Wednesday, November 28, 2018

Avantree SP850 multifunctional wireless speaker with FM radio

I have purchased an Avantree SP850 multifunctional wireless speaker with FM radio for my father to replace his CD player that is now faulty and possibly reached its end-of-life.


This Avantree SP850 has many overlapping function with the BC-01 multimedia bluetooth speaker that I purchased 2 years ago. It costs higher at the price of RM96, but its sound quality is comparatively better, with a removable (and therefore replaceable) Nokia BL-5C Li-ion battery, and much straightforward and easier to use.


Note that this Avantree SP850 does not have alarm clock function and also unable to display the time.

Its 3 main functions are:
  • Play music and audio in MP3, WMA or WAV format
  • FM radio
  • Act as handsfree to answer/reject/hang-up incoming calls when connected to mobile phone using Bluetooth
It can accept audio source from the following:
  • FM radio
  • Micro SD card
  • AUX 3.5mm audio cable
  • Bluetooth
and it can output audio to headphone or external speaker via 3.5mm audio cable plugged to its headphone socket.

Its operation is menu driven with its LCD screen display. You can navigate the directory structure of the Micro SD card to pick the music file to play.

It supports the following music playing repeat modes:
  • Repeat all
  • Repeat folder
  • Replace once
  • Random
It has a built-in equalizer which you can set for the following music modes:
  • Natural
  • Rock
  • Pop
  • Classic
  • Jazz
  • Soft
It has 10 numeric buttons on top, makes it very easy to select song and to tune the FM radio.

You can get the FM radio to perform auto-searching of available channels, or to manually input the channel frequency number by using the numeric buttons. The manually set channels will be automatically memorized. This Avantree SP850 is able to memorize quite a lot of FM radio channels.

Due to its easy of use, this Avantree SP850 is suitable for everybody use, including elderly people.

You can watch the video below to have better understanding about this Avantree SP850.



Tuesday, November 27, 2018

Releasing handphone storage space by cleaning up WhatsApp files

Have you wonder what have silently taken up your handphone / tablet storage space? I bet the top culprit will be messaging apps such as WhatsApp.

WhatsApp stores all your individual and group chatting history in your phone storage, including all the media files and documents which you've sent out and also you've received from others. Over time, it will consume up gigabits of your phone / tablet storage.

Within the WhatsApp application itself does not have any mechanism for you to clean up old files or large files in order to release your handphone storage space.

Anyhow, you can easily locate those files stored by WhatsApp in your phone by using a file manager app such as File Manager + and navigate to the /WhatsApp/Media folder in your phone storage. The files are all there! You can then manually backup and/or delete the files there.

In fact, you can also program an Automate script to perform some sort of automated WhatsApp files housekeeping to release your handphone storage periodically.

Another easier way is to make use of an Android app called Cleaner for WhatsApp by LookAndFeel Lab to do the housekeeping.

Note that there are multiple Android apps call themselves as Cleaner for WhatsApp in the Google Play Store, and I am referring to the one developed by LookAndFeel Lab with the app icon as below:


This Android app is like a specific version of file manager to release handphone storage space taken up by WhatsApp files.

It shows you the total WhatsApp files found and the total storage space taken.

According to the WhatsApp directory structure, Cleaner for WhatsApp is able to list down the number of files and storage space taken by file types:
  • Videos
  • Images
  • Documents
  • Databases
  • Voices
  • Audios
  • Gifs
  • Stickers
  • Profile Photos
  • WallPapers


By entering the folder, it can let you review those files that you sent to others, those that you received from others, and duplicated files.

With a single tap, you can select all the files within the category (received, sent or duplicated), or you can manually select the files one-by-one, for you to perform the delete action. The files can be sorted by size (either large size first or small size first) or date (either oldest first or newest first) to make it easy for batch selection for deletion.

The function that makes a real difference from ordinary file explorer is its auto-clean function, which you can select to periodically check for the WhatsApp file and clean them by date or by size. It provides option for you to select which types of files you want to auto-clean.

With Cleaner for WhatsApp, you are able to release quite a number of handphone storage space occupied by those WhatsApp files. I would suggest LookAndFeel Lab to also provide achieve function beside cleaning to make it even better.

