What's new

[Official Release] AiMesh Firmware v3.0.0.4.384.20308 for All Supported Products

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Main Router: AC88U, Firmware 3.0.0.4.384.20379
Node(backhaul): AC68U, Firmware 3.0.0.4.384.20308

WPS is disabled by AC88U GUI(not by SSH command).

'Wifi Analyzer' :

up.jpg


You can still see WPS on with Node 2.4 Ghz.


So I tried following commands with SSH.

Commands:

nvram set wps_enable=0
nvram set wps_enable_x=0
nvram commit
reboot

I used following commands to check the result:

nvram show | grep wps_enable

Result:
wps_enable=0
wps_enable_x=0

But the result is same. I still can see WPS with Node 2.4 Ghz.
It means above commands do nothing.

After then!
1. I got so many errors from the log including 'jffs crc' error!
2. 'Aimesh Node Icon' had been disappeared from 'Network Map' GUI.
3. 'Administration - Operation Mode'> There was no more 'Aimesh' modes
I could see only old modes such as ' Wireless router mode', 'Repeater mode', 'Access Point(AP mode), Media bridge mode.
3. 2.4 Ghz, 5 Ghz dropped constantly(AC88U)
4. Rebooting didn't work.

Finally! I did NVRAM clear, and rebuilt Aimesh network.
I wasted my time.
 
Last edited:
WPS off (disabled via GUI on main router, and via SSH on node) and AiMesh works great. No strange errors in log.
 

Attachments

  • 20180225_083011.jpg
    20180225_083011.jpg
    64 KB · Views: 484
How did you connect a Node via SSH?
Doesn't it redirect to the Main router?

No, there is only http redirect.

Enabling SSH on main router enables it on node(s) also. "ssh -l admin NODE_ID_ADDRESS" works fine.
 
No, there is only http redirect.

Enabling SSH on main router enables it on node(s) also. "ssh -l admin NODE_ID_ADDRESS" works fine.

Does following command can connect to Node?

ssh -l admin NODE_ID_ADDRESS

I can't connect to the Node with Putty.

Would you tell me the correct command to connect to the Node?
 

Thank you so much for your kind help. But I thought it was for Putty.
I've disabled WPS for Node via Putty. But the result was horrible.

Commands:
nvram set wps_enable=0
nvram set wps_enable_x=0
nvram commit
reboot

Result:
1. AC68U couldn't be rebooted properly with 'reboot' command, lost all of WiFi signal.
WiFi LED was gone.
2. So I had to turn it off/on manually.
3. WPS had been disappeared.

However as a result of that process I got some new issues.
Issues:
1. I got 3 channels: 1 for 2.4 Ghz(Main and Node), 1 for 5 Ghz(Main), 1 for 5 Ghz(Node).
It should be 1 for 2.4 Ghz and 1 for 5 Ghz.
2. The signal form AC88U(2.4 Ghz, 5 Ghz) had been dropped constantly every 5~10 seconds.

So I had to clear NVRAM again and rebuild AiMesh network.

PS. Someone may want to know how I did it. Follow this at own your risk.

1. Enable SSH on you router.
2. Type IP address of your Node(eg. 192.168.1.xxx). Do not type IP address of your main router. Because you are working for your Node. (you can just turn off WPS for your main router on GUI).
3. connection type: SSH(default)
4. click 'Open'
5. Login: use your Main Router admin ID
6. Password: use your Main Router admin Password
7. First, check WPS status with following commands just for a fun.

Commands:

nvram show | grep wps_enable

Result:

wps_enable=1
wps_enable_x=1

'1' means 'enabled'.
8. Let's turn it off. Use following commands.

Commands:

nvram set wps_enable=0
nvram set wps_enable_x=0
nvram commit
reboot

Result:

I have no idea. Maybe it's fine for you. But you may have a lot of problems just like me.
Don't worry. NVRAM clear cures those issues.
 
Last edited:
Thank you so much for your kind help. But I thought it was for Putty.
I've disabled WPS for Node via Putty. But the result was horrible.

Commands:
nvram set wps_enable=0
nvram set wps_enable_x=0
nvram commit
reboot

Result:
1. AC68U couldn't be rebooted properly with 'reboot' command, lost all of WiFi signal.
WiFi LED was gone.
2. So I had to turn it off/on manually.
3. WPS had been disappeared.

However as a result of that process I got some new issues.
Issues:
1. I got 3 channels: 1 for 2.4 Ghz(Main and Node), 1 for 5 Ghz(Main), 1 for 5 Ghz(Node).
It should be 1 for 2.4 Ghz and 1 for 5 Ghz.
2. The signal form AC88U(2.4 Ghz, 5 Ghz) had been dropped constantly every 5~10 seconds.

