Asuswrt-Merlin 384.11 is now available for all supported models. This is a fairly big update which brings a number of new features.
The highlights:
- New DNS Privacy feature, with DNS-over-TLS support. Configurable under WAN -> Internet Connection, this feature lets you connect with DNS servers that support DNS-over-TLS (DoT). DoT allows your DNS queries to be encrypted, preventing snooping from your ISP or anyone else in transit. Please visit https://dnsprivacy.org/wiki/ for more info on this protocol.
- Replaced the custom ntpclient with an ntp daemon. This daemon acts as a client (to sync your router's clock with the NTP servers configured on the router's System -> Administration page), but it can also be used as an ntp server for your LAN devices. Server functionality can be enabled on the System Administration page. Afterward, you can either configure your LAN clients to use your router's IP as their NTP server, or enable the option to intercept NTP requests and automatically redirect them to your router's NTPD.
- Updated some of the Network Tools to use Asus's new Netool service (RT-AC86U and RT-AX88U only). This allows the addition of a new visual ping for instance.
- GPL merges: 384_5951 (RT-AX88U), 384_45713 (all other models). Note that the RT-AC87U and RT-AC3200 are still using the 384_45149 binary blobs for their closed source components.
- Component updates: nano (4.0), curl (7.64.1), dropbear (2019.78).
- Reworked the Firmware Upgrade page. The option to enable/disable automated checks are now on that page, and support for the Beta channel has been removed. Also, the popup reporting a new firmware release will now display that new firmware's version.
- Cleanups to the DDNS page (removed the annoying alert() popups, and moved the notification within the page itself)
- Moved some DNS settings (like DNSSEC) from the DHCP to the Internet Connection page
- Moved LED control to the System -> Administration page
- Editing devices on the Network Map will no longer restart your entire network, only dnsmasq itself. It means that blocking Internet access through it might not immediately come into effect, however the previous behaviour made it impossible to edit multiple clients.
- Custom config/script changes: added service-event-end (run at the end of an rc service event, same parameter as service-event), stubby.postconf/add support (for customizing the DNS Privacy configuration). pre-mount will now receive the filesystem as a second argument.
- Reboot Scheduler should be more reliable and less likely to corrupt plugged USB disks now
- Security issue CVE-2019-1543 resolved in OpenSSL 1.1.x
Please review the changelog for a complete list of changes.
Anyone donating through Paypal: if you do so specifically for the addition of DNS-over-TLS, please leave a note in your donation, so I can forward your donation to
@themiron who did about 90% of the implementation. (the last 10% I did was mostly webui stuff around it, like implementing the preset management).
Downloads are
here.
Changelog is
here.