Release Asuswrt-Merlin 386.2_6 is now available

[mistalanious]

I upgraded my AX88U to 386.2_6 from 386.2_4 and did a full factory reset but since the upgrade the LAN ports stopped working until I enabled Bonding/ Link aggregation which I didn't have enabled before. Also, my USB HDD that was working fine before keeps going online then offline.

 

[RMerlin]

I upgraded my AX88U to 386.2_6 from 386.2_4 and did a full factory reset but since the upgrade the LAN ports stopped working until I enabled Bonding/ Link aggregation which I didn't have enabled before. Also, my USB HDD that was working fine before keeps going online then offline.

ONLY the Wifi driver, the tor version, and webui stuff was changed in 386.2_6, so your issues are unrelated to the firmware update.

 

[mistalanious]

ONLY the Wifi driver, the tor version, and webui stuff was changed in 386.2_6, so your issues are unrelated to the firmware update.

Okay, I'll keep troubleshooting. I realized that the WebUI is super laggy compared to 384 which I just reverted back to. Everything is working as expected on 384. I'll try upgrading to 386 again and factory reset.

 

[zaxcom]

I have noticed since the update that I cant maintain 160Mhz on the 5g side. It works for awhile, then falls to 80Mhz and never attempts to rescan to reestablish 160Mhz.

It also does not stay on the channel I selected when it fails. So If I spec'd channel 36, it falls back to 80Mhz on channel 152.

In the past 160Mhz was rock stable. I have done restarts but it does not help.

RT-AX86U

 

[akb]

I have noticed since the update that I cant maintain 160Mhz on the 5g side. It works for awhile, then falls to 80Mhz and never attempts to rescan to reestablish 160Mhz.

It also does not stay on the channel I selected when it fails. So If I spec'd channel 36, it falls back to 80Mhz on channel 152.

In the past 160Mhz was rock stable. I have done restarts but it does not help.

RT-AX86U

do you have non 160mhz mesh nodes?

I have a ax86u main with xd4 mini's around my house which are limited to 80hz. I noticed initially 160mhz would work for the main router, and the minis all stayed 80mhz, but eventually the main would drop to 80hz like your statement. I thought this is just the draw back of having non 160mhz mesh nodes, maybe its the firmware after all as I just bought all the hardware at once and only had _6 from the beginning.

 

[Conundrum1911]

AC86U -- Just rolled back to 386.2_4 as my 2.4GHz wifi kept running into issues, especially with Echo dots (would randomly drop or disconnect, or Spotify/streaming audio would keep dropping out to them). Never had issues before, so will see if the downgrading fixes things. Nothing else has changed on my network in the past 30-60 days either.

 

[JoeBee]

Did a dirty flash to latest from 384.19 firmware just now, got an almost 30% broadband speed drop sadly.

Does that mean I have to do a factory restore and re-do the settings again ?

reset my ac86u to factory settings and latest 386.2 firmware and redone all my settings sadly I get 135 Mbps still.

So I reset my ac86u and reinstalled the older 384.19 firmware from 2020 and redid the same set up, got 198 Mbps, baffled but tried speed test and a large ddl file and its confirmed.

Not a biggy but guess ill stick with the older firmware since it maxes my broadband speed perfectly fine while under my VPN provider but very odd that the newer firmware gives me a 30%+ speed drop in VPN performance.

 

[zaxcom]

do you have non 160mhz mesh nodes?

I have a ax86u main with xd4 mini's around my house which are limited to 80hz. I noticed initially 160mhz would work for the main router, and the minis all stayed 80mhz, but eventually the main would drop to 80hz like your statement. I thought this is just the draw back of having non 160mhz mesh nodes, maybe its the firmware after all as I just bought all the hardware at once and only had _6 from the beginning.

No mesh nodes. Just the router.

 

[slidermike]

No mesh nodes. Just the router.

I would also suggest parsing the logs to see if the router is logging info on why its dropping from full spectrum to 1/2 spectrum. Could be due to the DFS channels or congestion.

 

[learning_curve]

reset my ac86u to factory settings and latest 386.2 firmware and redone all my settings sadly I get 135 Mbps still ~~ Not a biggy but guess ill stick with the older firmware since it maxes my broadband speed perfectly fine while under my VPN provider but very odd that the newer firmware gives me a 30%+ speed drop in VPN performance.

Slightly ironic maybe, but since running Merlin's 386.2_6 my fibre broadband speed is the fastest and most consistent that it's ever been on this Asus Router; 325Mbps Download / 325 Mbps Upload (and no detrimental effects either when using VPN)

 

[JoeBee]

Slightly ironic maybe, but since running Merlin's 386.2_6 my fibre broadband speed is the fastest and most consistent that it's ever been on this Asus Router; 325Mbps Download / 325 Mbps Upload (and no detrimental effects either when using VPN)

At a loss really maybe its the openvpn version used in firmware ? the 386.2 I think uses openvpn 2.5.+ and that older firmware from 2020 is using 2.4.9 version.

 

[Wranglersm]

Ok, I'm pretty sure I've figured out the problem with guest network 1 killing the WAN, and it's dumb. Really dumb.

admin@RT-AC66U_B1-0:/tmp/home/root# robocfg show
Switch: enabled
...
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 5t
   2: vlan2: 0 5
502: vlan502: 0t 1t 2t 3t 4t 5t
admin@RT-AC66U_B1-0:/tmp/home/root# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.38d547dbe940    no        vlan1
                            eth1
                            eth2
                            tap22
br2        8000.38d547dbe945    yes        wl1.1
                            eth0.502
                            eth1.502
                            eth2.502

So what we have here is br2 with GN1 (wl1.1) and VLAN 502 across eth0/eth1/eth2. I don't know what that VLAN is used for, but it doesn't show up unless you have a Guest Network 1 enabled. 2.4G Guest Network 1 creates br1 and VLAN 501. Maybe something to do with AiMesh?

eth1 and eth2 are 2.4/5 radios, and eth0 goes to the switch. On the switch port 0 is WAN, 1-4 are LAN, and 5 is the CPU. VLAN 1 traffic is tagged on port 5, so it goes to vlan1 interface and the LAN bridge. WAN traffic is untagged so it goes to the eth0 WAN interface.

The problem: enabling Guest Network 1 adds VLAN 501/502 to the switch, and puts the WAN port in those VLANs. This means Guest Network 1 broadcasts will go to the WAN port, including DHCP queries. When a GN1 device requests an IP, your WAN connection may respond first and kill the router's DHCP lease!

The fix is to add the following to your firewall-start script to remove those VLANs from the bridges and switch

robocfg vlan 501 ports ""
robocfg vlan 502 ports ""
brctl delif br1 eth0.501
brctl delif br1 eth1.501                                
brctl delif br1 eth2.501                                
brctl delif br2 eth0.502                             
brctl delif br2 eth1.502                                
brctl delif br2 eth2.502

I can confirm that without removing VLAN 501/502, a DHCP query on the guest network may steal the WAN IP. After removing those VLANs, guest network 1 functions properly. Yes, this bug makes the leaked traffic on the WAN port tagged, but my Fios ONT doesn’t care, and cable modems probably don’t either. They will respond to a DHCP broadcast.

I know it's here but I'm having a little trouble finding it--can someone provide a link to a "tutorial" regarding making edits via the command line? I'm assuming it's likely Putty or telnet to get it.

 

[maxbraketorque]

Ok, I'm pretty sure I've figured out the problem with guest network 1 killing the WAN, and it's dumb. Really dumb.

admin@RT-AC66U_B1-0:/tmp/home/root# robocfg show
Switch: enabled
...
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 5t
   2: vlan2: 0 5
502: vlan502: 0t 1t 2t 3t 4t 5t
admin@RT-AC66U_B1-0:/tmp/home/root# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.38d547dbe940    no        vlan1
                            eth1
                            eth2
                            tap22
br2        8000.38d547dbe945    yes        wl1.1
                            eth0.502
                            eth1.502
                            eth2.502

So what we have here is br2 with GN1 (wl1.1) and VLAN 502 across eth0/eth1/eth2. I don't know what that VLAN is used for, but it doesn't show up unless you have a Guest Network 1 enabled. 2.4G Guest Network 1 creates br1 and VLAN 501. Maybe something to do with AiMesh?

eth1 and eth2 are 2.4/5 radios, and eth0 goes to the switch. On the switch port 0 is WAN, 1-4 are LAN, and 5 is the CPU. VLAN 1 traffic is tagged on port 5, so it goes to vlan1 interface and the LAN bridge. WAN traffic is untagged so it goes to the eth0 WAN interface.

The problem: enabling Guest Network 1 adds VLAN 501/502 to the switch, and puts the WAN port in those VLANs. This means Guest Network 1 broadcasts will go to the WAN port, including DHCP queries. When a GN1 device requests an IP, your WAN connection may respond first and kill the router's DHCP lease!

The fix is to add the following to your firewall-start script to remove those VLANs from the bridges and switch

robocfg vlan 501 ports ""
robocfg vlan 502 ports ""
brctl delif br1 eth0.501
brctl delif br1 eth1.501                                
brctl delif br1 eth2.501                                
brctl delif br2 eth0.502                             
brctl delif br2 eth1.502                                
brctl delif br2 eth2.502

I can confirm that without removing VLAN 501/502, a DHCP query on the guest network may steal the WAN IP. After removing those VLANs, guest network 1 functions properly. Yes, this bug makes the leaked traffic on the WAN port tagged, but my Fios ONT doesn’t care, and cable modems probably don’t either. They will respond to a DHCP broadcast.

Have you reported this to ASUS? Why did you stop using YazFI?

 

[CoyoteDen]

Have you reported this to ASUS? Why did you stop using YazFI?

Not reported to ASUS. Not even sure how, I was gonna let Merlin do that

Ok, so... I want to keep switch port 4 from accessing my LAN. To do this I manually create a VLAN, put switch port 4 in it, and put it on the same bridge as GN1. YazFi doesn't use a bridge to isolate the GNs, it uses firewall rules.

 

[maxbraketorque]

Not reported to ASUS. Not even sure how, I was gonna let Merlin do that

Ok, so... I want to keep switch port 4 from accessing my LAN. To do this I manually create a VLAN, put switch port 4 in it, and put it on the same bridge as GN1. YazFi doesn't use a bridge to isolate the GNs, it uses firewall rules.

ok, so I'm on Merlin 386.3_a1_v2 (the version prior to the VPN director builds), and I have 2.4 GHz GN2 running. When I connect to that network, I cannot connect to services on other machines on the network using LAN decimal addresses. So the local LAN appears to be isolated for my setup. Maybe I'm misunderstanding the issue you mentioned.

However, my home router AC86U is running an OVPN client that is permanently connected to an OVPN server running on an AC86U at another location. I have found that I can access devices and services on that subnet using decimal addresses. So much for my IOT devices being LAN-isolated.

Seems like LAN isolation is not as simple as ASUS would suggest. I wonder if running YazFI would solve this issue.

 

[CoyoteDen]

ok, so I'm on Merlin 386.3_a1_v2 (the version prior to the VPN director builds), and I have 2.4 GHz GN2 running. When I connect to that network, I cannot connect to services on other machines on the network using LAN decimal addresses. So the local LAN appears to be isolated for my setup. Maybe I'm misunderstanding the issue you mentioned.

However, my home router AC86U is running an OVPN client that is permanently connected to an OVPN server running on an AC86U at another location. I have found that I can access devices and services on that subnet using decimal addresses. So much for my IOT devices being LAN-isolated.

Seems like LAN isolation is not as simple as ASUS would suggest. I wonder if running YazFI would solve this issue.

I have an AC66_B1 (AC68). The AC86 might be different. My GN2/GN3 acts just like the non-guest wifi. YazFi does isolate better, you can set rules for each guest network.

But you have learned one very important thing about VPN: VPNs are not always considered LAN. TAP VPNs are layer 2, and sit on br0, so they are treated like LAN. TUN VPNs are a different subnet, and are routed by the kernel. If you want to allow/restrict access to them, you have to make sure the proper iptables rules are in place!

 

[maxbraketorque]

I'm finding out the hard way. I also just found out that robocfg does not exist with the HND routers, so I cannot do the same survey that you did. vlanctl and brctl seem to be the replacement commands, but vlanctl has no "show", while "brctl show" does not give me any useful info. Maybe I don't know what I'm looking at.

My VPNs are over TUN. Sounds like the new VPN Director feature may be of value to me after all. Or maybe YazFi will provide full isolation of the guest LAN. I guess I need to do some reading and/or experimentation...

 

[learning_curve]

At a loss really maybe its the openvpn version used in firmware ? the 386.2 I think uses openvpn 2.5.+ and that older firmware from 2020 is using 2.4.9 version.

We use VPN differently, so that's more likely to be the cause of the different VPN results between us. The main/normal ISP speed difference could be many things, including our two different Asus Routers

 

[jomcty]

I upgraded my AX88U to 386.2_6 from 386.2_4 and did a full factory reset but since the upgrade the LAN ports stopped working until I enabled Bonding/ Link aggregation which I didn't have enabled before. Also, my USB HDD that was working fine before keeps going online then offline.

RT-AX88U here. Dirty upgrade from 386.2_4 -> 386.2_6; no observed issues.

 

[NTP66]

reset my ac86u to factory settings and latest 386.2 firmware and redone all my settings sadly I get 135 Mbps still.

So I reset my ac86u and reinstalled the older 384.19 firmware from 2020 and redid the same set up, got 198 Mbps, baffled but tried speed test and a large ddl file and its confirmed.

Not a biggy but guess ill stick with the older firmware since it maxes my broadband speed perfectly fine while under my VPN provider but very odd that the newer firmware gives me a 30%+ speed drop in VPN performance.

I'm having similar issues with 386.2_6 on my AC68U with Verizon Fios (gigabit). My speeds were cut by more than 60%, but going back to 386.2_4 resolves that issue. I have a pretty vanilla config overall, but that loss of bandwidth can't be overlooked. I'll see if the next release manages to resolve it for me.