[Beta] Asuswrt-Merlin 384.7 Beta is now available

[JIPG]

I don't have any additional information to share about any of these, sorry. Based on their vague descriptions, I'd suspect they're all only exploitable LAN-side, or if you still persist in opening your router's webui to the WAN despite numerous warnings not to, so personally, I'm not losing any sleep over any of these issues.

Thank you for the info. Your advice is appreciated.

 

[tomsk]

Im using the ddns with no-ip ... the registration appears to be successful but it appears the lets encrypt certificate generation has a problem

Sep 18 03:45:54 RT-AC68U-4690 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/V1mNEJWNADcrOEkGSz36gQ9rZG38ykl74lu2NgjgcwA/7438390568: bad response
Sep 18 03:45:54 RT-AC68U-4690 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://tomsk61.hopto.org/.well-known/acme-challenge/q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o: Timeout during connect (likely firewall problem)", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/V1mNEJWNADcrOEkGSz36gQ9rZG38ykl74lu2NgjgcwA/7438390568", "token": "q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o", "keyAuthorization": "q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o.sKGXKi4XthyxTzQDo8NipnokpbULfCwapYUv9UEUwIg", "validationRecord": [ { "url": "http://tomsk61.hopto.org/.well-known/acme-challenge/q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o", "hostname": "tomsk61.hopto.org", "port": "80", "addressesResolved": [ "2.49.168.80" ], "addressUsed": "2.49.168.80" } ] }] (892 bytes)
Sep 18 03:50:00 RT-AC68U-4690 rc_service: service 1788:notify_rc restart_letsencrypt

is there an issue with generating the cert through a double nat situation?

 

[RMerlin]

Im using the ddns with no-ip ... the registration appears to be successful but it appears the lets encrypt certificate generation has a problem

Sep 18 03:45:54 RT-AC68U-4690 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/V1mNEJWNADcrOEkGSz36gQ9rZG38ykl74lu2NgjgcwA/7438390568: bad response
Sep 18 03:45:54 RT-AC68U-4690 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://tomsk61.hopto.org/.well-known/acme-challenge/q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o: Timeout during connect (likely firewall problem)", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/V1mNEJWNADcrOEkGSz36gQ9rZG38ykl74lu2NgjgcwA/7438390568", "token": "q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o", "keyAuthorization": "q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o.sKGXKi4XthyxTzQDo8NipnokpbULfCwapYUv9UEUwIg", "validationRecord": [ { "url": "http://tomsk61.hopto.org/.well-known/acme-challenge/q_jfZMs_gEtm7GebK0e7pfhuOAO4xs-p0w4hLOpIt7o", "hostname": "tomsk61.hopto.org", "port": "80", "addressesResolved": [ "2.49.168.80" ], "addressUsed": "2.49.168.80" } ] }] (892 bytes)
Sep 18 03:50:00 RT-AC68U-4690 rc_service: service 1788:notify_rc restart_letsencrypt

is there an issue with generating the cert through a double nat situation?

AFAIK, Let's Encrypt requires the use of Asus' own DDNS, because it relies on a special hook to complete the validation process.

 

[jasonho]

I flash 384.7 over 384.6 on my ac86u, all seen good. but after one night, I cannot one the webui, I need ssh into the router to reboot. then webui works again.

thanks a lot!

 

[RMerlin]

And use username rather then emailadress. (update helptext in gui to reflect this?)

Problem is, this changes from provider to provider, which is why Asus mentions both on the field label. Specifying this for 10+ different providers would be unwieldy.

 

[Zonkd]

I will try test out internal and external DDNS via DNSOMATIC service soon.

 

[Grisu]

I flash 384.7 over 384.6 on my ac86u, all seen good. but after one night, I cannot one the webui, I need ssh into the router to reboot. then webui works again.

No need for reboot, just SSH: service restart_httpd

 

[PDinDetroit]

First of all, excellent work and running rock solid. WiFi connections are staying connected and not dropping.

I did have something pop-up in the log this am only once (RT-AC86U):

Sep 18 07:49:54 smbd[11003]: [2018/09/18 07:49:54.181068, 0] smbd/negprot.c:706(reply_negprot)
Sep 18 07:49:54 smbd[11003]: No protocol supported !
Sep 18 07:50:57 smbd[11055]: [2018/09/18 07:50:57.185323, 0] smbd/negprot.c:706(reply_negprot)
Sep 18 07:50:57 smbd[11055]: No protocol supported !
Sep 18 07:51:57 smbd[11100]: [2018/09/18 07:51:57.252545, 0] smbd/negprot.c:706(reply_negprot)
Sep 18 07:51:57 smbd[11100]: No protocol supported !
Sep 18 07:52:57 smbd[11138]: [2018/09/18 07:52:57.332493, 0] smbd/negprot.c:706(reply_negprot)
Sep 18 07:52:57 smbd[11138]: No protocol supported !

Settings are as follows:

I was looking at Samba settings in the router files yesterday, but only displayed them using the cat command. I was curious if SMB V3 could be utilized from Entware. I looked but did not touch!

