Asuswrt-Merlin 374.41 Beta 1 is now available

[RMerlin]

View attachment 2198
It's no way to type in the command you just hit install and it does the rest

Sent from my SM-N900T using Tapatalk

If you are able to arbitrarily install things on your router just by clicking on a third party webpage, then you see the whole security issue this involves.

Pretty sure it could manually be done over SSH. Ask them for the correct command to run to do so.

 

[RMerlin]

What did work here previously was

ip6tables -A PREROUTING -t mangle -p icmpv6 --icmpv6-type neighbour-solicitation -i eth0 -d ff02::1:ff00:0/104 -j DROP

I shall reinstall that and see if it still works.

This is what the fix is supposed to do. Please post the table dump from this command to see if the rule gets properly applied:

ip6tables -t mangle -L -v

 

[admiral2145]

thx

If you are able to arbitrarily install things on your router just by clicking on a third party webpage, then you see the whole security issue this involves.

Pretty sure it could manually be done over SSH. Ask them for the correct command to run to do so.

going to chat now hopefully to get the correct command to allow the applet install
TIA
they gave me a command
http://www.astrill.com/merlin/install/YOUR_EMAIL/YOUR_PASSWORD`
that didn't work either...

 

[cmillar6]

This is what the fix is supposed to do. Please post the table dump from this command to see if the rule gets properly applied:

ip6tables -t mangle -L -v

How do I do this? you took away the Run tab.

 

[joltdude]

How do I do this? you took away the Run tab.

Ssh in and run from the cmd from the shell prompt.....

Sent from my Venue 7 3730 using Tapatalk

 

[krick]

Can anyone confirm if this build fixes whatever causes the DHCPREQUEST/DHCPACK log spam in previous builds?
I get thousands of lines like this every day, all day in the log...

Apr 13 23:40:09 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.101 00:24:1e:45:c0:87 
Apr 13 23:40:09 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.101 00:24:1e:45:c0:87 Wii
Apr 13 23:41:02 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:41:02 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:42:09 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.101 00:24:1e:45:c0:87 
Apr 13 23:42:09 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.101 00:24:1e:45:c0:87 Wii
Apr 13 23:43:04 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:43:04 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:45:34 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:45:34 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.145 00:0b:ad:22:01:44

 

[Adamm]

Can anyone confirm if this build fixes whatever causes the DHCPREQUEST/DHCPACK log spam in previous builds?
I get thousands of lines like this every day, all day in the log...

Apr 13 23:40:09 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.101 00:24:1e:45:c0:87 
Apr 13 23:40:09 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.101 00:24:1e:45:c0:87 Wii
Apr 13 23:41:02 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:41:02 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:42:09 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.101 00:24:1e:45:c0:87 
Apr 13 23:42:09 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.101 00:24:1e:45:c0:87 Wii
Apr 13 23:43:04 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:43:04 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:45:34 dnsmasq-dhcp[636]: DHCPREQUEST(br0) 192.168.1.145 00:0b:ad:22:01:44 
Apr 13 23:45:34 dnsmasq-dhcp[636]: DHCPACK(br0) 192.168.1.145 00:0b:ad:22:01:44

It's a setting "LAN - DHCP Server - Log DHCP Queries"

Not sure why your devices are renewing the DHCP leases so often though unless your constantly reconnecting to your router

 

[RMerlin]

How do I do this? you took away the Run tab.

SSH or telnet. I already posted in this thread a quick tutorial on how to use SSH.

 

[RMerlin]

going to chat now hopefully to get the correct command to allow the applet install
TIA
they gave me a command
http://www.astrill.com/merlin/install/YOUR_EMAIL/YOUR_PASSWORD`
that didn't work either...

That's not a command, that's just an URL. My guess is, you are missing part of it, perhaps a wget command at the begining.

 

[RocketJSquirrel]

Please post the output of the following command:

ip6tables -t mangle -L -v

# ip6tables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 41478 packets, 5029K bytes)
 pkts bytes target     prot opt in     out     source               destination
13848  997K DROP       ipv6-icmp    eth0   any     anywhere             ff02::1:ff00:0/104 ipv6-icmp neighbour-solicitation

Chain INPUT (policy ACCEPT 13270 packets, 1551K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 4155 packets, 348K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 6138 packets, 697K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 13418 packets, 1511K bytes)
 pkts bytes target     prot opt in     out     source               destination

 

[cyborgpunte]

Thanks for new version
Back to what I guess is kinda timing issues on USBbus

Dualwan: USB Modem Huawei E3276s-150 always in "disconnected" state,

no matter where modem connected
as long it's together with my USB3.0 disc.

RT-AC68U & 374.41_beta1, Worked in 374.41_alpha4

Apr 13 23:13:14 pppd[977]: Connect script failed
and/or sometimes
Jan 1 01:00:33 pppd[951]: Connect script failed

 

[RMerlin]

# ip6tables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 41478 packets, 5029K bytes)
 pkts bytes target     prot opt in     out     source               destination
13848  997K DROP       ipv6-icmp    eth0   any     anywhere             ff02::1:ff00:0/104 ipv6-icmp neighbour-solicitation

Chain INPUT (policy ACCEPT 13270 packets, 1551K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 4155 packets, 348K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 6138 packets, 697K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 13418 packets, 1511K bytes)
 pkts bytes target     prot opt in     out     source               destination

The rule did get applied, and it dropped 13848 packets. Makes me wonder if maybe there are other types of packets that are incorrectly forwarded to the LAN by the modem.

