1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Asuswrt-Merlin on Netgear R7000

Discussion in 'Other Firmware Projects' started by XVortex, Mar 27, 2015.

  1. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    So there is no way around going back to stock for flashing dd-wrt from merlin?
     
  2. cybrnook

    cybrnook Addicted to LI Member

    Not that we know of.

    Typically if devs post a back to factory image, there are reasons you need to go back and flash from factory when transitioning.


    I think it mostly is around the formatting of the nvram values.
     
    RichtigFalsch likes this.
  3. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    Sorry for asking, I once read about a modified netgear firmware supposed to run on the custom CFE. But I couldn't find it right now. Maybe this could be flashed from the CFE.

    If not, then I'll take the hard way. Thank you.

    Seems like flashing the custom CFE really is more of an uneccessary danger and effort here. I suggest the advise for flashing custom CFE should be removed from the opening post.
     
  4. cybrnook

    cybrnook Addicted to LI Member

    Sometimes the hard way is the easy way :) , or path of least resistance.
     
    RichtigFalsch likes this.
  5. cybrnook

    cybrnook Addicted to LI Member

    No, it's not a danger as long as you stick to the Merlin Port, as you gain the fail safe recovery server.

    The image you are thinking of is the image in the op. But only one user in this thread ever reported it working on the modified CFE. Everything after that has just been speculations from that comment.

    No factory image was ever made to run custom CFE.
     
  6. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    I now have Merlin on the R7000 again.
    But I stilll couldn't find the modified netgear firmware that's supposed for running with the custom CFE.
    Could you give me the link, please?

    At least that would avoid having to flash stock CFE and keep the recovery possibility intact (if the custom CFE allowed flashing this).

    Edit:
    Now I got this thought:

    The "backtostock" image is the same like the image I have read about, so a netgear firmware modified for running from custom CFE?
     
  7. cybrnook

    cybrnook Addicted to LI Member

    You are very excited I think :) Plesae read again what I wrote above:

    "The image you are thinking of is the image in the op. But only one user in this thread ever reported it working on the modified CFE. Everything after that has just been speculations from that comment.

    No factory image was ever made to run custom CFE."
     
  8. cybrnook

    cybrnook Addicted to LI Member

    you could always flash the custom CFE from within DD-WRT if you wish, though not necessary.
     
  9. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    Ok! I'm at DD-WRT now, without removing the more secure custom CFE.

    I simply flashed the latest tomato trx (was kille72's, but shouldn't matter) using the CFE recovery. Then deleted NVRAM using CFE.
    From Tomato I updated to the generic DD-WRT-bin for ARM (http://www.desipro.de/ddwrt/K3-AC-Arm/dd-wrt.v24-K3_AC_ARM_STD.bin) and enabled reset NVRAM after update.
    And from the generic bin I updated to the latest DD-WRTkong-mod.chk for R7000.

    Maybe I could even have flashed the dd-wrt.bin directly from custom CFE, but it didn't have this file then.

    I like it this way, because I never had to drop the security of the recovery bootloader.

    PS:
    I had read you saying, that the image I was talking about was the one in the op. But I didn't understand it this way - I assumed there had to be another image, and was searching the post for another image over and over. It's because somewhere in this huge thread, there was someone talking about a "modified netgear image, supposedly working with custom CFE", but I couldn't actually know that this was the very same like in the op.

    And, yes. The backtostock image didn't work for me, too. But tomato is a good replacement, as it enables flashing to anything else, also, by the indirect way of using bin files.

    Now I have learned something more regarding firmware swapping on the R7000, I am thinking about maybe writing a helping thread for all directions, using the safe custom CFE, because overall there seems to be too much confusion, caused by a lot of contradictory and incomplete information.
     
    Last edited: May 16, 2017
    Makaveli and cybrnook like this.
  10. cybrnook

    cybrnook Addicted to LI Member

    In the back of my mind I was wondering if you could just change the file extension and flash from CFE, but I did not want to be responsible if you soft bricked :)

    Great job though, you worked through it.
     
    Makaveli and RichtigFalsch like this.
  11. Nitin Vaid

    Nitin Vaid Connected Client Member

    is it possible that i can see which connected wireless device is using my internet bandwidth all i can see is it shows that 2.4Ghz or lan or 5ghz connected device
    what i want to check is the all of connected device which is using internet ?
     
  12. caiga

    caiga Network Newbie Member

    i justed checked the difference between 2.3 ovpn file and 2.4:
    2.3 ovpnfile:

    cipher AES-256-CBC

    2.4 ovpn file

    ncp-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM


    rest is the same
    any connection?
     
  13. Nitin Vaid

    Nitin Vaid Connected Client Member

    i was reading its features that
    • Enhanced traffic monitoring: adding graphical charts, and traffic monitoring per client IP"
    But i was not able to see per client ip bandwidth usage? where is it
     
  14. bluechris

    bluechris New Member Member

    Hi guys 1st post here and am glad i joined you.

    The firmware is great and working and after many years in ddwrt i like this one better for sure.

