Beta Asuswrt-Merlin 3006.102.4 Beta is now available

[MDM]

Offline Client List remove button now working for me.
DNS Director works as intended.

Nothing else to report for now, all working fine...

 

[RMerlin]

So I see both DNAT and REDIRECT. REDIRECT for a client, and DNAT for the Global mode. Intended?

-A DNSFILTER -m mac --mac-source 4C:03:DE:AD:BE:EF -j REDIRECT
-A DNSFILTER -j DNAT --to-destination 192.168.1.1

I'll have to check, that rule was probably created elsewhere than the code section I adjusted.

 

[RMerlin]

Thread cleaned up.

 

[RMerlin]

All good here, thus far (Uptime: 0d16h32m39s). Thank you for your efforts!

Check from which git hash you compiled, as it may not be up-to-date with what was actually used in the beta 2 release.

 

[pershoot]

Check from which git hash you compiled, as it may not be up-to-date with what was actually used in the beta 2 release.

Ya, checked once I saw your B2 release post; I am up to date / synchronized. Thank you.

 

[pershoot]

Check from which git hash you compiled, as it may not be up-to-date with what was actually used in the beta 2 release.

Ya, checked once I saw your B2 release post; I am up to date / synchronized. Thank you.

<edit> For completeness, I will rebuild with the DNS Director UI notes / cosmetic change. Thx!

 

[bennor]

And a heads-up for Pi-Hole users that rely on DNS Director to force clients to use the Pi Hole, you need to now add the Pi-Hole IP from LAN DHCP DNS 1 as a "User defined DNS" in DNS Director and set that mode instead of Router.

Can you expand or elaborate on what you posted?

Using two Pi-Holes and so far everything is working fine with DNS Director after updating from Beta1 to Beta2. Didn't make any changes to DNS Director. Have both Pi-Holes listed in DHCP DNS fields #1 and 2, have DNS Director configured to Router mode with both Pi-Hole's listed as Clients with No Redirection, and two Guest Network Pro Profiles configured to use one Pi-Hole in User Defined DNS #1.

 

[Jeffrey Young]

@pershoot

Question for you.

I am setting up a build environment so I can try to enable a couple of crypto kernel modules for IPSec (will be posting another thread shortly about that). I am following the instructions here, but the PRO models are not listed for the specific model builds in the WiKi yet. Can I bother you for the directory I should be in for the AX86U PRO model?

 

[pershoot]

@pershoot

Question for you.

I am setting up a build environment so I can try to enable a couple of crypto kernel modules for IPSec (will be posting another thread shortly about that). I am following the instructions here, but the PRO models are not listed for the specific model builds in the WiKi yet. Can I bother you for the directory I should be in for the AX86U PRO model?

Hi. Sure.
Use this:
release/src-rt-5.04axhnd.675x
Make against: rt-ax86u_pro

You are never a bother!

 

[dave14305]

Can you expand or elaborate on what you posted?

Using two Pi-Holes and so far everything is working fine with DNS Director after updating from Beta1 to Beta2. Didn't make any changes to DNS Director. Have both Pi-Holes listed in DHCP DNS fields #1 and 2, have DNS Director configured to Router mode with both Pi-Hole's listed as Clients with No Redirection, and two Guest Network Pro Profiles configured to use one Pi-Hole in User Defined DNS #1.

Router mode no longer enforces LAN DHCP DNS 1 like it used to in beta1 and earlier. Router now means "router IP" only. So any client not using Pi-Hole directly from DHCP will be forced to use the router instead of the Pi-Hole IP.

See:

- CHANGED: Setting DNS Director to "Router" will now always
           redirect to the router's own IP.  Previously it
           would redirect to the first DNS server configured
           on the DHCP page (which defaults to the router
           itself).
           If you need DNS Director to redirect to an IP
           configured in your DHCP settings, use a Custom DNS
           entry in DNS Director.  This makes it more consistant
           with what the name implies, and was also necessary
           for improved Guest Network support.

