[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[dave14305]

For me, since I work from home most of the time, my priority is that the family streaming Amazon Prime movies on the TV, or YouTube videos on other devices would not choke my work laptop that may be using Skype for Business (audio/screensharing) but mostly while connected to corp VPN. So I've added a rule for my laptop MAC to be in the High category.

I came to learn that my corporate VPN is using port 4500/udp so I was already covered in that scenario as well. But if I enable WiFi calling on my iPhone, it will also use udp 500 & 4500. So I moved the work PC to Medium but placed it above the VoIP rule to ensure it hits first.

 

[ColinTaylor]

I came to learn that my corporate VPN is using port 4500/udp so I was already covered in that scenario as well. But if I enable WiFi calling on my iPhone, it will also use udp 500 & 4500. So I moved the work PC to Medium but placed it above the VoIP rule to ensure it hits first.

I think my take away from all my experiments was that it's not really possible to say "use this, it's the best setup". Everyone has different devices, different usage patterns, different bandwidths, etc. At the end of the day QoS only has an effect when you are saturating your bandwidth (especially the upload bandwidth). In such a situation each individual has to look at their own bandwidth capacity and decide how much of it is required by certain services and how much is desired. For example, VOIP is latency sensitive but needs very little bandwidth. Amazon prime will use quite a lot of bandwidth for HD streaming but is still watchable in SD at lower bandwidth. Ultimately YMMV.

 

[dave14305]

I think my take away from all my experiments was that it's not really possible to say "use this, it's the best setup". Everyone has different devices, different usage patterns, different bandwidths, etc. At the end of the day QoS only has an effect when you are saturating your bandwidth (especially the upload bandwidth). In such a situation each individual has to look at their own bandwidth capacity and decide how much of it is required by certain services and how much is desired. For example, VOIP is latency sensitive but needs very little bandwidth. Amazon prime will use quite a lot of bandwidth for HD streaming but is still watchable in SD at lower bandwidth. Ultimately YMMV.

I agree. I'm just trying to establish a decent baseline so I can set-it-and-forget-it. I don't want too many rules, but just enough to know that I can work from home in peace and the family won't complain about "buffering".
The dork-factor comes when all is well and I want to understand better how it works.

 

[ColinTaylor]

I agree. I'm just trying to establish a decent baseline so I can set-it-and-forget-it. I don't want too many rules, but just enough to know that I can work from home in peace and the family won't complain about "buffering".
The dork-factor comes when all is well and I want to understand better how it works.

What are your ISP down/up speeds?

 

[dave14305]

What are your ISP down/up speeds?

Advertised as 250/25 Mbps. But when experimenting with the trendy bufferbloat tests, I settled on limits of 170/17. Haven't retested my raw bandwidth in a while.

 

[ColinTaylor]

Advertised as 250/25 Mbps. But when experimenting with the trendy bufferbloat tests, I settled on limits of 170/17. Haven't retested my raw bandwidth in a while.

I probably should have asked that question first. The reason being is that in my experience Traditional QoS on my RT-AC68U @ 1.2GHz becomes unreliable at speeds over about 210Mbps. The exact number varies, predominantly based on CPU speed*, but also the number of rules and the number of concurrent data streams. As such even though my download bandwidth is 380Mbps I have to cap it in QoS to 200Mbps. (When I started down this QoS rabbit hole my ISP speed was 150Mbps).

* That is the reason I overclock my router from 800MHz.

 

[Gar]

Why? What problems have you found in the current release?

No problems, just a general comment that security updates are likely available and welcome.

Also, unrelated, would like his opinion on the local caching issue and other stuff we have been discussing.

 

[NoSubstitute]

Hi!
Currently using Merlin 380.70 on my N66U, where I have disabled both radios and instead hooked up a Unify AP Lite for wifi. I don't have native IPv6 and don't use QoS, nor IPTV or VoIP, on my 1000/1000 Mbit line. All devices, apart from mobile phones, are wired, connected through four differently branded gigabit switches in each room.

Checkling the features of this firmware it seems to me that there's really no compelling reason for me change, is there? I should be able to keep it running as it is, until either the hardware completely breaks down, or some serious security flaw is discovered in the 380.70.

 

[dave14305]

Hi!
Currently using Merlin 380.70 on my N66U, where I have disabled both radios and instead hooked up a Unify AP Lite for wifi. I don't have native IPv6 and don't use QoS, nor IPTV or VoIP, on my 1000/1000 Mbit line. All devices, apart from mobile phones, are wired, connected through four differently branded gigabit switches in each room.

Checkling the features of this firmware it seems to me that there's really no compelling reason for me change, is there? I should be able to keep it running as it is, until either the hardware completely breaks down, or some serious security flaw is discovered in the 380.70.

It’s a worthwhile upgrade since your version hasn’t been updated in over a year. What maximum throughput are you getting/losing with just the N66U powering your Gigabit connection?

To me, the thing about security updates is that it doesn’t necessarily take a single serious vulnerability to cause a breach, but many smaller vulnerabilities can be used in tandem to exploit a device/network. Better safe than sorry.

 

[NoSubstitute]

It’s a worthwhile upgrade since your version hasn’t been updated in over a year. What maximum throughput are you getting/losing with just the N66U powering your Gigabit connection?

To me, the thing about security updates is that it doesn’t necessarily take a single serious vulnerability to cause a breach, but many smaller vulnerabilities can be used in tandem to exploit a device/network. Better safe than sorry.

