What's new

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I had originally posted this in the Wireless-N forum but it had been suggested that it should be here, my error....


Currently running a WRT-54GL (tomato) with wireless turned off as my router behind the ISP modem. This acts as the DHCP and fire wall. I have update everything behind the router to 1G ports and AC1750 WiFi.
I have been offered a RT-N16 to use as a replacement for the 54GL (because the N16 has 1G ports)
The real feature that I'm using currently under tomato is monitoring data usage of attached devices, but I am interested in implementing OpenVPN.

I come to ask of the merlin – fork forum,
  1. Can I do data usage monitoring in Merlin (fork)?

  2. Can I implement OpenVPN as well?
I could go and buy a 'newer' router – but I thought I’d explore this option first.

If I were to buy a new router what would be the current suggestion? (Dont need much - 1G ports, OpenVPN, data monitoring, 2.4/5 radio(s) )

Thanks for taking the time to read
 
Actually, short answer is yes and no....

I had originally posted this in the Wireless-N forum but it had been suggested that it should be here, my error....


Currently running a WRT-54GL (tomato) with wireless turned off as my router behind the ISP modem. This acts as the DHCP and fire wall. I have update everything behind the router to 1G ports and AC1750 WiFi.
I have been offered a RT-N16 to use as a replacement for the 54GL (because the N16 has 1G ports)
The real feature that I'm using currently under tomato is monitoring data usage of attached devices, but I am interested in implementing OpenVPN.

I come to ask of the merlin – fork forum,
Can I do data usage monitoring in Merlin (fork)?
Yes, but to do monitoring of individual addresses you will need to disable HW (NAT) acceleration. This will limit your WAN speeds to around 120-150 Mbps. So part of the evaluation needs to be what WAN speeds you need to support.
Can I implement OpenVPN as well?
Not with the out of the box firmwares (there may be one fork that does it, but not this one, and Merlin has stopped supporting the N16 on his latest releases). The N16 is constrained by its installed memory and generally doesn't have the space required to support all the other features as well as OpenVPN. You will also be limited to a speed of about 8-10 Mbps if you run on one of the MIPS based routers.
I could go and buy a 'newer' router – but I thought I’d explore this option first.

If I were to buy a new router what would be the current suggestion? (Dont need much - 1G ports, OpenVPN, data monitoring, 2.4/5 radio(s) )
I still think the sweet spot right now is the AC1900 class routers (both because of wifi and the rest of the internals). Since you have already upgraded your wifi infrastructure, looking for an AC56 or AC68 in the Asus product line would probably be a good match (whatever you could get the best price on). These will support WAN speeds in the neighborhood of 300Mbps with the traffic monitoring enabled and OpenVPN speeds will be in the neighborhood of 50Mbps.
 
Last edited:
Hey John9527. Thanks for this FW. It has served me well for quite some time. However, since I flashed V23E4, my Xbox One S could no longer connect to the 5Ghz wifi.

I took the plunge and went with Merlins 380.65_4. It seem to work fine, but I guess I'm screwed now if I would like to use your FW again? Downgrading is no longer possible from 380.6X as far as I understand?
 
Hey John9527. Thanks for this FW. It has served me well for quite some time. However, since I flashed V23E4, my Xbox One S could no longer connect to the 5Ghz wifi.

I took the plunge and went with Merlins 380.65_4. It seem to work fine, but I guess I'm screwed now if I would like to use your FW again? Downgrading is no longer possible from 380.6X as far as I understand?
You can go back to this fork using the Asus Firmware restoration tool.

As far as the Xbox problem.....one of thing about this fork is that the wireless doesn't change......so I can't explain any problem there.
 
hey @john9527 , before I flash back latest, I am going to send you privately current syslog, since I can confirm that I had none of the reported issues anymore after over 5 days uptime with v22.
and somehow it might be relevant since I did not change the vpn client configuration (it is provided by nordvpn, latest is exactly as the one I was using, and there is none of the statements you suggested).

client
dev tun
proto udp
remote 185.145.38.236 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

remote-cert-tls server

#mute 10000
auth-user-pass

comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-auth>


would you like me to try them anyway?
If you don't have time to follow up right now, I would stay with v22 since it works perfectly :)

Sorry for the delay....been tied up with a lot of personal 'stuff'......

I did take a look at the log, and there is nothing unusual from the base router view. The address you pinpointed looked perfectly normal, only showing DHCP renew on schedule.

But, your VPN connect is another story....it's bouncing up and down on an hourly basis. You are another NordVPN user, and it appears as if they have migrated their servers to 2.4.x, and V23 is the first release to move to 2.4.0. In this config it looks like they are pushing custom keepalive and inactive timers to your client, along with using the new ciphers.

So, a couple of things to check/try in your custom config

if you have a keepalive statement, remove it (I've seen problems where a mismatch between client and server causes disconnects)

try adding
inactive 0
push "inactive 0"

finally, try disabling the new ciphers
set Cipher Negotiation to disabled in the gui
add
ncp-disable
to the custom config.
 
John, I'm starting to suspect that some of the PIA issues are resolved in 2.4.1. I'm not sure if you're still with 2.4.0, but I would consider upgrading. At least two users confirmed having no issue after updating to my alpha 3 build, where the only change that I can remember was the upgrade to 2.4.1.
 
John, I'm starting to suspect that some of the PIA issues are resolved in 2.4.1. I'm not sure if you're still with 2.4.0, but I would consider upgrading. At least two users confirmed having no issue after updating to my alpha 3 build, where the only change that I can remember was the upgrade to 2.4.1.
What kind of issues have you seen (been reported)? I also am a PIA user on Johns current with 2.4.0 and as far as I can tell, it's been working fine.

Code:
/# openvpn --version
OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 23 2017
library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
 
John, I'm starting to suspect that some of the PIA issues are resolved in 2.4.1. I'm not sure if you're still with 2.4.0, but I would consider upgrading. At least two users confirmed having no issue after updating to my alpha 3 build, where the only change that I can remember was the upgrade to 2.4.1.
It's actually nordVPN having the difficulties......they've upgraded their servers to some level of 2.4 so the cipher negotiation and new 'stuff' kicks in.

I've also identified what appears to be a problem with 'auth-nocache'. It looks like if you use it the ping checks aren't restarted after a key renegotiation. By default the key is updated every hour for me, and with auth-nocache I get a ping-restart exactly 120 sec after the new key is set (again the default).

This is on 2.4.1, included in my current beta.
 
Will you be rolling it into the stable branch? Or are you planning to run your N+1 branch into production already? Would feel better to have one more round........ (Cause everything is working peachy...)
 
What kind of issues have you seen (been reported)? I also am a PIA user on Johns current with 2.4.0 and as far as I can tell, it's been working fine.

Client failing to properly reconnect when the TLS key reotation occurs.
 
@john9527: Do you think you could update the dnscrypt-resolvers list in the next beta, please? There are some new ones I'd like to try... :)
 
Client failing to properly reconnect when the TLS key reotation occurs.
Now that you mention it, I have seen some tunnel drops during key renegotiation. I wrote them off as flukes.

Looking at my tunnel right now though, it has been up for about 4 days. So maybe I am already outside of the "issues" window, as it has obviously renegotiated in the meantime.
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top