    I have a question if anyone had tried it.. and this is the vlans.
    In lan port 1 i have a device and i need to tag it as vlan10 and pass this packets to my 2nd router in lan port 4 (i have untangle for home and i want that one to do the load balancing and the device in lan port 1 is a ubiquity that gives me the 2nd Wan)

    To implement this scenario and tag the packets in lan1 port as vlan10 i did this

    1st i took out the port from the untagged vlan1

    Code:
    robocfg switch disable vlan 1 ports "0 2 3 4 5t" switch enable
    then i added in all the ports the vlan10 ability

    Code:
    robocfg switch disable vlan 10 ports "1t 2t 3t 4t 5t" switch enable
    Show if i do robocfg show i get this

    Code:
    Switch: enabled
    Port 0:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
    Port 1:  100FD enabled stp: none vlan: 1 jumbo: off mac: 00:15:6d:e5:ae:36
    Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
    Port 3: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:25:9c:13:b0:4d
    Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 10:ae:60:02:2b:e6
    Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
    VLANs: BCM5301x enabled mac_check mac_hash
       1: vlan1: 0 2 3 4 5t
       2: vlan2: 5t
      10: vlan10: 1t 2t 3t 4t 5t
    But unfortunatelly when i ping from the lan4 device the lan1 device i dont get replies.

    This is what i came up with after ton of searching but maybe i have something wrong somewhere so i will be thankfull if someone knows something

    thx
    chris
     
  15. David1

    David1 Connected Client Member

    Hi, got a serious problem, not sure if its with the new firmware 380.66, but i get random upload speed which is ridiculous only have a 1Mbps upload and it says i have uploaded 16GB in a few seconds

    I cannot play CSGO, cause my ping goes to 2000ms plus, anyone else getting this problem. gets worse and worse over time, and reboot doesnt fix it,

    Restored everything back to default and reinstalled firmware, but nothing seems to be fixing it
     

    Attached Files:

    Nitin Vaid likes this.
  16. Nitin Vaid

    Nitin Vaid Connected Client Member

    Try resetting the firmware it must be cpu is not processing it thats why bandwidth is choking and sometimes it release and shows in GB
     
  17. pablot

    pablot New Member Member

    Hi, this is my first post as I'm newbie with Xwrt, so I have a couple of questions I've not been able to found elsewhere.

    First, I have set my R7000 as an AP and I feel there are many options I'm not seeng in the menues (for instance I do not have the menu options for Traffic manager, IPv6, VPN, etc.). Is thjis because of the AP mode? Can I switch to router mode and justa disable WAN, disable DHCP and put a LAN IP and have the same "AP" but with all the firmware options?

    Also, I have not been able to connect to my R7000 through SSH. Everything is set up, and in fact when I fire putty, I get the login prompt, but no way to access as on the system logs, always get login attempt from a nonexistent user (Login attempt for nonexistent user from 172.168.1.2:64422) no matter if I use admin or root user...

    Do I have to create the user by hand? how?

    Thanks, great firmware!!!
    Pablo
     
  18. Nitin Vaid

    Nitin Vaid Connected Client Member

    To use SSH you have to enable SSH in settings there are 3 options that you have to check
    i dont remember exactly i have used ssh on this firmware to install YAMon Script
     
  19. pablot

    pablot New Member Member

    Yes, I know, and in fact it's enabled as it shows me the login prompt, but I cannot login successfully...

    This is on putty:

    login as: root
    root@192.168.2.2's password:
    Access denied
    root@192.168.2.2's password:​


    This is on system logs:

    May 19 12:08:21 dropbear[1197]: Child connection from 172.168.1.2:65011
    May 19 12:08:56 dropbear[1197]: Login attempt for nonexistent user from 172.168.1.2:65011
    May 19 12:08:58 dropbear[1197]: Login attempt for nonexistent user from 172.168.1.2:65011
    May 19 12:09:02 dropbear[1197]: Exit before auth: Disconnect received​

    (the IP is different since I'm loggin through a VPN)
     
  20. David1

    David1 Connected Client Member

    thanks, i have tried resetting the firmware, i resetted the firmware and reinstalled the firmware and then reset it again and set it up again and the picture above is after i did all of this, so if u saying its the cpu, i guess my router might be bombing out?
     
  21. David1

    David1 Connected Client Member


    you need to use the web gui username , default is admin, but if u have changed it, u need to use the changed one, otherwise try changing the web GUI username and try use that
     
  22. Nitin Vaid

    Nitin Vaid Connected Client Member

    then only thing you can do is flash the stock firmware and if it still stays like that then yes it can be hardware issue. Btw the internet is working properly on Wifi? or you have issue on that too?
     
  23. pablot

    pablot New Member Member

    Thanks!!!, it worked!!
    Now I just have to know if the "missing menu options" are available only under "Router Mode" and not as an "Access Point"
     
  24. Makaveli

    Makaveli Networkin' Nut Member

    Yes those features will only be available when in router mode.
     
