Fixing My Asus AiMesh Node Drops

I’ve been generally happy with my AiMesh system, even extending it to my mother’s house on our property.  However, we’ve had the occasional node drop from the system and it has become more and more frequent, requiring a reboot of the node to bring it back.

Oddly, the IP address of the off-line node could still be pinged and ssh’d into, but the clients connected would drop and it would show off-line in the router administration page.

After a lot of internet searching with only clues and no real solutions, I started looking at the logs and how they nodes were connecting to each-other.  Some things were readily apparent and helped resolve this:

  1. Location! Location! Location! I downloaded the Asus app which actually showed me how the nodes connected to each other. For some reason the web page for the router does not include this valuable information. In the picture below, you can see how the nodes are connected currently. The node in the middle is in the garage connected via Ethernet and feeding the two “below” which are over at mom’s house wirelessly. The node with the chair on it is in our living room and geographically next closest to the garage node. What was happening was the signal strength between the living room and garage was in the threshold of “good enough” causing the two wireless nodes to “hop” back and forth continuously between the two. I assume eventually, they’d get dropped by a confused system. I moved the living room node just a bit further away and the situation improved.
  2. Roaming Assistant. In the router’s web-app, under Wireless and Professional tab is this setting. I changed this value from the default settings of both 2.4GHz and 5GHz to 62dBm. This forces clients and nodes to connect to access points offering what we see is “about 3 bars” on our devices, if available. This caused the hopping nodes to zero-in on the better node and stay connected. I’ve had no drops since this change.
  3. Airtime Fairness. Also in the same section above, I’ve read that Disabling this feature can fix some issues. I have set that initially and noticed maybe some difference, but for me I consider this a minor contributing factor of the improvement.

So, the AiMesh system can be very robust and stable, but it isn’t quite the out-of-the-box set-and-forget-system they claim. Perhaps I, and the others with nodes dropping, are edge cases with a lot of wifi traffic and heavy use. If you’ve stumbled across this, hopefully this helps!

Asus AiMesh Node Auto-Reboot

I have several Asus routers running their AiMesh networking. AiMesh was perfect for me because when it came out, I already had a couple of routers that supported it and I wanted to expand my network and use MESH anyhow. The expense was only one additional router.

It has worked very well, except on rare occasion, my MESH node that is furthest out in the garage will lose its association and require a reboot to reconnect. It is really on the edge of signal range that I’d consider reliable.  Since these Asus routers are unix-based, a little scripting magic will save me a run out to power-cycle it.

We’ll create a script that pings an address on my LAN every 15 minutes. If unable to ping that address, it will wait 4 minutes longer and then reboot the node. Why 4 minutes? If the nearest node it is speaking to is getting a firmware upgrade or reboot, it will have time to complete and return a ping.

Log-in to your router, switch to the jffs directory, make a scripts folder and go into it as shown below:

Create the following scripts:

You will want to change the IP address above to something on your LAN. Save it, I called mine

Make a script called services-start that will include a cron job to run this script at 15 minute intervals:

Then, make sure both are executable.

Asus routers do not retain cron tasks when rebooted, to do this we add our services-start script to run at boot which adds the task. Technically, when the jffs directory is mounted this nvram variable runs the script. Add it by issuing the following commands:

You can test it right away by just issuing a reboot, waiting for it to come back on line, when it does, log back in and check the cron. You would see something like this with the following command:

Of note, the jffs directory is a semi-permanent user storage on the router. It is a good place to put these scripts. However, it is possible that a firmware update or a factory reset of your router will wipe them. It is a good idea to backup these scripts so that they can easily be re-added.

Optional thought: I have a drawer full of old USB flash drives of fairly useless sizes given the progress of technology. As mentioned above, the jffs directory and the scripts could be removed during a firmware update/reset. It should be possible to put these scripts onto one of those small drives and use the script_usbmount= nvram setting to run the services-start and scripts from the flash drive utilizing the USB port on the routers.

I will have to weigh how often Asus publishes firmware that wipe that directory to see if the extra time is worth it. Copy/pasting from even this blog post to recreate the scripts isn’t that difficult or time consuming.

Join – An Awesome Browser Plugin/Android App

Join is an app for Android that provides several functions. When used with the desktop app (Windows) or any desktop that supports the Chrome web browser, you can receive all of your phone’s notifications, share the clipboard, share files, and view/reply to SMS text messages.  The last item is probably the feature that is most used. Below is what the initial SMS notification pop up looks like in Chrome.

For the techies reading, Join also has a full API, Tasker, and IFTTT support. So the things you can do with it are only limited by your imagination.

Join has 30 day trial and after that a one time $4.99 payment.

Using Synology’s Application Portal to Secure Non-Secure Sites

As a recent Synology convert, I continue to find interesting and well thought out features. Following up on last week’s Synology & Let’s Encrypt, Certs Made Easy one feature that I really like is the Application Portal which can be found in the Control Panel.

Inside that, click the Reverse Proxy tab and this is where the fun begins.

The idea behind this is that you will use Synology’s secure https connection to reverse proxy to an insecure http connection somewhere on your LAN, thus making that connection secure – especially if you’re connecting from outside your network.

Click Create and you’ll see something like this:

  1. Give the rule a Description.
  2. Source is HTTPS, usually * for any hostname. If you have many hostnames assigned to your Synology, you could restrict it to one. Port should be one that isn’t in use.
  3. Destination is where your unsecured host is. If your service is running on your Synology, it can simply be localhost, or if it is on another device elsewhere on your network, put in the URL you use to access it.
  4. If you destination host uses a port other than 80, use that for Port.

Below is an example of how I route a couple of services on my own LAN.

This is a great was to use a managed certificate on the Synology to secure other sites, even on other devices, with https.

Synology & Let’s Encrypt, Certs Made Easy

Adding certificates to any service can be tricky and sometimes really frustrating. When I first started exploring my Synology I was delighted to see it has built-in support for Let’s Encrypt certs.  For those that don’t already know, Let’s Encrypt (aka Certbot) provides free and industry-wide supported certificates.

Adding a cert to Synology is very simple and it supports multiple certificates with auto-renewal.

  1. To begin, just login to your Synology, enter the Control Panel and click on Security.
  2. Next, click the Certificate tab and click Add.
  3. From here, you want to Add a new certificate and click Next.
  4. Next, Get a certificate from Let’s Encrypt and click Next.
  5. Next fill out your Domain info, it would look something like this:
  6. Subject Alternate Name just means if you have subdomains, you would add them here. Like for a website, or any other. You can, in theory, add a completely different domain in this list and have it work, such as, but think it is better to do one Let’s Encrypt cert per domain to keep things organized.

For reference, here’s how my sites look with their respective domain certs.

Best of all, your certs will renew automatically with the Synology and Let’s Encrypt. Once set, you really only need to periodically check to make sure this is happening.

YouTube – Michael Mercy

Do you like 80s Toys, Animation and Comics?  If so, the Michael Mercy channel is for you! It’s a younger channel, at only 2 years old, but his content is an amazing amount of fun.

While he does do some really good reviews on movies and TV, my favorites are the toys of the 80s. Some I had, some I really wished I had (like the USS Flagg from GI Joe!) His toy reviews are always filled with great details, but even better is that he plays with the toys in an endearing way while showing them off and places clips of the shows along with them.

…and remember, Nerdmaste!