[Beta] Asuswrt-Merlin 384.11 Beta is now available

[PoloNes]

Could someone test to see if it works with Cleanbrowsing Adult?

https://cleanbrowsing.org/guides/dnsovertls

 

[scjr]

Upgraded to beta 1 over alpha 4. Nearly 12 hours uptime running DoT (cloudflare), with DNSFilter set to router and everything running great. Thank you to @RMerlin and @themiron for DoT!

 

[dave14305]

Could someone test to see if it works with Cleanbrowsing Adult?

https://cleanbrowsing.org/guides/dnsovertls

Yes, it works adding the IP and name directly in the list. Also worked with DNSSEC enabled. Could not browse to playboy.com or youporn.com (not that I ever heard of those sites before).

 

[bbunge]

EDIT: BTW, providing a replacement stubby.yml will fail at boot because it needs to be told NOT to enforce TLS at boot time. If you just copy a stubby.yml config with TLS enabled, then your ntp will fail to synchronize the clock, as TLS cannot work until the clock is set. I will probably remove support for replacing stubby.yml for this reason, leaving postconf and .add only.

I discovered this morning that a stubby.yml in /jffs/configs will not work on reboot. stubby.yml.add does not work either.

I would really like the ability to modify stubby so I can run DNSSEC from stubby and modify other settings such as round_robin. I do feel that running DNSSEC from dnsmasq with static root keys can lead to issues when the resolver providers decide to change the keys. I do not share your security concern over dynamically retrieved keys.

 

[dave14305]

stubby.yml.add does not work either.

Want to share the contents? I could test. We’ve learned how finicky yml can be.

 

[bbunge]

Want to share the contents? I could test. We’ve learned how finicky yml can be.

Contents:
dnssec_return_status: GETDNS_EXTENSION_TRUE
tls_min_version: GETDNS_TLS1_3

Am considering a script that copies a "good" stubby.yml to /jffs/configs after the router is up, restarts stubby then deletes the file from /jffs/configs.

 

[Swistheater]

I discovered this morning that a stubby.yml in /jffs/configs will not work on reboot. stubby.yml.add does not work either.

I would really like the ability to modify stubby so I can run DNSSEC from stubby and modify other settings such as round_robin. I do feel that running DNSSEC from dnsmasq with static root keys can lead to issues when the resolver providers decide to change the keys. I do not share your security concern over dynamically retrieved keys.

I had this issue before but I got it working now.

 

[Swistheater]

I discovered this morning that a stubby.yml in /jffs/configs will not work on reboot. stubby.yml.add does not work either.

I would really like the ability to modify stubby so I can run DNSSEC from stubby and modify other settings such as round_robin. I do feel that running DNSSEC from dnsmasq with static root keys can lead to issues when the resolver providers decide to change the keys. I do not share your security concern over dynamically retrieved keys.

Btw you need to name it stubby.add not stubby.yml.add. Then make it executable likewise with stubby.yml

 

[dave14305]

Contents:
dnssec_return_status: GETDNS_EXTENSION_TRUE
tls_min_version: GETDNS_TLS1_3

Am considering a script that copies a "good" stubby.yml to /jffs/configs after the router is up, restarts stubby then deletes the file from /jffs/configs.

Make it just stubby.add and it works.

IMHO, it should include the yml for consistency, like dnsmasq.conf.add and to be consistent with John’s fork.

 

[bbunge]

Make it just stubby.add and it works.

Yes! Works.
Also added round_robin_upstreams: 0 which added a second entry to stubby.yml but it seems to work ...

 

[nlurker]

I'll have to think some more about it. I'm not totally opposed to it, just... reluctant at this time.

For your consideration: Forced NTP redirection has been a huge benefit for me. Some devices (like TiVo) have no configuration for NTP server, yet benefit greatly from accurate time. TiVo NTP servers are always off a few seconds, messing up all my recordings. Since installing ntpMerlin, my recordings have been dead-on.

 

[Swistheater]

Make it just stubby.add and it works.

IMHO, it should include the yml for consistency, like dnsmasq.conf.add and to be consistent with John’s fork.

I noticed it was stubby.add instead of stubby.yml.add because stubby.postconf and not stubby.yml.postconf

 

[Swistheater]

Yes! Works.
Also added round_robin_upstreams: 0 which added a second entry to stubby.yml but it seems to work ...

When you decide to make changes using these features you should do service restart_dnsmasq. Wait a good 15 minutes to see it be stable-- then move on to test if it is stable via reboot.

 

[bbunge]

When you decide to make changes using these features you should do service restart_dnsmasq. Wait a good 15 minutes to see it be stable-- then move on to test if it is stable via reboot.

service restart_stubby

Sent from my SM-T380 using Tapatalk

 

[Swistheater]

service restart_stubby

Sent from my SM-T380 using Tapatalk

I use dnsmasq incase you include a dnsmasq.conf.add as well

 

[no_name]

Flashed RT-AC86U from 384.11_alpha4 to 384.11_beta1
Format JFFS partition on next boot, factory reset and manually reconfigured settings

Settings used

DHCP Server
VPN client using ExpressVPN
DNS over TLS
Traffic Analyzer
QoS
AIProtection


DOT, Traffic Analyzer, QoS and AIProtection weren’t activated when I started having problems with the VPN Client

The VPN clients start on boot sometimes work

Turn off start on boot and it will turn on after a reboot when it shouldn’t

Sometimes the VPN service state is off but it’s connected

Sometimes VPN Client page says it’s connected when it’s not

Adding devices to use VPN or WAN and applying the settings turns off the VPN

It’s all random

Rebooting the router from GUI doesn’t always reboot the router

I factory reset a couple of times and the above problems still happen.

I think my router is having its first hissy fit

It’s all up and running now so I will leave things to settle down

UPDATE

Reverted back to 384.10_2, factory reset etc with the above settings

Dirty flash back to 384.11_1 and the above problems have gone

 

[SwampKracker]

I was also unable to access the GUI after flashing alpha4. AC3100

Same thing happened to me. I used the Asus Firmware Restoration tool to install 384.10_2.

 

[skeal]

Works for me. I just setup a router with a PIA OpenVPN client set to connect at boot, and DNS over TLS enabled. On a reboot everything was started normally.

VPN clients don't get started until after the WAN comes up.

Check what customization you have in place. Also check your boot log for any error message during boot.

When I look in the logs, the time sync and WAN up log entries don't take place until the very end of the boot. The log entries are literally right before the end of the reboot process. The probable reason for my OVPN Server or Client not starting is not having a WAN connection and or NTP update. I DO NOT have any special scripts running. Only the stuff in my signature, there are no other custom mods. I have deliberately kept things simple too get to the bottom of the issue. You didn't say how things went when you tried the OVPN Server starting at reboot. I am unable to find any problems in the logs. The only entry I found was:

May  4 23:05:11 WAN_Connection: Ethernet link down.
May  4 23:10:19 Skynet: [*] NTP Failed To Start After 5 Minutes - Please Fix Immediately!

I also noted that my USB drive doesn't get mounted either.

 

[consorts]

can someone using .11 confirm this is fixed on ac3100

3.0.0.4.384.5951
Bug Fix
- Fixed Network Map related issues.

 

[Zastoff]

can someone using .11 confirm this is fixed on ac3100

3.0.0.4.384.5951
Bug Fix
- Fixed Network Map related issues.

GPL merges: 384_5951 (RT-AX88U), 384_45713 (all other models)