Hi, Dave, and thanks for responding.

Well, when I do speedtests, I'm getting 800+ down/900+ up, from bredbandskollen.se and speedtest.net, and that's while doing other things, like streaming music from Spotify or YouTube Music, at the same time as all my three kids are watching movies on the network, either locally from one of several NAS, or streaming from YouTube. The N66U is doing fine.

Sure, that's perfectly true about vulnerabilities. But, unless you're a target, combined vulnerabilites is much less of a threat than open published vulns.

 

[L&LD]

You are a target by being vulnerable.

Bots don't sleep.

 

[NoSubstitute]

You are a target by being vulnerable.

Yes, but I was hoping someone had a clue what that really means for N66U 380.70.

 

[L&LD]

Yes, but I was hoping someone had a clue what that really means for N66U 380.70.

For myself, all the older hardware is best used as a Media Bridge with any of the older firmware. Not as the main router for a home network anymore.

If you want current security patches, john9527's LTS firmware is highly recommended. Asus also released a new firmware on this old codebase (382.xx) for the RT-N66U too that you may want to try.

I'm sure john9527 will in due time include anything new Asus may have offered in their recent release if he hasn't had it in his firmware for a long time already.

 

[ColinTaylor]

Yes, but I was hoping someone had a clue what that really means for N66U 380.70.

Security and bug-fix wise John's firmware pretty much tracked what Merlin was doing up until the point when he stopped supporting the N66U on 8th April 2018. So I guess the question you need to ask yourself is, is there anything since then that you should be concerned about? To answer that you could look at the change log and make your own value judgement.

https://github.com/john9527/asuswrt-merlin/blob/374.43_2-update/Changelog.txt

P.S. I tried posting the relevant section of the change log but it exceeded the 1000 character post limit.

 

[NoSubstitute]

...
Asus also released a new firmware on this old codebase (382.xx) for the RT-N66U too that you may want to try.
...

Wow, that's nice of them, supporting such old hardware. Just a few weeks ago. Thanks for letting me know.

Still, it's hard to know if the fixes they include are even a thing on Merlin's 380.70 fw, or if they are/were stuff broken in ASUS' own fw.

 

[NoSubstitute]

...

https://github.com/john9527/asuswrt-merlin/blob/374.43_2-update/Changelog.txt

P.S. I tried posting the relevant section of the change log but it exceeded the 1000 character post limit.

Yeah, I downloaded john9527's zip for N66U and did a few searches in the changelog.txt, and got no hits for the fixes mentioned in Asus' changelog.

 

[NoSubstitute]

Actually, I assume that any fw with a dev that keeps working on the code will be more secure than something that is left for dead (read: too old, and too different from current hardware). Again, impressed with Asus here, releasing such a late update. I'll put down a note for myself to upgrade during summer, if I don't just go out and get myself a new router. Maybe without wifi, this time, as I'm really liking the Unify.

 

[ColinTaylor]

Yeah, I downloaded john9527's zip for N66U and did a few searches in the changelog.txt, and got no hits for the fixes mentioned in Asus' changelog.

John is pretty thorough when it comes to implementing security fixes. Most of the time the CVE's posted by Asus don't apply to this fork because it is based on a much older code base. I don't know about Asus' latest release because that came out after John's current release (you'd have to check the CVE's yourself).

 

[Deleted member 27741]

Been a long time since I rapped at ya. I have been playing around with QOS and have given up. It doesn't decrease latency spikes in the slightest, I'm unsure why. Instead- I have moved on to limiting speed- and that works very well.

I wonder if there is a way to have one IP address (let's call it x) "whitelisted" from the speed limiter (and all others limited)? I guess maybe I could just use two ip ranges one from 2 to (x-1) and the next from (x+1) to the last available address? That would necessitate I chop the bandwidth in an odd way but should work fine.

Anyone know if there is a way to bandwidth limit ALL BUT ONE IP address (with one limiting rule) using this firmware? I would like to "chop up" the bandwidth between one device and then all others.

 

[the_tourist]

I have been playing around with QOS and have given up. It doesn't decrease latency spikes in the slightest

I use QoS successfully here on Merlin LTS fork . I established my configuration based on a discussion I read on the Freshtomato-mips forum.

My router is an RT-N66U.

I adjusted the "Up Bandwidth" to 75% of the minimum I observed (after several tests) and the "Down Bandwidth" to 85% of the minimum also observed. It is also these settings that give me (after many tests) the lowest average Bufferbloat results in ms, in the detailed results of "dslreports": http://www.dslreports.com/speedtest/50662106
I have a constant rating of "A+" since I made these adjustments.

List of standards specified by the user:

TCP/UDP, DST port 1-5070, Transferred 0-1kb, class1 (Highest)
any, MAC address (VOIP interface), class2 (High)
TCP/UDP, DST port 1-5070, Transferred 0-64kb, class2 (High)
TCP/UDP, DST port 1-65535, Transferred 0-512kb, class3 (Average)
TCP/UDP, DST port 1-65535, Transferred 0-1024kb, class4 (Low)
TCP/UDP, DST port 1-65535, Transferred 1024kb+ class5 (Lowest)

Download and transmission limits:

1, 15%, 100%
2, 5%, 100%
3, 5%, 100%
4, 5%, 100%
5, 5%, 95% (Set as Default)

(same for both outbound and inbound)