Beta Asuswrt-Merlin 386.2 Beta is now available
- Thread starter RMerlin
- Start date
-
- Tags
- asuswrt-merlin beta firmware
- Status
dave14305
Part of the Furniture
Do you see the same awkward firewall files in /tmp with bad WAN interface values?
goodwin_c
Occasional Visitor
There were few cases already by other users, so this is definitely not an single ocurance. Maybe, it is specific for some permutation of model/settings/something else. Still looks VERY strange, as manual check of code and corresponding nvram values - shows nothing. Looks like it should work fine, but it doesnt. Already checked all sequence starting from identifying _proto and multiwan values and up to _ifname - and didnt find anything suspicious
goodwin_c
Occasional Visitor
Tnx, i'll fill my profile. I was always a reader on SnB, this is first time i have to write something
dave14305
Part of the Furniture
If you enable Cake QoS, does the right WAN interface name get written to /etc/cake-qos.conf as variable ULIF?
bbunge
Part of the Furniture
My fault. Fumblefingered password. Works now.
Unless they also provided the content of their firewall rules, we cannot assume they were experiencing the exact same problem. For instance, I always suspected that Asus' recent DNS routing changes may impact certain configurations.
(there are two instances, one relies on direct nvram, the other relies on libshared).
Last edited:
I might have a lead here, or at least something to work with. On my RT-AX88U or my RT-AC66U_B1 I guet:
And on my RT-AC88U, I get:
So while I don't get random data, I don't get any interface at all here. Time to carpet bomb the code with logging...
Code:
-A FORWARD -o eth0 ! -i br0 -j other2wanAnd on my RT-AC88U, I get:
Code:
-A FORWARD -o ! -i br0 -j other2wanSo while I don't get random data, I don't get any interface at all here. Time to carpet bomb the code with logging...
Probably found it. The wanx_if content gets garbed after a call to config_ic_rule_string(ic_list, fp, logaccept, logdrop, 1); . That function calls a cleanup function at the end, which ends with nvram_commit(). That probably has the effect of trashing any existing pointer to an nvram value. I will have to make copies of any existing nvram pointer to ensure their content stays valid through this function call.
Code:
Mar 13 14:11:48 wanx: Just got eth0
Mar 13 14:11:48 wanx: 1 eth0
Mar 13 14:11:48 wanx: 2 eth0
Mar 13 14:11:48 wanx: 3 eth0
Mar 13 14:11:48 wanx: 3a eth0
Mar 13 14:11:48 wanx: 3aa eth0
Mar 13 14:11:48 wanx: 3ab
Mar 13 14:11:48 wanx: 3b
Mar 13 14:11:48 wanx: 3c
Mar 13 14:11:48 wanx: 4
Mar 13 14:11:48 wanx: 5
Mar 13 14:11:48 wanx: 6
Mar 13 14:11:48 wanx: 7
Mar 13 14:11:48 wanx: 8
Mar 13 14:11:48 wanx: 9
Mar 13 14:11:48 wanx: 10
Mar 13 14:11:48 wanx: 11
Mar 13 14:11:48 wanx: strcmpAC86U. Nothing significant to report after 24 hours.
Upgraded to 386.2 beta 1 from 386.1_2 (dirty upgrade). 386.1_2 had been dirty upgraded from a clean 386.1.
Approx. 15 wifi clients. Only one Ethernet cable pluggedin for the LAN, coming from an 8 port switch.
connmon active. spdMerlin stopped. cake-qos uninstalled before upgrade.
Thank you RMerlin.
Cake gives the A+/A/A+ that I used to get on dslreports with cake-qos.
Note that, just as with cake-qos, I see a discrepancy (up to 10%-20%) between the target bandwidth in the router settings and the experienced bandwidth. My line is 125 down, 7 up (promised and measured); DOCSIS/cable. My cake config is 130 down (not the recommended approach; keep reading please), 6.5 up. My line measures at approx. 115 down with cake. Setting cake at the recommended 90%-95% target results in much lower bandwidth; like 100Mbps down.
When I was using cake-qos with diffserv8 (out of curiosity), I sometimes got weird statistics (like high priority tins with worse figures). The built-in cake, with diffser3 seems to work just as expected.
By the way, I have used a mangle/postrouting rule to tag all my UDP traffic (quite brutal I reckon, but if besteffort works fine anyway; a brutal classification with diffserv3 can't be really bad).
Thank you very much dave14305 for the examples (more refined than my brutal approach).
Take care
Best regards
Upgraded to 386.2 beta 1 from 386.1_2 (dirty upgrade). 386.1_2 had been dirty upgraded from a clean 386.1.
Approx. 15 wifi clients. Only one Ethernet cable pluggedin for the LAN, coming from an 8 port switch.
connmon active. spdMerlin stopped. cake-qos uninstalled before upgrade.
Thank you RMerlin.
Cake gives the A+/A/A+ that I used to get on dslreports with cake-qos.
Note that, just as with cake-qos, I see a discrepancy (up to 10%-20%) between the target bandwidth in the router settings and the experienced bandwidth. My line is 125 down, 7 up (promised and measured); DOCSIS/cable. My cake config is 130 down (not the recommended approach; keep reading please), 6.5 up. My line measures at approx. 115 down with cake. Setting cake at the recommended 90%-95% target results in much lower bandwidth; like 100Mbps down.
When I was using cake-qos with diffserv8 (out of curiosity), I sometimes got weird statistics (like high priority tins with worse figures). The built-in cake, with diffser3 seems to work just as expected.
By the way, I have used a mangle/postrouting rule to tag all my UDP traffic (quite brutal I reckon, but if besteffort works fine anyway; a brutal classification with diffserv3 can't be really bad).
Thank you very much dave14305 for the examples (more refined than my brutal approach).
Take care
Best regards
Last edited:
Firewall rule corruption should be fixed with https://github.com/RMerl/asuswrt-merlin.ng/commit/7577702a816b62ab53a3f052c2f0cc0f6daff288 - at least it was on my own RT-AC88U.
goodwin_c
Occasional Visitor
What a great news! Waiting for a next beta
D
Deleted member 22229
Guest
Is this for all models or only certain models ?
So far I could only reproduce it on the RT-AC88U, works fine on AC68 and AX88, so it may be either SDK-specific, or be totally random depending on whether the nvram content is moved around or not during the firewall configuration.
goodwin_c
Occasional Visitor
Any chance to update current builds with this fix for at least AC88 and AC3100?
Temperature discussions moved to https://www.snbforums.com/threads/router-temperatures.71123/ . I had enough of this in previous beta/release threads, they do not belong in this beta thread and only add noise to the actual beta reports.
Probably only with the beta 2 release, unless I actually have time to generate test builds before that.
goodwin_c
Occasional Visitor
Sure, np. I can live some time without addons that are triggering firewall restart (like skynet), it is easy to pick file from /tmp/err_rules, fix two lines and restore with iptables-restore - that gives stable working router until firewall service will be restarted (without addons - most probably till the router reboot). Anyway - this is Beta, so we know what we are doing there
Disabling DNSSEC and using a trusted upstream DNS server will address the DNSpooq vulnerabilities for 384.19.
- Status
Similar threads
- Locked
Similar threads
Similar threads
-
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
- Started by B0GDAN
- Replies: 1
-
Release Asuswrt-Merlin 386.14 is now available for AC models
- Started by RMerlin
- Replies: 194
-
-
Release Asuswrt-Merlin 386.13 / 386.13_2 is now available for AC models
- Started by RMerlin
- Replies: 79
-
Beta Asuswrt-Merlin 386.13 beta is now available for AC models
- Started by RMerlin
- Replies: 32
-
Release Asuswrt-Merlin 386.12_6 is now available for AC models
- Started by RMerlin
- Replies: 168
-
Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices
- Started by RMerlin
- Replies: 57
-
Several Questions Re:Asuswrt-Merlin Feature Implementation
- Started by fenixreign
- Replies: 2
-
-
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
- Started by RMerlin
- Replies: 70