What's new

[Release] Asuswrt-Merlin 384.12 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Use the DNSfilter option. You can force just that one device to use a certain "custom" DNS server such as Comcast in your case.
So if input custom DNS 1 and 2 for Comcast (75.75.75.75 & 75.75.76.76) when I select the gaming device...do I added it twice for DNS 1 and 2 under the client list?
 
Trying to upload a screen shot of my WAN DNS Setting (I'm such a noob) I'm wondering if my WAN setting(s) may be the problem. I've Yes(ed) every line.
+Connect to DNS Server automatically yes
+Forward local domain queries to upstream DNS yes
+Enable DNS Rebind protection yes
+Enable DNSSEC support yes
+Validate unsigned DNSSEC replies yes
+DNS Privacy Protocol DNS over TLS (DoT)
+DNS-over-TLS Profile opportunistic

DNS-over-TLS Server List (Max Limit : 8)
9.9.9.9 853 dns.quad9.net
149.112.112.112 853 dns.quad9.net

I used to have a SPKI -- but after further research found that Quad9 doesn't recommend that.
You should probably change the profile from Opportunistic to Strict. Are you certain your WAN interface is eth0? Mine is, but it can be different. Try running:
Code:
nvram get wan0_ifname
to confirm.
 
So if input custom DNS 1 and 2 for Comcast (75.75.75.75 & 75.75.76.76) when I select the gaming device...do I added it twice for DNS 1 and 2 under the client list?
Under the Advanced settings -> Wan section put Cloudflare servers in the DNS Server 1 and 2 section or whoever you prefer (I assume your not using DOT?). Then under the Lan section ->DNS Filter put under Custom 1 one of your comcast DNS router IP (IE 75.75.75.75). Then under that section add your device to the list below (use drop down list to find device) and change the Filter Mode for that device to Custom1.
 
Hello, I just bought the RT-AX88U and installed Asuswrt-Merlin 384.12 so I don't know if the problems described below exist in previous versions. After installing this firmware and resetting the router to factory defaults I manually configured only wifi, wan, lan, samba and ssh with minor changes compared to factory defaults. After that I faced 5 different problems:

1. I can't connect my smart-home legacy devices (robocleaner, humidifier etc.) to 2.4 GHz wifi at all as I did on RT-AC68U without any problems. At the same time my laptop and smartphone are connecting successfully to the router and to these devices too.

2. Every 5-10 minutes of using Samba shares on connected to the router USB disks, my laptop loses connection with shared folders and the router for about minute. As result the movie playing always interrupts. But the wifi connection looks as stable at the time of these troubles.

3. Using SSH the sessions are interrupting too, but more frequent - about 1 time per 3-5 minutes during active using this connection.

4. Even if I change the USB connection mode to USB 2.0, the router shows that my disks are still connected as USB 3.0 and I can't change that.

5. There are some problems with DDNS, my DDNS status: "Request error! Please try again." if I try to use the old name which used on RT-AC68U (now I don't use it there and this name still linked to the IP of my RT-AX88U but this warning is still showing)

Previously I faced the problems 2 and 3 on my RT-AC68U. After that I did all possible steps to avoid the problem, but without success. These problems started in spring after some of updates of Merlin firmware and till this time I have the same problems on my new RT-AX88U. Before of that I has the second problem on my old router more than a year ago, but after some firmware update it disappeared.

This time I even changed my router, old SSD for the RAID1 with two totally other SSDs and configured all manually from zero point again. But It doesn't solve the problems 2 and 3, but in new router I faced even a problems 1, 4 and 5.

After all made steps I think the problem is definitely in the last firmwares of Asuswrt-Merlin. Do anybody know how to solve these problems or I have to wait for new releases of Asuswrt-Merlin?
 
Last edited:
Hello, I just bought the RT-AX88U and installed Asuswrt-Merlin 384.12 so I don't know if the problems described below exist in previous versions. After installing this firmware and resetting the router to factory defaults I manually configured only wifi, wan, lan, samba and ssh with minor changes compared to factory defaults. After that I faced 4 different problems:
Looks like you have a WiFi issue. Does this happen when connected through Ethernet LAN?
On WiFi make sure you turn off Universal Beamforming and Airtime Fairness in Wireless - Professional setup. Also assign a fixed WiFi channel to both the 2.4GHz and (1-11) 5GHz (149 or higher) channels.
 
