What's new

Beta Asuswrt-Merlin 386.13 beta is now available for AC models

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.

RMerlin

Asuswrt-Merlin dev
Staff member
Asuswrt-Merlin 386.13 Beta 1 is now available for AC models.

Changes:
Code:
386.13 (xx-xx-xxxx)
  - NOTE: all the models supported by Asuswrt-Merlin on the
          386_xx series are now officialy on Asus' End of Life
          list, which means unless there are new major security
          issues, no new updates will be provided by Asus.

          Asuswrt-Merlin will tentatively attempt to continue to
          provide updates and fixes until the end of 2024, at which
          point all the 386_xx models will no longer be actively
          maintained.

  - UPDATED: openvpn to 2.6.10.
  - UPDATED: miniupnpd to 2.3.6.
  - UPDATED: tor to 0.4.7.16.
  - UPDATED: OUI database used by networkmap and the webui.
  - CHANGED: QOS/Classification page can now resolve local IPv6
             addresses.
  - CHANGED: Display tracked connections on the QoS/Classification
             page even if QoS isn't set to Adaptive QoS.
  - CHANGED: Prevent the use of Apple's iCloud Private Relay
             when enabling "Prevent client auto DoH".
  - FIXED: CVE-2023-48795 in dropbear.
  - FIXED: Various issues with the QOS Classification page.
  - FIXED: UPNP leases without a description would not appear
           on the Forwarded Ports page.
  - FIXED: web server crashing when entering certain settings on
           the Network Filter Page.  Bypassed bug in closed source
           validation code for now.
  - FIXED: Concurrent cronjob changes through cru could cause
           collisions, leading to missing jobs (dave14305)

As indicated, all these models are now officially on Asus' end of life list. This means they will no longer provide updates for them, unless a critical issue happens, requiring an exceptional firmware release.

For Asuswrt-Merlin, the plan is currently to attempt at providing updates for these models until the end of 2024, at which point I will stop support and development for the entire 386_xx firmware series and its associated models.


Please keep the feedback in this thread about this specific beta release. Off-topic posts will be either ignored or deleted.

Downloads are here.
Changelog is here.
 
Reserved post.
 
Updated . It's working as expected..
Thank you Merlin
Please add your model and your setup in a signature so all can see on which router you refer to.

RT-AC86U works as a test access point (updated from alpha) without any problems.
 
Last edited:
Updated . It's working as expected.

This firmware covers multiple AC models. Perhaps a signature with your router model will be helpful to others.
 
Flashed my RT-AC68U with success. It's only running as a MESH Node with one Client... (Detached Garage's WYZE-Camera). Not much of a test, but the Stream is Viewable.
 
sigh. I've been avoiding looking at the writing on the wall. now I have to face it.
Change is good.
 
@RMerlin you don't have any dependencies or know of any within the asus sdk that relies on xz/liblzma i hope.
There is some discussion at the following link about the recent XZ security vulnerability:
Per RMerlin's reply in that discussion:
Neither Asuswrt-Merlin nor Entware are affected, different version.
 
There is some discussion at the following link about the recent XZ security vulnerability:
Per RMerlin's reply in that discussion:
Great
 
Got a family member who has AC86U. They normally have Web History disabled, but enabled it the other day to see the URLS logged. None seem to log though?
Was flash hard reset before alphas but not for Beta.
Is it a known issue? Thanks.
 
Beta seems to work fine for me - RT-AC3100 in router mode behind ISP router. Using adaptive qos set at manual 130/100mb/s to create a low latency network for work. Also have an RT-AC68u in media bridge mode hanging off the 5ghz network.

Thanks Merlin for all of your excellent work! 🙏
 
Updated my RT-AC86U from second alpha1 to the current beta1.

Noticed a minor problem with the version string which shows the "old" alpha1 value.

Administration - Firmware Upgrade
Current Version : 386.13_alpha1-g98fa9a44

Checked the SHA256 signatures values for the RT-AC86U_386.13_beta1_ubi.w which was OK.
Returned to latest Asus firmware "Current Version : 3.0.0.4.386_51925-gdb5bd99" and
made a new update with RT-AC86U_386.13_beta1_ubi.w with the same result, version text showing alpha1.

Aside from this very minor "problem" everything has worked excellent.
 
Just upgraded my network from 386.12_6. All's well so far...
 
I am using my RT-AC86U as my primary router. No AiMesh. Running AiProtection, VPN Server.

Did a "Dirty" upgrade of my RT-AC86U from 386.12_6 (working fine) to 386.13 Beta (working fine) a few days ago.

Began opening Menu items and seeing what they show and render...

When I open WAN >> NAT Passthrough I see the first screenshot. I thought I had "Enabled + NAT helper". There are now only two options Enable/Disable.

I then started up one of my RT-AC68U's (today) went to WAN >> NAT Passthrough (second screenshot) you see "Enabled + NAT helper". When I did a dirty upgrade to 386.13 Beta I now see (third screenshot) again with only two options now Enable/Disable.
 

Attachments

  • Screenshot 2024-04-03 at 12-27-12 ASUS Wireless Router RT-AC86U - NAT Pass-Through.png
    Screenshot 2024-04-03 at 12-27-12 ASUS Wireless Router RT-AC86U - NAT Pass-Through.png
    26.5 KB · Views: 105
  • Screenshot 2024-04-03 at 12-34-54 ASUS Wireless Router RT-AC68U - NAT Pass-Through.png
    Screenshot 2024-04-03 at 12-34-54 ASUS Wireless Router RT-AC68U - NAT Pass-Through.png
    27.6 KB · Views: 104
  • Screenshot 2024-04-03 at 12-46-54 ASUS Wireless Router RT-AC68U - NAT Pass-Through.png
    Screenshot 2024-04-03 at 12-46-54 ASUS Wireless Router RT-AC68U - NAT Pass-Through.png
    26.8 KB · Views: 103
Posted this in the Diversion thread, but it has since been pointed out to me that this looks like a problem with a new commit to the firmware, namely, this one (which I just noticed is also mentioned in the change notes):


After loading the 386.13 beta on my RT-AC86U, I started seeing an odd issue where the macOS and iOS mail clients on my network stopped showing inline images in emails and presented me with this message:

Your network preferences prevent content from loading privately.

(Pressing a "Load images" button then does the trick).

I had never encountered this message before. I do not have Apple Private Relay enabled on any of my devices, but I do have Mail Privacy Protection enabled, which has never caused an issue before with my Merlin/Diversion/Skynet setup.

I was able to fix my issue by adding mask.icloud.com and mask-h2.icloud.com to my Diversion allowlist.

Is that the correct way to deal with it? Or is there an option in the firmware GUI that I'm missing? Or should I not be allowing access to those two domains at all?

EDIT: Just realised that setting "Prevent Client Auto DoH" to disabled in the WAN DNS setting should do the trick.
 
Last edited:
I am using my RT-AC86U as my primary router. No AiMesh. Running AiProtection, VPN Server.

Did a "Dirty" upgrade of my RT-AC86U from 386.12_6 (working fine) to 386.13 Beta (working fine) a few days ago.

Began opening Menu items and seeing what they show and render...

When I open WAN >> NAT Passthrough I see the first screenshot. I thought I had "Enabled + NAT helper". There are now only two options Enable/Disable.

I then started up one of my RT-AC68U's (today) went to WAN >> NAT Passthrough (second screenshot) you see "Enabled + NAT helper". When I did a dirty upgrade to 386.13 Beta I now see (third screenshot) again with only two options now Enable/Disable.
I forgot to document it in the changelog.

Originally when setting it to Disabed ,Asus would also actively block that traffic type at the firewall level, meaning you could either Block, or Allow and load the NAT helper, which was of no use for anyone who needed to just keep the NAT helper disabled (for instance when using any modern SIP VoIP system). The "Enabled + NAT Helper" was added to replace Asus's Enabled option, and Enabled only opened the firewall. Now that Asus stopped actively blocking firewall traffic when set to Disabled, the third option was no longer needed. The setting is back to truly only controlling whether or not these obsolete ALG modules should be loaded or not.

Ideally, these old NAT helpers should just be completely removed. They are a legacy from 20 years ago and have been deprecated at the Kernel level for a long time. I am keeping them only because Asus still offers them on the stock firmware.
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top