Beta Asuswrt-Merlin 386.1 Beta is now available

[Slawek P]

Seeing this every 5 minutes on 386.1 beta 3.

Dec 29 22:21:17 rc_service: dhcp6c 22455:notify_rc restart_ddns
Dec 29 22:21:17 custom_script: Running /jffs/scripts/service-event (args: restart ddns)
Dec 29 22:21:17 custom_script: Running /jffs/scripts/service-event-end (args: restart ddns)

I don't use ddns. Everything running well, just the log spam every 5 minutes (shrug).

I see it only once at very early stage of the startup

May  5 06:05:27 rc_service: dhcp6c 2121:notify_rc restart_ddns
May  5 06:05:27 custom_script: Running /jffs/scripts/service-event (args: restart ddns)

 

[Gar]

B3 working great on my state-of-the-art AC88, thanks again!

 

[Slawek P]

I noticed frequent

asus kernel: br0: received packet on eth7 with own address as source address

Quick forum search indicates it has been observed on other firmware versions in Nov/Dec 2020.

 

[jakey]

Not sure if it's just the dirty flash on my RT-AX58U from Beta 2 but I don't see the SpeedTest tab in Adaptive QoS. If I go directly to the AdaptiveQoS_InternetSpeed.asp URL, I can use it now but I need to type the URL to get to it,

Same with my AX58U, just bookmarked the page for the time being.

 

[Slawek P]

Same with my AX58U, just bookmarked the page for the time being.

AX88U is fine

 

[GHammer]

They didn't have any ETA yesterday about the RT-AX86U GPL, so I decided to just go ahead and release with what I had for now. And a few hours after releasing Beta 3 with what I had, the RT-AX86U 386_41491 GPL shows up on my FTP server. Eh.

I think I'll wait on a further beta based on the new drop rather than the frankenbuild.

 

[Sicario]

just want to give some info, my AC86U's CPU temperature goes up to 86°C, it usually stays on 78°C

 

[Vimes]

RT-AC86U beta 3 clean install from original 3.0.0.4.386.40451, reset all reconfigured.
I found that the CPU temperature is approx. 10-15 C higher.
Instead of the usual 65-70 C it is now 75-85 C.
Is this a bug?

just want to give some info, my AC86U's CPU temperature goes up to 86°C, it usually stays on 78°C

my AX88U on the 384.19 firmware....

Since using the latest beta 3 firmware....

a little hotter, or is it a reporting difference rather it actually running hotter..?
For me no noticeable difference apart from perhaps a reporting one.
I mention that as the CPU load on all four cores as been pretty much at idle over the five hours that temp has been noted.

 

[shabbs]

my AX88U on the 384.19 firmware....

View attachment 28907

Since using the latest beta 3 firmware....

View attachment 28908

a little hotter, or is it a reporting difference rather it actually running hotter..?
I mention that as the CPU load on all four cores as been pretty much at idle over the five hours that temp has been noted.

I checked my two AX-88U's, of which only one has been upgraded (AP). The main router remains on the 384.19 Release.

Temps:
- AX88U on 384.19 (router mode): CPU: 62°C
- AX88U on 386.1b3 (ap mode): CPU: 63°C

Load levels at the time were both single digits and not under any stress.

 

[nzwayne]

Dirty upgrade from Beta2 to 3. All working ok for everyone. Thanks @RMerlin for all your time & energy on this project!!

 

[juched]

Does Let's Encrypt work with custom ddns providers? Using a cloudflare custom script, and Let's encrypt is stuck at "authorizing". However, running /sbin/le_acme runs fine and generated all the certificates. UI still stuck at "authorizing".

Nothing about acme or Let's Encrypt in the logs.

 

[shabbs]

Dirty upgrade from Beta2 to 3. All working ok for everyone. Thanks @RMerlin for all your time & energy on this project!!
View attachment 28910

That's... a lot of hardware... heh.

