Release Asuswrt-Merlin 3006.102.4 is now available

[Pocah.H]

Hello everyone.
If I upgrade from version 3004.388.8_4 to 3006.102.4, if something goes wrong, will I be able to go back to version 3004.388.8_4 or will it be impossible?

Yes you can, I just did it. I was not happy with the new agreement. I will not upgrade again until I find out more about the agreement.

The only issue you will have is that you need to do a reset of the router. I quickly discovered that certain pages were missing and the only way to get them back was a "factory reset".

 

[Alexander Savkin]

and the only way to get them back was a "factory reset".

And then I can load the old config?

 

[Pocah.H]

Why cannot you roll back to earlier firmware, versions before Asus implemented the new EULA agreements and updates sometime last year? Does changing the nvram downgrade check pass value not work? (ETA: Assuming one has a router running firmware 3006.102_37000 or greater.)

Per the 3006 change log:

3006.102.3 (11-Jan-2025)
- NOTE: If flashing on top of Asus stock firmware 3006.102_37000
or greater, then you first need to enable downgrade
capabilities before flashing Asuswrt-Merlin on top
of it. Connect Over SSH, and run the following command:

nvram set DOWNGRADE_CHECK_PASS=1

After that, you can upload Asuswrt-Merlin through
the webui like any regular firmware upgrade.

This is only required when flashing Asuswrt-Merlin
for the first time.

It was working but I needed to perform a factory reset on the Router. Turns out that some pages were missing due to some form of configuration differences. Those pages just happened to be anything to do with Administration, which of course, was what I was trying to access.

 

[Pocah.H]

And then I can load the old config?

Yes. That's exactly what I did.
When the reset router powers up you may need to reset your PC to find it because they address may have changed with the reset. During the initial screens there is an option to load an old configuration. Takes a minute. Then you may need to reboot your PC again if the address changed. And you are back to where you started.

 

[bennor]

Hello everyone.
If I upgrade from version 3004.388.8_4 to 3006.102.4, if something goes wrong, will I be able to go back to version 3004.388.8_4 or will it be impossible?

Yes you can roll back to earlier Asus-Merlin firmware from 3006.102.4. However because of the major changes in 3006 versus 3004 firmware you should absolutely do a hard factory reset if you roll back to 3004.x firmware from the 3006 firmware. And do not import a saved router.cfg file that was exported from the 3006.x firmware into the 3004.x firmware. Doing so likely will very cause issues due to the changes found in the 3006 firmware that are not part of the 3004 firmware.

One should always consult with the change log to see if there are any special instructions. For example:

Changelog (3006) | Asuswrt-Merlin

www.asuswrt-merlin.net

3006.102.3 (11-Jan-2025)
- NOTE: The new GPL codebase changed the way wireless networks
are configured. If you ever revert to an older
firmware, you MUST do a factory default reset following
the firmware downgrade, on both the router and any
existing AiMesh nodes.

 

[bennor]

It was working but I needed to perform a factory reset on the Router. Turns out that some pages were missing due to some form of configuration differences. Those pages just happened to be anything to do with Administration, which of course, was what I was trying to access.

So you WERE able to flash a previous firmware despite saying "It also won't go back to an older release." Did you see what the 3006 Change Log indicated about rolling back to earlier firmware? Performing a factory default reset is mandatory. Its pretty obvious, performing a reset, when you think about it due to the major changes in the 3006 firmware compared to the 3004 firmware.

3006.102.3 (11-Jan-2025)
- NOTE: The new GPL codebase changed the way wireless networks
are configured. If you ever revert to an older
firmware, you MUST do a factory default reset following
the firmware downgrade, on both the router and any
existing AiMesh nodes.

 

[Natty]

Whats this new privacy agreement?
Honestly, I am a bit annoyed that the router now forces us to agree, without a warning that this has been included in the latest version of the software.

It is possble to disagree and opt out of the privacy notice in Administration -> Policy tab. Disagreeing didn't break anything for me, as far as I can tell, despite the dire warnings that it may break features (that I don't need). Since I'm relying on Asuswrt-merlin for security updates and not ASUS, "..inability to update to the latest firmware version and unable to receive the most up-to-date protection on your ASUS Router.." does not worry me.

Possibility of Government mandated forced updates (which government?) is a concern, but you get that in stock firmware in any case if you buy an ASUS router. Not sure if ASUS can override Merlin firmware with a forced update. I hope not. Does anyone know if Asuswrt-merlin is protected from government mandated updating?

 

[RMerlin]

Not sure if ASUS can override Merlin firmware with a forced update

Asuswrt-Merlin does not connect to Asus' firmware update server. And the code that actually downloads and apply a stock firmware is disabled at compile time, and replaced by my own code which connects to my server to check for any available update (by downloading a small text file containing models and their versions), with no auto-upgrade functionality.

