[Beta] Asuswrt-Merlin 384.11 Beta is now available

[dave14305]

Has anyone noticed that /jffs/configs/profile.add is not working?

# cat /jffs/configs/profile.add
alias freshjr="sh /jffs/scripts/FreshJR_QOS -menu"
alias freshjrqos="sh /jffs/scripts/FreshJR_QOS -menu"
alias freshjr_qos="sh /jffs/scripts/FreshJR_QOS -menu"
alias FreshJR_QOS="sh /jffs/scripts/FreshJR_QOS -menu"

# freshjr_qos
-sh: freshjr_qos: not found

I created a workaround

# ls -la /opt/bin/freshjr
-rwxr-xr-x    1 HdB34266 root            32 Apr 27 16:42 /opt/bin/freshjr

# cat /opt/bin/freshjr
/jffs/scripts/FreshJR_QOS -menu

Mine works. I assume you’ve logged out and in? Do you see those commands when you enter the alias command alone?

 

[EmeraldDeer]

Mine works. I assume you’ve logged out and in?

Oh yes, I actually had not invoked the aliases since 384.10_2. My recollection is vague, perhaps the aliases had never worked.

Do you see those commands when you enter the alias command alone?

No

# alias
mc='mc -c'
l='ls -lFA'
ll='ls -lF'

It appears that alias commands could be appended to /jffs/etc/profile or /opt/etc/profile

 

[jeff3820]

No need to, thanks. Will add them to the presets.

This is what the updated preset list looks like now:

# Layout:
# Name,IP_Address,Port,TLS_Hostname,SPKI
# Single entry = group label
# Empty lines are ignored

IPv4
CleanBrowsing 1 (security),185.228.168.9,,security-filter-dns.cleanbrowsing.org,
CleanBrowsing 2 (security),185.228.169.9,,security-filter-dns.cleanbrowsing.org,
CleanBrowsing 1 (family),185.228.168.168,,family-filter-dns.cleanbrowsing.org,
CleanBrowsing 2 (family),185.228.168.168,,family-filter-dns.cleanbrowsing.org,
CleanBrowsing 1 (adult filter),185.228.168.10,,adult-filter-dns.cleanbrowsing.org,
CleanBrowsing 2 (adult filter),185.228.169.10,,adult-filter-dns.cleanbrowsing.org,
Cloudflare 1.1.1.1,1.1.1.1,,cloudflare-dns.com,
Cloudflare 1.0.0.1,1.0.0.1,,cloudflare-dns.com,
Google 8.8.8.8,8.8.8.8,,dns.google,
Google 8.8.4.4,8.8.4.4,,dns.google,
Quad9 (secure),9.9.9.9,,dns.quad9.net,
Quad9 (insecure),9.9.9.10,,dns.quad9.net,

IPv4 (port 443)
Neutopia,89.234.186.112,443,dns.neutopia.org,wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI=
Surfnet/Sinodun 1,145.100.185.15,443,dnsovertls.sinodun.com,62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
Surfnet/Sinodun 2,145.100.185.16,443,dnsovertls1.sinodun.com,cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=

IPv6
CleanBrowsing 1 (security),2a0d:2a00:1::2,,security-filter-dns.cleanbrowsing.org,
CleanBrowsing 2 (security),2a0d:2a00:2::2,,security-filter-dns.cleanbrowsing.org,
CleanBrowsing 1 (family),2a0d:2a00:1::,,family-filter-dns.cleanbrowsing.org,
CleanBrowsing 2 (family),2a0d:2a00:2::,,family-filter-dns.cleanbrowsing.org,
CleanBrowsing 1 (adult filter),2a0d:2a00:1::1,,adult-filter-dns.cleanbrowsing.org,
CleanBrowsing 2 (adult filter),2a0d:2a00:2::1,,adult-filter-dns.cleanbrowsing.org,
Cloudflare :1111,2606:4700:4700::1111,,cloudflare-dns.com,
Cloudflare :1001,2606:4700:4700::1001,,cloudflare-dns.com,
Google :8888,2001:4860:4860::8888,,dns.google,
Google :8844,2001:4860:4860::8844,,dns.google,
Quad9 (secure),2620:fe::fe,,dns.quad9.net,
Quad9 (insecure),2620:fe::10,,dns.quad9.net,

IPv6 (port 443)
Neutopia,2a00:5884:8209::2,443,dns.neutopia.org,wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI=
Surfnet/Sinodun 1,2001:610:1:40ba:145:100:185:15,443,dnsovertls.sinodun.com,62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
Surfnet/Sinodun 2,2001:610:1:40ba:145:100:185:16,443,dnsovertls1.sinodun.com,cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=

As mentioned before, the only test servers kept on the list are for port 443, as none of the main production resolvers support port 443.

The IPv4 addresses for Quad 9 Secure IP are not correct. This is from the Quad 9 info page:

<<Secure IP: 9.9.9.9 Provides: Security blocklist, DNSSEC, No EDNS Client-Subnet sent. If your DNS software requires a Secondary IP address, please use the secure secondary address of 149.112.112.112

Unsecured IP: 9.9.9.10 Provides: No security blocklist, no DNSSEC, No EDNS Client-Subnet sent. If your DNS software requires a Secondary IP address, please use the unsecured secondary address of 149.112.112.10>>

 

[dave14305]

Oh yes, I actually had not invoked the aliases since 384.10_2. My recollection is vague, perhaps the aliases had never worked.

No

# alias
mc='mc -c'
l='ls -lFA'
ll='ls -lF'

It appears that alias commands could be appended to /jffs/etc/profile or /opt/etc/profile

An if you run this dot command, are there errors?

