[Release] Asuswrt-Merlin 384.10 is now available

[L&LD]

So I updated from 384.10 to 384.10_2 on my AC88U and within an hour my Sony TV lost its network connection shortly after using the check connection tool after which it complained my router wasn’t responding when I checked the network again. This was the same problem I had with 384.9.

I noticed something odd, which was the IP address reported by both the router and the TV (before it lost it) switched from x.x.x.22 to x.x.x.23. This was after the router was updated. For a brief while it was using both .22 and .23 before switching to .23.

I powered off the router and rebooted the TV. When everything came back up the TV and router both reported the DHCP assigned address was again x.x.x.22.

My guess as to what happened was that the router decided to change the address to x.x.x.23 for some reason (have no idea why since no other devices were using that) and even though the TV used it for a bit, it wasn’t happy with that.

I’m hoping rebooting everything resolved this since everything was working fine on 384.10 for a week. Under 384.9 the problem showed up within 24 hours.

Something apparently changed though between 384.8 and 384.9 with respect to ip assignment since there was no reason for the router to change the IP address of the TV, though the TV shouldn’t have freaked out because of that.

A reboot after about 10 minutes (assuming the CPU's are idling at that time, otherwise, continue to wait) of upgrading firmware to ensure that all services come up properly and then followed by another at least an hour afterward is not optional for me. After these two successful reboots, the network will be as stable as I can be (assuming no other bugs/glitches show up).

A full network and client equipment shutdown and proper/ordered powering up is what I perform for customers. I don't want to be called back because of a DHCP lease gone wack.

It is much easier to do this than to test every possible interaction between all clients and all workloads. Even if it seems I want to enjoy another coffee while we let the network 'cool off'.

 

[skeal]

I still use a custom version of @john9527's scripts.

For /jffs backup/restores, I've never stopped using it - useful for taking snapshots when developing scripts locally.

Spoiler: JFFS management

export OLDPWD=`pwd`;cd /mnt/`nvram get productid`/BackupScriptsJFFS;./jffs-restore.sh;cd $OLDPWD

jffs-restore.sh: JFFS Restore Utility - Version 26.1

1. jffs-201709121645_RT-AC68U-E4A0/
2. jffs-201709181925_RT-N66U-C978/
3. jffs-201809101938_RT-AC68U-E4A0/
4. jffs-201903281231_RT-AC68U-E4A0/
5. jffs-201903281529_RT-AC68U-E4A0/
6. jffs-201903281714_RT-AC68U-E4A0/
7. jffs-201903281717_RT-AC68U-E4A0/
8. jffs-201903281750_RT-AC68U-E4A0/
9. jffs-201903281925_RT-AC68U-E4A0/
10. jffs-201903282247_RT-AC68U-E4A0/
11. jffs-201903290928_RT-AC68U-E4A0/
12. jffs-201903290956_RT-AC68U-E4A0/
13. jffs-201903301256_RT-AC68U-E4A0/
14. jffs-201903301302_RT-AC68U-E4A0/
15. jffs-201903302205_RT-AC68U-E4A0/
16. jffs-201903310749_RT-AC68U-E4A0/
17. jffs-201904021101_RT-AC68U-E4A0/
18. jffs-201904021105_RT-AC68U-E4A0/
19. jffs-201904021444_RT-AC68U-E4A0/
20. jffs-201904021550_RT-AC68U-E4A0/
21. jffs-201904022039_RT-AC68U-E4A0/
22. jffs-201904031110_RT-AC68U-E4A0/
23. jffs-201904031743_RT-AC68U-E4A0/

 Restore last saved /jffs/ ? (jffs-201904031743_RT-AC68U-E4A0) { n | Y } (or press ENTER to ABORT) >

