ASUS RP-AC68U – what a piece of crap

Firstly I want to say sorry if you, like me, ended up with one of these pieces of shit on your network.

The device worked at the start until the latest firmware was released. When firmware is released you don’t think that the firmware will be so broken as to make your entire network will go off line intermittently due to this device deciding that it wants to do its own thing.

I was using this device as an Access Point – to connect wifi devices to the LAN. Simple really! The device is marketed as an Access Point, so it should function correctly as one.

An Access Point should act as a network bridge. Packets come in over wifi and the AP sends the packets out the LAN cable, and when the packets arrive at the AP over the LAN then the AP send them out over wifi.

That’s it! It is that simple. An Access Point should NOT intercept or tamper with traffic. It has no reason to act as DHCP or DNS server. Anyone who wants an AP will already have DHCP and DNS servers somewhere else on their network.

Unfortunately the ASUS RP-AC68U does just that – it’s trying to be too smart by half. But sadly the developers who wrote the firmware are incompetent. They made mistakes by acting as a DHCP and DNS server even though an AP has no business with offering these LAN services. But that would most probably be OK if you could disable that functionality but nope, can’t do that.

What makes matters worse is that there is a disconnect between the GUI and the actual configuration of the device which is where the real trouble starts.

In the GUI you can set the IP address of the default gateway, and also set IP addresses of 2 DNS servers. Any sane person would think that that would mean that the default route of the device would be set to the default gateway IP, and that the /etc/resolv.conf file would have 2 entries.

BUT no, for some absurd reason the developers decided that your default gateway IP address should be added as a third DNS server in /etc/resolv.conf. The only way to not have the 3rd DNS added is to not set a default gateway – yup, how broken is that!

This makes the device useless to people who run a split DNS – one internal DNS forwarding to specific forwarders, and one external on your router. So this means that when the AP intercepts your DNS request there’s a 1 in 3 chance of your request being forwarded to a DNS server you don’t want the request going to. Chaos ensues when internal hostnames fails to resolve.

So, once I worked out what was happening I raised a ticket with ASUS local “customer support”… got a response quickly asking for screenshots which I sent in that day… and then I waited, and waited and waited.

About a month later I poked them so get a status – we didn’t see your e-mail. So I had to resend and asked for acknowledgement of receipt. All good, getting some action.

Weeeelllll… no…. a month later I poke them again and they asked for me “Do you want us to send this to global support?”… WTF?!?!? They’ve been sitting on this support ticket for 60 days and have done nothing with it. Now I had to fill in a word document with screenshots and descriptions that I’d already supplied them.

Problem finally gets sent to global support and I got asked for some clarifications later that week, I also sent them results of an experiment I did to show the problem, and since then it’s been nothing but silence from them.

It looks like local, in country support, have zero technical ability and they just act as paper pushers to forward e-mails to the global team once customers get irate enough. And the developers can’t seem to grasp why what they’re doing is wrong.

In the meantime I started seeing the RP-AC68U giving out DHCP leases to LAN clients as well… not good.

Downgrade I thought! I downloaded an order version of firmware that I’d used before the upgrade, but nope, can’t downgrade… sigh…

I shot off an e-mail asking how to downgrade…. silence… sent off another e-mail asking how to downgrade (or get a refund)… silence…

That was the last straw, so today I decided to buy a proper Access Point, you know, an Access Point from a reputable company that knows networking rather than some hacks.

So now my network is running a brand new Ubiquiti Networks Unifi AP AC PRO (model number UAP-AC-PRO)  Access Point. It was a breeze to setup (the UI looks like it was written by an adult rather than the amateur looking ASUS UI), wifi speeds are faster, but most importantly it’s acting as an Access Point and not intercepting and tampering with my network traffic!

And then, with much happiness, I took to the piece of shit RP-AC68U with a hammer, and then deposited the pieces in the bin where it really belonged. I toyed with selling it on eBay but I couldn’t in good conscience pass this junk on to another poor soul.

The lack of ASUS support has guaranteed that there will never be another ASUS product in this household. Life is too short to have to deal with fucked up devices and non existent support!

Do yourself a favour – buy Ubiquiti wifi gear, you will love it!

Using VPNs to protect your privacy

We’ve all seen the depths to which governments across the world will go to get their grubby little hands on your private data. Often illegally!

The Prism surveillance program, XKeyscore & the recently mooted Australia metadata retention program are all cases in point. Yep, that’s Australia’s elected Attorney General there!

If you think that the spooks and federal, state & local police aren’t trawling through your information without a warrant (Canada, Romania, France, US) then quite frankly you are a moron and you shouldn’t be allowed to use the Internet.

So what can you do to protect yourself?

Most decent routers allow you to establish Virtual Private Networks (VPNs) that encrypt your data and then send that data to somewhere else on the planet.

