[Beta] Asuswrt-merlin 380.68 Beta is now available

[RMerlin]

Asuswrt-Merlin 380.68 Beta is now available for all supported models. The focus for this release was some code cleanups (not visible to end-users), webui improvements (including various backports from GPL 382) and bug fixing. The highlights:

• Backported Network Map's Ethernet port status from GPL 382
• Merged RT-N66U binary blobs from GPL 380_7743 (so all models are now based on GPL 7743 binary files).
• Added missing hash types to ipset_arm
  
• Backported the menuTree API from GPL 382. This new module takes care of generating the menu and tabs using objects rather than a messy set of arrays with exception handling. There should be no real visible difference to end-users, however developers who modify the webui will need to adjust to the new system (which should make it much easier now to add your own tabs to the existing menus).
• Description field added to the OpenVPN Client page, used on the VPN Status page.
• New webui menu icons backported from GPL 382
• Re-organized VPN pages (more in-line with stock firmware, some pages merged together)
• Reworked VPNStatus page (auto-refresh, report OpenVPN client local and public IP)
• Reworked SSL management interface, backported the cert upload support from GPL 382.
• Reworked Sysinfo page, made most dynamic data auto-refresh itself, redesigned port status using the new TableAPI from Asus's GPL 382.
• Reworked DHCP Lease log page, based on new Table API from GPL 382, with sortable columns
• Reworked System Log page. Backported form GPL 382 (now auto-refresh itself), moved remote syslog settings to it, and added option to configure the remote server's port.
• Updated Curl to 7.54.1.
• NTP client will no longer alternate between ntp0 (on webui) and ntp1 (hardcoded in nvram) servers. The webui server will always be used, except if that setting is empty.
• Re-designed the way the Tor database backup is handled. It will always backup the database at exit time, and databases older than 7 days will be deleted. This will also fix Tor failing to start if a backed up database had the wrong user permissions.
• FTP Server will now automatically configure and use a small set of ports to passive FTP (fixing TLS support over WAN, where the NAT helper couldn't work).
• Fixed port forward/UPnP issues with NAT acceleration enabled and specific NAT loopback modes.
• Fixed URL filtering over IPv4
• Fixed a few OpenVPN webui issues (progress going to 200%, connected users not highlighting with two or more clients)
• Fixed CVE-2017-11344, CVE-2017-11345 and CVE-2017-11420 security issues in networkmap
• Fixed SMB issues when SMB2 is enabled under certain configurations
• Fixed random invalid SSL cert generation

IMPORTANT:: Due to the large amount of webui changes (especially CSS), you might need to either flush your browser cache, or do a shift-reload the first time you log in after updating to 380.68.

Please keep discussions in this thread to this specific beta release. Things in need of special testing attention:

• FTP TLS mode (WAN access)
• webui SSL upload/management
• All the changed webui pages: Sysinfo, VPNStatus, System Log, DHCP Lease Log
• Samba sharing (especially SMB2 mode)

Please read the Changelog for more details on other changes in this release.

Downloads are here.
Changelog is here.

 

[RMerlin]

Known issues:

• 5 GHz-2 channel shown as "undefined" on Wireless-> General and on wifi popup if 5 GHz-1 is disabled. (old issue also present in Asus's code, fixed).
• Notification popup about not having a public IP when double NATed (not a bug, however this is annoying so notification was disabled)

 

[eclp]

Everything works fine. Thanks Merlin.

Just annoying message: "The WAN-IP is not the external IP External IP Based services will not work"
(The message should turn off, my modem does not have a bridge mode unfortunately.)

 

[bobiii]

Working great on my RT5300 with 55 clients. IPV6 also working great!

 

[Theliel]

Seem work fine.