 Restore aborted

For NVRAM variables I use custom .ini files, that have had to be altered since v382/4.xx - present

e.g. OpenVPN

Spoiler: Backup OpenVPN NVRAM variables on HND RT-AC86U

./nvram-save.sh -i ovpn.ini -nojffs -nouser

nvram-save.sh: NVRAM User Save Utility - Version 26.2 EIC Hacked for v384.xx+!!
nvram-save.sh: Saving RT-AC86U settings from firmware 384.10_2
nvram-save.sh: Runtime options: -i ovpn.ini -nojffs -nouser
nvram-save.sh: Using custom NVRAM variable file: ovpn.ini
nvram-save.sh: Running in Backup Mode

 Saving [System - Basic]                  0 secs (0   variables, Bytes=0    Total=0    )
 Saving [VPN Client 1]                    0 secs (17  variables, Bytes=743  Total=743  )
 Saving [VPN Client 2]                    0 secs (17  variables, Bytes=736  Total=1479 )
 Saving [VPN Client 3]                    0 secs (17  variables, Bytes=169  Total=1648 )
 Saving [VPN Client 4]                    0 secs (17  variables, Bytes=32   Total=1680 )
 Saving [VPN Client 5]                    1 secs (17  variables, Bytes=32   Total=1712 )
 Saving [VPN Server Users]                0 secs (1   variables, Bytes=107  Total=1819 )
 Saving [VPN Server 1]                    0 secs (13  variables, Bytes=642  Total=2461 )
 Saving [VPN Server 2]                    0 secs (13  variables, Bytes=281  Total=2742 )

nvram-save.sh: Complete: User NVRAM saved to /tmp/mnt/RT-AC86U/BackupScriptsJFFS/nvram-restore-201904051207_RT-AC86U-6160.sh


jffs-save           201904051158_RT-AC86U-6160    Fri Apr  5 11:59:18 BST 2019
nvram-save.sh       201904051207_RT-AC86U-6160    Fri Apr  5 12:07:26 BST 2019    384.10_2                  ovpn.ini 0 minutes and 2 seconds elapsed, Total Bytes=2742

=======> ovpn.ini
# Hack to dynamically update the GUI
#
# see /jffs/scripts/openvpnclient1.postconf
# Usage ./nvram-save.sh -i ovpn.ini -nojffs -nouser

# The following line must ALWAYS be used
[System - Basic]

# Add User required NVRAM variables here.....

[VPN Client 1]
vpn_client1_desc
vpn_client1_addr
vpn_client1_proto
vpn_client1_port
vpn_client1_if
vpn_client1_userauth
vpn_client1_username
vpn_client1_password
vpn_client1_adns
vpn_client1_bridge
vpn_client1_cipher
vpn_client1_clientlist
vpn_client1_comp
vpn_client1_crypt
# Now in base64 format!! and was previously called vpn_clientX_custom2 but HND limited to 510 chars in 3 variables
vpn_client1_cust2
vpn_client1_cust21
vpn_client1_cust22

<snip>

[VPN Server Users]
vpn_serverx_clientlist

[VPN Server 1]
vpn_server1_port
vpn_server1_local
vpn_server1_sn
vpn_server1_cipher
vpn_server1_comp
vpn_server1_crypt
vpn_server1_c2c
vpn_server1_ccd
vpn_server1_userpass_auth
vpn_server1_rgw
# Now in base64 format!! and was previously called vpn_serverX_custom2 but HND limited to 510 chars in 3 variables
vpn_server1_cust2
vpn_client1_cust21
vpn_client1_cust22

@john9527's original design stands the test of time, and with care, can be used for 'Backup/Restore' of simple User fields once on the latest platforms.

Can't ever recall if I ever took advantage of the migrate feature, so I too had to manually reconfig by scratch … as solidly preached by @L&LD - wise words

Bravo sir!! This works really nice on the AX88U

 

[tallytr]

Something a tad important added.

Thanks, I switched to CloudFlare DNS, works great!

 

[bigeyes0x0]

Are these issues on .9 fixed on the 86U with 10_2?

