Beta Asuswrt-Merlin 388.1 Beta is available for select models

[RMerlin]

Then it restarts, and starts boot looping. All three individual features turn on when I toggle the main AIProtection.

Look at your System Log for any lines that contain "crashlog" during the reboot, and post their content.

 

[blackfireball5]

Look at your System Log for any lines that contain "crashlog" during the reboot, and post their content.

Unfortunately I cleared my log once I got things stable, so I can't look back.

But I will look for that when I have some free time to experiment.

 

[PapaBear66]

Flashed my GT-AX6000 all working fine for now. Wireguard is way faster, getting same speeds as on my PC now.
Using NordVPN and Surfshark VPN,

Thank you

 

[Slawek P]

Truly amazing release. Seemingless dirty upgrade from last alpha to beta. Thanks a lot Merlin!
Question for dummies: how can I check if this NAT acceleration is on or off? Started playing with wireguard vpn, but if I read below correctly on 1Gbs connection this will slow down everything not just vpn..

WireGuard
The biggest user-facing change is the introduction of WireGuard support as an alternative VPN protocol. This implementation is developped by Asus, the only changes made were to integrate it with VPN Director (which is Asuswrt-Merlin's alternative to VPN Fusion), and to integrate it into the web interface (as we don't use Asus' VPN Fusion management interface). Note that while supported, I don't intend to make any major changes to the WireGuard implementation, as my development focus will remain with OpenVPN. One important limitation to note is that WireGuard requires NAT acceleration to be disabled, which greatly reduces its usefulness on a router, as if you have a fast enough WAN connection to truly benefit from WireGuard performance, that performance ceiling will most likely cap at around 300-350 Mbps due to the lack of NAT acceleration for your router's traffic.

Edit:
Perhaps one of those, but they both show enabled.

 

[skeal]

I ran into an issue with DNS again. Torguard seems to have no idea why this is happening to me. That doesn't mean they are not part of the problem though, at this point. I'll present this to you people for a look. This morning I checked Wireguard's status. It was running so I did some tests on the Torgaurd site. I did a "what's my IP" and a DNS leak test as well as WebRTC test. See results below. The DNS test shows Cloudflare. Cloudflare is my DNS-over-TLS choice. As you can see I have two Torguard DNS servers configured into the client (see config below). Torguard and I are unable to figure out why the DNS fails or is diverted to the Routers DNS, with a failover of theirs in the config of the Wireguard client. Any ideas people? @RMerlin ?

UPDATE: Torguard says its the router over riding the Wireguard DNS selection, it could be the client itself or the DNS Director possibly.
UPDATE 2: I added a DNS Director rule last night before I checked this, this morning. The DNS Director rule was to force one of the Wireguard attached devices to use the DNS-over-TLS DNS (Cloudflare) configured on the router. Maybe the Wireguard client needs to be restarted as part of the applying of this new rule. Restarting the client straightened out the DNS problem.
UPDATE 3: I can replicate this issue by using DNS Director to use the router as DNS for any one of the devices routed through the Wireguard tunnel. When you apply the setting, somehow it makes Wireguard use the router as DNS instead of the preconfigured DNS in the client itself, in my case causing a DNS leak. Again a Wireguard client disable and re-enable works to resolve the issue.

 

[snah001]

Truly amazing release. Seemingless dirty upgrade from last alpha to beta. Thanks a lot Merlin!
Question for dummies: how can I check if this NAT acceleration is on or off? Started playing with wireguard vpn, but if I read below correctly on 1Gbs connection this will slow down everything not just vpn..


Edit:
Perhaps one of those, but they both show enabled.
View attachment 45256

Strange, on my AX88U I get runner enabled but flow cache disabled.
Also when I set in the Wireguard configuration NAT to off I get no internet connection.
So this means that I need NAT active although Merlin wrote NAT must be switched off???

 

[octopus]

I ran into an issue with DNS again. Torguard seems to have no idea why this is happening to me. That doesn't mean they are not part of the problem though, at this point. I'll present this to you people for a look. This morning I checked Wireguard's status. It was running so I did some tests on the Torgaurd site. I did a "what's my IP" and a DNS leak test as well as WebRTC test. See results below. The DNS test shows Cloudflare. Cloudflare is my DNS-over-TLS choice. As you can see I have two Torguard DNS servers configured into the client (see config below). Torguard and I are unable to figure out why the DNS fails or is diverted to the Routers DNS, with a failover of theirs in the config of the Wireguard client. Any ideas people? @RMerlin ?

Run (eibgrad) dns check script and se what happens.

 

[skeal]

Run (ebigrads) dns check script and se what happens.

Just googled it and no results, did you spell it wrong?

 

[octopus]

Just googled it and no results, did you spell it wrong?

merlin-dns-monitor.sh - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

 

[skeal]

merlin-dns-monitor.sh - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Thanks but I don't need it. I suspected there was DNS problem a few days ago, so I've been following it closely.

 

[ajp2k14]

I ran into an issue with DNS again. Torguard seems to have no idea why this is happening to me. That doesn't mean they are not part of the problem though, at this point. I'll present this to you people for a look. This morning I checked Wireguard's status. It was running so I did some tests on the Torgaurd site. I did a "what's my IP" and a DNS leak test as well as WebRTC test. See results below. The DNS test shows Cloudflare. Cloudflare is my DNS-over-TLS choice. As you can see I have two Torguard DNS servers configured into the client (see config below). Torguard and I are unable to figure out why the DNS fails or is diverted to the Routers DNS, with a failover of theirs in the config of the Wireguard client. Any ideas people? @RMerlin ?

