[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[thelonelycoder]

Many thanks to @dave14305 @Martineau and @john9527
In case someone will be interested in this, I decided to share. Here is manual to configurate Asus RT-N66U (R/W) with [Fork] Asuswrt-Merlin 374.43 LTS release on board to use TOR for listed domains/IP's.
This manual is taken as the basis. Russian version (original) can be found here.

For installation, we need a MicroSD (remove the cover and insert it into the slot inside the router) or a USB flash drive connected on an ongoing basis.

Spoiler: Install Entware

Use command

amtm

and follow instructions to install Entware

Spoiler: Install the required packages

opkg update ; opkg upgrade ; opkg install tor tor-geoip bind-dig

Spoiler: Initialize ipset, create multiple unblock IPs

Create file

nano /jffs/scripts/init_ipset.sh

with this content

modprobe ip_set
modprobe ip_set_iphash
modprobe ip_set_nethash
modprobe ip_set_setlist

ipset --create unblock iphash

Make it executable

chmod +x /jffs/scripts/init_ipset.sh

Edit startup script

nano /jffs/scripts/services-start

Add following

#!/bin/sh
# This script get called after all other system services
# have been started at boot on router
# ---------------------------------------------------------

# Cron job to install after reboot
cru a unblock-ipset "3 3 * * * /opt/bin/unblock_ipset.sh"

# Run script now
/jffs/scripts/init_ipset.sh
/opt/bin/unblock_ipset.sh

Make it executable

chmod +x /jffs/scripts/services-start

Edit this file

nano /jffs/scripts/nat-start

Add following line

#!/bin/sh

iptables -t nat -A PREROUTING -i br0 -p tcp -m set --set unblock dst -j REDIRECT --to-port 9141

Make it executable

chmod +x /jffs/scripts/nat-start

Spoiler: Tor сonfiguration

Deleting old config file

cat /dev/null > /opt/etc/tor/torrc

Edit file

nano /opt/etc/tor/torrc

Insert the lines below. Please note that the admin is the default username that is used for authorization in the web interface of the router. If you changed it, replace it with yours.

User admin
PidFile /opt/var/run/tor.pid
ExcludeExitNodes {RU},{UA},{AM},{KG},{BY}
StrictNodes 1
TransPort 192.168.1.1:9141
ExitRelay 0
ExitPolicy reject *:*
ExitPolicy reject6 *:*
GeoIPFile /opt/share/tor/geoip
GeoIPv6File /opt/share/tor/geoip6
DataDirectory /opt/var/lib/tor

Spoiler: Description

• Exclude output nodes: Russia, Ukraine, Armenia Kyrgyzstan, Belarus.
• Hang a "transparent" proxy on the address 192.168.1.1, port 9141.
• Deny be an exit point.

Spoiler: List of domains / IP to bypass blocking (unblock.txt)

unblock.txt is a simple list to unlock. You can unlock the domain or IP address. One line - one element. Empty lines (including spaces and tabs) are ignored. You can use the # character at the beginning of a line to ignore it. Create a new file with the command

nano /opt/etc/unblock.txt

Insert your list into it

###Torrent Trackers
rutracker.org
rutor.info
rutor.is
mega-tor.org
kinozal.tv
nnm-club.me
nnm-club.ws
tfile.me
tfile-home.org
tfile1.cc
megatfile.cc
megapeer.org
megapeer.ru
tapochek.net
tparser.org
tparser.me
rustorka.com
uniongang.tv
fast-torrent.ru

###Catalogs of media content for programs
rezka.ag
hdrezka.ag
hdrezka.me
filmix.co
filmix.cc
seasonvar.ru

###Books
lib.rus.ec
flibusta.is
flibs.me
flisland.net
flibusta.site

###Telegram
telegram.org
tdesktop.com
tdesktop.org
tdesktop.info
tdesktop.net
telesco.pe
telegram.dog
telegram.me
t.me
telegra.ph
web.telegram.org
desktop.telegram.org
updates.tdesktop.com
venus.web.telegram.org
flora.web.telegram.org
vesta.web.telegram.org
pluto.web.telegram.org
aurora.web.telegram.org

###Miscellaneous
7-zip.org
edem.tv
4pna.com
2019.vote

###Tor check
check.torproject.org

###Example of unlocking by IP (remove # at the beginning of the line)
#195.82.146.214

