Beta Asuswrt-Merlin 3004.388.9 Beta is now available

[Unisoft]

Any further details/reports regarding the empty Networkmap? I still ccannot reproduce the issue here, so I will need the error messages from someone's browser console to be able to investigate. The only thing I noticed was that, over https, that frame can take 2-3 seconds before it loads, but it always did. Asus did change something in that GPL where that frame gets loaded by a timed Javascript call.

The errors I saw in edge developer tools were about document dom parent window not being the original. I coukd of course be looking at the wrong thing in there though. It listed a load of attributes.

I am accessing the routers over a WAN, with specific IP only allowed with Lets Encrypt cert. Its via a DDNS url as dynamic IP at the router end.

 

[dave14305]

So we have reports from ill-advised WAN HTTPS access, and another unusual reverse proxy setup. Any plain LAN access users with the network map issue?

 

[RMerlin]

only one WiFi clients connects and as soon as it does, then nothing else could

No problem connecting two bound clients here.

Also when a client would unbind to the 388.9 node it instantly connected to the 388.8-4 router or node, if I tried to rebind it, it would not connect.

I unbound both clients, reconnected, rebound them, reconnected both again, and both clients worked fine, connecting to the node.

I see no issue at all here with two different clients with the same scenarios that you described.

 

[RMerlin]

So we have reports from ill-advised WAN HTTPS access, and another unusual reverse proxy setup. Any plain LAN access users with the network map issue?

I actually do 90% of my test/development over HTTPS and WAN (within my LAN, but this is to allow me to quickly plug and access any specific device in parallel). Chrome has a long-standing issue with self-signed certificates, after keeping track of that issue on the Chromium bug tracker for multiple years I just eventually gave up. Meanwhile, WAN access over HTTPS always worked flawlessly with Firefox. There seems to be either a racing condition with Chrome, or it tries to open multiple parallel connections to the router which fails since the httpd daemon can only handle a single socket connection at once.

 

[aex.perez]

No problem connecting two bound clients here.

View attachment 64883


I unbound both clients, reconnected, rebound them, reconnected both again, and both clients worked fine, connecting to the node.

I see no issue at all here with two different clients with the same scenarios that you described.

I'll try it again.

One node first like when I did the Beta. Then once I have statbility there like I have now. Then the Other node, and then the router.

It was odd that it failed with Alpha 2, and after everything recovered after a reset, reflash and restore. The Beta with a node, exhibited the same thing, in the same way. Even down reved the node (while the router and other node on 388.8-4) and still had to factory reset it, reflash, before it came up again.

Anything you want me to capture, before / after if the same thing happens? I know it's closed source, so it is what it is. But just in case you want any data to see what might be going on.
I looked at the simple stuff and didn't find anything that stood out to me but then again I likely didn't know to look at anything deeper.

One thing I will try if it goes bonkers again, is a WPS reset and set up from scratch (not recover from backup) and see where that leaves me.

Should see this with the same rave as you with my distribution of clients if successful

 

[RMerlin]

Anything you want me to capture, before / after if the same thing happens?

No, everything related to it is outside of my control anyway. I just wanted to confirm that it does work properly in itself.

 

[aex.perez]

No, everything related to it is outside of my control anyway. I just wanted to confirm that it does work properly in itself.

I know, thought I'd ask just the same
I'll try it again the next few days, when I got some free time.

 

[Unisoft]

So we have reports from ill-advised WAN HTTPS access, and another unusual reverse proxy setup. Any plain LAN access users with the network map issue?

"ill advised WAN access" - matter of creative opinion. Its SSL TLS 1.2 at least, complex password, fully patched and locked down to one IP address for access, not just open to any IP address.
Seems the AIDISK/AICLOUD people were more at risk than this which i never used. Yes, there is risk, particularly as time goes by and firmware gets older (and Asus just strengthened security mechanisms), but anything has risk including other settings in the router or client OS.
Any web login interface can have code vulnerabilities potentially, and yes, it is unfortunate that Ausus cannot utilise an MFA app as an additional step in authentication security (not something I expect Merlin to have to do).
At some point I will get to put behind a VPN, but I suspect network map would not work over VPN either. I agree, this is a beta release, so more potential risk, but Merlin over time has been great, and one of the few devs I would use beta this way, the betas are normally close to production. I don't use alpha builds though across WAN.

 

[visortgw]

"ill advised WAN access" - matter of creative opinion. Its SSL TLS 1.2 at least, complex password, fully patched and locked down to one IP address for access, not just open to any IP address.
Seems the AIDISK/AICLOUD people were more at risk than this which i never used. Yes, there is risk, particularly as time goes by and firmware gets older (and Asus just strengthened security mechanisms), but anything has risk including other settings in the router or client OS.
Any web login interface can have code vulnerabilities potentially, and yes, it is unfortunate that Ausus cannot utilise an MFA app as an additional step in authentication security (not something I expect Merlin to have to do).
At some point I will get to put behind a VPN, but I suspect network map would not work over VPN either. I agree, this is a beta release, so more potential risk, but Merlin over time has been great, and one of the few devs I would use beta this way, the betas are normally close to production. I don't use alpha builds though across WAN.

Network Map works fine behind VPN (at least OpenVPN server running on router).

 

[Lee MacMillan]

Flashed yesterday, no problems on my simple system.

 

[Unisoft]

Network Map works fine behind VPN (at least OpenVPN server running on router).

Is that on RT-AX86U though? I don't think anyone is sure it's all models or just some. So far others reported AX86U. I should be able to do a local login in a few days to see if that's OK or not.

 

[RMerlin]

I actually do 90% of my test/development over HTTPS and WAN (within my LAN, but this is to allow me to quickly plug and access any specific device in parallel). Chrome has a long-standing issue with self-signed certificates, after keeping track of that issue on the Chromium bug tracker for multiple years I just eventually gave up. Meanwhile, WAN access over HTTPS always worked flawlessly with Firefox. There seems to be either a racing condition with Chrome, or it tries to open multiple parallel connections to the router which fails since the httpd daemon can only handle a single socket connection at once.

BTW @dave14305 here is the Chrome issue I was talking about (I just tracked it back).

Chromium

issues.chromium.org

It shows up as random ui elements failing to load with net::ERR_TOO_MANY_RETRIES in the console. It only happens with self-signed certs, and it only happens with Chrome (works fine in Firefox, and never tested it in Edge). And after 10 years, there's still no sign of it ever getting fixed. The best options so far are to use Firefox, or to manage your own CA, issue your signed certificates, and import the CA in your browser so it will no longer be self-signed, and will be recognized as valid by your browser. I do the latter using XCA to manage certificates for all my devices on my LAN, all signed by the same CA.

EDIT: another possible option which I haven't tested, I believe recent versions of Asuswrt will now generate both a CA and a certificate, possibly to work around that issue. Someone would have to test it tho..

 

[RMerlin]

3004.388.9 final is now available.

Release - Asuswrt-Merlin 3004.388.9 is now available

Asuswrt-Merlin 3004.388.9 is now available. Note that the BCM4912 devices are being migrated to 3006.102, therefore they will not be included in this or in future 3004.388 release. The focus of this release is the merge of an updated GPL, updated components, and a few enhancements to VPN...

www.snbforums.com

Thanks everyone that contributed to this beta cycle.