A caveat: I take zero credit for any of this and am documenting it as much for next time I need to set up a router as anything else... but if another n00b shows up trying to figure out exactly where to start, this may be of some help.
NOTE: Links included where relevant. If much time has passed, the links may be dead. If you are already a regular Linux user then I am certainly going into unnecessary detail. I assume my reader is a Windows user.
NOTE: In some cases I need to phonetically spell a command out because otherwise this forum will block it. So for example if the command were chk I would type CharlieHotelKilo.
I will assume that anyone already in here has installed the latest version of Merlin. If not, that would be...
STEP 1: Install the latest version of Asuswrt-Merlin and perform a full M&M Reset.
STEP 2: Lock that $--t down.
STEP 3: If you don't have one already, locate a suitable SSH terminal program. On the advice of someone here I selected Xshell 6 (free for home use.) Seems to be working okay, YMMV. You can also just use the command prompt in Windows. As in: c:\ssh user@192.168.1.1
STEP 4: Locate a thumbdrive of at least 4GB. Or, better yet, grab an SSD in a small USB enclosure; it should last much longer and give you fewer headaches. After two thumbdrives I now have a 120GB Kingston SSD. (As of this writing, $20 on Amazon. You will also need a USB enclosure for it, another $9.)
STEP 5: Format your drive in (Linux file system format) ext2 or ext4. Not ext3. The simplest way to do this is to use the unwieldly-titled-but-easy-to-use MiniTool Partition Wizard Free 10.2.3. Simply plug in the thumbdrive into the computer, locate it in MTPWF10.2.3,
5A) Right-click > Delete (to kill the FAT32 partition)
5B) Right-click > (New? or Create?) to create a new primary partition. Type should be ext4 or ext2. Name not necessary yet.
5C) Right-click > Format. Again, choose ext4. Or ext2. Name it something memorable like USBStick or FirewallUSB or YourMom. Whatevs. I'll stick with YourMom from now on.
5D) In the top-left of MTPWF10.2.3, click the "Apply" button.
ALTERNATE TECHNIQUE if you're comfortable at a command prompt:
5i) SSH into the router. The drive needs to be plugged in but unmounted. In MerlinWRT, you can click the USB symbol at top right, then click "Eject." That'll unmount it, not make it fall out of the router. Haha.
5ii) Assuming it's the only USB device plugged in, it should be at /dev/sda1. You can type mkfs.ext2 /dev/sda1 -L YourMom. The router SHOULD do its business. But really, the MTPWF10.2.3 technique is much easier. Plus our routers don't seem to be capable of building an ext4 partition, only ext3.
NOTE: Do your own research on which file system you want to use. Read about journaling and flash media. ext2 is a non-journaling file system. OTOH ext4 is a more efficient file system and you may be able to disable journaling. If you have access to a linux liveCD or other bootable media, try formatting in ext4 using mkfs.ext4 -O ^has_journal /dev/sda1 -L YourMom
Alternatively, after formatting in ext4, you may be able to remove the journal at the SSH command line using tune2fs -O ^has_journal /dev/sda1
I have not tried this, however. YMMV.
You may also find this thread useful.
STEP 6: Leave YourMom plugged in and reboot the router. The router should then mount YourMom and there will only be one instance of it. [Too many times when I tried to manually mount YourMom I wound up with YourMom and YourMom(1)... which then confused follow-on steps.]
STEP 7: (EDIT: AB-Solution is now Diversion. I am not going to find-and-replace all instances, please do that in your head. I'll update this link though.) Install Diversion using the script at the top of its thread in this forum.
NOTE: If any of these installs fail, scroll up in your terminal program to see what the error(s) were. When they fail out they tend to blank the screen and return to the previous menu, but the "blank screen" is just a bunch of blank lines, so you can still scroll back to see what happened.
STEP 8: [Note: AMTM is now built-into MerlinWRT. No need to install on your own!] at the SSH / command prompt, type amtm
STEP 9: From the AMTM, install Skynet. (Item 2) How big of a cache file you select will depend on how big YourMom is. Skynet now desires 2GB for the cache size, though I have one router that was working just fine with a 1GB cache. Whatever, you bought that 120GB drive right? Go for 2GB.
* NOTE: If you want to see what Skynet is actually doing you'll need to enable the Debugging Mode option during install. Otherwise you have no idea what's going on when you can't get to a particular website because you can't view the logs.
