[Beta] Asuswrt-Merlin 384.11 Beta is now available

[Ydnaroo]

You are running this beta right?

Yes. The repacked 'b' file.

 

[kernol]

Hello,

Which GPL used for AC-5300? There is only source code available 3.0.0.4.384.45149 while you mention for all other models is 384_45713.

Valid question - not yet answered by @RMerlin who I guess is the only one who will know.
I gather he may get source code from Asus before its put up on their website - where you are quite correct - source there is 384.45149.
Here's hoping that he did build on 384_45713 for our router [RT-AC5300] as I gather Asus has fixed some of their long-term bugs in it.

 

[fearz]

Valid question - not yet answered by @RMerlin who I guess is the only one who will know.
I gather he may get source code from Asus before its put up on their website - where you are quite correct - source there is 384.45149.
Here's hoping that he did build on 384_45713 for our router [RT-AC5300] as I gather Asus has fixed some of their long-term bugs in it.

Hoping that too...

Any other way to find out?

 

[skeal]

Hoping that too...

Any other way to find out?

Keep an eye on @RMerlin 's change log.

 

[vdemarco]

I hope this hasn't been asked yet, but with the latest change in the repository the ntp filter is there now. So does that mean i can uninstall ntpmerlin and just use the standard ntp server in merlin?

The graphs in ntpmerlin are nice but not required.

 

[truglodite]

IDK, I'm curious to hear feedback on that vdemarco. I've read a few posts since the addition of the gui ntpd that mention kvic's ntpmerlin is far superior as far as precision. Not sure if there may be other side-effects to consider though. I was running my own script, that did the same thing as the new webui ntpd. Then I switched to the webui ntpd when it came out, then read those posts and switch to ntpmerlin. The graphs are cool, but I did it for the precision.

 

[nlurker]

IDK, I'm curious to hear feedback on that vdemarco. I've read a few posts since the addition of the gui ntpd that mention kvic's ntpmerlin is far superior as far as precision. Not sure if there may be other side-effects to consider though.

Best feature of ntpMerlin is forced NTP redirection, so all devices on my network are synced to the same clock, even devices lacking any NTP configuration (like Amazon Echo, TiVo, etc.). I am hoping that asuswrt-merlin ntpd will provide this feature, or in the least can be disabled so I can continue to use ntpMerlin without any conflicts.

 

[Swistheater]

I sniff a new beta coming soon . This beta is awesome.

 

[zenmota]

Reboot Option not working.....

Running 384.11 Beta 1 on Asus rt-ac86u router. After flashing to 384.11 Beta 1 the when I choose the Reboot Option at the top of the page (next to Logoff Option) the router shows the Please Wait % Applying Settings like it is rebooting then after that it returns to router web page I was on (it usually goes to the router login screen after a reboot). I look at the System Log Page and it shows:

Apr 29 17:46:01 rc_service: httpd 768:notify_rc reboot
Apr 29 17:46:01 rc_service: waitting "restart_wireless" via cfg_server ...
Apr 29 17:46:16 rc_service: skip the event: reboot.

This seems to have started with Beta 1. I have not tried resetting to defaults as I don't really want to have to enter all those settings again, at least not right now. I did try unplugging the router.

Thanks....

 

[Marin]

Be careful there @Sonyrolfy! Do you want Diversion to work when connected to the OpenVPN Client tunnel when using Policy Rules? If, so read on...

“Accept DNS Configuration” set to “Exclusive”

When combined with Policy Rules based routing, all clients configured to use the VPN will use the DNS servers provided by the VPN tunnel. LAN Clients configured to go through the WAN will use the DNS configured in the WAN Settings Screen.

The disadvantage of setting “Accept DNS configuration” to “Exclusive” when combined with Policy Rules is that DNSMASQ will be bypassed since the VPN tunnel will exclusively use the DNS of the VPN Provider. The popular Diversion ad blocker program, written for the Asuswrt-Merlin firmware, will not work since Diversion requires the features of DNSMASQ. Diversion will work over the VPN tunnel when “Accept DNS configuration” is set to “Exclusive” and Policy Rules are disabled by setting “Redirect Internet Traffic” to “All”.

There are two options available if you want the OpenVPN client to use DNSMASQ when using Policy Rules. This is done by setting “Accept DNS Configuration” to either “Strict” or “Disabled”.

“Accept DNS Configuration” set to “Strict”
If you set Accept DNS Configuration to “Strict”, you must then specify the DNS server for the VPN tunnel to use by adding the dhcp-option DNS command in the Custom Configuration section per the example below.

dhcp-option DNS 1.1.1.1

“Accept DNS Configuration” set to “Disabled”
My preferred recommendation is to set “Accept DNS Configuration” to “Disabled” and install Stubby DNS over TLS. Stubby DNS over TLS will encrypt DNS queries for all devices on the network. Or, with 380.11 Alpha/Beta, use the built in DoT functionality available in the firmware. Yes, a DNS Leak test will say you may be leaking DNS requests. But rest assured your DNS requests are going where you told them to - Cloudflare or another DoT DNS supported server, and not to your ISP.

