Release Asuswrt-Merlin 3004.388.9 is now available

[greengnome]

I'm running a TUF-AX5400 as AiMesh router and a TUF-AX3000 V2 as node. After updating firmware it was no longer possible to connect wifi clients to the node (but router still worked). Tried rebooting, fiddling with settings and factory default. Eventually rolled back to 388.8_4 again and the problem went away.

Client log said:

NetworkManager[1016]: <warn> [1756558420.7669] device (wlp54s0): Activation: (wifi) association took too long, failing activation
NetworkManager[1016]: <info> [1756558420.7670] device (wlp54s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'man>
NetworkManager[1016]: <info> [1756558420.7673] manager: NetworkManager state is now DISCONNECTED
NetworkManager[1016]: <warn> [1756558420.7677] device (wlp54s0): Activation: failed for connection 'Auto networkname'

Tested with a number of different devices, none could connect.

Related github issue:
https://github.com/gnuton/asuswrt-merlin.ng/issues/815

 

[aex.perez]

Not familiar with the Gnuton releases, but 388.9 had issues mixed WPA 2&3 and gave me nightmares on have the nodes even with wired backhaul. If 388.9.2 is available best bet it use that release.

 

[greengnome]

Not familiar with the Gnuton releases, but 388.9 had issues mixed WPA 2&3 and gave me nightmares on have the nodes even with wired backhaul. If 388.9.2 is available best bet it use that release.

If that was a reply to me it is not the issue I had, I tested with only WPA2.

 

[Tex Texan]

Saw new official firmware has just been released for my RT-AX88U, assume these fixes/features are all newer than what is in current Merlin 3004.388.9_2?

ASUS RT-AX88U Firmware version 3.0.0.4.388_24333
Version 3.0.0.4.388_24333
67.83 MB
2025/09/01
SHA-256 ：1988DDA2DCA47B013D1BF0524FF834291C2DDA067D1A0751BCEBCFA986862B27
Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.

Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defense against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
- Detailed Audit Trails – Expanded logging within the authentication module.

System Improvements
- Connection Stability – Core algorithms refined for steadier links.
- Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
- Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

Bug Fixes:
- Fixed abnormal client list.
- Fixed abnormal GUI behavior of Wireguard VPN.
- Fixed USB internet backup conflict with main WAN.
- Fixed abnormal WAN detection while AiDetection is enabled.
- Improved AdGuard DNS GUI issues.
- Fixed IPv6 related issues.
- Improved USB tether compatibility for pixel phones.

 

[bennor]

Saw new official firmware has just been released for my RT-AX88U, assume these fixes/features are all newer than what is in current Merlin 3004.388.9_2?

Rmerlin previously explained how he gets the GPL's from Asus:

I get code directly from Asus, it's unrelated to what's released on their website. I have particular requirements that their developers need to meet when preparing the archives, like having the same code base for all models, which is rarely the case with their own firmware releases.

The Asus-Merlin Change Log will indicate the GPL version update, if any, in a firmware's release. One may have to read back to see the GPL version if a firmware release doesn't contain a GPL update. The Change Log will typically have any recommended installation instructions.

Since the 3004.388.9_2 was released on 28-Apr-2025, its safe to assume it does not contain the security updates in the latest stock Asus firmware released in the past two weeks.

 

[dave14305]

Saw new official firmware has just been released for my RT-AX88U, assume these fixes/features are all newer than what is in current Merlin 3004.388.9_2?

The pre-release 388.10_alpha2 is based on Asus 388_25523. The leapfrogging continues.

 

[Unetwork]

A quick feedback after almost 100 days with version 3004.388.9 on my AX88U.
Everything works perfectly.

I only saw one bug in the logs two days ago. I'm posting it here in case it helps to fix the next version.
Thanks again to Merlin and the developers for their work.

ep 6 04:15:13 kernel: potentially unexpected fatal signal 11.
Sep 6 04:15:13 kernel: CPU: 3 PID: 31245 Comm: asd Tainted: P O 4.1.51 #2
Sep 6 04:15:13 kernel: Hardware name: Broadcom-v8A (DT)
Sep 6 04:15:13 kernel: task: ffffffc02ab37480 ti: ffffffc02e10c000 task.ti: ffffffc02e10c000
Sep 6 04:15:13 kernel: PC is at 0xf6aaeb74
Sep 6 04:15:13 kernel: LR is at 0xf6600018
Sep 6 04:15:13 kernel: pc : [<00000000f6aaeb74>] lr : [<00000000f6600018>] pstate: 20000010
Sep 6 04:15:13 kernel: sp : 00000000f69ea878
Sep 6 04:15:13 kernel: x12: 00000000f660001c
Sep 6 04:15:13 kernel: x11: 0000000000000010 x10: 00000000f6600010
Sep 6 04:15:13 kernel: x9 : 00000000f69eaa44 x8 : 0000000000000002
Sep 6 04:15:13 kernel: x7 : 00000000f6600010 x6 : 00000000f66011e8
Sep 6 04:15:13 kernel: x5 : 000000000001fe18 x4 : 00000000f69ea8e4
Sep 6 04:15:13 kernel: x3 : 000000000000002f x2 : 0000000000021000
Sep 6 04:15:13 kernel: x1 : 0000000000000000 x0 : 000000000000002f

 

[RMerlin]

Update from 3004.388.4, update went fine but one thing I noticed when I connect a wireguard client to my home it connects fine and shows up in the VPN - Status, but after disconnected wireguard client is still visible as a connected client.
The connection doesn't work any more but as mentioned stayed visible in VPN - Status.
After stop and start the wireguard Server it doesn't show anymore.

That's because of how Wireguard works. Wireguard is a connection-less tunnel, meaning that if you close a client, the server has no way of knowing that you did that. The server will keep reporting all peers it has ever seen. All it can do is send KeepAlive packets, and report whether it received any response.

admin@RT-AX88U-9C90:/tmp/home/root# wg show
interface: wgs1
  public key: UcRHB2y7/1VxDClfhiHeRF6kAbtaPOwiSeqTdRSAYj8=
  private key: (hidden)
  listening port: 51820

peer: QiggHZssYSH615Noq2V0nxVaote7sPnnpLyq0tm4SCQ=
  endpoint: 192.168.10.222:55125
  allowed ips: 10.6.0.2/32
  latest handshake: 5 minutes, 55 seconds ago. (sec:355)
  transfer: 382.27 KiB received, 570.47 KiB sent

The way the VPNStatus page handles it is if a peer hasn't responded for 180 secs, then the peer won't be shown.

 

[johnny7556]

Thank you for the explanation, i didn't used Wireguard before so I didn't noticed