Thursday, November 22, 2018

Using Travel Recommends WiFi Router to access Google, Whatsapp, Facebook, Instagram, Snapchat, Youtube, etc. in China

If you are travelling to China, you will expect your Internet access to Google services (including Gmail, Google Maps, Google Calendar, Google Drive, etc.), WhatsApp, Facebook, Instagram, Telegram, Twitter, Snapchat, Blogspots, Wordpress, YouTube, and thousands over websites and Internet services be blocked and rendered inaccessible by the Great Firewall of China (GFW).

One common way to gain access to those websites and Internet services in China is to subscribe to a dependable and reliable VPN service before you enter into China. There are VPN solutions in the form of computer software as well as mobile apps to tackle the GFW restrictions, but such solutions might be limited to single device usage, not a good idea if you carry several devices (laptop, tablet, smartphone, smart watch, etc.) with you, or if you are travelling with a small group of people (family, friends, colleagues, etc.) in which each of you has one or more devices that need to access to those websites and/or Internet services.

In such case, a portable WiFi router with built-in VPN specifically for use in China is a better solution. The WiFi router is even more important than a local SIM card or roaming service, because as long as you have full Internet access, you can make voice or video calls using WhatsApp, Telegram, WeChat, Line, and other messaging apps.

I have searched around the Internet and found several providers of portable WiFi router available in the market. Some don't specify whether their portable WiFi router has workable VPN function for use in China or not. Some received customers' review about having mobile signal coverage issue, VPN connectivity issue, battery drainage issue, etc.

I have chosen Travel Recommends portable WiFi router as most of its customer's reviews are positive. It might not be the cheapest one in the market, but I believe it is dependable and reliable to ensure my Internet connectivity in China. Its rental price for China of RM28 per day is quite reasonable too. In fact, I really had enjoyable experience with this Travel Recommends portable WiFi router while I was in China, and I am pleased to have made a right choice.

In order to successfully rent a Travel Recommends portable WiFi router, you need to make your reservation at their website at least several days before your departure date.

During reservation, you can choose to have the device courier to you (with additional charges), or to self pick-up at their service counter available at the arrival hall of KLIA, KLIA 2 or Penang Airport. Self pick-up is also available at specific location in Johor Bahru and Kota Kinabalu. For device returning after your travel, you can also choose to courier it back to the company, or to self drop-off at either one of the 5 service counters available.

The package comes with:

  • The portable WiFi router, sharable by up to 5 connected devices at the same time
  • A travel adapter for you to charge the portable WiFi router (which you can use it to supply power to your other devices too)
  • A USB charging cable
  • A pouch to store all the components nicely at one place
You can also opt to include a power bank in the package, with additional charge. If you carry your own power bank, then you won't be necessary to rent the power bank from Travel Recommends.

There is a RM200 deposit collected by Travel Recommends upon making online payment to confirm your rental unit. This deposit will be banked in to your bank account several days after you returned all the rented components to the company.


The portable WiFi router has built-in Li-ion battery, which can last for about 6-8 hours of continuous usage. Whenever you are indoor with available wall socket, just charge it up, and it should be able to last the whole day from morning until midnight without much problem.

For portable WiFi router to be used in China (with or without VPN), Hong Kong and Vietnam, there is a fair usage limit of 1 GB per day. Exceeding the limit will cause your Internet access to be very slow, although still can stay connected. The quota usage is shown in real time on its display for easy check up.

There is unlimited usage for portable WiFi router to be used in Japan, South Korea and Taiwan, whist for other countries such as Singapore, Europe, Australia, Canada, USA, Thailand, Indonesia, Cambodia, India and Macau, the daily fair usage limit is capped at 500 MB only.

Rental prices for different countries are not the same, and can be found at their website. On and off they will have promotional price for specific countries.

I think portable WiFi router is an important oversea travelling component for you to carry along while you are abroad, to stay connected to the Internet and remain contactable via messaging apps. This is particularly crucial for travelling in China, as you need a portable WiFi router with dependable and reliable built-in VPN to stay connected to your favourite Internet services.


Sunday, November 18, 2018

Configuring IPv6 settings in Asuswrt-Merlin for TM UniFi

All the IPv4 blocks have already fully allocated, and IPv4 should be exhausted any time from now. Although the Internet transition from IPv4 to IPv6 has been prolonged, it is advisable to make use of IPv6 now in parallel with IPv4.

