What's new

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dr

It is only new firmware versions vulnerable to this. I come to the Merlin Fork only for this and for ability to change channels outside of my region.
You want to tell me that this options is OFF right now?
Remember, there are two ends that have to agree.....the router and the client. Most clients are also locked to a region (or can be influenced if there are multiple access points with different regions). You can double check the router settings by going to the Wireless>Professional page. Down in the lower right hand corner, at the end of the power text is a number in parenthesis showing the router setting.
 
Hello;
I'm just experimenting with your LTS firmware on my RT-N66U router.
Thank you for sharing it.
I came across a small bug when trying to set my custom ddns script, pointing to afraid.org which apparently was fixed byMerlin here:
https://www.snbforums.com/threads/custom-ddns-script-afraid-org-issues.25212/
Using the workaround I've overcome the problem, but I thought you may want to look into it...
Thank you,
hg
Thanks for the report. It broke when I added support for Google DDNS. I've picked up the fix from Merlin for the next release.
 
Remember, there are two ends that have to agree.....the router and the client. Most clients are also locked to a region (or can be influenced if there are multiple access points with different regions). You can double check the router settings by going to the Wireless>Professional page. Down in the lower right hand corner, at the end of the power text is a number in parenthesis showing the router setting.
So you say that it's obviously US?
http://d.pr/i/YD59
YD59+

So I need to disable 811d? Or what? In earlier firmware release there always be an US
 
So you say that it's obviously US?
Yes, router is doing as you set. Nothing has been changed here in at least a year (probably longer)
So I need to disable 811d? Or what? In earlier firmware release there always be an US
Something else changed in your environment....new driver on the client, moving the router, a neighbor installing a new router that's sending out an RU region, or ????
 
Just wanted to say thanks @john9527 , up and running on d0wn servers here in the states.
DNSCrypt-PiHole.PNG

2nd DNSserver hostname seems kinda wonky though as far as being published, likely same for you? :
Code:
pi@raspberrypi:~ $ nslookup 107.181.187.219
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
219.187.181.107.in-addr.arpa    name = ns1.us.dns.d0wn.biz.

Authoritative answers can be found from:

pi@raspberrypi:~ $ nslookup 192.252.222.24
Server:        127.0.0.1
Address:    127.0.0.1#53

** server can't find 24.222.252.192.in-addr.arpa: NXDOMAIN

pi@raspberrypi:~ $ nslookup ns2.us.dns.d0wn.biz
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:    ns2.us.dns.d0wn.biz
Address: 192.252.222.24
 
Last edited:
ps. for all the others that are going to try this, (for me) it looks like the dh.pem is not movable, but the rest of the keys and certs are. The dh.pem file content keeps being recreated in the keys and certificates field.
Verified this one. We check that dh meets the minimum length requirements and supply a good dh.pem if it does not. So trying to move it, fails and gets a new dh.pem written into nvram. I should be able to code a fix to allow it to move as well.

EDIT: @zonnebril - fix written....you'll also be able to move the dh in the next release.
 
Last edited:
2nd DNSsevrver seems kinda wonky though as far as being published, likely same for you? :
EDIT: Yes....
Looks like the router just gives up on reverse DNS

From the router....
Code:
xxxxx@AC68P-06650:/tmp/home/root# nslookup 192.252.222.24
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      192.252.222.24
Address 1: 192.252.222.24

xxxxx@AC68P-06650:/tmp/home/root# nslookup ns2.us.dns.d0wn.biz
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      ns2.us.dns.d0wn.biz
Address 1: 2605:6400:20:7d7:1:5ee:bad:c0de ns2.us.dns.d0wn.biz
Address 2: 192.252.222.24

From my linux box
Code:
xxxxx@ASUS-AJ082535 /mnt/user_data/john9527/asuswrt-merlin $ nslookup 192.252.222.24
Server:        127.0.1.1
Address:    127.0.1.1#53

** server can't find 24.222.252.192.in-addr.arpa: NXDOMAIN
Code:
xxxxx@ASUS-AJ082535 /mnt/user_data/john9527/asuswrt-merlin $ nslookup ns2.us.dns.d0wn.biz
Server:        127.0.1.1
Address:    127.0.1.1#53