  25. David1

    David1 Connected Client Member

    internet is working fine, wifi is also working fine, the only time i really notice it is when i am playing CSGO cause my ping just goes up and down every 5 secs and i cannot play at all, i will try tonight again, as i have been watching it and it hasnt been too bad, will also check the temperature of the cpu aswell, cpu temp atm

    Legend: 2.4 GHz - 5 GHz - CPU
    Current Temperatures: 48 °C - 53 °C - 61 °C
     
  26. pablot

    pablot New Member Member

    Ok, thanks.
     
  27. Nitin Vaid

    Nitin Vaid Connected Client Member

    Check your PC lan drivers then?
    is it just the game or everything?
     
  28. pablot

    pablot New Member Member

    Hi, I do not have an answer for you, but instead I have a question!.

    Is it possible to use the WAN port while still in AP mode as with the stock firmware?

    Also, can I use it in router mode (not AP) and connect the WAN port to another router and have everything on the same IP address range? or each router must be on different address ranges.?
     
  29. David1

    David1 Connected Client Member

    i dont think its my lan drivers cause i replaced the router with another old asus one i had lying around and i didnt have the problem, i have played for about 6hrs and it seems like it is working, hopefully it doesnt come back, so fingers crossed
     
  30. badplay

    badplay New Member Member

    how i can update from older firmware asuswrt ?? i have version from januar so how can i update without loosing settings ???
     
  31. Nitin Vaid

    Nitin Vaid Connected Client Member

    Procedure for upgrade:
    1. Reboot your router via the web interface or power cycle.
    2. Flash the R7000_xxx.xx_x.trx file via the web interface.
    3. Check new options and configure everything else.

    But there are soo many changes to i recommend that you reset the settings after update
     
  32. badplay

    badplay New Member Member

    i have the version before this new one are there alsow many changes ?? i get some trouble with my R7000 often i lose internetconnection if i start a download with full download speed
     
  33. Frank2

    Frank2 Serious Server Member

    Security Question: This may have been answered before in the hundreds of previous posts but...The only way I can use the App is to Enable Web Access from WAN. Otherwise, my App won't connect. So is it safe to enable Web Access from WAN (I have a very complex password)? If not why? Just curious.
     
  34. Makaveli

    Makaveli Networkin' Nut Member

    Even with a secure password its still an entry point or attack vector into your system. I currently have it disabled because I don't really need to use app remotely. I RDP into my system if I need to make those changes. I only use AI cloud app remotely because it works with everything closed off. The were people on SNB that got their routers hacked by allowing that remote access.

    So you have to weigh the security vs the convenience.
     
    Last edited: May 22, 2017
    phalkon30 likes this.
  35. Frank2

    Frank2 Serious Server Member

    Thanks Mak, I figured that's what you would say. I haven't used AI cloud yet, maybe I'll try that. When you say you RDP into your router, are talking about SSH?
     
  36. Makaveli

    Makaveli Networkin' Nut Member

    I Remote Desktop Protocol into a computer on my network then access the router.

    I use AI could only to monitor the status of the router, not for making changes.
     
  37. Nitin Vaid

    Nitin Vaid Connected Client Member

    I know that we can not use QOS in this firmware but can i make priority of the connected devices?
     
  38. Frank2

    Frank2 Serious Server Member

    So if we enable HTTPS as the only way to Enable Web Acess, isn't the connection encrypted?
     
  39. sdroute

    sdroute New Member Member

    Hello all, from my first post. I have been happily using Xwrt for a couple years and using version 380.58 for over a year on my R7000 with no issues. I recently upgraded to AT&T fiber internet from cable internet. I kept my R7000 by using DMZplus mode on my AT&T router and plugging the R7000 into it. However, I noted I get a significant speed reduction with the R7000 router.
    I get ~860 Mbps download and ~520 Mbps upload when I have my computer plugged directly into AT&T router, but only around 240 down/490 up when using my network through my R7000. I believe this has something to do with the R7000 firewall when going from the WAN to LAN port on the R7000, but I dont know if this much of a speed drop is a limitation of the router hardware, or if there are some configuration changes on Xwrt that would speed this up. I have not read through every post on the 43 pages of this discussion thread, but I am hoping someone might have an answer or direct me to some.
     
  40. Makaveli

    Makaveli Networkin' Nut Member

    Yes

    Is hardware acceleration on?

    And is it possible that there is something on the At&T ONT that is slowing down the connection?
     
  41. sdroute

    sdroute New Member Member

    Hardware acceleration is on. I DID enable URL filtering a few months back to try and reduce ads. After turning it back off, and I now get 400 down/500 up. The firewall is still on, but I confirmed URL, keyword, and network services filters are all turned off. IPv6 firewall shows it is enabled, but IPv6 is not enabled on the IPv6 menu. It is still slower than the 860 down/520 up direct connection to the AT&T router, but now working at a much higher speed than my old 300 Mbps cable connection. :)
     
  42. Nitin Vaid

    Nitin Vaid Connected Client Member

    Hello everyone I have one querry if i use this firmware can i be able to combine 2 Internet connections into one?
    like the current broadband connection i am using is only 2mbps connection and i was thinking to buy another one with 20mbps connection what i want is both connection connected to wifi and can be used together then mine speed will be 22mbps is it possible?
    if yes how?I am using R7000 Wifi Router
     
  43. Makaveli

    Makaveli Networkin' Nut Member

    https://www.asus.com/ca-en/support/FAQ/1011719/
     
  44. Stimpy88

    Stimpy88 Network Newbie Member

    Did anyone get back to XVortex with the results of his change to the USB3.0 drivers? I don't use it myself, and have no way of testing it, but just wondered if anyone else had the chance yet?
     
