What's new

[Release] Asuswrt-Merlin 384.9 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The configuration I have been explaining to you, has been working for me and many others, since ovpn 2.4 was released on Merlin. Check some of the many related posts throughout this forum. If you still need help I would encourage you to start your own thread. Cheers!

Perhaps that is so but what I have seen people have problem with this or not discoverd it.
Easiest way to test is use ipleak.net and test wan and vpn and se if there is different dns servers.
wan should use isp-provider and vpn use vpn-provider. Exeptions should use isp-providers.

Perhaps @Martineau or @Xentrk can can shed some light on this.
 
Perhaps that is so but what I have seen people have problem with this or not discoverd it.
Easiest way to test is use ipleak.net and test wan and vpn and se if there is different dns servers.
wan should use isp-provider and vpn use vpn-provider. Exeptions should use isp-providers.

Perhaps @Martineau or @Xentrk can can shed some light on this.
If your ipleak test shows your vpn address for dns when testing the vpn, this is normal for some vpn providers. If everyone else shows your isp dns you are golden.
 
I am using IPv6 as the norm on my network, so that might make a difference?

It's possible. That's one thing that's different between our setups, and I have never experienced the dnsmasq error message. What is the content of your /etc/dnsmasq.conf file?
 
It's possible. That's one thing that's different between our setups, and I have never experienced the dnsmasq error message. What is the content of your /etc/dnsmasq.conf file?
Is there a way to send you this securely? Cloudflare protection is blocking sending in a PM.
 
Hi...
Long time user, also donated quite some time ago...
I've not had any issues until now...
I have a RT-AC87R with 384.7_2, it fails to load the new firmware:
RT-AC87U_384.9_0.trx.
I have checked the sha, it matches...
There is no entry in the log that I can find...
I'll provide more info if someone can provide me with some doc's on to gather.

Thanks
JR
 
Is there a way to send you this securely? Cloudflare protection is blocking sending in a PM.

Zip it or email it (my email is in the README).
 
Hi...
Long time user, also donated quite some time ago...
I've not had any issues until now...
I have a RT-AC87R with 384.7_2, it fails to load the new firmware:
RT-AC87U_384.9_0.trx.
I have checked the sha, it matches...
There is no entry in the log that I can find...
I'll provide more info if someone can provide me with some doc's on to gather.

Thanks
JR

Reboot the router, with no USB disk plugged in if you had any, then try again.
 
Perhaps that is so but what I have seen people have problem with this or not discoverd it.
Easiest way to test is use ipleak.net and test wan and vpn and se if there is different dns servers.
wan should use isp-provider and vpn use vpn-provider. Exeptions should use isp-providers.

Perhaps @Martineau or @Xentrk can can shed some light on this.
The setting Accept DNS Configuration =Exclusive with Policy Rules can be an issue if you use selective routing and Diversion ad blocker as dnsmasq is by-passed. My new recommendation is set Accept DNS Configuration =Disabled and install Stubby (I still need to update by blog post as it still says to use Strict and refers to AB-Solution rather than Diversion). With Accept DNS Configuration = Disabled, the VPN tunnel will use the WAN DNS. If Stubby is installed, the queries are encrypted.

https://x3mtek.com/torguard-openvpn-2-4-client-setup-for-asuswrt-merlin-firmware/
DNSmasq and OpenVPN DNS
AB-Solution is the ad blocking solution for Asus routers using Asuswrt-Merin firmware. AB-Solution requires DNSmasq to work properly. With Asuswrt-Merlin firmware, OpenVPN clients use the VPN tunnel’s DNS. As a result, AB-Solution will not work for LAN clients connected to the VPN tunnel when using Policy Rules since DNSmasq is by-passed. AB-Solution will still work for devices connected to the WAN though.

John9547 LTS fork has implemented DNS differently than Asuswrt-Merlin. The DNS rules are reversed. With Accept DNS Configuration set to Exclusive, the VPN clients will use DNSmasq and AB-Solution will work. There is also a check box on how you want to handle the WAN clients. If you leave it unchecked, the WAN clients will also use the VPN DNS servers (but not the tunnel) and they can use AB-Solution. If you check the box, the WAN client requests are sent directly to the WAN DNS servers and AB-Solution will not be available.