Non-authoritative answer:
Name:    ns2.us.dns.d0wn.biz
Address: 192.252.222.24
 
Yeah, it comes back fine for me if I query the hostname, it resolves properly. But if I do a lookup against the IP, seems it can't find the registered hostname. (I see the same reaction in your first test. Notice no hostname response of "ns2.us.dns.d0wn.biz")

You even pasted it yourself:

"** server can't find 24.222.252.192.in-addr.arpa: NXDOMAIN"


EDIT: Just wanted to clarify, this is only "topical" and seems to not affect it's ability to function :) . I just find it strange that ns1's IP resolves with it's published hostname, yet ns2 only resolves to an IP (unless you lookup directly against it's hostname, then it links back it it's IP)).


See what I mean :)

username@RT-AC68P:/tmp/home/root# nslookup 192.252.222.24
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: 192.252.222.24
Address 1: 192.252.222.24

username@RT-AC68P:/tmp/home/root# nslookup 107.181.187.219
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: 107.181.187.219
Address 1: 107.181.187.219 ns1.us.dns.d0wn.biz
 
Last edited:
EDIT: Yes....
Looks like the router just gives up on reverse DNS
You still going to keep the ns2 system as your secondary, or are you going to switch to another server? (I follow your lead...)

What do you think about cryptostorm.is 's servers? They have a handful around the US.
 
Last edited:
Nothing between those levels that would affect router function.....it was all gui related fixes.....
Code:
8848b9363d2f396cebc21597fc3fa564ef7b24ca Version and Documentation to 2-23E4j9527
3aabacda9e87bfc12e4fe08e6393eb49832dec8e doc: misc documentation updates
5d6c130f751068fccb8bd744de4e67e43d26c676 webui: fix lan registered domain check when lan_name length equals domain length
6471f16344261293a8e2f3276412040964aa7c35 webui: use minimum of default reboot time when submitting switch control form
89309abe7ce5e8139b01226397a2f22157d8d7c0 webui: refactor ctf selection and status on switch control page
500d1608899403d518ac11eb49affca6c75119a9 webui: workaround bug in openvpn 2.4 stats dump
b2a91c9cc3ebd3a86a20b0a9f2f6f31d4126f540 Version and Documentation to 2-23E3j9527

Appreciate the response. Found the issue. I have not updated Windows 7 as I am very perticular on the updates. So I am a tad perplexed how the RDP allow setup/rules I established on the PC was turned off. Maybe my AV firewall update not sure, but it was working after the fact. Well anyway it is not an issue with your firmware and I appreciate your diligence on this fork. Personally I find it better performing then the Merlin firmware, but I understand merlin is working with the latest FCC fubar restricting code :)
 
Yes, router is doing as you set. Nothing has been changed here in at least a year (probably longer)

Something else changed in your environment....new driver on the client, moving the router, a neighbor installing a new router that's sending out an RU region, or ????
I get your point. Thanks.
 
@john9527

Wanted to let you know, I tested out the cryptostorm servers that were the closest to my geo location (usnorth and useast). And while they did work, I noticed during startup that they do not advertise to DNSCrypt as supporting DNSSEC, so I have since left the config on my end, but # out the entries and am only using the d0wn servers.
 
@john9527
Wanted to let you know, I tested out the cryptostorm servers that were the closest to my geo location (usnorth and useast). And while they did work, I noticed during startup that they do not advertise to DNSCrypt as supporting DNSSEC, so I have since left the config on my end, but # out the entries and am only using the d0wn servers.
I flag the DNSCrypt servers that support DNSSEC with a 'w/DNSSEC' tag appended to the server name. There aren't that many of them.
With respect to the D0wn server not supporting reverse DNS, my understanding is that it's not a big deal. I think it only becomes important if you are running a mail server on an address and use the reverse DNS as part of spam control/access restrictions somehow.
 
I flag the DNSCrypt servers that support DNSSEC with a 'w/DNSSEC' tag appended to the server name. There aren't that many of them.
With respect to the D0wn server not supporting reverse DNS, my understanding is that it's not a big deal. I think it only becomes important if you are running a mail server on an address and use the reverse DNS as part of spam control/access restrictions somehow.
I already assumed you were well ahead of me on this.

