[Release] Asuswrt-Merlin 384.13 is now available

[RMerlin]

And why don 't you use LibreSSL instead OpenSSL in the firmware?? Just question

I see no reason to do the switch, and also it's not backward compatible - some components don't support it.

 

[JIPG]

3 days working with this FW version in an RT-AC87U. No issue so far.

Thank you again for allowing RT-AC87U users keep updating our router.

 

[sdmf74]

Hi. (My configs are in my sign)

Yes, I'm using AiMesh. Using 86 as both master and node.
Yes, I have renamed some of my devices.
No problems with freezing what so ever
My ISP speed is 600/50 which I fully use.

Sorry If I was not much of a help...or maybe I was...

I just noticed that Asus has removed version 81039 from the 68u download page so It is quite possible that it is only affecting those with the 68u or those using the 68u as an Aimesh node.
That would explain why you havent encountered any issues, cause trust me you would have noticed very slow loading gui and eventually it quit loading altogether,

 

[hjohan13]

I just noticed that Asus has removed version 81039 from the 68u download page so It is quite possible that it is only affecting those with the 68u or those using the 68u as an Aimesh node.
That would explain why you havent encountered any issues, cause trust me you would have noticed very slow loading gui and eventually it quit loading altogether,

Jepp. It has been pulled from the 86 page also. I'll stay with 81039 since it seems to work for me.

 

[mister]

Make sure a browser ad-blocker is not interfering with the router GUI pages.

Thank you for your support. I tested it with firefox and opera without any addons but the same strange behaviour was observed.

Sometimes I think that it could be related to the SPKI ? The first configuration with Merlins preconfigured setups worked without problems. First as I added servers manually (which normally have SPKI) I saw this strange behaviour. Could it be the SPKI reduces the amount of entries to use ?

Currently I don´t want to touch my working system (e.g. removing the clients) because I had had so much tries to get the manual servers into the configuration. But it would be nice to readd Quad9 again.
Currently I only have 3 servers with SPKI configured - addition of more (even with the preconfigured setups) is not possible.....

 

[dave14305]

Thank you for your support. I tested it with firefox and opera without any addons but the same strange behaviour was observed.

Sometimes I think that it could be related to the SPKI ? The first configuration with Merlins preconfigured setups worked without problems. First as I added servers manually (which normally have SPKI) I saw this strange behaviour. Could it be the SPKI reduces the amount of entries to use ?

Currently I don´t want to touch my working system (e.g. removing the clients) because I had had so much tries to get the manual servers into the configuration. But it would be nice to readd Quad9 again.
Currently I only have 3 servers with SPKI configured - addition of more (even with the preconfigured setups) is not possible.....

The total list can only be 1024 characters in nvram, so SPKI will use more characters than those without.

 

[Asad Ali]

@RMerlin Hey is it possible to add AiMesh Router in Roaming Block list as well instead of just nodes and gives us the option to select which router or node we want to stick to? it's useful when we want to force clients to only connect to one particular device. If it's possible then please consider it as a feature request and if that part of the code is also closed then let's just hope Asus feels the importance of this feature soon.

 

[RMerlin]

@RMerlin Hey is it possible to add AiMesh Router in Roaming Block list as well instead of just nodes and gives us the option to select which router or node we want to stick to? it's useful when we want to force clients to only connect to one particular device. If it's possible then please consider it as a feature request and if that part of the code is also closed then let's just hope Asus feels the importance of this feature soon.

Closed source and outside of my control.

 

[sanchez13]

384.13 installed on all my routers. Firmware is stable. Only one issue with special settings of OpenVPN server found, but this problem exists also on previous versions.

OpenVPN issue:
https://www.snbforums.com/threads/i...s-section-missing-after-on-off-via-gui.58087/

S.

 

[BlezZ]

The client list is empty and I have 7 devices connected.

 

[octopus]

The client list is empty and I have 7 devices connected.

What router do you use and firmware?

 

[Keenan]

The client list is empty and I have 7 devices connected.

Try logging out from the router then log back in.

 

[Sanna1967]

The client list is empty and I have 7 devices connected.

Problem often report after a flash, and always the same solutions :
*Clean the browser cache, refresh the page, and try with another browser

 

[BlezZ]

Problem often report after a flash, and always the same solutions :
*Clean the browser cache, refresh the page, and try with another browser

Thanks for the suggestions!

I have an ASUS RT-AC88U

Yes, of course. I did all that. Firefox, Chrome, Edge. Restarted router. Re-Flashed back and fourth.

I have seen this issue already with version 384.12

 

[KnightRider]

The search button is your friend :

https://www.snbforums.com/search/1121764/?q=Aug+25+16:59:25+WLCEVENTD:+eth1:+Assoc&o=date&c[node]=42

Aware, nothing of value that stood out specifically about this condition!

 

[juched]

Guys, please help me to understand what is going on. I use DNS from AdGuard via DoT and sometimes get an NXDOMAIN error. After 1-2 minutes, the site loads normally. There are no errors in the log through stubby -l, but in the log dnsmasq at the time of the error I see such lines:

Spoiler: dnsmasq log

Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:58 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:58 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:58 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:58 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:58 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:58 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:58 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:58 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:58 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:58 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46

Whether it is possible that DNSSEC incorrectly works on these servers? I have these options in the WAN tab for DNSSEC:

Enable DNSSEC support - YES
Validate unsigned DNSSEC replies - YES
Enable DNS Rebind protection - YES

Thanks.

Similar issues happening since .13 update. Will get pages that fail to load with DNS NX record, or DNS lookup error. then wait a bit and it reloads fine.

Looking at Diversion logs, watching for BOGUS returns, it seems that with DNSSEC enabled I get random failures. This may be related to the usage of UDP vs TCP depending on the DNSMASQ cache state as indicated here:

https://discourse.pi-hole.net/t/since-update-to-ftldns-bogus-dnssec-results-have-increased/9136/21

But at this time I believe I need to leave DNSSEC disabled. I am using Quad9.

 

[shelleyevans]

AiP privacy issues aside, I'm a little suspicious of it... my router just 'feels' healthier without it running.

I haven't done much thinking about it, but always enable it-- I have teenagers. I LIKE it when I try to access websites and get that big warning on risky pages. Just curious: what do you use instead?

PS: NVM. I don't want to hijack this thread. As others have said, search is my friend.

 

[OBENZ]

When flashing the latest stable version on my AP it gets stuck in a bootloop when flashing an older version it boots and works fine. I even flashed the new one and reset all settings but as soon as I select AP mode it rebooted and bootlopps

 

[L&LD]

When flashing the latest stable version on my AP it gets stuck in a bootloop when flashing an older version it boots and works fine. I even flashed the new one and reset all settings but as soon as I select AP mode it rebooted and bootlopps

Which router? Which older version?

 

[OBENZ]

Which router? Which older version?

I have to 86u one is in router mode and is on the latest fw the other one is in AP mode and is running on 384.11.2 as 384.13 was bootlooping in AP mode