-I like auto-refresh log and new gui in general
-Cert loader work fine. The only "issue" is if you use SANs certs (don't happen if you dont use SANs), you need to specify IP too (not only DNS hosts) on SANs, regardless CommonName already specify. Otherwise it does not use certificate
-Interesting, since Chrome 58, SAN is mandatorily to validate the host cert, CommonName is not used now
-FTP TLS work fine, don´t support EC key, but work fine.
-SMB 2.0.2 are fine, maybe a little slower than SMB1, but was expected

 

[Logi]

Working fine on my RT5300, thanks a lot

 

[SwampKracker]

Is this a new record for sheer quantity of changes for a minor release?

Great job as always, Merlin. Everything is working just fine.

 

[Zirescu]

Locks up Safari on the MacBook on the Network Map page on the RT-N66U after you leave the Network Map page and then come back to it. Console output below.

[Error] Failed to load resource: The request timed out. (ajax_ethernet_ports.asp, line 0)
[Error] ReferenceError: Can't find variable: get_wan_lan_status
    ajax (jquery.js:5:13759)
    get_ethernet_ports (router_status.asp:338)
    initial (router_status.asp:136)
    onload (router_status.asp:387)
[Error] XMLHttpRequest cannot load https://rt-n66u:8443/update_networkmapd.asp?_=1502683479839 due to access control checks.
    send (jquery.js:5:18244)
    ajax (jquery.js:5:13727)
    updateClientsCount (index.asp:1741)
    Global Code (Script Element 1:1)
[Error] XMLHttpRequest cannot load https://rt-n66u:8443/ajax_status.xml?hash=0.735785083661068 due to access control checks.
    start (makeRequest.js:28)
    (anonymous function) (state.js:2051)
    execCb (require.min.js:33:317)
    check (require.min.js:22:430)
    enable (require.min.js:27:244)
    init (require.min.js:21)
    (anonymous function) (require.min.js:30:374)

 

[netmik3]

Excellent thank you

 

[FeRReTTi]

Hello,

I've been using this firmware for a few months (Had it on the router the first day I bought it!) And I just upgraded to the newest beta (Like I always do) and noticed that the GUI looks different. I've uploaded a picture of what looks "different". And in the row on the top left I have an exclamation point in the first slot for the WAN IP image and it says "The WAN IP is not the external IP. External IP-based services will not work." which was not there before I upgraded firmwares. I saw another user with the same router as me (AC5300) posted that everything was working fine for him, but it isn't for me, so I'm wondering how that can be? Anyway, I'm going to upload the firmware to it again and cross my fingers and hope it was a bad flash! I will edit this post with the updated information.

 

[netmik3]

Hello,

I've been using this firmware for a few months (Had it on the router the first day I bought it!) And I just upgraded to the newest beta (Like I always do) and noticed that the GUI looks different. I've uploaded a picture of what looks "different". And in the row on the top left I have an exclamation point in the first slot for the WAN IP image and it says "The WAN IP is not the external IP. External IP-based services will not work." which was not there before I upgraded firmwares. I saw another user with the same router as me (AC5300) posted that everything was working fine for him, but it isn't for me, so I'm wondering how that can be? Anyway, I'm going to upload the firmware to it again and cross my fingers and hope it was a bad flash! I will edit this post with the updated information.

Push ctrl-f5

 

[FeRReTTi]

Push ctrl-f5

Okay. I just tried re-uploading an older firmware and the problem went away. So I know it has something to do with the new firmware. I will try that now. I am currently uploading the beta firmware back.

EDIT: IT WORKED! Thank you sir! What exactly did that do? Seems like such a simple solution for what could have easily looked like a complicated issue!

And thank you RMerlin for yet another solid release!

EDIT 2: I just did a little research and learned that CTRL+F5 "...forces a cache refresh, and will guarantee that if the content is changed, you will get the new content." which 100% makes sense since the changelog mentioned" Due to the large amount of webui changes (especially CSS), you might need to either flush your browser cache, or do a shift-reload the first time you log in after updating to 380.68." which I probably should have read closer. Lesson learned, I should read before flashing!

 

[netmik3]

Okay. I just tried re-uploading an older firmware and the problem went away. So I know it has something to do with the new firmware. I will try that now. I am currently uploading the beta firmware back.

