Beta Asuswrt-Merlin 3006.102.5 Beta is now available

[MarkusI]

@RMerlin just updated to beta2 and I still can ping all my internal IPs except the router itself when connected via OpenVPN and server is set to 'internet only'...

it somehow always adds

ACCEPT     all  --  anywhere             anywhere

as last line (sometimes twice)

your hint

service stop_vpnserver1
iptables -F OVPNSF
service start_vpnserver1

still works, though (until reboot)

 

[MDM]

Are you using edge?

Waterfox, but just tried Edge and it also works. The scan takes 2-3sec.

 

[MDM]

Updated from beta 1 to beta 2 on my AX-86U Pro without issue, but just noticed that if I view the client list from the Network Map, that all of my wireless clients that have static IPs are showing as DHCP connections. All of the wired clients with Static IPs are labelled correctly as "Static".

Works just fine for me but not the same case, since the label says "Manual" not "Static" for me (because I have DHCP on, and a manual DHCP reservation on the router on the LAN page, nothing on the client is configured except auto DHCP)...

 

[ducky124]

Running Beta 2 since yesterday afternoon. So far the only issue I have seen is the upload/download bandwidth gauges are not working in Adaptive QoS.

 

[MDM]

Running Beta 2 since yesterday afternoon. So far the only issue I have seen is the upload/download bandwidth gauges are not work in Adaptive QoS.

Works for me...

 

[Poul Bak]

Still experiencing issues with internet access and the display of active ports. I installed beta 2 on my BE92U and performed a "hard reset" (WPS & power). The issues that I observed were described in messages 7 & 12.

The following outlines the "Ethernet Ports" display issue. The table is the mapping seen if "plugged into" this port, it "appeared on" this port.
- Plugged into 10G appeared as if on 10G WAN/LAN-1.
- Plugged into LAN-1 appeared as if on LAN-4.
- Plugged into LAN-2 appeared as if on LAN-1.
- Plugged into LAN-3 appeared as if on LAN-2.
- Plugged into LAN-4 appeared as if on LAN-3.

I performed the following three tests:
1) Primary WAN set to "Auto Detection"
- Plugged into 10G -- internet was available.
- Internet access was not available on any other port.
2) Primary WAN set to "10G WAN/LAN-1"
- Plugged into 10G -- internet was available.
- Plugged into LAN-1 -- internet was not available.
- Internet access was not available on any other port.
3) Primary WAN set to "2.5G WAN/LAN-1"
- Plugged into LAN-2 -- internet was available.
- Internet access was not available on any other port.

I can confirm your observations on RT-BE92U! Exactly the same as beta 1.
Something has gone wrong when Asus migrated this router to the Wifi 7 branch.
Have reverted to stable release, waiting for Asus to fix this.

 

[HorseCalledHorse]

Works just fine for me but not the same case, since the label says "Manual" not "Static" for me (because I have DHCP on, and a manual DHCP reservation on the router on the LAN page, nothing on the client is configured except auto DHCP)...

Good to know. You're not running an AiMesh Node, right?

 

[MDM]

Good to know. You're not running an AiMesh Node, right?

No

 

[visortgw]

I flashed my GT-BE98 Pro from beta 1 to beta 2. Initially, I was having DNS issues, which I discovered to be a result (I believe) of the changes in DNS Director as outlined in the beta 1 to beta 2 changelog — in full disclosure, I use PiHole and unbound on my network. The simple solution was to add No Redirection exceptions for the Raspberry Pi MAC addresses within Client List settings, and I was good to go (Global Redirection is set to the PiHole for my primary network and my IoT VLAN, while it's set to Quad9 Privacy-respecting [9.9.9.11] for my guest VLAN). Everything appears to be fully operational after the config changes

Thanks again for all that you do, @RMerlin.

 

[TheOldMan]

Killed my wifi
nvm, reset brought it back.

Same issue. No wifi after beta2 update, Turned router off then on helped. RT-AX86U Pro.

 

[bluepoint]

Waterfox, but just tried Edge and it also works. The scan takes 2-3sec.

Something with my setup definitely, no big deal it'll eventually fix himself. I don't know maybe the authentication may have to do with it cause I've change 5G's to WPA3 only and left 2.4G WPA2/WPA3.

Update: Change my connection to 2.4G then tried site survey and it works!!
After that tried 5G connection then site survey also works! Cobwebs I guess?

Update2: After I log out from the router with 5G WPA3 connection, then log in again, the site survey doesn't work again. @RMerlin this is definitely a bug.

Update3: NVM after clearing browser's cache it now works.

 

[wonderiuy]

...
c45f6e8d0a webui: fix invalid dwb_mode on some models (patch from Asus)
...

Thank you, installed beta2 and I can confirm problem solved. Thank you again

 

[CaptainSTX]

3006.102.5 Beta 1 is now available for all supported models. The focus of this release is the merge of updated GPLs, and the implementation of a new System Log -> Connection interface. Asus also migrated the RT-BE92U to the same codebranch as other Wifi 7 models.

