Beta Asuswrt-Merlin 3004.388.8 beta is now available

[Ripshod]

This happens time to time. Don't know why though.

Jul 12 11:13:51 kernel: potentially unexpected fatal signal 11.
Jul 12 11:13:51 kernel: CPU: 2 PID: 2660 Comm: asd Tainted: P           O      4.19.183 #1
Jul 12 11:13:51 kernel: Hardware name: GTAX6000_50991 (DT)
Jul 12 11:13:51 kernel: pstate: 200f0010 (nzCv q A32 LE aif)
Jul 12 11:13:51 kernel: pc : 00000000f74764d0
Jul 12 11:13:51 kernel: lr : 00000000f73b4920
Jul 12 11:13:51 kernel: sp : 00000000f73afcf0
Jul 12 11:13:51 kernel: x12: 00000000f7000010
Jul 12 11:13:51 kernel: x11: 00000000f73afe5c x10: 000000000000000c
Jul 12 11:13:51 kernel: x9 : 0000000000000000 x8 : 000000000000000c
Jul 12 11:13:51 kernel: x7 : 0000000000000002 x6 : 0000000000000010
Jul 12 11:13:51 kernel: x5 : 0000000000000026 x4 : 00000000f7000010
Jul 12 11:13:51 kernel: x3 : 0000000000000040 x2 : 0000000000021000
Jul 12 11:13:51 kernel: x1 : 000000000000000c x0 : 00000000f7000010

Saw this with previous versions too. It may be an error but I think we should just consider it "normal" these days. Not a lot RMerlin can do about it.

 

[Dedel66]

@octopus
What are your settings for Log Level? I will try to observe too...

EDIT:
You can find an explanation for this "error" in FAQ:

[FAQ] READ ME FIRST before posting a question

Model support Q: Will you support the RT-xxxxxx that was just announced? A: See detailed answer in post #3. Q: Will you support router XYZ from this non-Asus manufacturer? A: No. Asuswrt-Merlin only targets Asus-supported models, due to both technical and legal reasons. Q: I'm having...

www.snbforums.com

"Q: An erro rmessage in my syslog mentions that something is tainted. What's wrong?
A: Nothing is wrong. The Asuswrt and Asuswrt-Merlin Linux kernels are flagged as tainted because they contain closed source kernel modules from Trend Micro, Broadcom and Tuxera. See this post for the lengthy explanation how to decode that tainted and the flags following it."

 

[octopus]

Saw this with previous versions too. If may be an error but I think we should just consider it "normal" these days. Not a lot RMerlin can do about it.

I think it has something to do with wifi if I remember correctly. (ASD)

 

[octopus]

@octopus
What are your settings for Log Level? I will try to observe too...

 

[Dedel66]

^^^^I added an EDIT ^^^^

 

[muffintastic]

I reverted back to the point 7 release, more stable. WiFi kept dropping out the beta or random disconnects.

 

[RMerlin]

I think it has something to do with wifi if I remember correctly. (ASD)

No, that's Asus Security Daemon. It's their built-in malware detector.

asd crashing can be caused by a number of reasons I suppose. That would indicate a bug within its code, nothing I can do about.

 

[torstein]

I apoogize if this is a silly question, since Rmerlin didn't specify it in the release notes, but does this update merge with any recent asus-wrt GPLs (ie any new security fixes, performance updates and stability fixes from asus)?

 

[RMerlin]

I apoogize if this is a silly question, since Rmerlin didn't specify it in the release notes, but does this update merge with any recent asus-wrt GPLs (ie any new security fixes, performance updates and stability fixes from asus)?

GPL merges are always specificed in the changelog. 3004.388.8 won`t use a new GPL.

 

[swejuggalo]

I have a weird issue I noticed lately.
online.swedbank.se
Can't access it correctly from either the computers, or phones with the app.
I go into WAN DNS settings, change DNS settings, it works (Or simply use scMerlin). Wait for 30-1h+. Does not work again. Does not seem to matter what settings I use.
I have killed other parameters I suspected at first (like Skynet), but DNS setting/reboots/changes alone makes it work fine for a while.
I don't see other sites behaving like this.

I don't see a particular error or warning. Is there anything I should try before resorting to a wipe?

DDNS also stopped updating my IP, but it seems up-to-date now. So let's hope it keeps it this way. Didn't notice this until VPN failed. But works normally now.

 

[Treadler]

I have a weird issue I noticed lately.
online.swedbank.se
Can't access it correctly from either the computers, or phones with the app.
I go into WAN DNS settings, change DNS settings, it works (Or simply use scMerlin). Wait for 30-1h+. Does not work again. Does not seem to matter what settings I use.
I have killed other parameters I suspected at first (like Skynet), but DNS setting/reboots/changes alone makes it work fine for a while.
I don't see other sites behaving like this.