  45. r00ternewbie

    r00ternewbie Reformed Router Member

    Love the firmware (currently running 380.65) but struggling to set up IPV6. I would be grateful if any UK based members with experience of IPV6 configuration for Sky Fibre would post their findings/successes. At the moment (based on information on various UK forums) it would seem that I might need to move to a pfsense based solution to implement Sky's unique IPV6 configuration. Thanks in advance for your help!

    Sent from my ONEPLUS A3003 using Tapatalk
     
  46. ideasky

    ideasky New Member Member

    How I can install shadowsocks for R7000 based on your v380.66_2? @XVortex thanks.
     
  47. ViciousDS

    ViciousDS New Member Member

    Just installed 380.66_2 and I seem to be getting random disconnects that never happened before. Not sure what info you need but I had no issues with 380.58 I think was what I was on before updating. Going to rollback to 380.65 and see if that fixes anything
     
  48. redesapce

    redesapce New Member Member

    Hi Everyone. I happen to have a 1G internet link as well at home. I bought the R7000 because smallnetbuilder was rating the WAN-LAN throughput of 900M+. Unfortunately, running stock firmware I got a bit less than 800Mbps. Now, after installing XWRT (latest release) I can only achieve 550-600Mbps. When I run speedtest I see the CPU(1) of R7000 go to almost 90% and stays there until the test is done.

    I am running a OpenVPN server (no clients connected), about 12 local clients, NAT enabled, IPV4, QoS disabled, traffic metering off (as far as I know), no USB HDD plugged.

    Anything I can do to achieve higher speeds? I know I will never be able to get 1Gbps (unless I plug the ISP directly into my desktop), but I would like to achieve something around 900M if possible.
    Any ideas?
     
  49. odeemi

    odeemi New Member Member

    Hi,

    R7000 and this firmware in my experience can handle 1Gbit. I could get the same as from directly connecting to wall, about 944Mbit/s. Disabling OpenVPN server is what comes to mind and if that doesn't help then restoring default settings.

     
    slidermike likes this.
  50. Almighty1

    Almighty1 Serious Server Member

    I updated from 380.65 to 380.66_2 without resetting to defaults since 2 days ago and it seems to be working fine for me. Did you reset the settings to default?
     
  51. Makaveli

    Makaveli Networkin' Nut Member

    From 380.65 to 66_2 is close enough that you can get away with no reset to default.

    however 380.58 to 380.66_2 is a much bigger jump and I would recommend a reset.
     
    Almighty1 and Stimpy88 like this.
  52. chchia

    chchia LI Guru Member

    is there any way to use smart connect?
     
  53. Almighty1

    Almighty1 Serious Server Member

    I would have done a reset as XVortex mentioned in post #4175 earlier except I hate redoing the ipv6 settings. Would be a lot easier if there was a way to just copy and paste the command line config and then paste it back in after resetting.
     
  54. Makaveli

    Makaveli Networkin' Nut Member

    For IPV6 my connection is Native with DHCP-PD so there isn't anything to configure.

    going to assume your provider isn't native yet?

    Smart Connect is only available on asus tri-band routers.

    The R7000 is a dual-band router.

    If you want it you have to buy tri-band asus hardware or run the stock firmware which I believe supports it.
     
    Last edited: Jun 1, 2017
  55. Almighty1

    Almighty1 Serious Server Member

    It's not that, I have Comcast XFinity which is DHCP-PD and also I can use he.net as well so it seems the router can switch between the two and has the settings in the memory when needed. It's a lot easier to type ipv4 than ipv6 things.
     
  56. sdroute

    sdroute New Member Member

    Hello. I recently switched ISPs from my local cable company to AT&T Fiber. I still use my R7000 running Asuswrt-Merlin, but my WAN port is now connected to my Pace 5268AC router via DMZ plus mode, rather than through my old cable internet bridge. Since then I have noticed that several websites now reject connections, redirecting me to "Access Denied" pages (e.g. www.cbp.gov) or HTTP 403 Forbidden "Reference Error:18...." security warning sites that block me from accessing the pages (e.g. www.adidas.com). If I plug my computer directly into the Pace router AT&T provided me, I do not get these errors. I was thinking it might be an DNS issue, so I tried changing my DNS server to openDNS via the Asuswert-Merlin interface (LAN>DHCP Server>DNS and WINS Server Setting), but this does not solve the problem. Is there some other setting or configuration error that might be causing this issue?
    HTTP 403 Error.jpg
     
  57. Stimpy88

    Stimpy88 Network Newbie Member

    for anyone that has not visited XVortex's site, a few days ago he posted a newer version of his firmware v380.66_2.

