Beta Asuswrt-Merlin 386.1 Beta is now available

[Slawek P]

Same with my AX58U, just bookmarked the page for the time being.

AX88U is fine

 

[GHammer]

They didn't have any ETA yesterday about the RT-AX86U GPL, so I decided to just go ahead and release with what I had for now. And a few hours after releasing Beta 3 with what I had, the RT-AX86U 386_41491 GPL shows up on my FTP server. Eh.

I think I'll wait on a further beta based on the new drop rather than the frankenbuild.

 

[Sicario]

just want to give some info, my AC86U's CPU temperature goes up to 86°C, it usually stays on 78°C

 

[Vimes]

RT-AC86U beta 3 clean install from original 3.0.0.4.386.40451, reset all reconfigured.
I found that the CPU temperature is approx. 10-15 C higher.
Instead of the usual 65-70 C it is now 75-85 C.
Is this a bug?

just want to give some info, my AC86U's CPU temperature goes up to 86°C, it usually stays on 78°C

my AX88U on the 384.19 firmware....

Since using the latest beta 3 firmware....

a little hotter, or is it a reporting difference rather it actually running hotter..?
For me no noticeable difference apart from perhaps a reporting one.
I mention that as the CPU load on all four cores as been pretty much at idle over the five hours that temp has been noted.

 

[shabbs]

my AX88U on the 384.19 firmware....

View attachment 28907

Since using the latest beta 3 firmware....

View attachment 28908

a little hotter, or is it a reporting difference rather it actually running hotter..?
I mention that as the CPU load on all four cores as been pretty much at idle over the five hours that temp has been noted.

I checked my two AX-88U's, of which only one has been upgraded (AP). The main router remains on the 384.19 Release.

Temps:
- AX88U on 384.19 (router mode): CPU: 62°C
- AX88U on 386.1b3 (ap mode): CPU: 63°C

Load levels at the time were both single digits and not under any stress.

 

[nzwayne]

Dirty upgrade from Beta2 to 3. All working ok for everyone. Thanks @RMerlin for all your time & energy on this project!!

 

[juched]

Does Let's Encrypt work with custom ddns providers? Using a cloudflare custom script, and Let's encrypt is stuck at "authorizing". However, running /sbin/le_acme runs fine and generated all the certificates. UI still stuck at "authorizing".

Nothing about acme or Let's Encrypt in the logs.

 

[shabbs]

Dirty upgrade from Beta2 to 3. All working ok for everyone. Thanks @RMerlin for all your time & energy on this project!!
View attachment 28910

That's... a lot of hardware... heh.

 

[Yota]

They didn't have any ETA yesterday about the RT-AX86U GPL, so I decided to just go ahead and release with what I had for now. And a few hours after releasing Beta 3 with what I had, the RT-AX86U 386_41491 GPL shows up on my FTP server. Eh.

I have seen a lot of news about supply chain attacks recently. I am worried that if asus uploads the source code to your ftp server, is it safe enough? Is it vulnerable to man-in-the-middle attacks? or a supply chain attack?

I guess there are many loopholes in this, such as: ftp is vulnerable to man-in-the-middle attacks, and asus may leak your server password to unauthorized people. however, if the source code has the signature of asus, It would be fine. but from the source code on official website does not seem to contain a signature.

I believe you may have taken a lot of measures to ensure that the source code and binary files come from trusted sources, I just want to know more details to dispel my worries, thank you.

 

[Sonyrolfy]

All working fine B3. All Vpn clients can be touched again without loosing WAN. Tnx Merlin !

Small Q, what to do with: Class-identifier (option 60): ?

 

[RMerlin]

The issue with the LE certificate still hasn't been resolved with Beta3 on my RT-AX88U.

Asus first told me the fix was included in the last GPL they sent, and now they just told me it hasn't yet and they need to build newer GPLs.

Seriously guys, screw LE. There is no point in using a LE certificate on a router that is accessed over your LAN. LE in Asuswrt has been unreliable since day 1. It was buggy, then it broke when LE switched to ACMEv2, and now it broke again when LE switched to a new root certificate. Who knows what will break again 6 months from now... Everything works just fine with a self-signed certificate.

 

[Sonyrolfy]

The AC86U CPU temperature goes up to 86°C here too ?

Load level between 2% and 24ish

 

[RMerlin]

While Upgrade from 384.19 to Beta2 went without any hassle the upgrade from Beta 2 to 3 somewhat killed WLAN on my AX88 completely - no clients were able to connect after JFFS format and complete nuke reset with manual config.

Wifi is working fine with my own RT-AX88U and four wireless clients.

I have seen a lot of news about supply chain attacks recently. I am worried that if asus uploads the source code to your ftp server, is it safe enough? Is it vulnerable to man-in-the-middle attacks? or a supply chain attack?

I am not worried. The kind of sophistication involved in this type of attack mean you generally target multi-billion dollar targets, not an open source project that has about 150K potential targets, most of which being home-based and therefore worth pennies at best.

If you are worried, feel free to scan the source code yourself, it's all on my Github.

 

[Yota]

Everything works just fine with a self-signed certificate.

Maybe not exactly right

Solved - [384.19 issue?] Unable to generate a new certificate

I have used https to access the management interface for a long time, and when I upgraded to 384.19, I noticed that I could not generate a new https certificate for the management page. Yes, I did restoring the factory settings, and resetting everything after upgrading. Model: Asus RT-AC68U...

www.snbforums.com

If you are worried, feel free to scan the source code yourself, it's all on my Github.

No one can check the binary files from asus, because there is no signature.

EDIT:

The kind of sophistication involved in this type of attack mean you generally target multi-billion dollar targets, not an open source project that has about 150K potential targets, most of which being home-based and therefore worth pennies at best.

You may be right, I think I just watched too much news, I need to turn off the TV, cut the ethernet cable, drink a cup of hot milk and continue to build my fallout shelter. The last question, How to blow up nearby 5G base stations?

 

[john9527]

There is no point in using a LE certificate on a router that is accessed over your LAN.

Been using this for years.....Merlin gave the hint

Tool to manage your own Certificate Authority

We discussed it a few months ago in another thread on how we needed a simple way for people to be able to generate their own SSL certificates so they could start better protecting their internal devices. Eventually I had found that tool, but lacked time to start diving into it. I only recently...

www.snbforums.com

 

[Triton]

Beta 3 solved the issue of the LE cert being stuck on 192.168.50.1. At least for me

 

[Blacklistedcard]

AX88U is fine

+1 its also there on my AX88U.

 

[Kees17760]

Beta 3 is running fairly smooth on my AC2900 (incl. Client networks 1 on 2,4 and on 5 GHz)
Strange thing is CPU temperature, it's reads about 15 degrees Celsius higher than it did on 384.19 without workload. Wifi temps seem OK.

After a few hours clients on both guest networks 1 could not access internet anymore, without unusual messages in system log. No way to reconnect them without router reboot. Anyway... I'm back on 384.19 and a low(er) CPU temp

 

[Jack Yaz]

Asus first told me the fix was included in the last GPL they sent, and now they just told me it hasn't yet and they need to build newer GPLs.

Seriously guys, screw LE. There is no point in using a LE certificate on a router that is accessed over your LAN. LE in Asuswrt has been unreliable since day 1. It was buggy, then it broke when LE switched to ACMEv2, and now it broke again when LE switched to a new root certificate. Who knows what will break again 6 months from now... Everything works just fine with a self-signed certificate.

i run LE in a docker container on a VM on my server, and if/when the cert renews it SSH's to the router and replaces the certs and restarts httpd. I recommend if anyone else really wants to use LE on their router they consider similar approaches - a docker container is much better maintained/updated that needing a new f/w when LE change something

 

[nanochip]

Hello. I would like to report a performance regression.

386.1 Beta 2 and beta 3 has Wi-Fi 6 performance regression on the ax86u.

On stock asus firmware as well as 386 beta 1, I’m getting 920+ mbps down (speed test on two different Wi-Fi 6 clients, about 8 feet from the router).

However, starting on beta2, and continued on to beta 3, Wi-Fi performance has degraded about 75-90 mbps. I just downgraded back to beta1 and performance instantly increased by 80 mbps. The Wi-Fi 6 client didn’t move at all. Nothing changed except the firmware running on the router.