* NOTE: Once Skynet starts, if you're in the Merlin WebGUI you'll see the processor usage going bonkers. This may last for a few minutes. Don't worry about it.
STEP 10: From the AMTM menu, run [1] Diversion, and install it. This should be straightforward.
Follow any prompts for the creation of the Pixelserv-TLS certificate.
* NOTE: If this install fails it MAY be due to an issue with Entware. TheLonelyCoder has suggested going into the WebGUI and telling the router to wipe the JFFS partition on reboot, then rebooting, then trying the install again. I would try that first. If the problem persists, you can also (at the command prompt) type: entware-setup.sh which should reinstall it, then repeat step 10.
* NOTE: Reference the Pixelserv-TLS thread to best understand that software. I used 192.168.x.2 for my Pixelserv IP.
STEP 11: In your relevant browsers, access http://192.168.x.2/ca.crt and save the file somewhere.
STEP 12: Install the certificate into your browser(s) of choice. Firefox. Chrome. IE. Android. Safari.
(For Firefox, it's Settings > Preferences > Privacy and Security > Certificates > View Certificates > Import)
STEP 13: From AMTM, install DNSCrypt. This is pretty straightforward. The only possibly confusing question is "Fastest / b2 / bhalf / random." Next time I set it up I'll choose bhalf, but I think I picked "random" the other day. (It's a question about which DNS server to pick, based on tracking server speeds. Fastest on list / from the top 2 / top half of list/ random from the whole list)
That's it for installation. Read the threads to understand expected behavior. Monitor for things that don't work correctly so you can see about whitelisting them in AB-Solution or Skynet.
NOTE: If you've tried this several times and are dying of frustration because it ain't working, try a different thumbdrive.
NOTE: A useful utility to use from the command line is "htop." Sort of like Task Manager in Windows. Installation is simple: when logged in via SSH, type: opkg install htop It should only take a moment to install, then you can just type htop to run it.
---------------------------
EDIT: I have now also installed the YazFi script because I not only wanted my guest networks to have different IP ranges but also give them access to the Pixelserv IP for Pixelserving purposes. The only downside of this is that clients on the guest network will no longer show up in "Network Map" because that only displays clients on the main subnet; Merlin can't change this because it's a closed-source part of the firmware.
NOTE: Links included where relevant. If much time has passed, the links may be dead. If you are already a regular Linux user then I am certainly going into unnecessary detail. I assume my reader is a Windows user.
NOTE: In some cases I need to phonetically spell a command out because otherwise this forum will block it. So for example if the command were chk I would type CharlieHotelKilo.
I will assume that anyone already in here has installed the latest version of Merlin. If not, that would be...
STEP 1: Install the latest version of Asuswrt-Merlin and perform a full M&M Reset.
STEP 2: Lock that $--t down.
STEP 3: If you don't have one already, locate a suitable SSH terminal program. On the advice of someone here I selected Xshell 6 (free for home use.) Seems to be working okay, YMMV. You can also just use the command prompt in Windows. As in: c:\ssh user@192.168.1.1
STEP 4: Locate a thumbdrive of at least 4GB. Or, better yet, grab an SSD in a small USB enclosure; it should last much longer and give you fewer headaches. After two thumbdrives I now have a 120GB Kingston SSD. (As of this writing, $20 on Amazon. You will also need a USB enclosure for it, another $9.)
STEP 5: Format your drive in (Linux file system format) ext2 or ext4. Not ext3. The simplest way to do this is to use the unwieldly-titled-but-easy-to-use MiniTool Partition Wizard Free 10.2.3. Simply plug in the thumbdrive into the computer, locate it in MTPWF10.2.3,
5A) Right-click > Delete (to kill the FAT32 partition)
5B) Right-click > (New? or Create?) to create a new primary partition. Type should be ext4 or ext2. Name not necessary yet.
5C) Right-click > Format. Again, choose ext4. Or ext2. Name it something memorable like USBStick or FirewallUSB or YourMom. Whatevs. I'll stick with YourMom from now on.
5D) In the top-left of MTPWF10.2.3, click the "Apply" button.
ALTERNATE TECHNIQUE if you're comfortable at a command prompt:
5i) SSH into the router. The drive needs to be plugged in but unmounted. In MerlinWRT, you can click the USB symbol at top right, then click "Eject." That'll unmount it, not make it fall out of the router. Haha.