The update connections coming from Asus will be for the ASD malware detection signatures, and the Trend Micro signatures (if you accept Trend Micro's separate EULA).

 

[Natty]

Asuswrt-Merlin does not connect to Asus' firmware update server.

Thanks. Yet another good reason to use Asuswrt-merlin

 

[Natty]

Syslog question (I shouldn't have looked but I can't unsee it now...)
around 1 in 3 reboots ends with around 20 lines of ..Serdes False Link Up with Error Symbol 0x04... messages like the first line here:

Jan  1 00:01:05 kernel: Serdes 6 False Link Up with Error Symbol 0xf4 at 3.c466h at speed 2500Mbps
Jan  1 00:01:05 kernel: ^[[0;30;103mWarning: Serdes at 6 link does not go up following external copper PHY at 17.^[[0m

Is this a concern? It still seems to work but maybe its not happy about something. 2500Mbps is the WAN speed to the cablemodem. Bad CAT6 cable? (supplied with GT-AX6000)

 

[RMerlin]

Syslog question (I shouldn't have looked but I can't unsee it now...)
around 1 in 3 reboots ends with around 20 lines of ..Serdes False Link Up with Error Symbol 0x04... messages like the first line here:

Jan  1 00:01:05 kernel: Serdes 6 False Link Up with Error Symbol 0xf4 at 3.c466h at speed 2500Mbps
Jan  1 00:01:05 kernel: ^[[0;30;103mWarning: Serdes at 6 link does not go up following external copper PHY at 17.^[[0m

Is this a concern? It still seems to work but maybe its not happy about something. 2500Mbps is the WAN speed to the cablemodem. Bad CAT6 cable? (supplied with GT-AX6000)

Serdes is the codename for a Broadcom switch product. Sounds like an issue detecting a connection on one of the Ethernet ports. If in doubt try replacing cables. I've had a number of times myself where random packet losses would happen, and replacing the cable would fix it, even tho the original cable looked fine. Happened again recently, random packet losses on the Internet until I swapped the cable between the router and the ONT.

 

[KevTech]

Honestly, I am a bit annoyed that the router now forces us to agree, without a warning that this has been included in the latest version of the software.

You can disagree and the router will still work so you are not forced to agree with anything.

 

[Pocah.H]

You can disagree and the router will still work so you are not forced to agree with anything.

Yes, but there are warnings about things being disabled if you disagree. I need to review what this means.
Also, the new security updates, it seems the Router can be updated by Asus even if you do not agree to automatic security updates.

Asuswrt-Merlin does not connect to Asus' firmware update server. And the code that actually downloads and apply a stock firmware is disabled at compile time, and replaced by my own code which connects to my server to check for any available update (by downloading a small text file containing models and their versions), with no auto-upgrade functionality.

The update connections coming from Asus will be for the ASD malware detection signatures, and the Trend Micro signatures (if you accept Trend Micro's separate EULA).

It would be really useful to get an update as to just exactly what it means when Asus say they can install security updates even if Security Updates have been disabled in the settings (in the latest firmware). Is this also invalidated by Asuswrt-Merlin ? I mean, isn't the ability to update, even if the user disables the option, in itself a serious weakness in the firmware?

 

[przemekwawa]

After checking an open sytem I suggest to check with short password. Maybe you have been using some "weired" characters in your strong password that were not supported by new Merlin WRT?
Remember: for MusicCast app to work your smartphone and receiver must be in same network.

For what it's worth, I had a similar problem where a thermostat that used to connect under 3004 could not connect under 3006, showing authentication errors when it tried to connect.

It took a lot of troubleshooting, but eventually I tried changing the password to something with just letters and numbers and it worked. Now that said, my phone was able to connect using the long password, so there is something more subtle about 3006 than just special characters in the password, but there is something different going on.

I don't like such strange problems
I will check it after short vacation, now I don't have access to it. This is a good idea, thanks.

 

[Natty]

It would be really useful to get an update as to just exactly what it means when Asus say they can install security updates even if Security Updates have been disabled in the settings (in the latest firmware). Is this also invalidated by Asuswrt-Merlin ? I mean, isn't the ability to update, even if the user disables the option, in itself a serious weakness in the firmware?

see post #389

 

[bennor]

Yes, but there are warnings about things being disabled if you disagree. I need to review what this means.
Also, the new security updates, it seems the Router can be updated by Asus even if you do not agree to automatic security updates.



It would be really useful to get an update as to just exactly what it means when Asus say they can install security updates even if Security Updates have been disabled in the settings (in the latest firmware). Is this also invalidated by Asuswrt-Merlin ? I mean, isn't the ability to update, even if the user disables the option, in itself a serious weakness in the firmware?

