What's new

Release Asuswrt-Merlin 386.13 / 386.13_2 is now available for AC models

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

An Bug is still happening on this latest Firmware:386.13, where the firewall UI webpage https://{router IP}/Advanced_URLFilter_Content.asp does not save entries after clicking apply. There is no error reported to the user, rather it silently fails. This means it is impossible to add entries to the firewall via this UI.
It may help if you post what you are trying to block with URL Filter (i.e. exact block keyword phrase/text).

Edit to add: Did a quick test on a RT-AC68U running 386.13 and the URL filter list keyword entries are being saved. Remember to hit the "plus" Add button/icon after entering in the keyword value in the input field, then select the Apply button when finished adding keywords.
  1. Type in the keyword value in the input field.
  2. Select the Add icon/button ("plus" icon).
  3. Select the Apply button when finished entering keyword values.
URL_Filter_Example.jpg
 

Attachments

  • URL_Filter.jpg
    URL_Filter.jpg
    76.9 KB · Views: 140
Last edited:
My router had recently developed trouble and wouldn't establish a vpn connection, and I was dreading troubleshooting that - now after installing this latest update it's magically working again! Thank you @RMerlin for continuing support as long as you have for models like the AC68U, and for giving us a long headsup that it'll come to an end by 2025. Plenty of time to find some upgraded hardware.
 
not sure its accurate to say that "Modern VOIP doesn't require SIP Passthrough", its very much required still on gigaset voip stations.
Then those Gigaset stations are misconfigured. ALG kernel modules have been deprecated in the Linux kernel for many years now. Nobody should still be using them.
 
Prior to upgrade would like to ask, if something goes wrong, will it be possible to revert to 386.12? (I had many wifi disconnect issues on versions higher than 386.12 - they were discussed here also)
 
Prior to upgrade would like to ask, if something goes wrong, will it be possible to revert to 386.12? (I had many wifi disconnect issues on versions higher than 386.12 - they were discussed here also)
You could. However, I would do a reset AFTER upgrading to 386.13 and manually set up things. YMMV.
 
if something goes wrong, will it be possible to revert to 386.12?
Of course you can roll back to 386.12 if 386.13 isn't to your liking. People often roll back to earlier Asus-Merlin firmware when they have issues with the current version of the Asus-Merlin firmware. Some will recommend doing a reset however after performing a firmware rollback then a manual reconfiguration (not importing a saved/exported router.CFG file).
 
An Bug is still happening on this latest Firmware:386.13, where the firewall UI webpage https://{router IP}/Advanced_URLFilter_Content.asp does not save entries after clicking apply. There is no error reported to the user, rather it silently fails. This means it is impossible to add entries to the firewall via this UI.

I have checked with 3 browsers. Firefox (all add-ons disabled & incognito). Chrome latest private browsing mode, and Edge browser browsing mode.
All 3 will allow the entry of a value, but the issue is on submission of the form. The changes were not applied / saved.

RT-AC88U

View attachment 57827

I have never used that feature but tried it just today and it worked for me.

Perhaps your flash for the new firmware was buggy? Did you do a "dirty" upgrade (directly flashed the new firmware over the old firmware/settings/USB flash drive?

I had been doing "dirty" upgrade(s) from several earlier versions up to 386.13 beta. Never had a problem til that last upgrade. The first few days it worked as expected, but soon it became unstable with various errors.

It may be somewhat time consuming, but after doing it "right", my RT-AC86U has been running stable since.
 

Attachments

  • Screenshot 2024-04-10 at 10-46-58 ASUS Wireless Router RT-AC86U - URL Filter.png
    Screenshot 2024-04-10 at 10-46-58 ASUS Wireless Router RT-AC86U - URL Filter.png
    40.9 KB · Views: 122
Last edited:
Changelog was missing the following fix (I forgot to add it when I ported the commit from the master branch):

Code:
  - FIXED: CVE-2023-5678 & CVE-2024-0727 in openssl (backport from
           Ubuntu by RSDNTWK)
 
Asuswrt-Merlin is now available for all supported Wifi 5 devices.

Changes since 386.12_6:

Code:
386.13 (7-Apr-2024)
  - NOTE: all the models supported by Asuswrt-Merlin on the
          386_xx series are now officialy on Asus' End of Life
          list, which means unless there are new major security
          issues, no new updates will be provided by Asus.

          Asuswrt-Merlin will tentatively attempt to continue to
          provide updates and fixes until the end of 2024, at which
          point all the 386_xx models will no longer be actively
          maintained.

