Release Asuswrt-Merlin 388.1 is now available for all supported Wifi 6 models

[HRJ]

How do I get rid of these notifications? I have not set up a PPTP VPN (server/client).

Dec 6 12:13:38 pptp[7317]: Could not open control connection to 192.168.1.50
Dec 6 12:13:38 pptp[10772]: Call manager exited with error 1
Dec 6 12:13:48 pptp[7341]: connect: Connection refused
Dec 6 12:13:48 pptp[7341]: Could not open control connection to 192.168.1.50
Dec 6 12:13:48 pptp[10772]: Call manager exited with error 1

ip nr is my nas

 

[bits]

Redirecting encrypted DNS queries is technically not possible. It's one of the features of DoT - to prevent DNS server redirection.

If you redirect to a DNS server that is known to support DoT, then it will work.

For me I had the Asus set to redirect any unencrypted DNS queries to DoT.
The unencrypted DNS queries are all I wanted DNS redirection to interact with.
The already encrypted DNS queries are fine or atleast unalterable.

Since the 388 builds you block without option all DoT from the devices which I had no desire to do.
These devices do not fall back to unencrypted DNS they just fail completely.

I had no interest in blocking devices using DoT.

I am not redirecting DNS to control the DNS server of all devices, I want to redirect DNS so that all devices DNS queries are not eavesdropped directly upstream from me.
I redirected to attempt to catch unencrypted DNS queries and encrypt them.
This catches devices or software where the DNS server is predefined and can not be altered. Eg work supplied devices and some IoT devices.
Or devices where static servers like 8.8.8.8 have been set and altering that is non trivial.

I really believe the DoT block should be exposed as an option.
It could default on if you believe more users use DNS redirect for control of all DNS queries a device may make.

 

[skeal]

This catches devices or software where the DNS server is predefined and can not be altered. Eg work supplied devices and some IoT devices.
Or devices where static servers like 8.8.8.8 have been set and altering that is non trivial.

This can be done by setting DNS Director to Router, it will force the DoT server you have specified. You can add devices to the list below that, to define if no redirection is called for. For instance I have a FireStick that is hard coded to use 8.8.8.8. I would prefer it to use my DoT DNS, so the DNS Director global setting "Router" catches this, however, I have a TV streaming service from my local ISP that requires the ISP's native DNS. I add the devices and choose no redirection, it then uses the DNS servers I set in WAN>DNS>Default status : Get the DNS IP from your ISP automatically. I also use DNS Director to manipulate other DNS requirements. So I don't follow your problem maybe. Have I described this well enough with examples?

 

[ColinTaylor]

How do I get rid of these notifications? I have not set up a PPTP VPN (server/client).

Dec 6 12:13:38 pptp[7317]: Could not open control connection to 192.168.1.50
Dec 6 12:13:38 pptp[10772]: Call manager exited with error 1
Dec 6 12:13:48 pptp[7341]: connect: Connection refused
Dec 6 12:13:48 pptp[7341]: Could not open control connection to 192.168.1.50
Dec 6 12:13:48 pptp[10772]: Call manager exited with error 1

ip nr is my nas

What router model?

 

[HRJ]

RT-AX88U

Dive into it a little further. It seems that after I deleted vpn profile this profile is still somewhere in memory. Router is trying to connect.

 

[Caesar the Dictator]

This can be done by setting DNS Director to Router, it will force the DoT server you have specified. You can add devices to the list below that, to define if no redirection is called for. For instance I have a FireStick that is hard coded to use 8.8.8.8. I would prefer it to use my DoT DNS, so the DNS Director global setting "Router" catches this, however, I have a TV streaming service from my local ISP that requires the ISP's native DNS. I add the devices and choose no redirection, it then uses the DNS servers I set in WAN>DNS>Default status : Get the DNS IP from your ISP automatically. I also use DNS Director to manipulate other DNS requirements. So I don't follow your problem maybe. Have I described this well enough with examples?

Let me tell you a story why it might be more reasonable to add an option to DNS Director that does not block port 853:

My Aunt Jane comes to visit our family every week. About a year ago, I set the Private DNS of Jane's Samsung Galaxy phone to family.adguard-dns.com so that she could surf the web in a relatively safe and ad-free way using the same DNS server when she was using her router at home, when she was out and about, and when she came to our house and connected to our router, and she was quite happy. But when she came to our house last Sunday, she couldn't access the internet because the "Global Redirecion: Router" setting in DNS Director was blocking port 853. I turned it off so that my aunt could access the internet, but this time her Galaxy phone started DNS leaking to 8.8.8.8 via Do53. To prevent DNS leakage, I will either temporarily turn off the Private DNS setting on my aunt's phone every time she comes over, or I will install an app on her phone and configure it to use the DoH server.

 

[bits]

This can be done by setting DNS Director to Router, it will force the DoT server you have specified.

But that is the problem. If you set DNS Director to Router it will block all devices using DoT.
That block is new behaviour in 388.1

To catch that FireSticks unencrypted query to 8.8.8.8 we set DNS Director to Router.
But then Android devices with DoT become incompatible with the router because the router will block DoT.

