[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[bjs]

Firstly, a big thanks for keeping us going with our devices. There's so many bugs and exploits out in the wild that it's hard to feel safe without having updates to components, bugfixes etc!

As with many others, I came from the Merlin firmware after support for my device was dropped. Overall, I've been very happy.

I have a AC66U (1st rev obviously!) and have been running the E series updates.

I was wondering about the OpenVPN Client performance. The max throughput on my AC66U is around 4Mbps either up or down. I tested it against multiple servers, multiple hosts etc. Also compared to multiple other devices using the same openvpn servers and bandwidth test server before and after, and they can all get significantly more and some almost up to my internet connection limit. I honestly didn't notice this limit previously on the router using Merlin. Maybe it is just a raw CPU limit for the encryption, or are there any acceleration etc tweaks that can be done?

TIA

 

[Vorwrath]

Anyone else having weird issues with the RT-N66U lately? Various websites seem to load incredibly slowly the first time (or fail to load at all) but work ok for a while after that. The symptoms feel a bit like a DNS problem, but it isn't, or at least not a simple one (I get the same issue on devices that have DNS servers manually set and aren't using the router's DNS).

On my PC this hang often happens at the "Performing TLS handshake ..." stage in Firefox, but not always. Not sure if it might be related to DoT - I did try this setting originally, but have turned that and DNSSEC off now and gone back to basic DNS, but it didn't cure the issue.

Currently on 37E4 but have also tried rolling back a few versions and that didn't seem to fix it either.

It's a hard one to pin down as it's quite random - I'm not certain it's related to this firmware at all. It seems very similar to what "Roses" was reporting on page 430 though, so thought it was worth mentioning.

 

[john9527]

On my PC this hang often happens at the "Performing TLS handshake ..." stage in Firefox

Firefox implemented support for TLS1.3 in the Aug/Sep timeframe. Wonder if there's still a few compatibility issues at play?

 

[john9527]

I have a AC66U (1st rev obviously!) and have been running the E series updates.

I was wondering about the OpenVPN Client performance. The max throughput on my AC66U is around 4Mbps either up or down.

I'd generally expect in the 10+Mbps range on the MIPS routers using 128bit ciphers. If your VPN provider is using 256bit ciphers, about 1/2 that. So 4Mbps may not be that far out of line depending on your configuration.

 

[Vorwrath]

Firefox implemented support for TLS1.3 in the Aug/Sep timeframe. Wonder if there's still a few compatibility issues at play?

It's not Firefox specific, I get similar issues on every device on the network. Even Google Home doesn't want to answer the first time I ask it something, but it works 30 seconds later.

 

[john9527]

It's not Firefox specific, I get similar issues on every device on the network. Even Google Home doesn't want to answer the first time I ask it something, but it works 30 seconds later.

Are you using any adblocker? I've also seen where sites have trouble rendering if you are blocking their ads.

 

[john9527]

Just an FYI for anyone that noted the release of 384.45149 which includes fixes for 8 CVEs.

My first pass through them indicates only 1 is applicable to this fork (already wrote a fork fix for it). The rest are related to what looks like a new web api which allows access to some system data which doesn't exist on the fork (I'm guessing it's for Alexa/IFTTT support).

 

[atkinsom]

It's not Firefox specific, I get similar issues on every device on the network. Even Google Home doesn't want to answer the first time I ask it something, but it works 30 seconds later.

Asked my friend who has the unit and no issues at all from the many devices on his network. Why not use John’s nvram backup tool and factory reset the unit and test. If the issue continues then you know it wasn’t a config issue and you can restore using the same tool. Good luck.

 

[Vorwrath]

Asked my friend who has the unit and no issues at all from the many devices on his network. Why not use John’s nvram backup tool and factory reset the unit and test. If the issue continues then you know it wasn’t a config issue and you can restore using the same tool. Good luck.

I tried resetting with the "Factory default" button in the UI previously and it didn't help. Not sure if that's the same thing as resetting it with the button or not?

To answer John's question, I am using adblockers on some devices, but this problem is occuring even on stuff without them, so doesn't seem to be linked to that.

It's a weird problem, think I'll have to try a different firmware or a different router to find out for sure whether the issue lies there or not.

 

[Vorwrath]

Just reporting that I flashed back to the stock Asus firmware and have still been seeing similar problems, so it's definitely nothing to do with this firmware. Thanks for the help anyway!

I think it's probably some kind of routing issue at my ISP. It just happened to start around the time I was updating the N66U firmware and messing with DNS stuff, so I'd assumed a connection.

 

[john9527]

Just reporting that I flashed back to the stock Asus firmware and have still been seeing similar problems, so it's definitely nothing to do with this firmware. Thanks for the help anyway!

I think it's probably some kind of routing issue at my ISP. It just happened to start around the time I was updating the N66U firmware and messing with DNS stuff, so I'd assumed a connection.

Thanks for taking the time to do the extra work to check things.

 

[DIGGER221]

Hi dear comrades and friends!
On the recommendation of a friend "John9527" using firmware: RT-AC66U_374.43_37E4j9527

OpenVPN client in the router with keys and certificates 4096 characters-works great!

