[Release] Asuswrt-Merlin 384.13 is now available

[Wallace_n_Gromit]

Appreciated, but they were/are already all off. The bug comes and goes; when it goes, bot the X under the large button shows connected and simultaneously, the top button shows green as it's always been for years prior to this update. Thinking of sacrificing a stuffed toy and clicking my heels together, but though there's no place like home, I'm already here; besides, the granddaughter wouldn't appreciate the sacrifice of the toy. Maybe doing an incantation over the unit with a frozen chicken, almost supper time, why not? Won't help but there'll be an answer someday, meanwhile it seems to interrupt traffic as well, even though I've done L&LD's nuclear reset. No tap-a-talking in traffic now Thanks

I've also gone through the trouble of reverting to the latest Asus FW_RT_AC68U_300438445717 firmware from 384.13 to see if the issue is resolved -- NOPE. That issue will now carry back to the latest stock asus firmware. Then I flashed Merlin 384.12 from the stock asus firmware -- NOPE. That also now shows the same issue. Then flashed Merlin 384.13 again --NOPE Seems that if you have this aestetic problem (doesn't seem to affect performance) that for the time being it's not going away.

 

[CaptainSTX]

Updated to 384-13 over the weekend from 384-12 on my AC1900P and all settings with one exception carried over. The user name and password for my VPN Server 1 disappeared. Prior to fixing the VPN Server the VPN status page did show the client was running.

Reentered the password and user name and I then downloaded the OVPN file to my Iphone again. Didn't check to see if just reentering the same username and password on the router would have fixed the problem.

 

[Asad Ali]

How do you get the overclock settings to stick from one reboot to another?

I tried the "nvram set clkfreq=1000,666" then "nvram commit" from the SSH session. When I rebooted, it went back to 800.

Use "init-start" script event for that.

 

[RMerlin]

f I do it now, then stubby.yml is dropped to values by default after each reboot. Whether there is some way to make it? I use RT-AC68U and 384.13 firmware now. Thanks

There's no need to force TLS 1.3, it will automatically be used if available on the remote server. The rest will use 1.2, which is still perfectly fine security-wise.

 

[RMerlin]

Tried firefox and edge (was originally using chrome) and get the same result.

Double check that you really downloaded the RT-AC68U and not the RT-AC86U version.

Beyond that, I can't think of anything else beside trying after a factory default reset.

 

[Howard_inGA]

4 days on .13.
Totally rock solid without a hitch. Did a dirty upgrade...

 

[Swistheater]

Can you specify which scripts merlin nodes may be able to use? And how would you install them on the node? via SSH? If folks decide to use some scripts on the nodes, what would be advantage / disadvantage then running on the main router, if any???

well first off , i want to say you can access it VIA SSH, and you can install anything that you could if it were an access point. (it would only be beneficial to those who may have use scripts on AP i will leave it at that.) Notice, that is why i mentioned the Average user should use stock. The main downside to staging scripts on Node is that you would want to keep a good backup of scripts, else if node becomes unpaired and wiped you would have to reset everything up manually.

 

[anotherengineer]

Updated the old RT-AC68U from 10_2, dirty, seemed ok, did a factory reset anyway since it's been over a year. Haven't noticed any issues so far, except the log.

I cleared it, then dates came up correct, rebooted the router from the gui and when I went back to the log, there was the few from the correct date then a ton from May, then back to August.

Is that normal?

I see Asus just updated the N66U in June. Merlin any chance you will include the N66U for the next Merlin update?

 

[bbunge]

@RMerlin,

Hello, i just would like to tell thank you for your work on DoT native support implementation - it was great work and the right decision! Earlier I used a script by Xentrik and there was an opportunity to forcibly raise the version of TLS to 1.3 and to specify enciphering types in the /etc/stubby/stubby.yml file like this:

tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"

If I do it now, then stubby.yml is dropped to values by default after each reboot. Whether there is some way to make it? I use RT-AC68U and 384.13 firmware now. Thanks

You can use a postconfig file:
/jffs/scripts/stubby.postconf (chmod to 755)

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_append "tls_min_version: GETDNS_TLS1_3" $CONFIG
pc_append "tls_cipher_list: "EECDH+AESGCM:EECDH+CHACHA20"" $CONFIG
pc_append "tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"" $CONFIG

Restart Stubby: service restart_stubby
As Merlin says this may be overkill but you are welcome to try. Note that not all resolvers support TLS 1.3 so you could fail...

 

[dave14305]

I cleared it, then dates came up correct, rebooted the router from the gui and when I went back to the log, there was the few from the correct date then a ton from May, then back to August.

Is that normal?

Yes, when you reboot, the clock resets to the firmware default (circa May 5 2018 ). Once the network comes up and the time syncs from the internet, all is back to normal.

