Asuswrt-Merlin on Netgear R7000

Discussion in 'Other Firmware Projects' started by XVortex, Mar 27, 2015.

  1. Frank2

    Frank2 Networkin' Nut Member

    Mak,
    are you running it vanilla and it uses more RAM and CPU? What services are you running?
     
  2. Makaveli

    Makaveli Networkin' Nut Member

    Using Custom scripts.

    AB-Solution
    Pixelserv tls
    Skynet
    AMTM

    Not using
    QOS
    AI Protection
    VPN
     
  3. juched

    juched Serious Server Member

    Upgraded to 384.5 today. Did an NVRAM reset and manually set everything up again.

    I started noticing "br0: received packet on eth2 with own address as source address" over and over again in the syslog.

    I used nvram set to change the eth0macaddr and others but it still appeared.

    Then I realized that my guest network setup is using the same MAC as my 5ghz network. I disabled the guest wifi and the messages stopped.

    So, I enabled the second guest network (second column, not first) and it uses a number 1 higher than my 5Ghz one.

    Seems there is a bug here... maybe with Merlin build, or maybe here only. Seems Guest network just adds 1 to the MAC for each guest network. This means it will conflict with the 5ghz network which does the same.
     
    phalkon30 likes this.
  4. Terijan01

    Terijan01 Network Newbie Member

    I have to admit this FW version 384.5 is useless. Busybox is completely riped off. Only a few applets left.
    I am a linux guy - I don't need fancy Web GUI.
    You guys make FW useless and then expect some donations...
    I am sorry, but it don't works that way.
    Its time to move to other custom FW that offers serious functionality and flexibility: I don't need this kindergarden ...
     
    Last edited: May 15, 2018
  5. SignedAdam

    SignedAdam Serious Server Member

    Doesn’t look like you’ve been here long, so I don’t see how you can complain, SSH is much better than telnet, you can do everything you did with telnet, with SSH unless you use some outdated program that uses it, what if telnet can be accessed from the wan, or some random user connecting to your network, I would prefer my router is secure rather than some extra outdated feature
     
  6. Makaveli

    Makaveli Networkin' Nut Member

    This response leads me to believe you don't understand how this process works.

    "You guys make FW useless and then expect some donations..."

    This is a port of merlin's firmware he decides whats features to add and pull from it.

    No one is forcing you to use this.

    To me it sounds like you need build a Linux Firewall/Router from a spare PC then you can customize it to your own liking.
     
    Last edited: May 15, 2018
    SignedAdam and slidermike like this.
  7. miroco

    miroco Reformed Router Member

    A follow up on my findings concerning activation of AiMesh

    Still no groundbreaking news.

    I've probably used and/or tested every 3rd party firmware out there at one time or another on these routers. Adding AiMesh to the mix I came to the conclusion that it was about time to make an nvram erase "mtd-erase2 nvram". As a Mac user, nvram needs (at least needed) to be erased from time to time. After the reset and subsequent fresh reboot, I decided to dump the nvram content "nvram show > nvram.txt" and have look at it.

    These are the things that first attracted my attention.

    There are a couple of mac address oddities going on. First off there is the mac address ranges derived from the addresses on the stickers on the bottom of the routers themselves, E4:F4:C6:XX:YY:ZZ and DC:EF:09:XX:YY:ZZ. Then there are these very similar ranges, E6:F4:C6:XX:YY:ZZ and DE:EF:09:XX:YY:ZZ. The E4:F4:C6:XX:YY:ZZ and DC:EF:09:XX:YY:ZZ ranges occur 9 times, the E6:F4:C6:XX:YY:ZZ and DE:EF:09:XX:YY:ZZ ranges occur 30 times. Except for the second character (4 -> 6) and (C -> E) in the first pair they then follow the same structure. The vendor id of ranges E4:F4:C6:XX:YY:ZZ and DC:EF:09:XX:YY:ZZ is Netgear. The vendor id of ranges E6:F4:C6:XX:YY:ZZ and DE:EF:09:XX:YY:ZZ drew a blank - No Vendor.

    The "wan0_gw_mac=0C:A4:02:XX:YY:ZZ" address is another oddity, since it's a completely different range and identical to both routers and the vendor id show up as "Alcatel Lucient IPD".

    There are also a number of Asus references in nvram, like RT-AC68U (2) and Asus (9). Why that is I don't know, other than the obvious origin of the FW.

    I'm on XVortex custom CFE 1.0.2.2 with Asus mac address scheme.

    http://www.linksysinfo.org/index.ph...lin-on-netgear-r7000.71108/page-6#post-261543

    https://www.snbforums.com/threads/b...ta-is-now-available.46352/page-12#post-403882
     

    Attached Files:

    Last edited: May 16, 2018
  8. jerrm

    jerrm Network Guru Member

    deleted. error.
     
  9. SignedAdam

    SignedAdam Serious Server Member

    Success! GT-AC5300 and R7000 in AiMesh

    :D:D:D:D:D:D:D
     
    Last edited: May 16, 2018
    Almighty1, kalpik and slidermike like this.
  10. miroco

    miroco Reformed Router Member

    SignedAdam likes this.
  11. SignedAdam

    SignedAdam Serious Server Member

    AiMesh Beta Guide 1.0

    * Some images in this guide may not show up till you login

    GT-AC5300 Firmware Version : 3.0.0.4.384_20648
    R7000 Firmware Version : 384.5
    R7000 Bootloader (CFE) 1.0.2.1 HW acceleration - Enabled (CTF only)

    1st of all we need to make sure the R7000 is at 100% stock settings
    I like to do this by holding the reset button at the back for 15 seconds, letting go and after the lights go out press and hold the last button on the R7000 (WPS button) then let go

    tell windows to forget the NETGEAR_5G and or NETGEAR network, so it doesnt reconnect,
    next connect to your Asus router by ethernet or wifi, ethernet is highly recommended as the AiMesh is highly unstable too begin with

    [​IMG]

    go to the asus router login page :
    192.168.1.1
    or router.asus.com
    or whatever yours is

    go to Advanced - Wireless - General

    * Make sure Smart connect is disabled/OFF

    * Make sure all 3 bands / SSID's have their own name, "Example_60_2G Example_60_5G Example_60_5G_Gaming"

    - Where Example is, replace with SSID name

    * Use WPA2-Personal as Authentication Method

    * go to WPS and make sure this is enabled (I don't like that you have to have this enabled as it's a security risk, but this is how asus has made it) - 100% required

    ALL * are required
    ALL - are Optional

    [​IMG]


    [​IMG]

    next go to the networking map, and press the AiMesh Node button
    next press scan

    [​IMG]

    press the R7000 that should appear!

