Release Asuswrt-Merlin 3004.388.6 is now available

[robinjoo1]

wow good wifi app that wifimann

 

[askan7]

wow good wifi app that wifimann View attachment 55888

yes. But it adds 1+dbm to the real transmit power from my testing.

Anyway, 14dbm in 5Ghz for Europe makes no sense. Especially when china is set to 18dbm and they both have the same legal EIRP.
14dbm is for same room only. 5Ghz should be 17dbm minimum.
And anything above 23-24dbm is pretty much useless with most clients. Adds more noise for little to no benefit.

You can easely check it works by adjusting this slider in GUI. Balance will -3dbm (50%power). Fair = txpower 25% (A quarter of the power, soo -6dbm).
If I was in the US (ax86u/s US is 23.5dbm by default) like u i'd probably set 2.4ghz to 50% (balance). Or 10-25% if using APs/mesh.

 

[John Fitzgerald]

Here is it set to "AUTO" after a reboot.

Jan 23 12:43:43 inadyn[33637]: Certificate verification error:num=20:unable to get local issuer certificate:depth=1:/C=US/O=Let's Encrypt/CN=R3
Jan 23 12:43:43 inadyn[33637]: OpenSSL error: 4156245136:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 12:43:43 inadyn[33637]: Will retry again ...
Jan 23 12:43:48 inadyn[33637]: Will retry again ...
Jan 23 12:43:48 inadyn[33637]: Certificate verification error:num=19:self signed certificate in certificate chain:depth=2:/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
Jan 23 12:43:48 inadyn[33637]: OpenSSL error: 4156245136:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 12:43:48 inadyn[33637]: Will retry again ...
Jan 23 12:43:49 inadyn[33637]: Certificate verification error:num=20:unable to get local issuer certificate:depth=1:/C=US/O=Let's Encrypt/CN=R3
Jan 23 12:43:49 inadyn[33637]: OpenSSL error: 4156245136:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 12:43:49 inadyn[33637]: Will retry again ...
Jan 23 12:43:49 inadyn[33637]: Certificate verification error:num=20:unable to get local issuer certificate:depth=1:/C=US/O=Let's Encrypt/CN=R3
Jan 23 12:43:49 inadyn[33637]: OpenSSL error: 4156245136:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 12:43:49 inadyn[33637]: Will retry again ...
Jan 23 12:43:49 inadyn[33637]: Will retry again, rc=33
Jan 23 12:43:49 inadyn[33637]: Error code 33: Failed connecting to DDNS server (HTTPS)

The Auto certificates are generated, but here is the DDNS status

View attachment 55886

In post #174, you were trying to toggle the "Import Your Own" but The ASUS Auto cert had not been generated yet.(?)
Now the ASUS cert is generated but your saved Cert won't load.

What happens when you toggle back to "Free Cert" and hit apply (now that you loaded your previous cert)? Does it want to generate new or will it recognize your saved one?

Have you (electrical reset the modem) as well? (just in case)

 

[SomeWhereOverTheRainBow]

In post #174, you were trying to toggle the "Import Your Own" but The ASUS Auto cert had not been generated yet.(?)
Now the ASUS cert is generated but your saved Cert won't load.

What happens when you toggle back to "Free Cert" and hit apply (now that you loaded your previous cert)? Does it want to generate new or will it recognize your saved one?

Have you (electrical reset the modem) as well? (just in case)

So, If I toggle to "Import Your Own" and load my cert like it asks for, then those options go "blank" again.

And no, I am not going to use the Free Certificate from Let's Encrypt.

I have my own active self imported certificate, why is it that the logs are still flooded with this crap.

Jan 23 13:29:06 inadyn[132906]: Certificate verification error:num=20:unable to get local issuer certificate:depth=1:/C=US/O=Let's Encrypt/CN=R3
Jan 23 13:29:06 inadyn[132906]: OpenSSL error: 4155880592:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 13:29:06 inadyn[132906]: Will retry again ...
Jan 23 13:29:06 inadyn[132906]: Certificate verification error:num=2:unable to get issuer certificate:depth=2:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
Jan 23 13:29:06 inadyn[132906]: issuer= /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
Jan 23 13:29:06 inadyn[132906]: OpenSSL error: 4155880592:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 13:29:06 inadyn[132906]: Will retry again ...
Jan 23 13:29:06 inadyn[132906]: Certificate verification error:num=19:self signed certificate in certificate chain:depth=2:/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
Jan 23 13:29:06 inadyn[132906]: OpenSSL error: 4155880592:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 13:29:06 inadyn[132906]: Will retry again ...
Jan 23 13:29:07 inadyn[132906]: Certificate verification error:num=20:unable to get local issuer certificate:depth=1:/C=US/O=Let's Encrypt/CN=R3
Jan 23 13:29:07 inadyn[132906]: OpenSSL error: 4155880592:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 13:29:07 inadyn[132906]: Will retry again ...
Jan 23 13:29:07 inadyn[132906]: Certificate verification error:num=20:unable to get local issuer certificate:depth=1:/C=US/O=Let's Encrypt/CN=R3
Jan 23 13:29:07 inadyn[132906]: OpenSSL error: 4155880592:error:1416F086:lib(20):func(367):reason(134):NA:0:
Jan 23 13:29:07 inadyn[132906]: Will retry again ...
Jan 23 13:29:07 inadyn[132906]: Will retry again, rc=33
Jan 23 13:29:07 inadyn[132906]: Error code 33: Failed connecting to DDNS server (HTTPS)

 

[John Fitzgerald]

So, If I toggle to "Import Your Own" and load my cert like it asks for, then those options go "blank" again.

