Release Asuswrt-Merlin 3004.388.8_4 is now available

[RMerlin]

Hi @RMerlin,
Can you please provide an example on how to update the enabled/disabled nvram setting programmatically when starting and stopping vpn via ssh?

I'm on RT-AX86U.

Thanks!

vpn_clientx_eas nvram need to contain a list of enabled clients, separated by a comma. For example, if client 1 and 3 are enabled:

nvram set vpn_clientx_eas=1,3
nvram commit

 

[eggplant]

Hi,
I bought an RT AX86U Pro four weeks ago. Had an old RT AC68U before. I ran the RT AX86U Pro with the supplied firmware and everything seemed fine. Then I installed 3004.388.8_2 and it worked for a couple of days. I had to reboot a few times but that was because I made some small changes to the configuration. Then 3004.388.8_4 was released and I installed it and it was fine for 24-48 hours. Then some stations/phones/devices started dropping out. This seems to come back every other day or so. Same thing this morning. My weather station, printer and an Android TAB did not get an IP address. The funny thing is that I have set a static address on the printer, but it shows the same behavior as those with DHCP. My DHCP range starts at 50-99 and I have set some on fixed address that are between 2-10. Is this something known or does anyone have an idea of what to do? I've been saving logs a bit sporadically to see if that might be useful.

 

[MDM]

After putting RMerlin, first factory reset, then the rest.

 

[eggplant]

After putting RMerlin, first factory reset, then the rest.

Okay. Done. Thanks. Should of course have thought of testing with factory reset first. I was sloppy. Did not read RT-AX86U_PRO_3004_388.8_4/README-merlin.txt and "Installation".

 

[Tex Texan]

I saw the official Asus support page for my RT-AX88U has just published a new firmware, the first since March this year.

I assume the Merlin 3004_388.8_4 firmware I'm running is already up to date (possibly ahead) with these changes?

ASUS RT-AX88U Firmware version 3.0.0.4.388_24221
Version 3.0.0.4.388_24221
67.95 MB
2024/11/18

1. Strengthened input validation and data processing workflows to further protect information security.
2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3. Enhanced device security through improved buffer handling in connection features.
4. Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.

 

[DJones]

I saw the official Asus support page for my RT-AX88U has just published a new firmware, the first since March this year.

I assume the Merlin 3004_388.8_4 firmware I'm running is already up to date (possibly ahead) with these changes?

ASUS RT-AX88U Firmware version 3.0.0.4.388_24221
Version 3.0.0.4.388_24221
67.95 MB
2024/11/18

1. Strengthened input validation and data processing workflows to further protect information security.
2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3. Enhanced device security through improved buffer handling in connection features.
4. Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.

That’s correct Merlin’s firmware is already ahead of these changes or was posted around the same time as stocks release.

 

[BenWish]

Dirty update on my GT-AX6000 and RT-AX88U without any issues. Reboot and go.
Awesome as usuall.

Thank you!

 

[Jbennett360]

That’s correct Merlin’s firmware is already ahead of these changes or was posted around the same time as stocks release.

The AI Cloud patch has been used. Not sure if everything else has been incorporated

 

[DJones]

3004.388.8_4 (17-Nov-2024)
- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)

=======

ASUS GT-AX11000 Firmware version 3.0.0.4.388_24394

Version 3.0.0.4.388_24394
70.72 MB 2024/11/13
Please unzip the firmware file, and then verify the checksum.
SHA256: 377915f7d7eb85c324e3e316cebdb799d4c9a6ba304ce905a8a000cc525aa5d0

1. Strengthened input validation and data processing workflows to further protect information security.
2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3. Enhanced device security through improved buffer handling in connection features.
4. Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.

@Tex Texan ASUS’s change-logs are always vague if their is anything differing it “might” be device specific however I think it’s just a security update I don’t believe it was a major change in the code since were still on version 388 so if something additional was added that’s a question for RMerlin.

 

[predatorz]

Dirty upgrade from 3004.388.6_2 to 3004.388.8_4 successful.
Encounter error "grep: error while loading shared libraries: /opt/lib/libpcre2-8.so.0:" in CLI which was resolved after force install of libpcre2 package

 

[Marcus Yansen]

Hi folks right now I am on version on the following official FW version: ASUS RT-AX88U Pro Firmware version 3.0.0.6.102_33340
How can I find out which official version the newest merlin compares to? Currently, as per the titel of this topic merlin is on 3004.388.8_4

And if I want I can just install merlin over the version I have?