In attempt to include one more, the second OVPN the client in a router-there is a message that there is little space in memory and the router can hang up or reboot. But nevertheless, the problem is solved, one OVPN client works well and keys and certificates of 4096 characters are saved and written to the router.

Here is if would still do in router function TOR-Internet, was at all super! Great!

Thanks to the Creator of the firmware! This is a very useful and necessary thing, it is an invaluable help for people and ordinary users of Asus routers.

 

[atkinsom]

I'm having an issue when connecting to my AC68U using my OPENVPN client on my cell phone. I have 2 server configs setup on the router...one that routes remote client traffic to the internet via the originating connection when requested and to internal devices when needed. The second server config is setup to route ALL traffic through the Asus OPENVPN router regardless of internet or internal. This is the config that I have issues with when connecting using my cell phone. It connects successfully using IPV6(rather than IPV4) to the Asus OPENVPN router and authenticates OK but I can't get any internet traffic to route correctly. My ISP WAN connection is IPV4 but OPENVPN is handing out IPV6 addresses to the client, I'm assuming, because it sees the originating cell companies network using IPV6 AND IPV4. When I connect from an originating wi-fi network on the cell phone that is IPV4 only everything works as expected. I tested on my wife's cell phone with a different carrier and that worked as well because they are using IPV4 only with no IPV6 addresses detected. Used whatismyipaddress to confirm.

Is there a way to get around this issue when using my cell phone and the carrier I use so that the OPENVPN server on the router hands out an IPV4 address instead of an IPV6 which is not enabled anywhere on my network. Any other ideas or solutions would be welcome if I'm on the wrong path. Thanks.

 

[john9527]

Is there a way to get around this issue when using my cell phone and the carrier I use so that the OPENVPN server on the router hands out an IPV4 address instead of an IPV6 which is not enabled anywhere on my network.

I'm surprised it would try and use IPv6, but will go with your analysis. Not sure if this will require a postconf script instead, but try adding

proto upd4

to the server custom config section (assuming you are using upd, use 'proto tcp4' if tcp).

 

[SSS]

Hi

I am trying to upgrade my new AC2900 (RT-AC68U) router to Merline firmware. But I am getting a message as "Invalid firmware upload". Can anyone help me?

Thanks

 

[john9527]

Hi

I am trying to upgrade my new AC2900 (RT-AC68U) router to Merline firmware. But I am getting a message as "Invalid firmware upload". Can anyone help me?

Thanks

The AC-2900 (AC86U, not AC68U) is not supported by this fork. Make sure you downloaded the correct firmware from Merlin's site and follow up in the appropriate 384 firmware thread.

 

[bjs]

I'd generally expect in the 10+Mbps range on the MIPS routers using 128bit ciphers. If your VPN provider is using 256bit ciphers, about 1/2 that. So 4Mbps may not be that far out of line depending on your configuration.

Thanks. Yeah it's AES-256. I've gone to using VPN on the router as a backup, and setup VPN clients on the end devices.

One other thing. I use the Traffic Manager to limit Download/Upload to a specific device when watching videos so I don't blow my quota. But I turn this on and off quite a bit depending on what I'm doing on the device.

It takes an awfully long time for it to turn on/off. The GUI goes up by 1% increments! I also guess the entire router is rebooted, as I've noticed that wifi goes off for a while as well. Merlin f/w was much quicker and didn't seem to reboot. Is it possible to look into this?

Thanks again!

 

[ColinTaylor]

Thanks. Yeah it's AES-256. I've gone to using VPN on the router as a backup, and setup VPN clients on the end devices.

One other thing. I use the Traffic Manager to limit Download/Upload to a specific device when watching videos so I don't blow my quota. But I turn this on and off quite a bit depending on what I'm doing on the device.

It takes an awfully long time for it to turn on/off. The GUI goes up by 1% increments! I also guess the entire router is rebooted, as I've noticed that wifi goes off for a while as well. Merlin f/w was much quicker and didn't seem to reboot. Is it possible to look into this?

Thanks again!

Change the QoS state from Active to Suspended and hit Save. The change will be almost immediate.

 

[atkinsom]

I'm surprised it would try and use IPv6, but will go with your analysis. Not sure if this will require a postconf script instead, but try adding

proto upd4

to the server custom config section (assuming you are using upd, use 'proto tcp4' if tcp).

Hi John,

Tried your suggestion and when its added to the custom config on the router the client can't connect. I tried udp4 and then udp on its own and both times it wouldn't connect. The server is running port 1194 and UDP and the server definitely hands out an IPV6 address when the client connects with the Rogers Wireless carrier on the phone. This is very weird as it seems it's not routing correctly when it hands out an IPV6 address from OpenVPN. Is there any way to stop OpenVPN from handing out IPV6 DHCP addresses temporarily? Thanks very much.

 

[SSS]

The AC-2900 (AC86U, not AC68U) is not supported by this fork. Make sure you downloaded the correct firmware from Merlin's site and follow up in the appropriate 384 firmware thread.

My mistake. Thanks very much. Good to go now. One more question. I guess "Download Master" is not good enough for torrent download. So I need to install Transmission and RSync. Is there any guide for these installations?

Thanks