In fact, many websites are found to be faster when accessed using IPv6.

Below are my settings on IPv6 for TM UniFi for your reference:

  • Connection type: Native
  • Interface: PPP
  • DHCP-PD: Enable
  • Release prefix on exit: Enable
  • Auto Configuration Setting: Stateless
  • Connect to DNS Server automatically: Disable (you can choose Enable to use the DNS servers of TM UniFi)
  • IPv6 DNS Server: you can choose to use any of the public DNS servers below:
    • Google: 2001:4860:4860::8888, 2001:4860:4860::8844
    • OpenDNS: 2620:0:ccc::2, 2620:0:ccd::2
    • CloudFlare: 2606:4700:4700:0:0:0:0:1111, 2606:4700:4700:0:0:0:0:1001
    • UncensoredDNS: 2001:67c:28a4::, 2a01:3a0:53:53::
  • Enable Router Advertisement: Enable
If your IPv6 is working, you will be able to see your LAN IPv6 Address, LAN Prefix Length and LAN IPv6 Prefix shown on the screen. More information can be found in the System Log > IPv6 screen.

Saturday, November 17, 2018

Configuring WAN settings in Asuswrt-Merlin for TM UniFi

Below is my Internet Connection setting for TM UniFi:

  • WAN Connection Type: PPPoE
  • Enable WAN: Yes
  • Enable NAT: Yes
  • NAT Type: Symmetric
  • Enable UPnP: No (for better security control)
  • Get the WAN IP automatically: Yes
  • Connect to DNS Server automatically: No (set as Yes to use the DNS servers of your ISP)
  • DNS Server: you can use the DNS servers of your ISP, or any of the public DNS servers below:
    • Cloudflare: 1.1.1.1, 1.0.0.1
    • FreeDNS: 45.33.97.5, 37.235.1.177
    • Google: 8.8.8.8, 8.8.4.4
    • Level3: 209.244.0.3, 209.244.0.4
    • OpenDNS: 208.67.222.222, 208.67.220.220
    • Quad9: 9.9.9.9, 149.112.112.112
    • UncensoredDNS: 91.239.100.100, 89.233.43.71
    • Verisign: 64.6.64.6, 64.6.65.6
  • PPP Username: your username given by the ISP
  • Password: your password given by the ISP
  • Disconnect after time of inactivity: 0 second (never disconnect)
  • MTU: 1480
  • MRU: 1480 (same value as MTU)
  • Internet Detection: PPP Echo
  • PPP Echo Interval: 30 seconds
  • PPP Echo Max Failures: 5 times
  • Enable VPN+DHCP Connection: Yes
  • Spoof LAN TTL value: No
You can use the ping command to find out the maximum possible MTU value for your WAN connection. Just ping to any external server that accepts ICMP echo, with the parameters "-f -l xxxx" where xxxx is a number you try to get as large as possible, while the ping result will remain to have 0% packet loss without packet fragmentation. Any number greater than it will cause packet fragmentation.

Your MTU will be this xxxx number added by 28.


In the ping results shown above, the maximum number is 1452. Therefore, the MTU is 1452+28=1480.

Dual WAN: if you only have single Internet connection, set this to Off. If you have two Internet connections, set this to On. Your secondary WAN connection can be configured as fail over backup link which only active when the primary WAN is down, or as load balancing link which active together with the primary WAN and share the Internet traffic.


Port Trigger: Disabled. You can enable it if required.

Virtual Server / Port Forwarding: Disabled. You can enable it if required. Note that if you have enabled Parental Control function of the router, there will be some Port Forwarding rules automatically set here for the Parental Control function.

DMZ: Disabled.

Enable DDNS Client: Yes.

Method to retrieve WAN IP: Internal.

Server: just pick one of your favourite. Use Asus if you have no preference.

Host Name: pick a name for your router to be accessible from the Internet. As long as the name is not in used by other user in the DDNS server, it can be used.

HTTPS/SSL Certificate: Let's Encrypt (this is the easiest to use)

NAT Passthrough:
  • PPTP Passthrough: Enable
  • L2TP Passthrough: Enable
  • IPSec Passthrough: Enable
  • RTSP Passthrough: Enable + NAT helper
  • H.323 Passthrough: Enable + NAT helper
  • SIP Passthrough: Enable + NAT helper
  • Enable PPPoE Relay: Disable
If you don't use any VPN client and VoIP in your LAN, you can configure the NAT passthrough to be Disabled.

