Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

Asus RT-AC68U router, firmware, etc. (contd.)

Continuing a previous post of mine as a note to myself.

Tried to flash my Asus RT-AC68U with the Advanced Tomato firmware and that was a failed attempt. The router just kept rebooting. Turns out Advanced Tomato doesn’t work on the newer models. Bummer! Not that I particularly wanted Advanced Tomato. It looked good and I wanted to try it out, that’s all. Asus Merlin suits me just fine.

Quick shout out to “Yet another malware block script” which I’ve now got running on the Asus RT-AC68U. And I also came across and have installed AB-Solution which seems to be the equivalent of Pi-Hole but for routers. I got rid of Pi-Hole yesterday as I moved the Asus back to being my primary router (replacing the ISP provided one) and I didn’t want to depend on a separate machine for DNS etc. I wanted the Asus to do everything, including ad-blocking via DNS, so Googled on what alternatives are there for Asus and came across AB-Solution. Haven’t explored it much except for installing it. Came across it via this post.

That’s all for now!

As an aside, I feel so outdated using Linux nowadays. :( The last time I used Linux was 4-5 years ago – Debian and Fedora etc. Now most of the commands I am used to from those times don’t work any more. Even simple stuff like ifconfig or route print. It’s all System D based now. I had to reconfigure the IP address of this Debian VM where I installed Pi-Hole and I thought I could do it but for some reason I didn’t manage. (And no I didn’t read the docs! :p)

This is not to blame Linux or System D or progress or anything like that. Stuff changes. If I was used to Windows 2003 and came across Windows 2008 I’d be unused to it’s differences too – especially in the command line. Similarly from Server 2008 to 2012. It’s more a reflection of me being out of touch with Linux and now too lazy to try and get back on track. :)

Etisalat and 3rd party routers

I shifted houses recently and rather than shift my Internet connection (as that has a 4 days downtime) I decided to apply for a new connection at the new premises (had an offer going on wherein the installation charge is zero) and then disconnect the existing connection once I have shifted. A downside of this – which I later realized – is that Etisalat seems to have stopped giving customers the Internet password.

Turns out Etisalat (like many other ISPs) now autoconfigure their routers. You simply plug it into the network and it contacts Etisalat’s servers and configures itself. This is using a protocol called TR-069, which I don’t know much of, but it seems to have some security risks. I have an Asus RT-AC68U router anyways which I have setup the way I want, so I wanted to move over from the Etisalat D-Link router to this one. When I spoke to the chap who installed my new Internet connection he said Etisalat does not allow users to install their own routers apparently. Found many Reddit posts too where people have complained of having to contact Etisalat and not been given this password and also about having to set a VLAN etc (e.g. this post). Seemed to be a lot of trouble.

Anyhow, I decided to try my luck. First I contacted them via email (care -at- etisalat.ae) asking to reset my password. A helpful agent called me up after a while and reset the password for it. It didn’t even affect my Internet connection coz the auto-configuring ensured that the Etisalat router picked up the new info. So far so good. I tried using these details with the Asus router to see if it will work straightaway, but it didn’t. So I sent them another email asking for the VLAN details. Next day another chap called me up and gave the VLAN details. He also mentioned that I’ll have to leave PnP on in my Asus router, or else he can raise a ticket to disable it. I said I’d like to have it disabled. About 4 hours later someone else called me up and said they are going to disable it now and would I like any assistance etc. I said nope, I’ll take care of it on my own.

Once they disabled PnP the Etisalat router stopped working. So I swapped it with the Asus one, and set the VLAN to what they agent gave me (it’s under LAN > IPTV Settings confusingly). I also changed the MAC of the Asus router to that of the Etisalat one – though I am not sure if that was really needed (I just did it beforehand, before unplugging the Etisalat router). This didn’t get things working though. Which stumped me for a while, until on a whim I decided to remove the VLAN stuff and just try with the username password like I had done yesterday. And yay that worked! So it wasn’t too much of a hassle after all. The phone and TV (eLife) still seem to be working so looks like I didn’t break anything either.

