[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[zboq]

Ok, so I have a SSH set to port 10022 and if I check on the http://canyouseeme.org/, it shows that the port is open.
I do have an access to SSH from WAN so this is normal.
But, still what I don't know is, if that message tell me that someone got access to router using that port ?.
There nothing more in the log about someone trying to login. Only accepted packet.
I'm a little bit precaution, because on previous rmerlin firmware someone was hacking my router and changing some settings like language and vpn stuff.

 

[ColinTaylor]

Ok, so I have a SSH set to port 10022 and if I check on the http://canyouseeme.org/, it shows that the port is open.
I do have an access to SSH from WAN so this is normal.
But, still what I don't know is, if that message tell me that someone got access to router using that port ?.
There nothing more in the log about someone trying to login. Only accepted packet.
I'm a little bit precaution, because on previous rmerlin firmware someone was hacking my router and changing some settings like language and vpn stuff.

Looks like standard port scanning. https://blackhat.directory/ip/77.72.85.107

 

[Scylla]

Maybe you should not use 1022, 10022, 1122, etc, because seems like it is becoming “standard” test by portscanner. If you want to obscure the port/service, try using mmyy or ddmm of your birthday! Easy to remember though

 

[zboq]

Maybe you should not use 1022, 10022, 1122, etc, because seems like it is becoming “standard” test by portscanner. If you want to obscure the port/service, try using mmyy or ddmm of your birthday! Easy to remember though

And that is exactly what I'm going to do

 

[treoer]

I have a RT-N16, I installed this firmware because I see it support OpenVPN but when I install I don't see the OpenVPN tab. It is something can be set up on my router?? Is there an instruction somewhere?

Thanks

 

[john9527]

I have a RT-N16, I installed this firmware because I see it support OpenVPN but when I install I don't see the OpenVPN tab. It is something can be set up on my router?? Is there an instruction somewhere?

Thanks

Sorry, but N16 doesn't have enough nvram space to do the openvpn configuration.

 

[Scylla]

RT-N16 OpenVPN information should be put at front OP..

 

[INeedYou]

I think you already have 99% ready for DoH protocol to work.

Both Cloudfare and Quad9 support DNSSEC, but do not support DNSCrypt. They do support DNS over TLS, but that isn't supported in the fork (yet....about 50% done).

 

[msilenus]

I did some googling around to pick a part, and found this thread:

https://www.snbforums.com/threads/rt-ac66u-increased-stability-after-replacing-power-supply.26326/​

That seems particularly on-point for me because I'm running a low-power HDD off the USB port with no external power for the drive. So I've gone ahead and ordered the beefy adapter the poster recommended.

Yes, it's been warmer today than yesterday. Heat could easily be contributing. I think that points toward the PS over something internal b/c the internal temps were looking fine, and it's more likely that the router's wall-wart got a bit buried than that the router itself did. I have the router mounted to a wall. Not a great location -it's behind some stuff- but air can move around back there and it's not going to get buried.

Pending the part's arrival I've unplugged the HDD to reduce power demands and will keep monitoring in that state. Thanks again for all the help!

Wanted to come back and report that the new AC adapter and power cable didn't fix things, and the unit seems to be deteriorating further. Just put in an order for an RT-AC86U.

Sad that I'll have to put my li' buddy down, but ... *sniff* I did all I could.

Thanks again for the help, everyone!

 

[krick]

If you have DNSSEC enabled, try disabling it.

I discovered more problems with 33E7. Both of my PS3 consoles were having the same issue as my phones. They would connect to the router and get an IP address but couldn't establish an Internet connection.

I unchecked Strict DNSSEC enforcement and disabled DNSSEC support but it made no difference. Those were the items that were suspected to be causing problems previously.

I had a night of gaming planned and I didn't want to spend too much time troubleshooting so I ended up flashing back to 32E4 and doing a factory reset, which got everything working again immediately.

Over the next few days, I'll experiment with fiddling with the few items that I ever change to see if any of them affect the PS3 connectivity in 32E4. Currently they are all at their default vales.

The only items that I ever change are...

Wireless -> General -> 2.4GHz

Channel Bandwidth = 20MHz
Control Channel = 6​

Wireless -> General -> 5GHz

Control Channel = 161​

Wireless -> Professional

Tx power adjustment = 100 mW​

WAN -> Internet Connection

Connect to DNS Server automatically = No
DNS Server1 = 1.1.1.1
DNS Server2 = 1.0.0.1
Enable DNSSEC support = Yes
Strict DNSSEC enforcement = Checked​

 

[krick]

Did something change with the way that IP address are assigned via DHCP between 32E4 and 33E7?

My understanding was that the router uses the device's MAC address through some kind of hashing algorithm to select an IP address to assign. The idea being that the same device will usually get assigned the same IP every time as long as there's not a hash collision.

