What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

It's actively being updated with all the latest security fixes when they become available. So it's as secure as it can be. Probably more secure than the stock Asus firmware.
Oh sweet, thanks for the fast reply. I was just worried about installing this Firmware and somehow get access to my Internet or something. Not sure if that's possible for the developer but I'm still learning all this stuff.
 
Oh sweet, thanks for the fast reply. I was just worried about installing this Firmware and somehow get access to my Internet or something. Not sure if that's possible for the developer but I'm still learning all this stuff.

John has been developing this for years, and has his source code available on Github. I'd consider his code trustworthy.
 
Oh sweet, thanks for the fast reply. I was just worried about installing this Firmware and somehow get access to my Internet or something. Not sure if that's possible for the developer but I'm still learning all this stuff.
anything is possible, thats why u should educate yourself before diving in, read this thread as much as u can and use google
 
Oh sweet, thanks for the fast reply. I was just worried about installing this Firmware and somehow get access to my Internet or something. Not sure if that's possible for the developer but I'm still learning all this stuff.

It all depends on your level of paranoia and whether you trust the developer or not.

The source code are available on github, but none of that matters if in the end you're just downloading the firmware from the first page.
You're using binaries compiled by someone else and you don't know what's inside.

The safer method is to compile and build the image yourself. But if we're being nitpicky, you also need to verify and audit all the codes before compiling it.
Imho there's no point of compiling ourselves if we don't understand/verify the codes that we compile. Might as well just download the compiled binaries.
 
Last edited:
Sorry for being absent over the last couple of weeks, but I needed to spend some time on family commitments.

For coming back, I've posted a maintenance release which rolls up some things I had in the queue. I'll be trying to catch up on PM/posts over the next several days, but if you have an urgent issue, please repost to get it to the top. Thanks everyone.

LATEST RELEASE: Update-36E9/36L9
27-October-2018
Merlin fork 374.43_36E9j9527
Download http://bit.ly/1YdgUcP
============================

Changes:
  • dnsmasq updated to 2.80 final
  • dnsmasq updates to provide protection agains cert VU#598349
  • Fix for MIPS OpenVPN server not starting when not using username/password authorization - @000111
  • Fix for incorrect display of DNS servers in AP mode when using automatic DNS with LAN DNS servers specified on the parent router (this is a 'been there forever' problem just found :) ) - @wimpie
  • Add nvram variables for stubby_timeout and stubby_retries to allow for DoT tuning without the need for a postconf script - @000111
  • Prevent syslog being spammed with Insecure DNS reply messages if DNSSEC is enabled on a non-DNSSEC DNS server
  • Add custom script support for afp configuation - @jrmwvu04
  • dropbear: Wait to fail invalid usernames (backport from upstream)
  • Add OpenVPN option for lz4-v2 (backport)
  • Get default port forwarding description from services file if defined

SHA256
Code:
(Default Build - All supported routers)
29af47a26f07d5a4ed332ea48f1b501115ecf64cbea8051ef783b93f17115b80  RT-N16_374.43_36E9j9527.trx
31d108ccb2a5e862eb065c1c6533d1704d52a276e938457e09636606ae827c6f  RT-AC66U_374.43_36E9j9527.trx
10e29f346ccea3eed0613ea1fa93301439e3be7890d04e9fe305e7c75b175064  RT-N66U_374.43_36E9j9527.trx
4ea2892ce613e9f1c477748ad14eed76588b08793142c35488d3441da4aa0a44  RT-AC68U_374.43_36E9j9527.trx
1ec487f5dae145c07cb3458df086e185e1e6699e99d7f83c4890e747d8208788  RT-AC56U_374.43_36E9j9527.trx

(Legacy Only Builds)
64107a375750ad8050d420647b50ac64e144ae97af3f5211c491d1a798bd61b9  RT-AC68U_3.0.0.4_374.43_2-36L9j9527.trx
2f6d385326fa2f54f08d8107c339e8676dee53a753b65a51f8888e59512ee1a3  RT-AC56U_3.0.0.4_374.43_2-36L9j9527.trx
7dd9066fb9d330f5ec3113dcb4266f870db765cba613b17771e2e0f855f31aa2  RT-N16_3.0.0.4_374.43_2-36L9j9527.trx
ef1af667382b944ff938c64c52eae3fa0c92d3a0e3ca9252e7be8dd15c009122  RT-AC66U_3.0.0.4_374.43_2-36L9j9527.trx
55fe4563258f0e16487f446b21d1e2d5cbad66b0665d586901c98b09f4d3c93c  RT-N66U_3.0.0.4_374.43_2-36L9j9527.trx
 
Last edited:
Hi @john9527 While looking at this post I noticed that there's a slight cosmetic formatting error in the iptables output. It happens in both the iptables and iptables-save output.

Code:
# iptables -t mangle -A PREROUTING  -s 10.10.100.5 -j ROUTE --tee --gw 10.10.100.115

# iptables-save -t mangle | grep 115
-A PREROUTING -s 10.10.100.5/32 -j ROUTE--gw 10.10.100.115 --tee

# iptables -t mangle -L PREROUTING -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
CONNMARK   all  --  192.168.1.0/24       192.168.1.0/24       CONNMARK set-return 0x9/0x1ff
RETURN     all  --  192.168.1.0/24       192.168.1.0/24
CONNMARK   all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED CONNMARK restore mask 0x1ff
ROUTE      all  --  10.10.100.5          0.0.0.0/0           ROUTE gw:10.10.100.115 tee
 
Sorry for being absent over the last couple of weeks, but I needed to spend some time on family commitments.

For coming back, I've posted a maintenance release which rolls up some things I had in the queue. I'll be trying to catch up on PM/posts over the next several days, but if you have an urgent issue, please repost to get it to the top. Thanks everyone.

LATEST RELEASE: Update-36E9/36L9
27-October-2018
Merlin fork 374.43_36E9j9527
Download http://bit.ly/1YdgUcP
============================

Welcome back John.

No need for apologies.

Thank you for another update !

I'll flash it tonight and see how i get on.

Hi @john9527 While looking at this post I noticed that there's a slight cosmetic formatting error in the iptables output. It happens in both the iptables and iptables-save output.

Hi Colin

Will John have to correct this and re-release it ?
Just wondering whether to flash 36E9 now or wait a little while ?
 
Will John have to correct this and re-release it ?
Just wondering whether to flash 36E9 now or wait a little while ?
No, there's no need for a re-release. It's purely a cosmetic thing that's only of interest to people with OCD that like columns to line up. :D
 
No, there's no need for a re-release. It's purely a cosmetic thing that's only of interest to people with OCD that like columns to line up. :D
Need assistance with prioritizing my game packets on traditional QoS specifically in the section ‘User Defined QoS Rules’. Can’t use Adaptive QoS since Adaptive QoS won’t identify them, the game is Black Ops 4. I use Merlin Firmware (384.7_2) and have an 86u.
 
Need assistance with prioritizing my game packets on traditional QoS specifically in the section ‘User Defined QoS Rules’. Can’t use Adaptive QoS since Adaptive QoS won’t identify them, the game is Black Ops 4. I use Merlin Firmware (384.7_2) and have an 86u.
Your question is not relevant to this thread. Please don't triple post.
 
Hi @john9527 While looking at this post I noticed that there's a slight cosmetic formatting error in the iptables output. It happens in both the iptables and iptables-save output.

Code:
# iptables -t mangle -A PREROUTING  -s 10.10.100.5 -j ROUTE --tee --gw 10.10.100.115

# iptables-save -t mangle | grep 115
-A PREROUTING -s 10.10.100.5/32 -j ROUTE--gw 10.10.100.115 --tee

# iptables -t mangle -L PREROUTING -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
CONNMARK   all  --  192.168.1.0/24       192.168.1.0/24       CONNMARK set-return 0x9/0x1ff
RETURN     all  --  192.168.1.0/24       192.168.1.0/24
CONNMARK   all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED CONNMARK restore mask 0x1ff
ROUTE      all  --  10.10.100.5          0.0.0.0/0           ROUTE gw:10.10.100.115 tee


AHHHHHHHHH!!! MY EYES!!! KILL IT WITH FIRE!!! :) :)
 
Hi @john9527 While looking at this post I noticed that there's a slight cosmetic formatting error in the iptables output. It happens in both the iptables and iptables-save output.

