[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[FatherLandDescendant]

@FatherLandDexcendant No problem Welcome to the forums.

Thanks...

Misspelling my user name is going to bug the crap out of me

 

[ColinTaylor]

Misspelling my user name is going to bug the crap out of me

Maybe send a PM to @thiggins and see if he can change it for you.

 

[db9]

I had originally posted this in the Wireless-N forum but it had been suggested that it should be here, my error....


Currently running a WRT-54GL (tomato) with wireless turned off as my router behind the ISP modem. This acts as the DHCP and fire wall. I have update everything behind the router to 1G ports and AC1750 WiFi.
I have been offered a RT-N16 to use as a replacement for the 54GL (because the N16 has 1G ports)
The real feature that I'm using currently under tomato is monitoring data usage of attached devices, but I am interested in implementing OpenVPN.

I come to ask of the merlin – fork forum,

1. Can I do data usage monitoring in Merlin (fork)?
   
   
2. Can I implement OpenVPN as well?

I could go and buy a 'newer' router – but I thought I’d explore this option first.

If I were to buy a new router what would be the current suggestion? (Dont need much - 1G ports, OpenVPN, data monitoring, 2.4/5 radio(s) )

Thanks for taking the time to read

 

[john9527]

Actually, short answer is yes and no....

I had originally posted this in the Wireless-N forum but it had been suggested that it should be here, my error....


Currently running a WRT-54GL (tomato) with wireless turned off as my router behind the ISP modem. This acts as the DHCP and fire wall. I have update everything behind the router to 1G ports and AC1750 WiFi.
I have been offered a RT-N16 to use as a replacement for the 54GL (because the N16 has 1G ports)
The real feature that I'm using currently under tomato is monitoring data usage of attached devices, but I am interested in implementing OpenVPN.

I come to ask of the merlin – fork forum,
Can I do data usage monitoring in Merlin (fork)?

Yes, but to do monitoring of individual addresses you will need to disable HW (NAT) acceleration. This will limit your WAN speeds to around 120-150 Mbps. So part of the evaluation needs to be what WAN speeds you need to support.

Can I implement OpenVPN as well?

Not with the out of the box firmwares (there may be one fork that does it, but not this one, and Merlin has stopped supporting the N16 on his latest releases). The N16 is constrained by its installed memory and generally doesn't have the space required to support all the other features as well as OpenVPN. You will also be limited to a speed of about 8-10 Mbps if you run on one of the MIPS based routers.

I could go and buy a 'newer' router – but I thought I’d explore this option first.

If I were to buy a new router what would be the current suggestion? (Dont need much - 1G ports, OpenVPN, data monitoring, 2.4/5 radio(s) )

I still think the sweet spot right now is the AC1900 class routers (both because of wifi and the rest of the internals). Since you have already upgraded your wifi infrastructure, looking for an AC56 or AC68 in the Asus product line would probably be a good match (whatever you could get the best price on). These will support WAN speeds in the neighborhood of 300Mbps with the traffic monitoring enabled and OpenVPN speeds will be in the neighborhood of 50Mbps.

 

[db9]

John9527
Thank you for taking the time to answer...

Cheers

 

[CerB]

Any problems going from 13E1 to the newest update ? been away for a while, have the A1 version

 

[Muyfa666]

Hey John9527. Thanks for this FW. It has served me well for quite some time. However, since I flashed V23E4, my Xbox One S could no longer connect to the 5Ghz wifi.

I took the plunge and went with Merlins 380.65_4. It seem to work fine, but I guess I'm screwed now if I would like to use your FW again? Downgrading is no longer possible from 380.6X as far as I understand?

 

[john9527]

Any problems going from 13E1 to the newest update ? been away for a while, have the A1 version

I am guessing that by A1 version you are referring to the AC68U. You should have no problems (but it's always a good idea to make note of your settings/backup jffs just in case a factory reset becomes necessary ). Here's an example of someone who went from 06 to 20 release.
https://www.snbforums.com/threads/f...leases-v23e4-v24b8.18914/page-228#post-286365

 

[john9527]

Hey John9527. Thanks for this FW. It has served me well for quite some time. However, since I flashed V23E4, my Xbox One S could no longer connect to the 5Ghz wifi.

I took the plunge and went with Merlins 380.65_4. It seem to work fine, but I guess I'm screwed now if I would like to use your FW again? Downgrading is no longer possible from 380.6X as far as I understand?

You can go back to this fork using the Asus Firmware restoration tool.