I don't see a particular error or warning. Is there anything I should try before resorting to a wipe?

DDNS also stopped updating my IP, but it seems up-to-date now. So let's hope it keeps it this way. Didn't notice this until VPN failed. But works normally now.

FWIW, I can get to it ok from here, on the other side of the world.

 

[SkippyP]

I have a weird issue I noticed lately.
online.swedbank.se
Can't access it correctly from either the computers, or phones with the app.
I go into WAN DNS settings, change DNS settings, it works (Or simply use scMerlin). Wait for 30-1h+. Does not work again. Does not seem to matter what settings I use.
I have killed other parameters I suspected at first (like Skynet), but DNS setting/reboots/changes alone makes it work fine for a while.
I don't see other sites behaving like this.

I don't see a particular error or warning. Is there anything I should try before resorting to a wipe?

DDNS also stopped updating my IP, but it seems up-to-date now. So let's hope it keeps it this way. Didn't notice this until VPN failed. But works normally now.

I’ve occasionally seen strange behavior like that when DNSSEC is enabled, particularly when it’s enabled while using my ISP’s DNS. If you have it enabled, try disabling it and see if it helps.

 

[swejuggalo]

I’ve occasionally seen strange behavior like that when DNSSEC is enabled, particularly when it’s enabled while using my ISP’s DNS. If you have it enabled, try disabling it and see if it helps.

Yeah, that one is disabled.
Even if I enable it, the restart itself makes it work temporary.

 

[swejuggalo]

I have now used "none" on DNS Privacy Protocol. It does not seem to fail now over time. At least not yet.
But multiple DoT configurations have failed... So it does not seem to be linked to a particular DNS.

 

[Ripshod]

I have now used "none" on DNS Privacy Protocol. It does not seem to fail now over time. At least not yet.
But multiple DoT configurations have failed... So it does not seem to be linked to a particular DNS.

It's not the router. It's not the firmware. Also tested with Cloudflare DoT. When was the last factory reset?
Try these settings with DNS Director set to "No Redirection", see if there's any change:

I used to have DNS Director set to "Router" but started getting DNS leaks until I changed that setting. It's no longer a logical setting (to me).

 

[cc666]

It's not the router. It's not the firmware. Also tested with Cloudflare DoT. When was the last factory reset?
Try these settings with DNS Director set to "No Redirection", see if there's any change:
View attachment 60189
I used to have DNS Director set to "Router" but started getting DNS leaks until I changed that setting. It's no longer a logical setting (to me).

You do NOT have port 853 entered in the DNS over TLS server list.

CC

 

[Ripshod]

You do NOT have port 853 entered in the DNS over TLS server list.

CC

Don't need to if you select the server from the list.

 

[swejuggalo]

It's not the router. It's not the firmware. Also tested with Cloudflare DoT. When was the last factory reset?
Try these settings with DNS Director set to "No Redirection", see if there's any change:
View attachment 60189
I used to have DNS Director set to "Router" but started getting DNS leaks until I changed that setting. It's no longer a logical setting (to me).

It wasn't that very long ago. There have not been much updates since then. Don't think I seen the problem before this specific update.

I will look at your suggestions and see what happens.

 

[cc666]

Don't need to if you select the server from the list.

Well it didn't work for me until I entered the port number, it would take 1 minute to test.

CC

 

[Ripshod]

Well it didn't work for me until I entered the port number, it would take 1 minute to test.

CC

My test results

$ dig +tls @dnscheck.tools txt go.dnscheck.tools

; <<>> DiG 9.18.24-0ubuntu5-Ubuntu <<>> +tls @dnscheck.tools txt go.dnscheck.tools
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31397
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;go.dnscheck.tools.        IN    TXT

;; ANSWER SECTION:
go.dnscheck.tools.    1    IN    TXT    "id: 31397"
go.dnscheck.tools.    1    IN    TXT    "proto: TLS"
go.dnscheck.tools.    1    IN    TXT    "remoteIp: 2a0a:ef40:d90:d700:xxxx:xxxx:xxxx:xxxx"
go.dnscheck.tools.    1    IN    TXT    "remotePort: 37201"
go.dnscheck.tools.    1    IN    TXT    "edns: version: 0, flags:; udp: 1232"
go.dnscheck.tools.    1    IN    TXT    "tlsVersion: TLS 1.3"
go.dnscheck.tools.    1    IN    TXT    "tlsCipherSuite: TLS_AES_128_GCM_SHA256"
go.dnscheck.tools.    1    IN    TXT    "tlsNegotiatedProtocol: dot"

;; Query time: 89 msec
;; SERVER: 2a01:4f8:1c1e:84c3::1#853(dnscheck.tools) (TLS)
;; WHEN: Mon Jul 15 13:14:44 BST 2024
;; MSG SIZE  rcvd: 488