[Beta] Asuswrt-Merlin 384.11 Beta is now available

[Howard_inGA]

I'm getting the following:
View attachment 17246

Same here...
Just installed the Beta with a dirty upgrade. It was flawless, and all is working as before.
I do not think that Encrypted SNI is available in any useable fashion, based on light research. Other comments?
RT AC-5300

 

[skeal]

are you using the network monitor functions under administration?

No not at all. Thanks for asking!

 

[Swistheater]

No not at all. Thanks for asking!

just debugging scenarios i've seen that cause connection issues.

 

[TheBoatswain]

I am not sure if this is a good place for this post but hey For the last three or four updates something changed, I use to get 930 Up and Down with my RT-AC5300 with Merlin’s Firmware, I am running the non beta 384.10-2, and I am getting some horrible buffer bloat. I am not using QOS as I really haven’t figured out how to set it up with the new bottom line. Not sure if it will help. Last night I went to a site recommended to me to test my speed and router, I have Centruylink Gig speed in Washington State my down load was in the green but the fastest I can get is 780 and my Upload was very spastic went up to 4258.05 and it was in the red. In game I will be playing smooth and fast then I am stuck in one position while I watch the whole other team come by and shoot me then I fall to the ground. Yes it is a PPPOE provider and Merlin I looked all over this site like you said to do and could not find anything that help. Please give me some Ideas, from reading some stuff some say that using QOS may help but I have never used it before. My wire is using Ethernet Cat6.

 

[skeal]

Check your system log for any rc_service skipped event.

I have an OpenVPN server configured to start at boot on my main router as well as on many of my test routers, and never had any issue with them starting correctly at boot time. All I can think of would be a race/timing issue during your boot process, this usually shows up with a skipped event.

I checked my logs from one end to the other and no "skipped event" rc_service event to be seen. Anything else I can try?

 

[bluzfanmr1]

Sorry if I sound like a newbie on this but where do I get the TCP Dump pkg

It is one of the packages you can install through Entware. You can get Entware by installing amtm. Then you open up 2 shell windows to the router and enter the respective commands. What you will see after setting up DoT is all of your traffic flowing through port 853. You shouldn't see any traffic flowing in the other window, port 53, unless you have chosen to bypass DoT on any devices.

Hope that makes sense.

 

[skeal]

That would make sense, since both of these require an accurate clock for SSL/TLS.

My logs show the NTP time sync and WAN up log entries very late in the reboot logs. As a matter of fact I would say 3/4 of the log (on reboot) is without time sync. I have very little log showing the correct time after a reboot. The only way to understand is to see it yourself. Let me know @RMerlin if you need my logs?

 

[XzGiovanniModzX]

this is normal?

 

[heysoundude]

If you think about it, how would a website detect DNS over TLS unless it is the website of your DNS over TLS provider?

If you are using Cloudflare, then:

https://1.1.1.1/help
I would not recommend DNS over HTTPS (DoH) even if it was available

https://www.cloudflare.com/ssl/encrypted-sni/
I am not sure Encrypted SNI is available yet

I believe -and I may well be (meaning I most likely am) mistaken- but eSNI needs to be supported by the browser. It looks like Firefox did this a while ago (Nightly builds only, according to a link below); you'd have to check your own, and make noises to the devs to get them to include it in an upcoming release.
That said, EFF had a good graphic explanation about how secure you are at various stages of rollout/implementation:
https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https

And @L&LD wrt what we were discussing on another thread (manual/how-to/for dummies articles) here's an excellent example:
https://blog.cloudflare.com/esni/

Apologies if this is taking things further Off-topic...but it IS germane given one of the biggies of 384.11

 

[skeal]

My logs show the NTP time sync and WAN up log entries very late in the reboot logs. As a matter of fact I would say 3/4 of the log (on reboot) is without time sync. I have very little log showing the correct time after a reboot. The only way to understand is to see it yourself. Let me know @RMerlin if you need my logs?

The other thing I found out, when trying the reboot process with both OVPN Server and Client starting at boot, I find the NTP is not updated, and the OVPN Server is not connecting and caught in the connection process (little wheel spinning). If I turn off the OVPN Server, at that point, the router will actually finish the boot tasks finally, and get the time straight, but the OVPN Client never starts.

 

[DonnyJohnny]

this is normal?

Assume that is because your web browser don’t support tls 1.3.
Try update to latest browser or if u using iOS, u need to have 12.2 above to have 1.3

 

[RMerlin]

score 1 for merlin 0 for asus devs

Not really. I am still unsure as to the real cause, only got an hypothesis (one change was made recently in the image generation). And to make things worse, it seems highly random, and one of the two models that fails to properly boot is the one router model I don't own for testing.

 

[RMerlin]

I do not think that Encrypted SNI is available in any useable fashion, based on light research. Other comments?

This is a browser feature, unrelated to the router.

 

[Swistheater]

No not at all. Thanks for asking!

are you running as ntp server or ntp client? and do you have both addresses in use on NTP servers or only one?

 

[William Riley]

I was also unable to access the GUI after flashing alpha4. AC3100

I've been dirty flashing each new build, alpha and beta since 378 I think... but seriously I've had no problems from doing that. (About time lol!)

After the flash completed it connected back and said please reboot manually which I did, and the GUI was not accessible after that. IPv6 also seemed to take a little while to work fully.
I rebooted again and still no GUI, and also no IPv6 either connectivity whatsoever. Everything else is working very smoothly, QoS etc, are testing perfectly.

Will wait and see what's up.

I did a clean install and dirty i can not get to GUI and I have the Android Asus program will not link to router. Sound Like a bug If I'm not alone

 

[William Riley]

I am having that same issue

I also have the same issue

 

[elorimer]

My logs show the NTP time sync and WAN up log entries very late in the reboot logs.

87U: My WAN comes up at 29 seconds into the process; ntpd starts at 31 seconds and current time is from 37 seconds into the boot. That's about what I had with 10_0. Entware starts at around 1:13, which is a lot later.

Avahi-daemon starts at 23 seconds, and restarts at 1:27.

 

[skeal]

are you running as ntp server or ntp client? and do you have both addresses in use on NTP servers or only one?

I only have the one entry for time server, (pool.ntp.org) and no other NTP settings. See attached image.

 

[Swistheater]

try using it and see what happens with your ovpn issues.

 

[William Riley]

Will the General Log help ? you solve the issue?