    [​IMG]

    next press apply

    [​IMG]

    then r7000 should receive the WPS code and reboot at 2 to 5%

    [​IMG]

    then r7000 will reboot again 35% (I believe it receives what the network SSID names are plus what channel they are on and so on)

    45reboot.PNG

    then on the second start up, the R7000 should stay on, no more reboots!
    press the ok button on successfully added R7000 (if you now go to Wireless - WPS) you should see a success message and 192.168.1.96 should redirect you to your routers logon page

    added.PNG

    Like I said near the beginning, to start with the connection to your network, will be unsable for the 1st few minutes

    addedbutwait.PNG

    if your R7000 is rebooting again and again this means your wifi settings are wrong on the AiMesh ASUS Router, (DO NOT USE SMART CONNECT)
    if your R7000 is rebooting repeatedly turn it off, press and hold the last button on the r7000 (WPS button, till the power light flashs orange, then let go) remove the R7000 from the AiMesh ASUS Router and try again

    192.168.1.96/Main_Login.asp is the same login as the asus router but redirects every time you login... joy, so no logs

    redrirect.PNG

    Heres the logs on the ASUS Router :

    Code:
    May 16 15:26:37 rc_service: cfg_server 1021:notify_rc start_wps_method
    May 16 15:27:41 kernel: wfd_registerdevice Successfully registered dev wds0.0.12 ifidx 1 wfd_idx 0
    May 16 15:27:41 kernel: Register interface [wds0.0.12]  MAC: b1:XX:XX:XX:XX:XX
    May 16 15:27:42 roamast: eth6: add client [C1:XX:XX:XX:XX:XX] to monitor list
    May 16 15:28:04 kernel: wfd_unregisterdevice Successfully unregistered ifidx 1 wfd_idx 0
    May 16 15:28:47 kernel: wfd_registerdevice Successfully registered dev wds0.0.12 ifidx 1 wfd_idx 0
    May 16 15:28:47 kernel: Register interface [wds0.0.12]  MAC: b1:XX:XX:XX:XX:XX
    May 16 15:28:47 roamast: eth6: add client [C1:XX:XX:XX:XX:XX] to monitor list
    May 16 15:28:49 kernel: wfd_registerdevice Successfully registered dev wds2.0.1 ifidx 1 wfd_idx 2
    May 16 15:28:49 kernel: Register interface [wds2.0.1]  MAC: b0:xx:xx:xx:xx:xx
    May 16 15:28:53 roamast: eth8: add client [c4:xx:xx:xx:xx:xx] to monitor list
    May 16 15:29:56 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -50dbm) for weak signal strength client [7A:XX:XX:XX:XX:XX](rssi: -56dbm)
    May 16 15:29:56 roamast: eth6: disconnect weak signal strength station [7A:XX:XX:XX:XX:XX]
    May 16 15:29:56 roamast: eth6: remove client [7A:XX:XX:XX:XX:XX] from monitor list
    May 16 15:30:06 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -49dbm) for weak signal strength client [DC:XX:XX:XX:XX:XX](rssi: -62dbm)
    May 16 15:30:06 roamast: eth6: disconnect weak signal strength station [dc:xx:xx:xx:xx:xx]
    May 16 15:30:06 roamast: eth6: remove client [dc:xx:xx:xx:xx:xx] from monitor list
    May 16 15:40:46 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -56dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -60dbm)
    May 16 15:40:46 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:42:26 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -56dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -63dbm)
    May 16 15:42:26 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:42:36 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -55dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -62dbm)
    May 16 15:42:36 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:43:21 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -60dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -64dbm)
    May 16 15:43:21 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:43:46 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -56dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -60dbm)
    May 16 15:43:46 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:44:11 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -55dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -61dbm)
    May 16 15:44:11 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:45:36 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -55dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -60dbm)
    May 16 15:45:36 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:46:46 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -60dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -68dbm)
    May 16 15:46:46 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:46:51 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -62dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -67dbm)
    May 16 15:46:51 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:55:51 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -60dbm) for weak signal strength client [09:XX:XX:XX:XX:XX](rssi: -64dbm)
    May 16 15:55:51 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:56:21 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -55dbm) for weak signal strength client [09:XX:XX:XX:XX:XX](rssi: -65dbm)
    May 16 15:56:21 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:58:26 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -58dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -68dbm)
    May 16 15:58:26 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
    May 16 15:58:36 roamast: discover candidate node [C1:XX:XX:XX:XX:XX](rssi: -59dbm) for weak signal strength client [A9:XX:XX:XX:XX:XX](rssi: -65dbm)
    May 16 15:58:36 roamast: roaming reject!!! candidate rssi over threshold(-55dbm)
     
    Last edited: May 18, 2018
    KingP1n, Stimpy88, slidermike and 2 others like this.
  12. SignedAdam

    SignedAdam Serious Server Member

    Errr! also later today :cool:

    IMG_0617.JPG IMG_0619.JPG IMG_0620.JPG IMG_0621.JPG burnin.PNG

    Just because! well! I can :cool:
    if you guys think your b@lls are as big as mine, follow this guide :
    https://www.dd-wrt.com/phpBB2/viewtopic.php?t=278827
    I used Xr-m from http://www.osco.uk.com/products/thermal-materialon on my R7000, free sample of 1mm and 2mm, very kind of them even though they have stopped giving out free samples now
    I'm sure it gos without saying
    AT YOUR OWN RISK!
    but I did see temps drop by 12c

    As you can see I ran the R7000 up to 100% with some Linux commands in BASH, after and even did a little 400mhz OC, which I will be dropping back to stock, you can see I ran it so hard in to the ground, the main page couldn't load, maha! its alive
     
    Last edited: May 19, 2018
    slidermike and Makaveli like this.
  13. Makaveli

    Makaveli Networkin' Nut Member

    That is a nice drop in temps.

    I however prefer a laptop cooling pad less work and I get lower temps :)

    Clocked at 1.2Ghz 24/7

    I may still consider doing that on a day I'm bored.

    [​IMG]

    Stock Temps @ 1Ghz


    [​IMG]

    Cooling Pad @ 1.2Ghz

    [​IMG]
     
    Last edited: May 17, 2018
    Onee-chan, slidermike and SignedAdam like this.
  14. Onee-chan

    Onee-chan Network Newbie Member

    [​IMG]
     
    SignedAdam likes this.
  15. SignedAdam

    SignedAdam Serious Server Member

    if im honest, the firmware @XVortex and his friend has made (xwrt firmware), for the R7000 seems to be less glitchy than the ASUS router firmware! on the GT-AC5300 :eek: THAT ASUS THEM SELFS MADE!
     
