[Release] Asuswrt-Merlin 384.11 is available

[telUK]

Will update this weekend, I have skipped a few versions, so feel this is the time to update.

I know this gets asked a lot, but to just to be sure does a reset (restore) via the GUI clear the nvram as well?

Thanks RMerlin

 

[Treadler]

Will update this weekend, I have skipped a few versions, so feel this is the time to update.

I know this gets asked a lot, but to just to be sure does a reset (restore) via the GUI clear the nvram as well?

Thanks RMerlin

http://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/

 

[Delusion]

Have been running the new version for 8 hours 37 minute(s) 4 seconds and everything is fine at least on my setup, however, some devices fail to connect to 5GHz wifi unless I choose a channel manually , other then that, works great for me.

 

[Swistheater]

I loosely followed the beta thread so I know that people had issues with cloudflare + DNSSEC but I am confused. I just upgraded tonight, enabled DoT (to cloudflare, which I was already using) without issue. When I go to the cloudflare test page with DNSSEC disabled, it tells me that I am verifying DNSSEC. When I actually enable DNSSEC, it still tells me that I am validating but that I am no longer running DoT. People mentioned this as a bug in the beta thread, but also mentioned that DNSSEC should be disabled with cloudflare. What settings should I use? Is DNSSEC with "Validate unsigned DNSSEC replies" worth it? The tooltip for the validate option mentions a performance impact. People in the beta thread also mentioned that most websites don't support DNSSEC.

I should also add that besides the cloudflare test page saying that I am verifying DNSSEC when I have the option disabled, https://dnssec.vs.uni-due.de/ also says I am verifying. How is that working if I have it disabled?

All cloudflare testpages fail with dot+dnssec due to the test not being able to run properly with dnssec enabled. Cloudflare test only support being runned with it off and only test for the fact that cloudflare itself can validate and not that end user can validate.

 

[telUK]

http://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/

Thanks, I did read that but still wasn't sure, from that info it sounds like a reset will clear nvram also.

 

[martinr]

Thanks, I did read that but still wasn't sure, from that info it sounds like a reset will clear nvram also.

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

Do read the tread through to the end: there’s good info there. Follow L&LD’s guide with no short cuts and all will be well.

 

[telUK]

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

Do read the tread through to the end: there’s good info there. Follow L&LD’s guide with no short cuts and all will be well.

I will follow that when I update, cheers. Not sure if format of JFFS partition at next reboot is required for myself but I will try it anyway.

Also whats that preamble type: short setting do, I have it set to default (long).

 

[bbunge]

Anyone else having issues getting an IP with a bridged modem?

No

Sent from my SM-T380 using Tapatalk

 

[Swistheater]

So i ran tcpdump -s 0 -ni eth0 -p port 853 -w /tmp/mnt/whateverUsbdevice/mycap.pcap
then I opened it on wireshark and inspected some points

end to end encryption

 

[PoloNes]

Hello,

I used beta 2 and lost DNS using DOT + DNSSEC.
I only activated the DOT and even lost the DNS, even though I was connected to the internet.

With 384.11 the same thing, using DOT and cleanbrowsing.

DNS loss using DOT happens after a few hours.

No idea what's going on.

May  8 21:54:19 kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -1570 pad) in eraseblock at 002a0000
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:21 acsd: Adjusted channel spec: 0x1005 (5)
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: Adjusted channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:55:27 kernel: jffs2: warning: (750) jffs2_sum_write_data: Not enough space for summary, padsize = -1724
May  8 21:56:58 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link DOWN.
May  8 21:57:01 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link UP 10 mbps full duplex

 

[Swistheater]

Hello,

I used beta 2 and lost DNS using DOT + DNSSEC.
I only activated the DOT and even lost the DNS, even though I was connected to the internet.

With 384.11 the same thing, using DOT and cleanbrowsing.

DNS loss using DOT happens after a few hours.

No idea what's going on.

May  8 21:54:19 kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -1570 pad) in eraseblock at 002a0000
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:21 acsd: Adjusted channel spec: 0x1005 (5)
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: Adjusted channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:55:27 kernel: jffs2: warning: (750) jffs2_sum_write_data: Not enough space for summary, padsize = -1724
May  8 21:56:58 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link DOWN.
May  8 21:57:01 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link UP 10 mbps full duplex

i don't see DoT being lost by these logs - I see an ethernet device having issues communicating to the router.

 

[Swistheater]

another interesting test showing encryption layer change

 

[Swistheater]

Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?

did you select the wrong one to reply to?

 

[dvohwinkel]

Do you have skynet installed?

Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?

 

[Swistheater]

Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?

Yes

 

[MDM]

This time update was not smooth. And first ewer, it asked for manual reboot, without even needing it?

 

[DarkKnight75]

Just updated to Merlin 384.11 on my AC86U..running smooth

 

[xus2]

Hello everyone, thank you for your work on router.
I have a small problem I can't seem to find an answer. I have RT-AC1900U and on 384.11 right now. In Network Map > Client List, it's always a mess and mostly names of my devices becomes 'nw_ap_1552_sykevr_11'. I could not find any info on that. Sometimes they get unrelated icons, sometimes they get unrelated icons and nothing seems to fix it (reboot, restore with initializing settings). I'm attaching an example screenshot.

Thank you.

 

[Therion87]

For clarification.

When selecting presets for DoT do we need to add a TLS port or SPKI Fingerprint? Or is leaving them blank fine?

 

[Kingp1n]

For clarification.

When selecting presets for DoT do we need to add a TLS port or SPKI Fingerprint? Or is leaving them blank fine?

The question for me would is Comcast uses SPKI fingerprint ? However, please see link below per RMerlin:
https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy

It will only get linked to the Wiki index after 384.11 final is released.

In short, you don't need to change anything in the DNS fields. These should be left as they were before, just enable DNS Privacy, and add servers to the DNS-over-TLS list below.