[Beta] Asuswrt-Merlin 380.66 Beta is now available

[Nairda]

Hi, I registered to report a bug with the latest beta 380-66 Beta 4 on ASUS AC68U.

Using Policy Rules with a rule 192.168.1.0/24 and Iface VPN, everything is fine. As soon as that is switched to Policy Rules (strict), the router hangs. Progress is frozen at "Complete" and the router cannot be accessed by its IP address from a web browser. I did not try any alternate methods. I did note that the wifi networks were still up after a power reset.

I had to reset the router using the Reset button to factory (?) state and reconfigure everything.

This happened twice. Second time is as described.

I have exactly the same experience. My policy rules are simple
192.168.1.0/24 0.0.0.0 VPN
and a few of the form
192.168.1.x 0.0.0.0 WAN

This is reproducible

 

[RMerlin]

Beta 5 has been formally uploaded to the Beta folders. List of changes since Beta 4:

ca1347a openvpn: Also copy LAN routes to the ovpn client table when in strict mode
fccc157 Updated documentation
d985708 network: disable bridge multicast_snooping by default, as this can interfere with various functionalities.  Added Tweak setting to allow users to re-enable it, just in case.
9cfc6ea Bumped revision to beta 5
e35915f webui: Fix syntax error on OpenVPN Client page; better report issues on ovpn file import
2f48b2c webui: make cipher and digest checks non case-sensitive on OpenVPN client, to handle ovpn import with casing different from our list of supported algorithms
62c2493 openvpn: implement importing of reneg-sec parameter from ovpn file
cfc4d9a openvpn: fix syntax error in updown.sh related to the check for Internet redirection mode

This build fixes Policy Rules (strict) mode by ensuring that LAN routes are copied to the client's routing table (so people won't lock themselves out of their router by routing the entire subnet).

known issue: The option to re-enable multicast_snooping doesn't work in this build. This will be fixed for the final release.

 

[RMerlin]

I expect this beta to be the last one, so please give the following another good round of testing:

• UPNP (multiple consoles, DLNA streaming)
• OpenVPN Policy Rules (strict mode)
• Importing a tunnel provider's ovpn file (test the new improvements to the procedure)

 

[Shonk]

I expect this beta to be the last one, so please give the following another good round of testing:

• UPNP (multiple consoles, DLNA streaming)
• OpenVPN Policy Rules (strict mode)
• Importing a tunnel provider's ovpn file (test the new improvements to the procedure)

upnp is spot on for me

the following isnt compiled in the firmware so my i cant be 100% its fine for everyone

PRINTER=n
WEBDAV=n
JFFS2LOG=n
MDNS=n
BWDPI=n
EMAIL=n (Need to remove if BWDPI is disabled)
WTFAST=n
NANO=n

 

[Gregory Phillips]

I flashed to the beta5, however I don't use those advanced features so I'm of no help there.

 

[Vexira]

upnp is good on my end, still trouble shooting the gta v issue seems the ports there but social club reports moderate, the main this is that every thing else works upnp wise on my end. Im not sure if port trigger is working or im doing it wrong, i waish there was a way to allow port triggering to open a range of ports rather than just one, might help with gta v. Though i think beta 5 may have made upnp more resposive for some reason that eludes me.

 

[Gregory Phillips]

I'm seeing a minor issue on the system log - IPv6 tab as it is not showing clients even if you hit the refresh button. The router is handing out addressees to clients just fine so IDK.

Edit: I resest my Ethernet adaptor and my pc showed up on the client page.

 

[JohnNerd]

UPNP working flawlessly on 87U and 66U.
The WPS automaticly goes back on after every single reboot on the 87U 5 gHz. I don't know why Asus hasn't fixed this issue as of yet? Merlin, do you have some influence in the matter? Thanks! You rock as always!!!

 

[eclp]

The WPS (5 GHz) problem I can at my RT AC87U confirmed.

 

[Nairda]

I expect this beta to be the last one, so please give the following another good round of testing:

• OpenVPN Policy Rules (strict mode)

That one is fixed for me. Thanks.

 

[jack901]

I have wps off and it has stayed off on reboots and fw upgrades so far on a ac56.