    Last edited: May 17, 2018
  16. pege63

    pege63 Reformed Router Member

    I have tried 10 times now to update the router with the latest 384.5_0, but without any luck.
    I have restet the router before update, i have get back to stock, Tried 5 different browsers, have tried 4 live CD and Linux live CD, but no luck. I have manage do upload the file but after reboot i says the same firmware as before flash. And yes i have Cleared the browser cache, i need suggestions to mange it and to make it happend!?
     
  17. Terijan01

    Terijan01 Network Newbie Member

    I assume you have corrupted settings that do not allows you to upgrade.
    Try this: install XWRT 384.5_0 from stock FW (V1.0.9.26_10.2.31).

    *after you install stock FW (V1.0.9.26_10.2.31) - you will bump into this issue directly and you will be forced to fix it.
     
  18. pege63

    pege63 Reformed Router Member

    I manage it now i went back to 380.66 after that i update to 380.70 then to 384.5_0 and success.
     
  19. Makaveli

    Makaveli Networkin' Nut Member

    Merlin's firmware is better than stock asus so I 100% agree with you here.
     
    SignedAdam likes this.
  20. GDT78

    GDT78 Serious Server Member

    I overclocked @1.2Ghz too but I haven't so high temperature, I got around 64°C without doing anything like cooling pads or replacing thermal compound.
     
  21. Makaveli

    Makaveli Networkin' Nut Member

    Remember with temps location and ambient temps are important.

    When I took the stock screenshot the router was in a room with no AC and it was Summer.

    Comparing temps can be apple vs oranges without the rest of the information.
     
    Last edited: May 17, 2018
    SignedAdam likes this.
  22. SignedAdam

    SignedAdam Serious Server Member

    Right i've pretty much tried everything but "Factory defaulting" the GT-AC5300, I've tried disabling the "Example_60_5G_Gaming" and then adding the R7000 AiMesh Node, however after adding the R7000 AiMesh Node I see a "Example_60_5G_Gaming" appear, which is the Node, ive tried it all again but hiding the "Example_60_5G_Gaming" but the same thing happens time and time again, why would anyone want the SSID for their "Example_60_5G_Gaming" broadcasted by their Node, ping times are higher as its got A-MAN-IN-THE-MIDDLE :rolleyes:

    So I need help guys, how do I just have "Example_60_2G and Example_60_5G" rebroadcasted instead of "Example_60_2G and Example_60_5G_Gaming" :mad: Their doesn't seem to be any options offering what SSID's to rebroadcast,

    * The reason why i'm going on about Factory defaulting the GT-AC5300 is because when I 1st added the R7000 AiMesh Node, it did do just that, it rebroadcasted "Example_60_2G and Example_60_5G", now either im going cr@zy and it didn't happen or ASUS buggy firmware on the GT-AC5300 is driving me Cr@zy

    This is how buggy the GT-AC5300 is :

    devices not showing on whos connected to the GT-AC5300 and just showing a few, if you enable game boost (QOS) and choose what devices are prioritised the log files show lots of errors and the GT-AC5300 LOCKS UP, you press the reboot button and nothing happens, you even hold the reset button AT the back of it, the light flashs, then gos out but the router stays on! I love the hardware of the GT-AC5300 along with the pretty red UI, but its not fit for purpose from what ive seen, I'm thinking about pulling the R7000 down from the roof, and sending it back lol, that's how bad it is, its been out for 6 months... :mad: and has bugs like this in it
    Here's the error message from the RT-AC5300 when QOS is on in game boost mode and you prioritise one device, (even pressing apply after dragging the red on to a device, has a problem, after pressing apple, the UI stops, nothing loads, then after 20 seconds things come back to life) the logs just go on forever, never ending like this, try finding a log in endless this
    Code:
    May 17 21:17:21 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
    May 17 21:17:21 kernel: ioctl_iqos_op_config() fail!
    May 17 21:17:21 kernel: ERR[qos_start:3350] qos_conf is not already!
    May 17 21:17:21 kernel: ioctl_iqos_op_switch(1) fail!
    May 17 21:17:24 kernel: ERR[__parse_app_rule:575] Failed to parse app rule catid value
    May 17 21:17:24 kernel: ERR[parse_qos_conf:1038] Invalid config syntax at line 22.
    May 17 21:17:24 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
    May 17 21:17:24 kernel: ioctl_iqos_op_config() fail!
    May 17 21:17:24 kernel: ERR[qos_start:3350] qos_conf is not already!
    May 17 21:17:24 kernel: ioctl_iqos_op_switch(1) fail!
    May 17 21:17:27 kernel: ERR[__parse_app_rule:575] Failed to parse app rule catid value
    May 17 21:17:27 kernel: ERR[parse_qos_conf:1038] Invalid config syntax at line 22.
    May 17 21:17:27 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
    May 17 21:17:27 kernel: ioctl_iqos_op_config() fail!
    May 17 21:17:27 kernel: ERR[qos_start:3350] qos_conf is not already!
    May 17 21:17:27 kernel: ioctl_iqos_op_switch(1) fail!
    May 17 21:17:30 kernel: ERR[__parse_app_rule:575] Failed to parse app rule catid value
    May 17 21:17:30 kernel: ERR[parse_qos_conf:1038] Invalid config syntax at line 22.
    May 17 21:17:30 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
    May 17 21:17:30 kernel: ioctl_iqos_op_config() fail!
    May 17 21:17:30 kernel: ERR[qos_start:3350] qos_conf is not already!
    May 17 21:17:30 kernel: ioctl_iqos_op_switch(1) fail!
     