. /jffs/configs/profile.add

 

[EmeraldDeer]

An if you run this dot command, are there errors?

. /jffs/configs/profile.add

No errors and the aliases are added to my current shell

 

[dave14305]

No errors and the aliases are added to my current shell

Could be a bug with the new GPL, since I see there is a new /etc/profile.hnd file in this release. But I don’t know where to go with it from here. What does /etc/profile link to on your router?

 

[EmeraldDeer]

Could be a bug with the new GPL, since I see there is a new /etc/profile.hnd file in this release. But I don’t know where to go with it from here. What does /etc/profile link to on your router?

# ls -la /etc/profile
lrwxrwxrwx    1 HdB34266 root            16 Dec 31  1969 /etc/profile -> /rom/etc/profile

# cat /rom/etc/profile
export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/home/$USER:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin"
export PS1='\u@\h:\w\$ '
export LD_LIBRARY_PATH=/lib:/usr/lib:/lib/aarch64

alias l='ls -lFA'
alias ll='ls -lF'

ldd() {
        LD_TRACE_LOADED_OBJECTS=1 $*;
}

[ -n "${TMOUT+x}" ] || export TMOUT="$(nvram get shell_timeout 2>/dev/null)"

[ -f /jffs/etc/profile ] && . /jffs/etc/profile
[ -f /opt/etc/profile ] && . /opt/etc/profile

There is an alias in my shell the definition of which only exists in /opt/etc/profile so that looks like the one to use for your terminal shell needs

 

[dave14305]

# ls -la /etc/profile
lrwxrwxrwx    1 HdB34266 root            16 Dec 31  1969 /etc/profile -> /rom/etc/profile

# cat /rom/etc/profile
export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/home/$USER:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin"
export PS1='\u@\h:\w\$ '
export LD_LIBRARY_PATH=/lib:/usr/lib:/lib/aarch64

alias l='ls -lFA'
alias ll='ls -lF'

ldd() {
        LD_TRACE_LOADED_OBJECTS=1 $*;
}

[ -n "${TMOUT+x}" ] || export TMOUT="$(nvram get shell_timeout 2>/dev/null)"

[ -f /jffs/etc/profile ] && . /jffs/etc/profile
[ -f /opt/etc/profile ] && . /opt/etc/profile

Oh, so profile.add is missing from the rtax88 branch. @RMerlin needs to know.

 

[RMerlin]

The IPv4 addresses for Quad 9 Secure IP are not correct. This is from the Quad 9 info page:

This is exactly what I see in the file, where do you see an error?

 

[RMerlin]

For me if No is selected, and I refresh / change page or tab, it goes back to Yes no mater what...?

Works for me. Open your browser console and look for any Javascript error.

 

[RMerlin]

Didn't expect to read that.

What, that Cloudflare doesn't support EDNS (which was documented), or that I prefer to use my ISP DNS servers?

 

[Gar]

What, that Cloudflare doesn't support EDNS (which was documented), or that I prefer to use my ISP DNS servers?

That you plan to drop DoT.

 

[RMerlin]

That you plan to drop DoT.

I said I planned to disable it on my router, I never said I planned to drop it.

 

[Gar]

I said I planned to disable it on my router, I never said I planned to drop it.

How will you use it?

Also, when using your pull-down list for DoT, ie Quad9, do I need to add the port or is it built-in automatically?

 

[Swistheater]

How will you use it?

Also, when using your pull-down list for DoT, ie Quad9, do I need to add the port or is it built-in automatically?

Default port is 853

 

[RMerlin]

How will you use it?

I won't use it.

 

[Hardy]

Asuswrt-Merlin 384.11 Beta is now available for all supported models. This release features a number of significant changes.

Please keep discussions in this thread on this specific beta release.

Downloads are here.
Changelog is here.

Checksum f6cd809cc889781a1407271b4c59d8303cd94a4fa87e9d79ab1e28399904e688 for the file RT-AC68U_384.11_beta1.trx does not match with the files downloaded from both the sources. The sha256 checksum of the downloaded file is de8178c59988b8a07cf2e59f4c32810453748a0e29441392a390b2319af55d7d

 

[Ydnaroo]

Checksum f6cd809cc889781a1407271b4c59d8303cd94a4fa87e9d79ab1e28399904e688 for the file RT-AC68U_384.11_beta1.trx does not match with the files downloaded from both the sources. The sha256 checksum of the downloaded file is de8178c59988b8a07cf2e59f4c32810453748a0e29441392a390b2319af55d7d

Hi. Further up the same page it says that the zip packages have been rebuilt with a 'b' suffix (due to possible errors). The .trx filename is the same as before. Assume Merlin hasn't got around to updating the hashes. All I can say is that the hash you get for the later download is the same as the one I get here for the file I downloaded soon after the change. I've uploaded it to my RT-AC68U and it seems fine (I'm far from an expert though!). Andy

 

[bbunge]

Since I asked for more "Preset Servers" for DoT and the thrust of using DoT is security I thought I should bring up that not all upstream resolvers support TLS 1.3. I recommended CleanBrowsing but a test this morning with their secure resolvers failed when I had Stubby set to min TLS 1.3. I removed the min TLS Stubby setting and they worked .
So, if the resolver provider does not support TLS 1.3 should they be on the list?

 

[MDM]

Works for me. Open your browser console and look for any Javascript error.

Does not stick in Watrerfox, IE or Edge...

Those are the only java errors in Waterfox:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script language="JavaScript" type="text/javascript" src="/state.js"></script>