Last night I decided to upgrade a Asus RT-N16 from build:
All appeared to work well until I actually tried connecting to the internet from my laptop. Pages such as
simply refused to load. I tried both firefox and google chrome. When I used a squid proxy, running on the router itself, everything worked normally. I did not figure out the pattern as to what worked and what didn't, but I suspected it is related to ipv6. I went to test-ipv6.com. All tests reported success but there warnings indicating my browser was blocking the test pages… When I did a wget on https://accounts.google.com on my laptop, wget complained it could not validate google's SSL certificate.
I tried disabling IPv6 but the router continued trying to use IPv6. I finally ended up enabling it again and then adding a firewall rule on the router:
ip6tables -I INPUT -j ACCEPT
That resolved the problem with the test-ipv6.com.
The only drops I saw in the log were to the IP address of my modem and to the IP address my HE tunnel. It seemed badly broken that those packets would get dropped. So I added the rule:
iptable -I INPUT -j ACCEPT
So now everything was set to default as accepted both ipv4 and ipv6.
I saw no more drop messages. But still I could not connect to google plus or facebook from my laptop, even after rebooting that as well. I finally had to admit defeat so I could get back to work. So I flashed tomato-K26USB-1.28.RT-107-Mega-VPN.trx. I already have a different router running that build, so I knew it would work correctly.
So it seems like there is a problem in the firewall rules for build 116. But I suspect there is also a more fundamental problem I did not manage to uncover.
A little background information:
ipv6_dns=2001:4860:4860::8888 2001:4860:4860::8844 2620:0:ddd::2
The IPv4 addresses with the drops I mentioned above:
I can provide more details as needed.