    Last edited: May 17, 2018
  23. SignedAdam

    SignedAdam Serious Server Member

    Update AiMesh Beta Guide 2.0 didn't work so the Guilde is back to 1.0

    my solution, didn't work :

    Once WPS is turned off, a special connection between the AiMesh Asus router and the AiMesh R7000 node is lost, and not even turning it back on will fix the issues that come with turning it off, for some reason, the AiMesh ASUS Router can not update the AiMesh R7000 Node with what channel it need to work on, it also doesnt help that the R7000 AiMesh Node, keeps dropping the connection for all devices on it, my guess is, this is what it does when it thinks your in range of the AiMesh ASUS router, :rolleyes: however after turning off the WPS it seems to want to disconnect all devices permanently, like i said not even turning it back on can bring back the connection it had, you have to remove it from your network, and then add it back again!!

    hopefully ASUS will update the AiMesh system with the ability to choose what band you want to rebroadcast
     
    Last edited: May 18, 2018
  24. slidermike

    slidermike Addicted to LI Member

    I wish you luck SA.
    We have seen in the past that features you might expect to work dont and getting a timely fix from Asus is hit/miss. Take traditional QoS as an example.
    It has been broken and known to be broken for at least a year if not longer. It was just fixed or at least reported as fixed in the latest release.

    Would be nice to have all or at least the big features working.
     
    SignedAdam and Makaveli like this.
  25. miroco

    miroco Reformed Router Member

    The functionality "Smart Connect" probably plays an important role in combination with AiMesh, but there is no mentioning of it in the Asus AiMesh setup guide. A test of AiMesh carried out by Singapore Hardware Zone involved "Smart Connect". They activated "Smart Connect" at the outset of their test, letting the routers manage themselves. The complexity of a dynamic environment like wireless, has everything to gain from an autonomous management. Wireless is unpredictable as it is. With AiMesh the complexity takes an exponential leap. Wireless is like the weather, the difference with wireless is that it sometimes also "rain" indoors. Maybe "Smart Connect" is the secret sauce to AiMesh (or WDS take 2).

    Asuswrt-Merlin unfortunately lack the "Smart Connect" feature on the RT-AC68U and consequently so does Xwrt-Vortex. With the R7000, it seems unlikely that it should assume the central managing role of the AiMesh router without "Smart Connect". A node, yes, but pair it with what? "Just like it's not advised going back and forth between Asuswrt-Merlin and Asuswrt without a factory default reset, having an Asuswrt-Merlin router trying to access and modify settings to a non-Asuswrt-Merlin firmware will lead to problems."* There's a request over at SNB petitioning "Smart Connect" for the Asus AC1900 range routers. Maybe XVortex could backport "Smart Connect" to Xwrt-Vortex?

    https://images-na.ssl-images-amazon.com/images/I/A1kBHyTa5TL.pdf
    https://www.hardwarezone.com.sg/fea...networking-feature/performance-final-thoughts
    https://www.snbforums.com/threads/smart-connect.44733/
    https://www.snbforums.com/threads/rt-ac68u-rt-ac68p-rt-ac1900-rt-ac1900p.35759/
    * https://www.snbforums.com/threads/b...ta-is-now-available.46352/page-12#post-403882
     
    SignedAdam likes this.
  26. SignedAdam

    SignedAdam Serious Server Member

    @miroco - AiMesh works fine as long as you keep WDS on, as soon as you switch it off, problems come, like it wanting to kick devices off the node all the time

    Agreed, smart connect on the R7000 might give better compatibility with AiMesh, the problem is, that smart connect is a extra feature, meaning not only does it need to be integrated in to the router mode of R7000 but the AiMesh mode as well, I should think the AiMesh mode would need more work than the router side, because it’s so different

    Did you get it to work between two R7000 ?
     
  27. SignedAdam

    SignedAdam Serious Server Member

    :D Just been on the phone with Netgear, doesn't look like mesh networking support will be coming to the R7000 which should make this firmware famous, it's obvious that the R7000 can do it, it's just the matter of netgear letting it do that, which would lose them money as they want you to buy their new mesh routers, so looks like my stay on XWRT is going to be a long one after all @XVortex :cool: and ASUS,
     
    Last edited: May 19, 2018
    Makaveli likes this.
  28. miroco

    miroco Reformed Router Member

    @SignedAdam

    No, unfortunately not.

    Presently I've run out of ideas.

    In the beginning of the process the WPS-led flashes rapidly on both router for a few seconds. The at 7 % the node reboots. At about 26 % the node is back up again and the process seems to continue. When the progress indicator reaches 60 %, the process fails. It completes 100 % very quickly and a splashscreen appear: "Unable to add AiMesh node R7000 (DC:EF:09:XX:YY:ZZ) to your AiMesh system because of following situations. Please check and try it again." Att the same time the node reboots.
     
    SignedAdam likes this.
  29. SignedAdam

    SignedAdam Serious Server Member

    @miroco - I would try changing some of the wifi settings, turning things on and off like i did with smart connect
     
  30. miroco

    miroco Reformed Router Member

    @SignedAdam

    The setup fail even the bare minimum settings. After a reset I leave the node as it is, on without any configuration what so ever. I do the same thing with router, with the following exceptions: choosing router as the operation mode, configuring the WiFi settings, entering a username and password. Just to satisfy the setup guide basically and finally I enable AiMesh (Tools -> Other Settings). As far as I can tell, all is then set to initiate the AiMesh configuration.

    I forgot to mention that I tried the setup with the 5 GHz radio disabled. I also increased the distance between the units, to about 4 times the recommended distance. They all failed and as far as I can tell, they failed for the same reason as with all the other attempts.

    I found this list of observations compiled by a user over at the SNB-forum. I thought it might give you some ideas as his hardware setup is similar to yours.

    https://www.snbforums.com/threads/my-bucket-list-suggestions-observations-for-aimesh.45438/

    XVortex mentioned two ways of enabling AiMesh. One is through the settings (Tools -> Other Settings) and the other is via nvram directly. My thought was that that nvram setting could perhaps work even on Asuswrt-Merlin. If so, your GT-AC5300 and your R7000 could potentially be running Merlin firmware with AiMesh enabled. Anyway, it's just a thought.
     

    Attached Files:

    SignedAdam likes this.
  31. SignedAdam

    SignedAdam Serious Server Member

    @miroco - I don't believe enabling AiMesh in (Tools -> Other Settings) Asus features, ever worked for me, just restore the R7000 to default settings, dont connect to it, dont do anything to it, leave it as is, then on the other device seach for AiMesh devices and it should find it

    * Ill do some more testing my end but I think, if you press enable in (Tools -> Other Settings) Asus features, it will fail everytime, it failed for me when testing that route, i might be wrong so ill do some more testing taking that route, from my experience you just need to restore the thing to default settings and it 100% works from that point on wards
     
  32. miroco

    miroco Reformed Router Member

    @SignedAdam

    Our respective conditions differ. You have a GT-AC5300 with official Asuswrt and native AiMesh support and an R7000 with Xwrt-Vortex. I have two R7000 with Xwrt-Vortex. I don't see how I could initiate the pairing process without first enabling AiMesh on at least one of the devices?