  - UPDATED: openvpn to 2.6.10.
  - UPDATED: miniupnpd to 2.3.6.
  - UPDATED: tor to 0.4.7.16.
  - UPDATED: OUI database used by networkmap and the webui.
  - CHANGED: QOS/Classification page can now resolve local IPv6
             addresses.
  - CHANGED: Display tracked connections on the QoS/Classification
             page even if QoS isn't set to Adaptive QoS.
  - CHANGED: Prevent the use of Apple's iCloud Private Relay
             when enabling "Prevent client auto DoH".
  - CHANGED: NAT Passthrough page - removed the "Enabled + NAT
             Helper" option as the firewall no longer blocks
             traffic when set to disabled.  This is back to the
             former behaviour, where this setting only controls
             whether or not to load the NAT helper.  You might
             need to readjust that setting if you had previously
             changed it.
  - CHANGED: SIP, RTSP and H323 ALG (NAT helpers) are now
             disabled by default, as these legacy features tend
             to create issues with modern VoIP setups.
             This change will only apply to people doing a
             factory default reset of their router.
  - FIXED: CVE-2023-48795 in dropbear.
  - FIXED: Various issues with the QOS Classification page.
  - FIXED: UPNP leases without a description would not appear
           on the Forwarded Ports page.
  - FIXED: web server crashing when entering certain settings on
           the Network Filter Page.  Bypassed bug in closed source
           validation code for now.
  - FIXED: Concurrent cronjob changes through cru could cause
           collisions, leading to missing jobs (dave14305)
  - FIXED: CVE-2023-5678 & CVE-2024-0727 in openssl (backport from
           Ubuntu by RSDNTWK)

As indicated, all these models are now officially on Asus' end of life list. This means they will no longer provide updates for them, unless a critical issue happens, requiring an exceptional firmware release.

For Asuswrt-Merlin, the plan is currently to attempt at providing updates for these models until the end of 2024, at which point I will stop support and development for the entire 386_xx firmware series and its associated models.


Please keep the feedback in this thread about this specific release.

Downloads are here.
Changelog is here.
Hi @RMerlin.
First of all, thank you for your good work. I stick to Asus router because of your firmware. I am actually using RT-AC86U listed in this post. If I want to buy a new one, same quality / speed but will be supported for a couple of years of now, is there a liste I can base my choice on ?
 
I am actually using RT-AC86U listed in this post. If I want to buy a new one, same quality / speed but will be supported for a couple of years of now, is there a liste I can base my choice on ?
@jossbo, This likely isn't the topic to have such a discussion since it will take this topic well off the discussion on the 386.13 firmware. See the following:
Current plans regarding separate version branches
Merlin "End of Life" for 386.x firmware implications

If you haven't done so already, see the many other posts and discussions on which router to buy. There are many that can be found using the forum search feature. For example:
Possibly in the market for a new router
RT-AC86U Upgrade Path
New router recommendation
Which router to choose? Currently running two, details below.
Replacing AC88U, serving 6x CAT5e, all WiFi from AiMesh nodes...suggestions?

Or start a new discussion with your question.
 
It may help if you post what you are trying to block with URL Filter (i.e. exact block keyword phrase/text).

Edit to add: Did a quick test on a RT-AC68U running 386.13 and the URL filter list keyword entries are being saved. Remember to hit the "plus" Add button/icon after entering in the keyword value in the input field, then select the Apply button when finished adding keywords.
  1. Type in the keyword value in the input field.
  2. Select the Add icon/button ("plus" icon).
  3. Select the Apply button when finished entering keyword values.
View attachment 57832
Can confirm the screenshot shows what was attempted.

The plus button has to be pressed otherwise the entry would not be assigned to the list collection. The save button is then pressed.

In fact, no URL can be added and saved successfully on AC88U as of the last few firmware updates due to this issue - which seems to be associated with known form validation bugs across other pages in this section.

It seem obvious to me, the code validating the entry is not working, but worse, does not even raise an error. See related issue. https://www.snbforums.com/threads/u...r-table-on-rt-ax88u-pro-fw-388-3.85884/page-2

The web address to the page is; https://192.168.1.1/Advanced_URLFilter_Content.asp
 
I have never used that feature but tried it just today and it worked for me.

Perhaps your flash for the new firmware was buggy? Did you do a "dirty" upgrade (directly flashed the new firmware over the old firmware/settings?

I had been doing "dirty" upgrade(s) from several earlier versions up to 386.13 beta. Never had a problem til that last upgrade. The first few days it worked as expected, but soon it became unstable with various errors.

