What's new

[Release] Asuswrt-Merlin 384.12 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Did you do a format, after you upgraded?
Or did you "import" the old settings?

Hi, I was coming from 384.12 beta 1 and then beta 2 without problems (just reflashing over), then 384.12 final also flashing over beta 2 brought those nits..
 
Simple:
View attachment 18601
If I remember, it asks for an reboot after that..

After that, first delete all old ASUS Router certificates from System/browsers, and accept the new one.
You can also "Export" it and place it manually where ever you want (also as backup that you can "Upload" to the router if you reset it)...
Thanks MDM, appreciated.
Anton
 
  • Like
Reactions: MDM
Running into an issue with the latest FW (384.12). After flashing the wireless tab seems to not function properly. All tabs on left are black, no tabs within wireless settings and no can be made. Anyone else having this issue or know what might be happening?
 
Running into an issue with the latest FW (384.12). After flashing the wireless tab seems to not function properly. All tabs on left are black, no tabs within wireless settings and no can be made. Anyone else having this issue or know what might be happening?

What router ? What version did you previously run? Have you rebooted the router yet which is the first action to take when you see an issue ? Have you tried clearing browser cache or using a different browser ?
 
What fixed it for me was changing my DNS servers to use manual IP addresses (DHCP section of LAN) rather than my ISPs. After that fixed it, I removed them and using the default ISP values again, now it works.
This is the problem. The DNS values under the LAN page are rarely used, unless you require them you should leave them both blank. Internet DNS is configured through the WAN tab.
 
Any update on the issue of enabling QOS making router pages slow and erratic? I saw quite a few people mentioning it.

I've been working around it by disabling QOS every time I want to make settings modifications.
 
I have all the advanced features turned off (AiP, QoS, etc). My LAN DNS settings have been left blank. It seems that changing the DNS settings in WAN & the DoT settings are having no effect. I tested this by setting the dns settings to DoT (strict) with cloudflare, restarting the router and my computer. I am still not resolving over DoT and according to https://cloudflare-dns.com/help I am still not resolving DNS via cloudflare or DoT. Is this a known issue, or is there some way I can verify this via SSH?
 
I have all the advanced features turned off (AiP, QoS, etc). My LAN DNS settings have been left blank. It seems that changing the DNS settings in WAN & the DoT settings are having no effect. I tested this by setting the dns settings to DoT (strict) with cloudflare, restarting the router and my computer. I am still not resolving over DoT and according to https://cloudflare-dns.com/help I am still not resolving DNS via cloudflare or DoT. Is this a known issue, or is there some way I can verify this via SSH?


You will find the search facility will save you time, there are many threads on this subject already.

These might help you on your way, there are plenty more pages .


https://www.snbforums.com/threads/dns-security.56784/

https://www.snbforums.com/threads/dot-and-dnssec-on-384-12.57258/

https://rootcanary.org/test.html
 
I have all the advanced features turned off (AiP, QoS, etc). My LAN DNS settings have been left blank. It seems that changing the DNS settings in WAN & the DoT settings are having no effect. I tested this by setting the dns settings to DoT (strict) with cloudflare, restarting the router and my computer. I am still not resolving over DoT and according to https://cloudflare-dns.com/help I am still not resolving DNS via cloudflare or DoT. Is this a known issue, or is there some way I can verify this via SSH?
For that Cloudflare test to work disable DNSSEC. Then you will see that DoT reports success!

Sent from my SM-T380 using Tapatalk
 
sorry for the seemingly basic question :oops:

does 384.12 now have DNS over HTTPS built into it (while 1.1.1.1 is specified) so everyone on my LAN using router based DNS will pass this linked "Secure DNS" test no matter what browser they are using?

https://www.cloudflare.com/ssl/encrypted-sni/
 
I forgot to save that.
But i did it now.
Not sure if it gets enabled right away, or if i should restart the router.
View attachment 18579
But the UI, for the router, didn't load, for 5 min ago.
It ended up in a loop.
Until i restarted the router.
Testing how it's set up now.

It's now been some time since i enabled it.
And now it's limiting my whole network TOO much.
On my phone, i get 80 v 80.
And my real internet speed is 500 v 500.
And I've only set it to max 95%.

I could try and downgrade to 384.11, just to see if it's only in 384.12.
Looks like it could perhaps be the CPU
That is spiking.
Not sure why it's at 100%, after 1 hour of running.
And there are no other "scripts" installed.
Other than the QoS.
View attachment 18582
One in 3 packages get Dropped

Jul 9 20:04:36 kernel: DROP IN=eth0 OUT= MAC=xx:b0:xx:2b:ec:xx:00:xx:00:xx:00:xx:08:00 SRC=193.32.163.182 DST=xx.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=53074 DF PROTO=TCP SPT=45560 DPT=22 SEQ=3345471938 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT
(020405B40402080A061D1690000000000103030A)

Unstable wifi both on 384.11 and 384.12.
And the CPU goes to 100% too much.
I've even disabled ANYTHING that could cause CPU usage.
It goes to 100% right after it reboots.
did you se the qos prority the same as on the first page of the script?
the spike should only hapen duing the intial setup of it.
 
