Beta Asuswrt-Merlin 3004.388.8 beta is now available

[swejuggalo]

Swedbank is blocking VPN. I guess you also have problems with https://accounts.kivra.com/
Try split tunneling!
Read https://www.sweclockers.com/forum/trad/1703655-mullvad-vpn-kommer-inte-in-pa-kivra-och-swedbank (in Swedish, sorry about that).

Just to clear any confusion. If I don't use DNS DoT everything is fine.
When I do, 2 different things happen, after some time (30-1h+)
1. Swedbank can't be used. Site, apps, anything... I have found nothing else fail in similar ways. It's ONLY via my router that nothing can connect and use it. Using mobile data on my phone and everything works.
2. VPN server (OpenVPN, Wireguard) can't be used by any clients. Totally unrelated to Swedbank issue.
3. Reboot Internet connection and everything is fine, for a while.

That changing DNS settings can make it work temporary, seemingly DoT triggered, and that I never noticed it before 388.8 beta... So here I am.
So, let's say I rollback, and everything is OK, then I still want to know why it happens on the beta, and I don't really have a hint of a trigger.

 

[Analog-1]

Just to clear any confusion. If I don't use DNS DoT everything is fine.

It's not a firmware issue. You are the only one reporting the problem nobody else. If there was a major issue with DNS/TLS there would be many people reporting problems including myself. It's working as expected. Downgrade to a previous version do a complete factory reset and reconfigure the router manually and see if the issue is corrected.

 

[bbunge]

Just to clear any confusion. If I don't use DNS DoT everything is fine.
When I do, 2 different things happen, after some time (30-1h+)
1. Swedbank can't be used. Site, apps, anything... I have found nothing else fail in similar ways. It's ONLY via my router that nothing can connect and use it. Using mobile data on my phone and everything works.
2. VPN server (OpenVPN, Wireguard) can't be used by any clients. Totally unrelated to Swedbank issue.
3. Reboot Internet connection and everything is fine, for a while.

That changing DNS settings can make it work temporary, seemingly DoT triggered, and that I never noticed it before 388.8 beta... So here I am.
So, let's say I rollback, and everything is OK, then I still want to know why it happens on the beta, and I don't really have a hint of a trigger.

Lets look at something else. In your comments, you say it is fine for 30 minutes to 1 hour.
What is your WAN DHCP renew time? Look in Internet Status/Lease time. Does the lease renewal time match the time your connection works? If so, in WAN/DDNS do you have WAN IP and hostname verification enabled and what is the check time? Does setting the check time to 30 minutes help anything?

As for the DNS/DoT, have you disabled DNSSEC? You do not really need both at the same time. This is a change in the old best practice of doing both. Not that Quad9 does not like both in fact, for me, Quad9 doesn't like DoT and I am less than 100 miles from their resolvers in Ashburn, Va.

FWIW, I am having no issues with 388.8 beta 1 with DoT to Cloudflare Secure, Diversion with five custom lists and Skynet default. My Entware is running on a USB2 thumb drive. Also running Wireguard and Instant Guard.

Thanks Eric. Looks like I'm back again...

 

[swejuggalo]

It's not a firmware issue. You are the only one reporting the problem nobody else. If there was a major issue with DNS/TLS there would be many people reporting problems including myself. It's working as expected. Downgrade to a previous version do a complete factory reset and reconfigure the router manually and see if the issue is corrected.

I have seen plenty of software issues isolated to only specific scenarios/configurations to know that spending some time on investigating the problem can be better than just wiping and hoping for the best.

Anyways, I factory reset on the beta with most on default, with only Skynet and Wireguard.

A side note: Should we not use "Format JFFS partition at next boot" anymore since the option does not exists?

 

[swejuggalo]

Lets look at something else. In your comments, you say it is fine for 30 minutes to 1 hour.
What is your WAN DHCP renew time? Look in Internet Status/Lease time. Does the lease renewal time match the time your connection works? If so, in WAN/DDNS do you have WAN IP and hostname verification enabled and what is the check time? Does setting the check time to 30 minutes help anything?

As for the DNS/DoT, have you disabled DNSSEC? You do not really need both at the same time. This is a change in the old best practice of doing both. Not that Quad9 does not like both in fact, for me, Quad9 doesn't like DoT and I am less than 100 miles from their resolvers in Ashburn, Va.

FWIW, I am having no issues with 388.8 beta 1 with DoT to Cloudflare Secure, Diversion with five custom lists and Skynet default. My Entware is running on a USB2 thumb drive. Also running Wireguard and Instant Guard.

