Clone wiki

rt-n56u / EN / CommonTips

Mini-FAQ for routers ASUS RT-N14U/N56U/N65U/N11P/AC51U/AC54U/AC1200HP/N56UB1

Useful small tips and recipes are being posted here. Most of these tips are based on external applications. See instructions for setting up Entware first.



The features of firmware from Padavan.

  • All firmwares can be downloaded here.
  • You able to create a custom firmware with the necessary parameters.
  • After upgrading from the factory firmware, all settings of the router will be reset automatically.
  • Do not load the configuration file from the factory firmware.
  • WAN MAC address may be different from that on the label by 2 bits in the last octet (useful for model RT-N14U). If your ISP uses to authenticate bind to MAC-address, set the MAC from labels at WAN settings. Or call to the provider's admin to rebind MAC.
  • If something does not work right, look primarily at system log.
  • To conserve flash memory router has a manual mode to save the configuration (Administration -> Settings); when it is turned in the top panel a button "Save" will appear.
  • For providers offering PPPoE-connection + IPTV, you must enable PPPoE VPN + MAN: ZeroConf in the WAN settings.
  • For ease of mount a USB-drive, it is better to create a volume label in Latin. In this case, the drive will always be mounted under a single name.
  • Transmission and Aria2 before the first start require the creation of a directory in the root of the drive, see the tooltip. Why it is so and not otherwise, youwill understand when you will use different drives.
  • Transmission Remote GUI is the most convenient client for the Transmission.
  • The best filesystem for downloads - EXT4. The firmware has all the tools to work with it.
  • Do not download the torrents to Flash-drives.
  • The router has a limited amount of RAM; the most demanding applications is transmission, minidlna, aria2; whenever possible, do not run them simultaneously.
  • Offload UDP through HW_NAT is disabled by default, so uTP and UDP traffic in uTorrent (and other torrent clients) can greatly load CPU. The best option - disable uTP in torrent client, then all TCP traffic will offload, while at speeds of 10-11 MB / sec CPU usage is almost zero. The second option - enable UDP offload, but it does have some limitations.

The firmware "base" does not include the USB applications:

  • DLNA media server minidlna
  • Torrent client transmission
  • Download manager aria2
  • iTunes media server firefly All of these, as well as most other applications can be installed from the Entware-repository into the USB drive.

What is difference between the versions (full, base, etc.) of Firmware?

This firmware exists for routers Asus RT-N56U/RT-N65U/RT-N14U. There are also several Firmware builds (full, base, etc.). You can read about the differences in this section.


Where can I see list of changes in last version of Firmware?

All important changes in Firmware are published in this file.

Full information about changes to Firmware you can see at this page.


Installation and Usage the Terminal Application

First, open your browser, select in the lower left pane Advanced Settings -> Administration -> System and choose a server you'd like to use. Note, that it is highly recommended to use SSH as the server for external connections only. Because Telnet is an insecure protocol, and is the very replacement for it. However, for private (internal) network usage security may not be a necessity.

adm-system-en.png

In the above example SSH has been selected as the preferred method. Select the option that you wish to use and then apply to save the settings to the router.

You'll need a terminal client to establish a connection with RT-N56U. The terminal application is a serial computer interface for text entry and display output. There are many different applications. You should choose one by your OS.

Directions for Windows XP, Vista, and Windows 7 users

PuTTY is a free implementation of Telnet and SSH for Windows and Unix. Download the installer, and install the application. After installation there is minimal configuration needed to access the router. To start the session, you will need to enter a few basic parameters. Within the "Session" category select "Host Name" field, enter my.router or the IP address of router. Select a login protocol to use, from the "Connection type" that matches the protocol configured for the router. Afterwards, select the Translation category and make sure that UTF-8 is configured for the character set field.

putty_932x448.png

warning.png IMPORTANT NOTE: NEVER SAVE YOUR LOGIN AND / OR PASSWORD TO ANY CLIENT WHEN YOU USE TERMINAL CONNECTION!!!

Once you have finished the proper configurations, select the "Open" button at the bottom right of the configuration window, and PuTTY will initiate the connection to the router using the proper protocol.

Directions for MacOS Users

Open Finder, and go to Applications => Utilities. Double click on Terminal, or highlight Terminal and Apple/Command Key + Arrow Down.terminal_in_osx.jpg
ssh admin@my.router

or use one of the alias names: ssh admin@rt-n56u, ssh admin@my.rt-n56u


How do I edit the scripts/configuration files?

