Release Asuswrt-Merlin 3006.102.3 is now available for WIfi 7 devices

[Bralee]

Did you install the development versions of the add-ons?

Read through this thread for answers: https://www.snbforums.com/threads/compatibility-findings-with-addons-with-gt-be98-pro.90657/

thanks for answer. I haven't see that.
Jump quickly to this link

Have a nice day.

 

[jeff29922]

Jeff, it took me forever to detect this, but with your help I think I've seen another similar issue to yours. In certain applications, authentication into some banking systems or starting a video on certain mobile apps would take forever to start. I ended up disabling IPv6 updates for DDNS and disabling IPv6 altogether. After that, things seemed to clear up substantially. You might need to give this a try to solve your issues completely as well.

Thank you my friend, I will do that! Sorry it took me so long to get back on here. I just was gifted a whole bunch of Teams phone devices by one of our vendor partners and I have been in networking hell trying to get everything up and running

 

[mikezilla2]

just replaced my AX88 with a BE88

any reasons i shouldn't install the latest merlin firmware atm ?

 

[visortgw]

just replaced my AX88 with a BE88

and reasons i shouldn't install the latest merlin firmware atm ?

It all depends on your use case. I have been using Merlin firmware on my GT-BE98 Pro since it was first available, and I do not regret it one bit. Try it — you can always re-install latest stock if it doesn't suit your needs.

 

[Ripshod]

I installed Merlin the day I got mine. Runs sweet as a nut. There were two hiccups, one fixed by rebuilding an IoT network and the other was my fault installing an old and stale YazDHCP config.

 

[Marchcat2008]

I installed Merlin the day I got mine. Runs sweet as a nut. There were two hiccups, one fixed by rebuilding an IoT network and the other was my fault installing an old and stale YazDHCP config.

Now YazDHCP 1.07 (develop version) works perfectly. It saves and restores correctly the list DHCP of clients and pictures for them.

 

[Ripshod]

Now YazDHCP 1.07 (develop version) works perfectly. It saves and restores correctly the list DHCP of clients and pictures for them.

Yeah, that's what I'm using. The issue for me was I'd been reinstalling the CSVs all this time, and it contained IoT devices I moved over to a guest network a couple of years ago. Had to rebuild from scratch.

 

[Blacklistedcard]

It all depends on your use case. I have been using Merlin firmware on my GT-BE98 Pro since it was first available, and I do not regret it one bit. Try it — you can always re-install latest stock if it doesn't suit your needs.

Same here. the BE98Pro been great. I use to have a AX88U which I made into a AInet node

 

[Zarrow]

Thanks to @dave14305 for diagnosing that DNS Director is not working on my RT-BE86U. The details can be seen here and in the following posts. A temporary fix can be seen in post #47 of that thread.

 

[mikezilla2]

well this Ai protection Sure is Rubbish ....

dont think even white listing is much use and it appears to have highjacked some entrys .....

 

[biker3]

Hi,
I've updated a RT-BE88U to this firmware and I'm having a problem if I use a Wireguard client.
I'm not sure if here is the place to post this.
The problem is I lose internet access from any LAN device if I reboot the router with the Wireguard client connected. The access through VPN works without problem. The Internet access from router works also.
I'm able to recover Internet access if I enable o disable the Enable DoS protection, for example. But if I reboot the router I lose again Internet access from LAN devices.


Details:
Firstly, I've updated with no restore to factory defaults, keeping the settings and the problem has shown up.
Secondly, due to this problem, I've reflashed the firmware (last version again), restored to factory defaults and reconfigure the router manually, avoiding restore with backup file, but the problem remains.

Wireguard client:

interface: wgc1
  public key: ESuRxg7qrQ33O+f8ZNvUq6lEhu25Yrx4/La/x+2cJWQ=
  private key: (hidden)
  listening port: 41800

peer: rRCPBi8gzsnIVMpMIytNShJGdMFJbzX/X9yyMJRaF2U=
  preshared key: (hidden)
  endpoint: SERVERIP:PORT
  allowed ips: 0.0.0.0/0
  latest handshake: 7 seconds ago. (sec:7)
  transfer: 184 B received, 520 B sent
  persistent keepalive: every 25 seconds

VPN Director:
View attachment 63505

According to this, only traffic to these network o that IP would be sent through VPN. Otherwise it would use WAN.

