Beta Asuswrt-Merlin 3006.102.5 Beta is now available

[RMerlin]

I have doubts on why there needs to be 2 separate tables. I understand they are sourced differently, but I don’t usually consider my connections by whether they are v4 or v6.

One is NAT, the other is routed. I prefer to keep them separate because they are not the same thing.

 

[MDM]

Looking for more feedback on the new Connections log page.

Probably wont get many because it is so much better and useful, that It's perfect!

 

[Ripshod]

Probably wont get many because it is so much better and useful, that It's perfect!

Completely agree.

 

[dave14305]

One is NAT, the other is routed. I prefer to keep them separate because they are not the same thing.

True, but most users won’t know the difference. No worries, however.

 

[Poul Bak]

This version contains the same issue as with the latest ASUS release. Older WPA2 devices do not work on WPA2/WPA3 combo. I had to downgrade encryption to WPA/WPA2 on my "Guest" network. I don't use it for guests just for older devices but it's not isolated from my main network. Specifically affects my old Cannon printer and 6 year old Wi-Fi connected Culligan water filter. It's an ASUS problem but wanted to make sure y'all are aware here.

Don't blame the router, blame those old IOT devices! They don't support the newer things. That's why there's a special 'IOT network' type..

 

[Poul Bak]

Looking for more feedback on the new Connections log page.

Also @dave14305 can you confirm that the IPv6 changes to DNSDirector resolved your issue (without having to completely reapply all firewall rules)?

As others have said, the reason you didn't get feedback is because it's just right.

I have always wondered why ipv6 adresses were missing, now they are there.
Host names is a nice touch. Especially with ipv6, ip addresses are just numbers (often temporary), while host names are much easier to work with.
I will probably not need the filtering, but people with many devices will like it.
All in all, this is so logically correct that Asus one day will steal it.

 

[Treadler]

As others have said, the reason you didn't get feedback is because it's just right.

I have always wondered why ipv6 adresses were missing, now they are there.
Host names is a nice touch. Especially with ipv6, ip addresses are just numbers (often temporary), while host names are much easier to work with.
I will probably not need the filtering, but people with many devices will like it.
All in all, this is so logically correct that Asus one day will steal it.

I’m seeing host names with IPv4 only?

 

[Ripshod]

I’m seeing host names with IPv4 only?

I never looked at it that closely.
IPv4 is returning "Client Name" as entered in YAZDHCP.
Under IPv6 only one device is returning a Local IP hostname.
I believe this is expected behaviour as IPv6 is not NATed.

 

[Igor]

Please note that some USB modems are not diagnosed correctly. The HUAWEI E3372h-320 USB modem is detected as Ethernet and, as a result, does not redirect DNS requests to the router. To solve the problem with the previous firmware, I had to buy another modem, which is correctly detected as USB.

No Internet access. Asus RT-AX68U, 3004.388.9_2, Dual WAN, Secondary WAN - USB

Asus RT-AX68U, fw 3004.388.9_2. I use the main Internet access via Ethernet. It works without problems. Today I checked the backup access via USB modem HUAWEI E3372h-320 (there were no problems before). I disconnected Ethernet, the USB modem automatically connected. Jul 9 11:06:47 kernel...

www.snbforums.com

 

[swejuggalo]

This version contains the same issue as with the latest ASUS release. Older WPA2 devices do not work on WPA2/WPA3 combo. I had to downgrade encryption to WPA/WPA2 on my "Guest" network. I don't use it for guests just for older devices but it's not isolated from my main network. Specifically affects my old Cannon printer and 6 year old Wi-Fi connected Culligan water filter. It's an ASUS problem but wanted to make sure y'all are aware here.

I have yet to find something that does not connect on this network.
I have stuff that needs WPA2/AES and will not work if I set up AES+GCMP256...
Even my (2013) Samsung Galaxy Note 3 can use this combo of authentication/encryption combo
So, this would most likely be your problem rather than Asus/Merlin issue.
Unless your gear depends on TKIP+AES. Then WPA/WPA2 is required to enable that.
Not a bug unless you know the hardware supports specifically the WPA2+AES combo.

 

[swejuggalo]

Further testing... This (see picture) and selecting a client as Router or No redirection in DNS director. https://one.one.one.one/help/ passes this as fine with DoT.
Passing everything and lists correct Cloudflare at https://dnscheck.tools/ however at the same time response time acts as slow as if it was using ISP DNS (default ISP DNS and no DNS director). Normal?
Using Cloudflare in DNS director, then it's speedy and great, but not using DoT (think that part with no DoT is expected though).
But the response time turning to terrible ISP values despite using Cloudflare in WAN DNS settings (10 times longer)

Is it part of some known problem or expected?

