[Release] Asuswrt-Merlin 384.11 is available

[netmik3]

Thanks. One of the more exciting updates!

Loving quad9 dot.

 

[SheikhSheikha]

Set channel BW to 20 Mhz for stable connection. Protected mgmt frames to capable. Bluetooth coex - disable. Preamble - short
Tx bursting - disable. Optimize ampdu - enable

The proposed settings did not make a difference. Thank you for the effort.

 

[Sanna1967]

I tried with 2 different browsers(firefox,edge), and when I click on "Check" Firmware Version(Firmware Upgrade Tab), the link goes to the Asus Site
https://www.asus.com/Networking/RT-AC86U/HelpDesk_Download/

* Yes i am realy under 384.11 , not on 45713

 

[keteflips]

Same proble with ac88u.
The tv stop working :-(
Can you tell me in private the spanish forum?, im spanish too

Its posible a new beta version switching this change between the last beta and the final? it will be very usefull for movistar user

thanks

+1 what spanish forum?

 

[fer_j_lop]

+1 what spanish forum?

AC87U: Movistar IPTV KO with 384.11. Rolled back to 384.10_2 and OK.

 

[elnash]

+1 what spanish forum?

Spanish forum where you can ask is in ADSLzone, I currently ac86u with the recent incorporation of the tirple vlan is going well for now. Supposedly you are Spanish but I write you in English because it is forbidden to speak in that language other than English in this forum.

 

[Gar]

Set channel BW to 20 Mhz for stable connection. Protected mgmt frames to capable. Bluetooth coex - disable. Preamble - short
Tx bursting - disable. Optimize ampdu - enable

Do you recommend these settings for 5g also? Or just 2.4? Haven't messed with some of these settings before.

 

[joe scian]

Do you recommend these settings for 5g also? Or just 2.4? Haven't messed with some of these settings before.

5G - 80 Mhz and disable -Optimize AMPDU aggregation. Make sure 802.11 beamforming enable and universal beamforming - disable.

 

[Xentrk]

Hi Xentrx,

Please share away! That's what makes Asuswrt-merlin and the community so strong.

As far as a modification, you can add ">> /jffs/configs/dnsmasq.conf.add" to the end of the script.
What I like to do is save a copy - usually on my Entware partition. I use this as my working copy. If I edit, I then copy to /jffs/configs and do a "service restart_dnsmasq" to have the new version added to /etc/dnsmasq.conf.

The other aspect I like about this method - portability. You can move this to any router that uses dnsmasq.

On one site I support, I migrated the dhcp reservations from a DD-WRT router to Asuswrt-Merlin router. I used the default least time of 1440:

dhcp-host=C5:BG:F9:9C:EF:07,192.168.1.11,My-Device,1440

Makes me curious to know what the default lease time is on Asuswrt firmware. It is not listed on the dhcp static reservation page.

EDIT:

#nvram show | grep _lease
dhcp_lease=86400
lan_lease=86400
lan1_lease=86400
dhcp1_lease=86400

86400 sec/60=1440 min/60 = 24 hours

EDIT 2:

Use this utility to save or restore dhcp static list nvram values

[1] - Save nvram dhcp static list to /opt/tmp/dhcp_staticlist.txt
[2] - Restore nvram dhcp static list from /opt/tmp/dhcp_staticlist.txt
[3] - Output DHCP Static List in dnsmasq.conf.add format
[4] - Append Output DHCP Static List to dnsmasq.conf.add
[5] - Disable Manual Assignment
[6] - Enable Manual Assignment
[7] - Save nvram dhcp_staticlist to /opt/tmp/dhcp_staticlist.txt and clear dhcp_staticlist
[e] - Exit

==>

 

[Swistheater]

noticed changes here https://github.com/RMerl/asuswrt-merlin.ng/commits/master
*likes this*

 

[Poseidon]

5G - 80 Mhz and disable -Optimize AMPDU aggregation. Make sure 802.11 beamforming enable and universal beamforming - disable.

What's the advantage of DISABLING that setting for 5GHz??? First time I've seen that someone recommended to disable that feature.

 

[Swistheater]

What's the advantage of DISABLING that setting for 5GHz??? First time I've seen that someone recommended to disable that feature.

some devices are not compatible with this feature.

 

[skeal]

What's the advantage of DISABLING that setting for 5GHz??? First time I've seen that someone recommended to disable that feature.

This is a suggestion for those that are having trouble with one thing or another. If you are not having problems, don't adopt these settings, or any other settings for that matter. If it isn't broke don't fix it.

 

[grifo]

noticed changes here https://github.com/RMerl/asuswrt-merlin.ng/commits/master
*likes this*

Nice, there are several ntpd fixes, thank you RMerlin.

 

[RMerlin]

Nice, there are several ntpd fixes, thank you RMerlin.

I backported anything related to ntpd that was potentially worth it, from the latest Busybox release. Don't know for sure if any of these affected us, but it was safer to backport them just in case. These should make it into 384.11_2 (the changes targeting 384.12 are in a separate branch for now).

 

[CriticJay]

What's the advantage of DISABLING that setting for 5GHz??? First time I've seen that someone recommended to disable that feature.

Sorry, but are you new here? RMerlin has recommended that all the time! Universal Beamforming is not part of the 802.11ac spec, therefore while it's good to enable 802.11ac Beamforming, it's not recommended to enable Universal Beamforming.

 

[QuikSilver]

Sorry, but are you new here? RMerlin has recommended that all the time! Universal Beamforming is not part of the 802.11ac spec, therefore while it's good to enable 802.11ac Beamforming, it's not recommended to enable Universal Beamforming.

