[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[john9527]

Looks very interesting... I've been on main Merlin fork since I've had this router, but I'm actually quite tempted to try this fork just to see how it stacks up against the entware installed version of DNScrypt i have running now.... how will it play with dnsmasq/AB-solution when using a VPN tunnel as compared to going through the WAN?

From an end point functional standpoint, probably no difference. From a technical viewpoint
- it's in the gui for ease of use
- I can do some things with it being integrated to overcome the startup workarounds with setting the router system time
- I can lock down the keys file for security

For the VPN tunnel support, if you select DNSCrypt as the VPN DNS configuration, it should work with AB-Solution. If you select to not use the VPN servers for non-VPN clients, those non-VPN clients won't be able to take advantage of AB-Solution.
@thelonelycoder said he will help verify.

 

[john9527]

If we are only specifying (for example) OpenDNS's IPV4 DNSCrpyt server, I assume IPV6 lookups will still route over your default (ISP provided etc...) IPV6 DNS server? So only IPV4 lookups will use the service?

IPv4 servers will also return IPv6 AAAA records (including the DNSCrypt ones). When you enable DNSCrypt, the only DNS server configured is DNSCrypt.

 

[cybrnook]

Wunderbar!

 

[thelonelycoder]

Wunderbar!

Bar?
Oi, where's the fckng bar John?

 

[thelonelycoder]

@john9527: Your DNSCrypt appears to play nice with AB3 and pixelserv

Tested as follows:
- DNSCrypt enabled (obviously)
- DNSSEC off
- DNSCRYPT Resolver: Near the exit node I set in ExpressVPN
- OpenVPN Client on, ExpressVPN
- OpenVPN Client, Accept DNS Configuration: DNSCrypt

I do get the odd dnsmasq[4526]: server 127.0.0.1#65053: resp: 0x00 query failed for instagram.c10r.facebook.com
(or other domains) But this appear to be latency timeouts, it eventually resolves.
I also notice: IPv6 is disabled on all interfaces and router, yet I see these: dnsmasq[4526]: reply instagram.c10r.facebook.com is 2a03:2880:f211:c4:face:b00c:0:43fe

 

[john9527]

I do get the odd dnsmasq[4526]: server 127.0.0.1#65053: resp: 0x00 query failed for instagram.c10r.facebook.com

That's a log I added with syslog log level set to debug....actually I think it's an invalid cache TTL being returned.

I also notice: IPv6 is disabled on all interfaces and router, yet I see these: dnsmasq[4526]: reply instagram.c10r.facebook.com is 2a03:2880:f211:c4:face:b00c:0:43fe

IPv4 servers will also return IPv6 AAAA records.....it would seem DNSCrypt does it even if IPv6 is disabled. Not sure if this is normal even without DNSCrypt.

EDIT: Forgot to say thanks for checking it out! And glad to hear they play nice

 

[thelonelycoder]

That's a log I added with syslog log level set to debug....actually I think it's an invalid cache TTL being returned.

IPv4 servers will also return IPv6 AAAA records.....it would seem DNSCrypt does it even if IPv6 is disabled. Not sure if this is normal even without DNSCrypt.

EDIT: Forgot to say thanks for checking it out! And glad to hear they play nice

Ah, right, I set the log level higher to see what's happening.
Makses sense now.

Is there any way to use OpenVPN Server with it as well? I use Asus DynDNS and it was unable to resolve.

 

[ColinTaylor]

Hi John,

I don't know whether this is by design, but on the Qos Statistics page the "Total" values only ever show integers, the decimals are always ".00". So in the screen shot below I had to wait until I downloaded another gigabyte of data for the value to change from 6.00GB to 7.00GB. I can't tell whether this effects the pie chart or not.

 

[john9527]

Hi John,

I don't know whether this is by design, but on the Qos Statistics page the "Total" values only ever show integers, the decimals are always ".00". So in the screen shot below I had to wait until I downloaded another gigabyte of data for the value to change from 6.00GB to 7.00GB. I can't tell whether this effects the pie chart or not.

Well, it was working as coded....maybe an oops Will fix for the next release.