Looks like you have a WiFi issue. Does this happen when connected through Ethernet LAN?
Yes, unfortunately it happens even if connected through Ethernet. I even tried to use an other USB storage but it doesn't help. It seems as the reason is software or hardware of router.

On WiFi make sure you turn off Universal Beamforming and Airtime Fairness in Wireless - Professional setup. Also assign a fixed WiFi channel to both the 2.4GHz and (1-11) 5GHz (149 or higher) channels.
I tried all of that except "5GHz (149 or higher)" because I have 140 channel as maximal so I use 100 or 140 channels. But these steps didn't help too.

Now I try new firmware 384.13_beta1-gbde70e184d but it doesn't help with problems 2-5, but solved the problem 1:
"1. I can't connect my smart-home legacy devices (robocleaner, humidifier etc.) to 2.4 GHz wifi at all as I did on RT-AC68U without any problems. At the same time my laptop and smartphone are connecting successfully to the router and to these devices too."

In the system log I see these problems too:
Code:
Jul 27 00:49:21 kernel: usb 3-1: new high-speed USB device number 2 using ehci-platform
Jul 27 00:49:21 kernel: usb-storage 3-1:1.0: USB Mass Storage device detected
Jul 27 00:49:21 kernel: usb-storage 3-1:1.0: Quirks match for vid 174c pid 55aa: 400000
Jul 27 00:49:21 kernel: scsi host0: usb-storage 3-1:1.0
Jul 27 00:49:22 kernel: scsi 0:0:0:0: Direct-Access     PHD 3.0  Silicon-Power    0    PQ: 0 ANSI: 6
Jul 27 00:49:22 kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
Jul 27 00:49:22 kernel: sd 0:0:0:0: [sda] Spinning up disk...
Jul 27 00:49:23 kernel: .
Jul 27 00:49:23 kernel: usb 3-2: new high-speed USB device number 3 using ehci-platform
Jul 27 00:49:23 kernel: scsi host1: uas
Jul 27 00:49:23 kernel: scsi 1:0:0:0: Direct-Access     ASMT     ASM1352R-Safe    0    PQ: 0 ANSI: 6
Jul 27 00:49:23 kernel: sd 1:0:0:0: Attached scsi generic sg1 type 0
Jul 27 00:49:23 kernel: sd 1:0:0:0: [sdb] 4000776193 512-byte logical blocks: (2.05 TB/1.86 TiB)
Jul 27 00:49:23 kernel: sd 1:0:0:0: [sdb] Write Protect is off
Jul 27 00:49:23 kernel: sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
Jul 27 00:49:23 kernel:  sdb: sdb1
Jul 27 00:49:23 kernel: sd 1:0:0:0: [sdb] Attached SCSI disk
Jul 27 00:49:24 kernel: .ready
Jul 27 00:49:24 kernel: sd 0:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.82 TiB)
Jul 27 00:49:24 kernel: sd 0:0:0:0: [sda] 4096-byte physical blocks
Jul 27 00:49:24 kernel: sd 0:0:0:0: [sda] Write Protect is off
Jul 27 00:49:24 kernel: sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
Jul 27 00:49:24 kernel:  sda: sda1
Jul 27 00:49:24 kernel: sd 0:0:0:0: [sda] Attached SCSI disk
Jul 27 00:49:24 kernel: EXT4-fs (sdb1): warning: maximal mount count reached, running e2fsck is recommended
Jul 27 00:49:24 kernel: EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: user_xattr
Jul 27 00:49:24 hotplug[2789]: USB ext4 fs at /dev/sdb1 mounted on /tmp/mnt/EXT4-2TB-RAID1
Jul 27 00:49:24 usb: USB ext4 fs at /dev/sdb1 mounted on /tmp/mnt/EXT4-2TB-RAID1.
Jul 27 00:49:24 rc_service: hotplug 2789:notify_rc restart_nasapps
Jul 27 00:49:24 avahi-daemon[1142]: Files changed, reloading.
Jul 27 00:49:24 avahi-daemon[1142]: Loading service file /tmp/avahi/services/mt-daap.service.
Jul 27 00:49:24 iTunes: daemon is stopped
Jul 27 00:49:24 FTP_Server: daemon is stopped
Jul 27 00:49:24 wsdd2[1252]: Terminated received.
Jul 27 00:49:24 wsdd2[1252]: terminating.
Jul 27 00:49:24 Samba_Server: smb daemon is stopped

...................................................................................................................................................

