What's new

[Release] Asuswrt-Merlin 384.7 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RMerlin

Asuswrt-Merlin dev
Staff member
Asuswrt-Merlin 384.7 is now available. This release is not available for the RT-AC3200 or RT-AC56U, due to lack of compatible release code from Asus. In addition to merging with GPL 384_21152, this release brings major changes to the DDNS support, replacing the venerable ez-ipupdate client with the more secure In-a-Dyn.

21-Oct-2018:: 384.7_2 is now available, resolving a few issues present in 384.7.

The highlights of this release:
  • Merged with Asus GPL 384_21152. The RT-AC87U binary blobs from GPL 382_50702 were merged in, allowing 384.7 to support this model (it wasn't available for 384.6).
  • Replaced ez-ipupdate with In-a-Dyn. This DDNS client is more modern, and still actively developed It also makes it easier to support multiple services. A custom plugin was developed to fully support Asus's own DDNS service.
  • All DDNS services now use HTTPS. Your DDNS login credentials are finally secure. Welcome to 2018 folks. Now might be a good time to change your DDNS password, just to be on the safe side.
  • Added freedns.afraid.org DDNS service to the webui.
  • DDNS can now retrieve your public IP either Internally (the original method of using the IP on your router's WAN interface) or Externally (by querying a remote server). This allows the use of DDNS in a Dual NAT or CGNAT situation. Note that it's still up to you to handle the fact that you have two firewalls in front of one another, so things like port forwarding or VPN server support will still require you to handle that at the first firewall level.
  • DFS Channel information are now shown on the Wireless Log page (based on upstream code from Asus's stock firmware)
  • Updated various components: curl (7.61.1), wget (1.19.5), openssl (1.0.2p), dnsmasq (2.80test8), nano (3.1).
  • DNSFilter settings were moved to the LAN section, to make it clearer that this feature is completely unrelated to Trend Micro.
  • Removed the various Norton Connect services from the DNSFIlter page. Symantec is going to discontinue the service in November. On first boot, any DNSFilter client set to use a Norton Connect DNS will be switched to OpenDNS Family to prevent service interruption while still providing security. Go to the DNSFilter page to adjust your settings as desired.
  • Added Quad9 to the list of supported DNSFIlter services (to compensate for the loss of Norton)
  • A couple of IPv6-related fixes surrounding dnsmasq (like dnsmasq crashes on the RT-AC86U in stateful mode).
Please keep discussion in this thread to this specific release.


Downloads are here.
Changelog is here.
 
Last edited:
learned merlin is a version behind asus stock

so nvm, asked and answered...
 
Last edited:
i didn't suffer that with the latest asus stock.

Which specific version do you mean by "the latest Asus stock"? If it's something that was broken in 21152 and they only fixed in a later release, then you will have to wait for a release from me that will incorporate those fixes from upstream.
 
Great work Merlin! Thank you for all your hard work!

All working sweet here!! I still see 'insecure' in the DNSMASQ log running Diversion but I also saw 'Secure' which I never saw before... How can we see if DNSSEC is working?

I am using Cloudflare 1.1.1.1 DNS - set to 'Router' as DNS Filter to enable Diversion to work.

Sent from my SM-G965F using Tapatalk
 
Last edited:
wait for a release from me that will incorporate those fixes from upstream.

ASUS RT-AC3100 Firmware Version 3.0.0.4.384.32799 2018/09/19

under normal circumstance, approximately when should merlin have "caught up" with asus stock ?
 
Upgraded from 384.6 (Didn't have a chance to test the Beta). So far all is well on the AC86U. Did not need to reinitialize and configure from scratch. Will do that if I run into any issues.
 
upgraded from 384.6, dirty flash, over wireless, while drinking hot coffee. I live on the wild side.
absolutely no problems at all, but I use minimalist ntwk settings, so YMMV. Thank you Merlin
 
ASUS RT-AC3100 Firmware Version 3.0.0.4.384.32799 2018/09/19

under normal circumstance, approximately when should merlin have "caught up" with asus stock ?
When Asus makes the GPL source code available.
 
