Asuswrt-Merlin 378.55 is now available

[Calisro]

Is there anything that should be done prior to installing 55 on a system that already has a /jffs/openvpn on 54_2? I used the recipe you posted once for manually moving OpenVPN keys etc. from NVRAM to JFFS (using a space in the GUI and then using custom commands to reference /jffs/openvpn files that I installed by hand). Will installing 55 copy the space characters to a /jffs/openvpn file, potentially overwriting the files I may already have?

(And thank you for all your hard work!)

I would remove the spaces from the certs. See my post above. It is what I *believe* caused me issues on the upgrades.

 

[primitivo]

There's a new way of installing the applet now, initially my icon was missing too until I followed the steps in Astrill Wiki

I know but the logo was already missing few versions before when the Asus code changed or something and Merlin said Astrill need to fix it. They fixed it but now it's gone again on 378.55. I uninstalled and reinstalled the applet but it didn't help.

 

[longdrink]

Hi,

I just moved from asus-wrt RT-AC68U_3.0.0.4_378 to RT-AC68U_378.55_0 and i'm very happy with the firmware. However the Traffic Monitor shows extremly high values in the WAN real time view. The others (WAN last 24 hours, cable realtime) are reasonable but for cable realtime the y axis scale is destroyed by WAN realtime.
I'm not using dual wan, the router is connected throug to WAN trough a cable.

Is ther anything I can do?

 

[highwire]

Hi,

I just moved from asus-wrt RT-AC68U_3.0.0.4_378 to RT-AC68U_378.55_0 and i'm very happy with the firmware. However the Traffic Monitor shows extremly high values in the WAN real time view. The others (WAN last 24 hours, cable realtime) are reasonable but for cable realtime the y axis scale is destroyed by WAN realtime.
I'm not using dual wan, the router is connected throug to WAN trough a cable.

Is ther anything I can do?

Please see posts #22 and #27 in this thread. Your aren't alone in seeing this behavior, and it has been reported to Asus, but is not yet fixed.

 

[mrdude]

Well after going back to 378.54_2 on my RT-AC87U, I've not had any wireless dropouts - I wonder what's causing this problem on 378.55? any ideas....

 

[Sptz]

Is there adaptive qos on merlin? Been pondering on taking the plunge but this feature from the latest official firmware seems to be doing its job quite well

 

[Magnus33]

Is there adaptive qos on merlin? Been pondering on taking the plunge but this feature from the latest official firmware seems to be doing its job quite well

Yup its alive and working perfectly in Merlin versions.

 

[Sanchu]

Does ac87u supports VDSL ?

 

[Misanthropic]

I flashed Merlin 378.55 over DD-Wrt and now I cannot flash back. I receive the message "firmware update unsuccessful" no matter which firmware I try (merlin,ddwrt,stock).

Rescue mode is no longer working either. Am I stuck with this firmware?

 

[RussellInCincinnati]

I flashed Merlin 378.55 over DD-Wrt and now I cannot flash back. I receive the message "firmware update unsuccessful" no matter which firmware I try (merlin,ddwrt,stock).

Rescue mode is no longer working either. Am I stuck with this firmware?

Am doubting this is a problem specific to Merlin ...55 firmware. Did you ever try flashing some earlier version of Merlin firmware back to DD-Wrt?

 

[ObliteRon]

RT-AC66R .. went from 378.54_1 to 378.55 and I am experiencing Wi-Fi issues only on the 2.4 GHz band. Devices will either be connected but not able to access the Internet, or will drop connection and not be able to connect, ensuring the WPA2-PSK password is correct.

 

[bmn1]

No, using http://username:password@hostname is retarded, and is no longer supported by various browsers. IE dropped support for these security nightmares nearly 10 years ago, for instance.

If you care so little about security that you are willing to put your router password as plain text, in plain sight in a bookmark, then might as well just use something that's simpler to type.

No longer supported? Then why the hell does Chrome, FF, and Safari still support it? I guess IE is all the sudden the TOP DOG of web browsers these days? lol

If you care so little about security that you are willing to put your router password as plain text, in plain sight in a bookmark, then might as well just use something that's simpler to type.

How the hell is it "plain sight" when my device requires a fingerprint/passcode lock to access it? If someone can get past the fingerprint/passcode lock on my phone then I got way more useful shirt on my phone than a lousy bookmark with a username and password to my router!

Besides, this is just a HOME ROUTER not a BANK ROUTER that has servers connected to it with tons of account info. I swear some people get too carried away sometimes acting like they got all kinds of top secret data to protect at home. I can tell you right now that any "sensitive" data that I have damn sure isn't on a computer that's connected to the internet!

It's not just a single page, it's the whole authentication backend that was rewritten by Asus. Basic Authentication as was previously used has been the cause of plenty of security holes, cross-site vulnerabilities and what not. Check Asus's changelogs for the past 18 months, and count how many "CSRF/XSS vulnerabilities" fixed you see in the changelog. It's not coming back (and in fact the vast majority of modern routers these days have also dumped Basic Authentication in favor of a token-based scheme). I might do some tweaks to the actual login page itself such as re-enable pasting to it (not sure why they went that far in tightening down security on that page), but since Asus is still actively making changes to that page, I want to wait for it to stabilize before I start tweaking it any further.

I probably log into my router more often than 95% of the people here, and I don't find it a problem.

I understand and it's those kinda "tweaks" that are the reason why people choose YOUR FW over the OEM ASUS firmware. As I said before I'm NOT against better security, but it's just annoying when things get removed that make it inconvenient for some people. They could improve security AND continue to make it convenient as well.

Take the door lock I have installed on the front door of my house for example. Not only does it still have a key lock but it also has a keypad making it convenient as well. It's both secure AND convenient!

