Tweaking network settings in Asuswrt-Merlin

The Tools > Other Settings in Asuswrt-Merlin firmware is a menu not found in the stock Asuswrt firmware. It enables us to tweak some network settings to the router, which most of the time we can just keep them at default value.

Traffic history is a small database storing information required by the Traffic Analyzer. By default it is stored in RAM, which will be lost after the router is restarted.

You can set the traffic history location to NVRAM to preserve the data after router restart, and set the frequency whereby the database will be copied from RAM to NVRAM. Note that the NVRAM in the router has a finite times of read/write cycle. It is advisable to set the save frequency not to be too frequent to prolong the wear-and-tear of the NVRAM.

A better way is to save it to custom location, which can be a mounted USB storage device.

If your ISP billing cycle is not on the first day of the month, you can change the default starting day of monthly cycle from the default 1 to the first day of your billing cycle. This will enable you to have better view of your monthly traffic based on your billing cycle.

Asus routers such as the RT-AC86U have a physical button for you to turn off all its LED lights. This is a feature for you to conceal the router, particularly at night or in dark condition. Asuswrt-Merlin provides you the software option to turn off the LED lights by enabling Stealth Mode in miscellaneous options. In fact, you can further tweak your router to automatically turn off the LED lights during certain time, and make them function as normal during other period of time. You can click here to learn more about scheduled LED control.

New firmware version check will alert you when you login to the router and there is new Asuswrt-Merlin firmware available. You will still need to manually download the firmware after getting the alert, and perform the update accordingly. You are given the option not to check for beta firmware releases.

For TCP/IP settings, just keep the default values unless you have certain network application, such as VoIP, that need the tweaking. TCP connections limit is in quantity. All the timeout values on the screen are in number of seconds.

In IPv4, Address Resolution Protocol (ARP) is used to find out and associate the Media Access Control (MAC) address of a network interface with its IP address. It was done by a broadcast in the Layer 2. In IPv6, ARP is replaced by Neighbour Solicitation. By default, IPv6 neighbour solicitation broadcast is allowed by the internal firewall of the router, and Asuswrt-Merlin allows you to instruct the internal firewall to drop such broadcast, if it bothered you.

The Asuswrt firmware has a program called WANduck, which handles tasks related to your Internet (WAN) connections. WANduck is "inherited" in Asuswrt-Merlin firmware.

By default, WANduck will keep on sending DNS queries every few seconds to check if your WAN link is connected or not. You can disable this in the advanced tweaks and hacks settings. It is advisable not to change the default setting, unless you are clear about your reason to disable it.

Asusnat tunnel is a special NAT tunnel built-in to enable access to the router from the WAN side, even under NAT network. It is used by certain features, and the Asus Router mobile app. If you are paranoid about this kind of tunnel, you are given the option to disable it.

The Web Proxy Auto-Discovery (WPAD) protocol is a technology which aids a web browser in automatically detecting the location of a Proxy Auto Config (PAC) file using DNS or DHCP. The PAC file contains information of web proxy server.
By default, the DHCP server in the router will send empty WPAD with a carriage return to the requester. If this behavior causes problem, you can disable the sending of carriage return in empty WPAD.

Configuring AiCloud 2.0 in Asuswrt-Merlin

Asus AiCloud 2.0 is a "personal cloud" feature available in Asus wireless routers, enabling you to have easy access to your shared files either inside your home network or externally from the Internet.

External access to AiCloud is still unaffected even if you have disabled web access from WAN, i.e. remote access to your router's configuration web interface is disabled from the Internet (configured the Administration > System > Remote Access Config > Enable Web Access from WAN to "No", which is a good security measure to prevent unauthorized remote access to your router).

AiCloud is best to be used with a Cloud Disk USB storage device plugged in to your router's USB 3.0 port. It can be a USB thumb drive or a USB external harddisk. You can either format it with NTFS or EXT4 file system.

In my experience, AiCloud for Asus RT-AC86U router can work properly with the following combination of file systems:

• NTFS only, single partition
• EXT4 only, single partition
• NTFS + EXT4. The EXT4 is to be used by Entware or Optware
• NTFS + EXT4 + SWAP

Inside AiCloud 2.0 menu option, there are 3 settings. You need to turn on Cloud Disk in order to share the attached USB storage device to both your Intranet and the Internet.

I recommend to disable Smart Access, unless you want all your shared resources in your internal network to be remotely accessible from the Internet via AiCloud.

Smart Sync is said to be able to sync your attached USB storage to Asus Webstorage in the cloud, or AiCloud of another router in the Internet. In order to use Smart Sync, you need to enable both Cloud Disk and Smart Access. I found this function to be still buggy, and haven't found the way to make it work properly with Asus Storage yet. Therefore, I just keep it off.

In order to access your AiCloud from the Internet, particularly when you don't have a fixed IP address allocated by your ISP, you will need to have your DDNS service up and running. It is configured inside WAN > DDNS, and you have quite a wide variety of DDNS servers that you can choose to use.

You can access to your AiCloud using:

• Web browser connecting to your router's AiCloud Web Access Port, configured in AiCloud 2.0 > Settings > AiCloud Web Access Port. It is advisable for you to change this port number from the default to your own.

