What's new

Skynet / dnsmasq / Flowcache / Merlin 388 releases

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

No one knows. As per this post there is something else used. This is not that important. What is important very often what I find issues with in 388 firmware works well in later 386 firmware. In my understanding and experience so far firmware version below 38x.4xxxx -> user as a beta tester.
 
Firstly, I do not want to bash all the wonderful work that @RMerlin has done, as the issues are inherited from ASUS.
After reading all the comments in this thread and the main 388.2 release thread, it seems to me that @Tech9 is right.
If you run with limited scripts, as I do, it works well and is quite stable. re. memory is usually around 49% usage.
I only use IPv4 and I see no issues with firewall so far (e.g. port scan is all stealth except 135 and 445 which are closed - people can google why)
Regarding scripts, I only use scMerlin, Disk checker, LED Scheduler, and SKYNET (use mainly for outbound protection with conservative lists only)
I also do NOT use AI Protection. I had disabled AI protection a long while ago as I found it caused a major wifi speed drop, a lot of false-positives, and the 'Privacy issue'. (don't get me started on the AI acronym as it is over-used - it is more machine learning at best)
The only issue for my set up is slightly lower DL speeds (anywhere from 5-10% hit).
I thought about going back to 386.8 but working in the IT industry, I will always make speed sacrifices for security.
An example is DNSMASQ, where 2.89 (current version) has a lot of bug and security flaws addressed since the 2.85 release (which 386.X uses).
Just my two cents (actually a Nickel as Pennies are not used up here anymore).
 
Firstly, I do not want to bash all the wonderful work that @RMerlin has done, as the issues are inherited from ASUS.
After reading all the comments in this thread and the main 388.2 release thread, it seems to me that @Tech9 is right.
If you run with limited scripts, as I do, it works well and is quite stable. re. memory is usually around 49% usage.
I only use IPv4 and I see no issues with firewall so far (e.g. port scan is all stealth except 135 and 445 which are closed - people can google why)
Regarding scripts, I only use scMerlin, Disk checker, LED Scheduler, and SKYNET (use mainly for outbound protection with conservative lists only)
I also do NOT use AI Protection. I had disabled AI protection a long while ago as I found it caused a major wifi speed drop, a lot of false-positives, and the 'Privacy issue'. (don't get me started on the AI acronym as it is over-used - it is more machine learning at best)
The only issue for my set up is slightly lower DL speeds (anywhere from 5-10% hit).
I thought about going back to 386.8 but working in the IT industry, I will always make speed sacrifices for security.
An example is DNSMASQ, where 2.89 (current version) has a lot of bug and security flaws addressed since the 2.85 release (which 386.X uses).
Just my two cents (actually a Nickel as Pennies are not used up here anymore).
Can’t say I disagree as I too have been in IT for a long time. It’s always a balance but at least in my case this is something that is deep within the core code delivered by ASUS that Merlín enhances.

I’ve playing around with limited addons even the most basic ones not needing Entware. Even going back to ASUSWRT (with no addon, IPv4 and even turning off OpenVPN) and get the same issue where a power cycle is the only way to recover.

So faced with a choice of instability vs Security (Rock vs Hard place) I have to land on the side of stability as I can always layer/augment security.

It sucks and while under normal circumstances I could just deal with it. In my case stability/consistency is paramount…

Going back to latest 386 code for my router and nodes (everything from scratch and rebuild) which was very stable in my case. I’l wait around for a more stable 388 branch or if I end up with new HW, router and nodes before trying again…
 
Asuswrt-Merlin 388.2 works well with Skynet (for whoever needs it) and AdGuard Home (with reasonable size blocklists). Nothing else is needed there.
 
Keeping it simple here. No script, I have both AiProtection and IPv6 enabled.

1686154721900.png
 
I've tried all variations of simple, even down to ASUSWRT with just OpenVPN, no Trendmicro anything for years. IPv6 off. Same deal, same crash, related to flowcache and power recycle is the only way to recover. When the router comes back up, most everything is fine. Begining to think is a AX88u specific thing. Another thread talks about a AX88u slow down and it looks / sounds like the similar scenario to mine, went through all the same things early on with 388. Though I had it conquered clearing out caches every morning, staying under 70% RAM and turning off IPv6, nope...

I was going to take one of the AX86 nodes and swap it with the AX88, but don't have the time on my end to mess with that.

This all started with the 388 tree, took forever to isolate/correlate the crash with events that came after. I've yet to be able to isolate the why, only the after effects. The two logs on this thread, one under 388.2-2 the other under stock ASUS for the AX88 are basically the same crash, more detailed in the ASUS log. It happens when it happens and at the point that it does I can trace is back using spdMerlin Speedtest results to know when it happened and if I don't power recycle LAN / WiFI degrade to the point where you have to power cycle (also asychronous results and dropped packets galore). I can't tell if WiFi gets triggered first, then eventually Flowcache and things that depend on it or the other way around. But as soon as I start seeing asynchronous Speedtest results, I know a crash is imminent or has happened.

Under normal circumstances, with 1Gb fiber the Speedtest results are pretty synchronous. When this crash happens, the download results are 1/2 (so 600-450Mbps) and the upload 1/4 (850-600Mbps) of what they normally are (~925Mbps) until a power cycle (a reboot does not fix it). As soon as the router is back up, back to normal Speedtest results. Using ASUS firmware I had to depend on alerts from a couple of devices to know when it happened to go find it in the System Log.

I want to rule out HW again, so dropping back to 386.8 on the router and 386.7-2 on the nodes, with all the scripts I had and IPv6, where I was stable without Flowcache burping (technical term 🤣) taking other services down with it. I suspect if hardware, should still happen. But if it doesn't, then there I stay for awhile.
 
I don't like chasing latest versions of firmware components. Regularly updating to whatever came out yesterday doesn't necessarily mean stability and security. We've seen already Dnsmasq broken twice, miniupnp now doesn't work with private WAN addresses because the developer decided so, OpenVPN creates common configuration files issues, etc. All this turns Asuswrt-Merlin into unofficial test platform for developers. Add Entware in the mix.
 
Spent better part of the day putting humpty dumpty back together again. 386.8 for the AX88u and 386.7-2 for the AX86u's.
So far so good. Still have to get the nodes to send their logs to the router (scribe) and recreate a few filters.
Have been pushing the router hard for the last few hours and it appears to be stable.

It did have a couple of crashes as I reverted back and found parts of the old install on the USB stick, though taking it to factory default and a reformat of the USB stick took care of that.

At the moment, kinda thinking I'll get the AX88 Pro if it is hardware, already greased the skids on a new router with my other half, just in case. ;)
 
I too have been in IT for a long time

So you don't know how to build a good multi-AP system? You are like $800 in AiMesh and want more?

Still have to get the nodes to send their logs to the router (scribe) and recreate a few filters.

Why do you have to do this?
 
Last edited:
So you don't know how to build a good multi-AP system? You are like $800 in AiMesh and want more?
🤣

I have what I have as it evolved overtime and expanded it the simplest way possible to get my eldest into this, keeping him out of trouble.

Good investment in money, time and trouble as he was managing it. Kept him out of trouble now he’s working with the County/IT security.

My youngest has CP so the camera setup and other stuff, plus vpn access for the nurses are his, setup by my eldest.

I could set this up all sorts of ways, but travel as I do, the setup has to be so simple and straightforward that a total neophyte could fix it.

It’s all balance, working with what I got, who’s going use it and who’s going to fix it when I’m out of town.
 
Okay, and with all routers on stock Asuswrt, all reset and re-configured without your usual customizations... the system still wasn't working properly?
 
Okay, and with all routers on stock Asuswrt, all reset and re-configured without your usual customizations... the system still wasn't working properly?
Working fine, just had to factory reset and format the usb, then reinstall everything. Like if installing brand new….
 
format the usb

So basically you restore this easy to fix by anyone configuration?

AX88U HW1.1 Router 38x.x, with Skynet, spdMerlin, scMerlin, scribe/uiscribe, connmon, ntpMerlin. YazDHCP, vnstat
 
SOLVED!

A few days ago, it happen again, a mysterious drop in WAN bandwith by as much as 50%.
Going back and doing some searches in the forum I found several posts with the identical messages in the log, firewall restart and all and began to wonder example:https://www.snbforums.com/threads/asuswrt-merlin-386-5-is-now-available.77691/page-23

Then when I saw this post by @dave14305 "https://www.snbforums.com/threads/386-5-alpha1.77128/post-746522" regarding Adaptive QoS and TrendMicro I decided to did deeper.

Even though I have QoS disabled and TrendMicro Privacy revoked (though I have DDNS enabled, but no mention of TrendMicro) I thought I'd take look. Somehow the Upload Bandwith and the High Priority Packet (3 out of 5) were enabeled. I don't remember seting up QoS in any 388 release, and didn't have it with any 386 release either.

After zeroing everything out it looks like this now
QOS.jpg


As soon as I zero'd everything out and hit apply the bandwith returned (without having to reboot the router)
bandwidth.jpg


So this brings up a coupleof questions,
  1. Did I set up the upload bandwidth %'s and priority packets, or were they in 388 releases since the first Alpha?
  2. @RMerlin did I set it in 388 somehow, even though I went back to 386 and the issue went away?
  3. If QoS was disabled, what was starting it randomly
  4. Since I have TrendMicro Privacy revoked, what are those componet relate to Adaptive QoS @dave14305 refeferenced
So the mystery of what was happening, what fixed was solved, but the how and why is still up in the air. But got the one remaining issue resolved (which still happened in 388.4)

But feel I need to close with @RMerlin this release has been rock solid on the router and nodes, with better WiFi (by 20%) and better WAN bandwidth (by 5% - 10%) when not experiencing the mysterious bandwidth drop thanks to disabled QoS.

Not sure I can troubleshooot any further becuse nothing in the logs point back to Adaptive QoS or the TrendMicro components or why it was randonly triggeed, but clearing out that section or the config and hitting apply fixeed for me!

And thanks to the posts, history and searches on the forum for the idea that led to my fix, glad it wasn't firmware, hardware, or scripts afterall.

FINALLY!
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top