[ 3004.388.7 alpha 1 Build(s) ] Testing available build(s)

[MDM]

The webui switch is already there, it was only controlling pinhole support, and will now also control the advertised version.

That's great!
Just indicate (change it's description) that it controls both

 

[capncybo]

So.... Here's my latest OpenVPN Update:
I performed the: Renew Certificate, & Exported the file + I looked inside.
The contents were the same (with the exception of the certificate changing).
Regardless I put the file on my phone...
Just like before my phone shows connected inside the VPN>VPN Server.
This time I payed closer attention to the log file
& Instead of trying other devices, on the inside of the Family Firewall...
-I simply tried to connect to the RT-AX86U itself @192.168.50.1
That WORKS!!!
So perhaps I'm forgetting an additional configuration step but...
I'm expecting to be able to access any of the Internal Devices within the local LAN.
As is said earlier... I've set
Client will use VPN to access = Both (LAN & Internet)

But perhaps this old-man is missing a step?

 

[MDM]

So.... Here's my latest OpenVPN Update:
I performed the: Renew Certificate, & Exported the file + I looked inside.
The contents were the same (with the exception of the certificate changing).
Regardless I put the file on my phone...
Just like before my phone shows connected inside the VPN>VPN Server.
This time I payed closer attention to the log file
& Instead of trying other devices, on the inside of the Family Firewall...
-I simply tried to connect to the RT-AX86U itself @192.168.50.1
That WORKS!!!
So perhaps I'm forgetting an additional configuration step but...
I'm expecting to be able to access any of the Internal Devices within the local LAN.
As is said earlier... I've set
Client will use VPN to access = Both (LAN & Internet)

But perhaps this old-man is missing a step?

Use TAP?

 

[capncybo]

Use TAP?

Formerly I was using TUN & it seemed to work as I desired. I'm reading up on TAP/TUN differences & it does seem TAP should be able to access different devices on the inside LAN. But I'm confused how TUN was working previously. Unless there was (Long forgotten-additional routing implemented).
Which I suppose is possible. Stacking too many dirty upgrades... One after another... year after year...
I'm bound to forget a few things, I've done previously.

 

[MDM]

Formerly I was using TUN & it seemed to work as I desired. I'm reading up on TAP/TUN differences & it does seem TAP should be able to access different devices on the inside LAN. But I'm confused how TUN was working previously. Unless there was (Long forgotten-additional routing implemented).
Which I suppose is possible. Stacking too many dirty upgrades... One after another... year after year...
I'm bound to forget a few things, I've done previously.

TUN can work, but with a Bridge...
TAP works automatically, unless you need TUN for something specific.

 

[capncybo]

TUN can work, but with a Bridge...
TAP works automatically, unless you need TUN for something specific.

For what it's worth... I tried using TUN. But the Android OpenVPN app told me I was not able to import the "filename.ovpn" after making that change. + After Clearing things out & starting fresh...
-Now Wireguard, will only allow me to connect to the ROUTER
-Asus Instant Guard, will only allow me to connect to the ROUTER.
( I had always thought I.G. was supposed to be ZERO config, Mobile VPN for Dummies LOL)
But guess I'm feeling like the dummy now ;-)
Anyways all 3 technologies can access the Router...
But for "This guy" the need is to access my other devices remotely.
Guess we don't know what we got, til it's gone.
Kinda recall a tune there.
;-)

 

[ColinTaylor]

For what it's worth... I tried using TUN. But the Android OpenVPN app told me I was not able to import the "filename.ovpn" after making that change. + After Clearing things out & starting fresh...
-Now Wireguard, will only allow me to connect to the ROUTER
-Asus Instant Guard, will only allow me to connect to the ROUTER.
( I had always thought I.G. was supposed to be ZERO config, Mobile VPN for Dummies LOL)
But guess I'm feeling like the dummy now ;-)
Anyways all 3 technologies can access the Router...
But for "This guy" the need is to access my other devices remotely.
Guess we don't know what we got, til it's gone.
Kinda recall a tune there.
;-)

Have you gone back to your previous firmware to confirm that still works correctly?

 

[MacG32]

Flashed and have been running full steam ahead since the 18th. Everything functions properly. Looking pretty solid.

 

[archiel]

Some initial observations - may need to test more

I am using the Asus DDNS service and testing using https://iplookup.asus.com/nslookup.php + incoming VPN connections (using @Martineau's implementation of WireGuard to have IPv6).

Switching between Enable UPnP IPv6 pinhole support Yes/No (IGD2/IGD1) requires a reboot to get the DDNS addresses reset correctly, just restarting DDNS does not seem to suffice.

Initially I also thought that IGD2 was breaking IPv6 DDNS, but this appears to be an issue with propagation - was taking up to 20 minutes before the new IPv6 address was recognised which meant that incoming VPNs over IPv6 were failing.

Also, NOT directly related but noticed that the DDNS IPv6 is not the routers WAN IPv6 as shown in System Log \ IPv6 \ WAN IPv6 Address. This appears to be a result of changing ISP, as previously this was the case. Looking in syslog I noted that in addition to the prefix range, the ISP is also allocating a bound address

Router dhcp6_client: bound address 2a02:6b60:0:be::a1/128, prefix 2a02:6b67:e9c0:a300::/56

where the prefix subnet seems to be part of a larger /28 range. {the actual addresses have been changed). Looking at eth0 in ifconfig confirmed the router is now allocated two public ipv6 addresses

eth0      Link encap:Ethernet  HWaddr 80:69:1A:86:87:33
          inet addr:149.22.xxx.xxx Bcast:149.22.yyy.yyy  Mask:255.255.255.128
          inet6 addr: 2a02:6b60:0:be::a1/128 Scope:Global
          inet6 addr: 2a02:6b67:e9c0:a300::1/128 Scope:Global

Would it be possible in a future version of the System Log \ IPv6 \WAN IPv6 Address page to include both - DDNS uses the bound address (where this exists and is different to the router's LAN IP address).

 

[Aiadi]

I am too not a big fan of installing alpha firmware but have to say that this has a buttery smooth feel to it running quite nicely since yesterday with 70 clients, DDNS, Wireguard client and VPN director as well as NextDNS. Thank you @RMerlin .

 

[aex.perez]

8 days and a couple of hours in, nothing major has come up.

Still get an occasional dnsmasq restart and can tell when its going to eventually occur, which is when I have to reload a web page to get it to complete.
Happens one time and it will eventually restart, a few times, repeatedly (different webpages), will restart sooner rather than later. But once it restarts, and it does restart, everything begins to work fine and pages load.

Can be a bit of a headache on the streaming boxes, but a reload of the streaming app or a reboot in the worst case resolves it. Can't really attribute it to this release, as it happend with 6_2 and even, though with less frequency, prior releases to that.

More of an observation, than anything else. Very stable.

 

[Blacklistedcard]

No issue(s) to report with a AX88U. Firmware install and router is processing TBs of traffic a day. My VPN Wireguard connection is rock solid, never disconnects.

2.4gig devices are all good. No connection issue
5g devices are all good No connection issue.
PS4 pro NAT is all working.

 

[learning_curve]

~~~

Also, NOT directly related but noticed that the DDNS IPv6 is not the routers WAN IPv6 as shown in System Log \ IPv6 \ WAN IPv6 Address. This appears to be a result of changing ISP, as previously this was the case.

This IPV6 address difference, as you've suggested above, is surely, only due to a change of ISP and not the 3004.388.7_alpha.1 release. I can't 100% confirm this for you myself (yet) as I'm not using this 3004.388.7_alpha.1 release, but I can confirm that this is still the case with the 3004.388.6_2 release / my own ISP (and it was the case with all of the previous merlin firmware releases that I've used too). I've not changed ISP whilst using this current router / its merlin firmware releases, which will be a factor too.

Looking in syslog I noted that in addition to the prefix range, the ISP is also allocating a bound address

Router dhcp6_client: bound address 2a02:6b60:0:be::a1/128, prefix 2a02:6b67:e9c0:a300::/56

where the prefix subnet seems to be part of a larger /28 range. {the actual addresses have been changed). Looking at eth0 in ifconfig confirmed the router is now allocated two public ipv6 addresses

eth0      Link encap:Ethernet  HWaddr 80:69:1A:86:87:33
          inet addr:149.22.xxx.xxx Bcast:149.22.yyy.yyy  Mask:255.255.255.128
          inet6 addr: 2a02:6b60:0:be::a1/128 Scope:Global
          inet6 addr: 2a02:6b67:e9c0:a300::1/128 Scope:Global

Would it be possible in a future version of the System Log \ IPv6 \WAN IPv6 Address page to include both - DDNS uses the bound address (where this exists and is different to the router's LAN IP address).

We have different routers, different ISP's (with different connection formats) Mine is a FTTH IPv4 / IPv6 stack delivered via PPOE with an IPv6 /64 range for the Router's IPv6 / DDNS IPv6 (common) address and an IPv6 /56 range for LAN clients on my side of the Router's WAN IPv6 Gateway. However, I can clearly see why (in your case / with your current ISP) it really would be useful, to see both addresses in GUI and and not just via SSH. Might be worth a separate thread, as / if it's not specific to this firmware release.

 

[SMS786]

New builds up:

3004.388.7 (xx-xxx-2024)
  - NEW: IGD2 support for UPNP/PCP.  This will allow IPv6 pinhole
         support for clients.  It must be enabled on the WAN
         page.  Existing pinholes will be listed on the
         System Log -> IPV6 page.

         Note that IGDv2 has compatibility issues with various
         clients that do not properly follow the standard.
  - UPDATED: Openvpn to 2.6.10.
  - UPDATED: TOR to 0.4.8.10.
  - UPDATED: wsdd2 to 2023-12-21 snapshot.
  - UPDATED: miniupnpd to 2.3.6.
  - CHANGED: hardcoded location of the CA bundle in inadyn, so it
             no longer need to be manually defined in custom
             configurations.
  - FIXED: Concurrent cronjob changes through cru could cause
           collisions, leading to missing jobs (dave14305)
  - FIXED: crond would not use the new timezone if it got changed.
  - FIXED: MiniDLNA web interface could only be accessed through an
           IP address (regression in 3004.388.6).

 

[lucian]

the link seems to be down.

 

[bennor]

the link seems to be down.

The Asus-Merlin site is down at the moment, see: asuswrt-merlin.net Website Site Down?

 

[Tex Texan]

Shouldn't the new builds just be on the SourceForge site?
I've never gone to the Asus-Merlin site to get them.
Edit - unless you just mean the alpha builds which are on MS OneDrive?

 

[bluepoint]

Just use the OP's link in post #1 to download the newer Alpha.

 

[Dedel66]

Shouldn't the new builds just be on the SourceForge site?
I've never gone to the Asus-Merlin site to get them.

It is an ALPHA....

 

[Ripshod]

Just use the OP's link in post #1 to download the newer Alpha.

Test that.