[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[Uncle_Gadget]

Sorry, they're not interchangeable.

But, you can manually move all your openvpn certs to JFFS to free up nvram space......

This is awesome! I'm up against the nvram limit, myself. Could I also do something similar with the certs for my OpenVPN server setup, including private key, etc.?

 

[john9527]

This is awesome! I'm up against the nvram limit, myself. Could I also do something similar with the certs for my OpenVPN server setup, including private key, etc.?

Yes sir....works for server as well.
It's a long standing todo list item for me to automate this (if you put a path in the gui for the cert). Just haven't had the energy since it's a pretty big change.

 

[cybrnook]

Let me know if you need us to send you some red bulls or something ;-)

 

[Wisiwyg]

Regarding routing and VPN...

I'm using V24B6 on an AC68U, running Nord VPN. I've discovered my VOIP (Voip.ms and PhonePower) will not function properly if I use Nord's DNS services. Nord TS has confirmed this is an issue, stating that they know Skype works with their services, but other providers are hit and miss, further stating it is relating to NAT firewalls.

Has anyone seen this issue before and know of a solution? Is there a way to route network traffic through the Nord VPN using their DNS and route only VOIP traffic outside the VPN and use another DNS with the OpenDNS setup in this fork?

edit: Reasons I chose Nord are they have a node nearby and if you use their DNS, you can watch streaming services like Netflix and Hulu without the blocking common to most VPN services.

TIA

 

[cybrnook]

Yes, use the Policy Based routing option.

I think this was Literally asked yesterday somewhere, and John (OR Merlin) responded that Voip services should always go over the normal WAN since they use their own VPN tunnels.

https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

 

[Wisiwyg]

Yes, use the Policy Based routing option.

I think this was Literally asked yesterday somewhere, and John (OR Merlin) responded that Voip services should always go over the normal WAN since they use their own VPN tunnels.

https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

Oh Heck! Should have looked outside this thread. Thank you!

 

[cybrnook]

Yep, this was it:

https://www.snbforums.com/threads/ooma-ac-rt87u-gigabit-wan-not-working.38331/#post-315934


Concept remains the same though different versions. Just don't run your VOIP over VPN.

 

[Wisiwyg]

Yep, this was it:
https://www.snbforums.com/threads/ooma-ac-rt87u-gigabit-wan-not-working.38331/#post-315934
Concept remains the same though different versions. Just don't run your VOIP over VPN.

That helped! Setting up Policy Routing in the VPN client, one of my Voip providers, Voip.ms, works but the other, PhonePower, is still broken.

 

[zonnebril]

Wow John, moving those certs to JFFS makes a lot of difference! I have it up and running now:
NVRAM usage 57091 / 65536 bytes (87% utilized) --> instead of 95%

Thanks again!

ps. for all the others that are going to try this, (for me) it looks like the dh.pem is not movable, but the rest of the keys and certs are. The dh.pem file content keeps being recreated in the keys and certificates field.

My example is as follows, and I entered this in the Custom Configuration field:

ca /jffs/openvpn/server2/ca.crt
tls-auth /jffs/openvpn/server2/static.key
cert /jffs/openvpn/server2/server.crt
key /jffs/openvpn/server2/server.key

And this in the keys & certificates fields:

/jffs/openvpn/server2/ca.crt
/jffs/openvpn/server2/static.key
/jffs/openvpn/server2/server.crt
/jffs/openvpn/server2/server.key

 

[john9527]

ps. for all the others that are going to try this, (for me) it looks like the dh.pem is not movable, but the rest of the keys ands certs are.

hmmm....I'll take a look at dh. I remember it did have some special handling.

 

[john9527]

Installed 374.43_2-23E3j9527
Just noticed I am now unable to reach my PC via <IP>:<port> established via RDP. I have established a rule that has worked since I got the Asus. I will supply logs and general info if needed. I have rebuilt, deleted and rebuilt the rule and rebooted all I have and still cannot connect.

Setup
Main AP = RT-ac68u 374.43_2-23E3j9527
Wireless Bridge = RT-ac66u 374.43_2-23E3j9527

RDP forwards to PC on Wireless bridge

Only thing I have yet to do is factory default each...

Nothing immediately comes to mind. Do you know the last level where it was working for you?

 

[R1-Limited]

Nothing immediately comes to mind. Do you know the last level where it was working for you?

Sorry I am on the 23E4
Previous was 23E3

 

[Wisiwyg]

That helped! Setting up Policy Routing in the VPN client, one of my Voip providers, Voip.ms, works but the other, PhonePower, is still broken.

Just to round this off for posterity. Setting routes helped with one provider. I solved the problem with the other VoIP provider by 1) replaced sip.phonepower.com with the actual IP address: 206.15.130.6 and 2) activated a STUN server on all lines: stun.voiparound.com. All registrations now up.

 

[john9527]

Sorry I am on the 23E4
Previous was 23E3

Nothing between those levels that would affect router function.....it was all gui related fixes.....