    I gave it another go today with a couple of new ideas. Instead of enabling AiMesh via Tools -> Other Settings I did it via nvram. It shouldn't make any difference and as predicted it didn't. I also tried with an open WiFi connection (no security) on the router. That didn't help ether. That's more interesting since it would indicate that the security settings are not the root cause of the failure to complete the process, up until 60 % that is. Its never passed beyond 60 % ever.
     
    SignedAdam likes this.
  33. SignedAdam

    SignedAdam Serious Server Member

    I can confirm enabling AiMesh in (Tools -> Other Settings) Asus features, works! when setting the R7000 up as a node for the GT-AC5300, however setting the GT-AC5300 up as the node doesn't work, when the R7000 is the AiMesh router

    * my guess is the node is reading something from the routers wifi (wifi mac address or hardware id of the wifi) knows its not asus hardware and stop the connection or the r7000 doesn't support something in AiMesh router mode,
     
    KingP1n likes this.
  34. Stimpy88

    Stimpy88 Connected Client Member

    This is no surprise to any Netgear customer, as Netgear simply cannot write or bug test firmware, and from a marketing perspective, they will never update a legacy product with a major new feature, let alone a relatively minor feature, like jumbo frame support etc...

    I will never buy a Netgear router again, unless there is a good 3rd party firmware for it. They don't make the hardware either, as thats just a reference design, mostly with very minor tweaks, if any.
     
    SignedAdam likes this.
  35. SignedAdam

    SignedAdam Serious Server Member

    @Stimpy88 - I will defend netgear though, their hardware warranty service, is amazing! best in the business! unless it's expired! they sent you out new replacements, not refurbished, brand new, and you can even get free postage if you have time to argue with them (about you, shouldn't have to pay postage on something that should be working) ASUS on the other hand, argue that their warranty is all with the retailer! that they wont replace it! :eek: and yes netgear charge for phone support, but at least they try to help you, with remote sessions and not closing your cases, ASUS haven't even bothered to look at my bug reports of their firmware, they have just closed the cases, no wonder the firmware isn't being fixed, I brought the GT-AC5300 because I love the UI and how many features it has, it looks amazing, just like xwrt, but boy do I regret it now, I doubt my retailer will uphold ASUS 3 year warranty :mad:
     
    Stimpy88 likes this.
  36. miroco

    miroco Reformed Router Member

    @SignedAdam

    I've run out of ideas. I'll put the project on hold for the time being. Maybe new insight or code (or both) can give it new momentum.
     
    Makaveli and SignedAdam like this.
  37. Makaveli

    Makaveli Networkin' Nut Member

    Great troubleshooting and testing by both of you it has not gone unnoticed :)
     
    miroco and SignedAdam like this.
  38. miroco

    miroco Reformed Router Member

    I gave Wireshark a go since a log on the node (if any) will be destroyed when the device reboots at the end of the failed pairing process. This is my first experience with Wireshark. I tried one run recording network activity from the LAN-port of the router and another run on the node. I got a lot of chatter. It's difficult for untrained eye to decide what is important and what is not. I don't feel comfortable in publishing the results since they also contain personal data. If somebody feels like replicating my test, we could share specific results. Another idea is if someone could sugest how to run Wireshark and advice what to look for amongst the results.

    A line that showed up frequently was "Spanning Tree Protocol".
     
  39. slidermike

    slidermike Addicted to LI Member

    miroco,
    what do you think or hope to find by running a wireshark packet capture on the lan?
    I mean capturing for capturing is all well and good but you sort of have to be looking for something specific.
    Otherwise you just have a lot of captured packet data.

    As for the STP, thats a normal lan technology.
     
  40. miroco

    miroco Reformed Router Member

    @slidermike

    Later in bed I realised that I should have done it over WiFi instead of Lan. Call it a last-ditch effort. I was looking for something that stood out. As I mentioned in my previous post, it's the first time I used Wireshark or any other packed sniffer for that matter. There's not going to be a log from the failed node. It starts its run reseted and ends with a reboot. Since its destroyed at the end of the failed setup, maybe the activity going on between the two devices during the setup process could be captured live. That's why I came to think about a packet sniffer.

    I only mentioned STP since I remember it from trying to set up WDS using dd-wrt. It appears that Mesh also take advantage of STP.

    https://www.dd-wrt.com/wiki/index.php/STP
     
  41. SignedAdam

    SignedAdam Serious Server Member

    @miroco - The only way I see it working on both your R7000 is if someone fixes it at firmware level, which is out of our ability,

    Talking about the R7000 and the GT-AC5300 it's been working great, almost faultless, I say almost because I have seen some drops here and there, other than the odd drop, i've seen successful switching from the Router GT-AC5300 AiMesh, to the R7000 AiMesh Node using an IPhone with out dropping out (disconnecting), i've also seen successful switching the other way around, so going from the router back to the node, however drop outs are more likey to happen on the way back to the router from the node, it's been successful on both the 2.4 GHz band and the 5-2 GHz band, I would like it to work with 5-1 GHz band only, but as long as it works, winner winner chicken dinner, right ? anyone else a KFC fan ? :D
     
    Last edited: May 22, 2018
  42. Stimpy88

    Stimpy88 Connected Client Member

    I agree with what your saying. However I have had mixed experiences with their support. They usually don't know much, and I had to speak to 3 technicians until I found one that understood what Jumbo Frame support was, and why it is beneficial to NAS users on a Gigabit LAN. But it was a fruitless exercise anyway. Another problem was with random reboots and they did not know how to go back to an earlier version of the firmware... Basic stuff really...

    But regarding hardware support, its non existent in most of the EU, and Netgear usually insist you deal with the retailer. So I guess it's down to which country you live in, as to what level of support you will receive from them. I can certainly imagine that ASUS is worse for support, both hardware and software. But these Routers are nearly all reference designs, so you just have to do lots of homework when you decide to buy one.

    But on a different subject, thats for your work into getting AiMesh to work, and sharing your experiences with us!
     
  43. miroco

    miroco Reformed Router Member

    @SignedAdam

    That was a surprise, I thought that your initial success with AiMesh was short lived and that was it. Can you share the logs? I was hoping that the negotiating process between the two devices during setup could reveal how they fuse into one logical device.
     