July 20th: Beta 2 is now available. Changes since beta 1:

d8fdc1840d Updated documentation
a037fbdfab webui: removed unused Email code from OVPN server page; minor cleanups
696eb4b955 webui: fix duplicate label value on OVPN server page
8e55cf4acd webui: Rework the QIS Wizard page shown if a new firmware is available
79e7d0ef48 httpd: check that we have a potential IP before calling ParseIPv4OrIPv6()
1df7906db3 Harmonize target profiles with Asus
d17547441d webui: don't link to the whole networkMap.css on Sysinfo, just include the classes we need
155ad587bf webui: workaround for Wireless settings page not scrolling to the top when applying
c45f6e8d0a webui: fix invalid dwb_mode on some models (patch from Asus)
fec8643b8c Updated documentation
94497b5595 webui: Do not enumerate SDNs that use the default LAN for DNSDirector; table layout fix
bb0b9e6867 rc: filter out any SDN that uses network 0 (LAN) instead of just back/fronthaul networks when setting up DNSDirector iptables
292ecacadc webui: properly fix Makefile recipes; remove unused dns_db.json
22b2406ba4 rc: skip fronthaul/backhaul SDNs when creating DNSDirector iptables rules
0b8cbcc23c rom: update CA bundle
aab06d3dd2 rom: update mk-ca-bundle script from Curl
b1da4aec20 networkmap: webui: update databases
709b5a783e webui: fix install recipe following last GPL merge
bcc40abf75 httpd: optimize performance for conn.active sysinfo queries
a971907427 Bump to beta 2

Changelog:

3006.102.5 (xx-xxx-2025)
  - NOTE: For developers, please note that the new default branch
          is now called "main" - it's what was previously the
          3006.102 branch.
          The "master" branch has been renamed "master-old", and
          is no longer actively used.  Due to how the 3006.102
          branch diverged, it was easier to do it this way than
          to fold back 3006.102 on top of master.

  - UPDATED: Merged GPL 3006.102_37957 for Wifi 6 devices.
  - UPDATED: Merged GPL 3006.102_38757 for WIfi 7 devices.
  - UPDATED: dropbear to 2025.88.
  - CHANGED: Reworked System Log -> Connections page.  You can
             now filter the list, local hostnames are resolved,
             automatically refresh the page, and IPv6 is supported.
  - CHANGED: Replaced netstat-nat by a fork called netstat-nat-ng.
             This fork fixes a number of issues with IPv6 and
             field size.
  - CHANGED: Updated Control-D DoT server entries (dave14305).
  - FIXED: OpenVPN server set to "Internet only" would fail to
           block LAN access (invalid firewall rule from SDN was
           bypassing it).
  - FIXED: DNSDirector "Router" mode would not always work properly
           with IPv6 (now uses REDIRECT instead of DNAT, which was
           backported from iptables 1.4.19).

Please keep discussions on this specific release. Off-topic posts will be either ignored or deleted, depending on my mood at the time.


Downloads are here.
Changelog is here.beta

Dirty upgrade from Beta 1 - Beta 2. Everything working no issues to report.

 

[bennor]

I use PiHole and unbound on my network. The simple solution was to add No Redirection exceptions for the Raspberry Pi MAC addresses within Client List settings...

Its long been a suggestion made by some of us, when using DNS Director with Pi-Hole, to have the Pi-Hole set to No Redirection in the Client List. Example DNS Director settings post from 2021 (doesn't reflect the DNS Director Global Redirection change made in 3006.102.4 beta): https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

 

[visortgw]

Its long been a suggestion made by some of us, when using DNS Director with Pi-Hole, to have the Pi-Hole set to No Redirection in the Client List. Example DNS Director settings post from 2021 (doesn't reflect the DNS Director Global Redirection change made in 3006.102.4 beta): https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

Thanks! I apparently missed that memo...

NOTE: I set Global Redirection on primary network and IoT VLAN to PiHole (as opposed to Router) in order to preserve client names or IP addresses in PiHole logs.

 

[bennor]

Thanks! I apparently missed that memo...

Example DNS Director Pi-Hole settings on 3006.102.4 (RT-AX86U Pro) attached. The IP address of a Pi-Hole device is input into the User Defined DNS 1 field along with the two Pi-Hole devices set to No Redirection under the Client List. Global Redirection is now set to User Defined DNS 1 rather than Router (as it was in prior firmware versions). The Guest Network Pro Profiles (2 of them) are configured to use User Defined DNS 1.

 

[swejuggalo]

@RMerlin just updated to beta2 and I still can ping all my internal IPs except the router itself when connected via OpenVPN and server is set to 'internet only'...

Tried to replicate this. Seems to work as intended.
Tried to ping both router and clients and nothing.

 

[RMerlin]

If you use a switch, then following a retour reboot the client list will not be able to properly report if something is on DHCP until that client actually does a DHCP lease request. Until they do, they are considered as static from the router's point of view (i.e. they are communicating using an IP address but have yet to request a DHCP lease).

This is expected, as the router has no way of knowing if that client was running on a previously obtained lease or on a static IP.

 

[RMerlin]

it somehow always adds

ACCEPT     all  --  anywhere             anywhere

as last line (sometimes twice)

You need to query the verbose output. That output is missing all the interface information.

 

[bennor]

NOTE: I set Global Redirection on primary network and IoT VLAN to PiHole (as opposed to Router) in order to preserve client names or IP addresses in PiHole logs.

My Pi-Hole's properly show the client names and IP addresses, both main LAN and Guest Network Pro profiles with the DNS Director settings indicated in my reply post above (with included image attachment). I also am using dnsmasq-x.conf.add file(s) to set manual IP reservations for my Guest Network Pro Profile clients. Also have the LAN DHCP DNS fields set to the Pi-Hole devices too.