I can't catch unencrypted DNS queries while also allowing encrypted DNS queries.

I want all the DNS encrypted so my landlord that supplies the buildings internet connection can't track my devices via simply watching DNS queries.
I want DNS Director purely for its ability to alter unencrypted DNS and not at all to block devices on my network that were already successfully encrypting their DNS.


DNS Director is a privacy feature for some. While I understand it is a user control feature for others.
The privacy feature has become broken in 388.1 while stengthening the control feature.

DNS Director has use cases for protecting from upstream threats.
DNS Director has use cases for control of downstream users.
I want a tick box for if DoT is blocked so the first one of those works as expected.

 

[ice69ca]

Just wanted to let people know of a small issue I found on my AX6000. In the DHCP settings, the end IP of my range was changed and no longer matched the range definition. This prevented devices from being able to connect. Also, manual IP setting was toggled off whereas it was on and being used with previous version.

Once I aligned those 2 things, all seems good with this new version! Thanks

 

[RMerlin]

May be worth including a note in the Change Log that AiMesh Nodes must run on Asus stock firmware for this model router.

No, because it's not a definitive constant. I have successfully tested a pair of nodes both running Asuswrt-Merlin in early 388.1 development. So, this is entirely device-specific.

 

[prosperot]

Can Merlin's 388.1 on my AX88U run with two AX58 nodes that are on 386 stock (there seems to be no stock 388 for AX58)?

 

[bluzfanmr1]

Exact same thing happened to me using Quad9 DoT on my AX6000 after upgrading to 388.1
The issue only happens after a router reboot - no clients have DNS to access any websites but router itself can access internet for firmware upgrade check, DDNS client etc

I have had to disable DoT as a temporary measure until I can pinpoint the issue

View attachment 46041

I’m seeing that behavior as well though I didn’t say it in my post. I didn’t want to disable DoT so I went back to 386.7_2 for now. I tried everything I could think of to troubleshoot this but no luck.

 

[skeal]

Can Merlin's 388.1 on my AX88U run with two AX58 nodes that are on 386 stock (there seems to be no stock 388 for AX58)?

Pretty sure it will. It will also work with the latest merlin firmware.

 

[bluepoint]

But that is the problem. If you set DNS Director to Router it will block all devices using DoT.
That block is new behaviour in 388.1

What do you mean by this statement? DNS Director to router is supposed to control "all" DNS queries from all LAN clients, do not set your clients DNS server manually let it get DNS server automatically.

 

[kernol]

No, because it's not a definitive constant. I have successfully tested a pair of nodes both running Asuswrt-Merlin in early 388.1 development. So, this is entirely device-specific.

Thanks for reply - but I have not seen anyone confirm that an RT-AX86U can be successfully used as AiMesh Node on Merlinware without that webui message stating that it is not connected [but in fact may well be]. For me, this problem only showed up in 388 code - through the Alpha's and Beta's to the Final Release. No amount of resets of the Node has fixed for me while the Node is on your 388 code. As soon as I drop Asus Stock onto the Node - it's A for away - green connection and it sticks.

Other router models as Nodes have not reported this issue AFAIK - which is why my suggestion stands for a Change Log entry relative to the AX86U only. Without it folk [especially noobs] will keep flagging the same "bug" over which you have no control since it is all closed source. I accept that even with it in the Change Log - owners on AXC86U's will possibly still bleat the same issue - but it may at least stop some.

 

[Mutzli]

No, because it's not a definitive constant. I have successfully tested a pair of nodes both running Asuswrt-Merlin in early 388.1 development. So, this is entirely device-specific.

I can confirm this. I had some node connection issues before with the alpha release. But a fresh setup of my nodes with an update to 388.1 later worked. Now my router and nodes are all on 388.1.

 

[capncybo]

I can confirm this. I had some node connection issues before with the alpha release. But a fresh setup of my nodes with an update to 388.1 later worked. Now my router and nodes are all on 388.1.

Yet, your signature seems to say that you are NOT using a single RT-AX86U, nor at least one as a Node ???
(EDIT: to clarify... I think @kernol was talking specifically about the RT-AX86U)

 

[skeal]

owners on AXC86U's will possibly still bleat the same issue - but it may at least stop some.

Putting it in the change log is only part of it. It should also be included in @RMerlin first post of this thread.

 

[tarzan2000]

Hi all!
Bundle AX86 + AX86S
On 388.1 The WEB interface shows that there is no cable connection, although everything works fine.
At the same time, everything looks OK in the WEB interface on Firmware version 3.0.0.4.388.21709.

Spoiler

 

[gerardr]

65+ uneventful hours on 388.1 release after dirty upgrade from Beta4 for RT-AX3000.

 

[skeal]

Hi all!
Bundle AX86 + AX86S
On 388.1 The WEB interface shows that there is no cable connection, although everything works fine.
At the same time, everything looks OK in the WEB interface on Firmware version 3.0.0.4.388.21709.

Spoiler

View attachment 46066View attachment 46067

Put stock Asus firmware on your node for now. It's a work around for this problem.