To resolve the DNS and routing issues when using Policy Rules with Asuswrt-Merlin, set Accept DNS Configuration to “Strict” Disabled and specify the DNS server for the VPN tunnel to use by adding the dhcp-option DNS command in the Custom Configuration section. Without the dhcp-option command, AB-Solution updates will fail, the AB-Solution email function will no longer work and the wget command will not able to resolve the domain name.
 
Last edited:
The setting Accept DNS Configuration =Exclusive with Policy Rules can be an issue if you use selective routing and Diversion ad blocker as dnsmasq is by-passed. My new recommendation is set Accept DNS Configuration =Disabled and install Stubby (I still need to update by blog post as it still says to use Strict and refers to AB-Solution rather than Diversion). With Accept DNS Configuration = Disabled, the VPN tunnel will use the WAN DNS. If Stubby is installed, the queries are encrypted.
https://x3mtek.com/torguard-openvpn-2-4-client-setup-for-asuswrt-merlin-firmware/

Thank you.
I se your point and I maybe test it. Stubby use wan-dns to vpn and I don't want that.
I feel more comfortable with vpn-providers dns to all my wan devices.
(They have therir own DNS and working just fine)

The goal is to bypass some ipnumber to some devices in lan with wan-dns on them. Regarding to wiki that setup is impossible. :oops:o_O
 
It's possible. That's one thing that's different between our setups, and I have never experienced the dnsmasq error message. What is the content of your /etc/dnsmasq.conf file?
Eric, here is the config info from the IPv6 page. Is that where we are looking? I am a little out of my depth here...

Configure the IPv6 Internet setting of RT-AC5300.
IPv6 FAQ
Basic Config
Connection type Native
DHCP-PD
Enable
Release prefix on exit Enable
IPv6 LAN Setting
LAN IPv6 Address

2601:********
LAN Prefix Length
64
LAN IPv6 Prefix
2601:***********
Auto Configuration Setting Stateless
IPv6 DNS Setting
Connect to DNS Server automatically
Disable
IPv6 DNS Server 1 2001:4860:4860::8888
IPv6 DNS Server 2 2001:4860:4860::8844
IPv6 DNS Server 3 2001:558:feed::1
Auto Configuration Setting
Enable Router Advertisement Enable
 
Eric, here is the config info from the IPv6 page. Is that where we are looking? I am a little out of my depth here...

No, what I needed was the content of a specific config file, however another user provided me with his, and now it seems that the common element between the two of you is that both of you are using IPv6, so that might be the common cause.

Unfortunately since my ISP doesn't support IPv6, I doubt I'll be able to do much to troubleshoot this issue. I will have to see if it also happens with a HE tunnel, but that's a quite different setup.
 
Weird... I have an 87U here that's been on merlin since I got it.. It was on 384.7_2 version and had been working fine but was now telling me to update to RT-AC87U_384.9_0. so like always I went and grabbed it and extracted it and updated the manual way.. but when it comes back up.. it's still on 384.7_2 . I went and grabbed it again thinking I might have downloaded the wrong one but the exact same thing happened.. I know it was for the 87u as the changelog says the asus binarys are back in for it...

anyone have any idea how I can figure out why it didn't apply?

regards

Frank
 
Have noticed there is a UI lockup at times which may coincide with increased connection to the router.

The UI becomes unreachable and a restart is needed to get access again.

Everything else seems to work though be it wifi and wired connections even if the UI isn't reachable.

AC86U
 
Have noticed there is a UI lockup at times which may coincide with increased connection to the router.

The UI becomes unreachable and a restart is needed to get access again.

Everything else seems to work though be it wifi and wired connections even if the UI isn't reachable.

AC86U
I will confirm this for my RT-AC86U. It has happened 3 times to me.
 
Have noticed there is a UI lockup at times which may coincide with increased connection to the router.

The UI becomes unreachable and a restart is needed to get access again.

Everything else seems to work though be it wifi and wired connections even if the UI isn't reachable.

AC86U
This has been happening for a while, it's the httpd daemon becoming unresponsive. It doesn't fully crash, but it doesn't respond either.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top