What's new

[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I did do a reset and nvram reset before the actual firmware uplaod to in the recovery "mini web server" ...
That's not what I said. I said do a factory reset after uploading the new firmware.

.. in fact it wouldn't make sense otherwise since the previous was actually "1 2 3 4 8*"
In which case use this command:
Code:
nvram set vlan1ports="1 2 3 4 8*"


... also the nvmram tirck does not work after reboot!
I have no idea what "trick" you're talking about. You don't need any tricks to press the reset button on the router.
 
Last edited:
First of all, this has been the best start to my day! I found that John is back! Thanks for sticking with us. I hope that for every time one of us is out of line, you remember that there are many times more of us that appreciate you keeping our hardware ticking along.

My AC66U got surprised with an upgrade from 39E3 to 44E5 and he thanks you too!

The reason I happened past here again, was that I had noticed that Asus had released some F/W updates for various DDoS's and CVEs. I know that under the hood John's fork was much improved and probably addressed a lot of this, but was wondering out of interest if/how they might get folded into John's 374 fork?

Cheers and thanks again!
 
I've been struggling with my AC66U speed issues, finally I narrowed it down to IPv6. When I enable 6in4, my speed over ipv4 gets capped at around ~130-150 mbps, and router is lagging like crazy (ICMP 20-30ms, unresponsive web), as soon as I disable IPv6, I get ~700-900 mbps without problems. Not seeing anything weird in logs. Maybe I'm not looking in the right place. Please advise.
6in4 traffic gets marked to bypass NAT acceleration (ASUS limitation), so it's throughput would be capped at about what you are seeing. Now, all modern OS's by default will prefer ipv6 over ipv4 if ipv6 is available. Are you sure you are really measuring ipv4 throughput? If you google, you can find the instructions to change the OS preferred stack from ipv6 to ipv4 (I know that Windows and Linux have instructions, never looked for Android or iOS).
 
I see Asus still supports the N66U with official firmware, they released a new version about a week ago: https://www.asus.com/nl/Networking/RTN66U/HelpDesk_BIOS/
Can these security fixes be implemented in this Merlin fork?
The answer is 'maybe'...
- There is no doc available from ASUS that says 'here is the fix for this problem'....it's just a bunch of source code. So it comes down to how well the CVE is documented and my ability to try and take that info and track down the code change.
- The current code is very much different from the fork code. My experience so far has been that about 75% of the CVEs I've looked at aren't applicable anymore to this fork.
- What I do is regularly make a pass through the latest Merlin source in the high risk components, like httpd, and look for potential 'security' related changes to try and backport. But unless it's fairly obvious, I am working on an "if it ain't broke, don't fix it" strategy.
- Here's one example....I was able to track down the fix for CVE-2018-20366 since the CVE was well documented. It was marked in Merlin as "rc: rework dns stub" and was actually written by theMiron.
 
6in4 traffic gets marked to bypass NAT acceleration (ASUS limitation), so it's throughput would be capped at about what you are seeing. Now, all modern OS's by default will prefer ipv6 over ipv4 if ipv6 is available. Are you sure you are really measuring ipv4 throughput? If you google, you can find the instructions to change the OS preferred stack from ipv6 to ipv4 (I know that Windows and Linux have instructions, never looked for Android or iOS).
Yes, I'm sure I'm using IPv4, I've set my PCs to prefer IPv4 over IPv6 using this: https://support.microsoft.com/en-us...onfiguring-ipv6-in-windows-for-advanced-users. Checked in http://ipv6-test.com/ that IPv4 is preferred and checked in resource monitor that connection is done to IPv4 address. The issue appears in speedtest, or when downloading anything, confirmed IPv4 address. The issue also happens if I enable 6in4 and disable router advertisement, confirming no device on the network getting IPv6 address.
The case is following:
IPv6 disabled: speed 700-950 mbps no issues DL/UL, no issues with router, 1ms ping.
IPv4 6in4: speed on IPv4 gets capped to 120-200 mbps and router becomes pretty much unresponsive until the transmission stops. Unresponsiveness includes high ping, unreachable web panel.
Some additional info:
Router RT-AC66U (old revision)
I'm using 6in4 tunnel from tunnelbroker (he). My ISP forces me to use double NAT (I get 10/8 address from ISP and my home network is in 192.168/16), but I do have static external IP which allows me to get a tunnel on he.
 