UPDATE: Torguard says its the router over riding the Wireguard DNS selection, it could be the client itself or the DNS Director possibly.
UPDATE 2: I added a DNS Director rule last night before I checked this, this morning. The DNS Director rule was to force one of the Wireguard attached devices to use the DNS-over-TLS DNS (Cloudflare) configured on the router. Maybe the Wireguard client needs to be restarted as part of the applying of this new rule. Restarting the client straightened out the DNS problem.

I don't know if this is the same problem but I ran into dns problems after upgrading to 388.1b. I had DoT configured on the router for ControlD and after the upgrade dns resolution failed almost completely. If I changed to Cloudflare or Quad9 it worked again. Not sure what happed, had to make a workaround using AdguardHome so the family could access the net again so I didn't have much time to troubleshoot but I think I saw signs of dnssec causing problems and SERVFAIL, not sure though.

 

[bbunge]

I don't know if this is the same problem but I ran into dns problems after upgrading to 388.1b. I had DoT configured on the router for ControlD and after the upgrade dns resolution failed almost completely. If I changed to Cloudflare or Quad9 it worked again. Not sure what happed, had to make a workaround using AdguardHome so the family could access the net again so I didn't have much time to troubleshoot but I think I saw signs of dnssec causing problems and SERVFAIL, not sure though.

I too had some DNS failures with DNSSEC enabled yesterday. Initially I had enabled DNSSEC in Stubby, which I noticed is a new version, and then with the default Dnsmasq DNSSEC. Am running DoT to Quad9. Will try again later today.
Otherwise all is great! Loaded Diversion via AMTM.

 

[ajp2k14]

I too had some DNS failures with DNSSEC enabled yesterday. Initially I had enabled DNSSEC in Stubby, which I noticed is a new version, and then with the default Dnsmasq DNSSEC. Am running DoT to Quad9. Will try again later today.
Otherwise all is great! Loaded Diversion via AMTM.

The strange thing is, I don't have local dnssec validation enabled anywhere and it only happens with ControlD DoT-servers. At least CF and Quad9 works...

It would be great if someone could try their free DoT servers and see if it works for them (I use their paid version).

For example: 76.76.2.2, p2.freedns.controld.com

 

[skeal]

I don't know if this is the same problem but I ran into dns problems after upgrading to 388.1b. I had DoT configured on the router for ControlD and after the upgrade dns resolution failed almost completely. If I changed to Cloudflare or Quad9 it worked again. Not sure what happed, had to make a workaround using AdguardHome so the family could access the net again so I didn't have much time to troubleshoot but I think I saw signs of dnssec causing problems and SERVFAIL, not sure though.

I don't think this is the same problem as I'm having.

 

[bits]

My Samsung s20fe running Android 12 now has an issue connecting to my rt-ax86u if Android private dns setting is set to 1dot1dot1dot1.cloudflare-dns.com

I get a notification that the WiFi has no internet and private dns cannot be accessed.
Android refuses to flow any data to the WiFi even for IP addresses and instead pushes everything to mobile network. Perhaps it is considered an unsafe network because Private Dns was blocked?
Setting androids private dns to off allows the device to connect to wifi/internet.

I do use DoT on the router and use Dns director to redirect clients to the router.

This issue did not exist on 386.7_2

 

[bits]

I do use DoT on the router and use Dns director to redirect clients to the router.

Setting dns director global redirection to no redirection instead of router makes my Android device happy.

 

[Jaime Alvarez]

Dirty upgrade to 388.1_beta1 from 386.7_2 on my AX86U.

First beta version I've ever installed. Everything seems normal so far.

 

[dlandiss]

it can reach 500-650 mbit/s on a 900 mbit/s line

Hoping that is Mbps.

 

[heysoundude]

Congratulations on this major step for supporting 388!

Unfortunately, I can’t run it on my AC86U. Luckily, I‘m not really interested in WireGuard (it would slow down my 1 Gbps symmetric connection a lot - though I don’t know whether I’d actually notice that…)

However, if it turns out no 388 for AC means no security updates (or getting them much later) I might upgrade to AX anyway (I have no urge/need right now).

What Asuswrt-Merlin capable model does the community suggest?

AX86S, AX86U, AX86U Pro (not yet available where I live), AX6000, something else?

(I might act on a good Black Friday deal later this month)

I've ONE non-WiFi6 capable client that the user will part with when I can pry it "from her cold dead hands," otherwise all of the others (surprisingly) have been ready for almost 2y, so I guess It's time to upgrade the AC86 to one of the Merlin-supported AX series...
must do homework and prepare for Black Friday...but I think it'll be the AX86u (@XIII the 'u' has double the RAM of the 's' version, and a quad core processor vs dual core...and 4 extra ETH ports on the AX88 can be had for less than the price premium over the AX86; AX88 also doesn't have a 2.5GHz port)...eventhough the AX86s will probably still be overkill for my home network.
(when are they gonna make the radios replacable??)

 

[GaselK]

AX 68U. Client list remains empty. Bandwidth Monitor shows the spinning circle and nothing else.