What's new

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

What do you mean by "alias username"
When you login from the webUI on a fresh install it asks you set a username/password, the username is the alias to root, some folks use admin I used something else, an alias. I'm just trying all combinations.

The crux here is that the "root" username/login used to work but now it wont' let me login using that root/admin user, but will allow me to login using any custom user created on the OVPN server page. What am I missing here?
 
DoT port can get blocked by my ISP. DoH is more useful. So supposed I will have to keep using the outdated DNSCrypt for DoH :( hopefully it isn’t much less secure than stubby. Maybe stubby and Johns fork will someday embrace DoH.
There are some DoT servers that run over port 443 instead of 853, but they are none of the 'big' ones (primarily ones run by the DoT developers)
 
DoT port can get blocked by my ISP. DoH is more useful. So supposed I will have to keep using the outdated DNSCrypt for DoH :( hopefully it isn’t much less secure than stubby. Maybe stubby and Johns fork will someday embrace DoH.
Is not as outdated as you might think. AFAIK it cannot be cracked by a non-state actor. However, just hacking your router will do in that respect.
 
Did something change along the way that admin is no longer allowed to login over the OVPN server or am I missing a setting somewhere?
I had to re-write the ovpn server authentication for MIPS due to a conflict with the stubby code (it caused a segfault in the openpam auth). Probably there is something in there that is preventing it from recognizing the default login. I'll take a look, but it make take a little while.
 
When you login from the webUI on a fresh install it asks you set a username/password, the username is the alias to root, some folks use admin I used something else, an alias. I'm just trying all combinations.
OK, I understand now. But just to be pedantic :D, it isn't an alias because there is no "root" user account. What you are doing is setting the name for the account with the UID of 0. Traditionally that was named "root", Asus called it "admin", you have called it something else.
Code:
# cat passwd
admin:x:0:0:admin:/root:/bin/sh
nas:x:100:100:nas:/dev/null:/dev/null
nobody:x:65534:65534:nobody:/dev/null:/dev/null
 
John
is ordered mode still an issue for DoT use or should I be using round robin?

I had an issue last night being able to connect to Netflix and Hulu, but when I changed to ordered mode they seemed to start working. . dnssec testing still indicated all was well, but then I remembered something about an issue with using ordered mode.

Thanks in advance !
The current stubby cod e is still the same as it has been, so the ordered mode should still have the same quirks (I applied some upstream fixes, but none applied). Most likely, either
- the WAN restart when changing modes cleared something
- if you are using DNSSEC, you got routed to a different DNS pool server (DNSSEC can sometimes provide inconsistent results between servers)

I'd still recommend staying with Roundrobin.
 
quick question.
can i straight install the latest standard asus firmware if the rt-ac68u is currently running an old fork firmware (probably v26)
 
quick question.
can i straight install the latest standard asus firmware if the rt-ac68u is currently running an old fork firmware (probably v26)
Yes.....factory reset afterwards...

EDIT: Will need to use restoration tool or cfe miniserver if you wan t to go back to the fork
 
Does increase in the image size (N66) cause problem while installing or after the installation? I'm asking because JFFS usage on my end is pretty low (0.64 / 11.50 MB).

Also, I'm interested in testing the dev build you mentioned if you need a test subject who installs every alpha/beta fw & software he meets :D
My N66 is currently offline, so I haven't had to opportunity to try and load the code.....just worked out some compile/build issues. I won't have the opportunity to really try it for a while due to some family commitments.

But your post reminded me of something I was thinking about giving a try. Beta tests on the fork have produced minimal participation, so I was considering setting up a Development download directory, where I would occasionally load copies of code that I am working on for those who are adventurous and like to 'play'.

Here's the README from the directory and the link

https://1drv.ms/f/s!Ainhp1nBLzMJiF2l3WjM46lSmxrH

Code:
The builds in this directory are snapshots of my work-in-progress.  There is no regular schedule for updates.
They may have minimal (or no) testing, not all features may work or make it into a final release, and builds may not be available for all routers.
The only doc is the Changelog.txt file.
They are NOT recommended for any critical environments.
You are welcome to report problems, but not all posts may be answered.
USE AT YOUR OWN RISK.
End of warnings :)


For the N66 if you would like to give it a try, at the very least your jffs will be trashed when loading the code, so I would probably
- take a backup of jffs
- disable jffs
- load the new code
- re-enable/reformat jffs
- restore the jffs backup
 
3.0.0.4.374.43_38D3j9527 installed on RT-AC66U_B1. Using IPV6 6RD, Stubby, DNSSEC via Dnsmasq. Have also tested DNSSEC via Getdns. Tested Cloudflare resolvers OK and am currently using Quad9 OK. Have a 1 TB NTFS drive in USB2 port and a 2 GIG thumbdrive with a swap file and traffic history.
Only issue so far was the client list disappeared for a while but came back after a reboot (did not look in the log for errors).
DoT with Quad9 and DNSSEC seems to be more stable than with Merlin Stubby add on. Will let it run like this for a while and see if the family complains about not connecting.
 