Spoiler: A script to populate a set of unblock IP addresses with a given list of domains (unblock_ipset.sh)

nano /opt/bin/unblock_ipset.sh

#!/bin/sh

until ADDRS=$(dig +short google.com @localhost) && [ -n "$ADDRS" ] > /dev/null 2>&1; do sleep 5; done

while read line || [ -n "$line" ]; do

  [ -z "$line" ] && continue
  [ "${line:0:1}" = "#" ] && continue

  addr=$(echo $line | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')

  if [ ! -z "$addr" ]; then
    ipset --add unblock $addr
    continue
  fi
 
  dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("ipset --add unblock "$1)}'

done < /opt/etc/unblock.txt

chmod +x /opt/bin/unblock_ipset.sh

Spoiler: A script for generating an additional dnsmasq config file from a given list of domains (unblock_dnsmasq.sh)

Edit file

nano /opt/bin/unblock_dnsmasq.sh

Insert the lines below

#!/bin/sh

cat /dev/null > /opt/etc/unblock.dnsmasq

while read line || [ -n "$line" ]; do

  [ -z "$line" ] && continue
  [ "${line:0:1}" = "#" ] && continue

  echo $line | grep -Eq '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' && continue

  echo "ipset=/$line/unblock" >> /opt/etc/unblock.dnsmasq

done < /opt/etc/unblock.txt

Make it executable

chmod +x /opt/bin/unblock_dnsmasq.sh

Now execute

/opt/bin/unblock_dnsmasq.sh

Check that the file is created and has entries in it

cat /opt/etc/unblock.dnsmasq

Spoiler: Script for manual forced system update after editing the list of domains (unblock_update.sh)

Edit file

nano /opt/bin/unblock_update.sh

Insert the lines below

#!/bin/sh

ipset --flush unblock

/opt/bin/unblock_dnsmasq.sh
service restart_dhcpd
sleep 3
/opt/bin/unblock_ipset.sh &

Make it executable

chmod +x /opt/bin/unblock_update.sh

Spoiler: Script to automatically fill in unblock sets when the router boots up (S99unblock)

Create file

nano /opt/etc/init.d/S99unblock

Insert the lines below

#!/bin/sh

[ "$1" != "start" ] && exit 0

/opt/bin/unblock_ipset.sh &

Make it executable

chmod +x /opt/etc/init.d/S99unblock

Spoiler: Connecting an additional configuration file to dnsmasq

We need to connect the created unblock.dnsmasq file to dnsmasq. To do this, open the file in the editor

nano /etc/dnsmasq.conf

Add to the end of the file:

conf-file=/opt/etc/unblock.dnsmasq

If you want (this is optional), you can add an additional server for resolution and reliability:

server=8.8.8.8

Do not edit the dnsmasq.conf file directly as any change will be thrown out when the service or router is restarted.
Use /jffs/configs/dnsmasq.conf.add or /jffs/scripts/dnsmasq-postconf as per the Asuswrt-Merlin wiki.

 

[MON@H Rasta]

@thelonelycoder thanks, fixed

 

[Sinfamy]

Hello, I updated my AC68U from 39E3 to 43E6 and I can no longer access the GUI.
Neither 192.168.1.1 nor router.asus.com work, it just says ERR_EMPTY_RESPONSE.
SSH access still works fine, any fix? Thanks.

 

[RMerlin]

Hello, I updated my AC68U from 39E3 to 43E6 and I can no longer access the GUI.
Neither 192.168.1.1 nor router.asus.com work, it just says ERR_EMPTY_RESPONSE.
SSH access still works fine, any fix? Thanks.

Typically means trying to use http on an https port or vice-versa.

 

[john9527]

Hello, I updated my AC68U from 39E3 to 43E6 and I can no longer access the GUI.
Neither 192.168.1.1 nor router.asus.com work, it just says ERR_EMPTY_RESPONSE.
SSH access still works fine, any fix? Thanks.

Clear your browser cache/cookies. The way cache manifests are handled was changed (the use of manifests is going to be deprecated).

 

[Sinfamy]

Typically means trying to use http on an https port or vice-versa.

Clear your browser cache/cookies. The way cache manifests are handled was changed (the use of manifests is going to be deprecated).

Thanks, it was actually the "Specified IP address" I had enable which I was able to disable via SSH.
I guess my PC's IP address changed during the update and it wasn't able to recognize it anymore since the "Enable Manual Assignment" option got reset or something.

 

[Builder71]

Updated my RT-N66U to 43E6, thx!

 

[JustinSEO]

I have a few issues being reported in Zabbix on the WAN port (eth0) and just curious how much performance improvement you generally see when going from 380.70 to your more "up to date" build?

 

[john9527]

I have a few issues being reported in Zabbix on the WAN port (eth0) and just curious how much performance improvement you generally see when going from 380.70 to your more "up to date" build?

WAN port speed.....I'd say no difference.
(I did see your other post, and I'd agree that the first thing to check is that the modem/router connection is negotiating correctly to 1 Gbps...)