It *seems* like after the firmware upgrade, machines were getting assigned different IP addresses. For example, my work laptop gave me a popup about the IP address being in use by another device on the network. The problem being that some devices on my network were not restarted and may have been sitting on IP addresses that were assigned to a different device. I have about 20 different devices on my network and I didn't think about restarting them all after the firmware upgrade as it's never been needed in the past.

I'm wondering if this could have been the cause of the connectivity issues that I was seeing.

EDIT: It looks like this DHCP hashing is a function of dnsmasq, which was recently updated. Maybe I'm onto something here.

 

[ColinTaylor]

@krick I'm still getting the same IP addresses as before.

 

[john9527]

EDIT: It looks like this DHCP hashing is a function of dnsmasq, which was recently updated. Maybe I'm onto something here.

No, no change in the way dnsmasq assigns ip addresses.....

One thing, Apple at one point thought it would be a good idea to 'rotate' their mac's for security reasons. This could create a conflict. Any new/updated Apple devices?

The only other thought I had,m is that their were some changes in ipv6. I saw Merlin in another thread recommended resetting your modem (power down for 15-30 minutes) to reset your ISP connection.

 

[tyspeed42]

Did something change with the way that IP address are assigned via DHCP between 32E4 and 33E7?

My understanding was that the router uses the device's MAC address through some kind of hashing algorithm to select an IP address to assign. The idea being that the same device will usually get assigned the same IP every time as long as there's not a hash collision.

It *seems* like after the firmware upgrade, machines were getting assigned different IP addresses. For example, my work laptop gave me a popup about the IP address being in use by another device on the network. The problem being that some devices on my network were not restarted and may have been sitting on IP addresses that were assigned to a different device. I have about 20 different devices on my network and I didn't think about restarting them all after the firmware upgrade as it's never been needed in the past.

I'm wondering if this could have been the cause of the connectivity issues that I was seeing.

EDIT: It looks like this DHCP hashing is a function of dnsmasq, which was recently updated. Maybe I'm onto something here.

I manually assign most of my lan enabled devices an ip address under LAN/DHCP SERVER, nothing changed when updated on 2 of my routers AC68W, AC68U.

We also have about 10 apple devices on my network, no wireless connection issues.

 

[krick]

No, no change in the way dnsmasq assigns ip addresses.....

One thing, Apple at one point thought it would be a good idea to 'rotate' their mac's for security reasons. This could create a conflict. Any new/updated Apple devices?

The only other thought I had,m is that their were some changes in ipv6. I saw Merlin in another thread recommended resetting your modem (power down for 15-30 minutes) to reset your ISP connection.

There's one iPhone on the network.

I have IPv6 disabled in the router so I'm not sure if that's applicable to my situation but I can try turning everything off for 30 minutes just in case.

I manually assign most of my lan enabled devices an ip address under LAN/DHCP SERVER, nothing changed when updated on 2 of my routers AC68W, AC68U.

Tonight I'm going to try re-flashing with 33E7, doing a factory reset, and then manually assigning IP addresses to all of my devices to see if that makes any difference.

 

[ColinTaylor]

For example, my work laptop gave me a popup about the IP address being in use by another device on the network. The problem being that some devices on my network were not restarted and may have been sitting on IP addresses that were assigned to a different device.

Has it only happened with this one device? When you connect a DHCP client to your network it will initially request the same IP address that it previously had. If it had been on your work network and it was using using the same subnet (i.e. 192.168.1.x) it will get that address. And as you have noted, dnsmasq may not be aware that that address is in use by another device.

 

[krick]

Has it only happened with this one device? When you connect a DHCP client to your network it will initially request the same IP address that it previously had. If it had been on your work network and it was using using the same subnet (i.e. 192.168.1.x) it will get that address. And as you have noted, dnsmasq may not be aware that that address is in use by another device.

This is the only device that explicitly gave me a warning. But I was having connectivity issues with three Motorola Moto X4 phones and two PS3 consoles after upgrading the firmware in the router. The symptoms being that they would connect to the router and get an IP address, but could not access the Internet.

 

[ColinTaylor]

This is the only device that explicitly gave me a warning. But I was having connectivity issues with three Motorola Moto X4 phones and two PS3 consoles after upgrading the firmware in the router. The symptoms being that they would connect to the router and get an IP address, but could not access the Internet.

Sounds more like you've got another DHCP server on your network.

 

[vincom]

This is the only device that explicitly gave me a warning. But I was having connectivity issues with three Motorola Moto X4 phones and two PS3 consoles after upgrading the firmware in the router. The symptoms being that they would connect to the router and get an IP address, but could not access the Internet.

reboot modem, then reboot router
wait to manually assign ip addresses until said devices are working properly
ts is tedious

 

[MerlinUser84792]

Hey, just a quick question - do I understand it correctly that this custom firmware unlock more options to regulate the max TX performance and set any country? I'd like to squeeze out the max performance out of my AC68U. Thanks!