Beta Asuswrt-Merlin 386.1 Beta is now available

[brianward317]

Try doing a factory default reset first, configure just basic Wifi, then immediately proceed to flashing the new firmware. Your router might be crashing because you have settings that try to access the broken hardware acceleration system. If it still fails, flash it while in Recovery Mode.



Renewal worked for me a few hours ago when I turned on my RT-AC5300 for the first time in 6+ months, however the router didn't use the renewed certificate. According to your log so did yours, since it mentions the next renewal date is now in two months. I haven't had time to check any further, but I expect the new certificate would get used after the next reboot.



Either paste it on the Certificates page, or just re-import the .ovpn file from NordVPN.



No, I haven't recompiled it.

No problem, makes sense. Glad you were able to figure it out on the RT-AC3100 model. I'll test it once I see it in the download section.

 

[princi]

When this happens, check if jffs is mounted. I had the jffs unmounted after jffs formatting.

Enable JFFS custom scripts and configs?

Does that need to be on before attempting a format?

My usual procedure it to enable both at the same time, and reboot.

I’ve never had to manually mount the JFFS partition before. Is this the command?

admin@RT-AC3100-2C60:/dev# mount -t jffs2 /dev/mtdblock4 /jffs

My plan is to try and re-install the applet without re-formatting the partition first. Surely that will test whether it’s mounted or not.


On a related topic: do we still need to do the format, followed by 3 reboots?

 

[LimJK]

Hi @RMerlin,
about the Let's Encrypt issue,
I already tried to reboot many times without luck.

I don't know what else to do in order to further inquire this problem.
Should you have any idea please let me know, if I can I'd be glad to help.

Last minute news:
I've found this in the log:

Dec  6 12:54:07 WMPP-RT-AC68U custom_script: Running /jffs/scripts/service-event (args: restart letsencrypt)
Dec  6 12:54:20 WMPP-RT-AC68U kernel: [Sun Dec  6 12:54:20 MEZ 2020] Domains not changed.
Dec  6 12:54:20 WMPP-RT-AC68U kernel: [Sun Dec  6 12:54:20 MEZ 2020] Skip, Next renewal time is: Thu Feb  4 11:27:23 UTC 2021
Dec  6 12:54:20 WMPP-RT-AC68U kernel: [Sun Dec  6 12:54:20 MEZ 2020] Add '--force' to force to renew.
Dec  6 12:59:59 WMPP-RT-AC68U kernel: htb: htb qdisc 11: is non-work-conserving?
Dec  6 13:00:01 WMPP-RT-AC68U rc_service: service 8833:notify_rc restart_letsencrypt
Dec  6 13:00:01 WMPP-RT-AC68U custom_script: Running /jffs/scripts/service-event (args: restart letsencrypt)
Dec  6 13:00:06 WMPP-RT-AC68U kernel: [Sun Dec  6 13:00:06 MEZ 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
Dec  6 13:00:06 WMPP-RT-AC68U kernel: [Sun Dec  6 13:00:06 MEZ 2020] Can not init api.
Dec  6 13:00:06 WMPP-RT-AC68U kernel: [Sun Dec  6 13:00:06 MEZ 2020] Domains not changed.
Dec  6 13:00:07 WMPP-RT-AC68U kernel: [Sun Dec  6 13:00:07 MEZ 2020] Skip, Next renewal time is: Thu Feb  4 11:27:23 UTC 2021
Dec  6 13:00:07 WMPP-RT-AC68U kernel: [Sun Dec  6 13:00:07 MEZ 2020] Add '--force' to force to renew.
Dec  6 13:52:54 WMPP-RT-AC68U kernel: htb: htb qdisc 10: is non-work-conserving?
Dec  6 13:59:00 WMPP-RT-AC68U rc_service: service 16825:notify_rc restart_letsencrypt
Dec  6 13:59:00 WMPP-RT-AC68U custom_script: Running /jffs/scripts/service-event (args: restart letsencrypt)
Dec  6 13:59:05 WMPP-RT-AC68U kernel: [Sun Dec  6 13:59:05 MEZ 2020] Domains not changed.
Dec  6 13:59:05 WMPP-RT-AC68U kernel: [Sun Dec  6 13:59:05 MEZ 2020] Skip, Next renewal time is: Thu Feb  4 11:27:23 UTC 2021
Dec  6 13:59:05 WMPP-RT-AC68U kernel: [Sun Dec  6 13:59:05 MEZ 2020] Add '--force' to force to renew.

Best regards

RMerlin,

I also have the same LE issue, I tried rebooting too, I found an error in the log, not sure if it is relevant.

