[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[ColinTaylor]

Yes, you are correct on all counts. I used to be able to talk to the modem but no more, I can't even ping it but my internet still works.

Strange. Maybe they pushed out a firmware update that changed something.

My specific model of hub is the VMDG485. I normally run it in "modem only" mode, but for the last few days I've had it in wireless router mode. In both case I could access its interface on 192.168.100.1. In wireless router mode I could also access the same interface at its default LAN address of 192.168.0.1.

Have you changed the Asus' default LAN subnet from 192.168.1.1/255.255.255.0?

 

[john9527]

Hi,

I have a RT-N66U running software 374.43_2-22E4j9527. Everything works as it has done since I started to use the "John" fork a long time ago. Everything that is except I cannot contact the modem not even ping works. As I understand it, it should be on 192.168.100.1 it certainly was in the past but no longer. It is supposed to have a web interface for adjustments etc.

Help please - baffled.


Bob.

By default you can't get to the modem since it's on a different subnet (not sure how everyone else says they are doing it unless they forgot some extra setup is necessary )

Here's what I use.....make or add to /jffs/scripts/nat-start and /jffs/scripts/wan-start

/jffs/scripts/nat-start

#!/bin/sh

# Allow modem access
iptables -t nat -I POSTROUTING -o `nvram get wan0_ifname` -j MASQUERADE

exit

/jffs/scripts/wan-start

#!/bin/sh

# Allow modem access (also nat-start)
ifconfig `nvram get wan0_ifname`:0 192.168.100.2 netmask 255.255.255.0

exit

 

[ColinTaylor]

By default you can't get to the modem since it's on a different subnet (not sure how everyone else says they are doing it unless they forgot some extra setup is necessary

It has always confused me why people have problems with this. There is no problem accessing 192.168.100.1 from the LAN, assuming the device in question actually listens on that address. Traffic for 192.168.100.1 is treated like any other non-local traffic and routed through the default gateway.

It depends how the modem in question has been designed. I get the impression that folks in the US have problems accessing the modem, whereas it's never been a problem with any devices I've seen issued by UK ISP's.

 

[mightyoakbob]

Hi John, thanks for dropping by to help.

Honestly, I've never before had a problem contacting the modem and I've just been in contact with a friend who can still talk to his with no mods anywhere at all. Is this something recent in the software?

I think I could just about manage you two code segmants above not that I understand a word of it but should that be 192.168.100.1 and nor 100.2?

Thanks.

Bob.

 

[john9527]

It depends how the modem in question has been designed. I get the impression that folks in the US have problems accessing the modem, whereas it's never been a problem with any devices I've seen issued by UK ISP's.

Could be...I've always needed it for my Surfboard....

I think I could just about manage you two code segmants above not that I understand a word of it but should that be 192.168.100.1 and nor 100.2?

No....100.2 is correct. And no changes to the firmware that would affect this....must be something on the provider end.

 

[cybrnook]

@john9527

Could you briefly explain the different drop-down options you have under the NAT Acceleration settings? (Thinking off of memory, but I think I saw something like level 1 ,2 ,3 )

NM, found it. Thanks

"In Asus's particular case (since it's the one I'm most familiar with - someone else could fill us up on the other manufacturers), they are handling this as a "Hardware acceleration level". Level 1 is just traditional CTF. Level 2 is traditional CTF + FA. One coming product that does support both levels will have to downgrade from Level 2 to Level 1 when one of the new features they are adding will be enabled."

https://www.snbforums.com/threads/broadcoms-hardware-acceleration.18144/

 

[jrmwvu04]

I've always been able to access the modem GUI at 192.168.100.1 with no additional setup or configuration. US, with a surfboard 6121 and now a 6141.

 

[bigzdog]

AC56R
Firmware tried with same issue
Merlin 380.65
Merlin-LTS 22E4
Stock 3.0.0.4.380.7266

ISP Comcast 85mbps

Recently replaced my old E2000 running Tomato USB Shibby with the AC56R running firmwares listed above. I have also cleared the NVRAM after each firmware upgrade.

Problem: I attempted to download about 40 1GB files using my download manager. Each file had 10 connections to the server totaling ~400 connections.