  44. SignedAdam

    SignedAdam Serious Server Member

    @miroco
    The logs can be found at the bottom of the (AiMesh How to guide)

    My short lived success, was getting the 5-1 GHz band to be the one rebroadcasted by the AiMesh, I did that by calling both the 5-1 GHz band and the 5-2 GHz band the same name on the AiMesh router then turning off WPS, (which you should never do) then changing the name to a different one for the 5-2 GHz band, however all devices connected to the AiMesh wouldn’t stop disconnecting every 15 seconds, this was caused by turning off WPS, WPS had to be turned off otherwise the AiMesh would change the name of the 5-1 GHz band to the same as the 5-2 GHz band on the AiMesh router

    The AiMesh between the R7000 and the GT-AC5300 is so good you can turn off both devices and it all reconnects again after it’s turned on

    @Stimpy88 - I live in the EU (UK) netgears hardware replacement services is better than any other manufacturer I have dealed with

    @everyone if it wasn’t for @XVortex and his friend, none of this would be possible, I love the fact that the R7000 can be used as a mesh node, because this is proof that their are no hardware limitations for this to work, so it’s proof that as consumers we are all being ripped off in to buying new mesh hardware, because of this project I’m able to make use of my old R7000 and link it in a mesh with my new hardware
     
    Last edited: May 30, 2018
    KingP1n and Stimpy88 like this.
  45. jokerigno

    jokerigno Network Newbie Member

    Hi all,

    I have a question that may be considered stupid..

    I have many webservers running on my DSM NAS (plex, sonarr, radarr etc). Those applications are also exposed on the internet (with a psw) so i can see and manage my media at work.

    When I'm at home I have a URL like 192.168.1.1:32400 while from the outside it appears like plex.mydomain.it (I have a static ip, and a reverse proxy running on the DSM).

    So my question is: there's a way to use the same url (for example plex.mydomain.it) inside and outside my lan? So my wife can bookmark only one link that will be available wherever she is.

    Thank you in advance
     
  46. David1

    David1 Reformed Router Member

    you could try this, you need to be using the r7000 as a dns server and not googles or any other server

    ssh into the router

    nano /jffs/configs/dnsmasq.conf.add

    add the following

    address=/plex.mydomain.it/192.168.1.1

    save and reboot, now when u ping plex.mydomain.it it will resolve to your local ip
     
  47. miroco

    miroco Reformed Router Member

    @SignedAdam

    Disabling WPS on an R7000 and using it as an AiMesh router won't work. WPS is an integral part of the AiMesh functionality. However, it seems as if the extra 5 GHz radio (so to speak) on the GT-AC5300 let you get away with it. It's odd, since it's not supposed to be set up that way. Are there no ill effects? If not, great. This functionality is probably still only half baked. Merlin hasn't enabled it in his firmware yet, probably for good reason. But I haven't given up hope on it yet. It's tempting to follow your example and buy a brand spanking new AiMesh enabled Asus router. :)
     

    Attached Files:

    Last edited: May 22, 2018
    SignedAdam likes this.
  48. SignedAdam

    SignedAdam Serious Server Member

    No Ill effects, other than it rebroadcasting the wrong 5GHz band, but that’s a customise issue..
     
  49. ringlord

    ringlord Network Newbie Member

    Hi, can we assume the R7000 is not vulnerable to the VPNFilter exploit when running XWRT-Vortex?
     
  50. cybrnook

    cybrnook Addicted to LI Member

    Depends. Do you think XVortex is on a hacker groups payroll? Hahahaha
     
    Makaveli likes this.
  51. Makaveli

    Makaveli Networkin' Nut Member

    https://www.techspot.com/news/74782-fbi-takes-control-domain-used-russian-hackers-infect.html

    This is the list of affected routers.

    • Linksys E1200
    • Linksys E2500
    • Linksys WRVS4400N
    • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    • Netgear DGN2200
    • Netgear R6400
    • Netgear R7000
    • Netgear R8000
    • Netgear WNR1000
    • Netgear WNR2000
    • QNAP TS251
    • QNAP TS439 Pro
    • Other QNAP NAS devices running QTS software
    • TP-Link R600VPN

    I don't see any asus routers on the list and since you are running asus firmware on it my gut tells me you are not affected.
     
    phalkon30, slidermike and duceyaj like this.
  52. slidermike

    slidermike Addicted to LI Member

    Makaveli is correct, the flaw is a software one so if your NOT running stock firmware and the other firmware isn't listed you should be safe.
    Its not a hardware flaw.
     
  53. Spasmo

    Spasmo New Member Member

    I'm loving this firmware. I now have a 4G mobile dual WAN backup that works perfectly. Something the R7000 can't do on stock Netgear FW.

    I've had no luck using the R7000 as an AImesh router though. I have a T-mobile AC68U hacked to run stock Asus 3.0.0.4.384.10007 firmware (last AImesh FW before Asus disabled it for hacked T-mobile routers). The R7000 sees the AC68U when searching for nodes but connecting steps through to 100% then reports that connection was unsuccessful.
     
  54. phalkon30

    phalkon30 Serious Server Member

    The details on the exploit are so sparse I wouldn't celebrate yet, but I would imagine we can't be worse off on this firmware.

    The "advice" that sites are giving to mitigate is maddening, if there's an exploit then one hard reset doesn't protect you. You'll probably get infected again... The exploit is still presumably there.

    Sent from my Nexus 6P using Tapatalk
     
  55. SignedAdam

    SignedAdam Serious Server Member

    @Spasmo - You could get AiMesh working the other way around, so setup the AC68U as the AiMesh router and the R7000 as the AiMesh node, I believe ASUS firmware on the AC68U also allows you to still use your 4G device
     
  56. Prashant

    Prashant New Member Member

    Hi,
    Am trying to do initial flash from stock Netgear Firmware to XWRT v384.5.
    However, I kept running into this error "This firmware file is incorrect! Please get the firmware file again and make sure it is the correct firmware for this product."
    I ran telnetenable2 to enable telnet and board_id seemed to fine. Went ahead with erase nvram followed up by reboot.
    However, all my attempts to use the .chk file to flash the XWRT v384.5 failed with the first error message.
    Do I have to flash a previous version instead ?
    Regards,
    Prashant
     
  57. tapasr_56d18fd83b51b

    tapasr_56d18fd83b51b Network Newbie Member

    Use the .trx file :)
     
  58. Prashant

    Prashant New Member Member

    As per below instruction on first page:
    The recommended procedure for initial flashing:
    1. Reset your router to factory defaults via the web interface.
    2. Flash the R7000_xxx.xx_x.chk file via the web interface.
    3. Do another factory reset via the new web interface.
    4. Configure everything else.

