Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Fork] Asuswrt-Merlin 374.43 LTS releases (V22E4)

Discussion in 'Asuswrt-Merlin' started by john9527, Aug 14, 2014.

  1. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    3,736
    Location:
    United States
    LATEST RELEASE: Update-22E4
    13-January-2017
    Merlin fork 374.43_2-22E4j9527
    Download http://bit.ly/1YdgUcP
    ============================

    This is an LTS (Long Term Service) fork of Asuswrt-Merlin based on 374.43_2. This older code base has a history of being very stable, and some of the older code components may perform better in some environments. It may be a good choice for those who desire a 'set it and forget it' router solution. Additional information on the differences between this firmware and the later Asuswrt-Merlin releases can be found following the recent change highlights.
    The following routers are supported by this firmware:
    • N16, N66U, AC66U, AC56U, AC68U (Rev A1,A2,B1) (Rev C1 is NOT supported), and AC68P (and the retail and color versions, R and W, of each router)
    The following routers were released after the base code used for this fork was available, and are NOT supported.
    • AC66U-B1, AC68U Rev C1, AC1900, AC1900P, AC87U, AC3100, AC3200, AC88U, AC5300 (and the retail R versions)

    Installation Notes
    • Firmware is now packaged as a zip file (consistent with Merlin firmware releases). Remember to extract the .trx file prior to updating the firmware. An sha256sum file is included in the zip file to validate the firmware.
    • For supported routers currently running ASUS firmware 380.3000 or above, or Merlin 380.60 or above, you cannot load this fork using the built in firmware update web interface. You must use the ASUS Firmware Restoration Tool from the ASUS support website to install this fork firmware.
    • A factory default reset is NOT required if coming from any level of the fork or Merlin 374.42 or 374.43 code. Coming from any other level does require a factory default reset after the code is loaded.
    • MIPS users are reminded to have a jffs backup as changes in the code image size may affect the jffs space! If you are having jffs script errors or cannot access jffs after loading the firmware, please reformat jffs from the Administration page and restore your jffs backup.

    Update-22E4 Highlights
    • Fix for WAN access not being able to be set for ssh (this was a regression in V22E2)
    • Fix for MIPS curl not supporting https (this was a regression in V22E2)
    • Fix for QoS upload charts/data not being shown if using PPPoE connections
    • Fix for some syslog records being lost when Applying changes on the Administration>System page (ASUS bug)
    • Added hints and popup help for DNSSEC and DNSCRYPT options
      One thing to note....I have seen some intermittent DNS failures if DNSSEC is enabled and you are not using a DNS server that supports DNSSEC. Please make sure your DNS server supports DNSSEC before enabling this option.
    • Support for Google DDNS (ASUS backport)
    • Misc code optimizations in DNSCrypt and SSH support
    • Merlin Backports
      • Update NANO to 2.7.4
      • Improve gui performance by caching some javascript files in the browser
      • Improve generation of ovpn files when using DDNS