Thursday, November 15, 2018

Configuring LAN settings in Asuswrt-Merlin

For LAN IP Address and the corresponding subnet mask, pick one from the following private IP address ranges:

  • 192.168.0.1 to 192.168.255.254 (subnet mask 255.255.0.0 for fixed first 2 numbers 192.168 in the available LAN IP addresses; subnet mask 255.255.255.0 for fixed first 3 numbers in the available LAN IP addresses)
  • 172.16.0.1 to 172.31.255.254 (subnet mask 255.240.0.0, or 255.255.0.0, or 255.255.255.0)
  • 10.0.0.1 to 10.255.255.254 (subnet mask 255.0.0.0 or 255.255.0.0 or 255.255.255.0)
For home network, using a subnet mask of 255.255.255.0 with 254 allocable IP addresses is sufficient.

If you want to allocate less usable IP addresses, you can refer to the subnet masks below:
  • 255.255.255.128 (126 allocable IP addresses)
  • 255.255.255.192 (62 allocable IP addresses)
  • 255.255.255.224 (30 allocable IP addresses)
  • 255.255.255.240 (14 allocable IP addresses)
Below is my LAN configuration for your reference:
  • Enable the DHCP Server: Yes
  • Hide DHCP/RA queries: No
  • IP Pool Starting and Ending Address: for easier management, it is advisable to allocate this dynamic IP range to be different from the IP range used in manual assignment. Make sure this IP range is within the allocable IP addresses as defined by the subnet mask.
  • Lease time: 86400 seconds
  • Default gateway: the internal IP address of the router
  • DNS Server: you can use the DNS servers of your ISP, or any of the public DNS servers below:
    • Cloudflare: 1.1.1.1, 1.0.0.1
    • FreeDNS: 45.33.97.5, 37.235.1.177
    • Google: 8.8.8.8, 8.8.4.4
    • Level3: 209.244.0.3, 209.244.0.4
    • OpenDNS: 208.67.222.222, 208.67.220.220
    • Quad9: 9.9.9.9, 149.112.112.112
    • UncensoredDNS: 91.239.100.100, 89.233.43.71
    • Verisign: 64.6.64.6, 64.6.65.6
  • Advertise router's IP in addition to user-specified DNS: Yes
  • Forward local domain queries to upstream DNS: No
  • Enable DNSSEC support: No (unless you are sure your ISP and your DNS servers support this feature)
  • Enable DNS Rebind protection: No (unless you are sure your ISP and your DNS servers support this feature)
  • WINS Server: the internal IP address of the router
  • Enable Manual Assignment: Yes
Note: For the hosts configured in the manual IP assignment table, you can edit their name and change their icon by clicking on their icon.

  • Enable static routes: No (normally you don't need this, unless you have a complex network with several routers)
  • IPTV: select the correct ISP Profile to auto-configure the IPTV settings for the corresponding ISP
  • Switch Control:
    • Enable Jumbo Frame: Disable
    • Spanning-Tree Protocol: Enable

Tuesday, November 13, 2018

Configuring WiFi settings in Asuswrt-Merlin

Smart Connect is a feature in Asus wireless routers to automatically steer the WiFi clients to the most appropriate band of 2.4GHz and 5GHz. If you make use of Smart Connect feature, you will need to have the same SSID and Pre-Shared Key (WiFi password) for all the bands available.

If you prefer to have more control on which band your WiFi clients should connect to, you can disable Smart Connect.

For 2.4GHz band:

  • There are 3 wireless modes available. "Auto" allows 802.11b/g/n devices to connect to the WiFi network. In this mode, 802.11n devices can connect with optimum speed (up to 250Mbps per stream). "Legacy" mode also allows 802.11b/g/n devices to connect to the WiFi network, and the 802.11n devices can only connect with a maximum speed of 54Mbps (same as 802.11g). If all your wireless devices support 802.11n, you can select "N only" wireless mode for optimal performance. This mode does not allow 802.11b/g to connect.
  • Tick the "optimized for Xbox" if your WiFi network has Xbox 360 connected, otherwise just leave it unticked.
  • If your WiFi network has old 802.11b and/or 802.11g devices, tick the "b/g Protection". This will protect those devices from interferences which will also affecting the 802.11n devices.
  • Set channel bandwidth to 20/40 MHz to allow 802.11n connections to combine 2 channels for faster transmission speed, provided there is minimal channel interference with your neighbours. The router will device whether to use 20 MHz (one channel) or 40 MHz (dual channel) based on actual situation.
  • Try to use control channel 1, 6 or 11 if none of your neighbours is using it. These 3 channels are non-overlapping.

