Help me keep an Asus AX58 up Forever! :-)

[ilovemydog]

Hi everyone, my names Katie & here's my situation.

I got my elderly Aunt in Florida an Asus RT-AX58U, connected to cable modem. I just loaded Merlin on & setup Surfshark VPN at router level. Super easy all done there!

Now, since I'm leaving soon & won't be back for a year or more.... I want to load some "janitorial" scripts to keep it working so she never has to touch it again.

Any suggestions? Like an auto-reboot once a day at 3am to keep it fresh (and obtain a new ip from vpn), or maybe having it e-mail me if the VPN stops working etc? Not sure what else might be helpful for keeping it "hands off" for a long period of time.

Any input would be super appreciated... thanks so much!!! <3

 

[Tech9]

Why VPN on this router? It's just an extra point of failure, limits the speed to about 50Mbps and increases latency. Some sites refuse to load through VPN, she may have issues with that when you're away. What is Merlin firmware for on this router? I would run it as simple as possible on Asus stock firmware. Beta 41994 is a good candidate - it doesn't auto update and is stable.

 

[ilovemydog]

Merlin is to run VPN client for security, shes been hacked before, just an extra layer to put her mind at ease. She doesn't need more than 50mbps. She has a phone if the vpn blocks a website. She insisted on vpn so....

 

[Tech9]

That's a wrong understanding of what commercial VPNs do. She will change her mind the moment her favorite streaming services blacklist the VPN's exit point IP. That happens pretty quickly recently. Is she willing to watch movies on that phone using mobile data? She would rather use the phone to call you. Make sure you have remote access to router's settings, run a VPN server also. You'll need it.

 

[underdose]

Hi everyone, my names Katie & here's my situation.

I got my elderly Aunt in Florida an Asus RT-AX58U, connected to cable modem. I just loaded Merlin on & setup Surfshark VPN at router level. Super easy all done there!

Now, since I'm leaving soon & won't be back for a year or more.... I want to load some "janitorial" scripts to keep it working so she never has to touch it again.

Any suggestions? Like an auto-reboot once a day at 3am to keep it fresh (and obtain a new ip from vpn), or maybe having it e-mail me if the VPN stops working etc? Not sure what else might be helpful for keeping it "hands off" for a long period of time.

Any input would be super appreciated... thanks so much!!! <3

Install Diversion for blocking malicious ads as well as legit ones, and Skynet for extra protection if she's been hacked before.
Setup a VPN server to be able to access the router remotely and securely. Don't forget to disable Access from WAN under Administration > System > Remote Access Config
Install scMerlin with webUI option to enable auntie to perform basic tasks like restarting wan, dhcp, etc via webUI if something goes wrong.
Auto-reboot is already under Administration > System > Basic Config > Enable Reboot Scheduler

 

[Tech9]

Now the aunt needs running "forever" VPN with "never" blacklisted IPs + running "forever" USB stick with "never" bad community blacklists fed to Diversion/Skynet. She better registers here and learns how to support the router herself. Something is going to stop working way before expected "forever". The more variables in the equation - the shorter this "forever" is going to be.

 

[bbunge]

Merlin is to run VPN client for security, shes been hacked before, just an extra layer to put her mind at ease. She doesn't need more than 50mbps. She has a phone if the vpn blocks a website. She insisted on vpn so....

You would be better running DoT to Quad9 or Cloudflare 1.1.1.2/1.0.0.2. Enable DNS Filter t o Router and AiProtect.

 

[underdose]

Now the aunt needs running "forever" VPN with "never" blacklisted IPs + running "forever" USB stick with "never" bad community blacklists fed to Diversion/Skynet. She better registers here and learns how to support the router herself. Something is going to stop working way before expected "forever". The more variables in the equation - the shorter this "forever" is going to be.

Thanks for the constructive feedback, I think I'll edit my original post to suggest auntie to cancel their internet subscription and never go online again.

 

[RMerlin]

The more complicated the setup is, the more likely it is to break or require maintenance.

VPN; this won't add anything to her security. The vast majority of "hacking" is done through social engineering these days, by leading people to click on a malicious link sent through an email, or opening a malicious file attachment, for example. All a VPN does is hide your public IP address from websites you visit, and encrypt your traffic from your ISP. Nothing more. And the instant that VPN provider made any changes (could be them retiring the specific server you chose to use, or her subscription expiring and failing to renew), she will be stuck with no Internet access - and you won't be able to remotely connect with her to help her either.

I second the recommendations of dropping the VPN idea, enabling malicious website blocking in AiProtection, and configuring a DNS server on the WAN page that blocks malicious domain names, like Quad9.

 

[ColinTaylor]

I second the recommendations of dropping the VPN idea, enabling malicious website blocking in AiProtection, and configuring a DNS server on the WAN page that blocks malicious domain names, like Quad9.

Am I correct in thinking that by using the router's VPN client you are circumventing the benefits of AiProtection? So rather than adding security the VPN client is actually reducing it.

 

[Hazel]

Am I correct in thinking that by using the router's VPN client you are circumventing the benefits of AiProtection? So rather than adding security the VPN client is actually reducing it.

Good question. That would certainly explain why I never, ever had a single hit on AiProtection stats page as I'm always connected through VPN with kill switch active.

 

[Tech9]

Am I correct in thinking that by using the router's VPN client you are circumventing the benefits of AiProtection?

A quick test confirms you're correct - AiProtection doesn't see the tunnel data. @ilovemydog, the VPN is going to make "hacking" the devices connected to this router easier by bypassing AiProtection. If set with VPN's default DNS exclusive, it will also bypass router's filtering DNS - Cloudflare, Quad9, etc.

Thanks for the constructive feedback

Realistic scenario feedback. AiProtection + malware filtering DNS + DNSFilter is all @ilovemydog needs on this router. No scripts.

 

[torstein]

Old post I know, but I stumbled upon it, and I have experience with old folks needing a safe setup. Here's what I would do:

1) This is the most important: Enable and set up your own VPN-server on the AX58U and allow yourself to VPN yourself into aunties network through OpenVPN Connect. From now on you can help auntie with updating firmware or fix whatever issues she's having with the router remotely.

2) Install MerlinWRT like you already have. It's stable and fixes bugs and has more hardened security than stock AsusWRT.

3) Enable AIprotect (since it's basically set it and forget it)

4) Set up DNS server on WAN to Quad9 DNS or NextDNS to block malware and such on DNS-level


But really, the best you can do for her is to allow yourself into her network through VPN. Much easier for you and her if you can just fix issues yourself. I also would stay away from Surfshark and other third party VPNs, like Rmerlin suggests. It contributes nothing for your auntie and is another step that can fail or cause issues.

 

[longtimelurker]

Hi everyone, my names Katie & here's my situation.

I got my elderly Aunt in Florida an Asus RT-AX58U, connected to cable modem. I just loaded Merlin on & setup Surfshark VPN at router level. Super easy all done there!

Now, since I'm leaving soon & won't be back for a year or more.... I want to load some "janitorial" scripts to keep it working so she never has to touch it again.

Any suggestions? Like an auto-reboot once a day at 3am to keep it fresh (and obtain a new ip from vpn), or maybe having it e-mail me if the VPN stops working etc? Not sure what else might be helpful for keeping it "hands off" for a long period of time.

Any input would be super appreciated... thanks so much!!! <3

I would suggest getting an uninterruptible power supply and attach the router if that is not already the case. Nothing like a power failure to cause issues.