 

[RMerlin]

I was looking at Samba settings in the router files yesterday, but only displayed them using the cat command. I was curious if SMB V3 could be utilized from Entware. I looked but did not touch!

SMBv3 requires Samba 4.x, and provides generally little benefit for a low-powered router (since that router's CPU would crawl under the task of using encryption/signing of SMB sessions). SMBv2 is the best compromise for a low-powered device.

 

[fearz]

Just a quick question, to fully restore factory settings, i should just click on “Initialize” right?

 

[Grisu]

Just a quick question, to fully restore factory settings, i should just click on “Initialize” right?

yes or press WPS-button while powering on and release 15s later.

 

[SMS786]

Installed a couple of days ago on my 68U. AsusDNS over HTTPS and OpenVPN server all working fine. Thanks @RMerlin.

 

[Grisu]

Only what I found and probably could be improved:
On network map it is showing only internal WAN (private IP), would it be possible to show both IP's there, internal (private) and external public WAN-IP used for DDNS update?

Other question: Would it be even possible to allow this well done service in AP-mode too?

UPDATE:
I can access directly AP-router_IP/Advanced_ASUSDDNS_Content.asp and change settings.
No errors, but does NOT update ASUSDDNS.

@RMerlin:
could you please kindly answer this question?
https://www.snbforums.com/threads/beta-asuswrt-merlin-384-7-beta-is-now-available.48856/#post-430963

 

[pirx73]

but DFS is definitely used to automatically change channels if it detects signals in a range specified by your country's equivalent to the FCC (Federal Communications Commission) in the US, like if you are near radar, satellite, planes, military, etc...

Unfortunately that includes a weather radars too. At least in EU. If you see a lot of channel changes due to radar interference, it is always better to use a non-DFS channel.
I want to add - there are NO tricks to avoid this, it is hard-coded logic inside radio chip firmware, that's not even an ASUS level. If router detects radar activity - or due to firmware error, makes a mistake recognizing something else as "radar", it MUST vacate channel. No exceptions. After cooldown period router can check channel and return to it if no radar activityis detected. Only sure way to avoid this is to use a non-DFS channel, period.

 

[PDinDetroit]

The smbd errors occurred again on RT-AC86U running 384.7_beta1:

Sep 19 06:33:37 smbd[23672]: [2018/09/19 06:33:37.312362, 0] smbd/negprot.c:706(reply_negprot)
Sep 19 06:33:37 smbd[23672]: No protocol supported !
Sep 19 06:34:40 smbd[23708]: [2018/09/19 06:34:40.316784, 0] smbd/negprot.c:706(reply_negprot)
Sep 19 06:34:40 smbd[23708]: No protocol supported !
Sep 19 06:35:40 smbd[23755]: [2018/09/19 06:35:40.399165, 0] smbd/negprot.c:706(reply_negprot)
Sep 19 06:35:40 smbd[23755]: No protocol supported !
Sep 19 06:36:40 smbd[23802]: [2018/09/19 06:36:40.469161, 0] smbd/negprot.c:706(reply_negprot)
Sep 19 06:36:40 smbd[23802]: No protocol supported !

I have changed the Samba protocol version from SMBv2 to SMBv1+SMBv2 to see if the errors go away.

 

[RMerlin]

The smbd errors occurred again on RT-AC86U running 384.7_beta1:


I have changed the Samba protocol version from SMBv2 to SMBv1+SMBv2 to see if the errors go away.

You have clients that are trying to use SMBv1. The problem is with these clients, not with the router firmware.

 

[RMerlin]

@RMerlin:
could you please kindly answer this question?
https://www.snbforums.com/threads/beta-asuswrt-merlin-384-7-beta-is-now-available.48856/#post-430963

The external check is done by inadyn, the firmware has now knowledge of that IP and so it cannot display it itself, not without spamming a remote stun server to retrieve it - not gonna happen.

 

[Grisu]

The external check is done by inadyn, the firmware has now knowledge of that IP and so it cannot display it itself, not without spamming a remote stun server to retrieve it - not gonna happen.

Thanks for clearing that, thought the router will get it and and then after a change sending puplic ip to asuscomm.

 

[RMerlin]

Thanks for clearing that, thought the router will get it and and then after a change sending puplic ip to asuscomm.

Only internal check can do that. For external check, you have to rely on periodic checks (must be enabled and configured on the DDNS page). Inadyn is then launched, and it will check your remote IP through the DDNS service's remote test site, and will proceed to update the IP if it has changed since last check.

 

[David Tanaka]

Hi,

I am getting UI issues when I goto certain pages Wifi config. When I click wireless I get the Advanced_Wireless_Content.asp it loses the outside frame and its just the Wireless general page and it blank. It has the apply button but no way to go back to the previous page. If I use the back button it goes to the sign in page. If i hit the short cuts at the top of the page it goes to my wireless configurations. I cleared my browser cache, no joy. Any ideas? Wifi is working fine though.

Thanks

David

Router: RT-AC88U
Firmware: 384.7_beta1
From: 384.6 beta 1 to 384.7 beta 1