For 5GHz band:
  • Try to use a different SSID from 2.4GHz to have more control on which band you want your device to connect to.
  • There are 4 wireless modes available. "Auto" allows 802.11ac/n/a devices to connect to the WiFi network. "Legacy" only allows 802.11n/a devices to connect, and the 802.11n devices can only connect with a maximum speed of 54Mbps. "N only" will exclude all the 802.11 ac/a devices. For most of the users, you should choose "N/AC mixed" because only very old device will use the 802.11a connection on 5GHz band, you probably don't have such device at home.
  • Tick the "optimized for Xbox" if your WiFi network has Xbox 360 connected, otherwise just leave it unticked.
  • Set channel bandwidth to 20/40/80 MHz to allow the router to make use of either single channel, 2 channels or 3 channels, based on the actual situation.
  • The best control channel for most Asus routers is channel 48. Channels 36/40/44/48 belong to the UNII-1 low band channels, with channel 48 having the best transmission power. Other channels above are belonging to the UNII-2 or UNII-3 channels, which availability for use is depending on the country's regulation. Those higher band channels are in the Dynamic Frequency Selection (DFS) spectrum, and the router will simply disable using them if any radar systems is detected using the same spectrum.

For both 2.4GHz and 5GHz bands:
  • Extension channel is the second channel for 40 MHz bandwidth (and third channel for 80 MHz in 5GHz band), which you can specify it to be either above the control channel or below the control channel.
  • For most home users, set your authentication method to "WPA2-Personal" and WPA encryption to AES. If you have a RADIUS server in your local network, you can use "WPA2-Enterprise" for better security.
  • WPA pre-shared key is a passphrase, which you can use a short sentence of words instead of a single word.
  • For most of the users, you can leave protected management frames to be disabled. You can enable it for better security, but wireless clients that don't support this feature might not be able to connect to your WiFi network.
  • In WPA WiFi connections, the group key is a shared encryption keys among all the connected devices to secure multicast/broadcast traffic. It is more secured to change this group key at certain time interval, although for most home user, there is usually no harm for not to change it. For group key rotation interval, the figure is in seconds. You can set it to 0 to use the same key without any periodic change required. The interval can be from 1 second to 2,592,000 seconds. 3,600 seconds should be good enough for most users.

WPS (WiFi Protected Setup) provides an easy way to connect new device to the WiFi network. For most home user, you can just disable this function, as your wireless devices at home is pretty fixed.

WDS (Wireless Distribution System) is a kind of wireless bridging function to extend your WiFi coverage with additional access points (AP). If your home network only has one wireless router, you can ignore the settings here. Besides, Asus routers has a better way of interconnection called AiMesh.

If you discovered your neighbour is stealing your WiFi network, you can block their device with Wireless MAC Filter. It is very straightforward to configure.

RADIUS Setting is for WPA2-Enterprise network. Most home users can just leave it as it is.

Below is my configuration for Professional Wireless settings, for your reference.

For 2.4GHz:
  • Enable Radio: Yes
  • Enable wireless scheduler: No
  • Set AP Isolated: No
  • Roaming assistant: Disable (enable if you use Smart Connect function)
  • Bluetooth Coexistence: Pre-emptive (if you use Bluetooth keyboard/mouse/speaker nearby your router)
  • Enable IGMP Snooping: Disable
  • Multicast Rate(Mbps): Auto
  • Preamble Type: Long
  • AMPDU RTS: Enable
  • RTS Threshold: 2346
  • DTIM Interval: 3
  • Beacon Interval: 100
  • Enable TX Bursting: Enable
  • Enable WMM: Enable
  • Enable WMM No-Acknowledgement: Disable
  • Enable WMM APSD: Enable
  • Optimize AMPDU aggregation: Disable
  • Modulation Scheme: Up to MCS 11 (NitroQAM/1024-QAM)
  • Airtime Fairness: Enable
  • Multi-User MIMO: Enable
  • Explicit Beamforming: Enable
  • Universal Beamforming: Enable
  • Region: make sure you select correctly