 

[dave14305]

But the response time turning to terrible ISP values despite using Cloudflare in WAN DNS settings (10 times longer)

Do you have any hits on these rules? Maybe your browser is trying DoT and getting rejected.

iptables -nvL DNSFILTER_DOT
ip6tables -nvL DNSFILTER_DOT

 

[swejuggalo]

Do you have any hits on these rules? Maybe your browser is trying DoT and getting rejected.

iptables -nvL DNSFILTER_DOT
ip6tables -nvL DNSFILTER_DOT

With the DoT or default (ISP), pretty much the same. (shortened it down a bit)

0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC * reject-with icmp-port-unreachable
4 256 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC * reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 !192.168.50.1 MAC * reject-with icmp-port-unreachable
0 0 REJECT all -- br55 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

 

[RMerlin]

I have always wondered why ipv6 adresses were missing, now they are there.

That's because initially, only NAT connections were reported, and all IPv6 connections are routed. The netstat-nat tool's support for routed IPv6 was broken, so I couldn't use it. Addresses were truncated, and various empty lines were inserted, probably improperly parsed entries.

I found a forked version of netstat-nat that has fixed routed support (and there was one bug left that I fixed myself, and has since been integrated by its developper). That allowed to also retrieve these entries.

I’m seeing host names with IPv4 only?

Clients can have multiple IPv6 addresses. Not all of them are easily associated with their hostnames, so they may not always resolve.

 

[heysoundude]

Don't blame the router, blame those old IOT devices! They don't support the newer things. That's why there's a special 'IOT network' type..

I've been looking into LoRa for IoT, because devices can be made to talk to a node server, which is connected to my network. Home Automation/self hosting is enlightening...

 

[JGrana]

I've been looking into LoRa for IoT, because devices can be made to talk to a node server, which is connected to my network. Home Automation/self hosting is enlightening...

I have a few LoRa IoT devices from YoLink (mostly water leak alarms). They all talk LoRa to a hub that then forwards to my network.
I must say, I am impressed with the range of these devices. From what I understand though - the link speed (on the LoRa side) is very slow. Good for simple IoT devices like smoke alarms, leak sensors etc.

 

[RandomUser777]

I have a few LoRa IoT devices from YoLink (mostly water leak alarms). They all talk LoRa to a hub that then forwards to my network.
I must say, I am impressed with the range of these devices. From what I understand though - the link speed (on the LoRa side) is very slow. Good for simple IoT devices like smoke alarms, leak sensors etc.

I'll second this approach. I decided on Zigbee for my "IoT" devices at the time, altough LoRa is looking good if I change things up. I don't really understand why people choose WiFi for security/environmental sensors. Maybe one or two, but a full deployment should be done using another communication//mesh platform.

 

[swejuggalo]

Further testing... This (see picture) and selecting a client as Router or No redirection in DNS director. https://one.one.one.one/help/ passes this as fine with DoT.
Passing everything and lists correct Cloudflare at https://dnscheck.tools/ however at the same time response time acts as slow as if it was using ISP DNS (default ISP DNS and no DNS director). Normal?
Using Cloudflare in DNS director, then it's speedy and great, but not using DoT (think that part with no DoT is expected though).
But the response time turning to terrible ISP values despite using Cloudflare in WAN DNS settings (10 times longer)

Is it part of some known problem or expected?

I recall messing around here several months back (AX88U)... I regularly ended up with for example my bank site and app not being allowed to work. Don't recall if I wiped and gave up on that part eventually, or if it magically decided to work after the wipe. Just know when not modifying this it was not problematic.
What I recall, though, I had Cloudflare's fast response in the tests as expected (same settings). So this behavior is new for BE88U. Never tried DNS director on AX88U, nor used exactly everything I do now. So perhaps multiple differences.

 

[GWTechTalk]

I have yet to find something that does not connect on this network.
I have stuff that needs WPA2/AES and will not work if I set up AES+GCMP256...
Even my (2013) Samsung Galaxy Note 3 can use this combo of authentication/encryption combo
So, this would most likely be your problem rather than Asus/Merlin issue.
Unless your gear depends on TKIP+AES. Then WPA/WPA2 is required to enable that.
Not a bug unless you know the hardware supports specifically the WPA2+AES combo.

Funny you should mention that because that's exactly what it was. The devices needed TKIP. Why this is an issue now and not with the last version I'm not sure.

 

[swejuggalo]

Funny you should mention that because that's exactly what it was. The devices needed TKIP. Why this is an issue now and not with the last version I'm not sure.

Maybe it was dropped intentionally. It's described like this "TKIP is no longer considered secure and is now deprecated". So maybe it has been left on for WPA2 for backwards compatibility before but has been dropped now.