1. Built-in utility vi. Run command

# vi your_file

. Point the cursor on any blank line. Press the "i" on the keyboard. Insert the desired construction to the text. If necessary, use the button ENTER. When finished, press the keyboard "Esc", then type ":wq" (without the quotes) and press ENTER. Additional information about vi can be found in Google.

2. More convenient / more evident to use the editor built into the Midnight Commander. To install the Midnight Commander, run the command:

# opkg update
# opkg install mc

To start the Midnight Commander`s Editor connect to the router via Telnet/SSH console and run the command:

# mcedit your_file

Using a script to load information about ISP`s static routes

1. Edit the file /etc/storage/post_wan_script.sh and add to it all lines with routes in the following format:

ip route add xxx.xxx.xxx.xxx/yy via zzz.zzz.zzz.zzz

where xxx.xxx.xxx.xxx - IP-lan, yy - mask in CIDR-format, and zzz.zzz.zzz.zzz - gateway. Save file.

2. Run in console

# mtd_storage.sh save

3. Restart PPTP-session and check that the routes is loaded. To do this, run the command route in the console.


What are the existing network interfaces (transcript naming interfaces)?

  • br0 = LAN + WLAN + AP-Client + WDS
  • eth2 = Ethernet interface GMAC1, that connected to the switch (trunk port).
  • eth2.1 = LAN (VLAN VID1)
  • eth2.2 = WAN (VLAN VID2)
  • ra0 = WLAN 5GHz
  • ra1 = WLAN 5GHz Guest
  • rai0 = WLAN 2.4GHz
  • rai1 = WLAN 2.4GHz Guest
  • apcli0 = AP-Client 5GHz
  • apclii0 = AP-Client 2.4GHz
  • wds0-wds3 = WDS 5GHz
  • wdsi0-wdsi3 = WDS 2.4GHz

In the no-VLAN firmware

  • eth2 = LAN
  • eth3 = WAN

How to turn on a computer on the local network using the Wake-on-LAN

Wake-on-LAN (WOL) is an Ethernet computer networking standard that allows a computer to be turned on or awakened by a network message. Equivalent terms include wake on WAN, remote wake-up, power on by LAN, power up by LAN, resume by LAN, resume on LAN and wake up on LAN. In case the computer being woken is communicating via Wi-Fi, a supplementary standard called Wake on Wireless LAN (WoWLAN) must be employed.

Wake-on-LAN ("WOL") is implemented using a specially designed packet called a magic packet, which is sent to the computer to be woken up. The magic packet contains the MAC address of the destination computer, an identifying number built into each network interface card ("NIC") or other ethernet device in a computer, that enables it to be uniquely recognized and addressed on a network. Powered-down or turned off computers capable of Wake-on-LAN will contain network devices able to "listen" to incoming packets in low-power mode while the system is powered down. If a magic packet is received that is directed to the device's MAC address, the NIC signals the computer's power supply or motherboard to initiate system wake-up, much in the same way as pressing the power button would do.

Hardware requirements for Wake-on-LAN

Wake-on-LAN support is implemented on the motherboard of a computer and the network interface (firmware), and is consequently not dependent on the operating system running on the hardware. Some operating systems can control Wake-on-LAN behaviour via NIC drivers. If the network interface is a plug-in card rather than being integrated into the motherboard, the card may need to be connected to the motherboard by an additional cable. Motherboards with an embedded Ethernet controller which supports Wake-on-LAN do not need a cable. The power supply must meet ATX 2.01 specifications. Wake-on-LAN usually needs to be enabled in the Power Management section of a PC motherboard's BIOS setup utility, although on some systems, such as Apple computers, it is enabled by default. On older systems the bios setting may be referred to as "WOL", on newer systems supporting PCI version 2.2, it may be referred to as "PME" (Power Management Events, which include WOL). It may also be necessary to configure the computer to reserve standby power for the network card when the system is shut down.

How to turn on a computer using the router's WEB-interface

You can turn on a computer on the local network from the WEB-interface - just press Wake up opposite to the necessary device from the list or by entering its MAC-address in the appropriate field.

How to turn on a computer on the local network using the script

/usr/sbin/ether-wake -i br0 XX:XX:XX:XX:XX:XX

Where XX:XX:XX:XX:XX:XX is a MAC-address of the computer that you want to wake up on a schedule.


