Asuswrt-Merlin 3.0.0.4.374.32 is out

[RMerlin]

Howdy folks,

Asuswrt-Merlin 3.0.0.4.374.32 is now available for download (for all supported routers). For those who don't keep track of betas, here's the highlight of what has changed since the last stable release.

New code base
The 374_168 GPL code from Asus has been merged in. The AC66 and AC56 drivers were updated to the latest version, but the N66U driver is still the same as in build 270. (276 has a newer version, but I didn't have time to gather enough feedback on whether this newer version was better or worse).

IPv6 firewall
Probably a major issue that prevented this router from being safely usable on an IPv6 connection - until now. There is now an IPv6 firewall configurable under Firewall -> IPv6 Firewall. By default this new firewall will be ENABLED. That means if you previously relied on the fact that there was no firewall on the IPv6 network to allow remote access to computers on your LAN, you will now have to configure the appropriate firewall rules on that new tab.

Bear in mind that this is quite different from what you are used with IPv4. In IPv4, by default no device is reachable because of NAT. You have to open a port, which will allow connection on your router IPv4 to be forwarded to the selected computer.

With IPv6, every device on your network gets its own, fully routable IPv6. Instead of forwarding ports, you will be opening ports in the firewall, specifying the IPv6 IP of the target computer. That also means that, when connecting (or testing with a port scanner) to that open port, you have to use the computer's IP, not the WAN IP.

Security fixes
This beta release includes two security fixes:

- ACSD exploit. Unlike Asus who seem to have totally disabled that service, I decided to simply prevent connection from your LAN to that service through a firewall rules. This means that in theory, the automatic channel selection feature that service provides should still be working.

- Samba symlink issues. I won't give too much details since this isn't patched by Asus yet (they will be patching it in the next release), but this was recently disclosed in a security-related document.

Component updates
OpenVPN was upgraded to 2.3.2, miniupnpd to 20130730, and the e2fsprogs tools (fsck, mkfs, etc...) to 1.42.8.

Various random fixes
The usual. Webui should no longer crash when pasting an abnormaly long value in the OpenVPN fields (and a notice was also added to remind you to only paste the BEGIN/END block), fixes to wireless client list mixing up MACs if two IPs looked too similar (192.168.1.100 and 192.168.1.10 for example), and some more. Details are in the changelog.



See the sticky thread for download links and additional information.

Enjoy!

 

[Sky1111]

Hi Merlin, for RT-AC56U the only FW on ASUS website is 3.0.0.4.374.37, so yours is slightly behind that one? (.32 vs. .37)

 

[Sky1111]

... and if upgrading from 372.32_beta3, do you recommend re-setting the router aka clear NVRAM?

 

[RMerlin]

Hi Merlin, for RT-AC56U the only FW on ASUS website is 3.0.0.4.374.37, so yours is slightly behind that one? (.32 vs. .37)

Do not confuse 374_37 with 374.32. My FW is actually based on 374_168, which is newer than the 374_37 code used by Asus for the RT-AC56U.

_xxx = sub-build number.
374.xxx = Asuswrt-Merlin specific version

 

[RMerlin]

... and if upgrading from 372.32_beta3, do you recommend re-setting the router aka clear NVRAM?

No need to.

 

[sm00thpapa]

Was there a change in driver from .270 to .276? And thanks for the new update. Your work is very much appreciated.

 

[RMerlin]

Was there a change in driver from .270 to .276? And thanks for the new update. Your work is very much appreciated.

I didn't upgrade to the 276 driver as I didn't get any feedback as to whether it was working out better or worse than the 270 driver.

 

[RMerlin]

Microsoft fail alert: for some unknown reason their Smart Screen filter seem to detect some of the new downloads as being Unsafe (confirmed with the RT-N66U download). Which is ridiculous since the zip only contains a text file and a binary-only file - nothing that can be executed by a PC...

If you go to IE10's Download Manager you can report the file as being safe. I just reported it, please do the same so Microsoft can fix their heuristic detection.

For those still worried, Mediafire scans all uploads with Bitdefender, and I also re-scanned the downloaded file using Norton Antivirus as well - nothing came out. And the downloaded CRC32 is exactly the same as for the file which I uploaded.

As a temporary workaround, either disable Smart Screen (until MS fixes it), or use a different browser to download it.

 

[Jettubby]

Merlin, I'm still on the xxx.26 build for my N66U. Is 32 worth the upgrade or wait for the new driver? I don't to VPN or anything more than straight wired/wireless connections. I'm also thinking about your experimental version?? I'm having some 5G connection and range issues on build 26 is the reason I'm thinking of the upgrade. Would love your input. Thanks

 

[RMerlin]

Merlin, I'm still on the xxx.26 build for my N66U. Is 32 worth the upgrade or wait for the new driver? I don't to VPN or anything more than straight wired/wireless connections. I'm also thinking about your experimental version?? I'm having some 5G connection and range issues on build 26 is the reason I'm thinking of the upgrade. Would love your input. Thanks

For straight routing there's probably not many changes since 27.26. You will have to take a look at the changelog to see if you use any of the features that were added/improved/fixed between 26 and 32. The biggest ones I can remember without going back through the changelog would be:

• OpenVPN
• IPTraffic (many reliability issues resolved)
• Important security fix for AiCloud

Otherwise, it's never a bad idea to stick with what works fine already, especially if your needs are quite limited.

 

[wouterv]

I didn't upgrade to the 276 driver as I didn't get any feedback as to whether it was working out better or worse than the 270 driver.

