[Release] Asuswrt-Merlin 384.13 is now available

[VANT]

After i enabled dnssec, tune-in radio stop work. What i made wrong ?

 

[skeal]

After i enabled dnssec, tune-in radio stop work. What i made wrong ?

Works fine for me, I'm using dnssec and DoT.

 

[MDM]

After i enabled dnssec, tune-in radio stop work. What i made wrong ?

It works for me, the app had a bug update it!

 

[VANT]

hmmm, app is actual, i have this problem also in av receiver.
I only enable dnssec, nothing more - tune-in stop work (app says that is offline), disable dnssec, tune-in start work...

 

[MDM]

hmmm, app is actual, i have this problem also in av receiver.
I only enable dnssec, nothing more - tune-in stop work (app says that is offline), disable dnssec, tune-in start work...

I use Cloudflare...?

 

[Mistogan]

This is not merlinwrt problem, but when i start torrent with 200+ connections QoS traffic traction say: too many track connections. How to solve this problem?

 

[AndreiV]

This is not merlinwrt problem, but when i start torrent with 200+ connections QoS traffic traction say: too many track connections. How to solve this problem?

Use less connections?

This is not merlinwrt problem,

So place your query in the correct forum

 

[Mistogan]

Use less connections?

Interesting the way an increase track connection, i mean.

 

[Val D.]

How to solve this problem?

What exactly is the "problem"? QoS not working? Torrents not downloading?

 

[skeal]

This is not merlinwrt problem, but when i start torrent with 200+ connections QoS traffic traction say: too many track connections. How to solve this problem?

That connection tracker under QOS has a finite amount of connections it tracks. I believe it's somewhere around 300. This amount of connections was arrived at because of the limitations of the webui, too many connections and it became sluggish.

 

[JD575]

yea so many changes to the dhcp setup -- if you want to experience the best quality with the latest version you would probably have to factory reset to get all of your connections to show up cleanly with network map and also to have your static list to function nicely as well if you have one.

Thanks Swisheater, but I see Eric's post below and this one I have is a TM1900 that I converted.

 

[JD575]

Do you have a real, genuine RT-AC68U? Hacked/converted router models are not supported.

It is a TM1900 converted. So will this cause security and/or performance issues (everything seems okay), but I don't want to end up with vulnerabilities using an incompatible firmware.

 

[QuikSilver]

It is a TM1900 converted. So will this cause security and/or performance issues (everything seems okay), but I don't want to end up with vulnerabilities using an incompatible firmware.

Since people can't read existing forum posts, the FAQ, or the Supported Device list...

That model is NOT supported. It never was, and it's even less supported since Asus is now enforcing stricter model validation on the RT-AC68U series at flash time. It doesn't matter whether you converted it, hacked it, repainted it, or whatever. Stop asking on the forums for help flashing your RT-AC68U when you actually have a TM-AC1900 - it's NOT supported, period.
https://www.snbforums.com/threads/the-tm-ac1900-is-not-supported.48056/

You might want to look elsewhere then. You won't get an updated firmware from Merlin here nor get support for it. See his sticky thread regarding those models.

 

[Swistheater]

It is a TM1900 converted. So will this cause security and/or performance issues (everything seems okay), but I don't want to end up with vulnerabilities using an incompatible firmware.

Truth be told there are a lot of features that are linked to model specific and would not be compatible with the TM1900, it would be highly recommended you run stock TM1900 on your router and not asuswrt-merlin for legal, and compatibility reasons.

Compatibility-wise--- there is no guarantee you are not vulnerable as asuswrt-merlin is only listed to support model's specific to whatever he list to be compatible.

The problem is the TM1900 is not on that list and for legal reasons and compatibility reasons it never will be, so you have to make your own choice, as such this forum cannot offer up any support for the TM1900.

 

[bbunge]

On Monday one of my RT-AC68U's on 384.13 started to fill the log with this error

Aug 12 10:06:41 smbd[30757]: [2019/08/12 10:06:41.977322,  0] smbd/negprot.c:706(reply_negprot)
Aug 12 10:06:41 smbd[30757]:   No protocol supported !

The router has a USB2 thumbdrive for swap and to store traffic history, copy of the firmware and backup settings. Network Place Share is enabled (password protected) with SMB2 only. The entries continued until I disabled Network Place.
Noting the time of day it started likely coincides with a volunteer in the office starting their PC. Is this an indication of a Windows PC infected with a worm/virus trying to propagate via SMB1?

 

[sl4fko]

Truth be told there are a lot of features that are linked to model specific and would not be compatible with the TM1900, it would be highly recommended you run stock TM1900 on your router and not asuswrt-merlin for legal, and compatibility reasons.