Jul 27 00:49:25 Samba_Server: daemon is started
Jul 27 00:49:25 wsdd2[2846]: starting.
Jul 27 00:49:25 miniupnpd[2848]: HTTP listening on port 38759
Jul 27 00:49:25 miniupnpd[2848]: Listening for NAT-PMP/PCP traffic on port 5351
Jul 27 00:49:25 kernel: tntfs info (device sda1, pid 2860): ntfs_fill_super(): fail_safe is enabled.
Jul 27 00:49:25 avahi-daemon[2828]: Server startup complete. Host name is RT-AX88U-56A0.local. Local service cookie is 4210613809.
Jul 27 00:49:25 avahi-daemon[2828]: Alias name "RT-AX88U" successfully established.
Jul 27 00:49:25 kernel: tntfs info (device sda1, pid 2860): load_system_files(): NTFS volume name 'USB3', version 3.1 (cluster_size 4096, PAGE_SIZE 4096).
Jul 27 00:49:27 hotplug[2849]: USB ntfs fs at /dev/sda1 mounted on /tmp/mnt/USB3
Jul 27 00:49:27 usb: USB ntfs fs at /dev/sda1 mounted on /tmp/mnt/USB3.
Jul 27 00:49:27 rc_service: hotplug 2849:notify_rc restart_nasapps
Jul 27 00:49:27 avahi-daemon[2828]: Files changed, reloading.
Jul 27 00:49:27 avahi-daemon[2828]: Loading service file /tmp/avahi/services/mt-daap.service.
Jul 27 00:49:27 iTunes: daemon is stopped
Jul 27 00:49:27 FTP_Server: daemon is stopped
Jul 27 00:49:27 wsdd2[2846]: Terminated received.
Jul 27 00:49:27 wsdd2[2846]: terminating.
Jul 27 00:49:27 Samba_Server: smb daemon is stopped

.......................................................................................

Jul 27 00:49:27 avahi-daemon[2891]: avahi-daemon 0.7 starting up.
Jul 27 00:49:27 avahi-daemon[2891]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Jul 27 00:49:27 avahi-daemon[2891]: No service file found in /tmp/avahi/services.
 
Last edited:
i suggest you factory reset back to asus software and first determine how many of your problems persist using their firmware (native to their hardware) and post any remaining issues under the non-merlin section of this forum. once all that's ironed out, then move on to your merlin upgrade etc. most here don't use merlin because it's better than asus, rather that it's MORE than asus can do or gives us access to modify. having the power to modify settings that asus does not ordinarily give us access to is a double edged sword because it's easy for a novice to set one wrong in merlin, a setting that's normally hidden and defaulted the functional way by asus.
 
Last edited:
01328AEF-47D1-493B-8D6F-1A88F289012C.jpeg
Boring but solid. :)
 
Hello,

I am using an RT-AC68U on 384.12 with ATT Fiber and up until recently I have been getting gig speeds through the ATT 5268AC gateway to my router using the DMZ+ passthrough setting. I noticed recently that things seemed slower and several speed tests confirmed I was only 100-200 Mbps down and about 200-300 up. This slowdown happens after a router reboot, but not right away maybe several hours later..

I checked my ATT gateway and the firmware has not changed so I know there was no update pushed to it. When I connect any pc directly to the gateway it gets the gig speeds. With the Asus in the mix it drops again. The weirdest part is that if I restart the ASUS, I'll get full speed again for a while.....

I don't know why this is happening and I've tried factory resetting both the ATT gateway and the AC68u (holding the reset button for a minute method) and the issue is persisting. I also tried upgrading the ATT gateway firmware + factory reset and speeds are still slow on the Asus. Speeds are fine locally I did some iperf3 tests between two computers on the Asus and there are no issues there. My switch control setting currently has NAT acceleration and Spanning Tree Protocol on Auto (CTF enabled)/Enable and I've had the same results with settings disable/disable.
 
Hello,

I am using an RT-AC68U on 384.12 with ATT Fiber and up until recently I have been getting gig speeds through the ATT 5268AC gateway to my router using the DMZ+ passthrough setting. I noticed recently that things seemed slower and several speed tests confirmed I was only 100-200 Mbps down and about 200-300 up. This slowdown happens after a router reboot, but not right away maybe several hours later..

