[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[tyspeed42]

Been running 32L4 everything been running great john, nothing to report after few days.

 

[tyspeed42]

One feature I thought about when using Open VPN and PIA, when using a specific server, will there ever or could there ever be a feature to have more than one server listed.

For example, I have mine VPN setup to disconnect everyone on the network upon vpn going down on the current server.

Would have a secondary server or the option to list more if your current one goes down that can just automatically connect to the next server listed.

Anyhow thanks for keeping the L fork going.

 

[Lotta Cox]

Using this FW for media bridge mode on 68R.
No issues.
Connected
Frequency: 5GHz
Link rate: 1300 Mbps

 

[john9527]

For example, I have mine VPN setup to disconnect everyone on the network upon vpn going down on the current server.

Would have a secondary server or the option to list more if your current one goes down that can just automatically connect to the next server listed.

For PIA, you basically have this today since PIA works with FQDNs for the server address and not IPs.

First, check your custom config section and make sure it doesn't contain 'persist-tun' (I removed this from the autogen'd config a while back). Technically, this shouldn't be necessary, but I don't think PIA has configured their servers to fully support it correctly.

Then, since it's resolving via FQDN, it should automatically try a different server IP if the original server has gone down. I've actually seen it do this on my system.

 

[tyspeed42]

For PIA, you basically have this today since PIA works with FQDNs for the server address and not IPs.

First, check your custom config section and make sure it doesn't contain 'persist-tun' (I removed this from the autogen'd config a while back). Technically, this shouldn't be necessary, but I don't think PIA has configured their servers to fully support it correctly.

Then, since it's resolving via FQDN, it should automatically try a different server IP if the original server has gone down. I've actually seen it do this on my system.

Going to remove pertist-tun totally forgot about that setting, so many keep track of. Thanks John

 

[tyspeed42]

This is what I have now. This have given me consistent 65-75 Mbps on avg throughput.

explicit-exit-notify 2
ifconfig-nowarn
tls-client
nobind
persist-key
tun-mtu-extra 32
remote-cert-tls server
reneg-sec 0
resolv-retry infinite
auth-nocache
keysize 128
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
fast-io
--tun-mtu 9000
--mssfix 0
--fragment 0
mute-replay-warnings
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

 

[Markmaster]

So, right now I'm thinking of removing the old DNSCrypt v1 and replacing it with DNS over TLS support. ARM users who want DNSCrypt can use @bigeyes0x0 DNSCrypt installer (it should work on my fork, but needs to be tested). MIPS routers, sorry, no more DNSCrypt, but you should get DNS over TLS.

So if I am on AC68U I need to use this option or no option if I choose 1.1.1.1 DNS?

 

[ika]

Whom may concern: https://www.asus.com/us/support/Article/925/
For example I opened my n66u to put a sdcard into it (not that it matters now, since the warranty expired a long time ago).
I wonder if this extends to the software as well, since I have this FW on the router for a very long time now.

 

[Wisiwyg]

So if I am on AC68U I need to use this option or no option if I choose 1.1.1.1 DNS?

It works either on or off, so why not turn it on? Personally, I haved turned it on.

 

[RMerlin]

Whom may concern: https://www.asus.com/us/support/Article/925/
For example I opened my n66u to put a sdcard into it (not that it matters now, since the warranty expired a long time ago).
I wonder if this extends to the software as well, since I have this FW on the router for a very long time now.

The amendment has nothing to do with third party firmware. They clarify that if a third party attempts to repair your router AND they damage it, then your warranty for these damages will be void.

They are also mentioning that, in the US, tampering with the security seal will no longer void your warranty, as this is illegal (Asus among with a few other companies got warned about this a few months ago). US laws forbids a company from refusing to provide warranty service just because a device has been opened, or a so-called warranty label has been broken.

So in short: they can no longer refuse to provide warranty service just because you have opened your router. At least in the US - laws might differ in other countries.

 

[john9527]

So in short: they can no longer refuse to provide warranty service just because you have opened your router. At least in the US - laws might differ in other countries.

First time I ever saw the warranty requirements made less strict...

 

[john9527]

So if I am on AC68U I need to use this option or no option if I choose 1.1.1.1 DNS?

If the DNS server supports DNSSEC, you should select it. This will use DNSSEC if available, but not fail the DNS requests if it gets a bad DNSSEC response. You should also use the strict option, which will fail the DNS request on a bad DNSSEC response (this will become the default in the next dnssmasq release).

 

[jrmwvu04]

First time I ever saw the warranty requirements made less strict...

It’s not, really. The law was already this way (stickers/opening a device don’t really invalidate the warranty), they’re just actually enforcing it for a change.

 

[RMerlin]

First time I ever saw the warranty requirements made less strict...

Someone filed a complain to the authorities that such restrictions in the US were actually illegal. So, not out of Asus's own choice...

 

[nash16]

Official RT-AC66U firmware revamped to: 3.0.0.4.382.50470

Changelog:
- Support multi-language (UTF-8) network name
(Windows XP and Windows 7 do not support UTF-8 format SSID. These two OS may see gibberish if using multi-language SSID.)
- Improved system stability.
- Improved compatibility for IntelⓇ CentrinoⓇ 802.11ac card.
- Fixed XSS vulnerability. Thanks to Yonghui Han of Fortinet's FortiGuard Labs.
- Fixed CVE-2018-8877, CVE-2018-8878, CVE-2018-8879
- Fixed plain text password vulnerability in lighttpd.
- Modified Quick Internet Setup wizard process.
- Main SSID and guest network can hide independently.
- Fixed AiCloud login issue.

 

[ColinTaylor]

Official RT-AC66U firmware revamped to: 3.0.0.4.382.50470

How is this relevant to this thread?

 

[krick]

ARM users who want DNSCrypt can use @bigeyes0x0 DNSCrypt installer (it should work on my fork, but needs to be tested). MIPS routers, sorry, no more DNSCrypt, but you should get DNS over TLS.

Would it be possible to add some info to the first page to indicate which models are ARM and which are MIPS?

 

[reerden]

@john9527 Any indication when the next release will be? Considering there hasn't been a commit in the last couple of months on Github.

I'm considering switching to your firmware for my AC66U, but I'm debating if I should go for stock or this build.

 

[RMerlin]

@john9527 Any indication when the next release will be? Considering there hasn't been a commit in the last couple of months on Github.

I'm considering switching to your firmware for my AC66U, but I'm debating if I should go for stock or this build.

John has a different workflow from me, he only commits to Github after he issues a new release. So, nothing unusual with lack of recent Git commits.

 

[kfp]

John has a different workflow from me, he only commits to Github after he issues a new release. So, nothing unusual with lack of recent Git commits.

The latest (V32E4) was never pushed. Last commit is on March 12th for V31E6.