Capture images from WEB-camera connected to the router`s USB-port

1. Setting up Entware

2. Verify that WEB-camera is on the list of supported devices (otherwise the camera may don`t work with your router).

3. Connect your camera to router.

4. Connect to the router through Telnet/SSH

5. Run in console:

# modprobe uvcvideo

Before you continue, make sure that there was a video device / dev/video0. To check, you can run:

# ls /dev/video*

If the result will be "No such file or directory", it means that the camera is not supported by the driver uvcvideo.

6. Install the package motion.

# opkg update
# opkg install motion

7. Edit the file /opt/etc/motion.conf. It contains a lot of parameters, the most important are:

stream_localhost (on/off) - must be set to **off** to be able to get access to the video stream from the local network
stream_port (integer) - port of stream, the default is 8081
output_pictures (on/off) - is need to save snapshots
target_dir (path) - directory to store all snapshots; you must specify an existing folder on disk. For example, if you specify /media/AiDisk_a1, files will be stored in the root of the first drive connected to the USB.

8. Edit the file /etc/storage/started_script.sh, append the following line

modprobe uvcvideo

Run in console:

# mtd_storage.sh save

Now the camera will be initialized when you start / restart the router

9. Reboot the router or run in console:

# /opt/etc/init.d/S99motion start

10. Go to camera`s page

warning.png WARNING! When you change the settings in the file /opt/etc/motion.conf you must restart the service of camera`s stream management (or restart the router) to apply the new values:

# /opt/etc/init.d/S99motion restart

**


Access to a scanner/MFP connected to the router`s USB-port

To configure the scanner use this algorithm


Connecting MFP Samsung (for example, SCX-3400W) to the router via Wi Fi

To set-up your Samsung printer’s wireless settings with your computer follow the guide below:

1. First make sure the USB cable is connected to your computer and the printer

2. Then turn on your computer, printer and Wi Fi radio module on the router

3. Then install the your printer’s driver (use the CD that came with your printer)

4. Then during installation you will be ask how do you want your printer connected choose "Wireless network setup with a USB cable" in "Connect Printer" and click Next.

5. Then when your computer sees your wireless connection connect to it then click next

6. If your printer supports Wi-Fi Direct, its corresponding screen will appear. Click Ok and Next.

7. When the wireless network set up is completed, disconnect the USB cable between the computer and machine. Click Next.

8. Click Next when the Printers Found window

9. Select the components to be installed. Click Next.

You should then be able to connect when with the printer when it is done.

warning.png Note. You might need to set the region "USA" in the properties of router`s Wi Fi point.


Access to the printer HP Laser Jet connected to USB-port

The printers series HP LaserJet 1xxx/2xxx immediately after power on don't have the firmware. When the operating system detects a printer, it should "download" the necessary firmware to it and then work with it as with the simple printer. The same functions must execute our router.

If you want to use the printers series HP LaserJet 1xxx/2xxx connected to router's USB-port from your PC, you can use this algorithm based on connection the HP LaserJet 1022 (similarly for other models).

1. Setting up Entware

2. Connect to the router through Telnet/SSH

3. Create folder /opt/share/firmware. To do this, run in console:

# mkdir /opt/share/firmware

4. Copy the firmware for your printer into the directory /opt/share/firmware (you can dowload it here. For the HP LaserJet 1022 you need the file sihp1022.dl

warning.png WARNING! Here and further instead of sihp1022.dl you must specify the correct name of the firmware file for your printer!!!

# wget https://bitbucket.org/padavan/rt-n56u/wiki/files/hplj/sihp1022.dl -P /opt/share/firmware

5. Edit the file /opt/bin/on_hotplug_printer.sh by changing the string

lpfw="/opt/share/firmware/sihp1020.dl"

to

lpfw="/opt/share/firmware/sihp1022.dl"

6. set the option "Enable TCP/IP RAW port?" to "Yes" in WEB-interface:

printer-en.png

7. Connect the printer to the router through the USB-cable and turn on it. Each time you turn on the printer it will boot firmware, which can be seen as the additional printer initialization.

8. Set up a connection to a network printer for TCP/IP port 9100 on your computer (you can use this instruction or this)


Checking ink level of your printer attached to router's to USB-port

If you want to check the ink level of printer attached to your router , you can use the utility ink from Entware. For install the ink utility you can this algorithm:

1. Setting up Entware

2. Run in console:

# opkg update
# opkg install ink
# opkg install libinklevel

3. For check the ink level of your printer run in console:

# ink -p usb

Use several/other DDNS-servers

If you want using several DDNS-servers or the desired DDNS-server don`t present in the list of supported servers, you can add support for its by using this algorithm.

