Release Asuswrt-Merlin 3004.388.8_4 is now available

[octopus]

with the upgrade 3004.388.8_4 in 86u pro I have a serious problem with the kill switch.
and generally with openvpn tcp.

Accept DNS Configuration = exclusive
Redirect Internet traffic through tunnel = vpn-director
Killswitch = yes

some times the router after restart or pppoe disconnection the vpn client(openvpn / tcp) does not connect and the Killswitch is useless with the result that the all devices uses wan ip

Killswitch only working if vpn is on.

 

[anotherengineer]

Think might be a bug for QoS, the download seems to apply and stick, the upload either doesnt appy or stick or both?
Same issue as previous version

AX86U Merlin and Cake QoS

So I was/am having issues with DL/UL pings all over the place, as in up to 600ms. Connection is 250/30. Setting cake qos manual to 245-DL basically fixed the DL. UL manual settings from 30 to 20 in 1Mbps increments, no change. WAN packet overhead set to internet with VLAN. Just wondering...

www.snbforums.com

View attachment 62495
View attachment 62496

Can anyone test this on the AX86u pro?

 

[lumia]

Can anyone test this on the AX86u pro?

I had a similar problem when I had vdsl but it was fixed by changing the wan packet overhead values. If you don't know the provider's wan packet overhead values, try setting the bandwidth limiter to about 15% less than your normal speed.

 

[lumia]

Killswitch only working if vpn is on.

in older versions it worked great without causing any problems.... what's the reason to change something that works properly for the worse??

 

[lumia]

Another thing I noticed is that The "Internet Traffic" counter in index.asp when there is traffic via a vpnclient cannot correctly divide it into upload and download and as the download speed increases, it shows (incorrectly) that the upload speed is also increasing at the same time.

 

[anotherengineer]

I had a similar problem when I had vdsl but it was fixed by changing the wan packet overhead values. If you don't know the provider's wan packet overhead values, try setting the bandwidth limiter to about 15% less than your normal speed.

This is 250/30 fibre, I did try from 1Mbps all the way through on this and last version of merlin, DL fine, it's the upload that doesn't stick or work at any setting. Thanks for tip though.

 

[anotherengineer]

I had a similar problem when I had vdsl but it was fixed by changing the wan packet overhead values. If you don't know the provider's wan packet overhead values, try setting the bandwidth limiter to about 15% less than your normal speed.

This is 250/30 fibre, I did try from 1Mbps all the way through on this and last version of merlin, DL fine, it's the upload that doesn't stick or work at any setting. Thanks for tip though.
"If you don't know the provider's wan packet overhead values," I could try to find that. thanks.

 

[maxbraketorque]

I hadn't planned on applying this upgrade, but Comcast had an unplanned outage right after this firmware was released, so I did the upgrade to my GT-AX6000 main/AP combo. Rebooted the routers, installed the update, and rebooted again. No issues during or after the upgrade.

 

[prosperot]

As usual a dirty upgrade let to disappointing wifi speeds, but after a fresh install, everythings works grant! Thanks again for your hard work

 

[learning_curve]

A dirty upgrade from 3004.388.8_2 for me. Working perfectly on my RT-AX86U for well over two days now. Thanks again @RMerlin Much appreciated!

 

[Ripshod]

Let it settle for a few days and everything is sweet. Thanks @RMerlin

 

[bluzfanmr1]

I went from 3004.388.6_2 to 3004.388.8_4 and all went smooth. I didn't have any issues with the USB 3.0 attached NVMe storage mounting on the first try.

 

[Mesmer]

I was one of those affected. I would assume, as there's no major changes from 388.8_2 the jump from 388.7 may behave in the same way.
Only one way to find out I guess (bite the bullet).

Thanks for taking the time to reply. I did indeed just bite the bullet and thankfully all was ok - dirty upgrade from 388.7 to 388.8_4 with no issues. It's either just down to luck, or maybe down to applications installed and how they use jffs (I only have Diversion installed, but I do also use dnsmasq.conf.add and hosts.add for static DNS and local websites)
Merlin - thanks again for your work. I've been a Merlin firmware user for nearly a decade now, indeed it's the only reason I went with Asus for routers in the first place!

 

[Caesar the Dictator]

Killswitch only working if vpn is on.

Just to clarify: when the router reboots or disconnects from PPPoE while the VPN client is active, is the client no longer active? If it is active, the kill switch should be working.

 

[ComputerSteve]

Can someone please clarify the change on the kill switch ? So before this current update -- I was under the impression that the Kill switch was always active -- Is this still not the case ? Meaning now the internet can leak again as it previously was able to do in the older versions of the firmware ?

 

[PR3MIUM]

- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.

Enabled Killswitch Option to YES -> VPN Client with Killwsitch running in ON -> YES (always ON Killswitch) ?

 

[ComputerSteve]

- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.

Enabled Killswitch Option to YES -> VPN Client with Killwsitch running in ON -> YES (always ON Killswitch) ?

Ok so can someone explain in very simplified terms what has now changed from 3004.388.8 to 3004.388.8_4 in the Killswitch functionality --- Meaning /// Right now I have my client being auto started using VPN Monitor script and enable VPN Client is set to OFF and the script turns the client on automatically... This used to work with the killswitch properly... Will this still be ok?

 

[PR3MIUM]

Script ON = VPN ON
Script OFF = VPN OFF
Like always start VPN on START "YES" in config = VPN ON

Wrong config on router = the VPN does not start or you leak data

 

[RMerlin]

Ok so can someone explain in very simplified terms what has now changed from 3004.388.8 to 3004.388.8_4 in the Killswitch functionality --- Meaning /// Right now I have my client being auto started using VPN Monitor script and enable VPN Client is set to OFF and the script turns the client on automatically... This used to work with the killswitch properly... Will this still be ok?

No, unless your script also sets the enable switch - I have no idea what the script does or how it does it.

The feature is designed with the regular webui usage in mind, not with how third party addons may work.

The change was made because some people complained that following the recent change, someone turning off a VPN client would also need to turn off the killswitch or ot herwise his Internet connection wouldn't be working.

 

[PR3MIUM]

Turn Off, like VPN and the 2FA-Hack, everything is better with 2FA..?
2FA is also AI, and most people think YES is more secure. but what we have learned
that nothing is secure and CAPTCHA has also been broken since now in 2024-2025.

New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed

The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit targeting Gmail and Microsoft 365 users.

www.forbes.com

Complain as much as you want to, but for me a good password with 32 chars seems to me much more secure then any KI/AI,
in other words its just a fast selling Buisness ?!