 

[Correlor]

Concerning this new beta. My AC68 does NOT show any mentions for 'master browser' and 'wins server' in the system log. I have checked with samba on and off, usb-stick in and out. All the boxes are checked.

 

[Speedy1205]

Thanks for new version
Back to what I guess is kinda timing issues on USBbus

Dualwan: USB Modem Huawei E3276s-150 always in "disconnected" state,

no matter where modem connected
as long it's together with my USB3.0 disc.

RT-AC68U & 374.41_beta1, Worked in 374.41_alpha4

Apr 13 23:13:14 pppd[977]: Connect script failed
and/or sometimes
Jan 1 01:00:33 pppd[951]: Connect script failed

But at some stage its working ? I will get mine E3276s-150 today so I would wait with the Upgrade when its not connecting at all.

 

[wewen]

Does external subtitles work with minidlna? When I Google around they say that it works. Do I have to enable something on the router? Have tried with bubbleupnp, allcast and localcast on Android. None of them sees the subtitles. The subs is in the same folder. They have the same name.

Skickat från min LG-D802 via Tapatalk

 

[johnnyboy]

Asuswrt-Merlin 374.41 Beta 1 is now available for download.

Here are the highlights of this release:

• Merged with Asus's 374_5047 GPL (from the RT-AC68U). This release resolves the random reboot issues on the RT-AC68U, redesigns the DLNA/FTP/SMB server configuration pages, option to auto-logout of webui after timeout, and updates minidlna and radvd to their latest releases. Asus also implemented numerous additional security fixes since the last release.
• Miniupnpd has been updated to the latest release, which adds PCP (Port Control Protocol) support. Note that only MAP requests are supported.
• A new option has been added to enable/disable WAN access to the FTP server. This option can be found on the FTP tab (under USB). Note that the default is to disable WAN access. If you remotely access your FTP server, make sure you enable WAN access to it.
• The WOL page has been fixed (it was broken in a recent Asus release)
• An experimental workaround for Comcast IPv6 users has been implemented in the firewall. Please report your results in regard to neighbor solicitation request floods.
• Crashes surrounding the OpenVPN page, using more than 30 static routes, as well as issues surrounding IPTV multicast support and the web interface in languages using UTF8 (such as Russian) have been resolved
• For security reasons, the Run CMD page has been removed. In the last few releases Asus has been tightening security in the web server backend, restricting what processes can be launched by it through the webui. Since keeping the Run Cmd page would basically overset all these security improvements, I have decided to remove it. Using putty/XShell4/ssh isn't difficult, and well worth the security improvements.
• And since I still get asked a lot: Asuswrt-Merlin is NOT vulnerable to Heartbleed. None of the previous versions are vulnerable either.

Things that need testing:

• Comcast IPv6 customers: see if you still get neighboor solicitation flooding in your log. I've had mitigated reports, some saying it was resolved for them, others saying it still wasn't.
• General stability and reliability, since there's a new GPL merge involved with this release (covering two releases from Asus). I fixed some of the new issues introduced already (some were caused by the new security measures implemented by Asus), but I want to make sure there aren't any additional ones I might have missed

As usual, wireless stability is something completely out of my control. If you have issues, start by disabling Beamforming support on BOTH radio bands, in case your clients might simply not be compatible. If you still have issues, go through the usual: check the channel you are using, don't use 40 MHz channel width if your 2.4 GHz band is overcrowded, delete and recreate the wireless connection profile on your clients, and as a last resort try a factory default reset + manual reconfiguration. A LOT of so-called issues can be resolved by these steps, and they have nothing to do with the router's wireless driver itself.

Changelog is here.
Downloads are here.

MD5Sums:

b2bf56de916d461adb44d2b6b7d28322  RT-AC56U_3.0.0.4_374.41_beta1.trx
4c2898b36e2f65c1f18261f326390aa9  RT-AC66U_3.0.0.4_374.41_beta1.trx
f17f7d511ab25f2efe0c066cf4334353  RT-AC68U_3.0.0.4_374.41_beta1.trx
13e38396faef1b4cdfb9a372dc4337c1  RT-N16_3.0.0.4_374.41_beta1.trx
0913c955c2f3daac74bcd86ca589b537  RT-N66U_3.0.0.4_374.41_beta1.trx

Have run this version (alpha6) 2 days 22 hours, and everything seems OK.
Thanks !

 

[cmillar6]

The rule did get applied, and it dropped 13848 packets. Makes me wonder if maybe there are other types of packets that are incorrectly forwarded to the LAN by the modem.

For those of you for whom this worked, have you also applied the script to increase your ARP Cache?

 

[Kris404]

going to chat now hopefully to get the correct command to allow the applet install
TIA
they gave me a command
http://www.astrill.com/merlin/install/YOUR_EMAIL/YOUR_PASSWORD`
that didn't work either...

Try this command either via SSH or Telnet:

eval `wget -q -O - http://www.astrill.com/ddwrt/install/YOUR_EMAIL/YOUR_PASSWORD`

 

[DrTeeth]

Does external subtitles work with minidlna? When I Google around they say that it works. Do I have to enable something on the router? Have tried with bubbleupnp, allcast and localcast on Android. None of them sees the subtitles. The subs is in the same folder. They have the same name.

You may need to enable them in the player itself rather than the DNLA server.

 

[joltdude]

Would have rather seen cmd from GUI only enabled for an https connection to the web GUI as a middle ground between ease of use

Sent from my Venue 7 3730 using Tapatalk