1. Disable DDNS-client in WEB-interface

2. Create directory /opt/etc/ddns:

# mkdir /opt/etc/ddns

3. In directory /opt/etc/init.d create script S02ddns with this content (you can use this script):

 
func_start()
{
        echo "Start DDNS services"
        # insert your custom code below
        inadyn --input_file /opt/etc/ddns/inadyn.conf  # start DDNS-service for server DDNS 1
        inadyn --input_file /opt/etc/ddns/inadyn2.conf  # start DDNS-service for server DDNS 2
}
 
func_stop()
{
        echo "Stop DDNS services"
        # insert your custom code below
        killall -q inadyn
}
 
case "$1" in
start)
        func_start
        ;;
stop)
        func_stop
        ;;
restart)
        func_stop
        func_start
        ;;
*)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
        ;;
esac

4. In directory /opt/etc/ddns create configuration file(s) inadyn.conf (inadyn2.conf and so on, respectively the number of required records for DDNS-Server). For example, inadyn.conf for service dyndns.com:

dyndns_system dyndns@dyndns.org
update_period_sec 1800 # check for a new IP every 30 minutes
username ****    # login for server dyndns.com
password ****    # password for server dyndns.com
alias ****.dyndns.org    # alias (host name) for server dyndns.com
background
ip_server_name checkip.ns.zerigo.com /
cache_file /opt/etc/ddns/ddns.cache
# log_file /opt/etc/ddns/inadyn.log   # if you want to inadyn recorded their results in own log, uncomment this line, the default will record in the system log

For example, inadyn.conf for service no-ip.com:

dyndns_system default@no-ip.com
update_period_sec 1800 # check for a new IP every 30
username ****    # login for server no-ip.com
password ****    # password for server no-ip.com
alias ****.sytes.net    # alias (host name) for server no-ip.com
background
cache_file /opt/etc/ddns/ddns2.cache
# log_file /opt/home/admin/inadyn.log

You should replace the asterisks on your accounts data


Custom MAC address filtering

Assume, your child spends too much time in the internet. And you'd like to limit access time by schedule.

All easily configured through WEB-interface:

macfilter-en.png

warning.png Note. Time can not be set with the transition through the midnight. If you want to specify a range 22:30-07:00, split it into two rules:

  1. 22:30-23:59
  2. 00:00-07:00

Keep in mind that nowadays children are very smart. If your "genius" changes mac address on his machine, the rule is not be applied to his machine any more. So you should properly configure your dhcp server.


Using a script to filter traffic using MAC addresses of devices

1. Edit the file /etc/storage/post_iptables_script.sh and add to it lines in the following format:

iptables -I FORWARD -m mac --mac-source 11:22:33:44:55:66 -j DROP

where 11:22:33:44:55:66 - MAC-address of the device for which you want to block traffic. FORWARD is used if you want to filter transit (passing through a router) traffic.

If you want to block access to the router, use the directive INPUT:

iptables -I INPUT -m mac --mac-source 11:22:33:44:55:66 -j DROP

Save file.

2. Run in console

# mtd_storage.sh save

Restricting access to undesirable content using Yandex.DNS

Many users want to protect themselves or their children from adult sites. The algorithms of family search from Yandex are able to identify erotica and porn. When a user opens a porn site on your computer or network with Yandex.DNS in the "Family" mode, he only see the parking page.

All easily configured through WEB-interface:

1. Select in the left pane Advanced Settings -> LAN -> DHCP Server

2. Select "Custom Configuration File "dnsmasq.conf"".

3. In the opened window to the end of the script append the text:

### Yandex.DNS for kids Smartphone 
dhcp-mac=set:kids,AA:BB:CC:DD:EE:FF 
# for host №2:
# dhcp-mac=set:kids,A2:B2:C2:D2:E2:F2 
dhcp-option=tag:kids,option:dns-server,77.88.8.7,77.88.8.3 

where AA:BB:CC:DD:EE:FF - MAC-address of the device for which you want to enable protection from "adult" material

4. Click Apply.

Note. You can select "Safe" mode by specifying the servers 77.88.8.88 and 77.88.8.2. For further details about modes, visit the website Yandex.DNS


Using a second router to increase the coverage area of ​​Wi Fi

Device # 1 connected to the Internet. Standard mode "Router". For example, LAN subnet 192.168.1.0 and address of Device # 1 is 192.168.1.1.

