Return to Level1Techs.com

RT-AC68U bricked because of JFFS2

So I stupidly managed to brick my AC68U by putting a JFFS2 partition on it via the DD-WRT GUI, and it has no ability to manage flash partitions in the GUI.

I went to update from the last Kong build to a BrainSlayer build and it instantly soft bricked.

Now nothing flashes on to it, but the CFE web interface is accessible.

I don’t have serial console equipment to do a brute force fixing in that direction, so what can I do? Am I screwed to have to buy another router? I need a good one for OpenVPN because I cannot trust my home connection anymore because our new ISP’s router looks like something straight out of a Shenzhen clone router manufacturer. I NEED VPN.

You wouldn’t trust a router that had QC stickers, no admin login, and had cheap McDonald’s toy plastic even if it looked like this, right?

Have you tried placing the router into recovery mode?

First thing I tried, nothing flashes onto there and all installation attempts fail.

It’s highly possible you will need a serial console to recover it unfortunately. If you can’t get into the recovery/emergency mode then yeah.

Did you try tftp when it’s in recovery mode… in binary transfer mode just as a last resort?

Not aware of any good TFTP clients for Linux, since the last time I tried that was the WNDR3700 on Windows 7.

So I’m screwed.

Lol sudo apt install tftp

Then just use the man pages to figure out your command and binary mode :wink:

Unfortunately I’ve seen on other threads that this condition can’t be solved through tftp and may need serial.

Highly possible but worth a try? Why not just do it? What’s that going to hurt lol

As for a new router. Honestly I’d just go UBQT myself. Either their dream machine or their alien.

However you could always opt for a lesser router. Or another of the same used from ebay

OpenVPN speeds were kind of lackluster. So I think I’m replacing it with a AC86U, not a AX86U.

do the 30/30/30 reset

Already did that. No progress. It’s like the JFFS2 partition is blocking the install from completing.

VPN speeds will ALWAYS be lack luster on a route man. You need AES-NI and good acceleration and CPU power to handle a vpn

Can I use an OPNsense installed x86 system as a bridge to the VPN then make it the WAN port on my new router? or is it by then already through a ton of NATs? I’m very new to this because I haven’t had a router with backdoors to the Communist party before. (NOT BY CHOICE)

I’m using up my LTE to type this out because that’s how paranoid I am.

Exactly what are you paranoid of? Lol commercial VPNs are not safe. Neither are self ran digital ocean VPNs but I digress to answer your question. Yes you can run you wan port into the OPNSense then opnsense can route all traffic to the VPN through your ISP

Right now though I don’t have those resources to make my network that complex. AsusWRT has OpenVPN right? Merlin does too?

My paranoia is of the Chinese Government.

Dude lol you live in Canada … what could they possibly want with you. No offense in anyway but you aren’t important enough for them to care. They have much bigger targets.

Yes they both have clients and servers

My dad was banned from WeChat and threatened. They only re-instated his WeChat after he was threatened. He was stuck in the epicenter city and got frustrated, and only just now came back to Canada. My whole family was told to praise the Communist party or else.

Okay, so I’ll just use stock AsusWRT then after buying the new Router. Sucks, but BrainSlayer builds still aren’t stable enough for AC Wireless. Unless that’s changed…

lol DD-WRT is pretty shit tbch. Just use merlin’s firmware. Its the best combo of features and performance. If you cant handle that use Tomato

Usually when talking about serial access, the software you end up talking to one the other side of that serial connection is the CFE, booted from the same flash chip, running on the same CPU.

CFE is basically a bootloader coming from broadcom, similarly to uboot. ODMs / whitebox manufacturers like quanta and tplink will customize it, and let OEMs/brands customize it further for Asus/ubiquiti/… with their own features and graphics, maybe even their own checks. It’s whole purpose in life of a well functioning router is to initialize the CPU and boot Linux from a different part of flash, and once in a while enable someone to reset router settings or perform writing to flash from network somehow.

I don’t know about ac68 specifically, even if CFE is broken there’s and even if serial is not working, there’s a way to flash whatever you want onto the flash chip by connecting a few wires to e.g. raspberry pi and using a utility called flashrom to communicate with the flash chip directly to read/write whatever.

Hopefully if you have CFE access, you don’t need to go the flashrom route.

I’ll look into ac68u (I don’t own one personally, I’ve been mostly avoiding broadcom when working with openwrt) and post here if I find more useful.


@FurryJackman try these instructions: https://forum.openwrt.org/t/help-asus-rt-ac68u-bricked/15258/12 … after going back to stock and resetting the nvram partition, you can go to ddwrt again.

Yeah, it actually fixed itself after flashing Merlin… Go figure. Tried the latest DD-WRT beta after fixing it and it STILL doesn’t gracefully start the VPN connection at boot.

So build 41664 of DD-WRT bricks the AC68U. After flashing Merlin then a later DD-WRT build then going back to Merlin, It solved itself apparently.

Still, getting a AC86U because it’s processor has AES-NI in Merlin. Only getting 20mbps symmetrical with heavy CPU usage on the AC68U. The CPU usage is adding to buffer bloat according to the DSLReports speed test.