    Update-22E2 Highlights (full Changelog history can be found in the individual firmware zip files)
    • Security Updates
      • Backport of ASUS XSS/CSRF security fix
      • Buffer overrun prevention updates for router http server
      • Dropbear SSH server only listens on router address (backport)
      • Updated OpenVPN to 2.3.14
      • Change the default OpenVPN server cipher to the more secure AES-128-CBC (backport)
      • Remove webui support for the RC ciphers in OpenVPN (backport)
    • NEW - A completely rewritten Traditional QoS
      This traditional QoS implementation should work more like one would expect based on the QoS rules
      • Overall Download/Upload limits are honored
      • Download/Upload percentage limits and priorities are enforced based on the priority levels
      • Thanks to RMerlin for the 'howto' in his build, QoS Statistics graphs are available for the new traditional QoS
      • Default QoS rules have been updated to better reflect the current transfers required for web pages (must factory reset to get the new defaults)
      • A couple of things to note
        • Rule order matters...rules are enforced 'top to bottom'. For example, with the following rules
          1. HTTP port 80 set as high priority
          2. Specific client set as low priority
          the HTTP rule will take precedence, therefore the low priority client will still process HTTP requests as high priority.
        • Rules specifying an address range will only apply to IPv4 and not IPv6 (when IPv6 is enabled). Using the pulldown to specify a specific client, will use the MAC address in constructing the rules, so will apply to both IPv4 and IPv6.
        • User with ARM routers are recommended to use the FQ_CODEL queuing discpline (which is now the default if you perform a factory reset). With the QoS changes, there are definite improvements with FQ_CODEL over SFQ.
        • If the router OpenVPN Client is active, any clients using the VPN connection will use the default priority setting. Setting specific rules for VPN clients can entered, but will be ignored when the VPN is active.
    • NEW - Support for DNSCrypt
      • The option is located on the WAN > Internet Connection page
      • Doesn't use any shell scripts or hardcoded IP addresses
      • Supports two DNSCrypt resolvers for redundancy
      • Supports IPv6/DNSSEC enabled DNSCrypt resolvers
      • Integrated with the OpenVPN Client (if DNSCrypt is active, there is a new DNSCrypt option for the OpenVPN DNS)
      • New option for ARM processors to allow using VPN servers in Exclusive mode for VPN Clients and DNSCrypt for non-VPN (WAN Clients). Sorry, this is not available for the MIPS based processors as it required a kernel backport and the MIPS kernel is too old.
      • Support is provided to obtain the latest list of DNSCrypt resolvers. Logon to the router command line and enter
        Code:
        dnscrypt-update-resolvers.sh
        The latest resolvers list will be downloaded to a /jffs/etc directory (jffs must be enabled) via a secure connection. Signature verification of the downloaded list is planned for a follow on release.
    • Fork updates
      • Prevent use of registered domain names for the router domain
      • An update to allow MIPS based routers to properly process iptables rules using set-mark with a mask. This should eliminate problems for those writing custom iptables rules or in certain combinations of router options, such as using Merlin NAT loopback with url or keyword filters.
      • A change which may allow JFFS to be formatted on ARM based routers with bad blocks in the JFFS space
      • A fix to fully support encrypted FTP (manual setup still required)
      • Fix when using explicit-exit-notify in OpenVPN client custom configuration. This should also resolve other problems such as 'orphan' routes when stopping VPN clients and problems in setting custom routes in the custom configuration.
      • Improved the OpenVPN Client/Server start and stop sequences
      • A new DNSSEC option for strict enforcement. If this is enabled, and non-DNSSEC enabled DNS servers are specified, DNS lookups will fail (internet access will be effectively blocked). Previously, lookups would use DNSSEC if available but still return non-DNSSEC verified results.
      • Fixes to improve failover in Dual WAN environments with non-link fails
      • Fix DDNS update in some cases where the DDNS address became out of sync with the actual WAN address
      • Improvements in reboot processing
    • Other Merlin Backports
      • Update nano to 2.7.1
      • Add IPv6 support for curl
      • Report error if importing an ovpn file with a missing/invalid key or certificate
      • The sha256sum file now has the extension of .sha256
      • Misc other backports from the latest Merlin build

    Some notes on this fork...

    The fork does include
    • Maintenance for documented security issues
    • Maintenance for supporting open source components (such as dnsmasq, miniupnpd, etc)
    • Backports of applicable fixes and new functions from Merlin's main branch
    • Some unique support for options requested by users
    • A different IPv6 stack which may work better in some environments
    • Older versions of the wireless drivers that some feel offer better performance (especially on the MIPS based routers)
    • Less of a lockdown on tweaking power levels
    The fork does not include
    • The new TrendMicro DPI engine functions for ARM routers
    • The enhancements to the networkmap for custom icons, client naming, etc.
    • Some of the enhanced gui formatting of later releases, for instance the new wireless log
    • Support for the ASUS router control app
    • All the changes/tweaks that ASUS may have made since the original code was released (and any new introduced bugs :) )

    Custom features of the fork which are not exposed in the gui can be set by an nvram variable. These custom features are documented in the Merlin_Fork_Options file in the download directory.

    Thanks to all for your continued interest in this fork.


    Source: https://github.com/john9527/asuswrt-merlin : branch 374.43_2-update

    SHA256
    Code:
    1490b9fd8928ec62958e138902550ee73201473823fc661b4327af67547db702  RT-AC68U_3.0.0.4_374.43_2-22E4j9527.trx
    19015369749718b7a217f3b08b4940de1fda3ffa1b812edcf37d7edf3985cb7c  RT-AC56U_3.0.0.4_374.43_2-22E4j9527.trx
    35b4a69278548b19621e877fc3faa402bd8e95b49693b86f06bf9eecb5a15246  RT-N16_3.0.0.4_374.43_2-22E4j9527.trx
    a26ffa72229f4aa03cd9d13c6007e4bb62326fff16784ee4730482b4b28cdc9e  RT-AC66U_3.0.0.4_374.43_2-22E4j9527.trx
    f2eb1ed2885db42b3b5d155c287a6f3293dc247f32d83a7dd225b38d32361134  RT-N66U_3.0.0.4_374.43_2-22E4j9527.trx
    
     
    Last edited: Jan 14, 2017 at 3:47 PM
  2. Raiu

    Raiu Regular Contributor

    Joined:
    Dec 10, 2013
    Messages:
    186
    This is awesome man! I haven't tried it yet. My wife is in school so I need 100% up time right now lol
     
  3. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    Awesome!
    A maintenance update for 374.43 :)

    I flashed it on top of 374.43 and so far so good.
    Nice work.

    MD5 checksum I got for the RT-N66U .trx file: E10E98C4F6CF380B00712A6A6BEEE2A1
     
  4. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    3,736
    Location:
    United States
    Glad to hear that the flash on N66U worked!
    Good point on the MD5 checksum....I added them for all the releases in the first post.
     
  5. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    Nothing funny in the syslog so far.
    Glad to see my MD5 is the same as your source. :)

    For my understanding, the fixes/changes above are they all from Github?
    Or did you merge them in yourself?
     
  6. kiesa1231

    kiesa1231 Regular Contributor

    Joined:
    Jul 13, 2013
    Messages:
    86
    Please fix to work huawei e3276s 4g modem in 374.43_3 build thanks.
     
  7. Jeffo

    Jeffo New Around Here

    Joined:
    Jul 17, 2014
    Messages:
    6
    Add maintenance of Huawei 3g/4g lte dongle to 374.43

    Same here. Requesting for maintance fix for the Huawei compatibility issue for 3G/4G/LTE dongle. it was working from Merlin 374.40Alpha4 and older also the latest 376.44 series. the firmwares in between doesn't work.
    Using a Huawei e3276s here too.
     
  8. lwizard

    lwizard Regular Contributor

    Joined:
    Jan 27, 2014
    Messages:
    95
    minidlna

    Is it possible also updating minidlna to 1.1.3?

    Thanks for the work.

    I am scared about trying 44 since it seems to cause lot of troubles in very important things like wifi and general speeds... and actually 43.2 is working right for me..
     
  9. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    Come on gents, cut the Huawei crap.
    That one is complicated and for ASUS to fix.
    Send ASUS a bug report!

    And put the router in question in your signature.
    Do we have to smell what you are using?

    Do try the fork from john9527 and give him some feedback.
    Much better than only asking.
     
    Last edited: Aug 15, 2014
  10. Kal-EL

    Kal-EL Very Senior Member

    Joined:
    Aug 15, 2013
    Messages:
    1,141
    Location:
    Motor City, Michigan-USA
    Can someone running this build explain more about it ? Is this a build that has the fixes for 44 but the interface of 43_2 ? Any comments would be great..
     
  11. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    Don't be scared, just give 376.44 a try.
    See if it works in your environment and decide yourself.
    If not, simply revert to what you are using now.
     
  12. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    That seems the case as far as I can see.

    Maybe john9527 can tell us a bit more...
     
  13. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    3,736
    Location:
    United States
    All the fixes have been committed by Merlin in his master branch. For this build, I merged them in by hand....gave me a chance to double check they were applicable (some I looked at were not) and gave me the chance to work through how git really worked. The exception was the openssl update...that one I let 'git cherry-pick' for me (146 updated files!).
     
  14. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    3,736
    Location:
    United States
    Merlin kindly tags all his releases in github, so I was able to make a branch of exactly the 374.43 release. With that as a base, I looked at what had been fixed in later builds that may have been seen on the 43 code (a good example is the Plex miniupnpd syslog flood). So I picked up that specific fix and added it to the 43 code.

    So what this is, is the 43 code, with just a couple of fixes on top of it that may help people out who don't want to upgrade to the next major release yet.
     
  15. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    3,736
    Location:
    United States
    Right now the minidlna update is not in the plan (there is one minidlna fix picked up)....Asus actually picked that up, so it's rolled into Merlin's big merge without a specific commit I can go after (and I need to learn more to do an update that big ;) ) This is unlike the openssl commit where I was just able to grab Merlin's work (only picked up to stay on top of any security issues).

    Also, as you said, for me 43.2 is running pretty well....there were just a couple of things that needed addressing in my environment which led me into this project. I don't want to do too much and end up destabilizing the 43.2 base.
     
  16. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    Great choice!

    The problem with 376.44 is that you can't localize the router any more.
    This is ASUS crap because of some FCC regulations.
    FCC has no jurisdiction in my country, but ASUS doesn't care.

    This means that with 376.44 I'm stuck with only 4 channels on 5GHz and reduced range on both WiFi bands.

    So I stick with 374.43 unless there are serious security issues that needs to be fixed.
    Probably a lot of people will do the same.
    Such a shame for a great open source project.

    That's why I am happy to see john9527's update on the 374.43 base. :)
     
  17. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    402
    Location:
    The Netherlands
    Running fine, nothing unusual seen in syslog. :)
     

    Attached Files:

  18. DrTeeth

    DrTeeth Senior Member

    Joined:
    Mar 29, 2013
    Messages:
    379
    Many, many thanks indeed. Just what the Dr ordered, no pun intended.

    Please keep up the good work. If you do keep it up, please set up a donation page.
     
    Last edited: Aug 16, 2014
  19. Raiu

    Raiu Regular Contributor

    Joined:
    Dec 10, 2013
    Messages:
    186


    From what I have read those that went to 44 and that wanted to go back were stuck and couldn't get their settings to work right.
     
  20. Kal-EL

    Kal-EL Very Senior Member

    Joined:
    Aug 15, 2013
    Messages:
    1,141
    Location:
    Motor City, Michigan-USA
    I tried 44 two times and went back to 43_2 with no issues just make sure you do a complete factory reset.
     

Share This Page