8848b9363d2f396cebc21597fc3fa564ef7b24ca Version and Documentation to 2-23E4j9527
3aabacda9e87bfc12e4fe08e6393eb49832dec8e doc: misc documentation updates
5d6c130f751068fccb8bd744de4e67e43d26c676 webui: fix lan registered domain check when lan_name length equals domain length
6471f16344261293a8e2f3276412040964aa7c35 webui: use minimum of default reboot time when submitting switch control form
89309abe7ce5e8139b01226397a2f22157d8d7c0 webui: refactor ctf selection and status on switch control page
500d1608899403d518ac11eb49affca6c75119a9 webui: workaround bug in openvpn 2.4 stats dump
b2a91c9cc3ebd3a86a20b0a9f2f6f31d4126f540 Version and Documentation to 2-23E3j9527

 

[john9527]

A Beta refresh for the weekend experimenters

BETA RELEASE: Update-24B8
29-March-2017
Merlin fork 374.43_2-24B8j9527
Download http://bit.ly/1UGjcOX
============================

Following are the major changes (full changelog is in the zip files)

Update-24B8 Highlights

• Updated LZ4 library to 1.7.5 (Merlin backport)
• Include the ASUS OuiDB for MAC lookups and fall back to the web if not found - (Merlin backport)
• Allow selecting encryption options for the PPTP client (Merlin backport) - @000111
• A couple additional fork Busybox customizations that were missed in the first backport
• Free additional memory prior to firmware upgrade - @zonnebril @Builder71
  Note: This will take effect on future upgrades - It's not a 'fix', but should help minimize the need to manually reboot the router following a firmware upgrade.
• Fix OpenVPN server connected client status on the main server page - @atkinsom

Update-24B6 Highlights

• Security
  • Update Busybox to 1.25.1
    This took a couple of hours playing 'whack-a-mole' with compiler errors, and is a significant update. Because of it's scope and required other component updates it can affect everything from USB attached devices to scripting and WAN connections. I'm hoping to get at least a couple of beta users for a few weeks of runtime before rolling it out as the stable release.
  • Update OpenVPN to 2.4.1
• Other Updates
  • NEW: Support for Host-Uniq on PPPoE connections (Vodafone Italy)
  • NEW: Possible support for DFS channels on EU AC66 routers
    Please follow the same directions in Merlin_Fork_Options.txt for the N66 routers to try it out.
  • CHANGED: Update dnsmasq to 2.77-e33b487
    This is a pre-release of the next dnsmasq and includes DNSSEC and IPv6 fixes for some early testing.

As always, a reminder to users with MIPS routers to have a backup of /jffs in case the jffs space needs to be reformatted due to increases in firmware size.

SHA256

da79bd7d3ab225dff7da10f7a167ae0a195d25272042d78ee951039f356e679f  RT-AC68U_3.0.0.4_374.43_2-24B8j9527.trx
4c25fe77052ff02f9ef5e2213477a04db9553e5c62f61683bf9bd1b14ad02b28  RT-AC56U_3.0.0.4_374.43_2-24B8j9527.trx
6b56bf8e4a829058e0b4b71187a6585afea1a65016cb533da8bc0a6224e076f5  RT-N16_3.0.0.4_374.43_2-24B8j9527.trx
c19e7517821d155d85381ed5f15d9f1dc2ca5d99d914392e7299ae01bf874bff  RT-AC66U_3.0.0.4_374.43_2-24B8j9527.trx
d2955be6d4e395ade01ec8556d257aab5521bc8221d4ae6723a26c6405c0dbca  RT-N66U_3.0.0.4_374.43_2-24B8j9527.trx

 

[punchsuckr]

I'm starting to think I've got shadow banned

 

[hgeorgescu]

LATEST RELEASE: Update-23E4
23-March-2017
Merlin fork 374.43_2-23E4j9527
Download http://bit.ly/1YdgUcP
============================
....The fork does include

• Maintenance for documented security issues
• Maintenance for supporting open source components (such as dnsmasq, miniupnpd, etc)
• Backports of applicable fixes and new functions from Merlin's main branch

Hello;
I'm just experimenting with your LTS firmware on my RT-N66U router.
Thank you for sharing it.
I came across a small bug when trying to set my custom ddns script, pointing to afraid.org which apparently was fixed byMerlin here:
https://www.snbforums.com/threads/custom-ddns-script-afraid-org-issues.25212/
Using the workaround I've overcome the problem, but I thought you may want to look into it...
Thank you,
hg

 

[Markmaster]

Hi.

I'm using Firmware:374.43_2-23E4j9527, and I use:

nvram set 0:ccode=US
nvram set 1:ccode=US
nvram set wl1_country_code=US
nvram set wl0_country_code=US
nvram set wl_country_code=US
nvram set 0:regrev=0
nvram set 1:regrev=0
nvram set wl1_country_rev=0
nvram set wl0_country_rev=0
nvram set wl_country_rev=0
nvram commit
reboot

to change my router region, but after the latest version I got it back to RU, no matter add I this code or not.

http://d.pr/i/YKGk

 

[joegreat]

to change my router region, but after the latest version I got it back to RU, no matter add I this code or not.

To my knowledge you cannot change region from the one stored in the CFE (BIOS) of the rotuer.

 

[Markmaster]

dr

To my knowledge you cannot change region from the one stored in the CFE (BIOS) of the rotuer.

It is only new firmware versions vulnerable to this. I come to the Merlin Fork only for this and for ability to change channels outside of my region.
You want to tell me that this options is OFF right now?