    Procedure for upgrade:
    1. Reboot your router via the web interface or power cycle.
    2. Flash the R7000_xxx.xx_x.trx file via the web interface.
    3. Check new options and configure everything else.

    Since this was my initial flash I tried with .chk
     
  59. Ubimoo

    Ubimoo Reformed Router Member

    Can I activate "AiProtection"? I'm also running ab-solution and skynet firewall.
    What are the pros and cons of enabled "AiProtection"?
     
  60. Prashant

    Prashant New Member Member

    Can anyone please confirm that for initial flash I need to use .chk or .trx?
     
  61. tapasr_56d18fd83b51b

    tapasr_56d18fd83b51b Network Newbie Member

  62. Prashant

    Prashant New Member Member

  63. mcosty

    mcosty New Member Member

    I had the same issue, the .trx file wont work on stock. I had to load 384.4_2 .chk first, then upgrade it to 384.5 with the .trx, once it was on the asus firmware.
     
  64. Prashant

    Prashant New Member Member

    Thanks for the information, will try that route if .trx doesn’t work on stock.
     
  65. Przem_78

    Przem_78 New Member Member

    Hello,
    Is this possible to run Link Aggregation 802.3ad LACP on R7000 with XWRT and Synology DS? LinkAgg script does not work, kills connection to NAS. :(
    Load Balancing setup on Synology works, but without LinkAgg script used.

    Using code:
    Code:
    /jffs/scripts/LinkAgg 2 3
    kills all ethernet switch. tried also "LinkAgg 1 2" and "LinkAgg 3 4". The result is the same.
     
    Last edited: May 28, 2018
  66. Onee-chan

    Onee-chan Network Newbie Member

    @XVortex I'm your fan!

    I'm not using any of your firmware, but I like how you close the snout to ASUS and Netgear. (XR500)
     
  67. T-Birth

    T-Birth Reformed Router Member

    Hi Guy's,

    Long time user of Merlin/Xvortex here...and I waited till the NG-Branch is more grown up...
    Im currently on 380.69_2 atm and i want to upgrade to the newest NG Branch soon but here is my question...

    Ive read the Changelog's but is there some more considerable Performance Gains from 380.69_2 vs NG ?
    In terms of Wifi Strength or other benefits ?

    Does it feel faster ?

    Thanks
     
    ringlord likes this.
  68. slidermike

    slidermike Addicted to LI Member

    Nope, just updates and improvements in the NG train.
    Old code is no longer developed for or updated.
    The old code is now obsolete.
     
    phalkon30 and Makaveli like this.
  69. I-Vladimir

    I-Vladimir Reformed Router Member

    Same on 380.69, running HTTP, mail, ftp servers and a VPN client. Any VPN performance improvements as the first CPU core gets maxed to about 70-80% with VPN download around 30 mbit/s.
     
  70. slidermike

    slidermike Addicted to LI Member

    Glad,
    The VPN is single threaded so no there is no improvements.
    You max the one core and that's it.
    The work around is to OC the cpu.
    That will be at your own risk of stability, though most users can safely get 1200/800 as well as the stock 1000/800.
     
  71. Tonytony

    Tonytony New Member Member

    So can my asus ac3100 aimesh with the r7000?
     
  72. Nikopol89

    Nikopol89 New Member Member

    I've had problems setting european wireless' region, ccode-eu.sh seems to be incorrect.

    country_code=Q2 refers to US
    country_rev=12 gave me problems with 2.4Ghz radio, devices could not access it


    I modified the script for italian localization, hope it helps :)

    Code:
    #!/bin/sh
    
    nvram set wl_country_code=IT
    nvram set wl0_country_code=IT
    nvram set wl1_country_code=IT
    nvram set pci/1/1/ccode=IT
    nvram set pci/2/1/ccode=IT
    
    nvram set wl_country_rev=0
    nvram set wl0_country_rev=0
    nvram set wl1_country_rev=0
    nvram set pci/1/1/regrev=0
    nvram set pci/2/1/regrev=0
    
    nvram commit && reboot
     
  73. ollimö

    ollimö Reformed Router Member

    So is the overall conclusion that it is safe and functionally equivalent to upgrade from 370 to 384? Given you follow the upgrade instructions - in my case i have just the bare default functions, no add-ons or specials but a functional WLAN is key ... Thanks!
     
  74. Ubimoo

    Ubimoo Reformed Router Member

    Found this in the log:
    Jun 3 14:19:25 lldpd[352]: removal request for address of 169.254.23.173%4, but no knowledge of it
    What does it mean?
     
  75. juched

    juched Serious Server Member

    This seems to be the service which watches for network configuration. Something in your network changed from a self assigned address to something else. This seems to be a benign log entry.
     
    Ubimoo and slidermike like this.
  76. phalkon30

    phalkon30 Serious Server Member

    https://www.pcmag.com/news/361655/vpnfilter-malware-sinks-its-teeth-into-more-routers

    AC66U is on the list now, is that our sister router?

    Either way, I can't believe how little info we have on how to mitigate. A restart may remove from ram, but they recommend a hardware reset and "update to latest firmware" which possibly maybe fixes the exploit.

    I don't have confidence we're not at risk until we get more details. I'm hoping this targets the ancient versions of firmware that were shipped with devices, or maybe those with Wan side remote access enabled?

    Sent from my Nexus 6P using Tapatalk
     
  77. slidermike

    slidermike Addicted to LI Member

    Makaveli and phalkon30 like this.
  78. sizeak

    sizeak New Member Member

    Hi,

    I'm running xwrt-vortex 380.70 on an EA6900, but I can't get policy based routing for OpenVPN to work. I am not pushing any routes from the server because I want only specific clients to use the VPN and everything else to continue using WAN directly. I've added the IP ranges I want routing through the VPN on the VPN Client page etc. but the traffic from those machines still seems to be going through the WAN interface.

    Can anyone help?

    Thanks.
     
  79. slidermike

    slidermike Addicted to LI Member

    screen shots, attachments?
     
