The goal was to run OpenVPN on my network router instead of running separate instances on each client device. I had an old and very reliable Asus WL-520GU with Shibby’s Tomato on it and i quickly discovered that the router didn’t have the horsepower to handle an encrypted VPN connection and so i began searching for a new router. After reading many reviews and checking out the specs, i bought an Asus AC86U. Unfortunately i didn’t do enough research.
One of the things a manufacturer may do to drop the price of their products is to bundle third party “features” with their devices and in the case of the Asus AC86U, and probably many other models, they come with several “features” that collect data and send it off to companies that have found ways to monetize it. Trend Micro, which is apparently some sort of anti-virus, was one of the “features” that the router was shipped with. In order to potentially avoid (and i emphasize potentially) the phoning home nonsense, one must not enable several of the built-in features of the router firmware, including AiProtection, Traffic analyzer, Apps analyzer and Adaptive QoS. You can read the EULA here.
None of this mattered much to me anyway since i intended to flash the Asuswrt-Merlin firmware which i assumed would be devoid of such crap. It wasn’t, and so i started looking for ways to disable or remove this Trend Micro garbage, however i was never able to discover a solution. The Trend Micro spyware/malware (let’s call it what it really is) appears to well-baked into the firmware and apparently Merlin, one of the very well known developers for third party Asus firmware, has no interest in removing it. In my searching for solutions i came across some interesting stuff, including the following:
VPNIntegrity: AsusWRT/Merlin AI-Protection calling home to US Department of Defense, Hardening AsusWRT against NSA/DoD & the Whores of SNBForums
Asus router warnings on privacy and security | Computerworld
384.6 Now sharing data to Trend Micro? | SmallNetBuilder Forums
With no solution for removing the Trend Micro spyware, i started looking for other third party custom firmware, however i wasn’t able to find anything that would work on the AC86U specifically. In the end my solution was to box up the Asus and ship it back, exchanging it for a Linksys WRT1900ACS which i flashed with DD-WRT (actually i flashed OpenWRT first but quickly realized i was in way over my head). The Linksys WRT series of routers are not an ideal solution either, nor is any other equipment that uses proprietary hardware and drivers, however i wasn’t able to find a source that would ship a Turris Omnia to the U.S.. Now that is a router!
My advice is to stay away from Asus routers, or any other manufacturer that bundles third party crap with their products or forces you to register the device before it can be activated.
As far as the DD-WRT firmware (version 3), it’s not great. Merlin’s was better, but obviously it wasn’t an option for me. The use of VPNs is apparently on the rise and yet there’s no option to import VPN configuration files with DD-WRT so you have to set everything up manually. Just as bad is the fact that you can only setup a single VPN client, so if the configured server drops for any reason, you can’t quickly switch to another. I liked Shibby’s Tomato a lot, but it doesn’t work with the newer ARM based routers unfortunately.
What do you think about all this?