Without a VPN your data leaves your PC, goes through your router to your ISP and pops out in your own country and this is where your local spooks and cops are slurping up your data for analysis.

With a VPN the data that they slurp up is gibberish. It’s encrypted which makes it difficult (but not impossible mind you) for them to read.

How to setup a VPN?

This all depends on the capabilities of your router. There are 4 or so major VPN “standards” and you’ll need a router that supports one of more of them.


OpenVPN is an open source project that implements a quite robust VPN protocol and it is supported by pretty much every VPN provider on the planet. Quite easy to setup and keep running. Downside is that you normally need to install a special firmware (DD-WRT or Tomato) on your router to get this capability and not all routers support this special firmware.


IPSEC is an Internet standard for the encryption and authentication of the data packets on the Internet. There are slightly different variants depending on whether you’re doing site-to-site VPNs or setting up a teleworker to dial into your network.

A very secure protocol but can be a hassle to setup correctly due to the number of knobs that can be tweaked. Things like NAT can cause you much grief.


L2TP by itself does not give you encryption so is pretty much useless by itself for protecting your communications. But when L2TP is coupled with IPSEC you end up with a relatively good level of security for your Internet communications.

L2TP/IPSEC is a good trade off of simplicity and capability.


PPTP is NOT considered secure anymore. Do not use unless you absolutely have to and nothing too confidential is flowing through the VPN. Probably OK for torrenting.

Are all VPN providers created equal?

In a word NO!

The technical capabilities of the VPN provider, the support experience and network speed all come into play when selecting a provider. You might also be concerned with how you can pay for your VPN – some providers allow you to pay with anonymous gift cards if you’re that paranoid.

I recently upgraded to a Draytek Vigor 2860 router. I’ve been quite impressed with it in the short time I’ve been using it. The 2860 supports dial-out VPNs, load balancing & failover VPNs, and policy based routing that allows you to select what data goes out via the VPN and what data go out direct to your ISP. You have have upto 32 VPNs configured.

During my travels I’ve seen that VPNs don’t all live up to their marketing hype. While all the providers below say on their webpage that they support “L2TP/IPSEC” your results can vary widely. For example, 2 of the providers below will quite happily establish an L2TP/IPSEC connection without the encryption turned on! Completely useless as a VPN to protect your identity and information.

VPN ProviderSupports L2TP/IPSECSupport QualityComments
WitopiaYes, with AES encryption and SHA1 AuthenticationI've only needed to use support once and it was fast and efficentDownside is that technically you're not allowed to setup Witopia VPNs on routers.
NordVPNYes, with AES encryption and SHA1 AuthenticationWorked straightaway - have had no reason to speak to support yetGreat so far - highly recommended
Private Internet AccessYes, but NO ENCRYPTIONPoor and slow. Their L1 support staff are useless. They skim through the e-mail and then cut and paste an answer that doesn't helpAvoid at all costs
Proxy.shYes, but NO ENCRYPTIONPoor and slow - a question that I placed 7 days ago still hasn't been answered or acknowledged.Avoid at all costs
KepardYes, with AES encryption and SHA1 AuthenticationWorked straightaway - have had no reason to speak to support yetGreat so far - highly recommended
vpn.acYes, with AES encryption and SHA1 AuthenticationWorked straightaway - have had no reason to speak to support yetSeems good so far

My advice

Try your chosen VPN provider before you make a long term commitment to them. Some offer a couple of days for a dollar or 2 while others will need you to commit for a month at around $10.

Try to setup the VPN on your router. I can assure you that you’ll probably have problems in the first instance so hit up support early and often to you can gauge the type of response you’ll get ongoing.

My suggestions

From my tests I’d suggest VPN.AC and Kepard. Witopia would be up there if their T&Cs allowed you to host the VPN on your router.

In no way, shape or form would I suggest anyone use Private Internet Access or if they needed a L2TP/IPSEC VPN on their router – life is too short to have to deal with incompetent help desks.

NordVPN can be veeeeeeeeeeeeeeeery slow at times.

Internet Forum Trolls – it’s my problem apparently!

I luckily don’t deal with too many trolls… but when you do its makes your blood boil, especially so when the forum admins condone the utterly reprehensible behaviour.

The background was that I’d bought a new Logitech Harmony Ultimate (which gives you a Harmony Ultimate Hub and a Harmony Touch universal remote). About 3 weeks after I bought it it failed with the LED on the HUB flashing red and the unit was unresponsive until is was restarted. I thought this was a glitch so restarted the Hub & Remote and it fixed itself.

The problem was only fixed for a little while until it returned.