Device # 2 - remote. Switch to AP-mode in WEB-interface. It is better to assign a fixed address, such as 192.168.1.2 and this address add to the exception list on DHCP on Device # 1 or distribute addresses from 192.168.1.3.

warning.png IMPORTANT!!! All routers are configured for this scheme must have different names!!! The "Device Name" can be changed in WEB-interface

Example of WDS

On Device # 1 point is configured in Bridge tab (or for 5GHz) as "AP & WDS". Channel is fixed.

On Device # 2 point is configured as "WDS only", scan the air, add BSSID of Device # 1 to list. If you plan that customers will use this same point in the Device # 2, then configure it as an "AP & WDS". Then point will connect to Device # 1 WDS as a client and at the same time be able to work as a point.

Example of AP-Client

On Device # 1 point is configured in Bridge tab (or for 5GHz) as "AP". Channel is fixed.

On Device # 2 point is configured as "AP-Client Only", scan the air, add BSSID of Device # 1 to list. If you plan that customers will use this same point in the Device # 2, then configure it as an "AP & AP-Client". Then point will connect to Device # 1 WDS as a client and at the same time be able to work as a point.


How to configure xUPnPd mediaserver

Modern TVs have built-in network interfaces support DLNA, in other words, can play media (images, video, music) that are transmitted over the network.

To watch IPTV on your TV you should configure on your router DLNA-server xUPnPd.

How to configure built-in xUPnPd mediaserver

If you install to your router the firmware from the repository, it already contains the integrated mediaserver xUPnPd. In this case, the server xUPnPd is configured through WEB-interface:

  1. At first, select in the left pane Advanced Settings -> LAN -> IPTV
  2. Specify the port for DLNA-broadcast content (eXtensible UPnP agent (xupnpd), Web port).
  3. Click Apply.
  4. Perform the necessary xUPnPd mediaserver settings (including adding playlists), using a link Web status. xupnpd-en.png

How to configure xUPnPd mediaserver from Entware

With do the build firmware yourself, can be a situation that you have disabled xUPnPd when building for other services because of lack of space in the flash. In this situation, you may install xUPnPd mediaserver from Entware.

To do this, execute in a terminal:

# opkg update
# opkg install xupnpd

Start xUpnpd:

# /opt/etc/init.d/S94xupnpd start 

After installation the xUpnpd you may need to edit its configuration files, are located in folder /opt/share/xupnpd (All settings can be done through WEB-interface).


How to configure miniDLNA mediaserver

ReadyMedia (formerly MiniDLNA - is a server software with the aim of being fully compliant with UPnP/DLNA clients. It is developed by a NETGEAR employee for the ReadyNAS product line. It is not in any way endorsed by the Digital Living Network Alliance®.

warning.png When using a mediaserver UPnP/DLNA is recommended to have SWAP-partition, because in the process of creating the database of media content is consumed a large amount of RAM.

If you install to your router the firmware from the repository, You should note that the mediaserver miniDLNA is integrated into the firmware RT-N56U_x.x.x.x-xxx_dlna.zip (for RT-N65U router is the version RT-N65U_x.x.x.x-xxx_full.zip). The mediaserver miniDLNA is configured through WEB-interface:

  1. Connect the USB-drive with media content
  1. Select Advanced Settings -> USB Application -> Common setting
  1. Switch on UPnP/DLNA Media Server
  1. Specify the media sources (you can select its from the drop-down list) warning.png If you are using a shared folder for audio, video and images, you need to specify only the path to this folder and leave the other fields blank.
  1. Click Apply. dlna-en.png
  1. The statistics of MiniDLNA media server can be obtained by using the link Web status.

If the path to the content are correct, all new files will be updated automatically, regardless of the "Rebuild Database Content on Start".

"Rebuild Database Content on Start" has meaning only in these situations:

  • When you turn on the MiniDLNA manually
  • When you connect the drive when the MiniDLNA is enabled
  • When running the router with the MiniDLNA is enabled

MiniDLNA starts to re-scan the database if the database on the drive is corrupted or missing (or "Rebuild Database Content on Start" is set to "Force rebuild database").

Note. Sometimes, after changing the version of miniDLNA, the structure of its database is changed and mediaserver stops working. In this case, you must manually delete the database in the directory /media/Main/.dms (where Main - the volume label of the partition with media content). In this directory miniDLNA media server also places its log.


