Scope

RT-AC3200, RT-AC87U, RT-AC68U, RT-AC66U, RT-N66U, RT-AC56U

Warning

This article is for experienced trained IT personnel who are comfortable with Linux. Smarsh Hosted Services cannot assist with flashing open source firmware on your router.

  • R vs U vs W models:  There is no difference in hardware or firmware between R, U or W models.  The R indicates large retail stores such as Best Buy while U indicates online retail such as Amazon.
  • There are two versions of Asus firmware,  Asuswrt (Asus Standard) and Asuswrt-Merlin (unofficially Asus supports the developer of Asuswrt-Merlin and is using some of the source code in Asuswrt firmware)
    • The official Asus-RT based firmware direct from Asus (Recommended)
    • Asuswrt-Merlin which is a port from the Asuswrt, this document covers asuswrt-Merlin

Known Issues

  • It is recommended to upgrade existing routers to the most current firmware including new out of the box routers before proceeding, which is 3.0.0.4_378.51_0 released 03/06/2015.
  • It is recommended to follow the release notes prior to any upgrade from Asuswrt to Asuswrt-Merlin Link to Asuswrt-Merlin Wiki
  • All reported exploits have been addressed and corrected by AsusWRT-Merlin as of the latest firmware 3.0.0.4_378.51_0 released 03/06/2015.  It is the customer’s responsibility to maintain a secure network it is imperative that these routers stay up to date.  Please consult Asus for direct support on upgrading your routers. Link to Asuswrt-Merlin Support Forum
  • SIP ALG enabled by default, causing intermittent phone issues. 

 Resolution

 

Minimum firmware requirements Firmware 3.0.0.4_378.52_0 released 04/05/2015Please consult your IT person or Asuswrt-merlin for direct support on upgrading your router. Link to Asuswrt-Merlin Support Forum

  1. Log into the router
  2. Go to Advanced settings -> WAN -> NAT Passthrough and configure as below:
    • PPTP Passthrough = Enable
    • L2TP Passthrough = Enable
    • IPSec Passthrough = Enable
    • RTSP Passthrough = Disable (Unless needed)
    • H.323 Passthrough = Disable
    • SIP Passthrough = Disable (SIP ALG)
    • Enable PPPoE Relay = Disable (Unless needed)
    • Click Apply
  3. Enable WAN Ping response
    • This optional step is needed for call quality monitoring and troubleshooting purposes
      • Under Advanced Settings -> Firewall
        • Enable Firewall = Yes
        • Enable DoS Protection = Yes
        •  Respond Ping Request from WAN = Yes
        • Click Apply
  4. Modify DHCP DNS servers to a set of efficient DNS servers
    • The following is needed if you have or plan to purchase Polycom phones. It is best practice to add these options with any Smarsh Hosted Services phones installed.
      • Go to Advanced Settings -> WAN -> Internet Connection -> WAN DNS Setting  and apply the following:
      • Connect to DNS Server Automatically = Select No
        • DNS Server1 = 8.8.8.8
        • DNS Server2 = 8.8.4.4
        • Click Apply to save
      • Under Advanced Settings -> LAN -> DHCP Server  apply the following:
        • DNS Server = 8.8.8.8
        • Click Apply.
  5. Change Primary and Secondary LAN DNS to a set of efficient DNS servers
    • Go to Advanced Settings > LAN > DHCP Server > DNS and WINS Server Settings
      • DNS Server1 = 8.8.8.8
      • DNS Server2 = 8.8.4.4
      • Advertise router's IP in addition to user-specified DNS = No
      • Click Apply to save
    • Go to Advanced Settings -> WAN -> Internet Connection -> WAN DNS Setting  and apply the following:
      • DNS Server1 = 8.8.8.8
      • DNS Server2 = 8.8.4.4
      • Connect to DNS Server Automatically = Select No
    • Click Apply to save
  6. Wait until the router is back on line then reboot onephone first.  When the phone is back on line, from the phone check the following by pressing
    • Menu > 2 > 2 > 1
    • Scroll down to find DNS Server and DNS Alt. Server
    • Make sure they read 8.8.8.8 and 8.8.4.4
    • If correct Reboot all Smarsh Hosted Services devices.

QoS Configuration for Call Quality

  • Adaptive QoS will cause extreme packet loss.  The default settings do not allow for refinement of the VoIP Protocols, only UDP port 5060 is defined. Smarsh Hosted Services will advise using the Traditional QoS option.
  • Note: Setup and results are based on ASUS RT-AC68 running firmware 3.0.0.4_378.51_0 released 03/06/2015 and a RT-AC66 on firmware 3.0.0.4_378.51_0 released 03/06/2015. 
  • An Asuswrt-Merlin enabled router handles VoIP traffic with no issues in its default setup, however there may be a need to apply QoS as a precautionary measure to ensure the best possible optimization of your internal network. Consult your IT person if QoS is to be implemented on your network.  Smarsh Hosted Services cannot design this for you.
  • Note: turning on QoS will restart the router and disconnect for up to 2 minutes, this procedure should be done off hours.  Smarsh Hosted Services recommends you consult your IT person or contact Asus directly on the use and setup of QoS. Router/Gateway Requirements
  1. Set up QoS
    • Under General > Adaptive Qos > QoS tab
    • Enable Smart QoS = Yes
    • Upload Bandwidth = XX “Where XX is your actual upload bandwidth”
    • Download Bandwidth = XXX “Where XXX is you actual download bandwidth”
    • QoS Type = Traditional
    • Apply (The router will reboot)
  2. After the reboot and the router is back on line Under General > Adaptive QoS > QoS tab choose user-defined QoS rules
  3. You will see the following:
    • Service Name – Source IP or MAC – Destination Port – Protocol – Transferred – Priority – Add/Delete.  The example screen shot is for reference only.  Circled in RED are the added Smarsh Hosted Services devices to give priority to the VoIP environment. You will need to consult with your IT person for further details on your internal network needs.

Considerations

  1. NOTE: It is always recommended to keep up to date on the router's firmware.  Asus makes this extremely easy to do manually.

    • Go to Administration > Firmware Upgrade
      1.  Firmware Version -- It is not recommended to use this option.  Though this vulnerability has been corrected (LINK) in version 3.0.0.4.376.1123 it is recommended to always download any firmware from the Official ASUS support website.
      2.  Restore/Save/Upload > Save setting = save (Save the CFG File to a location on your computer)
    • This resolves severe security vulnerabilities Asus has known about since the start of 2014 but still did not resolve as of June 2014.
    • Firmware 3.0.0.4.374.5047 and later is required to prevent your network and phones from being compromised.
    • We have run into many cases where these routers block the phones' NAT Binding/Keep-Alive messages that are sent every 15 seconds.
    • This causes the phones/fax-adapters to fail to register, which causes call and many other phone/fax feature failures.
    • They are either resolved by a firmware update or by replacing the router with a different serviceable router or a recommended one.
    • Smarsh Hosted Services cannot upgrade the firmware for you.  If you need help, contact Asus.
    • Smarsh Hosted Services also cannot replace the router for you if a firmware update does not resolve the issue.