@ekze As John said, using the 6in4 tunnel disables hardware acceleration so the speed you're seeing is the maximum your router is capable of. That was my experience also with HE on my N66U. The most I ever got was ~70 Mbps through the tunnel. That would also explain the unresponsive router. SSH into the router and run top. I expect you'll see your CPU is running at 100%.
 
@ekze Just to double check if there was a generic problem, I fired up my HE Tunnel on my 68P (I usually run with native ipv6). Had no problems achieving full speed on my 300/30 service. At this point, I'm out of ideas except that the AC66 may just be out of gas. Give a check on CPU utilization as @ColinTaylor suggested.
 
You are correct. Disabling NAT acceleration seem to do exactly the same. Capped at 150 mbps. And yeah, CPU is on ~100% usage. Any recommendation for routers that can handle 6in4 and 700+ mbps? Do all ASUS routers have to disable NAT acceleration to use 6in4?
 
You are correct. Disabling NAT acceleration seem to do exactly the same. Capped at 150 mbps. And yeah, CPU is on ~100% usage. Any recommendation for routers that can handle 6in4 and 700+ mbps? Do all ASUS routers have to disable NAT acceleration to use 6in4?
@ekze you should ask this question on its own thread on asuswrt forum
 
Last edited:
Been running my original RT-AC66U in AP mode with Merlin 380.70. Considering changing over to John's fork. A few questions:

1. is it worth changing if I only run AP mode? I'm hoping for a bit better wifi performance.
2. it is connected to my main router, 86U running latest Merlin, by ethernet to the 66U WAN port. Is it possible to load the new firmware in that configuration? It is not easy to physically access or rewire the router.
3. finally found the Asus recovery tool on their web site, but it does not say what router it is about to upload the new firmware to, and I am concerned it is pointing to my main router, not the 66U AP, and I don't want to flash the main router with 66U code!
4. is there an easy way to force access to the 66U mini-web server to do it that way? Will that work via the current WAN port connection, or would it work if I temporarily change that to a LAN port?

Other recommendations on how best to switch over to this fork on the 66U?
Thanks
 
1. I haven't seen any difference in performance switching from merlin 380. It's up to you.
2. 3. You need to follow the steps on asus recovery guide, there's no way you will flush a wrong router.
4. no idea ):
 
I am trying to follow the ssid to vlan script as described here https://www.snbforums.com/threads/ssid-to-vlan.24791/page-3 I cannot for the life of me get this to work on John's Fork, it worked fine on the official rmerlin. I have disabled the CTF acceleration and it still doesn't work. Any ideas?
I'm wondering if there's a major difference in how rmerlin and this fork handle vlans
Thank you so much for the help!
 
Last edited:
I am trying to follow the ssid to vlan script as described here https://www.snbforums.com/threads/ssid-to-vlan.24791/page-3 I cannot for the life of me get this to work on John's Fork, it worked fine on the official rmerlin. I have disabled the CTF acceleration and it still doesn't work. Any ideas?
I'm wondering if there's a major difference in how rmerlin and this fork handle vlans
Thank you so much for the help!
It seems like it could be a problem with eapd as if I change the security type to open it works fine. Ive tried doing killall eapd and then running eapd after a couple seconds but it doesnt resolve.
 
Question about UPnP. For some reason most apps don't appear in System Log - Port forwarding list, if I enable UPnP inside them. So far only qBittorrent seem to appear here. Is it normal? If I port forward manually through Windows or in router virtual servers - they do appear there.
Screenshot:
z8hWKKx.png
 
Most apps where I tried ticking "enable UPnP" - bitcoin core forked wallets, acestream engine. Using services to check on port is open gave me NO response.
Personally I've never had a problem with UPnP not working, but I've not used that many different applications (or the two you mentioned). Of course the whole point of UPnP is that the application will create and remove the forwarding rules as it requires. So just enabling the option in the application doesn't necessarily mean that you will immediately see the rule appear on the router.

Look in the router's syslog when you start your application to see if there are any miniupnpd errors.
 
Last edited:
No errors. I'm pretty sure it worked correctly on 380 merlin, though. But I also changed ISP since then, not sure how it can be related to router settings, apart from that my previous ISP didn't force me to double NAT.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top