Left: ASUSWRT -Merlin firmware, Right: Standard ASUSWRT firmware
I used to drink the alternative firmware Kool-Aid. My first experience with alternative firmware was running MRBios on my old Gateway 2000 P5-120 just because it was there. At the time, I felt MRBios was more stable and gave me more features. Then again, that was during the days of Windows 95 and extraordinary instability, so anything could have been perceived as improvement.
I never ran any benchmarks to prove anything to myself and probably wouldn’t have believed them if I did. I just knew different had to be better and the original manufacturer had to be keeping me from using my system to its fullest potential.
When DD-WRT started getting popular, I was lucky enough to have a Linksys WRT54G lying around. I still remember the article Hack Attack: Turn your $60 router into a $600 router, which sounded great to me! After reading up on the upgrade process, I loaded it right up—possible bricking be damned! While DD-WRT included a plethora of features, the reality was that I hardly used any of them beyond amplifying my wireless signal, which didn’t seem to help throughput much.
It wasn’t until I read the two SmallNetBuilder articles,Can DD-WRT or Tomato Fix Bad Routing? and Lots More Features, Lots Less Performance: NETGEAR WNR3500L with DD-WRT Reviewed that I really started to objectively question my own thinking as to whether different was necessarily better or simply just different.
At that time, I had progressed to a Buffalo WZR-HPG300N, which Buffalo offered with its own firmware and with a Buffalo-branded DD-WRT firmware. Aesthetically, the Buffalo firmware was a pig in a dress, i.e. items were confusing, pages weren’t laid out as you’d expect them and it just plain looked bad.
In contrast, the DD-WRT interface looked polished and consistent so you just knew it had to be better. Flashing back and forth however, I noticed the Buffalo firmware had more consistent wireless performance. The nail in the coffin for the Buffalo firmware, however, was its lack of support for NAT loopback. I was doing web development at the time and needed to access webservers on my lan by their FQDN. Buffalo’s firmware did not support NAT loopback, but the DD-WRT rebrand did.
When Tim asked me to take a look at the ASUSWRT-Merlin firmware for the popular ASUS RT-N66U Dark Knight, I’ll admit I was skeptical. This firmware is the brainchild of Eric Sauvageau, who goes by RMerlin in the SNB forums. What I found was a refreshingly different focus from other "alternative" firmware. Here is Eric’s project description from the forum sticky.
The primary goals of this project are to fix bugs, add a few basic features and tweaks to the original firmware. This firmware will try to remain as close as possible to the original firmware. If you are looking for a slew of advanced features, then this project is not for you. Look at TomatoUSB or DD-WRT, two excellent products that might suit your needs better.
If however you prefer something as close as possible to the manufacturer’s firmware, then this is for you.
The ASUSWRT-Merlin firmware, rather than reinventing the wheel and flashing your router to something completely different, simply expands upon the original manufacturers code. In some cases he fixes bugs, sometimes completes features, or occasionally adds features not present in ASUS’ firmware. In reading through release notes, it appears ASUS has even provided Eric with beta code to test and work with. So the underlying code in ASUSWRT-Merlin is still ASUS’, which should theoretically give you the best of both worlds.
For the sake of brevity, I’ll be referring to ASUSWRT-Merlin as simply "Merlin" for the rest of this review.
Re-examining the ASUS firmware
Before diving into Merlin, I wanted to go back through the original Dark Knight review and take a look at what Tim reported as some of the missing or broken features to see if ASUS had fixed them.
I upgraded the router to ASUS’ latest 126.96.36.199.260 firmware and found that many shortcomings had indeed been fixed. One example is the DLNA media server. While not functioning in the original review, I found it to work pretty well in the latest firmware. The one exception being that the USB drive disappeared sporadically. Reboots of the router wouldn’t fix it; I needed to pull the USB drive and reinsert it to have the drive functional again.
The grammatical “Enabled” buttons in the Guest Network settings to enable a guest network are now simply “Enable” as they should be. NAT loopback also works now as I was able to acess local hosts by their internet FQDN. Remote administration of the router now has HTTPS and IP access lists. I believe this first appeared in Eric’s Merlin firmware and later in the ASUS firmware.
Parental controls now have a keyword, URL and Network Services filters. However, these controls are under Firewall and not Parental Controls. The controls also are global settings, i.e. not settable per client.So if you want to block your pre-teen from using Facebook, it will unfortunately be blocked for everyone.
Not fixed are the QoS settings and the lack of alarms on the Traffic Monitor.
Merlin Feature Summary
I tested the Dark Knight with the latest Merlin release, 188.8.131.52.264.22. According to the SmallNetBuilder forums sticky, Merlin provides the following changes over the original firmware:
- WakeOnLan web interface (with user-entered preset targets)
- JFFS persistent partition
- User scripts executed at init, services startup, WAN up, firewall up and shutdown.