Is the RT-AC66U_B1 H/W Ver: B2 supported? I tried to install the AC86U firmware today but keep getting an unsuccessful upgrade error. Do I need to change the file format or anything? I've never seen a .w file before:

RT-AC86U_384.7_0_cferom_ubi.w

Thank you for the help! I tried searching the forums but I was not able to come up with a prior example.
 
Is the RT-AC66U_B1 H/W Ver: B2 supported? I tried to install the AC86U firmware today but keep getting an unsuccessful upgrade error. Do I need to change the file format or anything? I've never seen a .w file before:

RT-AC86U_384.7_0_cferom_ubi.w

Thank you for the help! I tried searching the forums but I was not able to come up with a prior example.
Wrong firmware. Use the firmware for RT-AC68U.
 
Is the RT-AC66U_B1 H/W Ver: B2 supported? I tried to install the AC86U firmware today but keep getting an unsuccessful upgrade error. Do I need to change the file format or anything? I've never seen a .w file before:

RT-AC86U_384.7_0_cferom_ubi.w

Thank you for the help! I tried searching the forums but I was not able to come up with a prior example.
Would be better to use 68U firmware instead of 86U ;)
 
ASUS RT-AC3100 Firmware Version 3.0.0.4.384.32799 2018/09/19

under normal circumstance, approximately when should merlin have "caught up" with asus stock ?

Unknown, it depends primarily on when they make the source code available before I can even begin to work on it. The 32799 code isn't available yet.

All working sweet here!! I still see 'insecure' in the DNSMASQ log running Diversion but I also saw 'Secure' which I never saw before... How can we see if DNSSEC is working?

There are various test websites out there for DNSSEC, best is to use them under Windows. Under Linux, issue a dig command through your router with a know-secured website (like asuswrt.lostrealm.ca) and see if in the flags you get the "ad" flag. Make sure you specify the router's IP, otherwise dig might use the dnsmasq version running on your Linux system, which might not be dnssec-enabled (under Ubuntu for instance it isn't).
 
  • Removed the various Norton Connect services from the DNSFIlter page. Symantec is going to discontinue the service in November. On first boot, any DNSFilter client set to use a Norton Connect DNS will be switched to OpenDNS Family to prevent service interruption while still providing security. Go to the DNSFilter page to adjust your settings as desired.
  • Added Quad9 to the list of supported DNSFIlter services (to compensate for the loss of Norton)

Awesome that you added Quad9 as Norton Connect Safe will be discontinued.
 
Last edited:
Is there a chance to get Asus-DDNS in AP mode too?
Access is possible via http://10.0.0.2/Advanced_ASUSDDNS_Content.asp but doesnt update on Asus server.

upload_2018-10-7_23-39-11.png

upload_2018-10-7_23-37-28.png
 
Last edited:
There are various test websites out there for DNSSEC, best is to use them under Windows. Under Linux, issue a dig command through your router with a know-secured website (like asuswrt.lostrealm.ca) and see if in the flags you get the "ad" flag. Make sure you specify the router's IP, otherwise dig might use the dnsmasq version running on your Linux system, which might not be dnssec-enabled (under Ubuntu for instance it isn't).

Seriously mate, you're a total champion. Asus should give you a medal for all the work you put in, or stock options at the very least!

That's terrible that Ubuntu is not dnssec enabled (I use KUbuntu so I assume it's the same) however I have a Windows 10 system running now (I dual boot) so I'll just try that...

I also wonder how necessary a DNS service is if I am already running Diversion, which I assume uses the same block files as the various DNS services anyway. So Cloudflare 1.1.1.1 seems adequate running with Diversion then (assuming DNSSec works).

I am curious what the 'Validation result is INSECURE' entries in the Diversion log are about though. I am very keen to secure DNS properly.

I Google'd for a few DNSec test sites but at first glance they failed although they may not be testing correctly (or testing the actual router resolution).
 
Last edited:
New stable release 384.7 running fine after factory reset (cause that's how I roll).;)
 
Anyone else having problems with the 87U package? I've downloaded it twice but the upload fails.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top