- KNOWN ISSUE: dcd process crashing on RT-AC86U (bug in Trend
Micro's code, outside of my control).
- KNOWN ISSUE: IPv6s on Tracked Connections have their last
two bytes set to 00 (bug in Trend Micro's
code truncating the last two bytes).
- KNOWN ISSUE: No IPS events logged (bug in Asus's code,
IPS should work, just fails to log hits)
- KNOWN ISSUE: Networkmap listing may be unreliable.
(Bug in Asus's code)
- KNOWN ISSUE: Users failing to read changelogs will
probably complain about the above issues.
(Outside of my control).

 

[GuruGuy]

Are these issues on .9 fixed on the 86U with 10_2?

Post 476 of this thread. I'd say if it's not listed, not fixed. The dcd tainted is definitely not fixed; Asus issue still waiting on fix.

Version 384.10_2 is now available. Changes since 384.10:

  - CHANGED: Increased OpenVPN interface queue length from 100
             to 1000 bytes, to reduce the amount of dropped
             packets if router can't keep up.
  - CHANGED: Updated CA bundle to January 23rd version
  - FIXED: Moviestar VLAN routes weren't properly configured
           (broken quagga configuration)
  - FIXED: Layout issues on the Wireless Log page for some
           models
  - FIXED: Missing tooltip content for the new local DNS
           resolution setting on the Tweak page
  - FIXED: FAQ URL on Bandwidth Monitor points to a non-existing
           page on Asus's servers (point to old page for now)
  - FIXED: OpenVPN CA would be overwritten if there was no
           server key or cert present - only generate them
           if all three are missing.
  - FIXED: Bandwidth Limiter not working properly in some
           cases, as it failed to disable hardware acceleration

 

[Xentrk]

I made the jump to 384.10_2 and my RT-AC5300 works great so far. Thank you @RMerlin !

With my IoT madness, I'm at way over 100 smart things and was looking for the workaround to assign static IPs to all of my devices, or at least to have smart bulbs on .100-119, smart plugs on .120-139, etc.

It'd be very handy if the "Manually Assigned IP around the DHCP list FAQ" at /Advanced_DHCP_Content.asp could be updated to point to the forum entry explaining how this is done? It currently points to and Oops 404 page link at https://www.asus.com/support/FAQ/1000906

Thanks!

What I did at one site I support is created an excel file with the mac address, description and IP address. I then saved it to a comma delimited file and pasted the entries in /jffs/configs/dnsmasq.conf.add. The 1440 is the lease time.

dhcp-host=49:EF:0C:24:7F:16,D-Link-AP,192.168.2.10,1440
dhcp-host=11:20:AE:5E:86:63,Security-Camera-DVR,192.168.2.200,1440
dhcp-host=94:C9:B2:5D:F5:04,D-Link_Switch,192.168.2.201,1440
<snip>

Once done, bounce dnsmasq using the command service restart_dnsmasq to apply or bounce the router. One still has to do the dirty work of manual entry. But it's much easier in the excel file than the WAN GUI when you have than a dozen entries.

Source: https://x3mtek.com/asuswrt-merlin-firmware-upgrade/

 

[Odkrys]

HDD Hibernation doesn't work.
Any changing in Admin->system page does not apply to processor.


Edit : duplicated code in mainline branch.
https://github.com/RMerl/asuswrt-me...c/router/www/Advanced_System_Content.asp#L502

https://github.com/RMerl/asuswrt-me...c/router/www/Advanced_System_Content.asp#L542

 

[ppfoong]

HDD Hibernation doesn't work.
Any changing in Admin->system page does not apply to processor.

It works for me.

Take note that the 3rd row is an EXCLUDE list, not an include list. If you tick on any of the devices, they will not be hibernated.

 

[ppfoong]

Are these issues on .9 fixed on the 86U with 10_2?

- KNOWN ISSUE: dcd process crashing on RT-AC86U (bug in Trend
Micro's code, outside of my control).

=> Never face problem with this (finger crossed).