Thanks Eric. Looks like I'm back again...

I have never needed to modify WAN DHCP renew times. I'll look into this if it's still not resolved. But weird if it has started needing this recently and never before.

 

[bbunge]

I have never needed to modify WAN DHCP renew times. I'll look into this if it's still not resolved. But weird if it has started needing this recently and never before.

Wan DHCP renew time is managed by your ISP. Not something you can change. My point was that your WAN IP address could be changing every 30 to 60 minutes and your DDNS does not respond to the change. This scenario is unlikely but possible. Just something else to check...

 

[swejuggalo]

So far looking good. I will reinstall various things in steps. Could be one of those dirty upgrade glitches.
Unless something I install later on breaks something it's probably solved.

 

[Striker317]

Has anyone noticed any Airprint issues with this beta. It suddenly isn't working and the only change I've made is to the firmware of the router. It worked with 388.7 (GT-AX11000)

 

[swejuggalo]

Has anyone noticed any Airprint issues with this beta. It suddenly isn't working and the only change I've made is to the firmware of the router. It worked with 388.7 (GT-AX11000)

Maybe something of this could be relevant.

Airprint / Bonjour issue

I am having an issue using airprint to connect to the printer (HL-L8350CDW) on my network. Actually it is a much bigger issue than that, my wife cannot print to the printer from her iphone (like she was able to usually before I purchased a "better" expensive $500 router). RT-AX88U FW 384.18 on...

www.snbforums.com

Or an hard to explain glitch due to the upgrade itself.

 

[Striker317]

Maybe something of this could be relevant.

Airprint / Bonjour issue

I am having an issue using airprint to connect to the printer (HL-L8350CDW) on my network. Actually it is a much bigger issue than that, my wife cannot print to the printer from her iphone (like she was able to usually before I purchased a "better" expensive $500 router). RT-AX88U FW 384.18 on...

www.snbforums.com

Or an hard to explain glitch due to the upgrade itself.

I'm hoping this new commit and the related works fixes it.

libnss-mdns: added files from git repository · RMerl/asuswrt-merlin.ng@e28e4ad

Third party firmware for Asus routers (newer codebase) - libnss-mdns: added files from git repository · RMerl/asuswrt-merlin.ng@e28e4ad

github.com

we'll see soon.

 

[kelddamsbo]

In the latest releases 3004.388.7 and 3004.388.8 I have had some problems with devices going offline on my AX88U. After I yesterday made a new version with libnss-mdns added, all the problems are gone

 

[jksmurf]

In the latest releases 3004.388.7 and 3004.388.8 I have had some problems with devices going offline on my AX88U. After I yesterday made a new version with libnss-mdns added, all the problems are gone

When you say devices, can you please clarify what kind of devices (e.g. types, model) and in what configuration (mesh nodes, AP’s, clients?)

Is libnss-mdns solely for the issue with the Apple devices?

 

[ComputerSteve]

Time Machine isn't working correctly in this firmware for anyone who uses it. The backup doesn't start and gets stuck on connecting to disk -- You can fix it by running this command which instead makes time machine use the ip of the router instead of the hostname on mac:
sudo tmutil setdestination -ap afp://Admin***Change To Username of Router***@192.168.50.1***Change to IP of router****/Backups.backupdb

I have verfied this by installing this beta on both a GT-AX11000 & GT-AX11000 Pro, then factory resetting and just setting up time machine, no scripts. Backup doesn't start instead says "connecting to disk"... I then factory reset the routers and reinstalled stock firmware. Configured it. Then tried to run time machine backup again and it works. There is some incompatibility on the merlin firmware that isn't present in the stock firmware.

 

[kelddamsbo]

When you say devices, can you please clarify what kind of devices (e.g. types, model) and in what configuration (mesh nodes, AP’s, clients?)

Is libnss-mdns solely for the issue with the Apple devices?

I have 3 pc AX88U, 1 Router, 2 x node. Devices is Shelly connected to my Home Assistant

 

[jksmurf]

I have 3 pc AX88U, 1 Router, 2 x node. Devices is Shelly connected to my Home Assistant

Thank you for that.

I’m no expert on this, far from it, but the site pic attached suggests your (libnss) mDNS modification would seem to benefit Shelly devices (Gen 2 up) so if thats correct, that’s eventually good news for owners of these devices.

Unfortunately mine are mostly Gen 1.

 

[RMerlin]

3004.388.8 final has now been released.

Thanks everyone that participated in this beta cycle.