I checked my ATT gateway and the firmware has not changed so I know there was no update pushed to it. When I connect any pc directly to the gateway it gets the gig speeds. With the Asus in the mix it drops again. The weirdest part is that if I restart the ASUS, I'll get full speed again for a while.....

I don't know why this is happening and I've tried factory resetting both the ATT gateway and the AC68u (holding the reset button for a minute method) and the issue is persisting. I also tried upgrading the ATT gateway firmware + factory reset and speeds are still slow on the Asus. Speeds are fine locally I did some iperf3 tests between two computers on the Asus and there are no issues there. My switch control setting currently has NAT acceleration and Spanning Tree Protocol on Auto (CTF enabled)/Enable and I've had the same results with settings disable/disable.
I have AT&T fiber as well, ahead of my RT-AC86U. I am guessing your slowdowns are due to the AT&T fiber gateways still having trouble in regard to setting up a true bridge mode, despite what they claim to be, so you are either really operating in a double-NAT situation, or they are still using the built in NAT table of the gateway somehow (which is rather small and limited in capacity, so it may fill up and slow down your connection). I highly recommend using the so-called (dumb, un-managed) switch bypass that I adopted as soon as my gigabit fiber connection was installed several months ago. See my post here and the details of how to set this up here. Try it out, you won't regret it, this way the AT&T gateway only gets briefly powered up for authentication if the power ever goes out (and not often a problem if all your networking equipment is connected to UPS devices).
 
Last edited:
I have AT&T fiber as well behind my RT-AC86U. I am guessing your slowdowns are due to the AT&T fiber gateways still having trouble in regard to setting up a true bridge mode, despite what they claim to be, so you are either really operating in a double-NAT situation, or they are still using the built in NAT table of the gateway somehow (which is rather small and limited in capacity, so it may fill up and slow down your connection). I highly recommend using the so-called (dumb, un-managed) switch bypass that I adopted as soon as my gigabit fiber connection was installed several months ago. See my post here and the details of how to set this up here. Try it out, you won't regret it, this way the AT&T gateway only gets briefly powered up for authentication if the power ever goes out (and not often a problem if all your networking equipment is connected to UPS devices).

That is a nice workaround you have there.

Too bad AT&T couldn't just provide the service with a removable Gpon Ont.

In Canada that is how Bell does it then you can just pull the ont out of the ISP supplied modem and put it into your own equipment.
 
I have AT&T fiber as well, ahead of my RT-AC86U. I am guessing your slowdowns are due to the AT&T fiber gateways still having trouble in regard to setting up a true bridge mode, despite what they claim to be, so you are either really operating in a double-NAT situation, or they are still using the built in NAT table of the gateway somehow (which is rather small and limited in capacity, so it may fill up and slow down your connection). I highly recommend using the so-called (dumb, un-managed) switch bypass that I adopted as soon as my gigabit fiber connection was installed several months ago. See my post here and the details of how to set this up here. Try it out, you won't regret it, this way the AT&T gateway only gets briefly powered up for authentication if the power ever goes out (and not often a problem if all your networking equipment is connected to UPS devices).
I have tried the bypass trick with a 5 port tp-link and fiber was fine. What didn’t work was the U-verse tv service though. Something about the ac68u not supporting igmp snooping for multicast. The version asus router supports isn’t high enough or something.
 
I have tried the bypass trick with a 5 port tp-link and fiber was fine. What didn’t work was the U-verse tv service though. Something about the ac68u not supporting igmp snooping for multicast. The version asus router supports isn’t high enough or something.
Ah, I see, you had not originally said you also have/need UverseTV functionality. Yeah, I had read about the need to keep the AT&T gateway in the mix if using that service even before I signed up for fiber service, so I opted to use YouTubeTV, Netflix and Amazon Prime for all tv viewing, and it works really well. On top of that, despite all the separate services, it still costs less than cable tv and internet from Comcast.
 
You should probably change the profile from Opportunistic to Strict. Are you certain your WAN interface is eth0? Mine is, but it can be different. Try running:
Code:
nvram get wan0_ifname
to confirm.

Yes,
ran:
/tmp/home/root# nvram get wan0_ifname
got:
eth0

After doing some reading about the DNS over TLS, how the standard was in infancy, so some sites recommended "opportunistic". I had it in "strict" but will change it back to "strict".
 
