[Release] Asuswrt-Merlin 384.18 and 384.13_10 is now available

[Xentrk]

What’s in your stubby.yml?

The message come from here: https://github.com/RMerl/asuswrt-me...ease/src/router/getdns/src/openssl/tls.c#L482

/tmp/etc/stuffy/stubby.yml contents are as follows:

resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
  - GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
appdata_dir: "/var/lib/misc"
resolvconf: "/tmp/resolv.conf"
edns_client_subnet_private: 1
round_robin_upstreams: 1
idle_timeout: 9000
tls_connection_retries: 2
tls_backoff_time: 900
timeout: 3000
listen_addresses:
  - 127.0.1.1@53
upstream_recursive_servers:
  - address_data: 1.1.1.1
    tls_auth_name: "cloudflare-dns.com"
  - address_data: 1.0.0.1
    tls_auth_name: "cloudflare-dns.com"
tls_min_version: GETDNS_TLS1_2
tls_cipher_list: "EECDH+AESGCM:EECDH+CHACHA20"
tls_max_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"

 

[dave14305]

/tmp/etc/stuffy/stubby.yml contents are as follows:

resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
  - GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
appdata_dir: "/var/lib/misc"
resolvconf: "/tmp/resolv.conf"
edns_client_subnet_private: 1
round_robin_upstreams: 1
idle_timeout: 9000
tls_connection_retries: 2
tls_backoff_time: 900
timeout: 3000
listen_addresses:
  - 127.0.1.1@53
upstream_recursive_servers:
  - address_data: 1.1.1.1
    tls_auth_name: "cloudflare-dns.com"
  - address_data: 1.0.0.1
    tls_auth_name: "cloudflare-dns.com"
tls_min_version: GETDNS_TLS1_2
tls_cipher_list: "EECDH+AESGCM:EECDH+CHACHA20"
tls_max_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"

If you remove the last 4 tls lines it should work.

 

[Xentrk]

If you remove the last 4 tls lines it should work.

Thanks @dave14305
I added the following four "pc_delete" lines to /jffs/scripts/stubby.postconf to remove the tls lines from /etc/stubby/stubby.yml and that resolved the problem.

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_insert "  - GETDNS_TRANSPORT_TLS" "dnssec_return_status: GETDNS_EXTENSION_TRUE" $CONFIG
pc_delete "tls_min_version" $CONFIG
pc_delete "tls_cipher_list" $CONFIG
pc_delete "tls_max_version" $CONFIG
pc_delete "tls_ciphersuites:" $CONFIG

 

[dave14305]

Thanks @dave14305
I added the following four "pc_delete" lines to /jffs/scripts/stubby.postconf to remove the tls lines from /etc/stubby/stubby.yml and that resolved the problem.

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_insert "  - GETDNS_TRANSPORT_TLS" "dnssec_return_status: GETDNS_EXTENSION_TRUE" $CONFIG
pc_delete "tls_min_version" $CONFIG
pc_delete "tls_cipher_list" $CONFIG
pc_delete "tls_max_version" $CONFIG
pc_delete "tls_ciphersuites:" $CONFIG

Where did they come from? I assumed it was from /jffs/configs/stubby.yml.add.

 

[Xentrk]

Where did they come from? I assumed it was from /jffs/configs/stubby.yml.add.

Your're right! I was looking in /jffs/scripts for a stubby file that was adding those lines. I forgot about the one in the /jffs/configs folder. Mystery solved.

 

[john9527]

openssl is compiled using an api 1.0 compatibility mode since it needs to be shared with other components that don't understand the 1.1 api
In 1.0 compatibility mode it doesn't support setting the cipher suites.

 

[RoiDesRois]

Finally got a chance to update (dirty) the 68u to 384.18. No issues or problems noted.

 

[TITAN]

It means you have a router from China, in which case the router will enable support for this Chinese-only service. The code to enable/disable that feature in the webui is closed source, and outside of my control.

Having just recenlty purchased the AC86U and installed the latetst firmware, it seems I also have the Chinese version.
Is there a way I can hide these Chinese menu options? i.e. Another user here mentioned editing
/www/require/modules/menuTree.js however when I try I get a message to say that I can't edit that file... Is there something I am missing? Is there a su account on the Merlin firmware that has priveleges to modify this file?

 

[RMerlin]

Is there a way I can hide these Chinese menu options?

Why? Just don't click on it...

 

[Mike S]

I'm having serious stability issues with 384.18 on multiple routers (an RT-AC88U and an RT-AC68U). Both routers are configured to auto reboot every evening at 3AM. Every couple of days, I can't get into the GUI. Usually SSH still connects. The routers still seem to work with OpenVPN tunnels connecting and passing data.

After rebooting (usually have to power cycle; the SSH Reboot command usually hangs), when I look at the log files, there is nothing recorded for a couple of days before I noticed that the GUI was no longer working. Also the auto reboot doesn't happen while the GUI is down.

I really can't live with these stability problems. Is there a more solid release that I can run?

