What's new

Asuswrt-Merlin 378.53 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RMerlin

Asuswrt-Merlin dev
Asuswrt-Merlin 378.53 is now available for all supported models.

As finally the flow of bug fixing has started to slow down, I was able to spend time on implementing something that's been on my ToDo list for well over a year. So while this release's changelog is much shorter than the 4-5 last ones, it still brings some significant changes.

  • Merged with Asus's 378_4980 AC3200 GPL. A few pieces were retrieved from 4850 and 5183 for the other router models.
  • Policy routing has been added to the VPN client page. This will allow you to select specific clients and/or destinations to route through the VPN tunnel. Source and destination IPs can be entire subnet, in CIDR format (i.e. 192.168.1.128/30 for IPs 128 to 131.
  • Experimental ad blocker based on Trend Micro's Web Reputation System (a component of AiProtection). This feature developed by Asus was never finished or enabled in the official firmware for various reasons. I decided to enable it in this build as an experimental feature. Note that this won't be as effective nor as flexible as dedicated solutions such as AdBlock. You cannot whitelist or blacklist any URLs, for instance. This feature is only available on the DPI-enabled models (AC56/AC68/AC87/AC3200).
  • Tor was updated to 0.2.5.12
  • A few IPv6-related fixes and tweaks: Comcast's hack changed to a new nvram setting (ipv6_ns_drop), and is now disabled by default. Set it to "1" to enable. Also, some fixes were backported from upstream dnsmasq.
  • A few other bugfixes and tweaks, see the changelog for the details.


Downloads are here.
Changelog is here.
 
Last edited:
Love these 2

ad blocker & Policy routing

Thanks :)

--------

Incoming - " I m on build 12, shall I just update or update then reset ? "

If you faced/facing any problem with any build including this one try resetting your router first. It's free for now :D
 
Last edited:
I tried the Ad Blocker a month or two ago using a self compiled firmware, I had issues with pages never finish loading. Merlin's recommendation to use an adblock extension is the best way unless for some reason you can't use such extension.
 
Hello

If using AC66U, is the Wifi driver still the same in 378.53 as it was in 376.49_5? Because I read in 378.51 Beta 1 that it was downgraded and haven't seen any update since:


378.51 Beta 1 (28-Feb-2015)

- CHANGED: Reverted RT-AC66U driver to previous version as some users
were experiencing stability issues with the 3754 version.
 
Thanks Merlin! First thing I did was turn on the ad-blocker (both switches). It's filtering some ads, but not the dreaded MacKeeper pop up (tabs, pop-behinds). That has to be the internets worst offender and Trend-Micro neglected to add it to their database. lol.

EDIT: Also wanted to report that entware and my nginx server are running fine after upgrade on the AC56U. The only issue was the services-start didn't autostart my
"/opt/etc/init.d/S80nginx start", so I added a sleep 10 before it. Right now there is a sleep 10, then rc.unslung, then another sleep 10 and nginx. I'll report back on the next reboot. The DDNS also continued to work fine after the upgrade, and port forwarding of 81 -> 80. So-far so-good.
 
Last edited:
Hi Merlin,

I upgraded this version 378.53 in my RT-AC66U, coming from 378.52_2.
I simply flashed it like any regular update, and all seems OK.

BTW, no major thing, but the showing of the DDNS-name in "Network Map" after being somewhere else in the main menu, is now working on my PC after upgrading to this version. :)
If I find anything I will let you know.

Thanks,

Satbeginner
 
Last edited:
Error in the javascript on http://192.168.1.1/AiProtection_HomeProtection.asp

Line 318: if(wan0_unpn_enable == 0 && wan1_unpn_enable == 0){
should be:
if(wan0_unpn_enable == 0 && wan1_upnp_enable == 0){

Also looks like you might want to go back and change all instances of wan0_unpn_enable to wan0_upnp_enable

Code:
function check_upnp(){
var wan0_upnp_enable = document.form.wan0_upnp_enable.value;
var wans_dualwan_orig = document.form.wans_dualwan.value;
if(wans_dualwan_orig.search(" ") == -1)
var wans_flag = 0;
else
var wans_flag = (wans_dualwan_orig.search("none") == -1) ? 1:0;
if (wans_flag == 1)
var wan1_upnp_enable = document.form.wan1_upnp_enable.value;
else
var wan1_upnp_enable = 0;
if(wan0_upnp_enable == 0 && wan1_upnp_enable == 0){
$('upnp_service').innerHTML = "Yes";
$('upnp_service').className = "status_yes";
}
else{
$('upnp_service').innerHTML = "<a href='Advanced_WAN_Content.asp' target='_blank'>No</a>";
$('upnp_service').className = "status_no";
$('upnp_service').onmouseover = function(){overHint(13);}
$('upnp_service').onmouseout = function(){nd();}
}
}

EDIT: It appears that even though I've disabled UPnP, document.form.wan1_upnp_enable.value still returns 1. 'm assuming the server call isn't returning the correct value here, but I'll do some more testing, maybe look at the source code.

