Asus GT-AX11000/Pro, RT-AX89X, , GT-AX6000, RT-AX88U Pro, RT-AX86U/Pro, RT-AX86S, TUF-AX6000, RT-AX82U (V1/V2), TUF-AX5400, RT-AX5400 and TUF-AX4200

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
Hi folks
I have 2x AC88u aimesh set up for quite sometime. I just got a AX55 and I thought of adding AX55 as a node to the AC88u aimesh setup, but not sure if this is advisable. Or is it better to set the AX55 as a primary router and use the two AC88u as nodes?
I wanted to upgrade to Wi-Fi 6 and shortlisted either AX88 or AX86 but worried that the difference is not much after the upgrade to AX88. I thought I can save some money by using the existing ax55. Any experts can give me some advice?

Are you using Ethernet backhaul or wireless backhaul?

If using wireless backhaul, then it is better to add AX55 as the node. But its performance will be limited by the uplink (2*2 AC 80MHz). And you can say its AX wireless capability is wasted.

If using Ethernet backhaul, then I think it is still better to add the AX55 as a node. But the performance should be much better.
 

colourwater

Junior Member
Joined
Aug 23, 2008
Messages
81
Reaction score
0
Are you using Ethernet backhaul or wireless backhaul?

If using wireless backhaul, then it is better to add AX55 as the node. But its performance will be limited by the uplink (2*2 AC 80MHz). And you can say its AX wireless capability is wasted.

If using Ethernet backhaul, then I think it is still better to add the AX55 as a node. But the performance should be much better.
I am using wireless backhaul for my AC88u aimesh setup.

But if I keep the current wireless set up and add AX55 using Ethernet backhaul, can I utilize the AX wireless capability?
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
I am using wireless backhaul for my AC88u aimesh setup.
But if I keep the current wireless set up and add AX55 using Ethernet backhaul, can I utilize the AX wireless capability?

I believe so but you have to try out by yourself.

RT-AC88U supports 4*4 AC 1024QAM so wireless backhaul is not bad. But it will be much better if you can use Ethernet backhaul as well.
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
For people who want to use Asus Instant Guard, you may really want to buy RT-AX86U and not RT-AX82U because the CPU performance is important for this IPsec based VPN server solution (plus DDNS).

Review:
https://www.blacktubi.com/review/asus-instant-guard/
instantguardperf-1024x576.jpeg
 
Last edited:

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
My test results with Asus Instant Guard on Android (Huawei P20) with my RT-AX82U (BCM6750 CPU).
7735007056.png
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
How does this work? It tunnels your connection back to your home router and breakout to the internet from there?
Basically this is a easy to use IPsec VPN server on the Asus router with mobile Android/iOS app and Asus DDNS to make it easier to use. You can manually set up OpenVPN servers at the Asus router and use the other DDNS provider to achieve similar goals as well.

More about Instant Guard:
https://www.asus.com/support/FAQ/1044340https://www.asus.com/support/FAQ/1044123https://www.asus.com/support/FAQ/1044124/
 

siaoboy

Senior Member
Joined
Jan 1, 2000
Messages
1,343
Reaction score
16

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
Asus router Network Detection feature: you may notice that the Asus router will constantly contact Google (or Baidu if you buy the China version). I noticed this from Pi-Hole query logs.

Even if you leave both empty, you may notice that it will still contact the default server at 5 seconds interval.

DNS Query​
Ping​
Pros​
Respond quicklyThe most common way to check your Internet connection
Cons​
In the certain circumstances, DNS queries work because DNS information is stored in the cache of your device even if your router is not connected to the Internet.Some ISPs consider frequent pings as an attack and it results in the Internet connection being disconnected by the ISP.

1) Single WAN case
https://www.asus.com/support/FAQ/1037370/2) Dual WAN case
https://www.asus.com/support/FAQ/1037368/
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
I just change it to dns_query and ping Google instead of Baidu.

Code:
:/tmp/home/root# nvram show | grep dns_probe
dns_probe=0
dns_probe_content=172.217.194.99
dns_probe_host=www.google.com
size: 65773 bytes (65299 left)

:/tmp/home/root# nvram show | grep ping
bcm_snooping=2
misc_ping_x=0
ping_target=www.baidu.com
size: 65773 bytes (65299 left)

:/tmp/home/root#  nvram set ping_target=www.google.com

:/tmp/home/root# reboot

For those who want to take more risks, you can try the following. I have not tried it myself. Do not try it if you are using Dual WAN as it is required.