 

[QuikSilver]

I'm having serious stability issues with 384.18 on multiple routers (an RT-AC88U and an RT-AC68U). Both routers are configured to auto reboot every evening at 3AM. Every couple of days, I can't get into the GUI. Usually SSH still connects. The routers still seem to work with OpenVPN tunnels connecting and passing data.

After rebooting (usually have to power cycle; the SSH Reboot command usually hangs), when I look at the log files, there is nothing recorded for a couple of days before I noticed that the GUI was no longer working. Also the auto reboot doesn't happen while the GUI is down.

I really can't live with these stability problems. Is there a more solid release that I can run?

It sounds like the "stability" issue you are having is what alot of people have reported. The webui doesn't respond but the router itself still works fine. I recommend using a tool by the great @Jack Yaz called scmerlin. That script includes the ability to restart just the web browser (or other services it you need).

Edit: https://www.snbforums.com/threads/scmerlin-service-and-script-control-menu-for-asuswrt-merlin.56277/

 

[naper82]

It sounds like the "stability" issue you are having is what alot of people have reported. The webui doesn't respond but the router itself still works fine. I recommend using a tool by the great @Jack Yaz called scmerlin. That script includes the ability to restart just the web browser (or other services it you need).

Edit: https://www.snbforums.com/threads/scmerlin-service-and-script-control-menu-for-asuswrt-merlin.56277/

This happened on me RT-AC68U running 384.17_0.
WEB and SSH all not accessible though internet/wifi works fine. Had to power cycle it.

 

[QuikSilver]

This happened on me RT-AC68U running 384.17_0.
WEB and SSH all not accessible though internet/wifi works fine. Had to power cycle it.

@naper82 If you are unable to access the router using the web or SSH then yours is a different issue than @Mike S. He states that SSH still connects so he should be able to restart the webgui using scmerlin.

Every couple of days, I can't get into the GUI. Usually SSH still connects.

 

[MarkyPancake]

I tried a daily reboot schedule once and didn't see any benefits of doing so. It actually caused more issues than it did improvements, particularly with various always-on devices, so I quickly reverted the setting.

Both my AC86U router and AC68U node have been solid with 384.18. No issues whatsoever.

Have you tried the usual full factory reset and clean set up to ensure there's nothing leftover from previous firmware updates.

 

[Mike S]

I tried a daily reboot schedule once and didn't see any benefits of doing so. It actually caused more issues than it did improvements, particularly with various always-on devices, so I quickly reverted the setting.

Both my AC86U router and AC68U node have been solid with 384.18. No issues whatsoever.

Have you tried the usual full factory reset and clean set up to ensure there's nothing leftover from previous firmware updates.

When you do a factory reset and clean setup, are you talking about manually reentering the entire configuration, or reloading a saved configuration file?

 

[jsbeddow]

Manually re-enter everything: using the old saved configuration will just reimport the problems. A pain, but it is the only way to be sure.

 

[DAVIZINHO]

Hello,
i make a clean install (nvram clean) in my ac88u. but i have some problems with my nas (synology 10109+)
I use the Link Agregattion in nas and in router (ports 1-2) works perfect. but each some days i lost the connecction whit the nas.
If i disconect one cable of the nas and conect again, it works again.

There is a problem identify whith the link agregattion in this router/firmware?
can i check something in log to find the problem?

thanks a lot

 

[el pescador]

It sounds like the "stability" issue you are having is what alot of people have reported. The webui doesn't respond but the router itself still works fine. I recommend using a tool by the great @Jack Yaz called scmerlin. That script includes the ability to restart just the web browser (or other services it you need).

Edit: https://www.snbforums.com/threads/scmerlin-service-and-script-control-menu-for-asuswrt-merlin.56277/

This has happened as far back as i can remember on the AC88U.
At least now if i delete the tab it enters the next time with no issues. Before it could get quite slow.

 

[QuikSilver]

This has happened as far back as i can remember on the AC88U.
At least now if i delete the tab it enters the next time with no issues. Before it could get quite slow.

I own two 86u units and have this happen on both from time to time. To me its much easier to use the scmerlin tool (which includes alot of other neat commands) then having to remember them all.

 

[Nemoo88]

I did install new version few hours ago. Did come from .17 . But now i cant get openvpn to work at all. I add the .opvn file.it says this:
Warning (9) while importing file - you will need to manually provide the CA, Static Key content, on the keys/certificates page. i did add it manualy, but i get this in the log:

Jul 15 17:31:42 ovpn-client1[4700]: Options error: You must define CA file (--ca) or CA path (--capath)
Jul 15 17:31:42 ovpn-client1[4700]: Use --help for more information.
Jul 15 17:31:42 init: VPN_LOG_ERROR: 488: Starting OpenVPN failed..

What can it be? It works on .17

and yes i have done factory reset and clean setup 2 times now. and still same problem.

edit: can see this in the log: openvpn: Resetting client (unit 1) to default settings. when i press upload on the .ovpn file