EDIT2: The javascript must be set dynamically when it sees a change to UPnP toggle. When UPnP is turned on the javascript is correct.

EDIT 3: line 867-868 of Advanced_WAN_Content.asp
Code:
<input type="radio" name="wan_upnp_enable" class="input" value="1" onclick="display_upnp_range();return change_common_radio(this, 'LANHostConfig', 'wan_upnp_enable', '1')" <% nvram_match("wan_upnp_enable", "1", "checked"); %>><#checkbox_Yes#>
<input type="radio" name="wan_upnp_enable" class="input" value="0" onclick="display_upnp_range();return change_common_radio(this, 'LANHostConfig', 'wan_upnp_enable', '0')" <% nvram_match("wan_upnp_enable", "0", "checked"); %>><#checkbox_No#>
Do the nvram values set both wan0 and wan1? I couldn't find anywhere that changed the source code of the javascript, maybe I'm not looking hard enough.

EDIT 4: dsl.c seems to imply that the setting was only pushed to the wan0's nvram.
 
Last edited:
When using RT-AC68U_378.52_2 and openvpn setting is (Accept DNS Configuration : Strict/Exclusive) there is no dns leak. It always uses the dns server of the vpn provider.

Now using RT-AC68U_378.53_0 even when I set the setting Accept DNS Configuration : Strict/Exclusive there is still dns leak. So sometimes I still get block by my ISP because of this. Using ipleak.net also show that I'm still using my ISP DNS.
 
When using RT-AC68U_378.52_2 and openvpn setting is (Accept DNS Configuration : Strict/Exclusive) there is no dns leak. It always uses the dns server of the vpn provider.

Now using RT-AC68U_378.53_0 even when I set the setting Accept DNS Configuration : Strict/Exclusive there is still dns leak. So sometimes I still get block by my ISP because of this. Using ipleak.net also show that I'm still using my ISP DNS.

I cannot confirm this. I have specified custom DNS in the WAN section. I'm also using policy routing mode in the openvpn client. When DNS control is disabled my custom DNS in WAN section is used. When exclusive is chosen, my VPN DNS is used.

What settings on your router differ from mine?

edit1: I tried with redirect internet traffic set to "no" and the DNS switching also works as expected.
 
Last edited:
Error in the javascript on http://192.168.1.1/AiProtection_HomeProtection.asp

Line 318: if(wan0_unpn_enable == 0 && wan1_unpn_enable == 0){
should be:
if(wan0_unpn_enable == 0 && wan1_upnp_enable == 0){

Also looks like you might want to go back and change all instances of wan0_unpn_enable to wan0_upnp_enable

The typos are in Asus's original code, and they are consistent everywhere, so I'm not changing them. Otherwise next time Asus adds more code referring their original variables, it will stop working.
 
Merlin, can you be more specific for folks like me who are cmd line challenged with these routers? What exactly needs to be done to enable the Comcast fix?

Thanks!

Code:
nvram set ipv6_ns_drop=1
nvram commit
 
When using RT-AC68U_378.52_2 and openvpn setting is (Accept DNS Configuration : Strict/Exclusive) there is no dns leak. It always uses the dns server of the vpn provider.

Now using RT-AC68U_378.53_0 even when I set the setting Accept DNS Configuration : Strict/Exclusive there is still dns leak. So sometimes I still get block by my ISP because of this. Using ipleak.net also show that I'm still using my ISP DNS.

There's been no change to the DNS handling code.
 
I cannot confirm this. I have specified custom DNS in the WAN section. I'm also using policy routing mode in the openvpn client. When DNS control is disabled my custom DNS in WAN section is used. When exclusive is chosen, my VPN DNS is used.

What settings on your router differ from mine?

edit1: I tried with redirect internet traffic set to "no" and the DNS switching also works as expected.

I do not specify any DNS in WAN.

Did you try ipleak.net using 378.53 with DNS Strict/Exclusive?
 
The typos are in Asus's original code, and they are consistent everywhere, so I'm not changing them. Otherwise next time Asus adds more code referring their original variables, it will stop working.
Ok, it breaks the security assessment though, and wan1_upnp_enable is declared properly in the rest of the code, it's just the if statement:
T6HXKAS.png


l8pHLRO.png
 
I do not specify any DNS in WAN.

Did you try ipleak.net using 378.53 with DNS Strict/Exclusive?

yes, I tested at ipleak.net and dnsleaktest.com
perhaps you should specify something else instead of using ISP DNS. not only for the openvpn DNS switching to work properly but because ISP DNS are usually bad anyway.
 
Ok, it breaks the security assessment though, and the variables are only used in the check_upnp function:

I thought I had tried every possible scenarios without having any issue.

I might just revert it back to Asus's code and forget about trying to handle dual wan properly. That page's code is a mess as you have seen.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top