[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[mustafa803]

I decided not to force this issue by rebooting and just wait for it to happen again without my interference. We were having a thunderstorm and the power went out for a split second. This happened 2-3 times in a matter of minutes but the router did not turn off nor did any other electronic device and the issue happened again of not being to establish a connection.

I was casting my phone on the tv using chromecast. Both the tv and the chromecast are attached to the router by ethernet. I then logged into the router using my phone but I did not change anything. Then I logged into the router using my PC that is attached by ethernet and changed the DNS on the WAN page to automatic. Then I was able to establish a connection.

DHCP is set to aggressive

I was using Norton Family DNS.

Here is the syslog.

I removed the IpV6 and replaced it by (!!)
I removed the Wan IP and replaced it by (!!!)
I removed the DDNS and replaced it by (xxx.xxx.xxx.xx)

 

[maurer]

a big thanks for your work. john !
is there any chance to backport security changes from Asus's latest beta 380.2985:
- Fixed User-Agent buffer overflow.
- Fixed null ptr dereference in https issue.
- Fixed buffer overflow issues.
- Modified brute-force protection mechanism in router login page.
- Fixed CVE-2015-6949 buffer overflow issue.
- Fixed Web server Accept-Language buffer overflow.
- Fixed Web server URL handler buffer overflow.
- Fixed CSRF and XSS vulnerability.
- Enhanced router login password and wireless password(WPA2) strength check method to against brute-force attack.
- Reject administrator to set too easy to guess login and wireless password to avoid brute-force attack.
- Fixed CSRF and XSS vulnerability when router is in default status (user does not set the router yet)
- Modified the access rights of account mode and share mode to asusware.platform path when lighttpd server is enabled.
- Modified the access rights to specific port of UPnP server.
- Updated lighttpd server version to 1.4.39
- Restricted access from wan method to enhance security.
- Changed Telnet default access interface.

 

[slobodan]

The problems from 380 do not necessarily exist in John's fork. Maybe they do, maybe they don't.

 

[RMerlin]

A lot of those fixes are impossible to track down in the source code, as there is no reference as to what part of the code was changed to fix it. "Fixed buffer overflow issues." for instance could be anywhere in the hundred of thousands of lines of code.

A few of these would technically be doable, like this one:

Updated lighttpd server version to 1.4.39

And this one:

Changed Telnet default access interface.

should be doable (same for httpd and sshd which received similar changes). These basically are only making the services bind to specific interfaces rather than all available interfaces.

 

[john9527]

DHCP is set to aggressive

Please set this to Normal....some ISPs will temporarily 'blacklist' your ip if they receive too many DHCP requests in a short period.

Jun 26 22:34:21 WAN Connection: Ethernet link up.

This occurs several times in your logs and indicates the router to modem connection is being reset. Please check your modem logs to see if it's restarting, and for completeness, I'd replace your modem/router Ethernet cable with a good quality cat5e or cat6 cable. Some problems may only show up during the initial negotiation on the port.

 

[wiz]

Sorry, but this is beyond the scope of the fork. The traffic monitor code is a bit cryptic and undocumented, and I'm reluctant to mess with anything there.

John,

No need to be sorry. If it cannot not simply done we go without, it is no big deal.

 

[Trebuin]

John or Merlin,
Under tools/other settings, we have the option to disable disc spin down. Currently, I have it disabled because it takes about a min to spin up my drive which I use as a server. Would it be possible to add an option to enable this only during certain times of the day, i.e.: 10pm-7am? This would save me quite a bit on my electric bill.

 

[john9527]

John or Merlin,
Under tools/other settings, we have the option to disable disc spin down. Currently, I have it disabled because it takes about a min to spin up my drive which I use as a server. Would it be possible to add an option to enable this only during certain times of the day, i.e.: 10pm-7am? This would save me quite a bit on my electric bill.

I don't think either of us would like to add another scheduler to the code....but, I think you can do it via scripts.

Disable spindown (save as /jffs/scripts/disablespindown.sh)

#!/bin/sh
nvram set usb_idle_timeout=0
nvram commit
service restart_sdidle

Enable spindown (save as /jffs/scripts/enablespindown.sh)

#!/bin/sh
nvram set usb_idle_timeout=[set to your desired timeout in seconds]
nvram commit
service restart_sdidle

And then set up some cron jobs to run them (save as /jffs/scripts/services-start)

#!/bin/sh
# Only enable spindown at night
cru a EnableSpindown "0 22 * * * /jffs/scripts/enablespindown.sh"
cru a DisableSpindown "0 7 * * * /jffs/scripts/disablespindown.sh"

 

[cvx01]

John,

First, thanks very much for continuing to support this fork! This rocks overall and I just picked up a AC68U because of this.

Second, I've checked these threads but I'm coming up empty on an issue...