UPNP working flawlessly on 87U and 66U.
The WPS automaticly goes back on after every single reboot on the 87U 5 gHz. I don't know why Asus hasn't fixed this issue as of yet? Merlin, do you have some influence in the matter? Thanks! You rock as always!!!

 

[Xentrk]

AC88U with OpenVPN ALL TRAFFIC working great last 24 hours. No problems. Will try to find a window to flash the router with policy rules ASAP and provide feedback as appropriate.

 

[BigMerlinFan]

Try with the Beta 5 builds found here: https://www.mediafire.com/folder/bj94sbhrh7e49/Test_Builds

Also, using 192.168.1.0/24 doesn't make much sense - might as well leave it to "All".

Hi RMerlin, I will give Beta 5 a go now. Thank you for the quick response and fix!

My intention of these rules was to have all traffic routed through the VPN with the exception of some specific devices (or possibly websites). Is this a valid approach or is there a better way to achieve this?

 

[RMerlin]

Merlin, do you have some influence in the matter?

I know they're aware of it, however I suspect it won't be fixed until the next major firmware release from them.

My intention of these rules was to have all traffic routed through the VPN with the exception of some specific devices (or possibly websites). Is this a valid approach or is there a better way to achieve this?

It's usually best to add an exception rule for your router, but now that I added a LAN rule to keep LAN traffic local, this shouldn't be necessary anymore in strict routing mode.

 

[Gregory Phillips]

I'm seeing a minor issue on the system log - IPv6 tab as it is not showing clients even if you hit the refresh button. The router is handing out addressees to clients just fine so IDK.

Edit: I resest my Ethernet adaptor and my pc showed up on the client page.

Meh I ended up having to soft reset the router leaving it unplugged for a few minutes and when it came back up it started handing out IPv6 addresses normally. I'm going to keep checking to see if it drops IPv6.

 

[win465]

My 5Ghz band for my 87u never activated for the first time ever for the router when flashing beta 5. Another reboot fixed it.

 

[WET]

I am responding to your request for feedback on DLNA performance.

Embedded miniDLNA is working the same for me. I have not had any stream interruptions in a very long time. Server broadcasting remains the same, always appears within 5 minutes, however, most times it is there immediately. For me, miniDLNA has been perfect since 380.61.

 

[tmac]

AC68U running Beta5...
UPnP with multiple console issue looks resolved. 1 XB One, 2 XB360s and 1 PS4 have open nat at the same time.

For XB One owners...
Had an issue with IPv6 after flashing Beta5 from 4 (and clearing nvram). The readiness test at www.test-ipv6.com returned 7/10 and showed that my IPv6 connection appeared to be using Teredo. Nothing showed up for WAN IPv6 Address in the System Log. I also noticed in the Port Forwarding log that 2 IP addresses were associated to my XB1 (pior IP & new IP), and description was "Teredo" for both. So I power-shutdown the XB1 and reset the router, re-activated IPv6 and ensured that it was working. Then I turned on the XB1 and checked everything again: IPv6, UPnP/Open NAT for all consoles, etc. -> all OK

To power shutdown the XB1, while on, press and hold the Xbox button on the front of the console for approximately 10 seconds.

 

[Alfsu]

I expect this beta to be the last one, so please give the following another good round of testing:

• UPNP (multiple consoles, DLNA streaming)
• OpenVPN Policy Rules (strict mode)
• Importing a tunnel provider's ovpn file (test the new improvements to the procedure)

Excellent... with beta5-gfccc157:

- There are not routing conflicts when initiating two (2) VPN clients with WAN (as with previous beta versions).
- There are not DNS's leaks on either tunnel.
- LAN resources can be accessed by devices routed through VPN with strict policy rules.
- Importing an .ovpn file with the "reneg-sec 0" parameter, is it supposed to show under "Custom Configuration"? it is not there.

 

[RMerlin]

Importing an .ovpn file with the "reneg-sec 0" parameter, is it supposed to show under "Custom Configuration"? it is not there.

"TLS Renegotiation Time" is a setting that's part of the webui. the importer didn't recognize the reneg-sec parameter, so it was ending up in the custom field. Now that this parameter is recognized, its value will get properly applied to the TLS Renegotiation Time setting, as it should.