[Release] Asuswrt-Merlin 384.11 is available

[Swistheater]

@Swistheater / @Chrisgtl Did you not understand the diagram?

The UK Band "A" channels are 36-64 i.e. in increments of 4 in the GUI.

If you select 20MHz width, you have 8 discrete channels, and a WiFi scanner will show these 8 channels.

If you select 40MHz, then you will occupy 2 channels, leaving only 4 separate channels, so in the GUI, as an example, selecting either 44 or 48 will show up in a WiFi scanner as Ch46.

If you select 80MHz, then you occupy 4 channels, so in the GUI, selecting any of the following 36,40,44 or 48 will show up in a WiFi scanner as Ch42.

Simples!

In much the same way as using 20MHz and channels 1,6 or 11 for the 2.4GHz WLAN Spectrum, to be a good neighbour and reduce the amount of interference, it is sometimes necessary to use the discrete 20MHz channels i.e. suppose you had 6 APs, you wouldn't want them all hogging say Ch42 fighting each other, so you would assign each of them to a different 20MHz channel,.

Hope this is helpful.

I understand what you are saying question is does he? It makes sense what you are saying, I was going under the impression he knew that.

 

[Martineau]

I understand what you are saying question is does he? It makes sense what you are saying, I was going under the impression he knew that.

Then I am confused by your post.... i.e. why would you suggest ASUS would disable any of the valid channels?

Could have been shut off in all the recent firmware adjustments by asus.

 

[Swistheater]

I understand what you are saying question is does he? It makes sense what you are saying, I was going under the impression he knew that.

I tend to use higher channels when possible.

 

[Swistheater]

Then I am confused by your post.... i.e. why would you suggest ASUS would disable any of the valid channels?

I was going along the lines of if he tested everything and was still having problems

 

[Martineau]

ppp0

Hope you ensure your scripts don't hard code the WAN interface as 'eth0'

 

[accolito]

This is what happens to me if I enable DoT on my AC86U on latest fw (I've tried to clear all settings too). I got no dns connection.

stubby -L

stubby: ./../stubby/src/yaml/convert_yaml_to_json.c:444: output_scalar: Assertion `event->data.scalar.length > 0' failed.

Stubby not present on process list
On WAN settings page / DoT settings, I see a lot of wrong settings (tried to remove and apply them by hand) like:

a href="http://1.1....
<a...

This is my etc/stubby config:

resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
  - GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
appdata_dir: "/var/lib/misc"
resolvconf: "/tmp/resolv.conf"
edns_client_subnet_private: 1
round_robin_upstreams: 1
idle_timeout: 9000
tls_connection_retries: 2
tls_backoff_time: 900
timeout: 3000
listen_addresses:
  - 127.0.1.1@53
upstream_recursive_servers:

 

[Swistheater]

You have no servers listed

 

[accolito]

You have no servers listed

That's my point. I'm unable to add any server, even manually.

 

[Swistheater]

So you added one and hit apply at the bottom of the page? And it still wont list?

 

[accolito]

So you added one and hit apply at the bottom of the page?

Yes but I see no server added, only cutted characters, for example if I add 1.1.1.1, on server list, once I've applied settings, I see this on the router's webpage:

a href="http://1.1....1.1.1.1
/a


a href="http://clou...cloudflare-dns.com
/a

EDIT: I found that latest Firefox has something to do with it. I tried with Chromium and everything now works.

 

[SheikhSheikha]

Asuswrt-Merlin 384.11 is now available for all supported models. This is a fairly big update which brings a number of new features.