The traffic monitor on v18B9 for some reason seems to be duplicating stats (not exact, but close) across both upload and download. I've previously reset the router after coming to the latest beta's, reset the traffic log, tried everything I could think.

Any ideas or something I'm missing?

 

[john9527]

The traffic monitor on v18B9 for some reason seems to be duplicating stats (not exact, but close) across both upload and download. I've previously reset the router after coming to the latest beta's, reset the traffic log, tried everything I could think.

Any ideas or something I'm missing?

I've seen this reported sporadically across just about all Merlin based levels, but this is the first time I can remember it being seen on this fork. As far as I know, nobody has been able to figure it out, and I've never see it myself.

What type of connection do you have (Automatic, PPPoE, etc)?
Is the internet traffic coming from a wired or wireless connection?
Any 'special' configuration (per IP monitoring, Parental Controls filters, VPN, etc)?

Best I can come up with right now, is to pare any options down to the bare minimum, and see if it still happens.

 

[cvx01]

I've seen this reported sporadically across just about all Merlin based levels, but this is the first time I can remember it being seen on this fork. As far as I know, nobody has been able to figure it out, and I've never see it myself.

What type of connection do you have (Automatic, PPPoE, etc)?
Is the internet traffic coming from a wired or wireless connection?
Any 'special' configuration (per IP monitoring, Parental Controls filters, VPN, etc)?

Best I can come up with right now, is to pare any options down to the bare minimum, and see if it still happens.

Thank you for the quick reply. I have a static IP , but but setup isn't out of the ordinary. Everything else on my LAN/WAN setup is pretty much stock. No VPN. No QOS. No Dual WAN, No IPV6, Port Forwarding is turned on for one port.

The issue seems to be related to NAT acceleration. I switched NAT acceleration from "Level 1 CTF" to "Off" - Problem Solved!

I then turned NAT acceleration from "Off" to "Level 1 CTF" and the problem returned

Below are additional details if needed:

Model RT-AC68U
Firmware Version 3.0.0.4.374.43_2-18B9j9527
Firmware Build Tue Jun 7 04:54:36 UTC 2016 root@13f480b
Bootloader (CFE) 1.0.2.5
Driver version wl0: Apr 25 2014 11:16:33 version 6.37.14.86 (r456083)
Features mssid 2.4G 5G update usbX2 switchctrl manual_stb pwrctrl WIFI_LOGO nandflash ipv6 PARENTAL2 dnsfilter dualwan pptpd printer modem wimax openvpnd HTTPS webdav cloudsync media appnet vpnc timemachine diskutility repeater psta wl6 optimize_xbox wifi_tog_btn nfsd dnssec user_low_rssi ufsd reboot_schedule
CPU Model ARMv7 Processor rev 0 (v7l) - (Cores: 2)
CPU Frequency 1000 MHz

 

[swede]

Is it possible to run a Tor relay directly on Asus RT-N66U with Merlin Fork Firmware.

I am running 374.43_2-16BGj9527 at the moment.

I want to give something like 2Mb/s up and down.

I saw some mentioning of Tor on RMerlin's github

If it is possible are there any guides?

 

[Andi P]

Hi John,

first of all let me say: Your firmware fork saved my life (or better, the one of my Asus AC68U router). I was already going mad I had regular connection drops in 2.4 GHz band on my company laptop, but your fork finally gave me the right pointer. It was the regulation setting, which makes all issues going away finally. So I am very happy now.

Now I have two follow-up questions:
Please don't flame me if these questions have been asked already, was not able to find something via search functions.

1) dropbear connections from internet (wan) although not open rom internet??

I enabled SSH on the router on standard port 22, but explicitely configured it to NOT listen for connections from WAN interface.
I should also mention, my AC68U is connected behind a cable router whish uses Carrier Grade NAT, so nobody can really connect to the WAN port from outside as I do not have a public IP (cable internet line goes into cable router, cable router plugged into wan port of AC68U).
So I was very surprised I saw a lot of attempts to break into my AC68U from public internet addresses.
And I struggle to understand where this comes from? (I even considered I might have a trojan somewhere on one of my devices, but this also does not make sense).
Is there any reasonable explanation for this? For the time being I changed the SSH port to something unusual, and then the attempts in the system log were gone. Weird.

2) User interface

Before your fork I used standard Asus firmware + Merlin firmware. I noticed their latest firmware versions have a more modern interface (especially when it comes to login screen in the very beginning, but also later on the system monitoring tabs etc).
I just wonder if there is a reason behind, why the UI of the fork is so much different?
I assume it is built on top of an older version of the UI, but would like to confirm that.
It is not a biggie, just I liked the more modern interface very much. However I prefer having functionality over UI of course.

Thanks for quick answers. I only really concerned about point 1, the second one is nice-to-know.

