[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[coldwizard]

See this post....
http://www.snbforums.com/threads/fork-update-for-374-43-available.18914/page-41#post-157359

From the reading I did, it's basically a quirk in INVALID state processing that can sometimes hit packets it shouldn't.

You should not delete the INVALID state rule. I believe one of it's purposes is to block invalid packets that hackers use like xmas configured packets.

I should tell you that my network is subneted over two routers and I can print from one subnet to a printer in the other IPV4 subnet with no problems. My configuration is even a little more complicated than that, the guest port on the gateway router is also on its own bridge. The second router (running in router mode with NAT disabled) is connected to that port with it's own subnets (both IPV4 and IPV6).

Reading top down what I have is

Internet connection
|
Gateway router
- some ports and the WiFi are private network (IPV4 -1/ IPV6-1)
- the printer is connected to this private network (wired)
- some ports are split off onto a br3 bridge forming my guest network (IPV4-2/IPV6-2)
- custom iptables rules limit the guest network to just the Internet or the printer. Also of course DHCP and DNS on the router itself.
|
| one of the guest ports is connected router#2
|
Router#2
- gets its wan connection DHCP from the Gateway router for both IPV4/IPV6 (It also gets a delegated IPV6 prefix)
- Its WiFi and network have guest access since the port it is connected to is limited to guest.
- It is configured with NAT disabled.
- It serves out it's network to (IPV4-3 / IPV6-3)
|
Notebook obtains an IPV4-3 and IPV6-3 address.

I hope that makes sense. Anyway from the Notebook on IPV4-3 network I can print to the printer on IPV4-1 network. It also works if the notebook is connected to either IPV4-2 or IPV4-1 locations. Because of my custom iptables, when connected to the IPV4-3 network, the notebook cannot connect to anything else on the IPV4-1 network.

And before you ask:
- The IPV4 networks are all normal /24 mask
- The IPV6 networks are all /64 mask
- Yes IPV6 also works between the subnets where permitted by the firewall.
- No I do not use the GUI to configure the subnet routing. I had the configure the br3 in scripts so just added the IPV4/IPV6 routing there.

 

[john9527]

Hi again everyone.

Summary of current issues I have here.

First thanks to john for adding the mtu fix to radvd for ipv6 connections.

So here is list.

1 - when making adjustments on the ipv6 page and hitting apply, the router sometimes will become unresponsive, in windows network settings, the router gets listed as unknown and lan traffic to it stops working. Rebooting the router works, and the setting is applied after the reboot. I had this issue even before you started the fork so is an old problem but didnt report it as I was not sure if was down to me not starting from a clean config, this time however I did use a clean config so hence this report, also I dont think all settings cause the issue, it seems to only occur when ipv6 is currently active on the router.

Never had this happen to me, but the only IPv6 I have to test with is a 6in4 HE tunnel. One thing you might try instead of a reboot, is just to refresh the page with the browser control.

2 - radvd caused an issue on my router when trying to connect to a broken gateway on my isp, so an explanation is this, my isp's new gateways do not work properly with ipv6, its their fault, but the gateway I connect to is random so sometimes I will connect to a broken one, when this happens radvd is hanging whilst trying to start and this hangs the entire /sbin/init process, when using the service command such as to restart dnsmasq, it will fail with a message saying "waiting for radvd to start" and init process is using 99% cpu all the time. As a workaround I disabled radvd on the ipv6 configuration page and will manually start it as when I need it and when I know I am on a good gateway.

If it's hung like that, it's probably not something I can easily detect, like with a return code on the start command. So, I pulled an update for radvd to the lastest version in the 1.x release stream (current version is 1.10, pulled 1.15). I'm a bit hesitant to try and jump to the 2.x stream for fear of breaking things. I don't know if this will behave better for you, but it may be worth a shot. I'll send you a link to a test version.

3 - The restore config feature seems broken, so I came back to merlin firmware after using shibby for a bit, and installed the same version I last used so matched the version I had when I backed up the config, when I restored the config only a few settings were restored, but about 70-80% were not restored. So I pretty much did everything from scratch (I reset and setup again).

Again, I've never had a problem here. There can be problems with the 'stock' ASUS save/restore which Merlin fixed. Are you sure you're using a .CFG gen'd by a Merlin release (or the fork)? BTW, based on this, I've added the code level to the save file name for V11 to avoid any confusion in the future.

