Release Firmware release - ASUS ROG Rapture GT-AC5300 Version 3.0.0.4.386.42643

[ForkWNY]

Version 3.0.0.4.386.42643 firmware for ASUS GT-AC5300 was released on 5/7/2021.

Version 3.0.0.4.386.42643
2021/05/07 65.22 MBytes
ASUS GT-AC5300 Firmware version 3.0.0.4.386.42643
Fixed CVE-2021-3450, CVE2021-3449 OpenSSL related vulnerability.

Please unzip the firmware file first then check the MD5 code.
MD5: e2ff2cb9647884f9822dc8d6a63ffa90

ROG Rapture GT-AC5300 | ROG Rapture GT-AC5300 | Gaming Routers｜ROG - Republic of Gamers｜ROG USA

A powerful yet easy managing VR ready gaming Wi-Fi router. Best solution for PS4, Xbox and PC gaming. Supporting tri-band 802.11AC. Providing speed up to 5300 Mbps.

rog.asus.com

 

[ForkWNY]

Dirty flashed 42643 over 41994 (beta), did not factory reset. So far Seems identical to the 41994 beta release. Only issue (which has been a problem since the initial release of 386 for this router) is that the web UI will hang sometimes after a reboot when AiMesh nodes are powered on and part of the GT-AC5300's mesh network. If that issue happens, best workaround is to power off the AiMesh nodes, unplug the WAN cable from the GT-AC5300, power it off, then power it back on with the WAN cable still disconnected. Once the GT-AC5300 boots up, reconnect the WAN cable, make sure the web UI is functional, then power on the AiMesh nodes. Should sort out the problem. A successive reboot may cause the web UI problem to reoccur. Firmware is stable otherwise, no network or performance related issues to report so far.

 

[z3razerviper]

I am having massive problems with this firmware. When I change the dns settings to point to my two piholes (paired with unbound) wan traffic stops and it shows as disconnected and sometimes gives an error that my ISP is having dns issues. I had to roll back to firmware 3.0.0.4.384_82037 for everything to work correctly....I am not giving up my piholes.

 

[L&LD]

@z3razerviper you don't need to give them up, but take them out of the network and make sure it works as you expect first, without them.

Then, add them one by one, testing as you go.

 

[z3razerviper]

I tried that as soon as i change the wan settings to point to them everything goes down. I really wish the GT-AC5300 could get merlin....the asus firmware keeps getting worse and worse.

 

[L&LD]

So, you flash the 386.42643 version firmware, do a full reset to factory defaults, and then manually and minimally reconfigure the router first? Before you try to use the piholes? And before you install/use Unbound?

If not, you may never upgrade to the latest/most secure firmware.

 

[z3razerviper]

Exactly. FYI unbound is running on the piholes. The router does not point directly to unbound only the piholes do.

 

[ForkWNY]

Never point WAN DNS in your GT-AC5300 WAN configuration to your own local Pi-hole/Unbound DNS servers. Functions such as time zone, etc. will not work within the router, and you'll run into other issues as well. WAN DNS in your router needs to point to something upstream for DNS such as Google (8.8.8.8) or Cloudflare (1.1.1.1, as an example). Clients on your LAN...PC's, smartphones, Wifi outlets...those should all be configured to point to your Pi-hole DNS servers...that way you get all the benefits of the DNS filtering/privacy offered by Pi-hole/Unbound, none of your local clients will use the router for DNS. I'm nearly 100% certain this will resolve your issues.

Pi-hole is the only entity that points to Unbound for upstream DNS, since Unbound binds to the localhost 127.0.0.1 IP running on the Pi-hole system. Nothing can being "pointed" at Unbound directly, your LAN clients must point to the LAN IP address(es) used by your Pi-hole systems (192.168.1.x for example). Pi-hole handles DNS....with a recursive Unbound DNS setup Pi-hole will forward all external DNS requests through Unbound recursively, rather than going upstream to Google or Cloudflare, which is what Pi-hole does by default.

I'm running the latest Pi-hole (with Unbound) on the newest ASUS 42643 GT-AC5300 firmware with zero problems. Make sure you're using upstream public DNS (Google DNS, Coudflare, your preference) for DNS 1 and DNS 2 server settings within the WAN settings (under Advanced in the web UI). Do not point WAN DNS at your Pi-hole(s).

Only your LAN DNS server (Advanced -> LAN -> DHCP Server) should point to your Pi-Hole server LAN IP. Since you're running multiple Pi-hole/Unbound servers, I'd recommend configuring your LAN clients to manually point to those private IP's for DNS manually, rather than having the router assign via DHCP, since the router firmware only allows 1 DNS server IP to be entered within the LAN settings. Ensure that Pi-hole is set to use Unbound as the upstream DNS...should be 127.0.0.1#5335 for CUSTOM Upstream DNS within Pi-Hole DNS Settings. Also make sure you have disabled Pi-hole for DHCP if you have DHCP enabled in your router, or you'll run into all sorts of problems.

Follow this guide to ensure you configure Pi-hole and Unbound correctly for recursive DNS -

unbound - Pi-hole documentation

docs.pi-hole.net

In Pi-hole Advanced DNS settings, ensure you have the following boxes ticked:
* Never forward non-FQDNs
* Never forward reverse lookups for private IP ranges

Ensure that "Use conditional Forwarding" is UNCHECKED.