 

[john9527]

Is there any way to use OpenVPN Server with it as well? I use Asus DynDNS and it was unable to resolve.

It may be your DNSCrypt resolver or Asus DDNS is slow to pick up/propage the changed ip. In some cases it can take a while.
(I'm doing this post through my VPN Server, I use NO-IP for my DDNS. Verified I'm actually using DNSCrypt using Cisco OpenDNS).

 

[jrmwvu04]

I don't know whether this is by design, but on the Qos Statistics page the "Total" values only ever show integers, the decimals are always ".00".

I'm seeing this behavior as well, 22B6

 

[RMerlin]

Well, it was working as coded....maybe an oops

Probably a left-over from my initial design attempts, when the data didn't include decimals... I'll correct it on my end as well.

 

[slobodan]

If dnscrypt dies, it remains dead, set the watchdog to watch it.

 

[thelonelycoder]

@john9527 I just double checked as I was suddenly unsure if dnscrypt still works if dnsmasq restarts.
AB-Solution issues a SIGUSR2 to dnsmasq when the ad counter counts the ads to restart the logging as it writes a marker to the logfile.
And when logging or ad-blocking is switched off or on (or other services states are changed) it fully restarts dnsmasq.
But you did well with your integration, in both cases dnscrypt still works afterwards.

 

[john9527]

But you did well with your integration, in both cases dnscrypt still works afterwards.

Always good to hear, thanks!

 

[fink.nottle]

I've been watching the forums, and I'm not sure anyone has come up with a way other than looking at the box labels.

I'm not sure about stock ssh either, but telnet should be supported Here's a check that I think will exclude from the fork, but I'm not sure about the other way around.

nvram get cpurev

if the string coming back contains 'C0', the fork is a no-go.

It turned out to be HW ver A1. So all's well with the firmware compatibility. Just some unrelated observation. I get very poor bufferbloat results on http://www.dslreports.com/speedtest. Pings go higher than 600ms with speedtest running in background. Normal pings are 12 ms. I tried enabling QoS, (just the big green button on the basic page, and tried all three - sfq, codel and fq_codel), but it doesn't seem to help. I didn't notice any difference in the stats. Are there any simple settings that do help ? I don't have specific QoS requirements. Just a general fair policy that would be sensible. Also, could the modem (sb6121) be responsible for the bufferbloat ?

 

[Prashant]

The Update is unstable than beta 1, cont refresh the connection details

 

[Nullity]

It turned out to be HW ver A1. So all's well with the firmware compatibility. Just some unrelated observation. I get very poor bufferbloat results on http://www.dslreports.com/speedtest. Pings go higher than 600ms with speedtest running in background. Normal pings are 12 ms. I tried enabling QoS, (just the big green button on the basic page, and tried all three - sfq, codel and fq_codel), but it doesn't seem to help. I didn't notice any difference in the stats. Are there any simple settings that do help ? I don't have specific QoS requirements. Just a general fair policy that would be sensible. Also, could the modem (sb6121) be responsible for the bufferbloat ?

Did you set the bandwidth appropriately? It should be set to approximately 95% of your real-world bitrate. The router (or whatever is doing the QoS) must be the bandwidth bottleneck for traffic-shaping/QoS to work.

 

[fink.nottle]

Did you set the bandwidth appropriately? It should be set to approximately 95% of your real-world bitrate. The router (or whatever is doing the QoS) must be the bandwidth bottleneck for traffic-shaping/QoS to work.

Yes, I tried different upload and download values, but they don't seem to have any effect. The speedtest always maxes out the links, and pings remain high. AC68U is the router in this case. I also happen to have access to a different router, turris omnia, in my possession right now. That runs openwrt, and the sqm (fq_codel) implementation does a fantastic job on it. So I suspect that for some reason, the QoS is not being enabled at all on the Asus router. Any way to confirm if it is actually doing anything ? I don't see any obvious error messages in the system log.

 

[ColinTaylor]

@fink.nottle What version of the firmware are you using? Traditional QOS didn't work properly until beta version 22B2. Try loading the latest beta then it should work.