Beta Asuswrt-Merlin 3006.102.4 Beta is now available

[zenmota]

I have the same version(latest).

I wonder why it would work ok in yours, but not mine?

Thanks

 

[rung]

Updated to beta2. Everything working well as before. DNS Director now working for all my clients both main and guest networks (using global redirection set as "No Redirection" and individual clients set to "Router"). Thank you for fixing! Also DoT blocking for these clients working as intended even though the iptables filter rule references (I believe) an unreachable destination for guest network clients (main network router address).

 

[Ripshod]

If your ISP uses IPSEC for Wifi Calling then make sure that on WAN -> NAT Passthrough the IPSEC passthrough is enabled.

I had to forget the network then reconnect the wifi. I don't know why but I was getting the old "No Internet" warning from the phone even though it was connected. I swear I set everything up exactly as before, everything else on the main wifi reconnected just fine.
One of those things

 

[bluepoint]

I wonder why it would work ok in yours, but not mine?

Thanks

I really I'm not sure what to suggest but if it's truly certificate problem then have you tried accessing your router through HTTP? Are you able to resolve the page?

 

[zenmota]

I really I'm not sure what to suggest but if it's truly certificate problem then have you tried accessing your router through HTTP? Are you able to resolve the page?

Where the address bar is on Edge, to the left it says not secure. So, I think it is accessing through HTTP already.

Thanks

 

[jerry6]

thanks Beta 2-2 id working well nothing odd showing up in the logs after 18 hours

 

[bluepoint]

Where the address bar is on Edge, to the left it says not secure. So, I think it is accessing through HTTP already.

Thanks

So it seems your problem doesn't have to do with certificates. Have you clear your caches plus do a "clear browser data" from settings just in case there is a corrupt browser data in edge.
settings\privacy, search and services\clear browsing data
Note: This will delete history, passwords, cookies, and more .

 

[zenmota]

So it seems your problem doesn't have to do with certificates. Have you clear your caches?

Yes, I clear browser cache and refresh page after flash to Beta 2. Like I said the VPN is working as it should, just the Status page, etc... do not display correctly. If I enable VPN, go to VPN status page it does not show VPN connected or working, even though it is. I clear the Browser cache and refresh page and it shows correctly. Just with the VPN section if I make a change, even though the change happens, I have to clear cache and refresh the page for it to reflect or show the change properly. If all that makes any sense.

Thanks

 

[bluepoint]

Yes, I clear browser cache and refresh page after flash to Beta 2. Like I said the VPN is working as it should, just the Status page, etc... do not display correctly. If I enable VPN, go to VPN status page it does not show VPN connected or working, even though it is. I clear the Browser cache and refresh page and it shows correctly. Just with the VPN section if I make a change, even though the change happens, I have to clear cache and refresh the page for it to reflect or show the change properly. If all that makes any sense.

Thanks

What edge extensions are installed?

 

[RMerlin]

I wonder why it would work ok in yours, but not mine?

Thanks

Check your installed addons.

 

[zenmota]

Check your installed addons.

Easy Browser Cleaner (www.computersluggish.com) and AdBlocker Ultimate (https://adblockultimate.net/windows). I did turn these off, no change.

Thanks

 

[dave14305]

Easy Browser Cleaner (www.computersluggish.com) and AdBlocker Ultimate (https://adblockultimate.net/windows). I did turn these off, no change.

Please collect some screenshots:
1. Login to the router UI.
2. Press F12 in Edge to open the developer tools.
3. Switch to the Network tab of the tools window.
4. Go to the VPN Status page in the router UI.
5. Watch all the requests go by in the Network tab.
6. When the activity slows down, scroll up in that Network tab and look for any red errors for "ajax". Most should be successful status 200. Filter the network list (search bar above the scrolling list) for ajax_vpn and click the result like in the screenshot below. View the Response tab on the right side.
7. In the developer tools, switch from the Network tab to the Console tab and look for any errors there.

