What's new

[Release] Asuswrt-Merlin 384.11 is available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Rolling steady here with 384.11_2 from a clean 384.11_0 install. Manual reboot, sit back and relax.
 
@RMerlin Is there any possibility to include Dnscrypt directly into the firmware just like the DOT in 384.11?
OpenDNS still doesn't support DOT and the country in which I love in OpenDNS is significantly faster than both cloudflare and Google DNS. Since my ISP uses Transparent DNS proxy server (almost all ISPs in India), I am forced to use either DNScrypt or DOT protocol.
 
Clean installed 384.11_2.
Has the dcd crash been fixed? I am asking this because there are no dcd crashes with this new fw.
I'll be presumptuous, and answer for him ... there's no way for him to know, that part is closed source. I've had it go away for a version in the past only to come back with the next one, so I wouldn't hold my breath. :)
@RMerlin Is there any possibility to include Dnscrypt directly into the firmware just like the DOT in 384.11?
OpenDNS still doesn't support DOT and the country in which I love in OpenDNS is significantly faster than both cloudflare and Google DNS. Since my ISP uses Transparent DNS proxy server (almost all ISPs in India), I am forced to use either DNScrypt or DOT protocol.
He's stated his views on DNScrypt a number of times (here, here, and here, for examples). I'd bet lunch the answer is still no. It's not an official IETF standard, and he considers the protocol obsolete.
 
Question


is in this version implemented

- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability.
- Fixed command injection vulnerability.
- Fixed buffer overflow vulnerability.

from ASUS RT-AC88U new Firmware version 3.0.0.4.384.45717 ?
 
Question
is in this version implemented
- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability.
- Fixed command injection vulnerability.
- Fixed buffer overflow vulnerability.
from ASUS RT-AC88U new Firmware version 3.0.0.4.384.45717 ?

From changelog:
GPL merges: 384_5951 (RT-AX88U), 384_45713 (all other models). Note that the RT-AC87U and RT-AC3200 are still using the 384_45149 binary blobs for their closed source components.
 
Question


is in this version implemented

- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability.
- Fixed command injection vulnerability.
- Fixed buffer overflow vulnerability.

from ASUS RT-AC88U new Firmware version 3.0.0.4.384.45717 ?

no according to rmerlin:

Still 45149. I was hoping to maybe get newer GPLs this week but it didn't happen, so I got tired of waiting. Currently building the 384.11_2 images.
 
384.11_2 should be available on mirror sites now.

FYI, just updated over 384.11 (RT-AC3100) and noticed the following in my log:

May 5 01:05:04 kernel: _ Reboot message ... _______________________________________________________
May 5 01:05:04 kernel: <3>SQUASHFS error: Unable to read fragment cache�U�ry [b4c56]
May 5 01:05:04 kernel: <3>SQUASHFS error: Unable to read page, block b4c56, size 9c64
May 5 01:05:04 kernel: <3>SQUASHFS error: Unable to read fragment cache entry [b4c56]
May 5 01:05:04 kernel: <3>SQUASHFS error: Unable to read page, block b4c56, size 9c64
May 5 01:05:04 kernel: <4>dhd_detach(): thread:dhd_watchdog_thread:80 terminated OK
May 5 01:05:04 kernel: <4>dhd_detach(): thread:dhd_watchdog_thread:7c terminated OK
May 5 01:05:04 kernel: ____________________________________________________________________________

Not sure if it''s anything to be concerned about, but is not something that's normally there.
 
Updated from 384.11 to 384.11_2. Smooth sailing. Thank you to all esp. to the Asus Wizard @RMerlin
 
@RMerlin Is there any possibility to include Dnscrypt directly into the firmware just like the DOT in 384.11?
OpenDNS still doesn't support DOT and the country in which I love in OpenDNS is significantly faster than both cloudflare and Google DNS. Since my ISP uses Transparent DNS proxy server (almost all ISPs in India), I am forced to use either DNScrypt or DOT protocol.
You can use Adguard DoT alot of its dns endpoints bounce off of opendns.

Adguard uses a combination of google, cloudflare, and opendns as dns endpoints.

if you say there are a lot of Opendns in your area then, that should be most of your endpoints.

IPV4
176.103.130.130
port 853
dns.adguard.com
176.103.130.131
port 853
dns.adguard.com


IPV6
2a00:5a60::ad1:0ff
port 853
dns.adguard.com
2a00:5a60::ad2:0ff
port 853
dns.adguard.com
 
Last edited:
From 384.11 to 384.11_2, so far so good. Thank you for your magical work, RMerlin!
 
As stated above, DNS Privacy overrides.
But;
What you have done is fine, in case of DNS Privacy not working for some reason, (unlikely), you would default to ISP server/s.

Bear in mind these may not be dnssec friendly, I see you have dnssec enabled.

If you want to default to Cloudflare then select ‘no’ & enter the Cloudflare server/s in wan, & IPv6. That gets rid of any possible dnssec issues.
Cloudflare has no DNSSEC issues. Works better than most including Quad9.

Yes, the cloudflare help test page is broken when you use DNSSEC. Has been for some time.

Sent from my SM-T380 using Tapatalk
 
Just installed 384.11_2 in an RT-AC87U without any problem. Up to now, running without glitches.

Thank you very much Merlin by your hard work.
For RT-AC87U users, you allow us to keep our router up to date, so you are our hero! :).
 
I see there is also a new alpha 384.12 with change log here:
https://github.com/RMerl/asuswrt-merlin.ng/blob/master/Changelog-NG.txt

hopefully this will still be merged with the new GPLs when available.
Yea I like this Merlin is on "FIRE"
384.12 (xx-xxx-2019)
- NEW: Added WSD discovery support. This allows Windows clients
to detect the router's shared USB drive even if SMB1
is disabled.
- NEW: Re-added option to extend the WAN's TTL (from stock
firmware, was previously disabled as it used to
be broken)
- UPDATED: Nano 4.2.
- CHANGED: Local clients will be shown by their hostname
on the Classification page.
- CHANGED: Reworked handling of up/down events in OpenVPN.
Server instance will now also use its own
updown script, which will handle firing up
openvpn-event (if present).
- FIXED: openvpn-event script not launching if the
client was configured in Secret Key auth
mode.

Anyone who starts alpha testing and wants to discuss things a new thread has been started
https://www.snbforums.com/threads/384-12_alpha-builds-testing-all-variants.56639/
 
@RMerlin 384.11_2 is very good.
Local ntpd is still much better with the script ntpMerlin @Jack Yaz
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top