[RT-AC68U] A dose of Quicksilver

[canuckle]

Neither - there's a newer non-beta release.

Ah ok. Should be easy to find on the site, thanks again.


Sent from my iPhone using Tapatalk

 

[miodzicho]

I have tried to apply ebtables rules in firewall-start script located in jffs :

#Block DHCP between OpenVPN TAP
ebtables -I FORWARD -i tap21 -p IPv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -I FORWARD -o tap21 -p IPv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -I INPUT -i tap21 -p IPv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -I OUTPUT -o tap21 -p IPv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
#Block UPnP between OpenVPN TAP
ebtables -I FORWARD -i tap21 -p IPv4 --ip-protocol udp --ip-destination-port 1900 -j DROP
ebtables -I FORWARD -o tap21 -p IPv4 --ip-protocol udp --ip-destination-port 1900 -j DROP
ebtables -I INPUT -i tap21 -p IPv4 --ip-protocol udp --ip-destination-port 1900 -j DROP
ebtables -I OUTPUT -o tap21 -p IPv4 --ip-protocol udp --ip-destination-port 1900 -j DROP

Unfortunatelly this is rebooting router, doing infinite reboot loop.
Even applied first lines are doing reboot.

I would like to filter traffic on VPN like on older rt-n66u but it seems impossible.
Anyone have noticed this ?

I found lines which are leading to reboot :

ebtables -I OUTPUT -o tap21 -p IPv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -I OUTPUT -o tap21 -p IPv4 --ip-protocol udp --ip-destination-port 1900 -j DROP

Is it anything wrong in syntax ? Next question is how to filter ipv6 traffic on VPN. Because when I enable IPv6 on WAN side, client on openvpn is going through tunnel and goes out using remote WAN, instead local WAN as needed.

With enabled JFFS, without ebtables implemented router hangs in few hours, and becomes not accessible at all.

 

[scmu]

I have problem with download master. I connected my WD 500 GB and install download master. first time it work well but when i unplug my ac68u and plug it again i cannot open download master gui. It still detect my WD 500 GB but my files is gone. anyone had this problem? I try both version of 3.0.0.4_374.34_2(Asuswrt-Merlin) and 3.0.0.4.374.306(Asus) but it same. Thank you.

 

[Dijkstra88]

Asus released new firmware with version number 3.0.0.4.374.339

 

[miodzicho]

Another issue, I have at least 7 DHCP clients connected, and all devices in network around 15. Nothing in Clients, also with Refresh circle is still rotating , but no updates.

 

[RMerlin]

Another issue, I have at least 7 DHCP clients connected, and all devices in network around 15. Nothing in Clients, also with Refresh circle is still rotating , but no updates.

Long-standing issue, I haven't been able to reproduce it yet, so there was no real progress made on it.

 

[xander73]

Virtual Server - Port Forwarding broken by Hardware Acceleration??

Configured my new RT-AC68U the same way as my RT-AC66U to use externally access my Synology NAS by forwarding the relevant ports, etc...

RT-AC66U works ok, but not with the new RT-AC68U...

As pointed out earlier on this forum - Port Forwarding does work, but only after disabling Hardware Acceleration (LAN > Switch Control > Enable HW Accelerator - No).

Issue seen with latest Asus firmware (FW_RT_AC68U_3004374339.trx) and Merlin firmware (RT-AC68U_3.0.0.4_374.34_2.trx)

 

[canuckle]

RMerlin what do you LOSE by turning off hardware acceleration ?


Sent from my iPhone using Tapatalk

 

[RMerlin]

RMerlin what do you LOSE by turning off hardware acceleration ?


Sent from my iPhone using Tapatalk

The ability to use an Internet connection faster than around 150 Mbits (N16/N66/AC66) or 300 Mbits (AC56/AC68U) at their full speed.

 

[canuckle]

The ability to use an Internet connection faster than around 150 Mbits (N16/N66/AC66) or 300 Mbits (AC56/AC68U) at their full speed.

Ah, ok. I'm at 100 down so no worries for me

 

[xander73]

Something must be really buggy with Port Forwarding on the RT-AC68U...

Now I can't get it to work at all to access my Synology NAS box externally...

I did a hard reset and applied the latest Asus firmware, added the Port Forwarding as used on my (working) RT-AC-66U - and with HW Accelerator enabled or disabled - no access...

Any ideas please?

 

[canuckle]

It works for me. Are you using xxx0 or xxx1 as your port for access? I connect using secure connection on xxx1. 1512+ on DSM 4.1. My ISP keeps changing my ip but other than that it's good.


Sent from my iPhone using Tapatalk

 

[xander73]

It works for me. Are you using xxx0 or xxx1 as your port for access? I connect using secure connection on xxx1. 1512+ on DSM 4.1. My ISP keeps changing my ip but other than that it's good.
Tapatalk

Hi canuckle, Big favour - please could you post a screen shot of your Port Forwarding... Many thanks!

 

[canuckle]

Hi canuckle, Big favour - please could you post a screen shot of your Port Forwarding... Many thanks!

Yup no sweat.


Sent from my iPhone using Tapatalk

 

[canuckle]

Here you go. I'm sure you know you need to have a manual ip for the Synology box...

 

[xander73]

Working now - re-did all my settings on the RT-AC68U and Synology DS212+ NAS... Able to access the NAS from the outside word (again)!!!

Only strange thing I did notice:
Hardware Accelerator enabled = unable to access NAS internally on the LAN using the external IP address or FQDN...
Hardware Accelerator disabled = able to access NAS internally on the LAN using the external IP address or FQDN...

 

[canuckle]

Glad to hear it xander, it's frustrating when you think it should be fine and doesn't go.

Couple of general questions for all...

1. On the AC68U, should jumbo frames be enabled?
2. Should the internal upnp port range be left at default?

Thanks!

 

[xander73]

Jumbo frames - enabled, just remember to enable it on the NAS box and you computer network adapter(s).

UPnP - I changed the internal range to start from 1 (default was 1024).

 

[canuckle]

Jumbo frames - enabled, just remember to enable it on the NAS box and you computer network adapter(s).

UPnP - I changed the internal range to start from 1 (default was 1024).

MTU on the NAS is 5000, so should be ok I think. Managed switch would be the same, I set them up same time and to be synchronized in those respects.

 

[RMerlin]

Working now - re-did all my settings on the RT-AC68U and Synology DS212+ NAS... Able to access the NAS from the outside word (again)!!!

Only strange thing I did notice:
Hardware Accelerator enabled = unable to access NAS internally on the LAN using the external IP address or FQDN...
Hardware Accelerator disabled = able to access NAS internally on the LAN using the external IP address or FQDN...

NAT Loopback is known to be broken when HW acceleration is enabled on the AC56/AC68U. Nothing I can do about it, the HW acceleration module is closed source. A fix will have to come from Broadcom or Asus.