So, to summarize. If you want to use your own router with Etisalat (new connections) send them an email asking for the password to be reset and also make changes such as disabling Plug & Play so you can use your own router. Ask for the VLAN too just in case. Once you get these details connect the new router and put in the username password. If that doesn’t work put in the VLAN info too. That’s all! I was pleased with the quick turnaround and support, and it didn’t turn out to be a hassle at all like I was expecting. Nice one! :)

Asus RT-AC68U router, firmware, etc.

Bought an Asus RT-AC68U router today. I didn’t like my existing D-Link much and a colleague bought the Asus and was all praises so I thought why not try that.

Was a bit put off that many of the features (especially the parental control ones) seem to be tied up with a Trend Micro service that’s built into the router. When you enable these you get an EULA agreement from Trend Micro, and while I usually just click EULA agreements this one caught my eye coz it said somewhere that Asus takes no responsibility for any actions of Trend Micro and so they pretty much wash their hands off whatever Trend Micro might do once you sign up for it. That didn’t sound very nice. I mean, yes, I knew the router had some Trend Micro elements in it, and I have used Trend Micro in the past and have no beef with them, but I bought an Asus router and I expect them to take responsibility for whatever they put in the box.

Anyways, Googling about it I found some posts like this, this, and this that echoed similar sentiments and put me off. It was upsetting as a lot of value I was hoping to get out of the router was centered around using Trend Micro, and since I didn’t want to accept the EULA I would never be able to use it.

I briefly thought of flashing some other firmware in the hopes that that will give me more feature. Advanced Tomato looks nice, but then I came across Asus WRT Merlin which seems to be based on the official firmware but with some additional features and bug fixes and a focus on performance and safety rather than new features. (Also, the official Asus firmware and also the Merlin one have hardware NAT acceleration and proprietary NTFS drivers that offer better performance, while other third party firmware don’t have this. The hardware NAT only matters if your WAN connection is > 100Mbps, which wasn’t so in my case). Asus WRT Merlin looks good. The UI is same as the official one, and it appears that the official firmware has slowly embraced many of the newer features of Merlin. Also, this discussion from the creator of the Merlin firmware on the topic of Trend Micro was good too. Wasn’t as doom and gloom like the others (but I still haven’t enabled the Trend Micro stuff nor do I plan on doing so).

The Merlin firmware is amazing. Flashing it is easy, and it gives some nifty new features. For example you can have custom config files that extend the inbuilt DHCP/ DNS server dnsmasq, have other 3rd party software, and so on. This official Wiki page is a good read. I came across this malware blocking script and installed it. I also made some changes to DHCP so that certain machines get different DNS servers (e.g. point my daughter’s machine to use the Yandex.DNS). Here’s a bit from my config file in case it helps –

This dnsmasq manpage was helpful, so was this page of examples. Also this StackOverflow post.

I liked this idea of having separate DHCP options for specific SSIDs, and also this one of having a separate SSID that’s connected to VPN (nice!). I wanted to try these but was feeling lazy so didn’t get around to doing it. I read a lot about it though and liked this post on having separate VLANs within the router. That post also explains the port numbering etc. of the router – its a good read. I also wanted to see if it was possible to have a separate VLAN for an SSID – lets say have all my visitors connect to a different SSID with its own VLAN and IP range etc. I know I can do the IP range and stuff but looks like if I need to do a separate VLAN I’ll have to give up one of the four ports on the back of the router. Basically the way things seem to be setup are that the 5 ports on the back of the router are part of the same switch, just that the WAN port is in its own VLAN 2 while the LAN ports are in their own VLAN 1.  The WLAN (Wireless) are bridged to this VLAN 1. So if you want a separate WLAN SSID with its own VLAN, we must create a new VLAN on one of the four ports and bridge the new SSID to that.

In the above port 0 is the WAN, port 1-4 are the LAN ports, and port 5 is the router itself (the SOC on the router). Since port 5 is part of both VLANs the router can route between them. The port numbers vary per model. Here’s a post showing what the above output might look like in such a case. As a reference to myself this person was trying to do something similar (I didn’t read all the posts so there could be stuff I missed in there).

Lastly these two wiki pages from DD-WRT Wiki are worth referring to at some point – on the various ports, and multiple WLANs.

At some point, when I am feeling less lazy, I must fiddle around with this router a bit more. It’s fun, reminds me of my younger days with Linux. :)