5ii) Assuming it's the only USB device plugged in, it should be at /dev/sda1. You can type mkfs.ext2 /dev/sda1 -L YourMom. The router SHOULD do its business. But really, the MTPWF10.2.3 technique is much easier. Plus our routers don't seem to be capable of building an ext4 partition, only ext3.
NOTE: Do your own research on which file system you want to use. Read about journaling and flash media. ext2 is a non-journaling file system. OTOH ext4 is a more efficient file system and you may be able to disable journaling. If you have access to a linux liveCD or other bootable media, try formatting in ext4 using mkfs.ext4 -O ^has_journal /dev/sda1 -L YourMom
Alternatively, after formatting in ext4, you may be able to remove the journal at the SSH command line using tune2fs -O ^has_journal /dev/sda1
I have not tried this, however. YMMV.
You may also find this thread useful.
STEP 6: Leave YourMom plugged in and reboot the router. The router should then mount YourMom and there will only be one instance of it. [Too many times when I tried to manually mount YourMom I wound up with YourMom and YourMom(1)... which then confused follow-on steps.]
STEP 7: (EDIT: AB-Solution is now Diversion. I am not going to find-and-replace all instances, please do that in your head. I'll update this link though.) Install Diversion using the script at the top of its thread in this forum.
NOTE: If any of these installs fail, scroll up in your terminal program to see what the error(s) were. When they fail out they tend to blank the screen and return to the previous menu, but the "blank screen" is just a bunch of blank lines, so you can still scroll back to see what happened.
STEP 8: [Note: AMTM is now built-into MerlinWRT. No need to install on your own!] at the SSH / command prompt, type amtm
STEP 9: From the AMTM, install Skynet. (Item 2) How big of a cache file you select will depend on how big YourMom is. Skynet now desires 2GB for the cache size, though I have one router that was working just fine with a 1GB cache. Whatever, you bought that 120GB drive right? Go for 2GB.
* NOTE: If you want to see what Skynet is actually doing you'll need to enable the Debugging Mode option during install. Otherwise you have no idea what's going on when you can't get to a particular website because you can't view the logs.
* NOTE: Once Skynet starts, if you're in the Merlin WebGUI you'll see the processor usage going bonkers. This may last for a few minutes. Don't worry about it.
STEP 10: From the AMTM menu, run [1] Diversion, and install it. This should be straightforward.
Follow any prompts for the creation of the Pixelserv-TLS certificate.
* NOTE: If this install fails it MAY be due to an issue with Entware. TheLonelyCoder has suggested going into the WebGUI and telling the router to wipe the JFFS partition on reboot, then rebooting, then trying the install again. I would try that first. If the problem persists, you can also (at the command prompt) type: entware-setup.sh which should reinstall it, then repeat step 10.
* NOTE: Reference the Pixelserv-TLS thread to best understand that software. I used 192.168.x.2 for my Pixelserv IP.
STEP 11: In your relevant browsers, access http://192.168.x.2/ca.crt and save the file somewhere.
STEP 12: Install the certificate into your browser(s) of choice. Firefox. Chrome. IE. Android. Safari.
(For Firefox, it's Settings > Preferences > Privacy and Security > Certificates > View Certificates > Import)
STEP 13: From AMTM, install DNSCrypt. This is pretty straightforward. The only possibly confusing question is "Fastest / b2 / bhalf / random." Next time I set it up I'll choose bhalf, but I think I picked "random" the other day. (It's a question about which DNS server to pick, based on tracking server speeds. Fastest on list / from the top 2 / top half of list/ random from the whole list)
That's it for installation. Read the threads to understand expected behavior. Monitor for things that don't work correctly so you can see about whitelisting them in AB-Solution or Skynet.
NOTE: If you've tried this several times and are dying of frustration because it ain't working, try a different thumbdrive.
NOTE: A useful utility to use from the command line is "htop." Sort of like Task Manager in Windows. Installation is simple: when logged in via SSH, type: opkg install htop It should only take a moment to install, then you can just type htop to run it.
---------------------------
EDIT: I have now also installed the YazFi script because I not only wanted my guest networks to have different IP ranges but also give them access to the Pixelserv IP for Pixelserving purposes. The only downside of this is that clients on the guest network will no longer show up in "Network Map" because that only displays clients on the main subnet; Merlin can't change this because it's a closed-source part of the firmware.
Last edited:
I'm not sure I understand the question though. Are you also thinking of using the extra space on the thumbdrive as a Samba share? I don't see why this would be a problem; ext2 is just an older version of the Linux file system.