    The fixes are not really relevant for a lot of people but if you want the latest, grab it from his site. (link on the first post of this thread.)
     
    slidermike likes this.
  58. Stimpy88

    Stimpy88 Network Newbie Member

    Have you checked to make sure your not double NATed?
     
    slidermike likes this.
  59. slidermike

    slidermike Networkin' Nut Member

    I agree with Odeemi.
    if you don't need the vpn server then turn it off. Even if there are no clients on it, it has to take cycles to run and monitor for potential clients.
    If you have turned on some features (even if they are not currently running) like QoS or any custom firewall rules etc... Two things are possible.
    #1 The CTF+FA has been disabled.
    #2 Your forcing the router to inspect each packet before passing it along.

    To verify what mode your router is in, go to "Tools" on the left screen.
    Once the main page refreshes, scroll down to "Network"
    Look for "Hardware"
    Ideally its Enabled (CTF+FA)
    as shown.
    The only way to get that mode back once you turn something on that requires bypassing the hardware/kernel acceleration is to reset to defaults and not enable those features that disabled CTF+FA.
    I don't have gig internet to test myself but those are my suggestions based on my understanding of the hardware & software of this router.
    [QOTE="redesapce, post: 287961, member: 62112"]Hi Everyone. I happen to have a 1G internet link as well at home. I bought the R7000 because smallnetbuilder was rating the WAN-LAN throughput of 900M+. Unfortunately, running stock firmware I got a bit less than 800Mbps. Now, after installing XWRT (latest release) I can only achieve 550-600Mbps. When I run speedtest I see the CPU(1) of R7000 go to almost 90% and stays there until the test is done.

    I am running a OpenVPN server (no clients connected), about 12 local clients, NAT enabled, IPV4, QoS disabled, traffic metering off (as far as I know), no USB HDD plugged.

    Anything I can do to achieve higher speeds? I know I will never be able to get 1Gbps (unless I plug the ISP directly into my desktop), but I would like to achieve something around 900M if possible.
    Any ideas?[/QUOTE]
     

    Attached Files:

  60. paaji

    paaji Reformed Router Member

    Hello,

    My port forwarding doesn't work after upgrading to 380.66.2? I have virutally same setting I had before on 380.57.

    I forwarded the ports on WAN> Port forwarding. When I am trying to access now it comes with connection failed.
    Besides port forwarding. Do I need to check somewhere else?

    Thanks

    **Just to add I did factory reset before upgrading > reboot > installed new firmware > factory reset and reboot. Configured the ports.
    Is it possible to go back to previous version?
     
    Last edited: Jun 5, 2017
  61. Almighty1

    Almighty1 Serious Server Member

    My port forwarding is still working in 380.66_2. Not sure what else you can check. As for the last question, just flash the older version and then factory reset, reboot and reconfigure again...
     
    Makaveli likes this.
  62. Almighty1

    Almighty1 Serious Server Member

    Just recently got a Arris SurfBoard SB8200 DOCSIS 3.1 Cable Modem to replace the SB6190 and it seems the SB8200 Cable Modem is picky about which 192.168.x.x blocks it will allow to connect to the status page at 192.168.100.1 port 80 even though both ping and traceroute works but it will just time out, connecting directly via ethernet from the computer works fine while no devices like mobile devices, desktop/notebook computers would work. So the remedy is to set the LAN IP on the R7000 to 192.168.1.1 from 192.168.2.1 as in my case and then access the webpage at 192.168.100.1 and then switch the LAN IP on the R7000 back to 192.168.2.1 and the status page will work fine until the Cable Modem is rebooted or power cycled, then the remedy will need to be used again. 192.168.10.1 as the LAN IP will work fine without needing to do anything. Now my question is, is it possible to add a alias IP to the R7000 using XWRT so that it too has a 192.168.100.x IP when communicating with the modem. If so, how does one do this? Thanks in advance!
     
  63. slidermike

    slidermike Networkin' Nut Member

    Since this is Merlin firmware and the underlying Broadcom platform is nearly identical to the Asus routers, I suggest searching for Merlin & vlan in google.
    What works on the Asus router under Merlin should work on our router.
    I seem to recall that the way Asus implements things is more difficult than ddwrt or tomato.
     
  64. slidermike

    slidermike Networkin' Nut Member

    I run my R7000 in AP mode.
    After upgrading to the latest firmware, I have had 2 instances of the 5ghz ssid going away.
    The router is still up (by uptime and gui mgmt.) and says it is broadcasting the 5ghz but my clients no longer see it.

    The first time I power cycled the router & this 2nd time (in just over a week) I left it for about 3-4 minutes and it seemed to restore on its own.

    So I think I am rolling back to the previous build for now.
     