EDIT: IT WORKED! Thank you sir! What exactly did that do? Seems like such a simple solution for what could have easily looked like a complicated issue!

And thank you RMerlin for yet another solid release!

EDIT 2: I just did a little research and learned that CTRL+F5 "...forces a cache refresh, and will guarantee that if the content is changed, you will get the new content." which 100% makes sense since the changelog mentioned" Due to the large amount of webui changes (especially CSS), you might need to either flush your browser cache, or do a shift-reload the first time you log in after updating to 380.68." which I probably should have read closer. Lesson learned, I should read before flashing!

It clears the cache

IMPORTANT:: Due to the large amount of webui changes (especially CSS), you might need to either flush your browser cache, or do a shift-reload the first time you log in after updating to 380.68.

 

[FeRReTTi]

It clears the cache

IMPORTANT:: Due to the large amount of webui changes (especially CSS), you might need to either flush your browser cache, or do a shift-reload the first time you log in after updating to 380.68.

Yup exactly! Need to read before flashing!

EDIT: I am still getting the "The WAN IP is not the external IP. External IP-based services will not work." error though. It doesn't seem to be having any effect on anything other than being an annoying flashing exclamation point, but I'd like to fix it. Any ideas?

 

[eclp]

@FeRReTTi ... Yes... you put your modem in Bridge mode.

The question is only, like when my modem so, if that is not possible.

 

[thelonelycoder]

@FeRReTTi ... Yes... you put your modem in Bridge mode.

The question is only, like when my modem so, if that is not possible.

I have that exclamation mark too, on my testrouters behind the main router.
I'm sure there is a nvram setting to turn it off. I'll post it when I've found it how to turn the blinking off.

 

[thelonelycoder]

Just annoying message: "The WAN-IP is not the external IP External IP Based services will not work"
(The message should turn off, my modem does not have a bridge mode unfortunately.)

This feature has been added in 380.68_alpha, at least this is when I noticed it.
The former NVRAM settings were:
wan0_realip_ip=
wan0_realip_state=0

Now, this is set to the real WAN IP, even if no services depend upon.
For my router behind the main router, these are set to 77.58.xxx.xxx which is my main routers WAN IP:
wan0_realip_ip=77.58.xxx.xxx
wan0_realip_state=2

Now for the fun part.
Add this to the /jffs/scripts/wan-start:

sleep 5
nvram set wan0_realip_ip=
nvram set wan0_realip_state=0

Should you have dual WAN enabled, add these two as well:

nvram set wan1_realip_ip=
nvram set wan1_realip_state=0

These settings are revisited every time the WAN service restarts, so the have to be in that file or else the exclamation returns when wan service restarts.
WARNING: I have not found any negative effects overwriting these NVRAM settings, but others may experience it.

 

[eclp]

Thank you very much ... @thelonelycoder!

 

[FeRReTTi]

This feature has been added in 380.68_alpha, at least this is when I noticed it.
The former NVRAM settings were:
wan0_realip_ip=
wan0_realip_state=0

Now, this is set to the real WAN IP, even if no services depend upon.
For my router behind the main router, these are set to 77.58.xxx.xxx which is my main routers WAN IP:
wan0_realip_ip=77.58.xxx.xxx
wan0_realip_state=2

Now for the fun part.
Add this to the /jffs/scripts/wan-start:

sleep 5
nvram set wan0_realip_ip=
nvram set wan0_realip_state=0

Should you have dual WAN enabled, add these two as well:

nvram set wan1_realip_ip=
nvram set wan1_realip_state=0

These settings are revisited every time the WAN service restarts, so the have to be in that file or else the exclamation returns when wan service restarts.
WARNING: I have not found any negative effects overwriting these NVRAM settings, but others may experience it.

I will be trying this when I get home from work tonight! I will report back for sure, even though I'm sure it will work just fine! Thank you so much!

 

[WBV]

The attached picture is self explanatory. The popup balloon indicates erroneous values depending on if 5G-1 is disabled or not.
RT-AC5300 / 380.68 beta1