It may be somewhat time consuming, but after doing it "right", my RT-AC86U has been running stable since.
The manner in which Asus has implemented firmware updates is indeed concerning.

The update process appears fragile, raising doubts about the ability to safeguard against security vulnerabilities. It’s surprising to see a level of expertise that one might expect from a junior programmer, not the robust proficiency required to protect the digital gateway to your family and their devices. However, I digress. I can only hope that the Merlin team will continue their excellent work and not succumb to the temptation to abandon their efforts, which I imagine could be quite tempting.

Indeed, I will reset the settings to their defaults and re-enter everything again. It’s a real hassle, but it is part of the guidance when undertaking updates. If updates were optional, it wouldn’t be such a problem. But realistically, how can a firmware update be considered optional when it often includes critical security fixes to counter the ever-increasing tide of CVE exploits? AI is likely to exacerbate this issue, turning a flood into an avalanche. The outlook for security is indeed bleak.

Given that the AC88U will soon be out of official support, exploits will no longer be patched, so I plan to replace it. Nonetheless, it would be beneficial to have the basic firewall functionality working in the UI for the time being.

Just as a note, this issue affects both HTTP and HTTPS connections.

I will report back.
 
The web address to the page is; https://192.168.1.1/Advanced_URLFilter_Content.asp
As a troubleshooting step, try it without having the router access Authentication Method set to HTTPS. As my post shows it is working correctly for me (not using HTTPS) on a RT-AC68U. If you continue to have issues maybe some other setting or configuration on your end is causing the issue. IF so maybe a hard factory reset and manual configuration (no saved router.cfg import) is needed. As a troubleshooting step, if you haven't done so already, try another computer.

PS: Note that one is adding a "keyword" not a "URL" to the entry field.
 
As a troubleshooting step, try it without having the router access Authentication Method set to HTTPS. As my post shows it is working correctly for me (not using HTTPS) on a RT-AC68U. If you continue to have issues maybe some other setting or configuration on your end is causing the issue. IF so maybe a hard factory reset and manual configuration (no saved router.cfg import) is needed. As a troubleshooting step, if you haven't done so already, try another computer.

PS: Note that one is adding a "keyword" not a "URL" to the entry field.
The URL field will accept any valid character string and perform a partial match on the base domain returned from the DNS query, so this screen does not expect a URL specific mask. Only where the entry contains an invalid character, a modal dialogue is raised.

1713281853947.png


I have now performed a restore and checked the initialize all settings option (factory reset).

1713281961507.png


This resulted in a working Advanced_URLFilter_Content.asp page. Seemingly solving the issue. It seems as noted, this would appear to be related to the migration of existing settings during a firmware update.

I then reapplied the previously saved settings backup to test, the issue indeed returns.

It should also be noted, not only can I not add entries when this happens, but I cannot remove existing entries either (some of which shown below).

1713282268690.png


Hope this helps anyone else who might come across this strange behavour. Shame it needs the nuclear option to fix it.

NB: Default WiFi password after a reset for ASUS_F8_2G or ASUS_F8_5G is "asuswifi0123".
 
Last edited:
Given that the AC88U will soon be out of official support, exploits will no longer be patched, so I plan to replace it. Nonetheless, it would be beneficial to have the basic firewall functionality working in the UI for the time being.

While this won't help you, I'm not having an issue on the AC88U here. I tried your steps on the 386.12 install before upgrading to 386.13 and re-trying. In both cases it worked with no issues - even being smart enough to enable the filter if I didn't click the radio button before clicking the + to add the domain.

I do agree with your frustrations where "something" in the routers memory can require a factory reset to clear it after an upgrade but that base recovery mechanism is common (and a quick go-to for the manufacturer support teams) across pretty much every electronic consumable device going these days. The more functionality and advanced uses it gets, the more painful that becomes. I'd much rather do a factory reset on my router than my mobile phone!
 
NB: Default WiFi password after a reset for ASUS_F8_2G or ASUS_F8_5G is "asuswifi0123".

This is RT-AC88U and RT-AC3100 specific quirk. After factory reset there is no default password on other models.
 
Last edited:
EDIT: 26-April-2024 386.13_2 has been released for the RT-AC86U and GT-AC2900, addressing a security issue in IPSEC (which isn't supported by the other Wifi 5 models).

Changes since 386.13_0:
Code:
386.13_2 (26-Apr-2024)
  - NOTE: This release is only available for the RT-AC86U
          and GT-AC2900.
  - UPDATED: strongswan to 5.9.13 (fixes CVE-2023-41913)
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top