I also recommend setting up and using Local DNS records within Pi-hole, if you want to assign local DNS names to clients on your local network (makes it easier to connect remotely to PC's, etc. instead of having to remember IP addresses). If you're running two Pi-hole/unbound systems, one of the Pi-hole's should be set up as a "slave" failover DNS server unless you have specific reasons to run separate independent DNS servers in your own home local network. I've found that one Pi-hole DNS server is more than sufficient for home private networks.

I have roughly 55 clients locally on my LAN (wifi outlets, PC's, game consoles, etc.) and none of them have had any issues with DNS. You do have to ensure your configuration is correct between the router (GT-AC5300) and your Pi-hole/Unbound servers. Avoid using .local for your local domain name. I've found local domains such as .lan or .homelan, etc. to work much more reliably. Mac systems have issues with .local since mDNS uses it.

 

[linkwellfook]

Just applied the latest update and I too have 2 piholes running with unbound. I had no issues.
As ForkWYN outlined above you'll need to look at your router and pihole configs.

 

[z3razerviper]

Thank you ForkWNY I will try it again this weekend. I do wish asus would allow for setting two dns servers in the lan settings that would solve so many issues.

Note I already had unbound configured correctly. Not sure how you would setup a slave failover dns server can you please clarify. Currently I am using gravity sync to push changes from my primary pihole to the secondary.

 

[ForkWNY]

It's probably uncommon for anyone to have 2 DNS servers on a private home network, so ASUS only bothered to allow one via DHCP. It's easy enough to assign DNS statically within Windows, Android, iOS/Mac OSX, etc. Most operating systems allow 2 DNS server entries, one for primary and one for secondary. If you're using a hot-hot mirrored DNS setup between your two Pi-hole servers, that is fine, just make sure they're configured consistently so they're both the same more or less. If you decide to use local DNS records, I believe you'd have to set those up on both Pi-holes in the same manner or you'll end up with some DNS inconsistencies on your network.

You can Google primary/secondary DNS configuration to view posts and threads from others who have those setups. I don't personally use a dual DNS setup at home, but have set up dozens of DNS servers in my day as primary/secondary, but my experience was primarily with co-location companies where I had to manage public DNS entries for hundreds of businesses. Always had a secondary in case the primary went down. When you use two Pi-hole servers as primary and secondary, the OS may randomly query either or both so it's important to have a mirrored configuration on them for consistency.

 

[z3razerviper]

That's why I use gravity sync it works really well.

 

[ForkWNY]

Btw if you're looking for a decent ad blocklist for Pi-hole, this is one of the best (in my opinion). Low false positive rate and well-maintained. It's the only one I use, their DB has just over a million DNS's on the block list. It's updated daily.

https://dbl.oisd.nl

 

[jj351]

https://dbl.oisd.nl

Can confirm, the only list that seemed tailored to my needs. No adjustments were necessary.

 

[linkwellfook]

Thank you ForkWNY I will try it again this weekend. I do wish asus would allow for setting two dns servers in the lan settings that would solve so many issues.

Note I already had unbound configured correctly. Not sure how you would setup a slave failover dns server can you please clarify. Currently I am using gravity sync to push changes from my primary pihole to the secondary.

In my setup the second pihole is not a slave. I run 2 Pi-hole servers in HA (High Availability) & in-sync.
There's a reddit post on how to do this. It outlines how to setup keepalived and pihole-gemini.

 

[z3razerviper]

Ok reinstalled and used the settings that were suggested everything was fine for about 20 hours then the router started randomly rebooting every 7 to 10 min....not. So I rolled back to 3.0.0.4.384_82037 ...again. I am wondering if its related to my works vpn...ours uses direct access or pulse and my wifes work uses the cisco vpn...

 

[ForkWNY]

Did you factory reset after installing the latest firmware, and re-configure your settings manually?

 

[ForkWNY]

Ok reinstalled and used the settings that were suggested everything was fine for about 20 hours then the router started randomly rebooting every 7 to 10 min....not. So I rolled back to 3.0.0.4.384_82037 ...again. I am wondering if its related to my works vpn...ours uses direct access or pulse and my wifes work uses the cisco vpn...

I can confirm that having an active VPN connection seems to be an issue if the router is rebooted or powered off/on while having an active VPN connection. I use Cisco AnyConnect at home...if the router has a VPN connection established and it's power cycled or rebooted, the web UI hangs up/goes blank when logging into the router's admin portal...that is IF AiMesh nodes are part of the network. Therefore I think this issue may have more to do with using AiMesh nodes than the VPN connection itself, but from troubleshooting some issues the other day I could not get the web UI to come back up unless I shut down the PC running AnyConnect, power cycling the GT-AC5300, then bringing up the AiMesh nodes one by one until all of them had fully booted up. After that point, no issues with VPN or accessing the admin UI.

The web UI has been problematic in all of the 386 releases...seems to be less problematic however if there are no AiMesh nodes on the network.

To avoid problems on the 386 firmware...when rebooting or power cycling the GT-AC5300, power off any devices using VPN beforehand, and power off the AiMesh nodes. Let the GT-AC5300 boot up first, then power up AiMesh nodes one by one (stagger them, don't power them on all at once). Once everything is up and you've verified you can connect to the router's admin UI, VPN is good to go.