How to configure Transmission

Transmission is free BitTorrent-client which features a simple interface. Transmission allows users to download files from the Internet and upload their own files or torrents.

warning.png You can install Transmission to your router Asus RT-N56U/RT-N65U, but you must remember that the CPU in a subject is not adapted for these tasks and at the same time it will be loaded at 100%. It is also strongly recommended for downloads "native" file system - EXT2/EXT3/EXT4 (EXT4 is preferred). To prepare the USB-drive, you can use this manual (it should be noted that, most likely, you do not need the SWAP-partition)).

How to configure built-in Transmission

If you install to your router the firmware from the repository, it already contains the integrated BitTorrent-client Transmission. In this case, the Transmission is configured through WEB-interface:

1. Connect the USB-drive and, if necessary, format it to EXT4 file system.

2. Create folder transmission at the root of created partition:

2.1. Select Advanced Settings -> USB Application -> FTP Share.

2.2. Create folder transmission at the root of the desired partition web-add-folder-en.png

3. Select Advanced Settings -> USB Application -> Common setting

4. Switch on Transmission.

5. Specify the port to connect the peers (in this case the specified port will be automatically open).

6. Specify the RPC port for management (on the given port will be available WEB-based management of the Transmission from the LAN).

7. Click Apply. transmission-en.png

8. Perform the necessary Transmission's settings using a link Web control.

How to configure Transmission from Entware

With do the build firmware yourself, can be a situation that you have disabled the Transmission when building for other services because of lack of space in the flash. In this situation, you may install the Transmission from Entware.

To do this, execute in a terminal:

# opkg update
# opkg install transmission

warning.png To configure Transmission is most convenient to use the Transmission Remote GUI


Connect to router`s WEB-interface using SSH-tunnel

If you should have access to the router`s WEB-interface from the Internet, then surely you can open the port for the Web Access from WAN.

However, in this situation your password will be sent as plain text that is not safe.

There is a secure solution for this problem.

1. Configure terminal access

2. Allow access to SSH from WAN. In WEB-interface switch on "Access SSH server from WAN?" and specify "SSH Server Port from WAN": webssh-en.png

3. If you are using PUTTY, on the tab Connection -> SSH -> Tunnels select "Local", in the field "Source port" insert the value "8888" in the field "Destination" write "192.168.1.1:80". Then press the Add: putty_web.png

4. Establish SSH-session using port from the p.2.

5. To access the WEB-interface in browser specify the address http://localhost:8888


Connect from the Internet to the LAN located behind the router, using the integrated VPN-Server

If you should have access to the local network from the Internet, you can configure the VPN-server included in the firmware.


FTP port forwarding to a dedicated FTP server in the LAN subnet

If you should have access to FTP-server located in the local network from the Internet, you can do it in Web-Interface at page Advanced Settings -> WAN -> Port Forwarding:

advanced-virtualserver-content-en.png warning.png You should specify the "Local Port" only if it is different from the value specified in the "Port Range".

If this FTP-server is running on a port other than 21, you must add this port in FTP ALG at page Advanced Settings -> WAN -> Netfilter:

advanced-netfilter-content-en.png


How to configure FTP-server to access the USB-connected storage devices over WAN

If you need to access a USB-drives connected to the router from local network (or from Internet), you can use the FTP-server integrated into the router`s firmware. You can use this algorithm.

1. At first, select in the left pane Advanced Settings -> USB Application -> Common setting

1.1. Switch on "Enable FTP Server?"

1.2. Select "Share Access Mode:" - "Access with account" (Use anonymous access to Internet-access is not recommended!)

ftp1-en.png

2. Select Advanced Settings -> USB Application -> FTP Share

ftp2-en.png

2.1. Adding users

web-add-user-en.png

2.2. Create the directories (if needed)

web-add-folder-en.png

2.3. On the left side, select the user and specify the access to the necessary resources for him (on the right).

3. Select Advanced Settings -> Firewall -> General

ftp3-en.png

3.1. Switch on "Access FTP Server from WAN?"

3.2. Specify "FTP Server Port from WAN:" (default 21)

4. To access from the LAN enter in the browser (or FTP-client) ftp://my.router or ftp://user:password@my.router (where user and password are specified in Section 2.1). For access from the Internet instead of the my.router write your external IP-address or FQDN-hostname.


How to configure Samba-server to access the USB-connected storage devices over LAN

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy. Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

How to configure Samba-server by using the WEB-interface

If you need to access a USB-drives connected to the router from network devices (such as computers running Windows), you must configure the Samba-server integrated into the router`s firmware.

