What's new

[Beta] Asuswrt-Merlin 384.11 Beta is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

try using it and see what happens with your ovpn issues.
No change. Still the same. My initial clock set doesn't take place until 45 seconds before the last log entry of the reboot.
 
This is a browser feature, unrelated to the router.

Setting the following in Firefox 66.0.3 (Mac) passes the test:
network.trr.mode = 2
network.security.esni.enabled = true

Setting network.trr.mode = 3, did not work for me, but 2 does. I'm not sure how else to verify ESNI.
 
Setting the following in Firefox 66.0.3 (Mac) passes the test:
network.trr.mode = 2
network.security.esni.enabled = true

Setting network.trr.mode = 3, did not work for me, but 2 does. I'm not sure how else to verify ESNI.
I think if you check this out the esni process in firefox products requires the DoH to work.
 
I think if you check this out the esni process in firefox products requires the DoH to work.

It's interesting. When I enable these settings in Firefox and retest cloudflare DNS, I get "Using DNS over TLS (DoT)" now showing "Yes". Didn't make any changes to the RT-AC5300. I'm currently on 384.10_2 with Stubby 1.1.1 (Diversion, pixelserv-tls static w/ TLS 1.3) using the PIA VPN client with the router DNS.
 
I only have the one entry for time server, (pool.ntp.org) and no other NTP settings. See attached image.View attachment 17251
Did you ever try an NTP server that is closer to you. I configured one a few miles down the road from me and it syncs the time much faster than the generic pool.ntp.org. You can find ntp servers on a wiki list from ntp.org. Than test the latency with a ping for each server listed and choose the lowest one. I.e. mine went from 110ms for pool.ntp.org to 18ms with this one 64.113.44.54
 
It's interesting. When I enable these settings in Firefox and retest cloudflare DNS, I get "Using DNS over TLS (DoT)" now showing "Yes". Didn't make any changes to the RT-AC5300. I'm currently on 384.10_2 with Stubby 1.1.1 (Diversion, pixelserv-tls static w/ TLS 1.3) using the PIA VPN client with the router DNS.
I wouldn't use Firefox's implementation since its running through a proprietary DoH on Firefox's own servers circumventing your DNS implementation. I would wait with eSNI until its an accepted standard.
 
I wouldn't use Firefox's implementation since its running through a proprietary DoH on Firefox's own servers circumventing your DNS implementation. I would wait with eSNI until its an accepted standard.

Ah, ok. Good advice. Thanks.
 
Should I downgrade if I have 384.11 Beta 1 running on 87u? Everything is running fine for me since updating the firmware last night.
 
@RMerlin Yahoo I figured out the OVPN and reboot conflict on my AX88U. If I rebooted with the OVPN Server, or Client, or both set to start at boot up, the router would fail to get it's NTP update and then of course the WAN wouldn't come up. It was caused by a race condition. The race with, I do not know. But if I run this ovpn-start script I dug up, from post-mount everything works perfect. Script location:
Code:
/jffs/scripts/ovpn-start
Script contents:
Code:
#!/bin/sh
#/jffs/scripts/ovpn-start
#Delay Openvpn Server1 and Client1 until NTP update is complete (auto start in webui must be set to no)
c=0
while [ $(date +%Y) -lt 2015 -a $c -lt 20 ]
do
c=`expr $c + 1`
logger "OVPN Waiting for Time Adjustment...."
sleep 1s
done
logger "Starting OVPN Services"
service start_vpnclient1
sleep 10s
service start_vpnserver1
This in post-mount:
Code:
sh /jffs/scripts/ovpn-start
I've tested this over and over and it works.
 
I have regenerated all the SDK6/SDK7 firmware images with the new compression option disabled. They should appear on Onedrive/Sourceforce in a little while. The ZIP filename will have beta1b . The firmware version will still show as beta1 - I haven't recompiled the code, simply rebuilt the .trx files with the mksquashfs change.

I recommend everyone to upgrade, just in case there might also be filesystem corruption issues with other models.

I haven't rebuilt the HND models (AC86U and AX88U) because they use ubifs, as well as a newer kernel, so in theory these should be fine.

Interesting thing is the corrupted images will read just fine on my Linux VM, but mounting them on a loopback on the routers themselves will generate read errors while accessing certain files. I suspect it could be a bug in the older kernel, or an incompatibility between mksquashfs and these kernel releases.

I'm not 100% sure this was the cause, but it's what made the most sense (unfortunately, I cannot reproduce the problem every time I build an image). Only testing in the long run will confirm this was the issue.
 
@RMerlin Yahoo I figured out the OVPN and reboot conflict on my AX88U. If I rebooted with the OVPN Server, or Client, or both set to start at boot up, the router would fail to get it's NTP update and then of course the WAN wouldn't come up. It was caused by a race condition

While this workaround might work, it won't resolve the root cause.

I haven't had time to look into that yet, was busy dealing with the corrupted image generation. I will do a more torough review of the boot time code to ensure that VPN instances get started as late as possible after ntp has been properly set (and ideally after DoT has also been established).
 
Recovery flash usually requires a stock firmware. You can use any of the official ASUS ones. That's what I used, and then flashed back to Merlin 384.10_2.



A few other people had this problem too. Please look into this!
Any tips on doing the flash as mine keeps failing around 81% using latest official asus firmware.
 
The firmware version will still show as beta1
Embarrassed to ask this, but how could I tell if the B1b "took"? On Tools|System information I'm showing a Friday build--should that be Saturday?
 
Any tips on doing the flash as mine keeps failing around 81% using latest official asus firmware.
Try to use lan and install via http and not https.
Also disable air protection and restart before reflash. (Sometime maybe due to lack of memory)
 
EDIT: RT-AC87U and RT-AC3100 beta 1 builds were pulled, as the images seem to suffer from the same corruption issues that recently affected Asus's own RT-AC68U 384_45708 release.

I wonder if Merlin meant ac88u as that is a close variant of the Ac3100.

If you can get into the GUI on your ac87u, then you are probably fine.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top