  65. peyton

    peyton Network Guru Member

    Did you factory reset it ?
     
    slidermike likes this.
  66. slidermike

    slidermike Networkin' Nut Member

    Nope
    Merlin didn't recommend in the thread for the new build that a reset was suggested; nor did XVortex to the best of my knowledge.
    Unless something big was changed/added/removed, the incremental build hops should be seemless.
     
    Makaveli likes this.
  67. cybrnook

    cybrnook Addicted to LI Member

    Almighty1, slidermike and Stimpy88 like this.
  68. perdrix

    perdrix New Member Member

    I just got an R7000 and installed 380.66_2.

    I cannot get my laptop to connect on the 5GHz band using identical WPA password as 2.4GHz band.

    Lappie has Intel 7260AC which was working fine with my BT Homehub 5A.

    Is there any way to determine the cause of the problem. I set log level to info, but that didn't tell me much.

    Thanks, Dave
     
  69. slidermike

    slidermike Networkin' Nut Member

    Can you provide some screen shots of your 5ghz settings (basic & advanced).
    Also, does the LT see the SSID?
    What channel is the SSID being broadcast at?
    Other devices see the SSID?
     
  70. slidermike

    slidermike Networkin' Nut Member

    cybrnook likes this.
  71. perdrix

    perdrix New Member Member

    Everything was set to default, and yes the SSID was visible.

    Adjusting the 5GHz transmit power down to 20% from 50% and I was able to connect????

    Don't quite understand why that worked, but it did.

    Dave
     
  72. slidermike

    slidermike Networkin' Nut Member

    I cant see why adjusting the 5ghz power down (on its own) would be a fix to connecting to a broadcasted SSID that the client could see.
    However, making adjustments to the radio settings & then applying does restart the wireless services so that might be what worked.
    Simply hitting the apply button might have accomplished the same results.
    Glad its working.
     
  73. perdrix

    perdrix New Member Member

    Trying to get a VPN running to Private Internet Access.

    Here's the generated config:

    Code:
    admin@R7000-EF93:/tmp/home/root# cat /etc/openvpn/client1/config.ovpn
    # Automatically generated configuration
    daemon
    client
    dev tun11
    proto udp
    remote 5.63.151.156 1198
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    comp-lzo adaptive
    ncp-disable
    cipher AES-128-CBC
    auth SHA1
    script-security 2
    route-delay 2
    route-up vpnrouting.sh
    route-pre-down vpnrouting.sh
    verb 11
    reneg-sec 0
    ca ca.crt
    auth-user-pass up
    crl-verify crl.pem
    status-version 2
    status status 10
    
    # Custom Configuration
    tls-client
    remote-cert-tls server
    
    and get this:

    Code:
    Jun 13 16:41:23 openvpn[1214]: Restart pause, 5 second(s)
    Jun 13 16:41:28 openvpn[1214]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 13 16:41:28 openvpn[1214]: Re-using SSL/TLS context
    Jun 13 16:41:28 openvpn[1214]: LZO compression initializing
    Jun 13 16:41:28 openvpn[1214]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
    Jun 13 16:41:28 openvpn[1214]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
    Jun 13 16:41:28 openvpn[1214]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
    Jun 13 16:41:28 openvpn[1214]: calc_options_string_link_mtu: link-mtu 1622 -> 1558
    Jun 13 16:41:28 openvpn[1214]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
    Jun 13 16:41:28 openvpn[1214]: calc_options_string_link_mtu: link-mtu 1622 -> 1558
    Jun 13 16:41:28 openvpn[1214]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Jun 13 16:41:28 openvpn[1214]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Jun 13 16:41:28 openvpn[1214]: TCP/UDP: Preserving recently used remote address: [AF_INET]5.63.151.156:1198
    Jun 13 16:41:28 openvpn[1214]: Socket Buffers: R=[122880->122880] S=[122880->122880]
    Jun 13 16:41:28 openvpn[1214]: UDP link local: (not bound)
    Jun 13 16:41:28 openvpn[1214]: UDP link remote: [AF_INET]5.63.151.156:1198
    Jun 13 16:41:28 openvpn[1214]:  event_wait returned 1
    Jun 13 16:41:28 openvpn[1214]: UDP WRITE [14] to [AF_INET]5.63.151.156:1198: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d60685a8 98863361 [ ] pid=0 DATA
    Jun 13 16:41:28 openvpn[1214]: UDP write returned 14
    Jun 13 16:41:29 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:30 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:30 openvpn[1214]:  event_wait returned 1
    Jun 13 16:41:30 openvpn[1214]: UDP WRITE [14] to [AF_INET]5.63.151.156:1198: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d60685a8 98863361 [ ] pid=0 DATA
    Jun 13 16:41:30 openvpn[1214]: UDP write returned 14
    Jun 13 16:41:32 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:33 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:34 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:34 openvpn[1214]:  event_wait returned 1
    Jun 13 16:41:34 openvpn[1214]: UDP WRITE [14] to [AF_INET]5.63.151.156:1198: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d60685a8 98863361 [ ] pid=0 DATA
    Jun 13 16:41:34 openvpn[1214]: UDP write returned 14
    Jun 13 16:41:35 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:36 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:37 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:38 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:40 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:41 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:42 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:42 openvpn[1214]:  event_wait returned 1
    Jun 13 16:41:42 openvpn[1214]: UDP WRITE [14] to [AF_INET]5.63.151.156:1198: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d60685a8 98863361 [ ] pid=0 DATA
    Jun 13 16:41:42 openvpn[1214]: UDP write returned 14
    Jun 13 16:41:43 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:44 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:45 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:47 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:48 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:49 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:50 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:51 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:52 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:53 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:54 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:55 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:56 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:57 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:58 openvpn[1214]:  event_wait returned 0
    Jun 13 16:41:58 openvpn[1214]:  event_wait returned 1
    Jun 13 16:41:58 openvpn[1214]: UDP WRITE [14] to [AF_INET]5.63.151.156:1198: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d60685a8 98863361 [ ] pid=0 DATA
    Jun 13 16:41:58 openvpn[1214]: UDP write returned 14
    Jun 13 16:41:59 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:00 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:01 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:02 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:04 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:05 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:06 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:07 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:08 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:09 dropbear[1256]: Child connection from 192.168.129.64:58186
    Jun 13 16:42:09 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:10 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:12 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:13 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:14 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:15 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:16 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:17 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:18 dropbear[1256]: Password auth succeeded for 'admin' from 192.168.129.64:58186
    Jun 13 16:42:19 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:20 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:21 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:22 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:23 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:24 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:25 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:27 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:28 openvpn[1214]:  event_wait returned 0
    Jun 13 16:42:28 openvpn[1214]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jun 13 16:42:28 openvpn[1214]: TLS Error: TLS handshake failed
    Jun 13 16:42:28 openvpn[1214]: TCP/UDP: Closing socket
    Jun 13 16:42:28 openvpn[1214]: SIGUSR1[soft,tls-error] received, process restarting
    So something isn't quite right, but not sure what's wrong.

    Here's the ovpn file I based this on:

    Code:
    client
    dev tun
    proto udp
    remote 5.63.151.156
    remote 104.238.169.85
    port 1198
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    cipher aes-128-cbc
    auth sha1
    tls-client
    remote-cert-tls server
    auth-user-pass .secret
    comp-lzo
    verb 1
    reneg-sec 0
    crl-verify crl.rsa.2048.pem
    ca ca.rsa.2048.crt
    disable-occ
    
     
  74. slidermike

    slidermike Networkin' Nut Member

    Why don't you just use the built in (gui) for the vpn client and import the ovpn from the provider?
    It works just fine for me and NordVPN.
     
  75. perdrix

    perdrix New Member Member

    That's precisely what I did

    Dave
     
  76. slidermike

    slidermike Networkin' Nut Member

    Looks like your logs are saying the handshake is failing with the provider.
    Jun 13 16:42:28 openvpn[1214]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jun 13 16:42:28 openvpn[1214]: TLS Error: TLS handshake failed

    Assuming the R7000 is your WAN device & not sitting behind another router or FW then you could contact the vpn provider and ask them for assistance TSing the connection.

    Further assuming you imported the current vpn server ovpn file into vpn client #1 on the R7000 then it should work.
     
  77. perdrix

    perdrix New Member Member

    Hmmm it almost looks like the UDP packets aren't getting out (or back in).

    Do I need to open a hole in the firewall for this? If so how do I do that?

    Thanks again, Dave
     
  78. slidermike

    slidermike Networkin' Nut Member

    Unless you have a custom FW config then no you shouldn't have to punch holes.
    You still have not provided screen shots of your VPN client config & explained/diagram of your network.
    Not much more help I can think to give if you don't provide more details.
     
  79. perdrix

    perdrix New Member Member

    Dunno what was wrong, but it's working now!

    Dave
     
  80. slidermike

    slidermike Networkin' Nut Member

    sounds like either your internet provider or the vpn server. Glad its working.
     
  81. perdrix

    perdrix New Member Member

    Two more questions:

    1) How can I configure the VPN client to to use a list of remote hosts rather than just one. If I were building my own config files, i'd just have multiple remote statments and a port statement.

    2) How do I enable VPN policy based routing? I can't find where to do that in the GUI

    Please could you point me in the right direction.

    Thanks
    Dave
     
  82. slidermike

    slidermike Networkin' Nut Member

    As far as I am aware there is no automated method for this but it might be doable manually.
    See if someone else can answer here. Otherwise you might as that question over on the Linksys forum where features for AsusMerlin are extensively covered by Asus router owners.
    From the master himself.
    https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing
     
  83. perdrix

    perdrix New Member Member

    Thanks got policy based routing working ...

    Please could you give me a link to the relevant forum/thread where I can ask about multiple VPN hosts ...

    Thanks, Dave
     
  84. jianlin3062

    jianlin3062 Network Newbie Member

    [​IMG]
    unable to connect,
     
  85. peyton

    peyton Network Guru Member

    You're on Koolshare fw not Xvortex one.

    I don't know what the differents but we can't help you here as we don't know that fw in deep.
     
  86. perdrix

    perdrix New Member Member

    Hmmm Three times in 24 hours is bad news.

    Running 380.66_2. My laptop just lost connectivity to the internet and the router again! Disable/enable of NIC did nothing ("Unidentified Network"), and neither did a reboot of the lappie. Rebooting the router fixed the problem on each occasion. Looking at syslog after the event showed absolutely nothing :(

    Anything I can do to help debug this?
     
    Last edited: Jun 14, 2017
  87. slidermike

    slidermike Networkin' Nut Member

    As Peyton & Cybrnook pointed out to me the other day; did you factory reset AND manual reconfigure after upgrading to the latest code?
    That's your next step if you have not.
     
  88. perdrix

    perdrix New Member Member

    If that's addressed to me - this was a fresh install on a router with Netgear firmware
     
  89. slidermike

    slidermike Networkin' Nut Member

    Yes it was to you.
    I fall back to my questions from the day.
    Are all clients on 5ghz disconnecting or just the one?
    What channel are you using?
    Have you tried changing channels?

    If its just one client, then its more likely client specific issue.
    Check for newer drivers for the client wifi card.
    Check clients wifi settings and adjust as necessary.

    Your not giving enough info to work on.
    A vague "my pc disconnects from the 5ghz after install the router firmware" is way too loose on real details of your situation for informed assistance.
     
  90. perdrix

    perdrix New Member Member

    ALL the machines on the network are losing connection to the router. Where the machines have both wired and wireless interfaces, neither can communicate. I can only re-establish connections by rebooting the router.

    The LEDs on the router look just like they do when everything is working (Power and all three wireless LEDS on, WAN and LAN Leds flashing).
     
  91. slidermike

    slidermike Networkin' Nut Member

    Have you reviewed the router logs to see if the router is telling you something?
    How about accessing the router gui; if you can, what are you seeing for the WAN & WiFi status?
    If your wired clients also aren't getting access to the WAN/Internet/VPN then it could be the router/modem/Internet.

    That's why you have to TS from the edge device hop by hop and see where the connectivity fails.
    If the wires lan devices are all able to see other wired lan devices but no internet then its not a lan issue.
    Have to look next at the router for its wan/vpn connection status and so on.
     
  92. perdrix

    perdrix New Member Member

    There was NOTHING in the router's syslog - I couldn't access the router GUI in this condition at all. Connectivity to other devices on the LAN - will recheck next time it happens. Windows DHCP clients went to "Unidentified Network" condition :(

    More information:

    1) Was running overclocked at 1400,800 and have backed that off to 1300,800 to see if that helped.

    2) It just happened again, this time, the only LEDs that were on were the POWER and WAN LEDS, both steady and amber in colour. Does that indicate something useful?

    Dave
     
    Last edited: Jun 14, 2017
  93. Almighty1

    Almighty1 Serious Server Member

    I didn't even know koolshare exists but it seems to be XWRT hacked for other routers as it's based on XWRT.
     
  94. Makaveli

    Makaveli Networkin' Nut Member

    How about leaving it at stock for a couple hours to see if the issue is due to the overclock.
     
    Last edited: Jun 15, 2017
    Clark Griswald and slidermike like this.
  95. peyton

    peyton Network Guru Member

    As the picture said, they added some others options (I don't know what exactly) and a software center. It's seems that 7.5 is still a beta version.
     
    Almighty1 likes this.
  96. rok999

    rok999 New Member Member

    No issues here on my stock R7000 with AT&T gigapower. On AT&Ts speedtest server I consistently pull 950/950 speeds. The Xwrt-Vortex firmware is amazing. I actually bypass the AT&T user provided RG and connect via a vlan to the ONT.
     
    slidermike likes this.
  97. slidermike

    slidermike Networkin' Nut Member

    rok,
    Thank you for sharing your experience.
    Care to explain if that is IPv4 or IPv6?
    Always nice to hear how the router is configured & operating at max speeds.
     
  98. Almighty1

    Almighty1 Serious Server Member

    You're right, I wasn't even paying attention to the features other than it's in Chinese except it seems like they added the stuff that XVortex removed because of the copyright issue. Makes you wonder what version of XWRT the v7.5 is actually based on.
     
  99. perdrix

    perdrix New Member Member

    I clocked it back down to 1200,800, and it's now as happy as Larry!!! Clearly this one (unlike some others) isn't happy to run a over 1.2GHz.

    Thanks all
    Dave
     
  100. Makaveli

    Makaveli Networkin' Nut Member

    I'm also at 1.2Ghz didn't see the need to go higher and stability is most important in a router for me than max throughput.

    I had a feeling you would be OK once you down-clocked it.

    Congrats.

    Still waiting for Rok to respond but from some of the older post i've found on DSL reports(2015)

    https://www.dslreports.com/forum/r30371386-Gigapower-and-IPv6

    ATT isn't using a Native IPv6 but 6rd Tunnel.

    Not sure if this has changed in 2017?
     

Share This Page