***********************************
https://discourse.pi-hole.net/t/exc...s-queries-originating-from-asus-router/3157/5
Here is how:
https://www.snbforums.com/threads/constant-unwanted-traffic-to-dns-msftncsi-com-from-rt-ac66u.35367/ 9

Or in short:

  • 1 - Enable SSH (or telnet).
  • 2 - SSH into your router and each node one by one
    (login & pw is the the same as your web interface)
  • 3 - We're going to change the NVRAM settings but its worth having a look at the default first so do a:
    nvram show | sort | more
  • 4 - Look for: the dns_probe_content and dns_probe_host entries. These have the addresses that were giving me the problem
  • 5 - Set dns_probe_content using: nvram set dns_probe_content=127.0.0.1
  • 6 - Set dns_probe_host using: nvram set dns_probe_host="" (note "" = null, ie blank, ie not even a space)
  • 7 - Save these entries: nvram commit
  • 8 - reboot the router/node: reboot
 
Last edited:

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
Recently I am seeing the issue of getting red WAN LED and WAN not connected error message from time to time on my Asus RT-AX82U.

Previously if I only encountered this issue, it was because of my Pi-hole DNS was down (I am using Pi-hole hosted on Google Cloud, with 1.1.1.3 as a backup). My Pi-hole would be down if the IP address was changed because of the firewall rules I set on the Google Cloud host (Singtel got too many IPv4 address segments to track even with /16).

Now even if I use 1.1.1.3/1.0.0.3, or even SingTel DNS, I still see this error message from time to time. I believe it was related to the Asus FW Network Detection features (using DNS Query and/or ping, to make sure ntp time update is proper, or for dual WAN users ). However, the internet access is not affected. I tend to think there is a FW bug in the latest Asus FW.

Another thing is that my IP address becomes very dynamic recently. This is probably due to SingTel side. Previously it was very stable and it would not change for several months and usually no change after reboot. Now I almost always got a new IP address after reboot.
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
I tend to think it is a bug on Asus router side. I am outside and I can use DDNS to connect to my router using the Asus router Android app. Asus Instant Guard router VPN is also working.

Yet it shows WAN Disconnected in the app. Rather strange.

Just wondering if other users also see this problem or not (red WAN LED and WAN disconnected error message).
 

ahyoo2002

Senior Member
Joined
Dec 10, 2009
Messages
852
Reaction score
78
Manage to setup my Gundam AX86U, I am sold man :love:.

Initially I was trying to restore from my AC5300 but then having some problem so I decided to do manual setup. Finally manage to set up as main router now.

Also, place the AX86U on top of my TV cabinet but need to sort up the messy cable.

The end result is even at super far end corner, I can get easily 100mbps Last time some of the room that almost cannot use, constantly have good speed now.

I will test more but likely I can reduce number of node I have at home.

Super happy and excited AX86U user here :p
 

kashix

Supremacy Member
Joined
Dec 27, 2007
Messages
9,304
Reaction score
859
Manage to setup my Gundam AX86U, I am sold man :love:.

Initially I was trying to restore from my AC5300 but then having some problem so I decided to do manual setup. Finally manage to set up as main router now.

Also, place the AX86U on top of my TV cabinet but need to sort up the messy cable.

The end result is even at super far end corner, I can get easily 100mbps Last time some of the room that almost cannot use, constantly have good speed now.

I will test more but likely I can reduce number of node I have at home.

Super happy and excited AX86U user here :p

+1 to this, using AX86U for quite awhile, nothing but amazing performance so far!
AX86U on my iPhone 13 Pro Max!

aEBF6Ao.png
 

ahyoo2002

Senior Member
Joined
Dec 10, 2009
Messages
852
Reaction score
78
+1 to this, using AX86U for quite awhile, nothing but amazing performance so far!
AX86U on my iPhone 13 Pro Max!

aEBF6Ao.png

May I know what is your broadband speed?

I can get max maybe 700 or even 600 only but some of my network cable is Cat 5E only and furthermore I am using the ethernet cable that is hidden inside the wall so I cannot change anymore.
 

kashix

Supremacy Member
Joined
Dec 27, 2007
Messages
9,304
Reaction score
859
May I know what is your broadband speed?