When the Hub & Remote failed again I decided to see if this was a problem for only myself or was a wider problem. I went to the Logitech support forums and noted that I wasn’t the only person with the problem. Indeed I think I was post number 6 with atleast 4 people saying they were having similar problems.

Given this it seemed to be a known problem (and as of now we have ~30 people with similar issues) I decided to post to the forum with a “me too” in hope of help.

Things went slow for a while. It appears that even though these are the Logitech support forums they don’t seen to actively monitor the forums… what a FAIL!!!! I resorted to a Twitter poke and a post to our local Whirlpool forums to get some action.

After the Twitter prod we got some focus on the issue from Logitech and also from some Logitech support forum troll called “rhachey“. Rhachey seems to be one of those people who think that their worth in life if dictated by the number of posts (on topic or not) that they write on the internet regardless of whether those posts are useful or on topic.

What made me fume more was that the idiot posted pretty much saying “I haven’t bothered to read what you wrote BUT what is your problem?”. Mind you this was on page 3 of the forum so there were no more than 20 posts describing various people’s problems but the troll couldn’t be bothered reading the onerous number of posts describing the problems but, apparently loving the sound of his own voice, they had to respond to the thread with posts that added ZERO value.

I admit that in my response I “went the troll” and that got pulled up by the admins. Here is the exchange!

Them with the title “Keep it Courteous”

Your post was removed because it violated the “Keep it courteous” section of the User Guidelines.

Everyone wants to have a positive experience while on the Forums – please make sure that you are not detracting from any other user’s experience. In particular, please refrain from posting anything unlawful, libelous, defamatory, obscene, pornographic, indecent, lewd, harassing, threatening, harmful, invasive of privacy or publicity rights, abusive, inflammatory or otherwise objectionable or injurious to third parties. Your opinions are always welcome, but personal attacks and harassment in the Forum, including through the Forums private messaging system, are not acceptable.

Thanks for your help in keeping the community a friendly, productive environment for all members.

OK, maybe I over stepped the mark so I responded to the admin

OK, I’ll keep it courteous… but that other guy is just a troll!

Apparently not

rhachey is not a troll and has helped hundreds of people on these forums.

OK, so this troll (and I still think they’re a troll) has over 15,000 posts on a support forums as a NON PAID participant and has helped, in the admin’s words, “hundreds” of people… that’s still the best part of 14,000 posts that have not “helped” people. I interpreted the trolls post as non helpful in my particular case in my response to the admin.

Well, in this case he is NOT helping, and he has admitted he didn’t bother to read the thread before responding and his posts are adding ZERO value to the discussion. That’s a troll in anyones book.

For everyone’s sake please tell him to stay out of this thread as it doesn’t concern him.

Well, here’s where the Logitech forum admins lose the plot… apparently it’s MY problem for posting the problem! WTF!!!

You came to this site looking for help, I suggest you accept what help is given and be respectful about it. As rhachey stated, too often people hijack a thread and to read through a complete thread everytime to see if it actually has something to do with that thread can consume a lot of time.

I think the Logitech forums admins finally got it when I responded as they’ve not got back to me yet

Yes, I came looking for help, not posts of ZERO value and admissions of people who respond haven’t even bothered to read the short (3 pages) of posts for the problem before they reply with a useless non response.

 Oh well, it looks like the other guy is a protected species and is seems post quantity rather than post quality is what counts… ok, I’ll play by your rules.

Why do multinational, multi Billion dollar companies, allow trolls on their support forums to hijack legitimate support requests and why do these same companies allow their forum admins to become beholden to forum trolls who’s only rasion d’etre is to to increase their forums post counts?

NEWSFLASH morons – no one cares how many posts you’ve had on a random internet forum! Get out of your mother’s basement. Met some people. Do some stuff. Travel. It’s very sad that your existence is defined by the fact that you’ve written over 15,000 posts in a support forum for company that doesn’t even pay you!

Logitech – pull your forums admins into line and tell them to keep the forums trolls (and post number sluts) under control. Your products are decent but you need to stop your forum admins and random internet fuckups hurting your own brand!

And fix the problems with your Logitech Harmony Ultimate (Harmony Ultimate Hub and a Harmony Touch universal remote) as you’ve got alot off pissed of customers!

Giving Foxtel the flick

I’d been a Foxtel satellite customer (as I live in an apartment building) for thirteen and a half years and I’ve seen the cost of my subscription go up ~50% over that time with no noticeable increase in the quality of the programming. A couple of month ago I got the yearly “regrettably we’ll need to increase your monthly fee” e-mail which would have seen me paying ~$70/month for a service I watched for less than 20 hours a month. I decided to call time on my subscription and search for an alternative.

I had a quick look at a local IPTV service called fetchtv that is resold through a number of ISPs but that just seemed like a cut down Foxtel service that was still going to cost me ~$35/month for only a handful of channels. The value just wasn’t there.