For 5GHz:
  • Enable Radio: Yes
  • Enable wireless scheduler: No
  • Set AP Isolated: No
  • Roaming assistant: Disable (enable if you use Smart Connect function)
  • Enable IGMP Snooping: Disable
  • Multicast Rate(Mbps): Auto
  • AMPDU RTS: Enable
  • RTS Threshold: 2346
  • DTIM Interval: 3
  • Beacon Interval: 100
  • Enable TX Bursting: Enable
  • Enable WMM: Enable
  • Enable WMM No-Acknowledgement: Disable
  • Enable WMM APSD: Enable
  • Optimize AMPDU aggregation: Disable
  • Modulation Scheme: Up to MCS 11 (NitroQAM/1024-QAM)
  • Airtime Fairness: Enable
  • Multi-User MIMO: Enable
  • 802.11ac Beamforming: Enable
  • Universal Beamforming: Enable
  • Region: make sure you select correctly

WiFi Radar enables you to check for the WiFi channels usage and congestion state around your area, so that you can set your control channel to the least congested option. Before using it, you need to go to the Configure tap and click on the Start Data Collection button, wait for a few seconds, then click on the Stop Data Collection button.

Friday, November 9, 2018

Tweaking network settings in Asuswrt-Merlin

The Tools > Other Settings in Asuswrt-Merlin firmware is a menu not found in the stock Asuswrt firmware. It enables us to tweak some network settings to the router, which most of the time we can just keep them at default value.


Traffic history is a small database storing information required by the Traffic Analyzer. By default it is stored in RAM, which will be lost after the router is restarted.

You can set the traffic history location to NVRAM to preserve the data after router restart, and set the frequency whereby the database will be copied from RAM to NVRAM. Note that the NVRAM in the router has a finite times of read/write cycle. It is advisable to set the save frequency not to be too frequent to prolong the wear-and-tear of the NVRAM.

A better way is to save it to custom location, which can be a mounted USB storage device.

If your ISP billing cycle is not on the first day of the month, you can change the default starting day of monthly cycle from the default 1 to the first day of your billing cycle. This will enable you to have better view of your monthly traffic based on your billing cycle.

Asus routers such as the RT-AC86U have a physical button for you to turn off all its LED lights. This is a feature for you to conceal the router, particularly at night or in dark condition. Asuswrt-Merlin provides you the software option to turn off the LED lights by enabling Stealth Mode in miscellaneous options. In fact, you can further tweak your router to automatically turn off the LED lights during certain time, and make them function as normal during other period of time. You can click here to learn more about scheduled LED control.

New firmware version check will alert you when you login to the router and there is new Asuswrt-Merlin firmware available. You will still need to manually download the firmware after getting the alert, and perform the update accordingly. You are given the option not to check for beta firmware releases.

For TCP/IP settings, just keep the default values unless you have certain network application, such as VoIP, that need the tweaking. TCP connections limit is in quantity. All the timeout values on the screen are in number of seconds.

In IPv4, Address Resolution Protocol (ARP) is used to find out and associate the Media Access Control (MAC) address of a network interface with its IP address. It was done by a broadcast in the Layer 2. In IPv6, ARP is replaced by Neighbour Solicitation. By default, IPv6 neighbour solicitation broadcast is allowed by the internal firewall of the router, and Asuswrt-Merlin allows you to instruct the internal firewall to drop such broadcast, if it bothered you.

The Asuswrt firmware has a program called WANduck, which handles tasks related to your Internet (WAN) connections. WANduck is "inherited" in Asuswrt-Merlin firmware.

By default, WANduck will keep on sending DNS queries every few seconds to check if your WAN link is connected or not. You can disable this in the advanced tweaks and hacks settings. It is advisable not to change the default setting, unless you are clear about your reason to disable it.

Asusnat tunnel is a special NAT tunnel built-in to enable access to the router from the WAN side, even under NAT network. It is used by certain features, and the Asus Router mobile app. If you are paranoid about this kind of tunnel, you are given the option to disable it.

