[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[Keely_Coles]

Forgive my ignorance here...
Is this the latest firmware for a "RT-N66R" router, since Merlin has focused on other models?

I am at his latest: 380.68_4
But he mentions to use this firmware (john9527) upgrade instead???

 

[Gravityz]

i used XCA for that
is EasyRSA better?

It's all working now with OpenVPN Connect for Android 1.1.23

Also MAKE SURE your Server and Client certs are NOT signed with the MD5 signature hash-algorithm.
This is not allowed anymore with the new OpenVPN Connect for Android.
@john9527 What is the default if you let the router generate certs?

I grabbed the new EasyRSA (3.0.3) and generated all new certs and keys.
When I compared with the old stuff it seems I indeed used Server and Client certs with MD5 signature hash-algorithm.
The new generated certs are all sha256 signature.

You can find easy-rsa here.

 

[SuperFly74]

After updating my neighbor’s RT-AC66U to fork V14.1 i cant log into the web setup page with my old username and code not even admin/admin [emoji780][emoji1315]

What s wrong here


Sent from my iPhone using Tapatalk

 

[cowst]

Or who?

 

[ColinTaylor]

Forgive my ignorance here...
Is this the latest firmware for a "RT-N66R" router, since Merlin has focused on other models?

No, see post #1.

This is an LTS (Long Term Service) fork of Asuswrt-Merlin based on 374.43_2. This older code base has a history of being very stable, and some of the older code components may perform better in some environments. It may be a good choice for those who desire a 'set it and forget it' router solution. Additional information on the differences between this firmware and the later Asuswrt-Merlin releases can be found following the recent change highlights.

So this is an alternative firmware that was forked from an older version of Merlin.

 

[ColinTaylor]

After updating my neighbor’s RT-AC66U to fork V14.1 i cant log into the web setup page with my old username and code not even admin/admin

Maybe you should have updated to the latest version rather than one that's over 2 years old.

 

[SuperFly74]

Maybe you should have updated to the latest version rather than one that's over 2 years old.

[emoji1315] so No problem going from v14.1 to latest [emoji780][emoji1315]


Sent from my iPhone using Tapatalk

 

[Gravityz]

I Think you need to pay attention to what you type.

first you say you updated to V14.1
then you say you have problems after the update
then you ask if it is a problem going form 14.1 to the latest(and I think you mentioned that you got problems so you basically answered your own question)

not trying to be picky but the people over here are very helpfull but can only do so much(and mind reading is not one of them)

if you upgraded from 14.1 tot the latest(28E2) and you can not get in any more i would say a factory reset would do the job.
it will give you a clean sheet with admin/admin login.

Also check the lights on the router to see it is alive.
i do not know if it is possible to flash the wrong firmware but if you did then an emergency restore might be in order.

hope this helps

[emoji1315] so No problem going from v14.1 to latest [emoji780][emoji1315]


Sent from my iPhone using Tapatalk

 

[Builder71]

i used XCA for that
is EasyRSA better?

Hard to answer that question.
It depends on what you are looking for.

If you depend on a GUI, then yes XCA is better.
Personally I look for if it's actively maintained. Especially security related stuff.
Latest update for XCA is 2015-10-17.
EasyRSA latest stable is from august this year.

Another plus for EasyRSA is that if you use the latest stable, with default settings, it's fully compatible with OpenVPN Connect for Android.
All mobile devices in my household are Android.
So for me EasyRSA is the better choice.

No GUI is really no problem, EasyRSA is, well... very Easy to work with.

 

[stalker780]

Today I returned to John's Fork from Merlin. I've got tired of poor WIFI signal there.

And again I can do nothing to get more than 220/500Mbit by WAN on my N66U. Here's my last post about this https://www.snbforums.com/threads/f...lts-releases-v28e2.18914/page-309#post-332700
I flashed RT-N66U_374.43_28E2j9527 in recovery mode, Reset to factory default, Ran setup wizard. Nothing else was changed or tuned.
QoS disabled, NAT Acceleration = Enabled, Tools->HW acceleration = Enabled. But still poor speed

Merlin's RT-N66U_380.68_4 firmware gave me 900/900Mbit without any problems. The only difference it had NAT Acceleration = Auto (CTF enabled). But Fork have no such options.

Maybe someone had the same problem and found any solution? Anybody here have gigabit WAN working on N66U?