- KNOWN ISSUE: IPv6s on Tracked Connections have their last
two bytes set to 00 (bug in Trend Micro's
code truncating the last two bytes).

=> IPv6 in System Log is OK.
=> IPv6 in Classification ends with 00.


- KNOWN ISSUE: No IPS events logged (bug in Asus's code,
IPS should work, just fails to log hits)

Not sure about 10_2 as no log captured yet. Last log captured was on 31 March with 10.

- KNOWN ISSUE: Networkmap listing may be unreliable.
(Bug in Asus's code)

The list might be shorter than actual number of connected devices. Wait for some times, all of them will eventually appear.

 

[RMerlin]

Are these issues on .9 fixed on the 86U with 10_2?

No as there was no new GPL code merged in.

 

[TheKolaNN]

The issue doesn't seem to be 384.10 (or the newer one 384.10_2), it seems to be an issue on your ISP's side. Including the fact that you don't think that a full M&M Config may even fix or at least minimize these issues fully for you too.

Do I understand correctly that you turn your router off at night?

No which circumstances you assume this is not 384.10 related issue?
No, I never turn off my router, unless it hangs like on 384.10
I tried M&M config. No luck. Reverting to 384.9.

 

[L&LD]

No which circumstances you assume this is not 384.10 related issue?
No, I never turn off my router, unless it hangs like on 384.10
I tried M&M config. No luck. Reverting to 384.9.

Just a hunch because not many are facing this issue. If it was the firmware, there would be many, many more posts matching yours.

What changes off of defaults do you make?

 

[TheKolaNN]

Just a hunch because not many are facing this issue. If it was the firmware, there would be many, many more posts matching yours.

What changes off of defaults do you make?

There were some people reporting router halt on this thread.

My changes:
DHCP Static IP settings, Time lease 30 min, DHCP pool change,
OpenVPN server,
PPPoE ISP + VLAN (VPN + DHCP off),
QOS Analyzer On,
Network Analyzer On,
Reboot scheduler.
I think that's more less everything.

 

[L&LD]

There were some people reporting router halt on this thread.

My changes:
DHCP Static IP settings, Time lease 30 min, DHCP pool change,
OpenVPN server,
PPPoE ISP + VLAN (VPN + DHCP off),
QOS Analyzer On,
Network Analyzer On,
Reboot scheduler.
I think that's more less everything.

What is QOS and Network Analyzer? Why do you need to reboot on a schedule?

 

[TheKolaNN]

What is QOS and Network Analyzer? Why do you need to reboot on a schedule?

There is a good reason behind that. My ISP is renewing WAN IP address every 24 hours and I do not want this to be done the exact hour I turned on the router (most likely during the day or working hours). Restart at 5 AM ensures me that the IP will not change when I am using the internet.

I already answered you the second question previously, so to get story short - I need it. Is it a blocker so you keep asking that question?

Answering first question I got my GUI in different language so I guess I translated it wrong.
This settings can be found under General tab - Adaptive QOS (Application analyze) and Network Analyzer - Statistics turned On.

 

[L&LD]

I already answered you the second question previously, so to get story short - I need it. Is it a blocker so you keep asking that question?

Answering first question I got my GUI in different language so I guess I translated it wrong.
This settings can be found under General tab - Adaptive QOS (Application analyze) and Network Analyzer - Statistics turned On.

Sorry if you've already answered, but I don't remember. The answer you give now still begs 'why'. Rebooting the network router isn't a feature, it is a response for something on the network behaving badly, I believe.

Okay, so how is the Adaptive QoS setup? Maybe there are better settings to try. What are your ISP speeds?

The Network Analyzer is problematic for some. I have never used it. If you run your network without it, does it stay stable?

Just trying to help here, you don't need to accept it.

 

[AntonK]

DNS question. Is there any known reason not to use DNS 1.1.1.1 or 1.0.0.1 in this f/w? I heard that it causes problems in some brands of routers. Many thanks.