I think what @CriticJay was trying to say was that its been recommended a few time by others including @RMerlin to disable. Couple links below for you to reference.
https://www.snbforums.com/threads/p...ices-using-merlin-rt-ac68u.55796/#post-475517
https://www.snbforums.com/threads/r...-4-is-now-available.45406/page-40#post-398408https://www.snbforums.com/threads/asus-ac86u-with-strange-problem.45505/#post-390713

 

[richardeid]

Just catching up here. I set up DoT. I have a couple questions. I've tried keeping up with the 384.11 beta thread and now this one but may have (probably did) missed some things.

1. Using tcpdump -i eth0 -p port 53 -n I am still seeing things like:

19:47:05.890215 IP google-public-dns-a.google.com.domain > {removed}.56964: 14956 1/0/0 A 172.217.8.3 (63)
19:47:07.611725 IP {removed}.51936 > google-public-dns-a.google.com.domain: 11995+ A? lh6.googleusercontent.com. (43)
19:47:07.659410 IP google-public-dns-a.google.com.domain > {removed}.51936: 11995 2/0/0 CNAME googlehosted.l.googleusercontent.com., A 172.217.15.65 (88)

I'm not sure where that's coming from because I setup DoT to use Cloudflare. Is this from some device on my network forcing itself to use Google's DNS? I have some Google Home devices. Just want to make sure I'm set up right because the wiki page says that ideally I shouldn't be seeing anything on port 53 anymore.

2. Not sure if this is part of anything, but at https://www.cloudflare.com/ssl/encrypted-sni/ I see a ? on Secure DNS and an X on Encrypted SNI. Have I configured something incorrectly? Is this not really related to DoT?

3. I'm not 100% sure what I should be doing for WAN>Connect to DNS server automatically. Prior to 384.11 I set this to No and configured 1.1.1.1 and 1.0.0.1. Should I just leave this at Yes if I set up DoT? If I set it to No and use 1.1.1.1 and 1.0.0.1 again, what are the downsides to doing this and DoT at the same time? I read the wiki page, but it either doesn't answer this question for me or I'm not smart enough to put two and two together on this.

I'm so out of touch with this firmware now and I'm trying to catch up so I'm not sure if I have everything setup correctly anymore. 384.11 seemed like a big step forward for me and I haven't done a factory reset in forever, so I figured I might as well after I updated. I'm starting on a clean config and just want to make sure I get everything set up correctly before I just let my network run itself again.

 

[Swistheater]

Just catching up here. I set up DoT. I have a couple questions. I've tried keeping up with the 384.11 beta thread and now this one but may have (probably did) missed some things.

1. Using tcpdump -i eth0 -p port 53 -n I am still seeing things like:

19:47:05.890215 IP google-public-dns-a.google.com.domain > {removed}.56964: 14956 1/0/0 A 172.217.8.3 (63)
19:47:07.611725 IP {removed}.51936 > google-public-dns-a.google.com.domain: 11995+ A? lh6.googleusercontent.com. (43)
19:47:07.659410 IP google-public-dns-a.google.com.domain > {removed}.51936: 11995 2/0/0 CNAME googlehosted.l.googleusercontent.com., A 172.217.15.65 (88)

I'm not sure where that's coming from because I setup DoT to use Cloudflare. Is this from some device on my network forcing itself to use Google's DNS? I have some Google Home devices. Just want to make sure I'm set up right because the wiki page says that ideally I shouldn't be seeing anything on port 53 anymore.

2. Not sure if this is part of anything, but at https://www.cloudflare.com/ssl/encrypted-sni/ I see a ? on Secure DNS and an X on Encrypted SNI. Have I configured something incorrectly? Is this not really related to DoT?

3. I'm not 100% sure what I should be doing for WAN>Connect to DNS server automatically. Prior to 384.11 I set this to No and configured 1.1.1.1 and 1.0.0.1. Should I just leave this at Yes if I set up DoT? If I set it to No and use 1.1.1.1 and 1.0.0.1 again, what are the downsides to doing this and DoT at the same time? I read the wiki page, but it either doesn't answer this question for me or I'm not smart enough to put two and two together on this.

I'm so out of touch with this firmware now and I'm trying to catch up so I'm not sure if I have everything setup correctly anymore. 384.11 seemed like a big step forward for me and I haven't done a factory reset in forever, so I figured I might as well after I updated. I'm starting on a clean config and just want to make sure I get everything set up correctly before I just let my network run itself again.

Do you have DNS Filter turned on with global mode set to Router? --If not any device with a hard coded DNS can bypass DoT.

(e.g. Android Phone)

 

[richardeid]

Do you have DNS Filter turned on with global mode set to Router? --If not any device with a hard coded DNS can bypass DoT.

(e.g. Android Phone)

I did not. I just turned it on. It looks like that took care of a lot of the traffic on port 53, but what does it mean if I still see something? So for instance after switching DNS Filter on and setting it to Router, I got one result in tcpdump right away.

20:04:18.834101 IP 61-219-11-153.hinet-ip.hinet.net.62288 > {removed}: Flags [S], seq 988932639, win 1024, length 0

Also, it looks like the default config for DNS Filter is set to 8.8.8.8. Do I need to change this if I want to be using Cloudflare?

I'm sorry if this is all so basic. As time has gone on I haven't kept up with this stuff the way I should have and get lost in a lot of these new options. But thank you for such a fast response.