[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[john9527]

Biggest reason is because it's the default.
Also I use local LAN resolving and if I hover over that item, it says something about not working if on yes.

Typically you should set to Yes (I may change the default). The warning would come into play if for instance you were running your own DNS server on your LAN and forwarding local queries to it.

 

[Builder71]

... (I may change the default). ...

That will do it!

I changed it to Yes and all seems OK so far.
Thx.

 

[BloodFX]

Getting this with latest build with cloudflare on roundrobin with strict dnssec enforcement, am I doing something wrong? or is this normal?

Dec 3 19:24:24 dnsmasq[1372]: Insecure DS reply received, do upstream DNS servers support DNSSEC?
Dec 3 19:24:24 dnsmasq[1372]: Insecure DS reply received, do upstream DNS servers support DNSSEC?

 

[john9527]

Getting this with latest build with cloudflare on roundrobin with strict dnssec enforcement, am I doing something wrong? or is this normal?

Dec 3 19:24:24 dnsmasq[1372]: Insecure DS reply received, do upstream DNS servers support DNSSEC?
Dec 3 19:24:24 dnsmasq[1372]: Insecure DS reply received, do upstream DNS servers support DNSSEC?

Unfortunately, that's expected from Cloudflare with either GetDNS or Dnsmasq DNSSEC validation. It sends responses for some sites that are considered invalid. There are various theories as to what causes it...in most cases there is some problem with the DNSSEC configuration, but other services seem to accept it.

Only recourse right now is to use a different DoT server or switch to 'Server Only' validation with Cloudflare.

 

[BloodFX]

Unfortunately, that's expected from Cloudflare with either GetDNS or Dnsmasq DNSSEC validation. It sends responses for some sites that are considered invalid. There are various theories as to what causes it...in most cases there is some problem with the DNSSEC configuration, but other services seem to accept it.

Only recourse right now is to use a different DoT server or switch to 'Server Only' validation with Cloudflare.

Awesome thanks will try that.

 

[bbunge]

John 9527 Early release that included DoT had the ability to download an updated server file for Stubby. With the latest update is this still needed? Do I need to undoo the NVRAM change to go back to the built in server file?

 

[john9527]

John 9527 Early release that included DoT had the ability to download an updated server file for Stubby. With the latest update is this still needed? Do I need to undoo the NVRAM change to go back to the built in server file?

Still there via 'stubby-update-resolvers.sh'...
There isn't a lot of changes going on, but I just did push an update that added a new server in Luxenborg...

 

[Gravityz]

@john.
where do i put the ssl certificates?
it seems that these are not stored on jffs in the fork while merlin is using this method

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-SSL-certificates

 

[john9527]

@john.
where do i put the ssl certificates?
it seems that these are not stored on jffs in the fork while merlin is using this method

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-SSL-certificates

Yes, the procedure is a bit different since the ssl cert normally resides in nvram. Here's how to do it for the fork.

login to the router
mkdir -p /jffs/ssl
ln -sf /jffs/ssl /jffs/https
copy cert.pem and key.pem to the /jffs/ssl directory
tar -czf /jffs/ssl/cert.tgz /jffs/ssl/cert.pem /jffs/ssl/key.pem
nvram set https_crt_file=/jffs/ssl/cert.tgz
nvram set https_crt_save=1
nvram commit
service restart_httpd

EDIT: added the link 'ln' command

 

[powerleakin]

Hello guys, I have a really quick question, hoping you guys can chime in!
(I waded through the pages but could not locate the answer, sorry!)

I am getting a used N66U from a friend, and have trouble deciding between the E or L build.

If coverage and throughput is priority, would you reckon I install the latest L build then?

Thanks in advance!

 

[atkinsom]

Hello guys, I have a really quick question, hoping you guys can chime in!
(I waded through the pages but could not locate the answer, sorry!)

I am getting a used N66U from a friend, and have trouble deciding between the E or L build.

If coverage and throughput is priority, would you reckon I install the latest L build then?

Thanks in advance!

The results will vary with each user and environment. I had my friend try his N66U with each build and test for a week. At the end of the day he didn't notice any discernible difference in his environment so he kept using the E build. The nice thing is you can go back and forth on both builds without using any asus recovery tools. Good luck.