Accept DNS Configuration Definitions
For reference, the definition of the Accept DNS Configuration field values are as follows:

• Disabled: DNS servers pushed by VPN provided DNS server are ignored.
• Relaxed: DNS servers pushed by VPN provided DNS server are prepended to the current list of DNS servers, of which any can be used.
• Strict: DNS servers pushed by the VPN provided DNS server are prepended to the current list of DNS servers, which are used in order. Existing DNS servers are only used if VPN provided ones don’t respond.
• Exclusive: Only the pushed VPN provided DNS servers are used.

See my blog site for more details.

The part that I struggle to understand is when you choose either “Disabled” or “Strict” option, what should the WAN settings be? More specifically, the “Connect to DNS server automatically”. Should the choice here be “Yes” or “No” (and your DNS servers of choice entered)? And why?


Sent from my iPhone using Tapatalk

 

[jeff3820]

This is exactly what I see in the file, where do you see an error?

Quad 9 has addresses that support their extra security. These are 9.9.9.9 as the primary address and 149.112.112.112 as a secondary address.

9.9.9.10 is a valid DNS address but does not support the extra security features of Quad 9

 

[Swistheater]

Quad 9 has addresses that support their extra security. These are 9.9.9.9 as the primary address and 149.112.112.112 as a secondary address.

9.9.9.10 is a valid DNS address but does not support the extra security features of Quad 9

He has the insecure listed as insecure for users that want that. There is nothing wrong with his setup

 

[Swistheater]

Reboot Option not working.....

Running 384.11 Beta 1 on Asus rt-ac86u router. After flashing to 384.11 Beta 1 the when I choose the Reboot Option at the top of the page (next to Logoff Option) the router shows the Please Wait % Applying Settings like it is rebooting then after that it returns to router web page I was on (it usually goes to the router login screen after a reboot). I look at the System Log Page and it shows:

Apr 29 17:46:01 rc_service: httpd 768:notify_rc reboot
Apr 29 17:46:01 rc_service: waitting "restart_wireless" via cfg_server ...
Apr 29 17:46:16 rc_service: skip the event: reboot.

This seems to have started with Beta 1. I have not tried resetting to defaults as I don't really want to have to enter all those settings again, at least not right now. I did try unplugging the router.

Thanks....

Try uninstalling any scripts first and see if you have same problems even try a factory reset

 

[RMerlin]

I had thought this post was saying it but reading again it could be proxy or direct
[Preview] Asuswrt-Merlin 384.11 with DNS over TLS

DNSSEC validation is now done by dnsmasq, that's what this post was referring to. Therefore no proxying.

Which GPL used for AC-5300? There is only source code available 3.0.0.4.384.45149 while you mention for all other models is 384_45713.

As written in the changelog: 45713 GPL, with 45149 binary blobs:

  - UPDATED: Other models to 384_45713 GPL (RT-AC87U, RT-AC3200 and
             RT-AC5300 still using 384_45149 binary blobs)

 

[RMerlin]

Quad 9 has addresses that support their extra security. These are 9.9.9.9 as the primary address and 149.112.112.112 as a secondary address.

9.9.9.10 is a valid DNS address but does not support the extra security features of Quad 9

And that's why it's listed as Quad 9 (insecure).

 

[jeff3820]

And that's why it's listed as Quad 9 (insecure).

Sorry...the listing was hard to follow...looked like 9.9.9.10 was the secondary address

 

[zenmota]

Try uninstalling any scripts first and see if you have same problems even try a factory reset

I don't have any scripts. I may try a factory reset later when I have time to re-enter all my settings.

Thanks...

 

[RMerlin]

For me if No is selected, and I refresh / change page or tab, it goes back to Yes no mater what...?

It's because of a missing build time setting (merlinupdate wasn't enabled on these rebuilds).

 

[Swistheater]

It's because of a missing build time setting (merlinupdate wasn't enabled on these rebuilds).

DoT seems to be running well thank you for allowing it to be implemented.

 

[vdemarco]

Best feature of ntpMerlin is forced NTP redirection, so all devices on my network are synced to the same clock, even devices lacking any NTP configuration (like Amazon Echo, TiVo, etc.). I am hoping that asuswrt-merlin ntpd will provide this feature, or in the least can be disabled so I can continue to use ntpMerlin without any conflicts.

the new beta has the force option too