Beta Asuswrt-Merlin 3006.102.4 Beta is now available

[michael249478]

He all

Someone known if it's possible to add a static route with a new SDN network ip address as gateway (via UI), and if the ui permit to filter vlan network ?

I would like to create a VLAN with ip address and use a ip of this vlan subnet as gateway for some static routes (i have a dedicate router for some subnet, behind the asus).

With 3004 firmware, the network tab, allow to choose only WAN OR LAN network as gateway.
Does this change in this 3006 (as it officialy support VLAN)

In 3004 firmware i created some vlan network interface, static route, and iptables rules (to allow traffic from and to vlan ) by scripts (i would known if i need keep and adapt thoses scripts with 3006)

I didnt try this beta yet, because the time to adapt my networks scripts to 3006, but if those scripts are not necessary anymore, i could try it more easy

Best Regard

 

[dave14305]

I think I remember now that in the past, they used an image instead of a Unicode character, so that probably got broken when they switched to the character.

That’s what makes it mysterious. git blame says the Unicode times x has been there since at least 2017. Great that it’s sorted now!

 

[zenmota]

Imagine how much "fun" it was for me to a) figure out how SDN worked, b) interface DNSDirector with it, and c) interface VPN clients with it... And then a few months later they changed things around by moving each wireless network into a subunit nvram (i.e. the main network settingsa re now subunit 1, stored in wl1.1_* instead of wl1_*).

I also discovered a few bugs during my initial 3006 implementation, which I needed to have Asus look at them.

What do you mean by "select"? There's nothing to select on that page. You can add/remove/edit rules, or enable/disable rules and clients. The Apply button is only to save rule changes, which works fine for me.
By "select" I mean same thing as enable.

Thanks

No, this is entirely a client setting. The client decides on its MAC before it even starts talking to a router, so there's no way a router could have an impact on its behaviour - it's already chosen what MAC to use.

By "select" I mean same thing as enable.

Thanks

 

[zenmota]

Nope, dirty upgrade.

Ok, thanks for info.

Thanks

 

[Ev0]

Probably something that they fixed in more recent GPLs. I'm still waiting on an updated RT-BE92U GPL to address the CPU usage issue in particular.

That cpu usage hasn't been an issue for me since the 37435 update (I know it was the following update 37500 that they said the CPU usage was fixed in the release notes, but for me atleast it was fixed in 37435) and so far it hasn't been an issue with the beta1 release either.

 

[rflw]

You may have to clear the web browser cache. Also a very good idea to factory reset after upgrading to Merlin firmware and manually configuring.

 

[CaptainSTX]

Let me ask, why are you manually editing files? Can't you assign IPs under GNP in the Advanced Settings? I have this
View attachment 64992View attachment 64993

Thanks for the heads up. Works very well and using this method you can assign IPs to Ethernet connected devices if when setting up a Port based VLAN you assigned it too the same subnet as a guest network.

Has anyone experimented with the option of 802.1Q VLANs to see how it works or what it does in this firmware? I use 802.1Q VLANs on a pair of smart switches on my LAN so I wonder what this option accomplishes on a router. It would be interesting if for those individuals running a VPN connection between two points if you could segregate traffic on the tunnel by VLAN.

 

[rflw]

Screenshot below, I guess I'll need to bite bullet and hard reset.

 

[CaptainSTX]

Which would typically mean WPA and not WPA2. See if by any chance they might have firmware updates for these thermostats, but I doubt it since adding WPA2 support typically also requires hardware support.

Thanks for your reply. When the pull down for the authentication is used to select WPA - WPA2 Personal this then gives you the pull down encryption choices are AES or AES + TKIP. Unfortunately even if you select AES +TKIP you still end up with AES. I have confirmed this using WiFi scanners. If it is something you can change then why not eliminate the AES + TKIP option pull down so users don't select an option that really doesn't exist.

 

[RMerlin]

Does a dns director configuration of "no redirection" globally but with specific guest network client macs set to "router" still work?

No. The router currently has no way of knowing on which network that client might end up being connected. I might eventually create additional rules per interface, but since that`s not very efficient (would require a lot of duplicate rules), I'm not sure yet if I want to do it.

"Router" mode will only work properly if configured for the whole SDN.

 

[RMerlin]

By "select" I mean same thing as enable.

Thanks

Works for me. Check your system log, your client might be failing to start.

 

[robinjoo1]

Screenshot below, I guess I'll need to bite bullet and hard reset.


View attachment 65038

Dis you have this issue with another firmware

 

[dave14305]

The router currently has no way of knowing on which network that client might end up being connected.

What if you check for the client MAC and use the REDIRECT target instead of DNAT, which redirects the packet to the local IP of the interface the packet arrived on? So it would work for br0, br1, br2, br52, etc.

 

[RMerlin]

What if you check for the client MAC and use the REDIRECT target instead of DNAT, which redirects the packet to the local IP of the interface the packet arrived on? So it would work for br0, br1, br2, br52, etc.

That would need to be tested. I vaguely remember looking at the REDIRECT target back in the day, I can't remember if there was a reason why I went with DNAT instead of REDIRECT in the end.