 

[RMerlin]

I understand and it's those kinda "tweaks" that are the reason why people choose YOUR FW over the OEM ASUS firmware. As I said before I'm NOT against better security, but it's just annoying when things get removed that make it inconvenient for some people. They could improve security AND continue to make it convenient as well.

HTTP Basic Authentication is simply a security nightmare to deal with. Just opening a malicious website at the same time you had your router interface logged onto a separate tab could allow that malicious site to get pretty much root access to your router, amongst other things.

I see very few routers/embedded devices these days that uses Basic Authentication. Asus moving to a token-based scheme is going in the general direction taken by others vendors as well.

Basic Authentication was actually one of the things users were actively complaining about in the past, as it could keep them accidentally logged due to their browser cacheing the login credentials and automatically resubmitting them. What might make things less convenient makes it more convenient to other users.

The new authentication scheme is here to stay, sorry. The benefits far outweight the limitations (which, as far as I know, is only the inability to store login credentials inside a bookmark). The inability to copy/paste is something that can be resolved once Asus finalizes the current login page, and auto form fill applications do work.

 

[RMerlin]

Merlin, I upgraded to this firmware and had to hard reset after continuous kernel panics. I then replugged everything into my system the way it was before and when I got to adding the VPN stuff things went south again.

I'll have to see if I can actually reproduce the issue. Could be a bug in the code that checks for the presence of an existing certificate, and causes a buffer overrun. That's the only explanation I could see for a kernel panic to occur there.

The wiki article should probably simply be taken down by now, since both Asus and I are no longer storing certificates in nvram. This article will simply confuse a lot of users out there.

 

[RMerlin]

RT-AC66R .. went from 378.54_1 to 378.55 and I am experiencing Wi-Fi issues only on the 2.4 GHz band. Devices will either be connected but not able to access the Internet, or will drop connection and not be able to connect, ensuring the WPA2-PSK password is correct.

Try forgetting your wireless configuration on your client and reconnecting again.

 

[RMerlin]

Does ac87u supports VDSL ?

The RT-AC87U is a router, not a modem, so it doesn't have to support anything specific to VDSL.

 

[RMerlin]

I flashed Merlin 378.55 over DD-Wrt and now I cannot flash back. I receive the message "firmware update unsuccessful" no matter which firmware I try (merlin,ddwrt,stock).

Rescue mode is no longer working either. Am I stuck with this firmware?

Recovery mode is totally separate from the firmware since it resides in the bootloader.

Moving back and forth with DD-WRT is tricky, as special care must be taken with the nvram. Check the DD-WRT wiki for the details - I haven't flashed DD-WRT in years so I never memorized the actual procedure.

 

[hackztor]

Actually funny that you bring up door locks. The keyhole is actually the biggest security risk of the lock (bumping, picking). Some locks (Yale) do not come with the keyhole anymore. Other companies still keep it for peace of mind for the user while others get around that by putting a 9v terminal on the bottom of the lock in case the batteries die. I put superglue in my keyhole locks to help avoid bumping/picking of the lock. As for the password thing it is all about security. Yes taking things away from a user is annoying (for a short time, eventually you get used to it) but security is the big focus nowadays because of all the hacks. Now you might not have anything on your network/computers that you deem classified, but even credit card numbers or social security numbers during tax time can be enough for criminals/hackers. Or even something not dangerous such as the hacker keep rebooting your modem and making you think it is a router or internet problem. A user might write a bad review due to this when it was just lack of security that made it possible and the user might never might know what actually happened (Most users do not look at logs of routers).

No longer supported? Then why the hell does Chrome, FF, and Safari still support it? I guess IE is all the sudden the TOP DOG of web browsers these days? lol

How the hell is it "plain sight" when my device requires a fingerprint/passcode lock to access it? If someone can get past the fingerprint/passcode lock on my phone then I got way more useful shirt on my phone than a lousy bookmark with a username and password to my router!

Besides, this is just a HOME ROUTER not a BANK ROUTER that has servers connected to it with tons of account info. I swear some people get too carried away sometimes acting like they got all kinds of top secret data to protect at home. I can tell you right now that any "sensitive" data that I have damn sure isn't on a computer that's connected to the internet!




I understand and it's those kinda "tweaks" that are the reason why people choose YOUR FW over the OEM ASUS firmware. As I said before I'm NOT against better security, but it's just annoying when things get removed that make it inconvenient for some people. They could improve security AND continue to make it convenient as well.

Take the door lock I have installed on the front door of my house for example. Not only does it still have a key lock but it also has a keypad making it convenient as well. It's both secure AND convenient!

 

[eddiez]

Besides, this is just a HOME ROUTER not a BANK ROUTER that has servers connected to it with tons of account info. I swear some people get too carried away sometimes acting like they got all kinds of top secret data to protect at home. I can tell you right now that any "sensitive" data that I have damn sure isn't on a computer that's connected to the internet!

Spreak for yourself... Apparently you are completely oblivious of the options router access can offer to cyber criminals. Or even the occasional hacker.

Take the door lock I have installed on the front door of my house for example. Not only does it still have a key lock but it also has a keypad making it convenient as well. It's both secure AND convenient!

Uh... ever heard of 'the chain is as strong as the weakest link'?

 

[unknown14725]

Why do you want to access the router so much? Unless developing it should be just set & forget. Unless you fancy watching the stats continuously ... ;-)

I have a lot of guest clients on my routers, and I also have to add/allow MAC addresses on one of the systems manually to accept new clients. I'm using the admin UI at least two times every day from mobile. I'm also developing PRTG sensors and actively using one of the systems for this work, and to be honest I feel like going back to an old firmware because of all the extreme hassle the new login creates.

I also use WOL to start computers remotely.

There has to be a way to disable it and revert back to the old login type. Does anyone know a hack?