[Release] Asuswrt-Merlin 384.11 is available

[Marin]

Up to you, just be aware that if your USB disk isn't properly recognized while in USB2 mode, then it's not compatible and will require to keep it set to USB3 mode.

One thing that can help with interference is using an USB extension cable to move the stick away from the router. Make sure to use a quality one however, with proper shielding. A 1$ cable from Aliexpress might not cut it...



Plugged a USB disk (in a Vantech metal enclosure at the time) to the USB 3 port. Connected the laptop to the 2.4 GHz band, and started copying files to/from the USB disk, watching for abnormal throughput instability.

I haven't redone that test since back in the RT-AC68U days when people mentioned it was an issue back then.

Good to know. Thank you very much!


Sent from my iPhone using Tapatalk

 

[Marin]

Thanks for popping in. I don't want to derail the thread, but the SanDisk Ultra Fit are notorious for being super hot in USB 3. USB 2 is cool as a cucumber.

Interesting. That is what I use and I have noticed that even when in a USB2 they get quite warm.


Sent from my iPhone using Tapatalk

 

[dave14305]

I am unsure about:

WAN > Internet Connection > WAN DNS Setting (all settings here OK?)

I don’t think you should enable “Forward local domain queries to upstream DNS servers”. Otherwise, everything seems correct. Disclaimer: I don’t use vpn server or client on my router, so I won’t comment on your other settings.

 

[Asad Ali]

There never was a filter on that page. You must be confusing it with the Classification page (under QoS).

There was and its still there in non-HND routers, see the attached image:

 

[Treadler]

Just updated my RT-AC68U to 384.11, all is working fine. I have set up DNS-over-TLS and that too seems to be working correctly. (according to dnsleaktest.com)
As I honestly don't really understand this stuff and mostly just fumble my way along, I would really appreciate hearing from anyone who can tell me if my settings are alright, or if maybe something should be adjusted.

I am unsure about:

WAN > Internet Connection > WAN DNS Setting (all settings here OK?)
VPN > VPN Server > Client will use VPN to access (what should this be?)

I am running two VPN Clients and YazFi:
Main network on Client 1,
2.4 Guest on Client 1
5.0 Guest on Client 2

Thank you.

Forward queries to upstream dns, I have that disabled. YMMV.

 

[criminala]

After upgrading from .10_2 to .11 i notice my pppoe connection often dropping without reconnecting . I have tried both setting DNS probe and PPP echo in wan settings to keep the internet connection open , but every so often it goes down and stays down .

In the log i don't see many oddities other than

"
May 10 23:36:13 WAN_Connection: WAN was exceptionally disconnected.
May 10 23:36:13 nat: apply redirect rules
"

 

[chris2kari]

Asuswrt-Merlin 384.11 is now available for all supported models. This is a fairly big update which brings a number of new features.

The highlights:

• New DNS Privacy feature, with DNS-over-TLS support. Configurable under WAN -> Internet Connection, this feature lets you connect with DNS servers that support DNS-over-TLS (DoT). DoT allows your DNS queries to be encrypted, preventing snooping from your ISP or anyone else in transit. Please visit https://dnsprivacy.org/wiki/ for more info on this protocol.
• Replaced the custom ntpclient with an ntp daemon. This daemon acts as a client (to sync your router's clock with the NTP servers configured on the router's System -> Administration page), but it can also be used as an ntp server for your LAN devices. Server functionality can be enabled on the System Administration page. Afterward, you can either configure your LAN clients to use your router's IP as their NTP server, or enable the option to intercept NTP requests and automatically redirect them to your router's NTPD.
• Updated some of the Network Tools to use Asus's new Netool service (RT-AC86U and RT-AX88U only). This allows the addition of a new visual ping for instance.
• GPL merges: 384_5951 (RT-AX88U), 384_45713 (all other models). Note that the RT-AC87U and RT-AC3200 are still using the 384_45149 binary blobs for their closed source components.
• Component updates: nano (4.0), curl (7.64.1), dropbear (2019.78).
• Reworked the Firmware Upgrade page. The option to enable/disable automated checks are now on that page, and support for the Beta channel has been removed. Also, the popup reporting a new firmware release will now display that new firmware's version.
• Cleanups to the DDNS page (removed the annoying alert() popups, and moved the notification within the page itself)
• Moved some DNS settings (like DNSSEC) from the DHCP to the Internet Connection page
• Moved LED control to the System -> Administration page
• Editing devices on the Network Map will no longer restart your entire network, only dnsmasq itself. It means that blocking Internet access through it might not immediately come into effect, however the previous behaviour made it impossible to edit multiple clients.
• Custom config/script changes: added service-event-end (run at the end of an rc service event, same parameter as service-event), stubby.postconf/add support (for customizing the DNS Privacy configuration). pre-mount will now receive the filesystem as a second argument.
• Reboot Scheduler should be more reliable and less likely to corrupt plugged USB disks now
• Security issue CVE-2019-1543 resolved in OpenSSL 1.1.x

Please review the changelog for a complete list of changes.

Anyone donating through Paypal: if you do so specifically for the addition of DNS-over-TLS, please leave a note in your donation, so I can forward your donation to @themiron who did about 90% of the implementation. (the last 10% I did was mostly webui stuff around it, like implementing the preset management).


Downloads are here.
Changelog is here.

Dirty upgraded RT-AC68U to Beta 1 -> Beta 2 -> 384.11 release. Smooth as silk.
DoT is absolutely fantastic to finally have. *
Really nice job man, thank you Eric.

* As soon as I get my CCard replaced after the latest internet defrauding I will be making a donation.

 

[Argonaut]

Hi all, sorry if this has been asked before but regarding the new implementation of the NTP Daemon in 384.11:-

I would like to reference an internal NTP server on my LAN (a LeoNTP GPS server) in the GUI.

Whenever I try it keeps defaulting to pool.ntp.org it seems

Do I have to make changes in the config file to make this happen or am I missing something here?

 

[dave14305]

Hi all, sorry if this has been asked before but regarding the new implementation of the NTP Daemon in 384.11:-

I would like to reference an internal NTP server on my LAN (a LeoNTP GPS server) in the GUI.

Whenever I try it keeps defaulting to pool.ntp.org it seems

Do I have to make changes in the config file to make this happen or am I missing something here?

That would happen if it thinks you don’t have an NTP Server defined in the GUI. What does yours say? Make sure it’s in the first NTP server field. How are you referring to it? By IP?

 

[Argonaut]

Yes I have e.g. 192.168.0.14 in the first field.

In the second field I have 192.168.0.15 (another local network NTP server)

 

[dave14305]

Yes I have e.g. 192.168.0.14 in the first field.

In the second field I have 192.168.0.15 (another local network NTP server)

Can you login to the router over ssh and run this command?

ps w | grep ntp

 

[Argonaut]

Yes I get:-

admin@RT-AC86U-04A8:/tmp/home/root# ps w | grep ntp
1522 admin 3364 S /usr/sbin/ntp -t -S /sbin/ntpd_synced -p 192.168.0.14 -l -I br0
1633 admin 3368 R grep ntp

 

[dave14305]

Yes I get:-

admin@RT-AC86U-04A8:/tmp/home/root# ps w | grep ntp
1522 admin 3364 S /usr/sbin/ntp -t -S /sbin/ntpd_synced -p 192.168.0.14 -l -I br0
1633 admin 3368 R grep ntp

That looks good, so where’s your evidence of it using pool.ntp.org?

 

[Argonaut]

But when I look at the output from Time Server Monitor by Meinberg 1.04 running on my PC I get the following which indicates the router is using 71-80-83-0 etc as it's reference??


State Remote Refid Stratum Type When Poll Reach Delay Offset Jitter
LOCAL(0) LOCL 9 Local clock 106m 64 000 0.000 0.000 0.000
- router.asus.com 71-80-83-0.dhcp.kgpt.tn.charter.com 2 Unicast server 22 32 177 0.223 0.526 0.216

 

[Argonaut]

I did read somewhere that ntpq is not working/implemented in 384.11

Could this have something to do with it?

 

[EmeraldDeer]

But when I look at the output from Time Server Monitor by Meinberg 1.04 running on my PC I get the following which indicates the router is using 71-80-83-0 etc as it's reference??


State Remote Refid Stratum Type When Poll Reach Delay Offset Jitter
LOCAL(0) LOCL 9 Local clock 106m 64 000 0.000 0.000 0.000
- router.asus.com 71-80-83-0.dhcp.kgpt.tn.charter.com 2 Unicast server 22 32 177 0.223 0.526 0.216

Right, the Refid for router.asus.com should be LeoNTP. I am using ntpMerlin rather than firmware BusyBox ntpd.

 

[Argonaut]

Right, the Refid for router.asus.com should be LeoNTP. I am using ntpMerlin rather than firmware BusyBox ntpd.
View attachment 17567

Yes precisely the issue EmeraldDeer thank-you!

So is it a case of the router mis-reporting it's sync source (Refid) or is it actually using a Refid different to the one I set in the GUI?

 

[EmeraldDeer]

I did read somewhere that ntpq is not working/implemented in 384.11

Could this have something to do with it?

I don't know.

ntpq does not come with firmware ntpd. You can install it from Entware, but firmware ntpd has no way to allow the necessary permissions for ntpq to query it.

The Windows Meinberg NTP Server Monitor is actually running ntpq against the Windows ntp daemon. I do not know how the Refid is passed (ntpq?) from a remote NTP server. If it were ntpq, then I would expect a blank or error rather than an internet NTP server.

 

[EmeraldDeer]

Yes precisely the issue EmeraldDeer thank-you!

So is it a case of the router mis-reporting it's sync source (Refid) or is it actually using a Refid different to the one I set in the GUI?

I speculate that the Refid is accurate. For whatever reason, firmware NTP could not sync to your LAN NTP servers and used the pool.

I make use of DHCP static list to ensure that the LAN IP addresses of the NTP servers do not change.

 

[Argonaut]

I do not know how the Refid is passed (ntpq?) from a remote NTP server. If it were ntpq, then I would expect a blank or error rather than an internet NTP server.

Yes I would have thought that too - that there would be a blank or error.

So am I better off going down the install NTPDaemon for Merlin route?