 

[Mr_Andy]

Hi all
for some reason the client list on the Network Map page is no longer updating. there are about 20 devices connected with DHCP leases, but the Clients button says there are only 4, and the client status column on the right hand side has a constant rotating icon next to the 'Refresh' button. Clicking refresh makes no difference.

it also means I can't update things like manually assigning DHCP for certain hosts as they no longer appear in the drop-down list.

I've tried restarting the router a couple of times but no luck. is there a way to force update of the client list please?


ASUS N66U fork V43E6

 

[MON@H Rasta]

Can someone tell me if Asus router app supports [Fork] Asuswrt-Merlin 374.43 LTS releases ? Is there a way to run it with this firmware?

 

[ColinTaylor]

Can someone tell me if Asus router app supports [Fork] Asuswrt-Merlin 374.43 LTS releases ? Is there a way to run it with this firmware?

Post #1

The fork does not include

• Support for the ASUS router control app

 

[john9527]

Hi all
for some reason the client list on the Network Map page is no longer updating. there are about 20 devices connected with DHCP leases, but the Clients button says there are only 4, and the client status column on the right hand side has a constant rotating icon next to the 'Refresh' button. Clicking refresh makes no difference.

it also means I can't update things like manually assigning DHCP for certain hosts as they no longer appear in the drop-down list.

I've tried restarting the router a couple of times but no luck. is there a way to force update of the client list please?


ASUS N66U fork V43E6

There hasn't been any changes to networkmap in a long time. I've seen this happen when a client has a problem and gets into a continuous loop issuing it's own arp requests back to the router, which essentially hangs network map while it responds to those requests. Personally I've only seen it happen on ethernet connected clients. Samsung TVs and HDHomerun tuners are a couple of clients that have reported this problem (I have an HDHomerun that decides to do this about every 6 months or so).
I'd try to reboot any ethernet clients as a first step.

 

[Mr_Andy]

thanks John, I turned off the ethernet connected clients, then restarted the router, and the network map is now working properly

 

[L&LD]

Updated a few routers today with a handful of the oldie but goldie's RT-AC56U's to john9527 43E6 release. Most of these are being used in Bridge Mode with RT-AC68U's, RT-AC3100's, and even a few with RT-AC86U's too.

Passing on the thanks from those users to @john9527!

One installation, in particular, was noteworthy. The RT-AC86U running RMerlin 384.15_0 as the main router was connecting to the Bridge mode RT-AC56U at a 585Mbps indicated connection rate. After the 'AC86U was updated to 384.17_0 the rate shown was the same 585Mbps for the 'AC56U. But when the RT-AC56U was upgraded from 42E7 to 43E6, the connection rate was showing 780Mbps. More streaming movies for all!

Kudo's to both john9527 and RMerlin too for the fantastic work they produce and the synergy between them!

 

[Shayne]

Thank you John much appreciated. I am the one you talk about on your OP. I was on Merlin 374.38_2 (one of the last with web ui commands), however, the sata USB drive was dying so in the switch I crashed everything and brought back up with your RT-N66U_374.43_43E6j9527. Was a bit confused with entware and the new addons directory of the jffs as that was not my procedure before; install to install. Entware working, my programs running, vpn settings stayed and router is working well. If it an't broke; we hope we will see you in another 5 to 10 years when the router dies. Thumbs up and thanks again.

 

[JohnSmith]

Upgraded RT-AC66U A1 - Qty3 , from ASUS Merlin V374.43_42E7j9527 to ASUS Merlin LTS Fork V374.43_43E6j9527 via dirty firmware upgrade, and all working properly as Access Points (AP's).

 

[First Last]

Sorry to jump into this but I'm having problems with my TM-AC1900 2.4ghz and I saw a post that someone mention v28L2 from "john's fork" fixed their problem. Not sure where those numbers are in terms of versions so if anyone can help me to get to the right branch to try this out. Thanks!

 

[ColinTaylor]

@First Last Please see the sticky post at the top of this forum regarding your router model. If you want to try using this firmware see post#1.

 

[KGB7]

Router AC68U.
Firmware 374.43, V43E6

Still dont have internet while using a dedicated HoSpot as main source of internet, while connected to USB port via usb cable; USB2 or USB3.
Router detects the make and model of the HotSpot. Router gets an IP from HotSpot, but there is no internet.

This issue is not present in Merlins Firmwares: 384.15, .16, .17. In Merlins firmware, its plug and play, router/firmware detects and configures the HotSpot with out issues.
In some cases, I have to turn Off Internet Connection and Turn it back On when setting up new firmware (Merlin) from scratch. Fork firmware, refuses to work with a Dedicated Hotspot that is connected via USB port.

Screens below are for Merlins 384.16 firmware.

Ignore APN and Dial number on second screen shot. They are irrelevant.