So I had to clear NVRAM again and rebuild AiMesh network.

PS. Someone may want to know how I did it. Follow this at own your risk.

1. Enable SSH on you router.
2. Type IP address of your Node(eg. 192.168.1.xxx). Do not type IP address of your main router. Because you are working for your Node. (you can just turn off WPS for your main router on GUI).
3. connection type: SSH(default)
4. click 'Open'
5. Login: use your Main Router admin ID
6. Password: use your Main Router admin Password
7. First, check WPS status with following commands just for a fun.

Commands:

nvram show | grep wps_enable

Result:

wps_enable=1
wps_enable_x=1

'1' means 'enabled'.
8. Let's turn it off. Use following commands.

Commands:

nvram set wps_enable=0
nvram set wps_enable_x=0
nvram commit
reboot

Result:

I have no idea. Maybe it's fine for you. But you may have a lot of problems just like me.
Don't worry. NVRAM clear cures those issues.


Commands:
nvram set wps_enable=0
nvram set wps_enable_x=0
nvram commit
reboot

Finally I did it! I cleared NVRAM several times. And tried again and again with same commands.
It works now. There is no more WPS for 2.4 Ghz from Node. I don't understand why there was that issue.
 
Wow! Thank you for such and in depth analysis of my scenario! My main and node are ~30-40ft away from each other, the main being one floor below. I decided to swap them and start fresh, to see if the results would change. After the initial setup of the node, which recommends a distance of around 6ft during syncing/setup, I connected my iPhone X to the node. The Rx and Tx rate on the 5GHz band was reporting at 1200M, so plenty of bandwidth. I was still only able to pull ~250Mb, which is a hair better than when the node is setup in its actual location. This tells me that there is something restricting the AC68U, even when both main and node are essentially right next to each other. I analyzed my surrounding neighbors, and both my 2.4 and 5 bands are on their own channels. Not sure what else to change/test as far as settings are concerned.

From here, it feels like a good install. The backhaul speeds are still great by my brief experience (credit the 30-40 feet).

As a side note, here are 2.4 GHz configurations to avoid:
o using a channel that others nearby are using;
o using a channel that overlaps other channels (1,6,11 do not overlap)
o using 40 MHz that then overlaps a channel that others nearby are using (use 20 MHz instead).

I think you could/maybe should be seeing full ISP speeds on a wireless client at the node despite any WiFi loading by the backhaul. The equipment is intended to connect many wireless clients... you are connecting just one plus the backhaul.

So, my question remains... how is the node client WiFi connection performing? Have you inspected the WiFi connection status on the client? What band is it connecting to... 2.4 or 5.0? What WiFi protocol is it connecting with... n or ac? And what speed is it reporting for the connection... 150? 300? 450? 866? Is the client's wireless adapter WiFi connection the bottleneck?

OE
 
My point is that the discussion is running around in circles.
RMerlin ... I know you dont manage the ASUSWRT build (only your MERLIN build) but I am having an issue in the official Asus openvpn implementation where if I redirect LAN and Internet on the router, the client loses all internet connections when they connect to the VPN. If I select only LAN then the client works for the internet (uses the non vpn connection) and has a connection to my local LAN. Any idea why this would happen in the official ASUS version but not on yours (never had this problem on MerlinWRT). Really wish I could just use your firmware but I need AIMESH :(
 
Is it, though? Because it's a matter of possible security within the firmware. It sounds like we may have established that the WPS is not vulnerable to a brute force attack, even if advertised on the nodes, but it's still unclear how it functions and thus what security issues may remain within the Aimesh system. If it is opening itself to discovery in a regular pattern to stay synced, that's a security issue. We know WPS is necessary to establish the original connection, we know if you turn it off on the router that it still functions as a mesh system, but we don't know if it ever opens itself up or when, to either stay connected or sync up any changes (e.g., password or SSID change).

Am I being overly paranoid? Has this been resolved to the satisfaction of everyone else here? If so, I'll shut up and focus on other things like maybe we should get the client list fixed once and for all. If not, then I would consider it an important matter to be resolved in an official capacity.

I promise I'm not trying to be a pedantic butt. It's possible I'm still one, but it's not on purpose :)

Well, about the WPS. I think I may give you all some input. I think ASUS implementation is safe enough for home use. I did some experiment to hack my own nodes / router with WPS on using reaver with no success. They have implemented rate limiting feature which blocked brute force WPS hacking.