  80. sizeak

    sizeak New Member Member

    I tried to link images but my account is not old enough and when I try to include the text config file in spoiler tags then it tells me my post contains a link -_- Will keep trying
     
  81. sizeak

    sizeak New Member Member

    I can't add links yet to images so here is the client config as an openvpn config file:

    client
    dev tun
    proto udp
    remote REMOVED 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    cipher AES-256-CBC
    verb 3
    auth SHA512
    compress lz4
    key-direction 1

    <ca>
    -----BEGIN CERTIFICATE-----
    REMOVED
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    REMOVED
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN PRIVATE KEY-----
    REMOVED
    -----END PRIVATE KEY-----
    </key>
    <tls-crypt>
    #
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    REMOVED
    -----END OpenVPN Static key V1-----
    </tls-crypt>

    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert CN.crt
    key CN.key # This file should be kept secret
    dh dh.pem
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    keepalive 10 120
    tls-crypt ta.key # This file is secret
    cipher AES-256-CBC
    auth SHA512
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
    compress lz4-v2
    push "compress lz4-v2"
    max-clients 4
    user nobody
    group nobody
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    explicit-exit-notify 1
     
  82. slidermike

    slidermike Addicted to LI Member

    sizeak,
    you mentioned the PBR is not working. So we don't really need to see the vpn tunnel config.
    We need to see the routers PBR configurations.
     
  83. sizeak

    sizeak New Member Member

    Sorry, I didn't think it was complicated enough to be incorrectly configured. I can't link images but here are the 4 fields from the table on the VPN Client page:

    Client1 192.168.1.2 0.0.0.0 VPN

    Redirect Internet traffic is set to Policy Rules (strict).
     
  84. slidermike

    slidermike Addicted to LI Member

    Can you paste images in the comment field directly?
     
  85. sizeak

    sizeak New Member Member

    upload_2018-6-8_17-30-58.png

    upload_2018-6-8_17-31-8.png

    Thanks for the help, pasting them in to attach them was not obvious at all :/
     
  86. slidermike

    slidermike Addicted to LI Member

    2 things I would try.
    #1 Tic the "block routed clients if tunnel goes down". So the vpn clients DONT use the WAN.
    #2 delete the client you have and readd but do it like this 192.168.1.2/32
    See if that makes any difference.
     
  87. dskete

    dskete Serious Server Member

    Anyone use this with AT&T U-Verse Pace 5268AC modem? I have followed the instructions here https://forums.att.com/t5/AT-T-Inte...dge-mode-or-another-AT-amp/m-p/2707755#M12774 to configure DMZ+ and also assigned a static IP address on the R7000. However every 3 weeks or so I lose internet connectivity and the only way to recover is to do a nvram wipe of the R7000 and setup everything again.

    This happens with other firmware like Tomato/DD-WRT, so definitely a problem with the modem. Is there any other configuration trick to help with this situation? I have an openvpn client configured.

    Thanks.
     
  88. sizeak

    sizeak New Member Member

    I've done both and the client can still access the internet even with the box ticked. It's this machine I'm typing on in fact!
     
  89. slidermike

    slidermike Addicted to LI Member

    sizeak,
    im just guessing here but are you using traceroutes and or some external ip reporting page like ipchicken.com to verify what external IP the client is coming back with?
    At this point I would suggest the normal processes, reboot the router, reboot the pc. Clear the router vpn config and start over.

    Wait, you offered up the client & server vpn config earlier. Exactly which device is the vpn server and what is the vpn client?
    Maybe a simple yet clear explanation of how the network is laid out might be useful.
    Typically the router would be the vpn client and somewhere out on the internet would be the vpn server.
    Your pc would just be a lan client on the router lan.
     
  90. sizeak

    sizeak New Member Member

    Yeah I'm using google (if you search myip it shows it inline) and also myip & ipchicken, just for sanity in case it was a cache issue.

    In my last post I meant that this PC was the 192.168.1.2 client which I was trying to selectively route through the VPN. The router is indeed the VPN client in this case and I have the OpenVPN server running on a dedicated Kimsufi box I rent.

    I've rebooted the router a number of times, I've also tried applying the routing manually with iptables as per github/RMerl/asuswrt-merlin/wiki/Policy-based-routing-(manual-method). The changes made to the scripts in that guide are still in place. I'm on the verge of flashing DD-WRT instead -_-

    Had to obfuscate the github link to avoid the filter.
     
  91. slidermike

    slidermike Addicted to LI Member

    The last thing I can suggest is clearing out the manual method changes & trying the process we have been discussing through the gui.
    Since I am not running the OS and my router is in AP mode (I run pfSense) I cannot test/duplicate the vpn stuff.
    Maybe someone else has a suggestion.
    Im tapped out.
     
  92. shanester

    shanester Reformed Router Member

    I upgraded from 380.69_2 to 380.70_0 to 385.5_0 and did a factory reset as documented.
    I re-entered my port forwarding list and enabled however the ports are not forwarding/open.
    I have tried to disable/enable as well as rebooting the router with no luck.

    Looking at the system log, the following entry repeats:
    kernel: br0: received packet on eth2 with own address as source address

    Any suggestions would are appreciated.
     
    Last edited: Jun 9, 2018
  93. juched

    juched Serious Server Member

    Do you have a guest network configured? Try turning that off. What I found was the guest network used the same Mac as the 5ghz wireless and caused that message.

    Enabling the second guest network used that Mac plus one and avoid that.
     
  94. slidermike

    slidermike Addicted to LI Member

    shane, the log message has nothing to do with port forwarding.
     
    Makaveli and juched like this.
  95. shanester

    shanester Reformed Router Member

    Removing the guest network stopped the message from occurring.
    However what is most important is getting the port forwarding working again.
     
  96. juched

    juched Serious Server Member

    Yes. Sorry, that isn’t what I responded ton.

    I am running the same build and port forwarding does work.

    Are you running skynet?
     
  97. shanester

    shanester Reformed Router Member

    I am not running skynet.
    I have proceeded to do a factory reset again. Reenter the port forwarding rules. Reboot. And it still is not working
    This router has been rock solid for years and this is the first time I have had issues.
    I need some help!

    EDIT: RESOLVED.. USER ERROR <=== Source IP should have been 0.0.0.0
     
    juched likes this.
  98. juched

    juched Serious Server Member

    Thanks though for confirming that guest network also caused the conflict error message for MAC address in the logs. Perhaps it can be changed so the guest network uses different MAC address moving forward.
     
  99. Nick St

    Nick St New Member Member

    Hello All. If I'm currently sitting at version 380.65, how could I revert to the stock Netgear firmware. I tried just applying the latest Netgear but I get a message it's invalid. Do I need to be at a specific version of Asuswrt-Merlin, or do I need to try and earlier version of the Netgear firmware?
     
  100. slidermike

    slidermike Addicted to LI Member

    Nick,
    please re-read the original post.
    It should be fairly clear, especially since you just tried 1 method that didnt work.
     
    SignedAdam likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice