Beta Asuswrt-Merlin 386.4 beta is now available

[RMerlin]

Asuswrt-Merlin 386.4 is now available for all supported models. This release merges with GPL 386_45958, and adds support for the RT-AX86S.

Dec 28th update: Updated to Beta 3. Changes since Beta 2:

9288cd8c05 Updated documentation
8c0194de99 inadyn: rc: disable IPv6 support
0ae53e9cd8 rc: harmonized with upstream
969b828b98 busybox: enable hexdump applet
cf0307f1d2 rc: add missing chain to ip6tables's filter table
797f3e4ba9 httpd: webui: improve parameter sanitization (backport from Asus upstream)
f672e3199a Bumped to beta 3

Dec 22nd update:: Updated to Beta 2. Changes since Beta 1:

shared: improved buffer validation (backport from Asus upstream)
bcbd5e494b shared: Replace the source code of strlcpy() and strlcat() by BSD verison (patch from Asus upstream)
8247d74c37 rc: ensure that do_dns_detect() always has a valid test server even if nvram is empty
77917ed54c rc: also add static lease hostnames without domain appended to host file
0b69989b80 rc: start miniupnpd after getrealip has run, and give it an extra 5 secs in case it's not ready yet
abe3f8f883 httpd: also fix potential NULL ptr access in do_vpnupload_post() (patch from upstream)
c02ac3af36 Updated documentation
49b788dd06 Merge pull request #796 from decoderman/master
da11794861 build: fix et userspace tool copy on SDK 6.37
15ccb9cbfb amtm 3.2.1 release, preparation for IOS Shortcuts
03c9fdcf06 httpd: fix potential use of uninitialized variable in do_vpnupload_post(), introduced in 6ce76323bf
71732c5a66 rc: reapply firewall-start rules after stop_ddns() restores them from filter_rules
1c5a36e089 openvpn: updated to 2.5.5
6ce76323bf httpd: improved buffer validation (backport from Asus upstream)
8d40f2c18a ddns: backport patches from Asus upstream
c09e1fae34 inadyn: revert ddns.c fix
e2243b0df9 openssl: updated to 1.1.1m
d167e13d6b Bumped revision to beta 2

There has been a long gap between these last releases due to licensing issues Asus had to resolve with the generated GPL archives. There are still a few remaining issues that are currently forcing me to delay support for the RT-AC68U_V4 and GT-AXE11000, these will need to be revisited once their respective GPL archives are fixed by Asus and Broadcom.

The highlights of this release;

• Merges with GPL 386_45958.
• Adds support for the RT-AX86S (uses the same firmware as the RT-AX86U).
• HND firmwares now include both the kernel module and userspace tool for Wireguard. There is no built-in support for Wireguard at this time, these are only included for end-user or third party usage. Asus is still working on their own implementation, which isn't available yet.
• OpenVPN server now supports IPv6, both for incoming connections, and for routing access to the LAN clients over IPv6. Note however that redirecting IPv6 Internet traffic through your server is not supported.
• Component updates: curl 7.79.1, vsftpd to 3.0.5, openssl to 1.1.1m, wget to 1.21.1, nettle to 3.7.3, dnsmasq 2.86, openvpn 2.5.5, tor 0.4.5.11, miniupnpd 2.2.3-git 20211017 and inadyn 2.9.1
• jitterentropy-rngd was replaced by haveged. Haveged is more resource-intensive, but it works properly under older 2.6.x kernels.
• dnsmasq was reverted back to using nettle for its DNSSEC crypto handling (since openssl support never got mainlined and was increasingly problematic to support)
• miniupnpd now uses the real public IP address instead of any potentially (double-)NATed address for the WAN.
• Reworked DHCP hostname support to use Asus's own implementation.
• A couple of various bugfixes

Please review the Changelog for complete details.

Notes:

• 386.4 uses the new DHCP hostname implementation from Asus (your entries will automatically be converted to the new format on first boot). This means however that reverting to a previous firmware version will lose all of your defined static lease hostnames.

Things that needs particular testing and feedback:

• OpenVPN server IPv6 support. I was only able to do limited testing using an HE tunnel.

Please keep posts in this thread on this specific release.

Downloads are here.
Changelog is here.

 

[RMerlin]

Known issues:

• DDNS update issues if IPv6 is enabled (patches from upstream in test with beta 2)
• Adaptive QoS non functional on RT-AC88U (fixed in beta 2)
• "et" userspace tool missing on RT-AC68U, causing various issues such as non-working stealth mode (fixed in beta 2)
• Non-working IPv6 when Parental Control is enabled (missing filter table chain, fixed in beta 3)

 

[Jack Yaz]

386.4 uses the new DHCP hostname implementation from Asus (your entries will automatically be converted to the new format on first boot). This means however that reverting to a previous firmware version will lose all of your defined static lease hostnames.

Please can you point me in the right direction to see the change in format? I'll need to update YazDHCP to handle it

 

[RMerlin]

Please can you point me in the right direction to see the change in format? I'll need to update YazDHCP to handle it

if ((vstrsep(b, ">", &mac, &ip, &dns, &hostname) < 2))

So basically just that hostname was added at the end of the dhcp_staticlist entries as a fourth argument.

There is no more dhcp_hostnames with 386.4.

You might need to handle cases both with 2, 3 or 4 parameters (as only mac and ip are required).

 

[Jack Yaz]

if ((vstrsep(b, ">", &mac, &ip, &dns, &hostname) < 2))

So basically just that hostname was added at the end of the dhcp_staticlist entries as a fourth argument.

There is no more dhcp_hostnames with 386.4.

You might need to handle cases both with 2, 3 or 4 parameters (as only mac and ip are required).

Thanks! I only need to handle it in the export/import from firmware default, I think, as after that stage the data is stored in a csv with the WebUI page modified to parse it

 

[maghuro]

I keep having the same error with those new version (alpha and beta)

Dec 16 22:18:39 custom_script: Running /jffs/scripts/service-event (args: start ddns)
Dec 16 22:18:39 start_ddns: eth0 has not yet obtained an ipv6 address
Dec 16 22:18:39 custom_script: Running /jffs/scripts/service-event-end (args: start ddns)

Solution - I've add this line to service-event file

[ "$2" = "ddns" ] && sh /jffs/scripts/ddns-start

 

[RMerlin]

I keep having the same error with those new version (alpha and beta)


Solution - I've add this line to service-event file


View attachment 37835View attachment 37836

Do you have IPv6 enabled?

 

[underdose]

Dirty upgrade from alpha 2, no errors in the logs and everything works as intended.

 

[maghuro]

Do you have IPv6 enabled?

Yes. I've always had, even before alpha/betas
And ipv6 is working perfectly well as always. Native

 

[gerardr]

Thanks for resolving the /opt issues in alpha3. However, I am still experiencing the condition where the Network Map briefly shows a working internet connection, but then switches to 'Disconnected', and the wan link LED always shows red, instead of the previous white (up through 386_4.alpha2). I did a dirty upgrade from 386_4.alpha3 to 386_4.beta1 on an RT-AX3000 (RT-AX58U firmware). I use DNS-over-TLS, and am in a situation where my router is behind an ISP's router on an IPv4-only network (i.e. the ISP does not support IPv6). So, my WAN address is in the subnet 192.168.1.0/24. I do not have WAN monitoring enabled (neither DNS or Ping).

 

[banger]

So far so good on 2x RT-AC68U in mesh. DDNS is behaving itself which it isnt in the latest Asus firmware.

 

[Tech9]

Loads and runs on AC86U and AC68U. Nothing scary in logs. DDNS to No-IP is working. I don't use IPv6, can't test anything related.

Thank you!

 

[fegomanet]

• Adds support for the RT-AX86S (uses the same firmware as the RT-AX86U).

This release support RT-AX58U v2?

 

[CaptnDanLKW]

I will take the plunge tomorrow but is there any feedback with improvements with AI Mesh and the Guest Network #1 issues? (Log spam, and in my case Guest Network stability, followed by other unexplained issues). I'm rather desperate for a working GN1 so my distant cameras can use my remote mesh nodes.

I've been following the official RC and released forum threads, but no one seems to want to touch GN1 anymore.

 

[RMerlin]

This release support RT-AX58U v2?

No.

 

[bbunge]

AX86U - Am a bit concerned with the RAM usage climbing from 74% to 92% (and rising) in about 10 minutes. No scrips. USB2 thumb drive with 1 GB swap partition and 14 GB EXT4 partition. AiCloud, AiProtect, QOS, SMB2, DoT, DNSSEC, DoS, DNS Filter, and one port forward enabled.

RAM now at 97%. Rebooting router to see if it climbs again.

Edit: Rebooting brought the RAM back to 52-55%. Removed the thumb drive and wiped it (it failed to mount on reboot which I did twice). Formated the thumb drive with AMTM to EXT4 and set up 1 GB swap file. RAM went to 97% while making the swap file and stayed there. Rebooted and the thumb drive mounted and the swap file was mounted. Ram at 52% for the past few minutes. Re enabled the traffic history saved to the thumb drive.

 

[sentinelvdx]

It'll be sad to see it back to 0... but I can't resist to Betas

 

[Tech9]

RAM now at 97%. Rebooting router to see if it climbs again.

Better see what is using it.

 

[pkoci]

I have a problem with DDNS (Asus) status that is inactive for some reason.Dynamic WAN ipv4 won't get updated if it's changed

Related logs:
Dec 17 01:57:57 rc_service: httpd 1404:notify_rc restart_ddns_le
Dec 17 01:57:57 start_ddns: eth0 has not yet obtained an ipv6 address
Dec 17 02:00:00 rc_service: service 4463:notify_rc restart_letsencrypt
Dec 17 02:00:00 Let's_Encrypt: Err, DDNS update failed.

 

[geobernd]

Dirty update from Alpha 3 on RT-AC68P 2 hours ago - 100% ok - no issues, clean logs, stable connections, WiFi and FlexQoS