After 5-10 minutes downloading this, all downloads stopped and timed out. I was not able to navigate to any webpage in my browser, or even bring up the router web interface via IP. Would just spin loading.

I can ping my router during this time. I can ping any website successfully and the DNS lookup works properly. I cannot load any pages through any browser. Chrome FF or IE

This problem persists until I either reboot the computer or the router. I have tried unplug/replug network cable, but no good, only a reboot.

I can reliably recreate this issue by attempting to download any files in great enough number.

I am able to successfully download the files if I limit either the number of simultaneous downloads or limited number of connections per file. Seems to be related to the number of total connections?

I have this same issue with 3 different devices in my network I tested. All were running Win10, not sure it matters. It only affects the device that was downloading the files. Other devices are not affected and can continue to browser the web.

I regularly downloaded files this large and larger and in greater number with my old E2000 with no issue so it must be something with the Asus router, but I am unsure of what it could be.

400 connections should be nothing for this router. Have any ideas?

 

[john9527]

400 connections should be nothing for this router. Have any ideas?

Cross posting ....discussion in
https://www.snbforums.com/threads/t...er-to-stop-responding-for-one-computer.37815/

 

[bigzdog]

Cross posting ....discussion in
https://www.snbforums.com/threads/t...er-to-stop-responding-for-one-computer.37815/

Whoops. It affected both Merlin and LTS builds so I posted both in Merlin forum and LTS thread.

 

[Andi P]

Hi all,

quick question... Does anyone know a way to get nut (network ups tools) running on an ac68?

I will get a ups for my router and switches tomorrow, so wonder if anyone came across that already?

Thanks
Andi

 

[Santiago C]

Hi all,

quick question... Does anyone know a way to get nut (network ups tools) running on an ac68?

I will get a ups for my router and switches tomorrow, so wonder if anyone came across that already?

Thanks
Andi

Hi,

It is available in Entware. Never used though...

admin@AC68U:/tmp/home/root# opkg find nut
nut - 2.7.4-2 - Network UPS Tools (NUT) is a client/server monitoring system that
 allows computers to share uninterruptible power supply (UPS) and
 power distribution unit (PDU) hardware. Clients access the hardware
 through the server, and are notified whenever the power status
 changes.

 

[atkinsom]

I'm trying to use the openvpn server for the first time on my AC 68U running the lastest John build v22e4. Very straight forward setup with username/password authentication. Using all the defaults on Server 1 and exported the opvn config file for testing. However I keep getting errors in the windows client and IOS openvpn client gives me a x509 the certificate format is invalid. I can't figure out what is going wrong as the process seems very easy. Please see the error below and let me know if something is amiss with the vpn server certs my router is generating. Thanks very much

EDIT:

Resolved by setting the VPN server back to default and rebooting the router. Setup as a very basic user/pass auth and now it works fine. Thanks

 

[john9527]

Time for the next release!
Quite a few security updates and backports from the the latest Merlin/ASUS code, as well as some bug fixes and new fork functions.

Please take the time to read the changes in the first post or the README.pdf in the download directory for details.

For this release, all users (both MIPS and ARM based routers) should have a backup of /jffs just in case

Enjoy...and thanks again to everyone for their continued support!

LATEST RELEASE: Update-23E1
27-February-2017
Merlin fork 374.43_2-23E1j9527
Download http://bit.ly/1YdgUcP
============================

A couple of the key updates:

• Security updates to OpenSSL, OpenVPN, DNSCrypt and Samba
• Support for specifying the Source IP on port forward rules
• JFFS space for ARM routers expanded form 32M to 64M
• Local name resolution for external IPv6 addresses
• Fix for gui rendering under Chrome 56
• Improvement in support for Dual WAN