1. At first, select in the left pane Advanced Settings -> USB Application -> Common setting

2. Switch on "Enable SMB Server?"

3. If necessary, change the name of the Work Group

4. Select "Share Access Mode:" - anonymous access (without account) or access with account

5. If the router should provide the function of displaying the list of computers and shared resources on a network, then activate the item "Enable local Master Browser?"

samba1-en.png

If in step 4 has been selected access by using an account, then:

6. Select Advanced Settings -> USB Application -> Network Neighborhood Share

7. Add accounts and distribute the necessary permissions to directories (on the screenshot is not active, because anonymous access is selected)

samba2-en.png

Advanced configure for Samba-server

If you need to make advanced settings for Samba-server, which are not represented in the Web-interface (for example, change the root of shared resources), it is necessary to make additional manipulation:

1. Configure Samba-server

2. Select Advanced Settings -> USB Application -> Common setting and switch off "Enable SMB Server?"

3. Run terminal. Copy files from /etc/samba to /opt/etc/samba

4. In directory /opt/etc/init.d create script S08samba with this content (you can use this script):

 
prgmname1="/sbin/nmbd"
prgmname2="/sbin/smbd"
 
# configfile=/full_path/configfile
configfile="/opt/etc/samba/smb.conf"
 
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
 
#location of pid-file
nmbdpid="/var/run/nmbd.pid"
smbdpid="/var/run/smbd.pid"
 
start() {
        # Code here to start the program
        mkdir -p /etc/samba
        cp /opt/etc/samba/secrets.tdb /etc/samba/
        cp /opt/etc/samba/smbpasswd /etc/samba/
        ${prgmname1} -D -s ${configfile}
        logger -t nmbd "started $prgmname1, conf: $configfile"
        ${prgmname2} -D -s ${configfile}
        logger -t smbd "started $prgmname2, conf: $configfile"
        return 0
}
 
stop() {
        # Code here to stop the program and check it's dead
        [ -f $nmbdpid ] && kill `cat $nmbdpid` && rm -f $nmbdpid
        logger -t nmbd "service stopped"
        sleep 1
        [ -f $smbdpid ] && kill `cat $smbdpid` && rm -f $smbdpid
        logger -t smbd "service stopped"
        return 0
}
##########################start here##########################
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        logger -t Samba "nmbd & smbd restart"
        stop
        sleep 2
        start
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart}"
        exit 1
esac
exit 

5. Edit the file /opt/etc/samba/smb.conf (examples can be found on The Samba project website)

6. Start Samba-server (on start/reboot router the Samba-server will start automatically):

# /opt/etc/init.d/S08samba start 

How To mount SMB-resources from LAN?

Sometimes you need to access from the router to SMB-LAN resources (such as shared folders on Windows-based machine). This is possible, but you should know a few things.

1. The firmware should include the CIFS-client. All firmwares with the prefix nano as well as all the standard firmwares for the router N56U not contain this functionality. You must select the correct version of firmware (with prefixes base or full) or build firmware yourself to include a necessary component (ie, in the file /opt/rt-n56u/trunk/.config uncomment #CONFIG_FIRMWARE_INCLUDE_CIFS=y)

2. You must also run the modules needed to prepare and mount point. This can be done by executing the following commands in the console:

modprobe des_generic
modprobe cifs CIFSMaxBufSize=64512
mkdir -p /media/cifs
mount -t cifs \\\\{host}\\{share} /media/cifs -o username={user},password={pass}

You can enter this into the script "Run after Router started" to perform these operations, whenever you turn on / restart the router.

  • The des_generic module is needed to support Windows 7/8, otherwise you mount their shared resources in the log will be an error.
  • Backslash is a reserved character, so for entering UNC path like
    server\share, is needed shielding backslash. This is all according to the rules of the Unix-shell.

When you use the ping command in the console is lost access to WEB-interface

To run commands in addition to the terminal you can also use the console. However, it must be remembered that the interface waits when the command is finished. For example, in Linux, unlike Windows, the command ping running "endlessly" without returning the final result. Therefore, if you want to ping a host from the console, you must use the additional keys, ie, in the command line you need to write a command like:

ping -c 3 host

Using Authorized Keys

It is possible to sign into your router terminal without password and staying secure at the same time using SSH protocol.

It is very simple for Linux or MacOS users.

First, follow this link and enable SSH Server.

For Linux or Mac OS users. Open the terminal and generate new public and private key pair (on your PC).

# cd ~/.ssh
# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): n56u
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in n56u.
Your public key has been saved in n56u.pub.
The key fingerprint is:
83:f1:2a:b1:e4:51:0b:58:70:a3:06:3a:6a:f8:bf:d0 username@host
The key's randomart image is:
+--[ RSA 2048]----+
|. ..+            |
|.. = .           |
|o + . o          |
|oo   o =         |
|o.  + o S        |
|.. + + . .       |
|  o E .          |
|   o .           |
|    o.           |
+-----------------+

And copy them to router: Make sure you are copying publuc key (filename.pub)

# ssh-copy-id -i ./n56u.pub admin@my.router

You'll be asked for password this time. If you try to sign into router after this operation, you would be passed by using your public and private keys.

If you use Windows OS, you need to download the last version of PuTTY. Generate new keys, using puttygen.exe tool (you need to move your mouse when pressed 'Generate'). Save two generated files to disk. Copy public one to clipboard. Sing in to your router using Putty. (this time it will ask for password).

make sure that directory '/home/root/.ssh' exists:

# ls -la /home/admin/.ssh

If there is an error, create this directory:

# mkdir -p /home/admin/.ssh

Then type:

# cat - >> /home/admin/.ssh/authorized_keys

Paste your public key to the terminal, then press 'Enter' and then press CTRL+D.

Change directory rights:

# chmod -R 700 /home/admin/.ssh

That's it! Next time you wouldn't be asked for password.

If you'd like to save your Authorized Keys to router flash (keys would be available when disk is not mounted), then you should do:

# cp /home/admin/.ssh/authorized_keys /etc/storage
# mtd_storage.sh save

Let your FTP server be secure

The SSH File Transfer Protocol (also Secret File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.

SFTP-server is built to firmware and all you need to do is to enable SSH server here.

If you'd like to use sFTP from the internet (outside your home network), enable 'Access SSH Server from WAN?' here.

Install any client, which provides sftp. For example, Filezilla. And connect to the router:

host        your router local ip address
username    admin
password    YoUrSeCrEt
port        22 (10022 from the internet)

Create backup of directory /opt

First, stop all applications which started from /opt/etc/init.d. I think the easiest way to do it is to unmount disk in web GUI. So, go to http://my.router/, click to the disk icon and press 'Remove'. Then login to the router using the terminal.

# mkdir /mnt/backup
# mount -t ext3 /dev/sda1 /mnt/backup
# cd /mnt/backup
# tar -jcvf ./opt-backup.tar.bz2 ./opt
# umount /mnt/backup

Then unplug the disk and plug-in again.

If you'll need to restore data, then do almost the same:

# mkdir /mnt/backup
# mount -t ext3 /dev/sda1 /mnt/backup
# cd /mnt/backup
# tar -jxvf ./opt-backup.tar.bz2
# umount /mnt/backup

What is the difference between routers Asus RT-N56U and RT-N65U?

Here is a summary table of differences:

N56U:

  • [+] 2 RGMII ports (max throughput 1.3Gbit/s on boths direction between WAN-LAN for IPoE and PPPoE).
  • [-] Unstable USB2 port (i think bug in PCB)
  • [-] Only 2T3R WiFi 5GHz
  • [-] 2T2R WiFi 2.4GHz control on main CPU (high CPU load on high speed transfers)
  • [-] 8MB Flash (is enough for router applications)

N65U:

  • [+] 3T3R WiFi 5GHz
  • [+] 2T2R WiFi 2.4GHz on second CPU RT3352 (no main CPU load on high speed transfers)
  • [+] External USB3 chip (more stable, a bit more fast).
  • [+] 16MB Flash
  • [-] 1 RGMII port (max throughput 950Mbit/s on boths direction between WAN-LAN for IPoE and PPPoE).
  • [-] hardware issue with AP 2.4GHz on plug some USB HDD (RT3352 power issue on PCB)
  • [-] some noise from chokes on PCB

How to adjust the power of Wi Fi-signal?

The power of WiFi-signal regulated by the parameter TX Power Adjustment (%) (for 5GHz).

Available 6 steps to adjust TxPower (in fact weakening the power of the nominal value), which entered discretely from 0 to 100%:

  • 100-91: no weakening
  • 90-61: weakening -1dB
  • 60-31: weakening -3dB
  • 30-16: weakening -6dB
  • 15-10: weakening -9dB
  • 9-0: weakening -12dB

The calibration levels for TxPower are registered in the EEPROM, on each copy they differ, are prescribed at the factory with the procedure ATE. Firmware does not affect the EEPROM.

Updated