So I consider the WPS feature that is required by AiMesh is safe for home use.

Anyway, I will try to hack it using all other methods and see if I can get it hacked.
 
Last edited:
RMerlin ... I know you dont manage the ASUSWRT build (only your MERLIN build) but I am having an issue in the official Asus openvpn implementation where if I redirect LAN and Internet on the router, the client loses all internet connections when they connect to the VPN. If I select only LAN then the client works for the internet (uses the non vpn connection) and has a connection to my local LAN. Any idea why this would happen in the official ASUS version but not on yours (never had this problem on MerlinWRT). Really wish I could just use your firmware but I need AIMESH :(
Not having issues connecting to my Asus OpenVPN server when away from home. Have internet and local access enabled via password and 2048 key. Tested with Andriod, iOS and Windows versions of OpenVPN client. May I recommend a factory reset and manual configure of the Asus router. Sounds extreme but that is what I did after the mesh upgrade firmware..

Sent from my P01M using Tapatalk
 
Does the wireless backhaul connect time listed in the Wireless Log reset normally? I'm watching it and wondering what to expect.

OE
 
Any idea why this would happen in the official ASUS version but not on yours (never had this problem on MerlinWRT).

Different OpenVPN implementation, so I have no idea. Asus rewrote theirs, and made it closed source.
 
Regarding star/daisy-chain backhaul topologies i.e. 4 star nodes max; or 2 star nodes plus 2 daisy-chain nodes max... this is clear to me when all is wired, but how do I respect/translate these limits when some or all of the backhauls are wireless? And to enable self-healing i.e. ensure alternate backhaul routes?

AiMesh market success may require a Red/Green indicator in the router GUI or on the node to assist the user with placing multiple nodes.

OE
 
Regarding star/daisy-chain backhaul topologies i.e. 4 star nodes max; or 2 star nodes plus 2 daisy-chain nodes max... this is clear to me when all is wired, but how do I respect/translate these limits when some or all of the backhauls are wireless? And to enable self-healing i.e. ensure alternate backhaul routes?

AiMesh market success may require a Red/Green indicator in the router GUI or on the node to assist the user with placing multiple nodes.

I would suspect in part that the wireless backhauls are always connected even when using an ethernet backhaul so the self-healing can work.

I think you over estimate the market. The success will be the fact that they got thousands of people to buy another Asus router that they may not have purchased otherwise and the end user will consider success to be if they hook up said router and get internet in their house where they couldn't get internet before (or faster internet where it was slow before). As for the GUI, it does have the bar graph for node placement already.
 
Well, about the WPS. I think I may give you all some input. I think ASUS implementation is safe enough for home use. I did some experiment to hack my own nodes / router with WPS on using reaver with no success. They have implemented rate limiting feature which blocked brute force WPS hacking.

So I consider the WPS feature that is required by AiMesh is safe for home use.

Anyway, I will try to hack it using all other methods and see if I can get it hacked.

Tried to use wifite and hack my nodes/router with multiple methods, still no luck. I think with WPS on, the nodes/routers are safe except the hacker has physical access to your routers/nodes.
 
Well, about the WPS. I think I may give you all some input. I think ASUS implementation is safe enough for home use. I did some experiment to hack my own nodes / router with WPS on using reaver with no success. They have implemented rate limiting feature which blocked brute force WPS hacking.

So I consider the WPS feature that is required by AiMesh is safe for home use.

Anyway, I will try to hack it using all other methods and see if I can get it hacked.
Tried to use wifite and hack my nodes/router with multiple methods, still no luck. I think with WPS on, the nodes/routers are safe except the hacker has physical access to your routers/nodes.

Richard,
Just want to say "Thank You" for doing this independent validation that ASUS WPS current implementation is reasonably secured for home use :)

I have decided to go back and turn on WPS for my AiMesh Nodes. I found that there are so many NVRAM WPS related settings which I have no clue what they might do to AiMesh; which might impact/break AiMesh that has been running very well for me now.

May I know what sort of pause interval you used between attempts when you used Reaver? 15 seconds, 30 seconds or more?
 
Richard,
Just want to say "Thank You" for doing this independent validation that ASUS WPS current implementation is reasonably secured for home use :)

I have decided to go back and turn on WPS for my AiMesh Nodes. I found that there are so many NVRAM WPS related settings which I have no clue what they might do to AiMesh; which might impact/break AiMesh that has been running very well for me now.

May I know what sort of pause interval you used between attempts when you used Reaver? 15 seconds, 30 seconds or more?

I used 60 seconds, but seems once the router locks up, it will not release until reboot.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top