As far as the Xbox problem.....one of thing about this fork is that the wireless doesn't change......so I can't explain any problem there.

 

[Muyfa666]

I see. Oh well. I'll try Merlins for a bit and if I don't like it I may try next update of yours. Thanks.

 

[cowst]

hey @john9527 , before I flash back latest, I am going to send you privately current syslog, since I can confirm that I had none of the reported issues anymore after over 5 days uptime with v22.
and somehow it might be relevant since I did not change the vpn client configuration (it is provided by nordvpn, latest is exactly as the one I was using, and there is none of the statements you suggested).

client
dev tun
proto udp
remote 185.145.38.236 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

remote-cert-tls server

#mute 10000
auth-user-pass

comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-auth>

would you like me to try them anyway?
If you don't have time to follow up right now, I would stay with v22 since it works perfectly

Sorry for the delay....been tied up with a lot of personal 'stuff'......

I did take a look at the log, and there is nothing unusual from the base router view. The address you pinpointed looked perfectly normal, only showing DHCP renew on schedule.

But, your VPN connect is another story....it's bouncing up and down on an hourly basis. You are another NordVPN user, and it appears as if they have migrated their servers to 2.4.x, and V23 is the first release to move to 2.4.0. In this config it looks like they are pushing custom keepalive and inactive timers to your client, along with using the new ciphers.

So, a couple of things to check/try in your custom config

if you have a keepalive statement, remove it (I've seen problems where a mismatch between client and server causes disconnects)

try adding
inactive 0
push "inactive 0"

finally, try disabling the new ciphers
set Cipher Negotiation to disabled in the gui
add
ncp-disable
to the custom config.

 

[RMerlin]

John, I'm starting to suspect that some of the PIA issues are resolved in 2.4.1. I'm not sure if you're still with 2.4.0, but I would consider upgrading. At least two users confirmed having no issue after updating to my alpha 3 build, where the only change that I can remember was the upgrade to 2.4.1.

 

[cybrnook]

John, I'm starting to suspect that some of the PIA issues are resolved in 2.4.1. I'm not sure if you're still with 2.4.0, but I would consider upgrading. At least two users confirmed having no issue after updating to my alpha 3 build, where the only change that I can remember was the upgrade to 2.4.1.

What kind of issues have you seen (been reported)? I also am a PIA user on Johns current with 2.4.0 and as far as I can tell, it's been working fine.

/# openvpn --version
OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 23 2017
library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09

 

[john9527]

John, I'm starting to suspect that some of the PIA issues are resolved in 2.4.1. I'm not sure if you're still with 2.4.0, but I would consider upgrading. At least two users confirmed having no issue after updating to my alpha 3 build, where the only change that I can remember was the upgrade to 2.4.1.

It's actually nordVPN having the difficulties......they've upgraded their servers to some level of 2.4 so the cipher negotiation and new 'stuff' kicks in.

I've also identified what appears to be a problem with 'auth-nocache'. It looks like if you use it the ping checks aren't restarted after a key renegotiation. By default the key is updated every hour for me, and with auth-nocache I get a ping-restart exactly 120 sec after the new key is set (again the default).

This is on 2.4.1, included in my current beta.

 

[cybrnook]

Will you be rolling it into the stable branch? Or are you planning to run your N+1 branch into production already? Would feel better to have one more round........ (Cause everything is working peachy...)

 

[RMerlin]

What kind of issues have you seen (been reported)? I also am a PIA user on Johns current with 2.4.0 and as far as I can tell, it's been working fine.

Client failing to properly reconnect when the TLS key reotation occurs.

 

[ajp2k14]

@john9527: Do you think you could update the dnscrypt-resolvers list in the next beta, please? There are some new ones I'd like to try...

 

[john9527]

@john9527: Do you think you could update the dnscrypt-resolvers list in the next beta, please? There are some new ones I'd like to try...

telnet/ssh to the router and enter

dnscrypt-update-resolvers.sh

Like magic

 

[ajp2k14]

telnet/ssh to the router and enter

dnscrypt-update-resolvers.sh

Like magic

Nice, thanks great wizard!

 

[cybrnook]

Client failing to properly reconnect when the TLS key reotation occurs.

Now that you mention it, I have seen some tunnel drops during key renegotiation. I wrote them off as flukes.

Looking at my tunnel right now though, it has been up for about 4 days. So maybe I am already outside of the "issues" window, as it has obviously renegotiated in the meantime.