 

[David Williams]

Hi All,
Since upgrading my main router and mesh nodes to 3006.102.4_beta1 I am seeing issues with some of my wireless devices. A couple of my ring cameras keep connecting and disconnecting every few minutes. Also, a couple of Feit light bulbs are doing the same. When I look at the AIMesh Topology I can actually see the devices connecting and reconnecting a couple of times a minute. The logs are showing up as follows:

Apr 13 20:11:39 wlceventd: wlceventd_proc_event(685): wl0.1: Auth 9C:76:13:A9:EB:78, status: Successful (0), rssi:0
Apr 13 20:11:39 wlceventd: _add_wlc_event_tbl(1040): client table was full
Apr 13 20:11:39 kernel: SBF: dhd0: INIT [9c:76:13:a9:eb:78] ID 65535 BFW 65535 THRSH 2048
Apr 13 20:11:39 wlceventd: wlceventd_proc_event(722): wl0.1: Assoc 9C:76:13:A9:EB:78, status: Successful (0), rssi:-72
Apr 13 20:11:39 wlceventd: _add_wlc_event_tbl(1040): client table was full
Apr 13 20:16:28 roamast: [EXAP]Deauth old sta in 1 1: DA:B8:A9:31:3A:97
Apr 13 20:16:28 roamast: wl1.1: disconnect weak signal strength station [da:b8:a9:31:3a:97]
Apr 13 20:16:28 kernel: WLC_SCB_DEAUTHENTICATE_FOR_REASON err -30
Apr 13 20:16:28 wlceventd: wlceventd_proc_event(645): wl1.1: Deauth_ind DA:B8:A9:31:3A:97, status: 0, reason: Previous authentication no longer valid (2), rssi:-93
Apr 13 20:16:28 wlceventd: _add_wlc_event_tbl(1040): client table was full
Apr 13 20:16:28 roamast: wl1.1: remove client [da:b8:a9:31:3a:97] from monitor list
Apr 13 20:16:28 wlceventd: wlceventd_proc_event(645): wl1.1: Deauth_ind DA:B8:A9:31:3A:97, status: 0, reason: Disassociated due to inactivity (4), rssi:-93
Apr 13 20:16:28 wlceventd: _add_wlc_event_tbl(1040): client table was full
Apr 13 20:39:55 wlceventd: wlceventd_proc_event(685): wl1.1: Auth DA:B8:A9:31:3A:97, status: Successful (0), rssi:-84
Apr 13 20:39:55 wlceventd: _add_wlc_event_tbl(1040): client table was full
Apr 13 20:39:55 kernel: SBF: dhd1: INIT [da:b8:a9:31:3a:97] ID 65535 BFW 65535 THRSH 2048
Apr 13 20:39:55 wlceventd: wlceventd_proc_event(722): wl1.1: Assoc DA:B8:A9:31:3A:97, status: Successful (0), rssi:-84
Apr 13 20:39:55 wlceventd: _add_wlc_event_tbl(1040): client table was full

This only started happening after upgrading to this latest beta on both the main router and the mesh nodes. The main router is a BE96U and the two nodes are AX86U_Pro's. The devices that are disconnecting are binded to the two AX86U_Pro's but other devices connecting to these two nodes are not having issues with disconnects. Another piece of information is that all the devices that are disconnecting are connected using the 2.4 Ghz channel. Should I change the log level to try and get more information? Before the upgrade the BE96U was running the previous 3006 build and the AX86U_Pro's were running the latest released Merlin builds. I have just turned off Roaming Assistant for 2.4Ghz to see if it helps any. Any other suggestions would be appreciated.

All, after turning off Roaming Assistant on 2.4Ghz channel the problem seems to be resolved. The thing I dont understand about this is:

1. Didnt have this issue before upgrading both the router and nodes to 3006.102.4_beta1.
2. The problem is only happening on the 2.4Ghz channel.
3. None of these devices are moving and the the around -40 to -50 dBm, not close to the -70 dBm to cause failover.

Is there anything in the new beta that might cause these issues, specifically on the AX86U_Pro's since this is the nodes all the devices were connected to?

 

[dave14305]

That would need to be tested. I vaguely remember looking at the REDIRECT target back in the day, I can't remember if there was a reason why I went with DNAT instead of REDIRECT in the end.

It’s used for NTP intercepting already, so it can’t be too flaky. But then the whole “Access Intranet” setting comes into play. Complicated.

 

[bluepoint]

Does a dns director configuration of "no redirection" globally but with specific guest network client macs set to "router" still work? In 3004, this setting would force the guest clients to use the routers dns (which would potentially be DoT if so set on the WAN page). I believe the guest gateway addresses (eg 192.168.1.101) were passed to the clients as the replacement dns server. This was my setting and those guests lost Internet when I migrated to 3006. If not, is there a new way to force guest clients to use DoT?

If your GN profile is set to use "default' DNS then all GN clients use the default router globally not unless you redirect the GN in the "DNS Director.

 

[rung]

If your GN profile is set to use "default' DNS then all GN clients use the default router globally not unless you redirect the GN in the "DNS Director.

The issue is some clients try to use their own dns servers instead of the DoT DNS server that the router provides. DNS Director intercepts those attempts and transparently redirects those requests.

 

[bluepoint]

The issue is some clients try to use their own dns servers instead of the DoT DNS server that the router provides. DNS Director intercepts those attempts and transparently redirects those requests.

Tick "prevent client auto DoH" in the Wan section so that it doesn't bypass your global DNS.

 

[TnF]

Running the beta Merlin on the RT-BE92U (updated over the stock FW), with Diversion and FlexQoS for 2 days, no issues so far