• AiCloud Android App

• AiCloud iOS App
• 3rd party mobile apps, such as File Manager +

Asus Download Master is a utility in the router that enable you to download Internet files using torrents to your attached USB storage device. It is not installed by default, and when you install it, the router will setup optware in your USB storage device and install the Download Master utility there. It can then be accessible using its web interface by browsing to its port in your router.

I think Internet files downloading is much better to be handled by proper software in your computer, rather than using the utility in your router. It will consume your router's CPU and memory resources, reduce its stability and reduce its security level.

Inside USB Application > Media Services and Servers, you can make use of the built-in media server functionality in your router (miniDLNA) to stream media stored in the attached USB storage device to computers, tablets, smartphones, smart TV, media player, etc. Supported media content includes video, music and pictures.

If you enable iTunes Server, you can stream the media content to iTunes app and Apple TV in your intranet. Disable this if you don't need it.

By using Manual Media Server Path, you can specific only media files resided in certain folders in the attached USB storage device be accessible with the media server. For each of the folders, you can further specify whether to share the audio, image or video in it.

For Samba network file sharing, the following settings are recommended:

• Allow guest login: Off
• Maximum number of concurrent connects: 5
• Samba protocol version: SMBv2
• Simpler share naming: Yes
• Force as Master Browser: Yes
• Set as WINS server: Yes, unless you already have a WINS server in your local network

SMBv2 is more secured against Windows malware attack. However, you might see the following log entries in your router, which is caused by one or more clients trying to access using the old SMBv1 (CIFS) protocol.

 

To eliminate these log entries, you can either set the Samba protocol version to "SMBv1 + SMBv2", which is not recommended due to malware security issue with SMBv1, or to turn off SMBv1 clients.

In Windows, you can turn off its SMBv1 client by going to Control Panel > Programs > Programs and Features > Turn Windows features on or off > SMB 1.0/CIFS File Sharing Support and uncheck the SMB 1.0/CIFS Client.

The settings for NFS exports and FTP Share is pretty straightforward. You can just disable them if not in used.

Configuring Adaptive QoS in Asuswrt-Merlin

When your Internet connection is congested (most or all of its allocated bandwidth is used up) either from time to time, or most of the time, Quality of Service (QoS) is a mechanism for you to prioritize bandwidth usage based on network tasks and applications.

However, if your Internet connection is not congested most of the time (allocated bandwidth is hardly used up), it is advisable for you to turn off QoS function. This is because QoS won't make your Internet connection become faster, as your Internet connection is limited by your ISP allocation of maximum upload and download bandwidth. In fact, enabling QoS will incur additional workload to your router and your local network.

QoS is essential for a congested network to ensure that certain network tasks and applications will not be severely affected by the congestion by giving priority to their network traffic, at the sacrifices of those with lower priority. Turn on QoS when your Internet is congested will give you a better Internet experience if you configure it properly.

Bear in mind that QoS normally won't work together with Hardware Acceleration. Enabling QoS will cause the router to automatically shut down partial or all of the Hardware Acceleration function.

In the Asuswrt and Asuswrt-Merlin Game Boost screen, there is a LAN Boost - One Click Game First mode. That is actually a short cut to an adaptive QoS setting that turn on adaptive QoS and set Online Gaming with the highest priority of all network traffic. If you want to give the highest priority to other tasks such as Media Streaming instead of Online Gaming, make sure you turn off this LAN Boost - One Click Game First mode.

When you click into the Adaptive QoS menu, you will be presented with the Bandwidth Monitor screen. This screen is functioning regardless QoS is switch on or off in your router. It is a very useful screen to tell you the real time bandwidth usage of your network between the router.

Upload Bandwidth and Download Bandwidth is visually shown in the form of a speedometer. From this display, you can immediately know whether your Internet link is congested or not.

The same information is also obtainable in the Asus Router mobile apps connected to the router.

Below it is a list of hosts connected to the router, and their real time upload and download bandwidth usage respectively.

If you turn on Apps analysis, you can click on the icon of any of the hosts, and the screen will show a breakdown of bandwidth usage by the applications running in the host.

If you would like to turn on QoS function, recommended settings are as below:

• QoS type: Adaptive QoS
• Bandwidth Setting: Automatic Setting
• Queue Discipline: fq_codel
• WAN packet overhead: select the correct preset according to your Internet connection type

Click here if you are interested to understand more on the technical among the 3 queue disciplines of Stochastic Fairness Queueing (SFQ), Controlled Delay (CoDel) and Fair Queueing Controlled Delay (fq_CoDel).

You can then determine which kind of applications are going to have the highest priority to access the Internet: Games, Media Streaming or Web Surfing.

If you choose Customize, you are given control to customize the priority among the following traffic types:

• Gaming
• Video and Audio Streaming
• VoIP and Instant Messaging
• Web Surfing
• File Transferring
• Others

You can mouse over to each of them for more description of the traffic type respectively.

If you have QoS enabled, you can view the QoS Statistics screen to have an idea of the bandwidth usage by each of the traffic types.

Web History records down a log on the websites visited by the hosts. I find it no harm to enable or disable it. Even if you disabled it, it seems that the logging still be ongoing behind the scene. I also noticed that this Web History does not display every single website visited by the hosts.