View attachment 55890

And no, I am not going to use the Free Certificate from Let's Encrypt.

With that 2024/3/31 expiration date, how would you normally update your certificate. (wondering if that date being near, is for some reason the cause for the rejection.) (not that it should)

 

[SomeWhereOverTheRainBow]

With that 2024/3/31 expiration date, how would you normally update your certificate. (wondering if that date being near, is for some reason the cause for the rejection.) (not that it should)

I could "technically" update it, but it was just issued on january 1st. That would be a complete waste.

 

[John Fitzgerald]

I could "technically" update it, but it was just issued on january 1st. That would be a complete waste.

If the SSL notation in post #1 indicates a change on that level, RMerlin may need to contact ASUS or get clarification on why SSL is blocking New(old) Certs.

Any cost to updating or just inconvenient, it may be worth a shot.

 

[SomeWhereOverTheRainBow]

If the SSL notation in post #1 indicates a change on that level, RMerlin may need to contact ASUS or get clarification on why SSL is blocking New(old) Certs.

Any cost to updating or just inconvenient, it may be worth a shot.

I fixed it myself, by specifying the ca-trust-file = /etc/ssl/certs/ca-certificates.crt as the default ca-trust-file path as a global option in my inadyn.conf. Apparently, inadyn was having a hard time determining this default on its own. Maybe food for thought for @RMerlin to include this path in his default inadyn setup if other users are reporting the same log issues using the "default" inadyn setup.

@John Fitzgerald
I am under the impression that inadyn should not be having any issues discovering this ca-trust-file path on its own. Maybe something is broken in the firmware in regards to specification of the ca-trust-file default path because inadyn is designed to be able to read this path on its own. Either something is broken upstream with inadyns capability of detecting this path, or is broken in our firmware. maybe @RMerlin can investigate.

 

[ColDen]

Did a dirty update from 3004.388.5 to 3004.388.6 about 8 hours ago and have not noticed any issues so far.

Thanks Éric!

 

[SPY/DF]

Today I tried to reinstall the Merlin 3004_388.6_0 firmware on my RT-AX88U routers. The problem is with the "Link Aggregation" function in the AIMesh network settings. I even managed to make it work using just an RJ45 cable. But when activating the "Bonding/Link aggregation" function and connecting the second RJ45 cable, the routers freeze. This problem does not happen with previous Merlin firmwares.

"EDIT"

 

[Morris]

Thank you Merlin and all of you that test his code. A nice clean upgrade and perfect operation for over two days.

 

[visortgw]

Today I managed to install the Asus Merlin 3004_388.6_0 firmware on my RT-AX88U routers. The problem was in the "Link aggregation" function. It took a little work, but I managed to make it work. First I disconnected the two RJ45 cables that connected the routers to the AiMesh. I updated, reset and configured the routers individually. I reinstalled the routers and configured the AiMesh network using just one RJ45 cable. So far, no problems. But when activating the "Bonding/Link agregation" function and connecting the second cable, the routers freeze. To resolve this, I had to activate link aggregation through the “Switch Control” menu for link aggregation to work correctly. Once this was done, the routers worked on an Aimesh network interconnected by two RJ45 cables without freeze. Problem solved!!!

That would be the case with either Asus stock firmware or other Merlin firmware versions as well — it is NOT a shortcoming of Merlin 3004.388.6.

 

[SPY/DF]

That would be the case with either Asus stock firmware or other Merlin firmware versions as well — it is NOT a shortcoming of Merlin 3004.388.6.

I edited my post because the problem returned when I restarted the routers.
I preferred to return to the Merlin 3004.388.5 firmware, as the problem does not occur with that.
Thanks!!!

 

[L&LD]

You do know that everyone can see your posts. Not just who you copy/paste identical replies to.

 

[Analog-1]

You do know that everyone can see your posts. Not just who you copy/paste identical replies to.

RELAX...

 

[RMerlin]

Now I get this:

That error is in inadyn, not in your SSL certificate.

If you create a custom inadyn.conf, then you must also provide the path to the CA bundle.

ca-trust-file = /etc/ssl/certs/ca-certificates.crt

 

[RMerlin]

maybe @RMerlin can investigate.

I already explained it in a previous post.

Asus uses a non-standard location, which requires every program to be specified the location. For a long time I was using the standard location, but due to the large amount of changes Asus have been doing to SSL certificate handling in 24353, I decided to switch the location back to be the same as Asus.

 

[coldkick]

Smooth upgrade here, I have DDNS and VPN w/ cert and didn't have any issues there either thankfully!

 

[tarzan2000]

Everything is fine from my functionality.

- dhcp
- dlna
- OPVN +WG Server\Client ( 3\4)
- Dual WAN PPPoE+IPOE
- VPN Director
- DDNS
- QoS
- Wifi Guest (2 network)
- Wifi internal

Spoiler

 

[cc666]

388.6 release - This is driving me crazy. Any help would be appreciated:

I setup open vpn with Nord,
then use DNS director to disignate the clients I want on the VPN
I do not add my laptop to the VPN
When I do a check of DNS over TLS (which is set up) on the laptop it does not work

If I do the same scenario with the lastest Stock firmware clients on the VPN use the VPN and clients not on the VPN use the DNS over TLS

Am I doing something wrong?

CC