I did report my findings with 271 (and subsequently never tested 276), never got any feedback of wireless driver differences:

Are the wireless drivers in build 270, 271 and 276 exactly identical?
It seems to me that build 271 was slightly worse on 5GHz then build 270.
The worser parts seems to be that 5Ghz sometimes simply quit, had to renew the wireless client of the PC to connect again.
Build 270 seems by far more stable.
I have not tried build 276 yet, actually there is no reason for me to try unless there are brilliant undocumented fixes in it.

So for me 270 is the favorite to avoid 5 GHz issues.

Summary of my 5 GHz issues with other then the 270 build:

• Ralink RT3592 has more difficulties to connect to 5 GHz, sometimes it refuses to connect.
• Intel Centrino 6205 has speed issues on 5 Ghz.

Note: As soon as I get a timeslot to bring down the home network, I am eager to test 3.0.0.4.374.32_SDK6 (for both the IPv6 firewall and the wireless behaviour).

 

[bluepoint]

Looks like even if I logged out of RT-N66U with firmware 374.32 and then close IE10 64bit, it's not actually logging me off. Browsing to the router with its IP just let me go in without asking for credentials. Are you guys seeing this?

 

[sm00thpapa]

Just installed this FW and my 5 GHz band is screaming fast.

 

[cmillar6]

nmbd[504]: [2013/08/25 07:20:51, 0] nmbd/nmbd_nameregister.c:register_name_response(130)
Aug 25 07:20:51 nmbd[504]: register_name_response: WINS server at IP 127.0.0.1 rejected our name registration of CHADHOME<1b> IP 69.139.89.143 with error code 5.

nmbd[504]: Doing a node status request to the domain master browser
Aug 25 07:21:21 nmbd[504]: for workgroup CHADHOME at IP 192.168.1.1 failed.


I'm seeing these errors in my SystemLog, anything to be concerned about? CHADHOME is my workgroup for my home network

 

[shooter40sw]

Nexus 4 no longer connects to 5Ghz band

Hi Merlin, I have a R66U I had the latest 354.31 installed, did not try the beta 32, but I installed the 354.32 and my Nexus 4 Android phone does not connect to the 5Ghz band anymore, yesterday it did with no issues,my iPad is connected to the 5Ghz band in this moment, I deleted the profile and created it again with no success, the phone can see the 5ghz band but it does not connect to it, but it sees the bnd for someshort time, 5 minutes after now it does not even see the 5Ghz band.
Thanks for the hard work and making a wonderfull router a whole lot better

 

[gijs007]

Just wondering does this firmware have SYN cookies enabled?
http://cr.yp.to/syncookies.html

And is it possible to disable layer 7 filtering?
"Layer 7 filtering or shaping is identifying traffic at layer 7 (Application Layer) of the OSI model. Instead of shaping/filtering based on the port and source/destination, you are identifying a stream based on its contents. This is also sometimes called deep packet inspection since it works by looking into the contents of the packets not just the headers. If you're concerned about performance: IPP2P and especially L7 are slower than simple IP, MAC or port matches. L7 can't cope well with encrypted P2P traffic in background while gaming."

I suppose it also has the changes of the official 3.0.0.4.374.130 asus firmware, since its merged?

Reduced the redundant packets when used 3G/4G dongle as WAN and opened web browser.
Fixed the traffic monitor related issues when used 3G/4G dongle as WAN,
Fixed client duplicated issue in network map
Removed modem setting button in AP mode
Fixed IE related parental control issue.
Disabled the Broadcom ACSD service to prevent buffer overflow vulnerabilities.(except for this one )

Added:

Unmount all disks with 1-click

3G/4G dongles:

Support Huawei EC306

 

[netware5]

For straight routing there's probably not many changes since 27.26. You will have to take a look at the changelog to see if you use any of the features that were added/improved/fixed between 26 and 32. The biggest ones I can remember without going back through the changelog would be:

• OpenVPN
• IPTraffic (many reliability issues resolved)
• Important security fix for AiCloud

Otherwise, it's never a bad idea to stick with what works fine already, especially if your needs are quite limited.

As a freshly upgraded from 26b to 32.beta3 I would like to note that a very useful utility is present in 32 which does not exist in 26. This is a "site survey" under "Wireless" menu. It was needed to use a command line interface to perform wireless search before!

RMerlin, BTW does the new stable 32 identical with 32.beta3 or there are some changes?

 

[bradyrtech]

Prior custom ip6tables scripts?

Would I be safe in assuming that prior to upgrading to this release, if you have any custom ip6tables scripts (I, for example have one that just starts a basic ipv6 firewall in /jffs/scripts), that you should off-load and save those scripts as they will not be needed with this release?

in otherwords, I can do all my ipv6 firewalling via the gui now, I don't need to run a custom firewall-start script.

thx!

 

[SjoerdNLD]

Microsoft fail alert: for some unknown reason their Smart Screen filter seem to detect some of the new downloads as being Unsafe (confirmed with the RT-N66U download). Which is ridiculous since the zip only contains a text file and a binary-only file - nothing that can be executed by a PC...

If you go to IE10's Download Manager you can report the file as being safe. I just reported it, please do the same so Microsoft can fix their heuristic detection.

For those still worried, Mediafire scans all uploads with Bitdefender, and I also re-scanned the downloaded file using Norton Antivirus as well - nothing came out. And the downloaded CRC32 is exactly the same as for the file which I uploaded.

As a temporary workaround, either disable Smart Screen (until MS fixes it), or use a different browser to download it.

I used my samsung s3 with firefox to preform the firmware upgrade. No problems at all ;-)
(RT-AC66U)

 

[vdemarco]

Can everyone please post which router they are testing the firmware on please?

i have a RT-AC66u, and am waiting to see if everyone else with the same router is experiencing any issues before i install this.

i have .31 installed and its working perfectly, so i am being cautious about putting .32 on.