Code:
# iptables -t mangle -A PREROUTING  -s 10.10.100.5 -j ROUTE --tee --gw 10.10.100.115

# iptables-save -t mangle | grep 115
-A PREROUTING -s 10.10.100.5/32 -j ROUTE--gw 10.10.100.115 --tee

# iptables -t mangle -L PREROUTING -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
CONNMARK   all  --  192.168.1.0/24       192.168.1.0/24       CONNMARK set-return 0x9/0x1ff
RETURN     all  --  192.168.1.0/24       192.168.1.0/24
CONNMARK   all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED CONNMARK restore mask 0x1ff
ROUTE      all  --  10.10.100.5          0.0.0.0/0           ROUTE gw:10.10.100.115 tee

The iptables-save one is actually important. The code uses iptables-save/iptables-restore in managing the firewall.....so with the bad iptables-save the restore fails and the firewall will be hosed.
(at least they are consistent.....you may remember I had already fixed iptables-save for webstr, account and trigger for the same problem)

EDIT: just verified two fixes for the next release
Code:
720159f4e iptables: fix iptables list formatting for ROUTE target
c04ce5790 iptables: fix iptables-save for ROUTE target
 
Last edited:
I am trying to configure wake on lan through a router.
- Through the utility in the web interface works.
- Through the application on anroid it works when the phone and the computer are on the same network (I wake on ip 192.168.1.255, port 9).
- Through the application on android it works when the PC is connected directly - without a router (I wake directly via external ip, port 9)

The most important thing does not work - through the application or the wakeonlan.me website, when the phone and the computer are in different networks.

In the settings of the router in dhcp there is a binding on the Mac, I tried to forward ports 7 and 9 udp, I tried to set dmz on this ip. Tried to turn off the firewall.
Firmware Merlin LTS fork 3.0.0.4.374.43_36E9j9527

What else i can to set up?
 
I am trying to move the stubby log. I changed the log location with this command in stubby.postconf-
pc_replace "/var/tmp/stubby" "/tmp/mnt/myusbdrive/syslog/stubby" $CONFIG

The line works fine and replaces the location in stubby.yml it looks like-
appdata_dir: "/tmp/mnt/myusbdrive/syslog/stubby"

but the log does not move. Any ideas?
Maybe appdata_dir just isn't the command that dictates the log location? ;)
The logfile location is hardcoded as part of the start command line for stubby (-F parameter), it isn't in the stubby.yml. appdata_dir is something else.
 
Hi John,

Can you give me a sanity :confused: check please regarding the "Save setting (NVRAM)" file. Has something changed with this recently? BTW I'm still on v36E4.

Because of the unrelated issue regarding Media Bridges in the other thread I switched my router to Media Bridge mode to do some testing. Before doing so I saved a copy of my NVRAM settings.

After I'd finished my experiments, rather than just switching back to Router Mode I just restored my NVRAM settings and rebooted. This is where it all went horribly wrong (serves me right for trying to be clever :rolleyes:).

No matter what I did the router wouldn't boot up properly. Long story short, I eventually did a factory reset (using the hardware button) and did a minimal configuration. After that I then tried to restore my NVRAM settings again.

A quick reboot later and I'm up and running again..... except I'm not.... quite. I repeated the above process a few times and what appears to be happening is that only some of the NVRAM variables are being restored. Fortunately my router makes a backup of the NVRAM every time it boots so I had something I could compare it to. My guess is that there is some sort of corruption that makes the NVRAM restore process fail part way through.

Using the WrtSettings.exe utility I tried to open my saved settings file (Settings_RT-AC68U_374.43_36.CFG) but it said it was in an unknown format. I tried the previous one (Settings_RT-AC68U_374.43_35.CFG) and it said the same. I then tried Settings_RT-AC68U_374.43__34.CFG and that opened OK. So I used this older file to restore my NVRAM, and everything was back to normal.