Here is what it looks like in Firefox on a Linux PC, just to understand what I'm trying to describe.

 

[Bob575]

Dirty flashed all units to AsusWrt-Merlin 3006.102.4-beta2 with no observed problems.
This Guest Network Pro looks amazing. It is going to be real fun to play with, and isolate some problematic clients.

Kudos to @RMerlin and everyone else contributing to this project.

 

[RMerlin]

I'll have to check, that rule was probably created elsewhere than the code section I adjusted.

Indeed, the global rule which is added at the bottom of the function was still always using the DNAT. I changed it so Router mode will now use a REDIRECT target instead.

For SDN I am leaving it to DNAT for now, as it wouldn't matter for these anyway. The issue was mostly rules defined outside of an SDN, which wouldn't be applied for SDN clients.

I suppose it doesn’t matter for the global rule, since it will always be the main LAN IP or another DNS service, never an SDN network.

For consistance it's probably not a bad idea still to have that one set to REDIRECT. It will help have it work as some kind of catch-all rule, in case there might be scenarios I haven't thought about.

 

[RMerlin]

Slightly related, but is there a way to "tell" DNS Director not to block port 853? I delegate DoT/DoH blocking to an external DNS block list through ControlD but at the same time I'd like to use ControlD DoT on my Android phone (and DNS Director blocks it). In short, I'd like to have DNS Director active but outgoing port 853 open as well. Is this feasible, somehow, even using some iptables rule? Id6be grateful if you could suggest some workaround.

Thanks a lot in advance.

Insert a rule at the top of DNSFILTER_DOT table that will RETURN, i.e.:

iptables -I DNSFILTER_DOT -j RETURN

 

[RMerlin]

I hope to try out the beta2 tomorrow, but when I manually implemented the guest clients in beta1, I needed the router ip of the other subnets to implement the DNSFILTER_DOT icmp-port-unreachable rules in addition to the dnat rules. Any idea how those are handled now?

DOT filtering wasn't implemented at all for SDNs, only for specific clients, and globally. This commit adds supports for SDNs themselves as well.

 

[scott31338]

RT-BE96U going from beta 1 to beta 2. Required two reboot and a Primary internet PoE restart, most clients reconnected and looking solid now.

 

[RMerlin]

I doubt there is any side effect from this, but I noticed these libmnl libraries incorrectly linked in the firmware image.

lrwxrwxrwx    1 rtradmin root           115 Apr 19 12:51 libmnl.so -> /home/merlin/amng.ax88pro/release/src-rt-5.04axhnd.675x/targets/94912GW/fs.install/libmnl-1.0.4/usr/lib/libmnl.so.0
lrwxrwxrwx    1 rtradmin root           115 Apr 19 12:51 libmnl.so.0.2.0 -> /home/merlin/amng.ax88pro/release/src-rt-5.04axhnd.675x/targets/94912GW/fs.install/libmnl-1.0.4/usr/lib/libmnl.so.0

Seems to be unique in 3006.102-wifi6.

Bug in the Wifi 6 GPL, fixed with this commit.

 

[Linuxer]

Insert a rule at the top of DNSFILTER_DOT table that will RETURN, i.e.:

iptables -I DNSFILTER_DOT -j RETURN

Thanks, this is very useful Someone else suggested me also to use "No redirection" for my phone in DNS Director. It works fine, even if MAC randomization has to be deactivated on Android for that connection. The iptables rule you suggest is probably more solid, in this respect.

 

[nzwayne]

Dirty update from Beta1 to Beta2. Only quirk seen in 24hrs on my Smart Connect enabled network, was on my only Guest Network setup for "2.4GHZ only clients". Only 8 of the usual 15 connected (I track all in spreadsheet). After 24hrs of still no connect to the missing, I disabled & then deleted this 2.4GHz Guest Network. Created again, then all 15 clients connected within a couple of minutes (yippee!!). 5.0GHz & 6.0GHZ clients all ok throughout.