- SSHD (through dropbear)
- OUI (MAC address) lookup if you click on a MAC on the Client list (ported from DD-WRT)
- Saving your traffic history to disk (USB or JFFS)
- Displaying monthly traffic history
- Cron jobs
- Monitor your router’s temperature (under Administration -> Performance Tuning)
- Display active/tracked network connections
- Allows tweaking TCP/UDP connection tracking timeouts
- Various bugfixes: crash issues related to VPN, etc…
- layer7 and cifs kernel modules added
- Optional user-settings for the WAN DHCP client (required by some ISPs)
- Description field added to DHCP reservation entries
- Dual WAN support (RT-N66U, RT-AC66U)
- Disk spindown after user-configurable inactivity timeout
- System info summary page
- Wireless client IP, hostname, rate and rssi on the Wireless Log page
- OpenVPN client and server, based on code originally written by Keith Moyer for Tomato and reused with his permission. (RT-N66U, RT-AC66U)
- Customized config files for router services
- Customized config files for router services
- LED control – put your Dark Knight in Stealth Mode by turning off all LEDs
- Option to force your router in becoming the SMB master browser
When stock firmware of any router gets derided as “crap” in the forums, stability is usually one of the items mentioned. But "stability" is often hard to define. However, there is a key instability cause that Merlin addresses for the RT-N66U and RT-AC66U.
ASUS enabled GRO (Generic Receive Offload) by default in early firmware versions and still gives users the option to enable it in current versions. Generic Receive Offload merges similiar network packets so that the OS and CPU see less of them, which reduces network overhead.
GRO is supposed to increase network performance. But in the Dark Knight, it has been shown to cause instability. User experience has shown that simply disabling GRO made the router more stable. So Merlin firmware completely disables GRO in the name of stability.
Top: Merlin firmware (no GRO option), Bottom: ASUS firmware
Merlin also contains a few bugfixes, such as fixing the crash on VPN/NAT Loopback access of LAN devices.
A big benefit of the Merlin firmware is that you keep the OEM look, feel and functionality. ASUS has a decent AiCloud, which allows you to access your home network via your mobile phone anywhere, and Merlin firmware retains this.
For support, since Merlin is built off of ASUS’ firmware, many of the discussions in the official ASUS Wireless Forum are relevant to Merlin code. This is an advantage over loading up Tomato or DD-WRT, where OEM forums have little to no relevance.
But Merlin isn’t just about bugfixing; Eric has added a few features, too. You have the option to shut off the router’s LEDs, which is nice if you don’t want it lit up at night or be a distraction in a media room.
A Wake-on-LAN page has a drop-down of all MAC addresses with any resolved names, which you see in the image below. This makes it easy to select a device to be woken up.
Merlin firmware WakeOnLan
(An alternative to waking your clients at the router may be the Fing mobile app that we reviewed with its cloud features back in August.)
On the Clients List, any unresolved clients will pop up a page from the IEEE’s OUI (Organizational Unique Identifier) database if you click on the MAC address, i.e. OUI Lookup. This is nice when looking at connections on the router and wondering which clients they represent. While the lookup doesn’t provide a device’s actual name, the OUI Lookup will show the vendor that the MAC address belongs to.
Merlin firmware Unresolved clients OUI Lookup
Also added is the option to save Traffic Monitor statistics to USB vs. RAM only so they can be retained on a reboot. The image below shows the custom traffic monitor saving location and the option for disk spindown.
Custom location for saving of traffic monitors and disk spindown
Tweaks – more
The wireless radio temperature tracking page is kind of interesting. Since increasing transmit power makes the radio run hotter, which will decrease its lifespan, this graph attempts to let you make an informed decision. I didn’t mess with transmit power at all to test this. As I mentioned in the past, I’ve never had good luck with boosting transmit power on other routers and don’t expect that to be any different in this case.
Wireless radio temperature history for transmit power tuning
I did run an unofficial wireless test on the default transmit setting with LAN Speed Test just to see how it fared against my NETGEAR WNDR4500. I only tested 5 GHz, but I saw about a 10-20% better throughput, something confirmed in the router charts.
Merlin firmware also adds an OpenVPN client and server to the firmware to add more secure VPN options (OpenVPN uses SSH) than the stock PPTP-based VPN server.
OpenVPN client and server options
SSH is also added as a login option for secure command-line management of the router.
JFFS partition and SSH options
The screenshot above also shows a persistent JFFS (Journaling Flash File System) partition option to support configurable scripts.
The last notable feature addition is the option to use short names for shared folders vs. disk name-folder name convention used in ASUS’ stock firmware
While open source based firmware like DD-WRT and Tomato are valuable in their own right, ASUSWRT-Merlin adds a lot of value to the ASUS’ stock firmware. Eric’s main focus on bug-fixing provides improved stability. And his selective approach to feature addition doesn’t put that improved stability at risk by possibly introducing new bugs along with features.
The dirty little secret of alternative firmware is that the open source drivers it must use aren’t always the best. This is particularly true of wireless drivers, where chip manufacturers work closely with their customers to squash bugs and tweak performance. By using ASUS’ own code as the ASUSWRT-Merlin base, Eric is able to provide value to both users and to ASUS, which is a win-win.
While other alternative distros like DD-WRT and Tomato add a wealth of features, they usually introduce problems of their own along with potentially lower performance. Eric Sauvageau’s ASUSWRT-Merlin firmware provides improved reliability and a few carefully-chosen new features, while not putting performance at risk. It’s a minimalist, first-do-no-harm approach that is very refreshing.