Using diff I determined what settings were not being restored and hence left at their default values. As NVRAM variables are not stored in any particular order they are fairly randomly spread.
Code:
+0:dot11agofdmhrbw202gpo=0x6533
+0:mcsbw202gpo=0x88653320
+0:mcsbw402gpo=0x88653320
+1:mcsbw205ghpo=0x88653320
+1:mcsbw205glpo=0x88653320
+1:mcsbw205gmpo=0x88653320
+1:mcsbw405ghpo=0x88653320
+1:mcsbw405glpo=0x88653320
+1:mcsbw405gmpo=0x88653320
+1:mcsbw805ghpo=0x88653320
+1:mcsbw805glpo=0x88653320
+1:mcsbw805gmpo=0x88653320
+VPNServer_mode=pptpd
+acc_list=admin>xxxxx
+acc_num=1
+acc_webdavproxy=admin>1
+acs_ifnames=eth1 eth2
+connstat_opt=0
+cron_loglevel=8
+ctf_disable=0
+ctf_fa_mode=2
+daapd_friendly_name=RT-AC68U-8A20
+ddns_cache=
+ddns_enable_x=0
+ddns_hostname_old=
+ddns_hostname_x=
+ddns_ipaddr=
+ddns_passwd_x=
+ddns_return_code=
+ddns_return_code_chk=
+ddns_server_x=
+ddns_server_x_old=
+ddns_status=
+dhcp_static_x=0
+dhcp_staticlist=
+dhcpc_mode=0
+diskmon_usbport=
+dns_norebind=0
+enable_ftp=0
+http_autologout=30
+ipv6_dns1=
+ipv6_dns_router=1
+ipv6_ifname=vlan2
+ipv6_prefix_s=
+ipv6_radvd=1
+ipv6_rtr_addr=
+ipv6_tun_addr=
+lan_ifnames=vlan1 eth1 eth2
+lfp_disable=0
+networkmap_fullscan=0
+nfsd_exportlist=
+ntp_update=1
+pptpd_mppe=0
+qos_addr_err=4
+qos_bw_rulelist=
+qos_enable=0
+qos_obw=
+qos_orates=80-100,10-100,5-100,3-100,2-95,0-0,0-0,0-0,0-0,0-0
+qos_sfql=1
+rstats_data=
+rstats_path=
+stubby_access=1
+stubby_noipv6=0
+stubby_nologs=0
+time_zone=GMT0
+time_zone_dstoff=
+time_zone_x=GMT0,
+usb_path2_diskmon_freq_time=
+vlan2ports=0 5
+vpn_client1_adns=0
+vpn_client1_custom=
+vpn_client1_password=
+vpn_client1_port=1194
+vpn_client1_proto=udp
+vpn_client1_rgw=0
+vpn_client1_userauth=0
+vpn_client_adns=0
+vpn_client_custom=
+vpn_client_password=
+vpn_client_port=1194
+vpn_client_proto=udp
+vpn_client_rgw=0
+vpn_client_userauth=0
+vpn_crt_client1_ca=
+vpn_crt_client1_crt=
+vpn_crt_client1_key=
+vpn_crt_server1_ca=
+vpn_crt_server1_ca_key=
+vpn_crt_server1_client_key=
+vpn_crt_server1_key=
+vpn_server1_cipher=AES-128-CBC
+vpn_server1_errno=4
+vpn_server1_state=-1
+vpn_server2_port=1195
+vpn_server_cipher=AES-128-CBC
+vpn_serverx_dns=
+vpn_upload_type=
+vpn_upload_unit=
+wan0_dns1_x=
+wan0_expires=597948
+wan0_ifname=vlan2
+wan0_lease=597923
+wan_bootdly=27
+wan_dns1_x=
+wan_dns=
+wan_ifnames=vlan2
+wan_ipaddr=0.0.0.0
+wandevs=vlan2
+wans_lanport=1
+wl0.1_ap_isolate=0
+wl0.1_bss_enabled=0
+wl0.1_ssid=ASUS_Guest1
+wl0.1_wpa_gtk_rekey=0
+wl0.1_wpa_psk=
+wl0_TxPower=80
+wl0_bw=0
+wl0_bw_cap=3
+wl0_chanspec=0
+wl0_itxbf=1
+wl0_maclist=
+wl0_maclist_x=
+wl0_txpower=100
+wl0_vifs=
+wl1_TxPower=80
+wl1_chanspec=0
+wl1_itxbf=1
+wl1_plcphdr=long
+wl1_reg_mode=off
+wl1_ssid=ASUS_5G
+wl1_txpower=100
+wl_TxPower=80
+wl_bw=0
+wl_bw_cap=3
+wl_chanspec=0
+wl_itxbf=1
+wl_maclist=
+wl_maclist_x=
+wl_txpower=100
 
Cant get vpn client to work exclusive dns :(

Logs are worth a thousand words. Specificity of conditions and logs are needed or else these complaints can be worthless. I think John eluded to this already.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top