Yeah, it would be nice to use your implementation of DNSCrypt. But, as you know, I have issues due to pi-hole and using openvpn. I would only assume that enabling dncrypt on your firmware would cause similar martian packet issues like we faced when trying to use the dns options on the client page.

Nevertheless, was a fun experience, and feel slightly better about masking our household in light of the recent FCC playground.
 
@john9527

Is it possible to add "Traffic monitor" link somewhere in the GUI? I'm running AC56U in Media Bridge mode and I can't find it anywhere. I can access it manually but it would be much more convenient to have it as link somewhere.

Also, thanks for your work. I feel very much at home after leaving N56U and padavan's fw.
 
@john9527 did you have a chance to think what these (probably) related issues could be or what I could provide to pinpoint the issue?
It happens at least twice per week and I couldn't see any obvious reason from the logs.

Summary: my cabled linux satellite receiver going through vpn (nordvpn) just loses internet connectivity, my phones not in vpn have intermittent wifi downtimes of a few seconds per minute (both on 2.4 and 5 freq), my laptop (wifi and vpn) seems fine (although it might have the wifi issue like the phones but I don't have online games to notice it easily).
I just checked pings and although all devices can resolve google.com, only the satellite receiver cannot ping it.

Router reboot solves it and the rest of the time all works perfectly.
I am not 100% sure, but I think it started with release 23 (I use only stable).

I also flashed latest stable, formatted jffs, and restored previous backup.

cowst said:
Hi John, I have an issue since 374.43_2-23E3j9527.
One of m devices (my linux satellite receiver) after a while loses internet connectivity.
It is actually connected to the router and has the usual local IP, but cannot get out.
A router reboot solves it.

I sent you a PM with the syslog.

And I just noticed for the second time that phones (my laptop seemed fine) lose connectivity for a few seconds every couple of minutes.
Very annoying when playing online.
 
Silly question. If I want to use the "Manually Assigned IP around the DHCP list (Max Limit : 128)" option at the bottom of the LAN/DHCP Server settings page, do I assign an IP address within the range that is being supplied by the DHCP server function of the router, or an IP address that starts before it. I currently have my DHCP pool range from 192.168.1.100 to 192.168.1.254. In other words, should my manual IP address entries in this panel use something less than 100, or am I fixing a specific MAC address to an IP address within my DHCP pool.

Thanks,
Larry
RT-N66U
 
Silly question. If I want to use the "Manually Assigned IP around the DHCP list (Max Limit : 128)" option at the bottom of the LAN/DHCP Server settings page, do I assign an IP address within the range that is being supplied by the DHCP server function of the router, or an IP address that starts before it. I currently have my DHCP pool range from 192.168.1.100 to 192.168.1.254. In other words, should my manual IP address entries in this panel use something less than 100, or am I fixing a specific MAC address to an IP address within my DHCP pool.
The short answer is "it doesn't matter". :)

The IP addresses that you manually specify in the list are "reserved" and not given out to any other clients. The router (dnsmasq) does not enforce any restrictions as to whether they must be inside or outside the DHCP pool. The only restriction IIRC is that they must still be in the router's subnet (i.e. 192.168.1.2 - 192.168.1.254).

So it comes down to personal preference. If you're used to using Microsoft's DHCP servers then you'd probably put the reservations inside the DHCP pool. That's the way I do it ;), and any devices that don't use DHCP at all (i.e. have their IP address statically assigned on their network adapter) are left outside the DHCP pool.

It's whatever is easier for you to administer in your particular environment.

Edit: FWIW There was an assumption by Asus a while back that the reservations would be inside the DHCP pool. They made a small update in the firmware based on this and discovered that it broke DHCP for a lot of users that had reservations outside the pool. They quickly reversed out that change.
 
Last edited:
Hi

Moved a few revisions now and most recently from 22E4 to 23E4.

Last night my wifi dropped on all wifi connected devices, did not seem to correct itself so I rebooted which fixed it.
Not had anything like that for ages on any previous versions so not sure what caused it.

I have not done a reset for a few revision updates so if it happens again I will try a reset as my first step.

*Also what does the following mean, Ive never noticed it before in my logs.....

"Samba name server RT-N66U-9380 is now a local master browser for workgroup WORKGROUP"

Thanks for continued updates.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top