Release Asuswrt-Merlin 3004.388.6 is now available

[Daveo]

If you are talking about or using the SSL cert generated by the DDNS, see the initial post of the thread, or the change log notes.

- NOTE: Asus reworked the way SSL certificates are handled in
24353. The automatic conversion code does not always
work properly, you might need to force your router
to re-generate its SSL certificates by toggling the
SSL mode on the DDNS page.

Edit: I see you edited your post.

I'm not using DDNS, it's a certificate that was issued by Diversion (pre-5.0)... I think.

Says this in UI...

Status : Active
Issued to : RT-AX88U-8B40 Server Certificate
Issued by : RT-AX88U-8B40 Root Certificate 20240121182543
Expires on : 2044/1/22

DDNS is Off

 

[bennor]

I'm not using DDNS, it's a certificate that was issued by Diversion (pre-5.0)... I think.

Says this in UI...

Status : Active
Issued to : RT-AX88U-8B40 Server Certificate
Issued by : RT-AX88U-8B40 Root Certificate 20240121182543
Expires on : 2044/1/22

DDNS is Off

You edited and changed your post while I was writing that reply so my initial reply is no longer valid. Further you didn't mention in your intial post that you were talking about Diversion. In any case the following, that I posted to my edited reply to your post may or may not be relevant on how to install a Asus router exported cert_key.tar file's cert.crt file in Chrome or other browsers.

HTTPS Connection and Certificate on ASUS Router
You will likely have to extract the newly exported cert_key.tar file and use the cert.crt within it to import into your Chrome browser.

 

[gk802]

HTTPS Connection and Certificate on ASUS Router
You will likely have to extract the newly exported cert_key.tar file and use the cert.crt within it to import into your Chrome browser.

Renewed, extracted cert_key.tar file and imported into Chrome. No change. Invalid certificate error.

 

[RMerlin]

What's the 'ethtool ' mentioned in the changelog.

Generic command line utility used to retrieve info and do low-level configuration of an Ethernet port. Asus added it for a few models as it was needed for them, I decided to enable it for all models.

Any ideas where is that new path and how can I fix this issue? I'm not sure whether my workaround is fine or not in long term.

You are using your own inadyn.conf file, so you must make sure to also properly specify the l;ocation of the root certificates - config files generated by the firmware will do that automatically.

ca-trust-file = /etc/ssl/certs/ca-certificates.crt

I'm assuming I have to factory reset to sort the SSL certificate on the router, but wondering if anyone knows of a workaround before I go that route?

Rebooting the router and restarting your browser can often be enough to ensure that the web server is restarted with a new certificate. Otherwise, you can remove the existing certificates and restart the service Assuming you had cert mode set to Auto:

rm /jffs/.cert/*
rm /jffs/cert.tgz
service restart_httpd

 

[Daveo]

Renewed, extracted cert_key.tar file and imported into Chrome. No change. Invalid certificate error.

Same here, tho I see two renew buttons.

One for server cert and one for root cert.

EDIT - ignore this. Had to close browser and reopen for it to "see" the installed cert.

All working fine now

 

[gk802]

Same here, tho I see two renew buttons.

One for server cert and one for root cert.

Tried both. Same result. Chrome shows it's using the new cert...issue date is within the last 1/2 hour, but it's claiming it's invalid.

...got it now. Failed to import the chrome certificate into the correct store.

 

[Daveo]

Tried both. Same result. Chrome shows it's using the new cert...issue date is within the last 1/2 hour, but it's claiming it's invalid.

I used the link that @bennor posted to export the cert and import it into system according to linked video, then closed and restarted browser and router.asus.com is now secure.

​

 

[Cleanev]

On AX86U dirty upgrade form 388.5 to 388.6, all good.
Mesh also an AX86U with ASUS firmware and noticed version differences that seems that ASUS has newer wifi drivers, 157 vs 121 or r801 vs r789. Do I also update mesh node or leave it at ASUS version?

On main router with merlin 388.6
wl0_version=17.10.121.37 (r789389)
wl1_version=17.10.121.37 (r789389)
wl_version=17.10.121.37 (r789389)

On mesh node with ASUS firmware 3.0.0.4.388_24231-gbc11d13
wl0_version=17.10.157.2809 (r801046)
wl1_version=17.10.157.2809 (r801046)
wl_version=17.10.157.2809 (r801046)

 

[altium]

Generic command line utility used to retrieve info and do low-level configuration of an Ethernet port. Asus added it for a few models as it was needed for them, I decided to enable it for all models.