In the past I’d looked at Internet streaming services such as Netflix & Hulu. You can view some of the Netflix and Hulu content in Australia but a majority of the content is “Geo Blocked” meaning that you need to be in the US to stream the movies and TV shows. Hmm, that seemed like a problem, but a quick Google search provided a simple and elegant solution.

There are a number of services you can subscribe to that fool the US-only streaming services into thinking your Australian internet connection is actually a US internet connection. If you google “Smart DNS” you’ll find services like Unotelly, Unblock-us, getflix, overplay and a plethora of others. Some services concentrate on getting you access to just Netflix & Hulu, while others try to open up as many streaming services as possible (and not just US services, but UK, Nordic, NZ etc as well). Most services allow you some sort of trial period so you can try them all and choose whichever one you think is best for you.

To use the SmartDNS you need to change the DNS servers your desktop/laptop/tablet uses by either changing the DNS setting on each device or you can change the DNS settings on your Internet router so they apply to all your devices. I made the change on my router.

To test your SmartDNS is working by trying to watch some of the free content on Hulu or Netflix. If you can watch half a dozen different shows then your SmartDNS is working.

Having free stuff to stream is good, but if you want access to most of the Netflix and Hulu content you’ll need a subscription to each of the services. This then throws up the next roadblock – to subscribe to these services you need a US address and a US credit card.

Getting a US address is simple. Open up Google Maps in your browser, choose your favourite US city and zoom in until you find a house you’d like to virtually move into. Write down the address, including the Zip code for future reference.

Getting a US credit card is just as simple. Again, Google is your friend, just search for “Virtual US credit card”. I ended up using a service called Entropay which allows you to load money from your Australian credit card into your shiny new virtual US credit card.

Once you’ve got your virtual US credit card and address you can sign up to your streaming service. Hulu gives you a 2 week trial and Netfix a month so you can try them before committing to parting with your cash. After the trails both Netflix and Hulu are each $7.99/month.

If you’ve done all of the above you should now able to stream your favourite TV shows and movies to your desktop/laptop/tablet.

But how do you get these movies and TV shows onto your telly? If you Google “movies streaming appliance” two appliances will pop up near the top of the results list that fit the bill. The first is the Apple TV and the second is a family of appliances from Roku. They both do pretty much the same thing so I went for the unit that had been more recently updated which were the Roku units.

There were 2 Roku units I was looking at: the Roku 2 and the Roku 3. The Roku 3 is the faster, better speced unit but it only has HDMI outputs and since my trusty Pioneer A/V receiver doesn’t support HDMI I went for the $10 cheaper Roku 2.

Buying a Roku for delivery to Australia may be an issue as well. You’ll need to buy from a seller who will ship internationally or use a freight forwarder like comGateway. I found a brand new still in sealed box Roku 2 on eBay for a reasonable Buy-It-Now price from a seller who was happy to post to Australia and a week later I had my Roku 2 in my hands.

One thing to note is that the Roku 2 came with a US 110V-only power supply so I had to purchase another power brick from Jaycar that cost me $30.

Setting up the Roku was easy. You’ll need to create an account on the Roku website that you connect your Roku player to. I plugged the Roku into my A/V receiver, powered it up and a couple of minutes later the Roku was up and running. Firstly you’ll need to connect it to your home Wifi and then it downloads the latest software updates and reboots.

Roku has this notion of “Channels” that are synonymous with applications on an iPad or Android tablet. You will see the Netflix and Hulu apps are preinstalled and all you need to do is connect them to you Netflix and Hulu accounts you previously created. Once the accounts are linked to your Roku you can watch your movies and TV shows on your TV.

Streaming video does use your internet download quota so you’ll need to be on a decent plan with your ISP. Streaming will use somewhere between 0.5 to 1 GB/hour so I upgraded my Internode plan from 200GB/month to 400GB/month for an extra $10/month.

So, let’s do the sums to see if I’m financially infront.

What would Foxtel cost me over 2 years?

Foxtel over the next 2 years would have cost me:

2014 $72*12=$840

2015 (assuming $2 increase per month) $74*12=$888

Making a total 2 year cost of $1728.

What’s my new setup going to cost me?

Once off costs: Roku $120, Australian Power supply $30 for a total of $150.

Monthly costs: Hulu $8, Netflix $8, SmartDNS $4, increased Internet download quota $10/mo = $30/mo, so total for 2014 is $360 and if we assume 10% escalation for 2015 the cost will be $396.

That adds upto is a total 2 year cost of $906.

Doing the sums will show you that I’ve saved $822 over two years… not a bad little saving!

So what are you waiting for? Get rid of your absurdly expensive, poor quality programming Foxtel and start streaming!