If you want to see an example of what each of the notices say, see my post here and here. What it boils down to is the following, or something like it, if one declines the Asus Privacy Notice:

Notice
Please be advised that disagreeing with ASUS PRIVACY NOTICE may result in the inability to update to the latest firmware version and unable to receive the most up-to-date protection on your ASUS networking products; However, to protect the security of your router and ensure the compliance with laws, for upgrades addressing important security issues or meeting legal/regulatory requirements , those upgrades will still be downloaded and installed automatically.
Declining certain information may limit the functionality of the following features that rely on that information.
Account Binding
Config transfer
DDNS
Alexa
IFTTT
Google Assistant
Remote Connection
Notification

As RMerlin indicated above, when using the Asus-Merlin firmware, Asus won't be able to auto update the router's firmware because that code is disabled or replaced in the Asus-Merlin firmware at compile time. What would can still be updated by Asus even if one disables the option is the ASD security feature. Otherwise declining the Asus Privacy Notice disables a number of features indicated above. If you attempt to enable them you typically get prompted with a notice asking you to agree to the Asus Privacy Notice. As always one can decline and "Withdraw" from the agreements on the Administration > Privacy (or Policy) GUI page.

PS: some examples attached.

 

[shauno100]

If you want to see an example of what each of the notices say, see my post here and here. What it boils down to is the following, or something like it, if one declines the Asus Privacy Notice:

Notice
Please be advised that disagreeing with ASUS PRIVACY NOTICE may result in the inability to update to the latest firmware version and unable to receive the most up-to-date protection on your ASUS networking products; However, to protect the security of your router and ensure the compliance with laws, for upgrades addressing important security issues or meeting legal/regulatory requirements , those upgrades will still be downloaded and installed automatically.
Declining certain information may limit the functionality of the following features that rely on that information.
Account Binding
Config transfer
DDNS
Alexa
IFTTT
Google Assistant
Remote Connection
Notification

As RMerlin indicated above, when using the Asus-Merlin firmware, Asus won't be able to auto update the router's firmware because that code is disabled or replaced in the Asus-Merlin firmware at compile time. What would can still be updated by Asus even if one disables the option is the ASD security feature. Otherwise declining the Asus Privacy Notice disables a number of features indicated above. If you attempt to enable them you typically get prompted with a notice asking you to agree to the Asus Privacy Notice. As always one can decline and "Withdraw" from the agreements on the Administration > Privacy (or Policy) GUI page.

PS: some examples attached.

Correct me if i'm wrong, but just for clarification Asus isn't auto updating the ASD security feature/Trend Micro signatures in the sense i think @Pocah.H is stipulating, that being Asus has access to his router. The router itself is just connecting to the Asus internet endpoints on it's own accord to update the signatures.

 

[bennor]

Correct me if i'm wrong, but just for clarification Asus isn't auto updating the ASD security feature/Trend Micro signatures in the sense i think @Pocah.H is stipulating, that being Asus has access to his router. The router itself is just connecting to the Asus internet endpoints on it's own accord to update the signatures.

Correct, that is what appears to be the case. The issue is that even when the two settings are disabled ( stock firmware update and security update), the router may still update either if Asus (somehow) decides to force the update if the information in the various notices are correct. That I suspect is what people have a problem with. The router still potentially performing update actions despite the user disabling one or both of the update settings. The question is how, when, why does Asus decide to override those disabled settings and force the update?

As we've seen in the past an ASD update has corrupted people's routers. So it does cause one to have pause when such a feature can still potentially update itself, at Asus's (or Trend Micro's) direction, even when the Security Upgrade setting is disabled.

 

[MDM]

Yes, but there are warnings about things being disabled if you disagree. I need to review what this means.
Also, the new security updates, it seems the Router can be updated by Asus even if you do not agree to automatic security updates.



It would be really useful to get an update as to just exactly what it means when Asus say they can install security updates even if Security Updates have been disabled in the settings (in the latest firmware). Is this also invalidated by Asuswrt-Merlin ? I mean, isn't the ability to update, even if the user disables the option, in itself a serious weakness in the firmware?

ASD updated the same in previous FW (as bennor said it did wonky stuff in the past), just without the notice and switch button in the GUI. Trend Micro does not work/update if turned off/not accepted.
And yes ASUS can indeed force a security (ASD) update from their side too in case of need (major serious security risk, attack - exploited flaw) no matter if enabled/accepted or not, and this is not just ASUS decision but regulatory demanded as well (US, EU...).

 

[RMerlin]

It would be really useful to get an update as to just exactly what it means when Asus say they can install security updates even if Security Updates have been disabled in the settings (in the latest firmware). Is this also invalidated by Asuswrt-Merlin ?

I don't know what "security updates" specifically means. Just like every other EULA, it's written with the vaguest and widest possible range to please the lawyers behind it. It's written by lawyers ,not by software engineers.

Everyone is ignoring the EULAs shown to them when they install Windows, Adobe Reader, etc... Why the sudden attention when that EULA is presented by the router? This has been discussed ad nauseum on these forums.