Tuesday, November 6, 2018

Configuring AiCloud 2.0 in Asuswrt-Merlin

Asus AiCloud 2.0 is a "personal cloud" feature available in Asus wireless routers, enabling you to have easy access to your shared files either inside your home network or externally from the Internet.

External access to AiCloud is still unaffected even if you have disabled web access from WAN, i.e. remote access to your router's configuration web interface is disabled from the Internet (configured the Administration > System > Remote Access Config > Enable Web Access from WAN to "No", which is a good security measure to prevent unauthorized remote access to your router).

AiCloud is best to be used with a Cloud Disk USB storage device plugged in to your router's USB 3.0 port. It can be a USB thumb drive or a USB external harddisk. You can either format it with NTFS or EXT4 file system.

In my experience, AiCloud for Asus RT-AC86U router can work properly with the following combination of file systems:

  • NTFS only, single partition
  • EXT4 only, single partition
  • NTFS + EXT4. The EXT4 is to be used by Entware or Optware
  • NTFS + EXT4 + SWAP
Inside AiCloud 2.0 menu option, there are 3 settings. You need to turn on Cloud Disk in order to share the attached USB storage device to both your Intranet and the Internet.

I recommend to disable Smart Access, unless you want all your shared resources in your internal network to be remotely accessible from the Internet via AiCloud.

Smart Sync is said to be able to sync your attached USB storage to Asus Webstorage in the cloud, or AiCloud of another router in the Internet. In order to use Smart Sync, you need to enable both Cloud Disk and Smart Access. I found this function to be still buggy, and haven't found the way to make it work properly with Asus Storage yet. Therefore, I just keep it off.



In order to access your AiCloud from the Internet, particularly when you don't have a fixed IP address allocated by your ISP, you will need to have your DDNS service up and running. It is configured inside WAN > DDNS, and you have quite a wide variety of DDNS servers that you can choose to use.


You can access to your AiCloud using:
  • Web browser connecting to your router's AiCloud Web Access Port, configured in AiCloud 2.0 > Settings > AiCloud Web Access Port. It is advisable for you to change this port number from the default to your own.

Asus Download Master is a utility in the router that enable you to download Internet files using torrents to your attached USB storage device. It is not installed by default, and when you install it, the router will setup optware in your USB storage device and install the Download Master utility there. It can then be accessible using its web interface by browsing to its port in your router.

I think Internet files downloading is much better to be handled by proper software in your computer, rather than using the utility in your router. It will consume your router's CPU and memory resources, reduce its stability and reduce its security level.

Inside USB Application > Media Services and Servers, you can make use of the built-in media server functionality in your router (miniDLNA) to stream media stored in the attached USB storage device to computers, tablets, smartphones, smart TV, media player, etc. Supported media content includes video, music and pictures.


If you enable iTunes Server, you can stream the media content to iTunes app and Apple TV in your intranet. Disable this if you don't need it.

By using Manual Media Server Path, you can specific only media files resided in certain folders in the attached USB storage device be accessible with the media server. For each of the folders, you can further specify whether to share the audio, image or video in it.

For Samba network file sharing, the following settings are recommended:
  • Allow guest login: Off
  • Maximum number of concurrent connects: 5
  • Samba protocol version: SMBv2
  • Simpler share naming: Yes
  • Force as Master Browser: Yes
  • Set as WINS server: Yes, unless you already have a WINS server in your local network
SMBv2 is more secured against Windows malware attack. However, you might see the following log entries in your router, which is caused by one or more clients trying to access using the old SMBv1 (CIFS) protocol.

 
To eliminate these log entries, you can either set the Samba protocol version to "SMBv1 + SMBv2", which is not recommended due to malware security issue with SMBv1, or to turn off SMBv1 clients.

In Windows, you can turn off its SMBv1 client by going to Control Panel > Programs > Programs and Features > Turn Windows features on or off > SMB 1.0/CIFS File Sharing Support and uncheck the SMB 1.0/CIFS Client.


The settings for NFS exports and FTP Share is pretty straightforward. You can just disable them if not in used.

0 comments:

Post a Comment

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.