This is the problem. The DNS values under the LAN page are rarely used, unless you require them you should leave them both blank. Internet DNS is configured through the WAN tab.
I guess that accurate enough.

I have always configured the DHCP DNS with no odd results.
In fact, it is configured currently and working fine.
Of course, I have a need which is sending DHCP clients to my pihole.
I have always used the IP address though, never a name.
 
A lot of experts warned that DoH was a bad idea for many reasons...

"Experts: It will prevent network admins from managing DNS traffic"
"DoH fans: But that's exactly what we want, to hide the DNS traffic from network admins"

Malware starts using DoH.

"DoH fans: How can we detect/intercept/block this malware?
"Experts: You can't, it's hidden from the network admin, remember?"
"DoH fans: ..."
 
A lot of experts warned that DoH was a bad idea for many reasons...

"Experts: It will prevent network admins from managing DNS traffic"
"DoH fans: But that's exactly what we want, to hide the DNS traffic from network admins"

Malware starts using DoH.

"DoH fans: How can we detect/intercept/block this malware?
"Experts: You can't, it's hidden from the network admin, remember?"
"DoH fans: ..."
Forgive my ignorance, why doesn't DoT doesn't suffer this same issue? Isn't it still making it impossible to manage DNS traffic? If not, what's the point of DoT again?
 
did you see the QoS priority the same as on the first page of the script?
the spike should only happen during the initial setup of it.

Yup, i did, and i even had to try the 13 alpha1, just to see if it had the same issue.
I also did go back to the default Asus's Firmware.
Same issue there :(
I know that on the startup, it spikes, just on image 2.
upload_2019-7-11_18-6-33.png

Image 2.
upload_2019-7-11_18-13-54.png
 
Last edited:
After upgrading to 384.12, my AC3200 has started spontaneously rebooting every few hours or so.

Multiple rounds of full "nuclear reset" (holding WPS during power-on twice, and seeing the power light flashing within 5 seconds, then waiting 10 and even 20 minutes before manual reconfiguration) have made no difference.

There's been limited information in the system log, so I started logging to a syslog server, and captured the following: (somewhat shortened; a bit more at https://pastebin.com/Wh3ZzD3n)

Code:
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: pted unicast frame from d0:e7:8<redacted>
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 050913.572 wl0.0: wlc_wsec_recvdata_enc_toss unsupported encrypted unicast frame from d0:e7:8<redacted>
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.564
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: FWID 01-502b8781
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: flags 20005
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.564
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: TRAP 4(26fb04): pc 36f4, lr 373b3, sp 26fb5c, cpsr 19f, spsr 1bf
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.564   dfsr 409, dfar 270000
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.564   r0 2d2a6, r1 242d5a, r2 ffffffff, r3 224e25, r4 0, r5 242d58, r6 259470
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.564   r7 23357c, r8 0, r9 243cc7, r10 26fd70, r11 224e25, r12 c
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.565
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE:    sp+0 00224e20 00242d58 00259470 0023357c
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.565   sp+10 00000000 00243cc7 0026fd70 0026fc8c
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE:
Jul 11 10:25:18 router.asus.com kernel: DUMP CONSOLE: 070730.565 sp+20 000373b3
...

The two redacted MAC addresses are older Chromecast devices on 2.4GHz.

Standard-looking reboot logging comes after this; I'll pastebin more, if useful.

Can anyone advise me on what this sequence suggests (are unsupported unicast frames crashing the router?) and/or what troubleshooting or remediation steps to try? Thanks!

Edit: Here's my AC3200 Sysinfo, in case it helps: https://pastebin.com/Xhhg1wHz
 
Last edited:
Forgive my ignorance, why doesn't DoT doesn't suffer this same issue? Isn't it still making it impossible to manage DNS traffic? If not, what's the point of DoT again?
Ignoring any technical arguments about which standard is "better", the main problem (IMHO) with DoH is that it uses the same port/protocol as "normal" HTTPS web traffic. So by design it is impossible to differentiate DNS requests from any other HTTPS data. So it can't be "managed", e.g. you can't prioritise DNS traffic over Steam downloads or Netflix. DoT on the other hand has its own port and one can assume that traffic on that port is DNS and manage it as such.

Of course in both cases it's impossible to see inside the packets but internet operators can infer a lot about supposedly DoT traffic based on things like volume of data and destination IP addresses. For example, if they see a lot of hosts around the world all sending high volumes data to each other over the DoT port it's a fairly safe bet that it's not actually DNS traffic.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top