Router anti-recommendation: Asus RT-AC68U

I bought an Asus RT-AC68U this weekend and tried to set it up. I was excited at first -- some aspects of the router are refreshingly better than the competition -- but ultimately I found it unusable problematic.

Updated after discovering a combination of misconfiguration and ISP shenanigans. My apologies to Asus, although there are still some serious issues with this router.

I was pleased with the upright design, dim front LEDs (and a hardware switch to disable them entirely!), and snappy web admin UI. But the deeper I got into setup, the worse my experience was. I'll start with the worst parts, then trail off into the minor stuff.


Update: Port 5222 was misconfigured, and port 80 was being blocked by the ISP, which I did not discover until attempting to set up the new router. (It's only used to forward to 443.)

  • Port forwarding fails randomly. Firewall off, NAT acceleration/CTF off, UPnP on, and yet... ports 80 and 5222 refuse to forward, but 443, 5269, and 25 are working fine. Internet discussion indicates this behavior is sporadic.

Huge problems

  • Upgrading to the latest firmware ( 384 20308 in my case) apparently requires resetting the router to factory settings and restoring all settings by hand. This is very disruptive and time-consuming. (I cannot substantiate this; it may be internet hear-say. But people were definitely giving warnings about this.)
  • Settings cannot be restored unless the filename ends in all-uppercase ".CFG". There is no useful error message to explain this; I had to find the answer in a forum, where someone stumbled across the correct explanation by accident.
  • Enabling HTTPS-only configuration under some conditions locks me out of the GUI with this message, requiring a factory reset:
    Settings have been updated. Web page will now refresh. Changes have been made to the IP address or port number. You will now be disconnected from RT-AC68U. To access the settings of RT-AC68U, reconnect to the wireless network and use the updated IP address and port number.

Smaller problems

  • The HTTPS certificate appears to be generated anew each time the router is started, which means I can't add a permanent exception for it in my browser. This reduces security against a MITM attacker.
  • The lack of simultaneous logins without the ability to kick the other logged-in user off is a big problem if Auto Logout is set to 0). If my LAN IP changes while I am logged into the router, or my computer freezes and I try to connect from another device, or I switch from ethernet to wifi, I'm locked out until I restart the router!


Sharp edges that wouldn't be worth blogging about, but since I'm here...

  • The initial setup screen asked for mode, new password, and wireless details. But after going through that process, the "main" UI didn't have the password or the wireless details, and I had to enter them again. (This might not be a problem on a newer firmware.)
  • I would also appreciate being able to have a password of more than 16 characters.
  • On Advanced_Wireless_Content.asp changing the "Band" dropdown unexpectedly reloads the page, losing any settings already entered.
  • Plan HTTP links everywhere, including to the page where you download firmware. (Yes, it redirects to HTTPS, but software distribution should *never* be initiated over insecure channels.)

I could deal with the smaller problems, and I was just planning on sending feedback on those and the annoyances (not blogging publicly about it), but as long as the larger issues remain this is not a router I can recommend.

No comments yet. Commenting is not yet reimplemented after the Wordpress migration, sorry! For now, you can email me and I can manually add comments. Feed icon