For the N66 if you would like to give it a try, at the very least your jffs will be trashed when loading the code, so I would probably
- take a backup of jffs
- disable jffs
- load the new code
- re-enable/reformat jffs
- restore the jffs backup

- and reboot (at least to bring the DoT server that didn't show up after restoring jffs)

Everything seems fine; no error logs with:
  • Diversion v4.0.7_beta1
  • pixelserv-tls v2.2.1
  • PeerGuardian 2
installed and DoT Enabled (DNSSEC enabled, Roundrobin, 1.1.1.1, GetDNS)
 
Only issue so far was the client list disappeared for a while but came back after a reboot (did not look in the log for errors).
The ASUS/Merlin firmware starts networkmap fairly early in the boot process so it runs in parallel with most of the boot. On the fork, I hold it off until the boot is nearly completed (less things to possibly go wrong :) ). As a result, it can take a couple of minutes after a boot (or firmware upgrade) for the client list to show up.
 
Last edited:
Everything seems fine; no error logs with:
  • Diversion v4.0.7_beta1
  • pixelserv-tls v2.2.1
  • PeerGuardian 2
installed and DoT Enabled (DNSSEC enabled, Roundrobin, 1.1.1.1, GetDNS)
Good to hear! Thanks for taking the plunge!
 
Not getting AD flag with Dig from inside the LAN. When do you add proxy-dnssec to the dnsmasq.conf?

Sent from my SM-T380 using Tapatalk
 
Not getting AD flag with Dig from inside the LAN. When do you add proxy-dnssec to the dnsmasq.conf?

Sent from my SM-T380 using Tapatalk
Set when DNSSEC is enabled, and method is either GetDNS or Server only. Works for me...
Code:
dig asuswrt.lostrealm.ca +dnssec +multi

; <<>> DiG 9.10.2 <<>> asuswrt.lostrealm.ca +dnssec +multi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48605
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1452
;; QUESTION SECTION:
;asuswrt.lostrealm.ca.  IN A

;; ANSWER SECTION:
asuswrt.lostrealm.ca.   257 IN A 72.55.186.51
asuswrt.lostrealm.ca.   257 IN RRSIG A 13 3 300 (
                                20190114042106 20190112022106 34505 lostrealm.ca.
                                msCoKBB+qtlZkrFwIEpVa7NwLzi+T84Q7bmbHlIS1Pfr
                                F4WDJ/TYFtr2Fy/gvxkTTBwt1eamgJQ2Dd+fxboBcQ== )

;; Query time: 120 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Jan 12 20:21:49 US Mountain Standard Time 2019
;; MSG SIZE  rcvd: 213
 
Set when DNSSEC is enabled, and method is either GetDNS or Server only. Works for me...
This morning with DNSSEC via GetDNS enabled it works on my iOS device!
Code:
Shared from ISC Dig for iOS
; <<>> DiG 9.13.3 <<>> @192.168.50.1 +nocookie +dnssec +noqr +multiline asuswrt.lostrealm.ca ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56487 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
;asuswrt.lostrealm.ca.  IN A

;; ANSWER SECTION:
asuswrt.lostrealm.ca.  298 IN A 72.55.186.51 asuswrt.lostrealm.ca.  298 IN RRSIG A 13 3 300 (
                                20190114141632 20190112121632 34505 lostrealm.ca.
                                2ubVQMWJKAfkpr6ahGJAztHYlp2YEtGNm3uyoGURhGD+
                                mi1HSx8161w222vBY979UhMgF+hSNITFZQOmljcuwg== )

;; Query time: 2160 msec
;; SERVER: 192.168.50.1#53(192.168.50.1) ;; WHEN: Sun Jan 13 08:16:34 EST 2019 ;; MSG SIZE  rcvd: 213
Also worked for 9.9.9.9 and 1.1.1.1
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top