 

[Deleted member 77025]

Hi folks right now I am on version on the following official FW version: ASUS RT-AX88U Pro Firmware version 3.0.0.6.102_33340
How can I find out which official version the newest merlin compares to? Currently, as per the titel of this topic merlin is on 3004.388.8_4

And if I want I can just install merlin over the version I have?

FAQ

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

Q: Asus just released firmware version XYZ. When will you integrate it in your firmware?
A: For a new Asus release to be merged in, a lot of things are required:

1. The source code (AKA GPL release) must be available. Asus don't always release them at the exact same time as the binary firmware.
2. That GPL release must be complete. Sometimes, Asus forgets to include some components
3. If there is any change to the closed-source components, then I will also need an updated GPL release for every other supported models (or at least for enough of them to make it worth the trouble)
4. I need the time to actually do the merge (which typically requires 5-10 hours of work, depending on how complex the changes are)
5. I need the time to test things out, which can span from a few days to a few weeks.

So the answer is: "Whenever all those requirements are met". This means it almost never happen within the next few days, it's typically a couple of weeks for all of this to be done.

and

[FAQ] READ ME FIRST before posting a question

Model support Q: Will you support the RT-xxxxxx that was just announced? A: See detailed answer in post #3. Q: Will you support router XYZ from this non-Asus manufacturer? A: No. Asuswrt-Merlin only targets Asus-supported models, due to both technical and legal reasons. Q: I'm having...

www.snbforums.com

Q: Asus just released firmware 3.0.0.4.xxx_yyyyy! Will you implement it/when will you merge it?
A: The first thing that needs to occur for me to be able to merge new code is for Asus to release the GPL code. Next, that code must be available for all models that I support, or at least still be compatible with the binary components of the previous GPL release. Until all of these requirements are met, I cannot do anything.

Just make sure to have the latest Asus Firmware installed for your RT-AX88U, then you can update/install Merlin over your current Asus Firmware.

Asuswrt-Merlin - Browse /RT-AX88U_PRO at SourceForge.net

Alternative firmware for Asus wireless routers

sourceforge.net

 

[RMerlin]

ow can I find out which official version the newest merlin compares to? Currently, as per the titel of this topic merlin is on 3004.388.8_4

Look at the changelog, I always document new GPL merges there.

 

[Marcus Yansen]

I am probably getting this wrong, but based on how I understand this, the changelog says "- NOTE: In preparation for the new 3.0.0.6 codebase, the version string will now start with 3004 or 3006 to match with upstream."

Since the Merlin AX88U pro is on 3004, it means that, there is still a bit of time before it reaches 3.0.0.6 (or 3006 codebase in merlin), correct?

 

[ColinTaylor]

Since the Merlin AX88U pro is on 3004, it means that, there is still a bit of time before it reaches 3.0.0.6 (or 3006 codebase in merlin), correct?

It has nothing to do with timescales or future support, it's merely a change in the firmware naming convention. So instead of this release being called 388.8_4 it's now called 3004.388.8_4.

 

[Caesar the Dictator]

When I manually disabled the enabled WireGuard VPN client with killswitch active, from the GUI/VPN Director/WireGuard clients status/Enable column, the killswitch functioned as in the previous firmware and prevented traffic from leaking to the WAN.

VPN killswitch will now only be active if the VPN client itself is enabled.

I understood from this quote that if the VPN client with killswitch enabled is disabled, the killswitch will not work anymore, am I misunderstanding?

 

[nbdwt73]

I did a dirty upgrade from 8_2 about a week ago on my 3 RT-AX88U devices and all seemed fine. I soon began to see issues with several of my IOT devices (use Smartthings for home automation). I saw some discussion on here from others having bind issues which sounded similar to my problems. What I have discovered is that as long as the binds are not changed or end point device names (or IP addresses) everything works fine. What bit me was that I added some new Matter devices and changed some device names - that just caused some cascading problems to the point where my automation scripts quit working.

Anyway, I have reverted back to 8_2 and corrected all of the bind issues (and naming problems) and all is fine. I am reluctant to go to 8_4 again but given I am not planning on anymore network changes I may go ahead.

 

[lindros2]

8_2 is so good for me that I'm scared to go to 8_4...

 

[jksmurf]

8_2 is so good for me that I'm scared to go to 8_4...

Given the reason for 8_4 is to patch a huge security issue that has been causing semi-bricked Routers afflicted by it, I’d venture to say you should be more scared not to; unless you absolutely don’t use any AICloud services.

 

[underdose]

Dirty upgrade from 8_2 and nothing to report, as always. Thanks for your work again Rmerlin.