PS
I'm really tired to make a choice between gigabit WAN or good WIFI coverage I need both. And N66U hardware allows this for sure.
Already thinking about changing my router, but not sure it will be ASUS. It caused me too many headaches last year with it's firmwares and restrictions.

 

[john9527]

The only difference it had NAT Acceleration = Auto (CTF enabled). But Fork have no such options.

The NAT(HW) acceleration status is on the Tools>Sysinfo page, and is set on the LAN>Switch Control page. On routers that don't have FA mode (like the N66), it will show as Enabled or Disabled.

What type of WAN connection do you have? DHCP or PPPoE?

 

[stalker780]

The NAT(HW) acceleration status is on the Tools>Sysinfo page, and is set on the LAN>Switch Control page. On routers that don't have FA mode (like the N66), it will show as Enabled or Disabled.

What type of WAN connection do you have? DHCP or PPPoE?

Hello, John.

Yes, I know this.
As I wrote above I have LAN>Switch Control->NAT Acceleration = Enabled.
And Tools - System Information->HW acceleration says Enabled.

But still Merlin's RT-N66U_380.68_4 gives me 900/900Mbit on that same router.

I have DHCP connection. Tried Static IP - no difference in speed.

 

[ColinTaylor]

As I wrote above I have LAN>Switch Control->NAT Acceleration = Enabled.
And Tools - System Information->HW acceleration says Enabled.

The only thing I can think of is that you log into the router with SSH and run top. Then perform your speed tests and note the CPU usage. If the CPU is at 100% (probably classified as sirq) then that would indicate that hardware acceleration isn't being used (despite what the webUI says).

 

[stalker780]

The only thing I can think of is that you log into the router with SSH and run top. Then perform your speed tests and note the CPU usage. If the CPU is at 100% (probably classified as sirq) then that would indicate that hardware acceleration isn't being used (despite what the webUI says).

Closed web-gui, rebooted a router and ran http://beta.speedtest.net

This seems to be most accurate:
# top -d 15

PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
3 2 admin RWN 0 0.0 0 55.9 [ksoftirqd/0]
375 1 admin S 1296 0.5 0 16.9 /usr/sbin/acsd
319 1 admin S 2744 1.1 0 2.9 /sbin/wanduck
380 378 admin S 656 0.2 0 2.9 /usr/sbin/bcrelay -i br0 -o ppp1[0-9].* -n
363 1 admin S 2744 1.1 0 1.3 watchdog02
327 1 admin S 1444 0.6 0 0.8 protect_srv
546 515 admin R 1456 0.6 0 0.2 top -d 15
344 1 admin S 1172 0.4 0 0.2 /bin/eapd
359 1 admin S 1356 0.5 0 0.1 rstats
361 1 admin S 2744 1.1 0 0.0 watchdog
326 1 admin S 6552 2.7 0 0.0 /usr/sbin/haveged -r0 -w1024



On Merlin's RT-N66U_380.68_4 I also got CPU usage close to 100% during speedtests. But I didn't note what process is using processor.
If it helps I can reinstall it and run speedtests there.

 

[ColinTaylor]

@stalker780 A 15 second sample rate might be bit too long, we're more interested in the peak CPU usage rather than an average.

What do you see on the 2nd (CPU: ) line of the top output during download?

Mem: 222752K used, 32904K free, 5172K shrd, 127208K buff, 53204K cached
CPU:  0.5% usr  2.5% sys  0.0% nic 44.3% idle  0.0% io  0.0% irq 52.4% sirq
Load average: 0.27 0.13 0.08 4/78 19100
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND

EDIT: When you do your tests make sure you have turned off your VPN and you are using a wired connection, not wireless.