The highlights:

• New DNS Privacy feature, with DNS-over-TLS support. Configurable under WAN -> Internet Connection, this feature lets you connect with DNS servers that support DNS-over-TLS (DoT). DoT allows your DNS queries to be encrypted, preventing snooping from your ISP or anyone else in transit. Please visit https://dnsprivacy.org/wiki/ for more info on this protocol.
• Replaced the custom ntpclient with an ntp daemon. This daemon acts as a client (to sync your router's clock with the NTP servers configured on the router's System -> Administration page), but it can also be used as an ntp server for your LAN devices. Server functionality can be enabled on the System Administration page. Afterward, you can either configure your LAN clients to use your router's IP as their NTP server, or enable the option to intercept NTP requests and automatically redirect them to your router's NTPD.
• Updated some of the Network Tools to use Asus's new Netool service (RT-AC86U and RT-AX88U only). This allows the addition of a new visual ping for instance.
• GPL merges: 384_5951 (RT-AX88U), 384_45713 (all other models). Note that the RT-AC87U and RT-AC3200 are still using the 384_45149 binary blobs for their closed source components.
• Component updates: nano (4.0), curl (7.64.1), dropbear (2019.78).
• Reworked the Firmware Upgrade page. The option to enable/disable automated checks are now on that page, and support for the Beta channel has been removed. Also, the popup reporting a new firmware release will now display that new firmware's version.
• Cleanups to the DDNS page (removed the annoying alert() popups, and moved the notification within the page itself)
• Moved some DNS settings (like DNSSEC) from the DHCP to the Internet Connection page
• Moved LED control to the System -> Administration page
• Editing devices on the Network Map will no longer restart your entire network, only dnsmasq itself. It means that blocking Internet access through it might not immediately come into effect, however the previous behaviour made it impossible to edit multiple clients.
• Custom config/script changes: added service-event-end (run at the end of an rc service event, same parameter as service-event), stubby.postconf/add support (for customizing the DNS Privacy configuration). pre-mount will now receive the filesystem as a second argument.
• Reboot Scheduler should be more reliable and less likely to corrupt plugged USB disks now
• Security issue CVE-2019-1543 resolved in OpenSSL 1.1.x

Please review the changelog for a complete list of changes.

Anyone donating through Paypal: if you do so specifically for the addition of DNS-over-TLS, please leave a note in your donation, so I can forward your donation to @themiron who did about 90% of the implementation. (the last 10% I did was mostly webui stuff around it, like implementing the preset management).


Downloads are here.
Changelog is here.

Did the update with the full reset and install (M&M) on my two AC5300.
The router configed AC5300 demonstrates instability in 2.4GHz (falls back from 600 to 150Mbps for no reason (and no this is not due to interference or what nut).
The repeater configed AC5300: 2.4GHz works but does NOT connect to the internet.

So all in all DoT is a breath of fresh air but I am suffering on my 2.4GHz channels (only used for Nest Protects) in both router and repeater configuration.

 

[L&LD]

Did the update with the full reset and install (M&M) on my two AC5300.
The router configed AC5300 demonstrates instability in 2.4GHz (falls back from 600 to 150Mbps for no reason (and no this is not due to interference or what nut).
The repeater configed AC5300: 2.4GHz works but does NOT connect to the internet.

So all in all DoT is a breath of fresh air but I am suffering on my 2.4GHz channels (only used for Nest Protects) in both router and repeater configuration.

Did you test with Auto or manual Control Channels? How far apart are the routers and what is in-between them?

Maybe posting a few of your wireless setup pages will help others give further suggestions?

 

[cmkelley]

Heads up in case someone makes the same mistake I did:

Using the firmware stubby and forcing all DNS to the router, I had left the cloudfare IPV6 DNS servers entered on the IPV6 page. My message log filled with "kernel: protocol 86dd is buggy, dev eth0" messages, where "86dd" was also sometime "0000" or occasionally "0800".

So, if you see that error, try removing those.

 

[RMerlin]

I can't get the tcpdump command to display any output:

Check what your WAN interface is, in case it's not eth0:

nvram get wan0_ifname

Also make sure you don't use a VPN, which would route all traffic through it.

FYI - Wow! Absolutely amazing response - see this HND model v384.11.1 commit

That's because Asus had already implemented support in Netool for both source and destination parameter, they just never implemented the webui support for it. Otherwise, it would have been a no-go.

Interesting story there: the Netool implementation was done for the GT models, however it was never finalized (i.e. backend for netstat-nat was implemented, but they never implemented the webui frontend). Almost as if whoever worked on it quit his job in the middle of his work... They never fully debugged uclibc support for traceroute either (hence the issues on non-HND).

I'm feeling OK with enabling this previously GT-exclusive feature because I have done a fair amount of additional work on it to earn that right IMHO

 

[Swistheater]

Heads up in case someone makes the same mistake I did:

Using the firmware stubby and forcing all DNS to the router, I had left the cloudfare IPV6 DNS servers entered on the IPV6 page. My message log filled with "kernel: protocol 86dd is buggy, dev eth0" messages, where "86dd" was also sometime "0000" or occasionally "0800".

So, if you see that error, try removing those.

What issues did this cause as far as use goes?

 

[RMerlin]

I can't select channel 42 on my 86U. I have 40 and 44 but no 42.

Selectable channels will vary based on the channel width you select.

EDIT: I found that latest Firefox has something to do with it. I tried with Chromium and everything now works.

DOM corruption is generally caused by add-ons.

 

[Swistheater]

Check what your WAN interface is, in case it's not eth0:

nvram get wan0_ifname

Also make sure you don't use a VPN, which would route all traffic through it.



That's because Asus had already implemented support in Netool for both source and destination parameter, they just never implemented the webui support for it. Otherwise, it would have been a no-go.

Interesting story there: the Netool implementation was done for the GT models, however it was never finalized (i.e. backend for netstat-nat was implemented, but they never implemented the webui frontend). Almost as if whoever worked on it quit his job in the middle of his work... They never fully debugged uclibc support for traceroute either (hence the issues on non-HND).

I'm feeling OK with enabling this previously GT-exclusive feature because I have done a fair amount of additional work on it to earn that right IMHO

It would be interesting if netools could ever be implemented on their lesser counterparts, but with anything good it is only practical if it is not just wishful thinking.

 

[Delusion]

Yes, it is just a cosmetic fix. It will crash over and over and over. I think AIProtection still works. I'm a single old guy who uses the 'Net carefully with noone else on my network. I see no hits on AIProtection, though it is enabled.

As Rmerlin has stated many, many times, this is a TrendMicro issue that is closed source and only TrendMicro can fix it. RMerlin can not fix it. Now one knows the answers to your questions except TrendMicro and their closed source programmers who write the code.

Sorry, I know not much help. Many of us have it and remove it from the syslog to minimize the annoyance. I have seen no reports of issues using that workaround or removing them with syslog-ng via scribe, which is how many of us handle that dcd tainted crash.

OK so I did some tests to see if I get Hits when dcd crashes and It does . Malicious Sites Blocking and Two-Way IPS work after the dcd crash ... so its fine, the logging of the crash is less important if firewall is still functional

 

[martinr]

Hi,

my issue (showing disconnect on main page) is gone after a full factory-reset an re-write my settings with the navram save/restore utility.

The nvram save/restore utility has not been compatible with Merlin’s firmware for a good while now (since at least the 384 series and possibly the 382 firmware series. (But it still works with John’s fork.). If it worked for you, you’ve been really lucky, but at the first sign of any problems, get ready to do a reset with a manual input of your settings. And if you follow L&LD’s Guide, to the letter, you’ll be fine.

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

Well worth reading the whole thread.

 

[cmkelley]

What issues did this cause as far as use goes?

None, just completely overwhelmed my log. That's why I didn't post an "OMG MY LOG IS FILLED WITH THIS WHAT IS WRONG?!?!?!?" message. Just in case someone has the same issue and bothers to search.

I actually have another I'm trying to track down (it's a hobby) that's also not causing issues "[tdts_shell_ioctl_stat:256] Recv ioctl req with op 2". Searching the messages this has been seen a few times before but I can't find any resolution so far. Even odder, it is exactly every 30 minutes, like +/- 1 second, and I can't figure out what's running every 30 minutes. If I can't I'll just filter it out with syslog-ng.