Howdy folks,
I initially planned on waiting for the 374 code before finalizing this release, however since it contains quite a few changes already, including two security fixes, I decided to go ahead and release it as a beta release.
Beta builds have been uploaded for all four routers. This is based on the 372 code, with one fix backported from 374 (the Parental Control issue that prevent it from working under IE10).
The highlights:
IPv6 firewall
Probably a major issue that prevented this router from being safely usable on an IPv6 connection - until now. There is now an IPv6 firewall configurable under Firewall -> IPv6 Firewall. By default this new firewall will be ENABLED. That means if you previously relied on the fact that there was no firewall on the IPv6 network to allow remote access to computers on your LAN, you will now have to configure the appropriate firewall rules on that new tab.
Bear in mind that this is quite different from what you are used with IPv4. In IPv4, by default no device is reachable because of NAT. You have to open a port, which will allow connection on your router IPv4 to be forwarded to the selected computer.
With IPv6, every device on your network gets its own, fully routable IPv6. Instead of forwarding ports, you will be opening ports in the firewall, specifying the IPv6 IP of the target computer. That also means that, when connecting (or testing with a port scanner) to that open port, you have to use the computer's IP, not the WAN IP.
The firewall has been tested by various users already through Comcast, Hurricane Electrics's 6in4 tunnel, and probably a few more.
Security fixes
This beta release includes two security fixes:
- ACSD exploit. Unlike Asus who seem to have totally disabled that service, I decided to simply prevent connection from your LAN to that service through a firewall rules. This means that in theory, the automatic channel selection feature that service provides should still be working.
- Samba symlink issues. I won't give too much details since this isn't patched by Asus yet (they will be patching it in the next release), but this was recently disclosed in a security-related document.
Component updates
OpenVPN was upgraded to 2.3.2, miniupnpd to 20130730, and the e2fsprogs tools (fsck, mkfs, etc...) to 1.42.8. Please make sure you don't see any regression introduced by the first two updates (OpenVPN and UPNP).
Various random fixes
The usual. Webui should no longer crash when pasting an abnormaly long value in the OpenVPN fields (and a notice was also added to remind you to only paste the BEGIN/END block), fixes to wireless client list mixing up MACs if two IPs looked too similar (192.168.1.100 and 192.168.1.10 for example), and some more. Details are in the changelog.
What I mostly need tested in this release:
- OpenVPN. Make sure there was no regression introduced by the upgrade to 2.3.2
- UPNP. Same thing
- IPv6 firewall: while this was already pretty well tested with the limited Beta 1 release, keep an eye on any oddity related to IPv6.
- New "smart" minidlna database location. VinceV developped a smarter database location function that will greatly reduce the chances of people accidentally having their DLNA database stored in RAM, potentially filling it up, and leading to a router crash due to running out of memory. Make sure DLNA still starts normally.
There was no change in relation to wireless drivers (except for the RT-AC56U that uses the final 372 driver, while I was previously using an early prerelease version).
You can safely upgrade from any 3.0.0.4.3xx version to this new one without having to revert back to factory default. Remember however to go to the OpenVPN Keys page, and re-save your keys if you are upgrading from a release OLDER than 372.30. If you were keeping a saved copy of your settings that was created in a version OLDER than 372.30, you should also download a new copy of your settings, as older versions are potentially corrupted.
I initially planned on waiting for the 374 code before finalizing this release, however since it contains quite a few changes already, including two security fixes, I decided to go ahead and release it as a beta release.
Beta builds have been uploaded for all four routers. This is based on the 372 code, with one fix backported from 374 (the Parental Control issue that prevent it from working under IE10).
The highlights:
IPv6 firewall
Probably a major issue that prevented this router from being safely usable on an IPv6 connection - until now. There is now an IPv6 firewall configurable under Firewall -> IPv6 Firewall. By default this new firewall will be ENABLED. That means if you previously relied on the fact that there was no firewall on the IPv6 network to allow remote access to computers on your LAN, you will now have to configure the appropriate firewall rules on that new tab.
Bear in mind that this is quite different from what you are used with IPv4. In IPv4, by default no device is reachable because of NAT. You have to open a port, which will allow connection on your router IPv4 to be forwarded to the selected computer.
With IPv6, every device on your network gets its own, fully routable IPv6. Instead of forwarding ports, you will be opening ports in the firewall, specifying the IPv6 IP of the target computer. That also means that, when connecting (or testing with a port scanner) to that open port, you have to use the computer's IP, not the WAN IP.
The firewall has been tested by various users already through Comcast, Hurricane Electrics's 6in4 tunnel, and probably a few more.
Security fixes
This beta release includes two security fixes:
- ACSD exploit. Unlike Asus who seem to have totally disabled that service, I decided to simply prevent connection from your LAN to that service through a firewall rules. This means that in theory, the automatic channel selection feature that service provides should still be working.
- Samba symlink issues. I won't give too much details since this isn't patched by Asus yet (they will be patching it in the next release), but this was recently disclosed in a security-related document.
Component updates
OpenVPN was upgraded to 2.3.2, miniupnpd to 20130730, and the e2fsprogs tools (fsck, mkfs, etc...) to 1.42.8. Please make sure you don't see any regression introduced by the first two updates (OpenVPN and UPNP).
Various random fixes
The usual. Webui should no longer crash when pasting an abnormaly long value in the OpenVPN fields (and a notice was also added to remind you to only paste the BEGIN/END block), fixes to wireless client list mixing up MACs if two IPs looked too similar (192.168.1.100 and 192.168.1.10 for example), and some more. Details are in the changelog.
What I mostly need tested in this release:
- OpenVPN. Make sure there was no regression introduced by the upgrade to 2.3.2
- UPNP. Same thing
- IPv6 firewall: while this was already pretty well tested with the limited Beta 1 release, keep an eye on any oddity related to IPv6.
- New "smart" minidlna database location. VinceV developped a smarter database location function that will greatly reduce the chances of people accidentally having their DLNA database stored in RAM, potentially filling it up, and leading to a router crash due to running out of memory. Make sure DLNA still starts normally.
There was no change in relation to wireless drivers (except for the RT-AC56U that uses the final 372 driver, while I was previously using an early prerelease version).
You can safely upgrade from any 3.0.0.4.3xx version to this new one without having to revert back to factory default. Remember however to go to the OpenVPN Keys page, and re-save your keys if you are upgrading from a release OLDER than 372.30. If you were keeping a saved copy of your settings that was created in a version OLDER than 372.30, you should also download a new copy of your settings, as older versions are potentially corrupted.
Last edited:
