What's new

Beta Asuswrt-Merlin 386.1 Beta (stage 2) is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
I would like to report that, I have been running smoothly with 386.1_beta5 after upgrading from 3.0.0.4_386_41700-gb567bc9 for about 18 hours.

My Configuration:
  • AiMesh Router: AX88U 386.1_beta5 +
  • 2 x AiMesh Nodes: AC86U 386.1_beta5
  • Backhaul (Priority:"Auto", Type:"Wired"), Asus GX-U1051 5-Port Gigabit Switch from Router to Nodes, ISP: 1 Gbps Fibre
I did Factory reset for AiMesh Nodes & Router and use Merlin default settings except with the following changes:
  • Enabled AiProtection: ON
    • No issue with build-in Speedtest (Down:660, Up:940) or Speedtest (Down:920, Up:940) on my MacBookPro
  • USB Application
    • UPnP Media Server: OFF
    • Samba Share: OFF
  • Wireless:
    • 2.4 GHz: Fixed Channel Bandwidth 20MHz, Control Channel: Auto, Explicit & Universal Beamforming: Disable
    • 5.0 GHz: Fixed Channel Bandwidth 80MHz, Control Channel: Auto
  • Testing Guest Network (1) on 5GHz Band (Sync All Nodes)
    • If turned ON, Spewing of error messages … “kernel: protocol 86dd is buggy, dev eth7” which did not happen on Stock 3.0.0.4_386_41700-gb567bc9
    • I turned OFF Guest Network (1) … no Spewing of error messages
  • WAN DDNS:
    • Using Asus DDNS Service with Let’s Encrypt (Let’s Encrypt working)
  • IPv6: Enable
    • Native (working as expected)
  • VPN Servers (Connecting one at a time from the following clients):
    • OpenVPN works with MacBookPro 3.8.5beta02 (build 5620), iPhoneXsMax iOS OpenVPN Connect 3.2.2
    • IPSec works with MacBookPro & iPhoneXsMax Native Configurations
    • Instant Guard works with iPhoneXsMax iOS Instant Guard 1.0.9
Thank You :)
 
  • No issue with build-in Speedtest (Down:660, Up:940) or Speedtest (Down:920, Up:940) on my MacBookPro
Feels that you do have speed reduction to 660 when running with TrendMicro, otherwise it would have shown 920.
 
Continuation of the first thread which covered beta 1 through 3.

Jan 25th: Beta 5 is now available. Changes since Beta 4:
Code:
3790c8fe9a Updated documentation
fd1cb1eacd dnsmasq: update to 2.84 final
6ecc2e1df5 dnsmasq: update to 2.84test3 (openssl/2.84test3-40-gee342e7)
7328ccf7d8 dnsmasq: update to 2.84test3 (openssl/2.84test3-36-g5790ea0)
2585ca7b3d wsdd2: Also bind to specific interface when listening to SSDP address
fa6b3b0502 wsdd2: identify as ASUSWRT WSD rather than NETGEAR WSD
e0b64349d2 Merge 386_41700 binary blobs + SDK for RT-AX58U
96010951e0 Merge 386_41700 binary blobs and SDK for RT-AX56U
c43ea32f3d Merge 386_41700 binary blobs and SDK for RT-AX86U
4f37b74bfb Merge 386_41700 binary blobs + SDK for GT-AC2900
2900dc0d46 Merge 386_41700 binary blobs + SDK for RT-AX88U
a679101f9c asd: re-enable on all models
06182cb7e7 Merge 386_41700 binary blobs + SDK for RT-AC86U
5e9564e6bf Merge 386_41700 binary blobs for RT-AC88U/RT-AC3100/RT-AC5300
5512e8a4d4 build: add cleanup section to copy-prebuilt
eee7484d6f Merge GPL + binary blobs from 386_41700 (RT-AC68U)
10aff689a1 Bumped revision to beta 5
72b2a94f58 SDK 5.02p1: cleanup SDK
12bf0ba323 SDK 5.02p1: fix pwrmngtd module building
a5ea4eb7de axhnd: cleanup SDK from build leftovers
603b0b45bc rc: replace missing include with publicly obtained defines
83eeea819d libovpn: correct error message when trying to start already running server
82ab0809b6 rc: don't use prebuilt init-broadcom
6d4d79b48a SDK 4908: revert bdmf.o to 386_40577 version

Beta 4 is now available. Changes since Beta 3:

Code:
6adb157bea asd: disable asd on all models
95025b94e8 Remove Codel scheduler from all kernels
b442b0b5d4 build: move RT-AX86U addvtoken to its own directory
0c12c1a7cf Merge 386_41535 binary blobs for RT-AX86U
f6ef91f31b Merge 386_41535 SDK for RT-AX86U
59789ea24a Updated documentation
db54f3995c build: copy addvtoken to model folder for RT-AX88U
3853b491e8 Merge 386_41535 binary blobs for GT-AC2900
68d1059d39 Merge 386_41535 SDK + binary blobs for RT-AX56U/RT-AX58U
4c7ba10c62 Merge 386_41535 binary blobs for RT-AX88U
133e15c36e Merge 386_41535 binary blobs for RT-AC86U
6bb1ca7420 Merge 386_41535 binary blobs for RT-AC88U/RT-AC3100/RT-AC5300
1f940c33fb Merge 386_41535 binary blobs for RT-AC68U
f32e73d911 Merge with GPL 386_41535
51a23b3b4b webui: do not rely on bridge stats to calculate traffic scale
8b252526f0 rc: do not skip new firmware checks on AX56/AX58 within region CX
cdac832ddc rc: remove outdated source file
9bbb8c59bd libovpn: enable multihome for UDP servers
38d0b385e7 github: enforce the use of an issue template
5a5dfbb287 Merge pull request #671 from JackMerlin/master
801163264e github: create template configuration
f0c34871be github: create bug template
434857ddb5 httpd: cache require.min.js and jquery-ui.js browser-side (ref. #657)
ed9199883f httpd: fix compiler warning in ej_show_sysinfo()
9fa141b22c httpd: re-harmonized with upstream
83cef57b4a httpd: remove duplicate code in httpd.c:main()
ec97c100d2 rc: re-enable cpuwait support on RT-AC86U/GT-AC2900
4548b54d5f webui: re-enable Speedtest webui on RT-AX56U and RT-Ax58U
de99bc07fd rc: limit fq_codel queues to 1000 packets instead of the default 10240.
1092dbfa4d rc: shared: webui: Hardcode fq_codel usage for tQoS/Bandwidth Limiter, remove option to select sfq as a qsched
acdf339dd3 rc: if MTU setting is empty or invalid, use 1500 instead of 576 or 9000
bd4d82908a Bumped version to beta 4

Asuswrt-Merlin 386.1 beta is now available for all supported models (and a few new ones). This marks the switch to the new 386 code base from Asus, which introduces a few changes of its own:

- AiMesh 2.0 (better node management, shared Guest Networks, topology optimizer and more)
- Both AC and AX models are once again based on the same code base
- Speedtest powered by Ookla (note: can be limited by your router's CPU speed)
- Switch to OpenSSL 1.1.1 (so we can now fully move everything to 1.1.1 on our end)
- IPSEC IKEv2 support
- Instant Guard (new simple-to-configure mobile VPN client based on IPSEC)

And numerous under the hood changes, such as better Guest Network handling (the first Guest Network can now be shared with AiMesh nodes) and various other enhancements.

On Asuswrt-Merlin's own end of things, this release mark the addition of two new models:

- RT-AX86U
- Experimental support for the GT-AC2900 (done in collaboration with Asus)

The latter comes with a few caveats:
- The non-ROG webui is used (meaning some ROG-exclusive features are currently NOT supported)
- VPNFusion is not supported (as it's tied to Asus's own closed source OpenVPN implementation)

The non-ROG UI has been implemented by Asus, they also took care of adding GeForceNow QoS support to our code base. This will serve as an experiment to see if other GT models could be added in the future with their collaboration.


Upgrade notes:
- If coming from a previous alpha build, you MUST do a factory default reset after flashing this beta firmware.
- If coming from stock Asus firmware, a factory default reset is recommended, but not mandatory.
- If going back to stock Asus firmware, a factory default reset is STRONGLY recommended.
- If updating your GT-AC2900 from an older 384_xxxx firmware, reformatting your JFFS partition is STRONGLY recommended.
- Direct upgrade from 384.18 or 384.19 should be fine, but be prepared to do a factory default reset if something does not work as expected.


Here are the highlights of changes since 384.19:
  • Merged with beta GPL 386_41700. Since it's a beta GPL, logging activity will be a bit more verbose than normal. Just don't panic at log entries you don't understand, not everything means that your router is not working properly. Most of this is debugging info, NOT error reporting.
  • Added support for the RT-AX86U and the GT-AC2900 (the latter is experimental)
  • Updated components: dnsmasq (2.84), OpenVPN (2.5.0), OpenSSL (1.1.1h), nano (5.2), curl (7.72.0), zlib (1.2.11), lz4 (1.9.2), e2fsprogs (1.45.6), dropbear (2020.81), miniuppnpd (2.2.0-20201129 snapshot), ipset userspace (7.6, which is compatible with the kernel's v6 protocol).
  • Various changes to OpenVPN to support 2.5.0, remove deprecated features (like the old ciphers setting), tweak the webui, and fix a few issues. Please review the detailed list of changes in the Changelog.
  • Firmware update server is now hardcoded rather than stored in nvram, for security purposes, and check frequency changed from every 48 hours to every 24 hours
  • Added an option to run the Speedtest through a specific OpenVPN client (the webui will automatically detect which client is currently running and add it to the list of available interfaces)
  • fq_codel is no longer supported under Adaptive QoS, due to architectural changes made by Trend Micro, preventing Asuswrt-Merlin's previous patch from injecting fq_codel into rules generated by the Trend Micro engine.
  • Fixed some ISPs that failed to renew DHCP leases when Adaptive QoS was enabled.
  • Removed largely unused and outdated support for the Cloudcheck mobile app (I bet virtually none of you knew it even existed
  • Improvements to the DNSPrivacy preset list implementation, and the addition of AdGuard and CIRA Canadian Shield to the list
  • Increased the number of available mount points for third party web pages from 10 to 20.
  • And a brand new website to better accommodate the list of supported models, and make publishing new releases easier (and more automated) for me. It was completed a few months ago, but was waiting to launch it at the same time as the first 386 beta release).


There are a number of specific areas that will require thorough testing:

  • OpenVPN (note that some issues may be caused by VPN tunnel providers who haven't properly updated their own server. That was the case for PIA for instance which only recently updated their servers to be compatible with 2.5.0 clients.)
  • ipset (the warning about the protocol version is normal, and just a warning telling you that the kernel supports version 6, and your ipset executable supports both version 6 and 7)
  • While testing AiMesh is ok, do note that AiMesh is closed source, and therefore any issue within it are outside of my control. Reproduce the same issue with the stock firmware, and if you do, report it to Asus instead
  • Everything about the RT-AX86U and GT-AC2900
  • Speedtest on the RT-AX56U and RT-AX58U (seems to have performance issues)

Please keep discussions in this thread on this specific beta release. Off-topic posts will be either ignored, moved or deleted depending on my mood at the time.

Downloads are here.
Changelog is here.

So Merlin added dnsmasq security fixes in latest beta 5 and @ASUSWRT_2020 is late? Lol it takes them forever to apply it.
 
I am so late to beta5 party. I have two AX88Us to upgrade from allegedly unupgradable beta4.

Will try after work. Thanks for the hint about recovery tool.
First time upgrade of the main router failed (I have seen it before beta4 btw), but left the router in a clean state on beta4 and it allowed me to try again and the second time dirty update was succesful.
I will do factory reset over the weekend. Speed test on router reduced when running with TrendMicro enabled as before, maybe factory reset will help. Devices speed tests normal.
One strange message in the log - I will reformat jffs after factory reset.
Code:
Jan 26 21:39:14 asus kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -794 pad) in eraseblock at 003a0000
And unbound tab disappeared from addons after the upgrade, while others remained just fine.
 
Yeah, I know that. There is no interference here, and this is a bug. 20 MHz is working just fine, and 40 MHz is also reliable with the previous firmware releases. I've tried every official firmware releases, and only the latest (384_10177) is affected. So I can download and upload dozens of gigabytes at full speed through 2.4 GHz, if I use firmware 384_9890, but nothing with the newer ones. Because the link speed drops to the lowest value, and stayed there until the radio is restarted. And every other 2.4 GHz client's speed will be bad until then. This behaviour is not normal.

i have the same as you am on fiber and my link speed drops to the lowest value as well down to buggy asus and broadcom SDK
 
Did that, still getting the errors. Why are so many ip's blocked? How can I get more info on this?

Code:
Jan 26 22:13:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:d9:f5:fb:db:d8:00:01:5c:a5:00:5f:08:00 SRC=45.155.205.23 DST=my.ip LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=53742 PROTO=TCP SPT=58655 DPT=38118 SEQ=2756497446 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jan 26 22:13:11 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:d9:f5:fb:db:d8:00:01:5c:a5:00:5f:08:00 SRC=45.155.205.24 DST=my.ip LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=45400 PROTO=TCP SPT=58682 DPT=39586 SEQ=3300703956 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jan 26 22:13:21 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:d9:f5:fb:db:d8:00:01:5c:a5:00:5f:08:00 SRC=195.54.160.228 DST=my.ip LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=39320 PROTO=TCP SPT=54484 DPT=65535 SEQ=3105551177 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jan 26 22:13:28 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:d9:f5:fb:db:d8:00:01:5c:a5:00:5f:08:00 SRC=88.214.24.77 DST=my.ip LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=35932 PROTO=TCP SPT=48905 DPT=11001 SEQ=1153053579 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Looks like Skynet entries, normal if so.
 
Unbound no longer displays charts, just the small box with printed stats. Did not use earlier betas though, so may not be a new change.
 
Smooth dirty upgrade from 384.19 to beta 5 on my stand alone AX88U.
Running 5 hours - everything seems OK. Low temperatures - 47 °C - 47 °C - 67 °C no fan.
Streaming from USB via samba works. OpenVPN server works. TrendMicro active. DDNS working.
MUCH better range on 2.4 GHz - was heavily degraded around 384.15 I think, now seems back on full strength.
 
Unbound no longer displays charts, just the small box with printed stats. Did not use earlier betas though, so may not be a new change.
It does on my ac86U. You might need to restart unbound or run the stats first.
 
  • Like
Reactions: Gar
This is because Asus does not have @themiron and @RMerlin on payroll. I am sure there are Employees at Asus still trying to figure out how to plug in the router first.
No, this is because Asus, like every large corporation, have an established development cycle, which involves coding, testing, validating and then releasing. All of these steps take time. And also in this case, the Friday dnsmasq patch was broken, so those who rushed out to release without proper testing (like the OpenWRT devs) ended up pushing broken code to their users.

Dnsmasq issues were only fixed on Monday. Give them time. I`m still willing to bet that Asus will have updates available faster than the vast majority of their competitors. Let`s see how long it will take D-Link or TP-Link to issue a fix...

The only reason why I was able to release something so quickly is because I was ready to release beta 5 when the news came out that there was a dnsmasq issue, which made me delay the release. And when issues got reported by the initial patch, I waited some more.

If I had been between release cycle, I expect it would have taken me at least a week to have an update released (that was my typical development/testing time in the past when major security issues required an out-of-bound release).
 
I flashed RT-AC3100_386.1_beta5 using the GUI from 384_19, without any config reset. Now I can't access the router gui at all. It asks for user name, password (note: I have non default user name, so its not admin) and gets stuck. many of the resources requested as part of page rendering never return. My actual network is working just fine, and I am able to ssh into it as well. I see a process nt_center taking 40-70% CPU. Not sure what it is.

1611702070833.png
 
I flashed RT-AC3100_386.1_beta5 using the GUI, without any config reset. Now I can't access the router gui at all. It asks for user name, password (note: I have non default user name, so its not admin) and gets stuck. many of the resources requested as part of page rendering never return. My actual network is working just fine, and I am able to ssh into it as well. I see a process nt_center taking 40-70% CPU. Not sure what it is.
Read the changelog, your explanation is in there.
 
Flashed beta 5 on AX86U can't access via SSH anymore

:\Users\claud>ssh admin@192.168.1.1
ssh: connect to host 192.168.1.1 port 22: Connection timed out

C:\Users\claud>telnet 192.168.1.1 22
Connecting To 192.168.1.1...Could not open connection to the host, on port 22: Connect failed
 
Make sure you do have the correct model. beta 4b shouldn't have any problem upgrading to beta 5, the issue was only with beta 4.

I re-flashed 4b over itself again, and then beta 5 worked without an issue immediately after. Thanks for the help, everything's good to go best as I can tell now.
 
Feels that you do have speed reduction to 660 when running with TrendMicro, otherwise it would have shown 920.
Fair point :) I turned off AiProtection and do get full speed as shown below:
Down: 940.84 mbps, Up: 948.08 mbps

PS: I turn on AiProtection again, as there is no impact to my MacBookPro and other devices on my Home Network :)
 

Attachments

  • Screenshot 2021-01-27 at 07.22.28.png
    Screenshot 2021-01-27 at 07.22.28.png
    166 KB · Views: 121
Last edited:
Fair point :) I turned off AiProtection and do get full speed as shown below:
Down: 940.84 mbps, Up: 948.08 mbps
It's weird, I also turn on AiProtection but still get my max ISP which is 832.83 Mbps (Down) and 206.39 Mbps (Up)
 
I would like to report that, I have been running smoothly with 386.1_beta5 after upgrading from 3.0.0.4_386_41700-gb567bc9 for about 18 hours.

......
  • VPN Servers (Connecting one at a time from the following clients)
    • IPSec works with MacBookPro & iPhoneXsMax Native Configurations
    • Instant Guard works with iPhoneXsMax iOS Instant Guard 1.0.9
.....
A question on VPN server:
- Are you running IKEv1 or IKEv2? Are both supported in beta5?
 
Status
Not open for further replies.

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top