The Web Proxy Auto-Discovery (WPAD) protocol is a technology which aids a web browser in automatically detecting the location of a Proxy Auto Config (PAC) file using DNS or DHCP. The PAC file contains information of web proxy server.
By default, the DHCP server in the router will send empty WPAD with a carriage return to the requester. If this behavior causes problem, you can disable the sending of carriage return in empty WPAD.

Tuesday, November 6, 2018

Configuring AiCloud 2.0 in Asuswrt-Merlin

Asus AiCloud 2.0 is a "personal cloud" feature available in Asus wireless routers, enabling you to have easy access to your shared files either inside your home network or externally from the Internet.

External access to AiCloud is still unaffected even if you have disabled web access from WAN, i.e. remote access to your router's configuration web interface is disabled from the Internet (configured the Administration > System > Remote Access Config > Enable Web Access from WAN to "No", which is a good security measure to prevent unauthorized remote access to your router).

AiCloud is best to be used with a Cloud Disk USB storage device plugged in to your router's USB 3.0 port. It can be a USB thumb drive or a USB external harddisk. You can either format it with NTFS or EXT4 file system.

In my experience, AiCloud for Asus RT-AC86U router can work properly with the following combination of file systems:

  • NTFS only, single partition
  • EXT4 only, single partition
  • NTFS + EXT4. The EXT4 is to be used by Entware or Optware
  • NTFS + EXT4 + SWAP
Inside AiCloud 2.0 menu option, there are 3 settings. You need to turn on Cloud Disk in order to share the attached USB storage device to both your Intranet and the Internet.

I recommend to disable Smart Access, unless you want all your shared resources in your internal network to be remotely accessible from the Internet via AiCloud.

Smart Sync is said to be able to sync your attached USB storage to Asus Webstorage in the cloud, or AiCloud of another router in the Internet. In order to use Smart Sync, you need to enable both Cloud Disk and Smart Access. I found this function to be still buggy, and haven't found the way to make it work properly with Asus Storage yet. Therefore, I just keep it off.



In order to access your AiCloud from the Internet, particularly when you don't have a fixed IP address allocated by your ISP, you will need to have your DDNS service up and running. It is configured inside WAN > DDNS, and you have quite a wide variety of DDNS servers that you can choose to use.


You can access to your AiCloud using:
  • Web browser connecting to your router's AiCloud Web Access Port, configured in AiCloud 2.0 > Settings > AiCloud Web Access Port. It is advisable for you to change this port number from the default to your own.

Asus Download Master is a utility in the router that enable you to download Internet files using torrents to your attached USB storage device. It is not installed by default, and when you install it, the router will setup optware in your USB storage device and install the Download Master utility there. It can then be accessible using its web interface by browsing to its port in your router.

I think Internet files downloading is much better to be handled by proper software in your computer, rather than using the utility in your router. It will consume your router's CPU and memory resources, reduce its stability and reduce its security level.

Inside USB Application > Media Services and Servers, you can make use of the built-in media server functionality in your router (miniDLNA) to stream media stored in the attached USB storage device to computers, tablets, smartphones, smart TV, media player, etc. Supported media content includes video, music and pictures.


If you enable iTunes Server, you can stream the media content to iTunes app and Apple TV in your intranet. Disable this if you don't need it.

By using Manual Media Server Path, you can specific only media files resided in certain folders in the attached USB storage device be accessible with the media server. For each of the folders, you can further specify whether to share the audio, image or video in it.

For Samba network file sharing, the following settings are recommended:
  • Allow guest login: Off
  • Maximum number of concurrent connects: 5
  • Samba protocol version: SMBv2
  • Simpler share naming: Yes
  • Force as Master Browser: Yes
  • Set as WINS server: Yes, unless you already have a WINS server in your local network
SMBv2 is more secured against Windows malware attack. However, you might see the following log entries in your router, which is caused by one or more clients trying to access using the old SMBv1 (CIFS) protocol.

 
To eliminate these log entries, you can either set the Samba protocol version to "SMBv1 + SMBv2", which is not recommended due to malware security issue with SMBv1, or to turn off SMBv1 clients.

In Windows, you can turn off its SMBv1 client by going to Control Panel > Programs > Programs and Features > Turn Windows features on or off > SMB 1.0/CIFS File Sharing Support and uncheck the SMB 1.0/CIFS Client.


The settings for NFS exports and FTP Share is pretty straightforward. You can just disable them if not in used.

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.