Yes,
ran:
/tmp/home/root# nvram get wan0_ifname
got:
eth0

After doing some reading about the DNS over TLS, how the standard was in infancy, so some sites recommended "opportunistic". I had it in "strict" but will change it back to "strict".
On the router just run
Code:
tcpdump -i eth0 port 853
Then make some new, uncached queries to a domain you never go to, to ensure it isn't cached by dnsmasq, your computer or your browser.
 
On the router just run
Code:
tcpdump -i eth0 port 853
Then make some new, uncached queries to a domain you never go to, to ensure it isn't cached by dnsmasq, your computer or your browser.

:/tmp/home/root# tcpdump -i eth0 port 853
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

I don't see anything being listed. using a hardwired (into router) Raspberry pi ssh'ed into trying to wget various (made up) files from random websites, an android phone using various browser apps going to random websites found on duckduckgo, Kindle tablet going to random sites found on duckduckgo. Nothing is being listed.

Typing in
Code:
tcpdump -i eth0 port 53
is yielding all kinds of traffic.

I did notice something though. After trying multiple new searches for websites to try and produce a DNS over TLS port 853 feedback and receiving nothing and then typing "Ctrl C" i get this result:

:/tmp/home/root# tcpdump -i eth0 port 853
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
6 packets received by filter
0 packets dropped by kernel

what are those "6 packets received by filter"?
 
Last edited:
:/tmp/home/root# tcpdump -i eth0 port 853
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

I don't see anything being listed. using a hardwired (into router) Raspberry pi ssh'ed into trying to wget various (made up) files from random websites, an android phone using various browser apps going to random websites found on duckduckgo, Kindle tablet going to random sites found on duckduckgo. Nothing is being listed.

Typing in
Code:
tcpdump -i eth0 port 53
is yielding all kinds of traffic.

I did notice something though. After trying multiple new searches for websites to try and produce a DNS over TLS port 853 feedback and receiving nothing and then typing "Ctrl C" i get this result:

:/tmp/home/root# tcpdump -i eth0 port 853
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
6 packets received by filter
0 packets dropped by kernel

what are those "6 packets received by filter"?
Check that you have no DNS servers configured on your LAN DHCP Server page.
 

Attachments

  • Screenshot_2019-07-27 ASUS Wireless Router RT-AC68U - DHCP Server.png
    Screenshot_2019-07-27 ASUS Wireless Router RT-AC68U - DHCP Server.png
    18.1 KB · Views: 317
When you are capturing port 53 on eth0, what is the destination IP? Your ISP DNS (since your WAN DNS server setting was “connect automatically”), or one of your DoT choices? It doesn’t sound like Stubby is running to me. Or clients have DNS statically configured locally. You can force DNS through the router in WAN / DNSFilter setting the global mode to “Router”.
 
Hello, I just bought the RT-AX88U and installed Asuswrt-Merlin 384.12 so I don't know if the problems described below exist in previous versions. After installing this firmware and resetting the router to factory defaults I manually configured only wifi, wan, lan, samba and ssh with minor changes compared to factory defaults. After that I faced 5 different problems:
What's worked for me in the past may help you debug. Be aware the RT-AX88U is a relatively new router, so like anything else, it's apt to be buggy. I think several people have recommended the RT-AC86U b/c it's been in the field longer and the AX bands are still "under development". What that means to me is who knows what buglets are lurking in that AX code that may impact the stability of the router.

1) 2.4GHz can highly troublesome in a crowded environment like apartments. Everything from microwaves to alarm system motion detectors which may operate on both active microwaves and PIR as dual-tech units. Quite a few popular motion detectors operate in the 2.4GHz bands. In fact, when I redid some of my interior motion sensors a couple of years back, I had to look at the specs on each one to verify they were not operating in the 2.4GHz bands.
2) Set up 2 distinct SSID, one for 2.4 and one for 5.0 - KIS - xxx-AC50 or xxx-BGN24.
3) Use some of the ASUS tooling or something like inSSIDer find out how many noisy neighbors you have and how strong they are. Locate the bands which overlap and then setup your channels to overlap at a minimum. There are articles on SNB for how to do this properly.
4) Lock down your 2.4 and 5 GHz bands and stop the router from constantly searching (and changing) for the better channels.
5) I do not use the Samba setup. I only use the the USB with USB 2.0 with a uGREEN + Intel SSD for the amtm setup. I'm sorry, I cannot help you there.

It's a long shot but 1,3 may be related. Once you setup distinct channels and then start connecting to specific SSID, you can at least maybe fix 3 while you figure out the 2.4 GHz thing. Peace.
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top