I can get max maybe 700 or even 600 only but some of my network cable is Cat 5E only and furthermore I am using the ethernet cable that is hidden inside the wall so I cannot change anymore.
1gbps MyRepublic, I think the catch is my router being RT-AX86U and iPhone 13 Pro Max
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
I know the BCM6750 CPU is not fast. But I think it should not be too bad either.

Since I have Entware installed, so I can run the benchmark here.
https://openwrt.org/docs/guide-user/perf_and_log/benchmark.openssl
Code:
:openssl speed md5 sha1 sha256 sha512 des des-ede3 \
    aes-128-cbc aes-192-cbc aes-256-cbc rsa2048 dsa2048 | tee /tmp/sslspeed
. /etc/openwrt_release; echo \

...
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri Aug 27 08:57:05 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: arm-openwrt-linux-gnueabi-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -mtune=cortex-a9 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=soft -O3 -DPIC -fpic -ffunction-sections -fdata-sections -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DOPENSSL_RAND_SEED_DEVRANDOM_SHM_ID=-1 -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5              21606.64k    56426.58k   112580.32k   151136.90k   166662.92k   168688.33k
sha1             15099.78k    36624.96k    68616.85k    87664.67k    95835.33k    96194.35k
des cbc          14671.20k    15606.78k    15838.61k    15880.59k    15924.92k    15942.68k
des ede3          5469.07k     5587.37k     5616.54k     5614.19k     5643.07k     5627.55k
aes-128 cbc      32880.17k    37187.51k    38626.61k    38970.42k    38882.84k    38860.63k
aes-192 cbc      28530.10k    32126.82k    33306.46k    33514.11k    33748.85k    33664.17k
aes-256 cbc      25456.66k    27964.66k    28940.15k    29255.61k    29161.32k    29260.28k
sha256            9660.49k    22089.17k    39117.83k    48671.03k    52333.09k    52478.62k
sha512            4990.51k    19572.55k    29632.39k    40863.48k    46323.81k    46826.35k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.015107s 0.000360s     66.2   2777.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.004753s 0.004190s    210.4    238.7
 

xiaofan

Arch-Supremacy Member
Joined
Sep 16, 2018
Messages
18,107
Reaction score
2,885
Linksys WRT1900AC V1 results

Code:
OpenSSL 1.1.1l  24 Aug 2021
built on: Thu Sep 23 16:53:20 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: arm-openwrt-linux-muslgnueabi-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -DPIC -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_PREFER_CHACHA_OVER_GCM -DOPENSSL_SMALL_FOOTPRINT
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5              18755.20k    55202.99k   117943.77k   165735.94k   186268.00k   188044.63k
sha1             13033.50k    35484.63k    68670.72k    90443.50k    99549.41k   100830.09k
des cbc          13667.02k    15170.09k    15535.46k    15791.45k    15912.34k    15792.20k
des ede3          5085.73k     5232.15k     5271.72k     5288.28k     5289.30k     5297.49k
aes-128 cbc      28790.32k    35009.32k    37131.35k    37793.79k    38088.69k    37934.42k
aes-192 cbc      27144.80k    33028.41k    35053.15k    35433.47k    35580.59k    35607.89k
aes-256 cbc      25265.09k    30114.54k    31710.55k    32222.89k    32274.84k    32461.14k
sha256            9777.61k    25182.44k    47629.48k    62116.86k    67969.02k    68293.97k
sha512            2608.86k    10438.76k    14907.56k    20299.60k    22648.15k    22817.45k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.041245s 0.001140s     24.2    876.8
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.014910s 0.013889s     67.1     72.0

|r16279| ARMv7 Processor rev 2 (v7l) | 25.00 | ARMv7 Processor rev 2 (v7l) | 25.00 | Marvell Armada 370/XP (Device Tree) | 1.1.1l | 165735940 | 90443500 | 62116860 | 20299600 | 15791450 | 5288280 | 37793790 | 35433470 | 32222890 | 24.2 | 876.8 | 67.1 | 72.0 |
 

Loser

Arch-Supremacy Member
Joined
May 7, 2019
Messages
20,542
Reaction score
8,837
I tend to think it is a bug on Asus router side. I am outside and I can use DDNS to connect to my router using the Asus router Android app. Asus Instant Guard router VPN is also working.

Yet it shows WAN Disconnected in the app. Rather strange.

Just wondering if other users also see this problem or not (red WAN LED and WAN disconnected error message).
My Ax86u also keep disconnecting from wan intermittenly nowadays and it's ******* irritating.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top