 

[Analog-1]

Is this included with this GPL you received from Asus ?

CVE-2025-2492

 

[visortgw]

And a heads-up for Pi-Hole users that rely on DNS Director to force clients to use the Pi Hole, you need to now add the Pi-Hole IP from LAN DHCP DNS 1 as a "User defined DNS" in DNS Director and set that mode instead of Router.

I'm using Pi-Hole with unbound. I have DNS Director configured with both Global Redirection and guest network (x2) redirection set to Router. WAN DNS server on the router is set to Pi-Hole IP address — guest network (x2) DNS server set to Default in Network tab, Advanced settings. DNS queries all appear to be going to Pi-Hole.

Am I missing something? Is there a better way to configure?

 

[Jeffrey Young]

Hi. Sure.
Use this:
release/src-rt-5.04axhnd.675x
Make against: rt-ax86u_pro

You are never a bother!

Thanks, don't want to hijack this thread, so I will start a new thread on what I am trying to do.

 

[dave14305]

Is there a better way to configure?

To keep the same DNS Director behavior, you can do this:

nvram set dnsfilter_custom3="$(nvram get lan_dns1_x)"
nvram set dnsfilter_mode=10
nvram commit
service restart_dnsfilter

It uses Custom DNS 3 to store the DHCP DNS 1 server and sets the Global mode to "User Defined 3". I haven't tested this since I don't use a local DNS server.

 

[pershoot]

Thanks, don't want to hijack this thread, so I will start a new thread on what I am trying to do.

Yup.
One note, it is ideal (not necessary) to have a fast machine as you could wait a while, if not. I used to build (for RT-AC68U) on an FX-8350 (quite legacy system) and that used to take like an hour if I recall correctly. Perhaps a little less / more. This (RT-AX86U Pro) firmware is bigger. I get this particular build done in sub ~20m on a Ryzen 9900x.

 

[dave14305]

I'll have to check, that rule was probably created elsewhere than the code section I adjusted.

I suppose it doesn’t matter for the global rule, since it will always be the main LAN IP or another DNS service, never an SDN network.

 

[Jeffrey Young]

Yup.
One note, it is ideal (not necessary) to have a fast machine as you could wait a while, if not. I used to build (for RT-AC68U) on an FX-8350 (quite legacy system) and that used to take like an hour if I recall correctly. Perhaps a little less / more. This (RT-AX86U Pro) firmware is bigger. I get this particular build done in sub ~20m on a Ryzen 9900x.

I suspect it will take a while. I plan on using Hyper-V (or at least try) on a Intel I7-1165G7. Just having a gander through the source code now to figure out where the kernel modules are set (as to include or not in the build).

 

[pershoot]

I suspect it will take a while. I plan on using Hyper-V (or at least try) on a Intel I7-1165G7. Just having a gander through the source code now to figure out where the kernel modules are set (as to include or not in the build).

WSL2 (quasi-vm) works A ok. However, I have built inside an explicit hyper-V native VM as well (on the legacy system), but I'm not particularly keen on its use. It will get the job done as well.

 

[bennor]

Router mode no longer enforces LAN DHCP DNS 1 like it used to in beta1 and earlier. Router now means "router IP" only. So any client not using Pi-Hole directly from DHCP will be forced to use the router instead of the Pi-Hole IP.

Thanks for the explanation. Did read the 3006 change log but just wasn't clicking for some reason why Pi-Hole users may want to change Global Redirection from Router to User Defined DNS 1.

 

[Ev0]

Ethernet ports 2 and 4 are swapped around (on stock ethernet 2 shows 2.5gbps connection and eth 4 was 1gbps, with Merlin, Ethernet 2 shows 1gbps and eth 4shows 2.5gbps), not really an issue, just an observation.

Just to say this has been fixed in beta2, Eth 2 now shows 2.5gbps and Eth 4 1gbps again as per original Asus fw.