Asuswrt-Merlin 380.66 is now available for all supported models. This version merges Asus's GPL 380_7378, and includes various fixes and enhancements.
The highlight:
- Merged with Asus's GPL 3.0.0.4.380_7378. This includes security fixes, and allows to define an allowed source IP when defining a port forward rule. Also, some models gained Airtime Fairness support, which might cause issues with some wireless clients. If it does, I recommend disabling it.
- New Policy Rules mode for OpenVPN clients called "Policy Rules (strict)". In this mode, the OpenVPN client routing table will only contain rules specific to its tunnel, which will reduce the chances of leaks, or conflict with other simultaneous tunnels. I recommend using this mode, unless you have a special setup that requires manual static routes to work with your tunnelled clients.
- New option to disable the constant DNS-based Internet connectivity test. The option is within Tools -> Other Settings, in the Tweaks section.
- You can now disable the use of a DH with OpenVPN, by entering "none" in the DH cert field.
- Numerous enhancements to the ovpn OpenVPN config import procedure, adding support for "reneg-sec" and "port", multi-parameters "remote", dealing with cipher/digests entered in lower-case, and better feedback during the procedure.
- Updated components: OpenVPN (2.4.2), LZ4 (1.7.5), Tor (0.2.9.10) and nano (2.8.1).
- SSL certificates generated for HTTPS access to the webui will now contain valid SANs, preventing some of the security complains generated by browsers. The SANs will include the router's IP, the generic built-in router.asus.com name, as well as your DDNS name (if a valid one can be determined)
- Improvements to the UPNP daemon, might help various UPNP applications such as game consoles and DLNA servers.
- Disabled multicast_snooping on the LAN bridge, which could cause conflicts with EMF, DLNA, and other multicast-based applications. If for some reason this created new issues, you can re-enable it under Tools -> Other Settings, in the Tweaks section.
- OpenVPN fixes: fully disable Cipher Negotiation (NCP) if you do so on the webui, fixed server running in an IPv4/IPv6 setup with udp.
- Applied fix to the kernel against CVE-2016-10229 (unsure if kernel was actually vulnerable, but the fix is there nonetheless)
- Various other fixes
- Freshly repainted website
Note that you can no longer edit existing Port Forward rules, as the edit code is incompatible with Asus's new version of that page. This feature might make it back in a future release once it gets re-designed to work with the new code. For now, you will have to remove and re-add any foward you wish to change, like in the stock firmware.
Please consult the changelog for the complete list of changes.
Downloads are
here.
Changelog is
here.