Compatibility-wise--- there is no guarantee you are not vulnerable as asuswrt-merlin is only listed to support model's specific to whatever he list to be compatible.

The problem is the TM1900 is not on that list and for legal reasons and compatibility reasons it never will be, so you have to make your own choice, as such this forum cannot offer up any support for the TM1900.

Oh please...

TM1900 is THE SAME ROUTER as AC68U so please... Do not get all philosophical and do not be a purist, just help the guy. I really do not understand you all, you are all behaving like Asus employees with 100.000/year...

C'mon...

Edit:

Do not worry, I do not have TM1900... Only Netgear R7000 with xvortex.

Two of them.

Bothered by that too? Sue me...

 

[ShiZzO]

Guys, please help me to understand what is going on. I use DNS from AdGuard via DoT and sometimes get an NXDOMAIN error. After 1-2 minutes, the site loads normally. There are no errors in the log through stubby -l, but in the log dnsmasq at the time of the error I see such lines:

Spoiler: dnsmasq log

Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:53 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:53 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:53 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:53 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:53 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:53 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:53 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:58 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:58 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:58 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:58 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:58 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46
Aug 15 18:27:58 dnsmasq[989]: query[A] accounts.epicgames.com from 192.168.1.3
Aug 15 18:27:58 dnsmasq[989]: forwarded accounts.epicgames.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: dnssec-query[DS] amazonaws.com to 127.0.1.1
Aug 15 18:27:58 dnsmasq[989]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Aug 15 18:27:58 dnsmasq[989]: reply amazonaws.com is BOGUS DS
Aug 15 18:27:58 dnsmasq[989]: validation accounts.epicgames.com is BOGUS
Aug 15 18:27:58 dnsmasq[989]: reply accounts.epicgames.com is <CNAME>
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.168.66.53
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 35.171.206.70
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.205.226.14
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.203.152.178
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 34.230.100.209
Aug 15 18:27:58 dnsmasq[989]: reply accountportal-website-prod07-epc-739724359.us-east-1.elb.amazonaws.com is 52.202.243.46

Whether it is possible that DNSSEC incorrectly works on these servers? I have these options in the WAN tab for DNSSEC:

Enable DNSSEC support - YES
Validate unsigned DNSSEC replies - YES
Enable DNS Rebind protection - YES

Thanks.

 

[thiggins]

Do not worry, I do not have TM1900... Only Netgear R7000 with xvortex.

Two of them.

Bothered by that too? Sue me...

Good for you. But support for those won't be provided on SNBForums.

 

[ColinTaylor]

Is this an indication of a Windows PC infected with a worm/virus trying to propagate via SMB1?

No it simply means that the PC in question has SMBv1 enabled. They probably just opened Windows Explorer and browsed the network.

 

[RMerlin]

TM1900 is THE SAME ROUTER as AC68U so please... Do not get all philosophical and do not be a purist, just help the guy. I really do not understand you all, you are all behaving like Asus employees with 100.000/year...

When you buy a product, you don't just buy the hardware, but also the software, and the licences that comes with it. The TM-AC1900 wasn't licensed for running the Trend Micro components (there are reasons why the TM-AC1900 was much cheaper than a regular RT-AC68U - that is one of them. I believe Tuxera's NTFS and HFS driver might be another component that wasn't licensed for use on the TM-AC1900).

The reason why I have a firm stance about all of this here is because if ultimately Trend Micro or any of the other partners licensing components to Asus (Broadcom, Tuxera, WTFast, Cloudcheck or any other ones involved) files a complain at Asus, Asus will be forced to shut down this project. And SNBForums (as a totally separate entity) also has their own legal reasons to have that stance.

As for XVortex, he is violating various commercial licences, including the GPL licence. That means that in addition to risking this entire firmware project of being terminated at any time, I'm also among those who are being effectively shown the middle finger when I asked him politely to respect the GPL licencing terms on more than one occasion - all the code that I have personally written for Asuswrt-Merlin is under a GPL licence. XVortex is one large reason why my work is so much more harder today, with an increasing amount of the code being closed source, and no longer under my control.

You probably aren't aware, but I mentioned it some time ago: this whole project got very close of being terminated following a formal complain Asus received from one of their partners. I exchanged a few emails then with Asus to figure out if there would be a way we could appease that partner without having to shut down the whole Asuswrt-Merlin project. Ultimately Asus succeeded in appeasing that partner, so I was able to keep going. So don't be selfish, and understand that things are done for a reason. Ultimately, this entire project relies on Asus being able to provide the required source code and components to be able to recompile the firmware. They have the technical means to shut down this project, and if their partners threaten legal actions against them, they won't have any choice but to comply.

The fact that people are able to use Asuswrt-Merlin is not a right, it's a privilege. And that can be taken away at any time.