You are using your own inadyn.conf file, so you must make sure to also properly specify the l;ocation of the root certificates - config files generated by the firmware will do that automatically.

ca-trust-file = /etc/ssl/certs/ca-certificates.crt

Rebooting the router and restarting your browser can often be enough to ensure that the web server is restarted with a new certificate. Otherwise, you can remove the existing certificates and restart the service Assuming you had cert mode set to Auto:

rm /jffs/.cert/*
rm /jffs/cert.tgz
service restart_httpd

Hi @RMerlin ,

Was there some change in this? I'm asking as I've never set the ca trust file manually and it was still working fine for years. I just want to understand .

Thanks!

 

[peterpan]

I’m having problems with wifi on my mesh network. No device can stay connected longer than 1-2 minutes, before dropping the wifi connections.

Also amtm tools were all removed..

I will look into this maybe this week. Probably will down grade.

Thanks for this amazing project, your work and the work of all contributors.

 

[Dedel66]

@peterpan
Please add a signature with your setup...

 

[MushroomSoup]

Generic command line utility used to retrieve info and do low-level configuration of an Ethernet port. Asus added it for a few models as it was needed for them, I decided to enable it for all models.


You are using your own inadyn.conf file, so you must make sure to also properly specify the l;ocation of the root certificates - config files generated by the firmware will do that automatically.

ca-trust-file = /etc/ssl/certs/ca-certificates.crt

Rebooting the router and restarting your browser can often be enough to ensure that the web server is restarted with a new certificate. Otherwise, you can remove the existing certificates and restart the service Assuming you had cert mode set to Auto:

rm /jffs/.cert/*
rm /jffs/cert.tgz
service restart_httpd

Thanks. I've power cycled my modem and router, and started a fresh browser session without any luck. I'm unable to SSH as well and I might have not enabled SSH.

Other than not being able to access the WebGUI, both wired and wireless connections are fine.

I'll probably factory reset another time to redo my settings, but I am open to other suggestions. Again, thanks for the help!

 

[Damit1]

RT-AX88U don't work with the new asus merlin 3004.388.6 firmware.
Simply the router becomes completely locked and inaccessible with a new firmware. It is necessary to use a program and procedure to return to the previous asus merlin 3004.388.5 firmware.
(Tested on two routers RT-AX88U)

Ax88U here.
No issues whatsoever. Really, one of the most stable releases.
Would suggest you to reverse to 388.5, factory default, update 388.6, and then manually configure.

It is one great stable so far.

 

[XIII]

It probably has the same errors in the closed source wlceventd that I reported in the beta thread just before the final was released...

(Can't upgrade right now; maybe tomorrow night)

Looks like I was wrong about that...

I don't see any binary data being dumped on 388.6 final so far (on an GT-AX6000).

 

[XIII]

Question for people that did a clean install: what are the default values for these parameters on the System Log - General Log page?

• "Default message log level"
• "Log only messages more urgent than"

 

[Kingp1n]

Question for people that did a clean install: what are the default values for these parameters on the System Log - General Log page?

• "Default message log level"
• "Log only messages more urgent than"

Notice & Debug

 

[Reef2009]

Hi,

Everything is running smooth on both Ax88u (main & node) but I notised a reset in security settings:
- AI Protection was turned off.
- WPS was enabled
- UPnP was enabled

Is this only me? Afaik last time I checken, a view week ago, is was turned on. So I suppose this has something to do with the update.

So beter check you security settings guys.

 

[5stringdeath]

Hi,

Everything is running smooth on both Ax88u (main & node) but I notised a reset in security settings:
- AI Protection was turned off.
- WPS was enabled
- UPnP was enabled

Is this only me? Afaik last time I checken, a view week ago, is was turned on. So I suppose this has something to do with the update.

So beter check you security settings guys.

My security settings did not change after the update.

 

[virus_59]

Upgraded AX88U from 388.5 to 388.6

DLNA server is not working anymore.
status webpage also.

 

[BreakingDad]

AX86U dirty filthy upgrade at 23:05, all working as expected.

Thank you Merlin as always.