4 - when stopping openvpn client it is not clean. So my openvpn config applies some static routes when started, looking at the log these apply cleanly, however when stopping I see lines like this in the log (this is only a few of the lines)
"Apr 11 16:55:58 rc_service: httpd 322:notify_rc stop_vpnclient1
Apr 11 16:55:58 openvpn[6450]: event_wait : Interrupted system call (code=4)
Apr 11 16:55:58 openvpn[6450]: /usr/sbin/ip route del 149.255.98.15/32
Apr 11 16:55:58 openvpn[6450]: ERROR: Linux route delete command failed: external program exited with error status: 2
Apr 11 16:55:58 openvpn[6450]: /usr/sbin/ip route del 217.156.128.0/17
Apr 11 16:55:58 openvpn[6450]: ERROR: Linux route delete command failed: external program exited with error status: 2
Apr 11 16:55:58 openvpn[6450]: /usr/sbin/ip route del 208.91.156.0/22
Apr 11 16:55:58 openvpn[6450]: ERROR: Linux route delete command failed: external program exited with error status: 2
Apr 11 16:55:58 openvpn[6450]: /usr/sbin/ip route del 199.127.192.0/22
Apr 11 16:55:58 openvpn[6450]: ERROR: Linux route delete command failed: external program exited with error status: 2
Apr 11 16:55:58 openvpn[6450]: /usr/sbin/ip route del 195.27.0.0/16"

Apparently this is a fairly common occurrence with OpenVPN implementation which sometimes tries to delete routes that have already been deleted. If you check your routing table, you'll see that they have been removed. Not planning to do anything with this, for fear of breaking something.

Thanks I am now on the latest stable version 374.43_2-10j9527 (Merlin fork)

 

[john9527]

You should not delete the INVALID state rule. I believe one of it's purposes is to block invalid packets that hackers use like xmas configured packets.

I pulled that suggested fix from another thread where someone had the same issue, and this was the only solution that worked for them (if you do a search on 'state INVALID' you can find it. The OP already has confirmed that it works in his situation.

Any suggestions you have for a better solution would be appreciated. One possibility I know is that I could generate an ACCEPT rule specific to the subnet in question, but that was additional work for a fairly unique situation. Maybe you could contact the OP to see if he would want to work with you.

 

[coldwizard]

I pulled that suggested fix from another thread where someone had the same issue, and this was the only solution that worked for them (if you do a search on 'state INVALID' you can find it. The OP already has confirmed that it works in his situation.

Any suggestions you have for a better solution would be appreciated. One possibility I know is that I could generate an ACCEPT rule specific to the subnet in question, but that was additional work for a fairly unique situation. Maybe you could contact the OP to see if he would want to work with you.

Searching ...
I did find this thread from Jun 2013

http://www.snbforums.com/threads/static-routes-not-working-as-expected-in-asuswrt-merlin.11429/

And post #12 in that thread describes the flow of packets over an asymmetric path that creates their problem. For a VPN an asymmetric path is a routing problem. The root of the problem is with the configuration of the VPN server. While the poster discovered the asymmetric path, they did not recognize that it was a routing problem.

I will continue searching to check that all other mentions of this problem involve a VPN before suggesting a solution for the VPN server configuration and Asus iptables.

Edit: not security problem I first thought

 

[Chrysalis]

yeah I forgot to mention the openvpn routes do get deleted. So your comment regarding it been duplicate del commands is plausible.

 

[miniterror]

Hello all,

Running this fork for uite some time now witout problems.
One question though, is it possible to redirect users who log in to WiF get redirected to a webpage by default?
I know it is a option in dd-wrt to chieve thi but i prefer the Asus GUI more

Thx in advance

 

[jlschwartz]

What is the suggested power setting for an RT-N66U that should be used for this fork. It defaults to 80 with the max of 200. Should you increase the setting to 150? Also, are there any other recommended settings for this router? Thanks in advance for any help.

 

[guma77]

What is the suggested power setting for an RT-N66U that should be used for this fork. It defaults to 80 with the max of 200. Should you increase the setting to 150? Also, are there any other recommended settings for this router? Thanks in advance for any help.

http://forums.smallnetbuilder.com/showthread.php?t=19262&page=5

 

[ColinTaylor]

http://forums.smallnetbuilder.com/showthread.php?t=19262&page=5

That doesn't apply as the OP has an RT-N66U not and AC68U. The nvram variables are different.

