this or update to 18B9.

The tunnel went down this morning with a less than 24 hour runtime. Before with the persist-tun entry it would take longer before disconnecting. Here is the syslog:

Jun 22 03:05:19 ntp: NTP update failed after 5 attempts
Jun 22 03:05:20 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:05:40 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:06:00 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:06:20 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:06:34 ntp: NTP update failed after 5 attempts
Jun 22 03:06:40 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:06:40 openvpn[723]: SIGUSR1[soft,init_instance] received, process restarting
Jun 22 03:06:40 openvpn[723]: Restart pause, 2 second(s)
Jun 22 03:06:42 openvpn[723]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jun 22 03:06:42 openvpn[723]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 22 03:06:42 openvpn[723]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Jun 22 03:06:57 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:07:12 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known
Jun 22 03:07:32 openvpn[723]: RESOLVE: Cannot resolve host address: chi.central.usa.torguardvpnaccess.com: Name or service not known

This same sequence repeats over and over again.
 
Another update.

I turned DNS filtering completely off and added Notron DNS in the WAN page and things were working fine yesterday.

I needed to turn the router completely off today using the on/off button. Once I turned it back on I was not able to connect to the internet. So I had to switch the "Connect to DNS Server automatically" to Yes and then I was able to connect to the internet. Any explanation for this?
 
Another update.

I turned DNS filtering completely off and added Notron DNS in the WAN page and things were working fine yesterday.

I needed to turn the router completely off today using the on/off button. Once I turned it back on I was not able to connect to the internet. So I had to switch the "Connect to DNS Server automatically" to Yes and then I was able to connect to the internet. Any explanation for this?
Is 'DHCP Query Frequency' set to Aggressive on the WAN page? If so, set it to Normal mode.

Otherwise, you need to post your syslog at the time you are having a problem so we can see what is happening.
 
Switched my N66R today from 380.59 to John's b9. Had my Android tablet at the far end of the house and the 2.4 GHZ signal went from 65 db to 53 db! Turned on traditional qos and so far so great! Bill

Sent from my P01M using Tapatalk
 
I'd appreciate any help or input on this issue. I contacted my VPN provider and they said to manually set the DNS Servers. But since I am routing only one device through the tunnel, is there a way to manually set the DNS servers in the OpenVPN client?
 
You can add the following to the client config file.



dhcp-option DNS <dns_server_ip_address>
 
John,

Since my ISP uses vlans to separate iptv and internet my traffic monitor only shows the traffic going through eth0. So that's just the dhcp traffic I see. Is there a way to set the traffic monitor to use the vlan34 interface so I can keep track of traffic or is this not possible?
 
Hi all, noticed that DDNS service didn´t update no-ip.org (free account) correctly. Tried to disable and enable it, or simply update it. GUI prompts that the IP wasn´t changed.

Running latest BETA.

Anyone else facing this issue?
 
Hi all, noticed that DDNS service didn´t update no-ip.org (free account) correctly. Tried to disable and enable it, or simply update it. GUI prompts that the IP wasn´t changed.

Running latest BETA.

Anyone else facing this issue?
What you see is currently working as designed. If your IP, hostname, or service hasn't changed since the last update it won't send an update to prevent unnecessary updates (most DDNS providers frown on these). It will update if the forced update interval expires or you reboot the router.
 
John,

Since my ISP uses vlans to separate iptv and internet my traffic monitor only shows the traffic going through eth0. So that's just the dhcp traffic I see. Is there a way to set the traffic monitor to use the vlan34 interface so I can keep track of traffic or is this not possible?
Sorry, but this is beyond the scope of the fork. The traffic monitor code is a bit cryptic and undocumented, and I'm reluctant to mess with anything there.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top