Router anti-recommendation: Asus RT-AC68U

I bought an Asus RT-AC68U this weekend and tried to set it up. I was excited at first -- some aspects of the router are refreshingly better than the competition -- but ultimately I found it unusable problematic.

Updated after discovering a combination of misconfiguration and ISP shenanigans. My apologies to Asus, although there are still some serious issues with this router.

I was pleased with the upright design, dim front LEDs (and a hardware switch to disable them entirely!), and snappy web admin UI. But the deeper I got into setup, the worse my experience was. I'll start with the worst parts, then trail off into the minor stuff.

Deal-breakers

Update: Port 5222 was misconfigured, and port 80 was being blocked by the ISP, which I did not discover until attempting to set up the new router. (It's only used to forward to 443.)

  • Port forwarding fails randomly. Firewall off, NAT acceleration/CTF off, UPnP on, and yet... ports 80 and 5222 refuse to forward, but 443, 5269, and 25 are working fine. Internet discussion indicates this behavior is sporadic.

Huge problems

  • Upgrading to the latest firmware (3.0.0.4 384 20308 in my case) apparently requires resetting the router to factory settings and restoring all settings by hand. This is very disruptive and time-consuming. (I cannot substantiate this; it may be internet hear-say. But people were definitely giving warnings about this.)
  • Settings cannot be restored unless the filename ends in all-uppercase ".CFG". There is no useful error message to explain this; I had to find the answer in a forum, where someone stumbled across the correct explanation by accident.
  • Enabling HTTPS-only configuration under some conditions locks me out of the GUI with this message, requiring a factory reset:
    Settings have been updated. Web page will now refresh. Changes have been made to the IP address or port number. You will now be disconnected from RT-AC68U. To access the settings of RT-AC68U, reconnect to the wireless network and use the updated IP address and port number.

Smaller problems

  • The HTTPS certificate appears to be generated anew each time the router is started, which means I can't add a permanent exception for it in my browser. This reduces security against a MITM attacker.
  • The lack of simultaneous logins without the ability to kick the other logged-in user off is a big problem if Auto Logout is set to 0). If my LAN IP changes while I am logged into the router, or my computer freezes and I try to connect from another device, or I switch from ethernet to wifi, I'm locked out until I restart the router!

Annoyances

Sharp edges that wouldn't be worth blogging about, but since I'm here...

  • The initial setup screen asked for mode, new password, and wireless details. But after going through that process, the "main" UI didn't have the password or the wireless details, and I had to enter them again. (This might not be a problem on a newer firmware.)
  • I would also appreciate being able to have a password of more than 16 characters.
  • On Advanced_Wireless_Content.asp changing the "Band" dropdown unexpectedly reloads the page, losing any settings already entered.
  • Plan HTTP links everywhere, including to the page where you download firmware. (Yes, it redirects to HTTPS, but software distribution should *never* be initiated over insecure channels.)

I could deal with the smaller problems, and I was just planning on sending feedback on those and the annoyances (not blogging publicly about it), but as long as the larger issues remain this is not a router I can recommend.


No comments yet. Commenting is not yet reimplemented after the Wordpress migration, sorry! For now, you can email me and I can manually add comments. Feed icon