SHA256

767f8600e5e47f9e573d832006eba94dd106cdaf9648c33e37e9cdc377a501f9  RT-AC68U_3.0.0.4_374.43_2-23E1j9527.trx
a0eb2437367b02c92c09e40590393d79b26d86c0d04f284ac2c45ceb14a58605  RT-AC56U_3.0.0.4_374.43_2-23E1j9527.trx
5db1814e4b6f7c59cde45190e002b4f0646b7ebf2612314625e5ff7e58f54a9d  RT-N16_3.0.0.4_374.43_2-23E1j9527.trx
5b22ce41f7b2584005024bb2098b8501df284f70c10bc4a29da37b4461297a2f  RT-AC66U_3.0.0.4_374.43_2-23E1j9527.trx
1743bd9069f22dd7cf7a26b8d622f73078cf7c58c6e367820261890beb4f5ba5  RT-N66U_3.0.0.4_374.43_2-23E1j9527.trx

 

[cybrnook]

So far loaded up fine. Expansion to 64MB worked fine as well....

Could you explain a little more on the "pia-signal-settings" options you have added. Outside of using the standard 1194 port, and choosing AES128CBC etc.... you ask to add the option "pia-signal-settings" in the custom config area, what happens then? (I use PIA currently with a manually configured tunnel, that works fine with similar settings. Would additional settings specific to PIA become available to me if I use this? I see you added a few more c certs in the zip folder.)

 

[john9527]

So far loaded up fine.

Could you explain a little more on the "pia-signal-settings" options you have added. Outside of using the standard 1194 port, and choosing AES128CBC etc.... you ask to add the option "pia-signal-settings" in the custom config area, what happens then? (I use PIA currently with a manually configured tunnel, that works fine with similar settings. Would additional settings specific to PIA become available to me if I use this? I see you added a few more c certs in the zip folder.)

Basically, if you use this option, with port 1194 selected, can you can change the Cipher and Auth methods in the gui without having to manually change the certs. This implemented the commands that PIA uses in it's native client apps.

 

[john9527]

With all the questions about possible hacking, here's quick command you can run logged into the router that will show all recent gui/ssh logins/logouts....

cat /tmp/syslog.log | grep -E 'login|Password|Exited'

I have yet to see any unusual activity on my router (I have web and ssh access from WAN disabled).

 

[Uncle_Gadget]

First of all, many thanks to John and Merlin for keeping up with this project and allowing us to do ever greater and better things with our routers!

I own a couple of domains that I'm partially using with a hosting service. What I'd like to do is use a couple of subdomains, locally, on my home network. I've tried using dnsmasq.conf.add and hosts.add to try and force my router to resolve these locally for parts of my internal network (NAS, Raspberry Pi's, etc.). The reason I want to use these domain names is that I would like to eventually use my Let's Encrypt certs on these devices.

The problem I'm having is that I can find no method to force the subdomains to resolve locally. dnsmasq.conf.add and hosts.add aren't working at all. Everything resolves using my WAN DNS, no matter what I've tried. I'm assuming this is happening because of the method I'm using to configure my OpenVPN Client.

I'm posting links to photos of my various router configs (rather than filling up everyone's browser with images) in the hope that someone might offer a solution. If I neglected to include anything, let me know and I'll add it right away.

• Link to my OpenVPN Client configuration
• Link to my DNS Filters Settings
• Link to my LAN - DHCP Settings
• Link to my WAN Interface Settings
• Link to my LAN IP Settings

Relevant Information​

• Router Model: RT-AC68U
• Firmware: 374.43_2-22E4j9527
  
• I'm using DNS filters because DNS is very spotty with my VPN Provider (ipVanish) without forcing here.

I realize that I could probably solve this by editing the hosts files of my local clients. However, due to the quantity and complexity of the various devices, I'm hoping that isn't the only way to make this work.

All thoughts and ideas are welcome and appreciated!

 

[cybrnook]

Basically, if you use this option, with port 1194 selected, can you can change the Cipher and Auth methods in the gui without having to manually change the certs. This implemented the commands that PIA uses in it's native client apps.

Would one need to manually upload the certs in the zip file prior to setting this option, or have you already included them in the build and are just providing them in a zip file as well so we can see whats already rolled in?

 

[john9527]

Would one need to manually upload the certs in the zip file prior to setting this option, or have you already included them in the build and are just providing them in a zip file as well so we can see whats already rolled in?

No, you still need to load one of the certs. I know that the ca_rsa2048.crt and ca_rsa4096.crt certs in the zip file both work.