I recently decided to upgrade my primary home router (AC5300) to an AX class router to match my remote location, which is already running an AX68U and is connected to my home via a site-to-site TAP based Open VPN connection.
Since the firmware versioning between AC and AX seems to be diverging, I figured now is a good time to do this. I like to have matching firmware at both locations. My AX68U is on 388.1, and working well, note, there was a time before the “binary blobs” bundle that was pretty unstable, but that seems fixed for ~6 months now…)
I also have a complex TAP VPN configuration that allows me to have a wide subnet with separate DHCP servers at each location serving discrete parts of my shared subnet. Both routers are within the same subnet, my shared mask is 255.255.252.0. I do this to have independent functional routers at each location, even if the tunnel goes down. I also needed to block DHCP protocol from crossing over the tunnel (remember it’s TAP) so that my devices don’t get confused about what IP range they allocate form at each location. Networking works perfectly without routing or NAT because it’s a TAP tunnel. This means my devices cannot determine their physical separation, it’s like one big happy seamless LAN. I block the DHCP over the tunnel by running a dedicated JFFS script “openvpn-event” to modify my ebtables when my tunnel starts by catching the VPN Event “up” event and running my script just in time.
HOWEVER, I am experiencing significant stability problems when I introduce with the new AX router at my primary location.
Since the firmware versioning between AC and AX seems to be diverging, I figured now is a good time to do this. I like to have matching firmware at both locations. My AX68U is on 388.1, and working well, note, there was a time before the “binary blobs” bundle that was pretty unstable, but that seems fixed for ~6 months now…)
I also have a complex TAP VPN configuration that allows me to have a wide subnet with separate DHCP servers at each location serving discrete parts of my shared subnet. Both routers are within the same subnet, my shared mask is 255.255.252.0. I do this to have independent functional routers at each location, even if the tunnel goes down. I also needed to block DHCP protocol from crossing over the tunnel (remember it’s TAP) so that my devices don’t get confused about what IP range they allocate form at each location. Networking works perfectly without routing or NAT because it’s a TAP tunnel. This means my devices cannot determine their physical separation, it’s like one big happy seamless LAN. I block the DHCP over the tunnel by running a dedicated JFFS script “openvpn-event” to modify my ebtables when my tunnel starts by catching the VPN Event “up” event and running my script just in time.
HOWEVER, I am experiencing significant stability problems when I introduce with the new AX router at my primary location.
- I first tried a new GT-AX6000 on 388.1, fresh upgrade along with factory reset (WPS hold for 10 secs on boot). However, despite my meticulous from scratch configuration, I was experiencing strange inconsistencies across devices regarding their internet connectivity. I say “internet” because for sure my phone connects (S22U) with Wi-Fi 6, but traffic will not route to the internet, but I can connect to the management UI for the router, hmm. I also experienced similar (gateway-less?) connectivity issues with other IoT class devices like Amazon Fire Sticks, my thermostat, and other “things”. I could see the devices were connecting in system log/wireless log, but with no internet access. So, I then tired downgrading to 386.7_2, and even the latest stock ASUS firmware but I experienced the same issues! (As before, all clean from scratch setups). At this point I was just trying to determine if this was a hardware issue before my return window closed. I got tired and returned the router… I then decided to buy the GT-AX11000 instead. (In the meantime, I dropped my AC5300 back into place, and all was perfect, just as it was before…)
- GT-AX11000 arrived, yay? No (you’ll see…). I started with an upgrade to 388.1. I setup everything from scratch as before (no restore). I was shocked to see the same problem! Some devices were just fine (same as before) such as my wired and wireless Windows 11 PCs. However, I experienced the same issues with most wired and wireless IoT devices. My phone connected as Wi-Fi 6, I could see the router management UI, but still no internet! I tried disabling Wi-Fi 6, limited to 80Mhz, and all that stuff but nothing seemed to work… Eventually I decided to enable “Native” IPv6 (it defaults to disabled) and then suddenly everything started working!! I’m not 100% sure this was the fix, but I think it was. If it was anything else it was something related to messing around with WiFi 6 in conjunction with enabling native IPv6. I can say that it’s working now, and WiFi 6 is on, with 160Mhz and 80Mhz devices, so it must be the native IPv6 right?
- Even though all devices (wired and wireless) are now working (combo of 6/AX, 5/AC and lots of 2/N for older IoT devices) I still sometimes see a “no internet” message briefly on my phone while waking up and re-negotiating (I suppose that is what it’s doing) but it works. Maybe the connection time for AX protocol isn’t as nibble as AC?
- THE BIG HOWEVER, and this is something I cannot seem to solve. As soon as I enable the TAP VPN server and the site-to-site connection is made I then have a very short ticking clock before my primary router (acting as the VPN server) will crash and reboot. This happens regardless of data transfer rate, i.e. streaming video (security cameras) or not, the crash time is about the same, about 60 seconds in total. Probably less than 30 seconds after the tunnel is established. I thought, hmm, this must be a bug in 388.1, while noticing that 388.2 has an OpenVPN upgrade coming… So, thought to myself, I suppose I can downgrade to 386.7_2 in the meantime (since I know this firmware works perfectly on my AC5300). I downgraded (in place, why not, it’s only temporary anyway). HOWEVER, the crash still happens ☹ I was shocked to see this. Now I’m wondering how this can happen. Is it possible there are bugs outside of the firmware packages? If so, does that mean I’m doomed?
- I plan to switch back to my AC5300 later today, as I know that works, and I need the functionality. It’s disappointing to have my new AX11000 doing nothing, still hoping this can be solved so my AX11000 doesn’t become an ugly paperweight. Is this another “binary blobs” moment? (btw are binary blobs synonymous with hardware drivers?)
Last edited:
