Release Asuswrt-Merlin 3006.102.4 is now available

[RMerlin]

RMerlin, can you comment about the issue regarding the 2.5gbps port on routers like the RT-AX86U Pro maxxing out at 1gbps? I've tried both official Asus and your firmwares and still cannot get wireless speeds over 1gbps over the wireless.

Works for me. Check your cabling.

Could their number be significantly reduced on the next release?

Closed source driver, outside of my control. Blame someone at Broadcom for being stupid enough to output ANSI code to syslog...

The first is that the 2.4 GHz section only shows the first 10 characters of the wi-fi password. I confirmed the full 63(?) character password is there, since my phone can still connect using the full password. This truncation shows in both the system status (home screen) and the wireless settings in Advanced Settings.

You probably have a non-alphanumeric character in that position that breaks the HTML code of your UI.

 

[bennor]

I have been able to assign IPs to devices on my guest network and it works fine if the device is connecting to the primary router either by WiFi or Ethernet. What I have not been able to accomplish so far is to get devices connecting to my AX86S node running the latest ASUS firmware to connect and accept the IP I have assigned them.

Also the language suggesting that you assign the IPs outside DHCP pool doesn't seem to be possible. First I haven't seen a place where you can set the range for the default 192.168.52.0/24 pool in the GUI. I then tried using a 192.168.52.0/27 pool and then assigning static IPs outside the pool. That was a no go as even though I had assigned the devices IPs above the upper limit of the /27 pool the router now ignored those assignments and assigned the devices IPs within the 27 pool. Since that didn't work I just reverted to using a /24 pool and everything works fine, and the devices get the IP I have assigned.

Seems to be another issue with Guest Network Pro to add to the list of various other issues discovered with that feature. Wonder if using a 3006 supported AiMesh node would solve the issue. I don't use AiMesh so haven't run into the issue or experimented with how Guest Network Pro works down stream on nodes. Also wonder if the same issue persists using 3006's dnsmasq-INDEX.conf.add or dnsmasq-sdn.postconf that's been discussed elsewhere. Does using either one allow for manual IP reservations on guests down stream on the nodes?

Edit to add: Another thought, if one has Guest Network Pro's Use same subnet as main network set to enabled, do the LAN - DHCP Server's manual IP reservations flow down stream to the node's Guest WiFi or is it limited to just the main router's Guest Network Pro clients?

 

[RandomUser777]

I have two issues I see with the new firmware on GT-AX6000.

The first is that the 2.4 GHz section only shows the first 10 characters of the wi-fi password. I confirmed the full 63(?) character password is there, since my phone can still connect using the full password. This truncation shows in both the system status (home screen) and the wireless settings in Advanced Settings.

The 5 GHz section shows the full password correctly.

View attachment 65773

The second problem is that something appears to be different about how clients connect. I have a thermostat that was connected using the previous version (3004.388.8_4) but was no longer able to connect with the new version. I ultimately changed the password to something smaller and less complex, and now it can connect, but it took all morning to figure that out!

The old password was a very long random password, so it's possible that a special character is being escaped or hashed differently. I mention this just in case someone else is scratching their head over IOT devices not being able to connect on 3006. My phone could connect, so I know the password was correct, but the thermostat kept getting authentication errors.

All seems to be working well with the shorter password.

63 character password? Holy smokes that's overkill - there are weaknesses that would be exploited way before a password that length would get in the way. Glad you shortened it.

 

[Dedel66]

I have been able to assign IPs to devices on my guest network and it works fine if the device is connecting to the primary router either by WiFi or Ethernet. What I have not been able to accomplish so far is to get devices connecting to my AX86S node running the latest ASUS firmware to connect and accept the IP I have assigned them.

In my setup, the IOT devices that are connected to the node via WLAN get the reserved IP from the guest network.

 

[aref_tmu]

Dear All,


I have two issues with the VPN setup:
1) How can I filter which devices are allowed to my L2TP VPN? In "VPN Director" I couldn't find any means to do so.
2) I can't set ExpressVPN OpenVPN service on the router. It keeps repeating check the configuration. Has anyone had the issue and found a solution for that?

Thanks in Advance.

 

[przemekwawa]

After upgrade I found that I have issue with my Yamaha receiver, it does not connect. It worked fine for last couple of years, but now shows not connected. In logs I see that tries to get IP, but I dont believe there is problem with DHCP, rather something with advanced wifi settings.
May 19 11:12:04 dnsmasq-dhcp[4232]: DHCPOFFER(br0) ....
May 19 11:12:05 dnsmasq-dhcp[4232]: DHCPDISCOVER(br0) ...
...

I checked suggestions in Internet and found some recommendations about airtime fairness and igmp snooping, but they are disabled.
Any ideas what can I check.
Whats funny, AirPlay works, but need to read about it, probably some kind of direct connection from apple devices.
2,4GhZ, configured now to only 20MHz to limit problems.

P.S. Just informationally, migration of IoT wifi didnt went well, had to reconfigure it.

 

[Dedel66]

@przemekwawa
Please provide a screenshot of your Wi-Fi settings. Have you disabled "Protected Management Frames" and all types of beamforming?
These settings are working with my Yamaha RX-A780 at guestnet:

 

[ligeza]

After upgrade I found that I have issue with my Yamaha receiver, it does not connect. It worked fine for last couple of years, but now shows not connected. In logs I see that tries to get IP, but I dont believe there is problem with DHCP, rather something with advanced wifi settings.

I also have a problem with 3006 firmware and GREE AC device (3 units). I change almost all settings on wifi advanced tab and nothing helped. I have a pair of XT12, so on second one I installed older Merlin firmware and all 3 units are connecting to this XT12 with 3004.388.8_4 firmware. One GREE AC unit is in the same room as XT12 with 3006 firmware but is connecting to the second XT12 (AiMesh node) with 3004 firmware. I didn't tryed to restore firmware to factory default so If you try it let me know if it helped with your Yamaha receiver..

 

[przemekwawa]

No luck with similar to your settings. Please find attached mine.
Just after changing settings I restarted all AiMesh, and made hard reset of Yamaha. It show after reconfiguration that it connected to wifi, but second later it is disconnected. In Wireless log I see its MAC address, but no IP.

 

[Seth Harman]

There is however a limit…so it depends on how you count a ‘whole mess’. I ended up using the dnsmasq-x.conf.add approach to get past that limitation for Guest Network clients.

I even had some fun writing a custom_client list generator in Excel for both the YazDHCP and dnsmasq-x.conf.add custom client names and icons.

Do you know what the limit is? I have 30 clients with reserved DHCP addresses on my IoT VLAN.

 

[fotingo]

Openvpn doesn’t seem to be pushing the Pihole dns server to clients. On the previous version, ticking this to yes would do it, but now it doesn’t.

 

[jksmurf]

Do you know what the limit is? I have 30 clients with reserved DHCP addresses on my IoT VLAN.

Ostensibly it is 32; however I reached a limit at 21, per my post. What memory usage, as referred to by RMerlin, caused it to stop at 21, I have no idea.

 

[RMerlin]

Openvpn doesn’t seem to be pushing the Pihole dns server to clients. On the previous version, ticking this to yes would do it, but now it doesn’t.

View attachment 65846

Works for me.

Unknown adapter OpenVPN TAP-Windows6:

   Connection-specific DNS Suffix  . : lostrealm.lan
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-E2-5D-FF-38
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1d5f:1047:a666:ac26%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.58.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : May 19, 2025 12:21:43 PM
   Lease Expires . . . . . . . . . . : May 19, 2026 12:21:43 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.58.0.0
   DHCPv6 IAID . . . . . . . . . . . : 352387042
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2B-A9-14-6D-48-51-C5-6A-43-16
   DNS Servers . . . . . . . . . . . : 192.168.10.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\rmerl>nslookup camelot.lostrealm.lan
Server:  stargate.lostrealm.lan
Address:  192.168.10.1

Name:    camelot.lostrealm.lan
Address:  192.168.10.100

 

[fotingo]

@RMerlin When connect my iphone to Openvpn outside my LAN, I can connect to it, but it's not using the Pihole DNS server.
Is there maybe another setting I need to enable on this version?

These are my settings..
LAN - Pihole IP

DNS Director

OpenVpn

 

[bennor]

DNS Director
View attachment 65851

One word of note about DNS Director in case you were not aware of it. There was a change in how it works. Per the change log:

- CHANGED: Setting DNS Director to "Router" will now always
redirect to the router's own IP. Previously it
would redirect to the first DNS server configured
on the DHCP page (which defaults to the router
itself).
If you need DNS Director to redirect to an IP
configured in your DHCP settings, use a Custom DNS
entry in DNS Director. This makes it more consistant
with what the name implies, and was also necessary
for improved Guest Network support.

If your Pi-Hole is at 192.168.1.78 and you would like the Global Redirection to use it, then change Global Redirection from Router to User defined DNS 1.

 

[huubhuub]

Works for me. Check your cabling.

View attachment 65824


Closed source driver, outside of my control. Blame someone at Broadcom for being stupid enough to output ANSI code to syslog...


You probably have a non-alphanumeric character in that position that breaks the HTML code of your UI.

I have checked mine and noticed (maybe) a bug.
Hardware BE88U with 3006.102.4 (and 3 Ai-mesh nodes on latest ASUS fw for when this matters).

All ethernetports are working as intended including the "colors" and the speeds BUT i have 1 graphical issue.
My internetsign (the blue logo) says that it is connected to the 10G RJ45 port but in reality it is connected to the 2.5G RJ45 port.

My NAS is connected to the 10G port (with a 10G link), my fiberoperators NTU is connected to the 2.5G WAN/LAN1 port (with a 2.5G link).
It doesnt bother me since all is working perfectly but i wanted to report it here, just noticed it when checking my portstatus.

Extra info edit :
I think that for w/e reason my settings got "bugged" and now i have played with some settings (on and off dual wan etc.) i somehow fixed it.
It is working as intended now, for who is interested :

- My WAN was set to use the 2.5G LAN1/WAN port (which it used) my primary 10G WAN port was used by my NAS.
- When i changed the WAN port to use my 10G port (and saved settings) my internet went down (obviously)
- When i then changed it back to use the 2.5G WAN/LAN1 port i got a message (before saving) that this would disable my IPTV settings (strange never had this message but ok)
- After saving above option i had no internet (since my VLAN from my ISP went disabled in the IPTV tab)
- Changed my cables (WAN 10G to NTU and LAN1 to NAS) and set WAN port to 10G (with IPTV internet VLAN) fixed everything.

Apparently you cant use another WAN port in combination with IPTV settings (or you must use the WAN 802.1Q setting).

I found mulitple posts on this forum with different "problems" that all had something similar with my setup, especially the "IPTV settings must use wan 10G or use the 802.1Q setting on WAN" when you want another WAN port helped my case.



So @RMerlin i got no problems and thank you for your hard work sofar.

​

 

[fotingo]

If your Pi-Hole is at 192.168.1.78 and you would like the Global Redirection to use it, then change Global Redirection from Router to User defined DNS 1.

I did that and my internet becomes wonky…some sites wont load…Once I put it back to global, then everything goes back to normal except openvpn

 

[bennor]

I did that and my internet becomes wonky…some sites wont load…Once I put it back to global, then everything goes back to normal except openvpn

That may indicate a problem elsewhere in your configuration. Possibly an issue with your Pi-Hole configuration depending on where the client DNS requests are coming from.

 

[fotingo]

That may indicate a problem elsewhere in your configuration. Possibly an issue with your Pi-Hole configuration depending on where the client DNS requests are coming from.

Hmm..well I rarely ever touch Pihole as it’s been working great. The only new thing that happened was me updating the router’s firmware. I guess I will try reloading Pihole from scratch again…maybe it doesn’t like something about this update.

 

[bennor]

Hmm..well I rarely ever touch Pihole as it’s been working great. The only new thing that happened was me updating the router’s firmware. I guess I will try reloading Pihole from scratch again…maybe it doesn’t like something about this update.

A Pi-Hole reload may not be needed, just a review of the Pi-Hole settings. For example if you have Pi-Hole configured to allow only local requests (allows only queries from devices that are at most one hop away (local devices)) it may not respond to respond to requests from other subnets like Guest Network Pro or VPN clients who may be using a different IP address subnet. And general note/standard reminder, it is not typically recommended to input the Pi-Hole into the WAN DNS fields by Pi-Hole themselves, doing so can potentially cause problems.