To answer the OP. The power setting is not fine-grained. Setting any value above 80 is the same as setting it to 200.

 

[TomazO]

I have installed FW update-10 to my N66U.
Is there any wiki page for possible settings (telnet commands nvram ... )for region selection and power change for maximizing transmit range?
On 5G I only have 4 channels (probably for EU), If I remember well from 36 to 48.

Ty and regards, TomazO!!

EDIT:
will those commands work on R66U for removing country specific limitations, those are from AC68U:

nvram set 0:ccode=#a
nvram set 1:ccode=#a
nvram set 0:regrev=0
nvram set 1:regrev=0
nvram set wl0_country_code=#a
nvram set wl0_country_rev=0
nvram set wl0_reg_mode=off
nvram set wl1_country_code=#a
nvram set wl1_country_rev=0
nvram set wl1_reg_mode=off
nvram commit
reboot

And those for setting TX power to 80m:

nvram set wl0_TxPower=80
nvram set wl_TxPower=80
nvram set wl1_TxPower=80

 

[benganb]

Is it ok to use backup settings from one version of the fork and restore to another?
In my case from 6 to 10?

 

[L&LD]

Is it ok to use backup settings from one version of the fork and restore to another?
In my case from 6 to 10?

Only if you use NVRAM SAVE / RESTORE Utility.

http://www.snbforums.com/threads/user-nvram-save-restore-utility.19521/


If you use the built in config backup save / restore feature, you are asking for un-trackable bugs and gremlins in the operation of your router.

 

[john9527]

Is it ok to use backup settings from one version of the fork and restore to another?
In my case from 6 to 10?

Well....actually when moving between fork versions, you could (there is no change in the wireless drivers/parameters between fork versions). But, the real question is what are you trying to accomplish. If you are trying to do a 'factory reset' to make sure things are as they should be, doing the restore from an existing .CFG file will just put things back exactly as they were before the reset. In that case, the utility @L&LD references would be the way to go. I'd recommend reading the sticky Merlin created on NVRAM save/restore for a good explanation of how this all works.
http://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/

 

[louie604]

I tired searching, but couldn't find the answer (maybe I'm just blind)... is this based off the SDK6 wireless drivers or the SDK5 drivers?

Edit: Nevermind, I'm just blind. These are based of the .43 which uses the SDK6 drivers.

Edit 2: I have a n66u and want it to be fast and reliable with good wireless and Openvpn client support... would this fork be better, or would the latest from Merlin (378.52_2) be better? (Sorry if I sound n00b... after reading everything, I ended up getting more confused than anything.)

 

[Deleted member 22229]

I tired searching, but couldn't find the answer (maybe I'm just blind)... is this based off the SDK6 wireless drivers or the SDK5 drivers?

Edit: Nevermind, I'm just blind. These are based of the .43 which uses the SDK6 drivers.

You are correct SDK6 driver.

 

[tim28taft]

john9527 says " The drivers are the sdk6 drivers that were available when the original Merlin release was made back in June 2014 with what is known as 'Engineering Mode' enabled for the N66. Most people find this pretty close to the sdk5 drivers. " in regards to rt-n66

 

[vaszago]

I'm on the current Merlin 378.52 on my ac68R. Can I flash the Merlin fork 374.43_2.

Do I have to pay attention. Bootloader or something else

 

[john9527]

I'm on the current Merlin 378.52 on my ac68R. Can I flash the Merlin fork 374.43_2.

Do I have to pay attention. Bootloader or something else

The AC87U isn't supported by the fork (it didn't exist when the base code for the fork came out).
For the AC68U, you certainly can try it....just need to do a reset to factory defaults after loading the fork firmware. There are no concerns with the bootloader version, it works with both the 32M or 64M versions.

 

[vaszago]

Thanks

 

[RogerSC]

Really liking this firmware with the Asus RT-AC68P, doing great here, has made this my go-to router. John, any thoughts about picking up RMerlin's new cosmetics for the wireless log? The new format is easier on the eyes and more accessible, but the information is there in the current format as well. I realize that merging new stuff into an older framework isn't easy, but it would be nice.

Just curious if you've given this any thought? And what those thoughts might be *smile*?