If I reboot the router:

• From a desktop I can reach other LAN through VPN:

$ traceroute -n 192.168.60.11
traceroute to 192.168.60.11 (192.168.60.11), 30 hops max, 60 byte packets
 1  192.168.50.1  0.511 ms  0.527 ms  0.402 ms
 2  10.60.0.1  131.227 ms  131.583 ms  131.725 ms
 3  192.168.60.11  131.645 ms  131.583 ms  131.519 ms

• From a desktop I can't reach any other network:

$ traceroute -n 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  192.168.50.1  0.669 ms  0.564 ms  0.514 ms
 2  * * *
 3  * * *
 ...
29  * * *
30  * * *

• From the router I can reach any other network:

# traceroute -n 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 38 byte packets
 1  MYGATEWAY  0.652 ms  0.856 ms  0.972 ms
 2  10.63.34.213  1.470 ms  1.969 ms  1.479 ms
 3  10.63.0.246  1.975 ms  1.476 ms  10.63.0.73  2.478 ms
 4  10.63.128.146  1.973 ms  10.63.33.185  2.475 ms  1.976 ms
 5  10.63.128.169  2.473 ms  10.63.0.70  2.473 ms  10.63.128.169  2.978 ms
 6  10.63.152.38  2.972 ms  10.63.36.212  3.971 ms  10.63.152.38  2.476 ms
 7  170.250.254.118  3.975 ms  3.477 ms  170.250.254.37  3.478 ms
 8  170.250.254.1  3.969 ms  170.250.254.9  3.976 ms  170.250.254.5  4.977 ms
 9  170.250.254.5  3.975 ms  108.162.211.66  4.474 ms  170.250.254.5  4.475 ms
10  108.162.211.236  2.472 ms  108.162.211.232  3.977 ms  108.162.211.228  3.976 ms
11  1.1.1.1  2.968 ms  3.477 ms  108.162.211.228  3.479 ms

Routes:

# ip rule
0:    from all lookup local
20:    from all lookup 8437
11210:    from all to 192.168.60.0/24 lookup wgc1
11211:    from all to 54.242.237.204 lookup wgc1
32766:    from all lookup main
32767:    from all lookup default

# ip route show table wgc1
0.0.0.0/1 dev wgc1 scope link
10.60.0.1 dev wgc1 scope link
SERVERIP via MYGATEWAY dev eth0
128.0.0.0/1 dev wgc1 scope link

# ip route show table main
default via MYGATEWAY dev eth0
76.76.2.0 via MYGATEWAY dev eth0 metric 1
127.0.0.0/8 dev lo scope link
MYSUBNET/MASK dev eth0 proto kernel scope link src MYIP
MYGATEWAY dev eth0 proto kernel scope link
192.168.50.0/24 dev br0 proto kernel scope link src 192.168.50.1
192.168.52.0/24 dev br55 proto kernel scope link src 192.168.52.1
194.242.2.2 via MYGATEWAY dev eth0 metric 1
239.0.0.0/8 dev br0 scope link

# ip route get 1.1.1.1 from 192.168.50.3 iif br0
1.1.1.1 from 192.168.50.3 via MYGATEWAY dev eth0
    cache iif br0

If for example I enable (or disable) DoS protection (no reboot) I can reach any Internet network from any LAN device. But the routes remain the same:

# ip rule
0:    from all lookup local
20:    from all lookup 8437
11210:    from all to 192.168.60.0/24 lookup wgc1
11211:    from all to 54.242.237.204 lookup wgc1
32766:    from all lookup main
32767:    from all lookup default

# ip route show table wgc1
0.0.0.0/1 dev wgc1 scope link
10.60.0.1 dev wgc1 scope link
SERVERIP via MYGATEWAY dev eth0
128.0.0.0/1 dev wgc1 scope link