 

[Yota]

They didn't have any ETA yesterday about the RT-AX86U GPL, so I decided to just go ahead and release with what I had for now. And a few hours after releasing Beta 3 with what I had, the RT-AX86U 386_41491 GPL shows up on my FTP server. Eh.

I have seen a lot of news about supply chain attacks recently. I am worried that if asus uploads the source code to your ftp server, is it safe enough? Is it vulnerable to man-in-the-middle attacks? or a supply chain attack?

I guess there are many loopholes in this, such as: ftp is vulnerable to man-in-the-middle attacks, and asus may leak your server password to unauthorized people. however, if the source code has the signature of asus, It would be fine. but from the source code on official website does not seem to contain a signature.

I believe you may have taken a lot of measures to ensure that the source code and binary files come from trusted sources, I just want to know more details to dispel my worries, thank you.

 

[Sonyrolfy]

All working fine B3. All Vpn clients can be touched again without loosing WAN. Tnx Merlin !

Small Q, what to do with: Class-identifier (option 60): ?

 

[RMerlin]

The issue with the LE certificate still hasn't been resolved with Beta3 on my RT-AX88U.

Asus first told me the fix was included in the last GPL they sent, and now they just told me it hasn't yet and they need to build newer GPLs.

Seriously guys, screw LE. There is no point in using a LE certificate on a router that is accessed over your LAN. LE in Asuswrt has been unreliable since day 1. It was buggy, then it broke when LE switched to ACMEv2, and now it broke again when LE switched to a new root certificate. Who knows what will break again 6 months from now... Everything works just fine with a self-signed certificate.

 

[Sonyrolfy]

The AC86U CPU temperature goes up to 86°C here too ?

Load level between 2% and 24ish

 

[RMerlin]

While Upgrade from 384.19 to Beta2 went without any hassle the upgrade from Beta 2 to 3 somewhat killed WLAN on my AX88 completely - no clients were able to connect after JFFS format and complete nuke reset with manual config.

Wifi is working fine with my own RT-AX88U and four wireless clients.

I have seen a lot of news about supply chain attacks recently. I am worried that if asus uploads the source code to your ftp server, is it safe enough? Is it vulnerable to man-in-the-middle attacks? or a supply chain attack?

I am not worried. The kind of sophistication involved in this type of attack mean you generally target multi-billion dollar targets, not an open source project that has about 150K potential targets, most of which being home-based and therefore worth pennies at best.

If you are worried, feel free to scan the source code yourself, it's all on my Github.

 

[Yota]

Everything works just fine with a self-signed certificate.

Maybe not exactly right

Solved - [384.19 issue?] Unable to generate a new certificate

I have used https to access the management interface for a long time, and when I upgraded to 384.19, I noticed that I could not generate a new https certificate for the management page. Yes, I did restoring the factory settings, and resetting everything after upgrading. Model: Asus RT-AC68U...

www.snbforums.com

If you are worried, feel free to scan the source code yourself, it's all on my Github.

No one can check the binary files from asus, because there is no signature.

EDIT:

The kind of sophistication involved in this type of attack mean you generally target multi-billion dollar targets, not an open source project that has about 150K potential targets, most of which being home-based and therefore worth pennies at best.

You may be right, I think I just watched too much news, I need to turn off the TV, cut the ethernet cable, drink a cup of hot milk and continue to build my fallout shelter. The last question, How to blow up nearby 5G base stations?

 

[john9527]

There is no point in using a LE certificate on a router that is accessed over your LAN.

Been using this for years.....Merlin gave the hint

Tool to manage your own Certificate Authority

We discussed it a few months ago in another thread on how we needed a simple way for people to be able to generate their own SSL certificates so they could start better protecting their internal devices. Eventually I had found that tool, but lacked time to start diving into it. I only recently...

www.snbforums.com

 

[Triton]

Beta 3 solved the issue of the LE cert being stuck on 192.168.50.1. At least for me