 

[Gravityz]

thanks John.
for testing i am first trying to get it to work on my synology.
since i do not have a domain name on the synology i am using the ip address but it seems chrome is not accepting this.(NET::ERR_CERT_COMMON_NAME_INVALID)
i do not want outside accesss to synology that is why i do not use a domain name(i use openvpn to get access from outside)

Yes, the procedure is a bit different since the ssl cert normally resides in nvram. Here's how to do it for the fork.

login to the router
mkdir -p /jffs/ssl
ln -sf /jffs/ssl /jffs/https
copy cert.pem and key.pem to the /jffs/ssl directory
tar -czf /jffs/ssl/cert.tgz /jffs/ssl/cert.pem /jffs/ssl/key.pem
nvram set https_crt_file=/jffs/ssl/cert.tgz
nvram set https_crt_save=1
nvram commit
service restart_httpd

EDIT: added the link 'ln' command

 

[powerleakin]

The results will vary with each user and environment. I had my friend try his N66U with each build and test for a week. At the end of the day he didn't notice any discernible difference in his environment so he kept using the E build. The nice thing is you can go back and forth on both builds without using any asus recovery tools. Good luck.

Thanks for the answer! I will try to test both too if I get the time.

If anyone else has any experience with E vs L for N66U will be happy to hear your thoughts about it too!

 

[Builder71]

Thanks for the answer! I will try to test both too if I get the time.

If anyone else has any experience with E vs L for N66U will be happy to hear your thoughts about it too!

Make sure you read post #1 from this thread and check the Installation Notes.
E is the recommended build. (And that is what I use.)
Let us know how it goes.

 

[powerleakin]

Make sure you read post #1 from this thread and check the Installation Notes.
E is the recommended build. (And that is what I use.)
Let us know how it goes.

Hi builder, I did read that post a few times, and am aware that E is recommended.

My query was if the L build, with the older drivers, still provide a range/throughout advantage compared to E, seeing that it is still being offered as an option.

And hence wanted to hear if other N66U users here have any thoughts on this, that would help me make a decision

 

[john9527]

Hi builder, I did read that post a few times, and am aware that E is recommended.

My query was if the L build, with the older drivers, still provide a range/throughout advantage compared to E, seeing that it is still being offered as an option.

And hence wanted to hear if other N66U users here have any thoughts on this, that would help me make a decision

The post by @atkinsom is the best advice. If I had to guess, I'd say 95% or more of the users see no difference....of the remaining users, half swear 'L' is better, half 'E'. As was said, once you update to one or the other, you can move between them via the gui without a factory reset required.

The 'L' vs 'E' debate actually seems to apply more to the AC68, where early rev AC68 routers that need to connect to older clients prefer the 'L' build.

 

[powerleakin]

The post by @atkinsom is the best advice. If I had to guess, I'd say 95% or more of the users see no difference....of the remaining users, half swear 'L' is better, half 'E'. As was said, once you update to one or the other, you can move between them via the gui without a factory reset required.

The 'L' vs 'E' debate actually seems to apply more to the AC68, where early rev AC68 routers that need to connect to older clients prefer the 'L' build.

Alright thanks for chipping in John!

Appreciate the feedback and agree with atkinsom’s idea.

Will go for E first, and see if it’s satisfactory.

Thanks again and keep up the great work!




Sent from my iPhone using Tapatalk

 

[drunki]

Hi John,

Thank you very much for the hard work !

Have switched from RMerlin build a couple of months ago and overclocked mine AC68U rev. A1 to 1200/800 with no issues.

I am surprised to see daily temps b/w 68-75 degrees with 82 max with no additional cooling, which seems very nice to me.

I use the latest "L" build.

All runs smoothly and has been rock solid for my basic setup.

Keep up the good work !

 

[Builder71]

Hi John,

Thank you very much for the hard work !

Have switched from RMerlin build a couple of months ago and overclocked mine AC68U rev. A1 to 1200/800 with no issues.

I am surprised to see daily temps b/w 68-75 degrees with 82 max with no additional cooling, which seems very nice to me.

I use the latest "L" build.

All runs smoothly and has been rock solid for my basic setup.

Keep up the good work !

Celsius or Fahrenheit?

 

[drunki]

Celsius it is. There is almost no impact on temps after the overclock, which is why I consider it to me normal.