 

[Swistheater]

Yes, when you reboot, the clock resets to the firmware default (circa May 5 2018 ). Once the network comes up and the time syncs from the internet, all is back to normal.

poor routers and its lack of a HWclock or clock battery.

 

[Swistheater]

How do you get the overclock settings to stick from one reboot to another?

I tried the "nvram set clkfreq=1000,666" then "nvram commit" from the SSH session. When I rebooted, it went back to 800.

Why is this step important to you? is it necessary for your overall function?

 

[gattaca]

Thanks a lot. It's wery strange, why it put off.

I'm replying in general. Setting cpuwait OFF generally improves system performance at the expense of power/thermals. Without getting too technical, it's a common challenge in the industry. Each time the CPU changes states, it takes uS (microseconds) to make that state change. All those state changes sums up. We've seen as much as 30% in performance gains. The best analogy would be someone stepping on gas, there's a slight delay for the engine to respond... now do that 1000's of times a second. If you were doing a lot of processing, such as OpenVPN etc.. then I'd certainly consider leaving the states OFF. But always, test for your situation. It's very interesting to me they set it OFF by default. Something must have triggered that change.... Cheers. Peace.

 

[Val D.]

I'd certainly consider leaving the states OFF.

I’m testing it on RT-AC86U. The CPU is not loaded even 10% though most of the time and I see no performance difference. I’ll leave it like this, let’s see. CPU temp doesn’t go over 54C, the router has active dual fan cooling.

 

[ShiZzO]

There's no need to force TLS 1.3, it will automatically be used if available on the remote server. The rest will use 1.2, which is still perfectly fine security-wise.

Unfortunately, in my case Stubby uses version 1.2 by default for Cloudflare servers - therefore I am forced to raise the version of TLS forcibly. And one more question: something need to adjust in config files for correct work of ESNI for them? I ask you because have the error here:
https://www.cloudflare.com/ssl/encrypted-sni/

 

[Jack Yaz]

Unfortunately, in my case Stubby uses version 1.2 by default for Cloudflare servers - therefore I am forced to raise the version of TLS forcibly. And one more question: something need to adjust in config files for correct work of ESNI for them? I ask you because have the error here:
https://www.cloudflare.com/ssl/encrypted-sni/

ESNI is browser based. From that very page:

whether your browser supports encrypted Server Name Indication (SNI)

 

[ShiZzO]

ESNI is browser based. From that very page:

Oh, i see... Thank you for clarification

 

[Thermaltake]

Having some trouble with 5Ghz network, I have smart connect, but my phone wont connect to 5Ghz, and I'm close to router. Both 2.4 and 5 Radio is enabled.

I did factory reset after flashing and turned off router after that and disconnect it from the power and wait 20 sec. but no changes.


EDIT:
Restarted the phone, and now it's ok. I'm just wondering is this phone issue or something with router...

 

[gattaca]

I’m testing it on RT-AC86U. The CPU is not loaded even 10% though most of the time and I see no performance difference. I’ll leave it like this, let’s see. CPU temp doesn’t go over 54C, the router has active dual fan cooling.

Yeap. This is hard to convey. As a performance guy, I've present this to ITers all the time. Some get it, some just look like you are speaking gibberish. Using CPUWAIT, or C-States/P-States in the Intel world or whatever the processor calls is is not about about what the AVERAGE load on a system is, its about how QUICKLY the system handle the workload vs the power curves or TDP. Inserting all those sleeps and waits adds latency to the system when it's done millions of times a second (Think 3GHz CPUs etc...) If you google around for HPC or HPT, BIOS settings etc.. you will see. I had no idea these chips even had the option to turn this on or off. So TY! When this will really matters (in this case) is when both CPUs get loaded doing something like one of the scripts added by AMTM or it's doing something like OpenVPN which is a bit heavier workload. By not sleeping, it can complete those tasks faster. I've also got a paper where I show in one case where we proved we could save $500K across a rack of servers by simply turning all that balanced power stuff OFF. It literally allowed the same systems to carry about 30-40% more workload than with it on. Latency matters. Sure the boxes ran hotter but they could push thru and carry about 40% more workload on the same boxes at the same costs... Sure the power bill is a bit higher but the recovery time was like 20+ years... so it all depends on you perspective. Sorry, this is a bit off topic. I'm sleeping on changing mine... will post if I do. I think it'll make about 5-10 degrees F difference on a well cooled router. YMMV. Later!

 

[Val D.]

Some get it, some just look like you are speaking gibberish.

Some just hear the increased fan noise and don’t like it. Disabling power states on a busy machine makes sense, but I don’t want my HTPC, for example, to run hot for no reason. So, depending on the case. Can’t be universal advice.