I have been using Quad9 DNS for quite some time now. I've had no issues with any release of RMerlin's firmware. (9.9.9.9, 149.112.112.112).

 

[TheKolaNN]

Sorry if you've already answered, but I don't remember. The answer you give now still begs 'why'. Rebooting the network router isn't a feature, it is a response for something on the network behaving badly, I believe.

Okay, so how is the Adaptive QoS setup? Maybe there are better settings to try. What are your ISP speeds?

The Network Analyzer is problematic for some. I have never used it. If you run your network without it, does it stay stable?

Just trying to help here, you don't need to accept it.

I will accept all help, but please understand I feel hopeless at this moment.
As I said, I did not find any better way to secure my ISP doesn't change IP during the day, when router user is gaming lets say (instant disconnect for about 1-3 minutes). WAN DHCP lease time is 24 hours.
When I reboot the router at 5 AM, nobody uses the internet and IP lease lasts 24 hours, so during the day I can use it with no interruption.
Hope this feed your curiosity

In Adaptive QOS I just turn on Aplication analyzer. QOS feature itself is disabled. I don't like QOS in any way, since there is no sense using it on 1000 Mbit/s optic fiber.

I always had Network analyzer turned on, but problems started since 384.10.x. I can give a try turning it off for some time, but first I want to check 384.9 - I already reverted so now there is no point to turn Network analyzer off.

 

[L&LD]

I will accept all help, but please understand I feel hopeless at this moment.
As I said, I did not find any better way to secure my ISP doesn't change IP during the day, when router user is gaming lets say (instant disconnect for about 1-3 minutes.
When I reboot the router at 5 AM, nobody uses the internet and IP lease lasts 24 hours, so during the day I can use it with no interruption.
Hope this feed your curiosity

In Adaptive QOS I just turn on Aplication analyzer. QOS feature itself is disabled. I don't like QOS in any way, since there is no sense using it on 1000 Mbit/s optic fiber.

I always had Network analyzer turned on, but problems started since 384.10.x. I can give a try turning it off for some time, but first I want to check 384.9 - I already reverted so now there is no point to turn Network analyzer off.

See, this is why we have to keep talking.

I don't believe your ISP changes IP randomly during peak hours. I don't know any ISP that would do that, continuously.

I believe the combination of 'features' you're using is what may be causing all the issues, including the need to reboot the router too on a regular basis. I may be wrong, but it would be worth testing, IMO.

384.10_2 and all future firmware versions are created because they fix something that was previously broken. Not that they can't introduce their own bugs, of course. But staying on an old version indefinitely isn't the solution either.

See how you find 384.9 and maybe wait until 384.11 comes out.

I know that the features you're using I never enable them for customers (for a reason, they are not stable enough to be recommended). Maybe there are alternatives if you really need the information they provide though?

 

[TheKolaNN]

See, this is why we have to keep talking.

I don't believe your ISP changes IP randomly during peak hours. I don't know any ISP that would do that, continuously.

I believe the combination of 'features' you're using is what may be causing all the issues, including the need to reboot the router too on a regular basis. I may be wrong, but it would be worth testing, IMO.

384.10_2 and all future firmware versions are created because they fix something that was previously broken. Not that they can't introduce their own bugs, of course. But staying on an old version indefinitely isn't the solution either.

See how you find 384.9 and maybe wait until 384.11 comes out.

I know that the features you're using I never enable them for customers (for a reason, they are not stable enough to be recommended). Maybe there are alternatives if you really need the information they provide though?

IP is not changing randomly. It changes every 24 hours.
Imagine situation when you buy new router and set it up at 5 PM. Every next days you play CS:GO between 4.30 and 5.30. At 5 you get disconnected because your IP changed to a completely different one.
So that's why I set up recurring reboot in the system. So the IP lease is gone at the same time the router reboots.
Hope now you get the point.

I will try 384.9 for couple of days and let you know.
Then we will try other ideas.
Many thanks for help, I appreciate it!