# ip route show table main
default via MYGATEWAY dev eth0
76.76.2.0 via MYGATEWAY dev eth0 metric 1
127.0.0.0/8 dev lo scope link
MYSUBNET/MASK dev eth0 proto kernel scope link src MYIP
MYGATEWAY dev eth0 proto kernel scope link
192.168.50.0/24 dev br0 proto kernel scope link src 192.168.50.1
192.168.52.0/24 dev br55 proto kernel scope link src 192.168.52.1
194.242.2.2 via MYGATEWAY dev eth0 metric 1
239.0.0.0/8 dev br0 scope link

# ip route get 1.1.1.1 from 192.168.50.3 iif br0
1.1.1.1 from 192.168.50.3 via MYGATEWAY dev eth0
    cache iif br0

What could be happening? Why do I lose Internet access from LAN devices when I reboot the router, but when I modify DoS protection or even disable/enable Firewall the problem disappears until the next reboot?
This behavior worries me in case the router reboots and I don't notice.

Regards

I've been looking into this and I've found there're changes in iptables if I disable and reenable DoS protection, for example, until reboot.
Just rebooted:

Chain WGCF (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain WGCI (0 references)
target     prot opt source               destination

After disable and reenable DoS protection:

Chain WGCF (1 references)
target     prot opt source               destination         
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere             match-set vpnc_ipset1 src
ACCEPT     all  --  anywhere             anywhere             match-set vpnc_ipset1 dst
ACCEPT     all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain WGCI (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere

After this disable-and-reenable I achieve recover Internet access.
Why don't these entries appear in iptables after reboot?
However, if I reboot with wireguard disabled and I enable it I get the right iptables:

Chain WGCF (1 references)
target     prot opt source               destination         
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere             match-set vpnc_ipset1 src
ACCEPT     all  --  anywhere             anywhere             match-set vpnc_ipset1 dst
ACCEPT     all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain WGCI (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere

It is as if the iptables configuration with Wireguard is not correct if you start with Wireguard enabled. But if I modify the firewall section or activate iptables with the router started, then it works without problem.

 

[Warboy]

I don't know whats the issue, but it happens both in factory firmware and merlin.

MAC address whitelists prevents Wifi 7 from connections, and it falls back to Wifi 6E. Repo steps - enable and setup mac address whitelist. Apply, Check connection on Wifi 7 devices, it shows Wifi 6E with Wifi 6 speeds. Disable whitelist and check devices again, now theyre working at full speed wifi 7.

 

[Ripshod]

Yeah, that's what I'm using. The issue for me was I'd been reinstalling the CSVs all this time, and it contained IoT devices I moved over to a guest network a couple of years ago. Had to rebuild from scratch.

Over the long term I see instability with IPv6. When it's enabled I get random reboots - not a crash, more an organised reboot (networks and services shutting down etc). Disable IPv6 and zero reboots. Very different to my old RT-AX88U, but that's comparing different generations.
Retracted - more to follow

 

[Poseidon]

Quick question: Is it ALWAYS recommended to do a factory reset after installing a new version ofAsuswrt-Merlin or only recommend after a major release (and not an updated build)? Thanks

​

 

[visortgw]

Quick question: Is it ALWAYS recommended to do a factory reset after installing a new version ofAsuswrt-Merlin or only recommend after a major release (and not an updated build)? Thanks

​

Typically only necessary if you have issues.

 

[Wisiwyg]

Just upgraded to BE96U taking advantage of a price reduction to $449, plus a 15% further discount at Best Buy by trading in an old, retired AC86U. Total cost just over $400 with tax.
Loaded this 3006.102.3 on first boot. All performing as expected.

 

[visortgw]

Just upgraded to BE96U taking advantage of a price reduction to $449, plus a 15% further discount at Best Buy by trading in an old, retired AC86U. Total cost just over $400 with tax.
Loaded this 3006.102.3 on first boot. All performing as expected.

Similar savings available on GT-BE98 Pro, depending on you requirements...