 

[andyhi]

Here are top processes:

PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
3 2 admin RWN 0 0.0 0 49.9 [ksoftirqd/0]
375 1 admin S 1296 0.5 0 11.7 /usr/sbin/acsd
319 1 admin S 2744 1.1 0 5.5 /sbin/wanduck
380 378 admin S 656 0.2 0 3.1 /usr/sbin/bcrelay -i br0 -o ppp1[0-9].* -n

One more test:
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
3 2 admin RWN 0 0.0 0 46.2 [ksoftirqd/0]
4 2 admin SW< 0 0.0 0 23.8 [events/0]
375 1 admin R 1296 0.5 0 11.2 /usr/sbin/acsd
1057 341 admin S 1344 0.5 0 6.1 dropbear -p 192.168.197.1:22 -I 1200 -j -k
319 1 admin S 2744 1.1 0 3.3 /sbin/wanduck
380 378 admin R 656 0.2 0 3.3 /usr/sbin/bcrelay -i br0 -o ppp1[0-9].* -n
363 1 admin S 2744 1.1 0 2.1 watchdog02
1063 1058 admin R 1456 0.6 0 1.2 top

Another test:
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
353 1 admin R 4416 1.8 0 61.4 httpd
375 1 admin R 1296 0.5 0 19.7 /usr/sbin/acsd
1057 341 admin S 1344 0.5 0 8.2 dropbear -p 192.168.197.1:22 -I 1200 -j -k
319 1 admin S 2744 1.1 0 4.1 /sbin/wanduck
380 378 admin S 656 0.2 0 2.9 /usr/sbin/bcrelay -i br0 -o ppp1[0-9].* -n
3 2 admin RWN 0 0.0 0 1.3 [ksoftirqd/0]
1063 1058 admin R 1456 0.6 0 1.1 top
327 1 admin R 1444 0.6 0 0.5 protect_srv
326 1 admin S 6552 2.7 0 0.0 /usr/sbin/haveged -r0 -w1024
361 1 admin S 2752 1.1 0 0.0 watchdog
1 0 admin S 2752 1.1 0 0.0 /sbin/init noinitrd
363 1 admin S 2744 1.1 0 0.0 watchdog02


It's hard to catch with http://beta.speedtest.net. But it seams httpd & dropbear use most CPU during download and upload.





On Merlin's RT-N66U_380.68_4 I also got CPU usage close to 100% during speedtests. But I didn't note what process is using processor.

The point is that you should *not* be getting anywhere close to 100% cpu utilization when maxing out your WAN interface *IF* your hardware supports NAT acceleration and it's enabled/functioning properly.

The closed source drivers move packet processing directly to the integrated wifi/switch components so every packet doesn't have to be processed by the general purpose SOC. An analogy - GPU acceleration can keep certain work loads off your PCs CPU depending on the GPU hardware, drivers, and workload. (h264 vs h265 video encoding/decoding, bit coin mining, etc.) The vendor provided closed source drivers is/was a major advantage for using AsusWRT/MerlinWRT/merlinfork instead of the opensource/community drivers in DDWrt, OpenWRT, tomato, etc.

Also keep in mind TOP is only measuring processor consumption of the SOC. If you are running close to 100% cpu utilization either NAT acceleration is not functioning/available or you have some other process(es) running on the SOC inspecting/logging every packet being passed through the WAN interface. (Packet monitoring/capture, deep packet inspection/AV inspection, etc.)

 

[stalker780]

@stalker780 A 15 second sample rate might be bit too long, we're more interested in the peak CPU usage rather than an average.

What do you see on the 2nd (CPU: ) line of the top output during download?

EDIT: When you do your tests make sure you have turned off your VPN and you are using a wired connection, not wireless.

CPU shows not more than 4% during tests. Of course I test wired connection.
CPU: 2.7% usr 0.9% sys 0.0% nic 0.9% idle 0.0% io 0.0% irq 95.4% sirq

 

[ColinTaylor]

CPU shows not more than 4% during tests. Of course I test wired connection.
CPU: 2.7% usr 0.9% sys 0.0% nic 0.9% idle 0.0% io 0.0% irq 95.4% sirq

I was actually interested in the sirq rather than the CPU usr/sys. You can see it is at nearly 100% which would indicate that it is not using hardware acceleration. Did you disable your VPN, as that was consuming some CPU time in your earlier post?

 

[stalker780]

I was actually interested in the sirq rather than the CPU usr/sys. You can see it is at nearly 100% which would indicate that it is not using hardware acceleration. Did you disable your VPN, as that was consuming some CPU time in your earlier post?

Yes. VPN Server is off.

Speed results are just the same as they were right after installing firmware and hard reset.
So this problem is repeated out of the box. Without tuning any settings. I didn't run top command right after setup wizard, but seems it would show the same.

 

[ColinTaylor]

@stalker780 Can you confirm what setting you have for WAN > Internet Connection > WAN Connection Type