(I had a third question still yesterday, but cannot remember anymore, sorry, hehe)

Thanks
Andi

 

[dlandiss]

John or Merlin,
Under tools/other settings, we have the option to disable disc spin down. Currently, I have it disabled because it takes about a min to spin up my drive which I use as a server. Would it be possible to add an option to enable this only during certain times of the day, i.e.: 10pm-7am? This would save me quite a bit on my electric bill.

How much do you hope to save? A drive consuming 6 watts would use about 1kWh running for a solid week. Here in Missouri that's about a dime.

 

[slobodan]

@Andi P If you have an internet connection, you could be portscanned and attacked, CGN or not. Many years ago, every internet connection got attacked 14 times a day. I suppose now is more.

Dropbear does not listen on WAN if you set it like that.

 

[jrbdmb]

I am currently running the 11E1 fork release, which has been working fine for me for the past year or so. I turned on QOS last night to resolve issues between my two sons (one who plays LOL and is complaining that his pings go thru the roof when the other son starts using Netflix. )

This made me think that I should check on my firmware level. What I want to ask is if I do need QOS, but not the Bandwidth Limiter, what is an appropriate firmware to use for now? I prefer not to run with a beta, but it sounds like 17E8 has QOS issues. Is an older release (pre 17) appropriate, or are there other fixes such as OpenSSL updates that should have me upgrade to 17E8 or 18B9? Thanks for the info.

Edit - just found a post from John dated Mar-13-16 that suggests updating at least to 16E1 to get OpenSSL version 1.0.2e. Wonder if the update to 1.0.2g in the 17 firmware is also considered critical.

 

[Andi P]

@Andi P If you have an internet connection, you could be portscanned and attacked, CGN or not. Many years ago, every internet connection got attacked 14 times a day. I suppose now is more.

Dropbear does not listen on WAN if you set it like that.

Hm, but then I do not understand how attempts to the routers SSH interface can be possible from external IP addresses outside of my LAN.
This is weird... I will try to further investigate that.

Thanks
Andi

 

[jrbdmb]

One other (slightly) unrelated question - would you expect that new Asus N66U and AC66U routers purchased from sellers like Amazon would come with the recent Asus 3.0.0.4.380_3000 firmware that is not flashable to one of the Merlin or fork builds?

 

[john9527]

Hm, but then I do not understand how attempts to the routers SSH interface can be possible from external IP addresses outside of my LAN.
This is weird... I will try to further investigate that.

Thanks
Andi

If you have the ability to connect to your LAN, so does anyone else. I am scanned continuously on various ports, primarily SSH-22 and telnet-23. It doesn't make a difference if you have the service enabled or not (I have telnet disabled and SSH internal LAN only and moved to a different port). Also see various other ports.....a popular one lately is trying the Netis router exploit (port 53413).

 

[Andi P]

If you have the ability to connect to your LAN, so does anyone else. I am scanned continuously on various ports, primarily SSH-22 and telnet-23. It doesn't make a difference if you have the service enabled or not (I have telnet disabled and SSH internal LAN only and moved to a different port). Also see various other ports.....a popular one lately is trying the Netis router exploit (port 53413).

Ok, so you say they just try to scan port 22 from outside, and even though I have configured SSH to not listen on the wan interface, these logs are normal? (this is an UK ip address, I am in Germany):

Jul 7 18:09:39 RT-AC68U-3228 authpriv.info dropbear[8260]: Child connection from 5.152.214.240:9224
Jul 7 18:09:39 RT-AC68U-3228 authpriv.warn dropbear[8260]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:09:40 RT-AC68U-3228 authpriv.warn dropbear[8260]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:09:40 RT-AC68U-3228 authpriv.warn dropbear[8260]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:09:40 RT-AC68U-3228 authpriv.info dropbear[8260]: Exit before auth: Exited normally
Jul 7 18:32:28 RT-AC68U-3228 authpriv.info dropbear[8359]: Child connection from 5.152.214.240:9224
Jul 7 18:32:29 RT-AC68U-3228 authpriv.warn dropbear[8359]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:32:30 RT-AC68U-3228 authpriv.warn dropbear[8359]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:32:30 RT-AC68U-3228 authpriv.warn dropbear[8359]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:32:30 RT-AC68U-3228 authpriv.info dropbear[8359]: Exit before auth: Exited normally
Jul 7 18:55:27 RT-AC68U-3228 authpriv.info dropbear[8467]: Child connection from 5.152.214.240:9224
Jul 7 18:55:28 RT-AC68U-3228 authpriv.warn dropbear[8467]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:55:28 RT-AC68U-3228 authpriv.warn dropbear[8467]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:55:28 RT-AC68U-3228 authpriv.warn dropbear[8467]: Login attempt for nonexistent user from 5.152.214.240:9224
Jul 7 18:55:29 RT-AC68U-3228 authpriv.info dropbear[8467]: Exit before auth: Exited normally

I thought when I have ssh disabled for WAN, it will not even show up in the logs.

Thanks
Andi