Dec  6 20:57:30 Mastiff: Got AAE_SIG_REMOTE_CONNECTION_TURNED_ON
Dec  6 20:57:30 Mastiff: Got AAE_SIG_REMOTE_CONNECTION_TURNED_ON
Dec  6 20:57:30 rc_service: httpd 1243:notify_rc restart_ddns_le
Dec  6 20:57:30 start_ddns: update WWW.ASUS.COM update@asus.com, wan_unit 0
Dec  6 20:57:30 inadyn[3678]: In-a-dyn version 2.7 -- Dynamic DNS update client.
Dec  6 20:57:30 inadyn[3678]: Update forced for alias ***mydomain***.asuscomm.com, new IP# ***myIPaddr***
Dec  6 20:57:31 inadyn[3678]: Updating cache for ***mydomain***.asuscomm.com
Dec  6 20:57:34 kernel: [Sun Dec  6 20:57:34 GMT 2020] 
Dec  6 20:57:34 kernel: Create account key ok.
Dec  6 20:57:34 kernel: [Sun Dec  6 20:57:34 GMT 2020] 
Dec  6 20:57:34 kernel: Registering account
Dec  6 20:57:36 kernel: [Sun Dec  6 20:57:36 GMT 2020] 
Dec  6 20:57:36 kernel: Registered
Dec  6 20:57:37 kernel: [Sun Dec  6 20:57:37 GMT 2020] 
Dec  6 20:57:37 kernel: ACCOUNT_THUMBPRINT='***myAccount_Thumbprint***'
Dec  6 20:57:37 kernel: [Sun Dec  6 20:57:37 GMT 2020] 
Dec  6 20:57:37 kernel: Creating domain key
Dec  6 20:57:37 kernel: [Sun Dec  6 20:57:37 GMT 2020] 
Dec  6 20:57:37 kernel: The domain key is here: /jffs/.le/***mydomain***.asuscomm.com/***mydomain***.asuscomm.com.key
Dec  6 20:57:37 kernel: [Sun Dec  6 20:57:37 GMT 2020] 
Dec  6 20:57:37 kernel: Single domain='***mydomain***.asuscomm.com'
Dec  6 20:57:37 kernel: [Sun Dec  6 20:57:37 GMT 2020] 
Dec  6 20:57:37 kernel: Getting domain auth token for each domain
Dec  6 20:57:40 kernel: [Sun Dec  6 20:57:40 GMT 2020] 
Dec  6 20:57:40 kernel: Getting webroot for domain='***mydomain***.asuscomm.com'
Dec  6 20:57:40 kernel: [Sun Dec  6 20:57:40 GMT 2020] Adding txt value: ***myAdding_Text_value*** for domain:  _acme-challenge.***mydomain***.asuscomm.com
Dec  6 20:57:40 kernel: [Sun Dec  6 20:57:40 GMT 2020] Adding record
Dec  6 20:57:40 rc_service: service 5843:notify_rc start_ddns
Dec  6 20:57:40 kernel: Done.
Dec  6 20:57:40 start_ddns: update WWW.ASUS.COM update@asus.com, wan_unit 0
Dec  6 20:57:40 kernel: [Sun Dec  6 20:57:40 GMT 2020] Wait DDNS service ...20
Dec  6 20:57:40 inadyn[5851]: In-a-dyn version 2.7 -- Dynamic DNS update client.
Dec  6 20:57:40 inadyn[5851]: Update forced for alias ***mydomain***.asuscomm.com, new IP# ***myIPaddr***
Dec  6 20:57:41 inadyn[5851]: Updating cache for ***mydomain***.asuscomm.com
Dec  6 20:57:43 kernel: [Sun Dec  6 20:57:43 GMT 2020] The txt record is added: Success.
Dec  6 20:57:43 kernel: [Sun Dec  6 20:57:43 GMT 2020] 
Dec  6 20:57:43 kernel: Let's check each dns records now. Sleep 20 seconds first.
Dec  6 20:58:03 kernel: [Sun Dec  6 20:58:03 GMT 2020] 
Dec  6 20:58:03 kernel: Checking ***mydomain***.asuscomm.com for _acme-challenge.***mydomain***.asuscomm.com
Dec  6 20:58:04 kernel: [Sun Dec  6 20:58:04 GMT 2020] 
Dec  6 20:58:04 kernel: Domain ***mydomain***.asuscomm.com '_acme-challenge.***mydomain***.asuscomm.com' success.
Dec  6 20:58:04 kernel: [Sun Dec  6 20:58:04 GMT 2020] 
Dec  6 20:58:04 kernel: All success, let's return
Dec  6 20:58:04 kernel: [Sun Dec  6 20:58:04 GMT 2020] 
Dec  6 20:58:04 kernel: Verifying: ***mydomain***.asuscomm.com
Dec  6 20:58:08 kernel: [Sun Dec  6 20:58:08 GMT 2020] 
Dec  6 20:58:08 kernel: Success
Dec  6 20:58:09 kernel: [Sun Dec  6 20:58:09 GMT 2020] 
Dec  6 20:58:09 kernel: Removing DNS records.
Dec  6 20:58:09 kernel: [Sun Dec  6 20:58:09 GMT 2020] It seems that your api file doesn't define dns_asusapi_rm
Dec  6 20:58:09 kernel: [Sun Dec  6 20:58:09 GMT 2020] 
Dec  6 20:58:09 kernel: Verify finished, start to sign.
Dec  6 20:58:09 kernel: [Sun Dec  6 20:58:09 GMT 2020] 
Dec  6 20:58:09 kernel: Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/105306879/6595565523
Dec  6 20:58:12 kernel: [Sun Dec  6 20:58:12 GMT 2020] 
Dec  6 20:58:12 kernel: Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/0382141f08811c23a894f3b30227c477cc8d
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: Cert success.
*****************Is this error important? **********************
Dec  6 20:58:13 kernel: cat: write error: Invalid argument
*****************Is this error important? **********************
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: Your cert is in  /jffs/.le/***mydomain***.asuscomm.com/***mydomain***.asuscomm.com.cer 
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: Your cert key is in  /jffs/.le/***mydomain***.asuscomm.com/***mydomain***.asuscomm.com.key 
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: The intermediate CA cert is in  /jffs/.le/***mydomain***.asuscomm.com/ca.cer 
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: And the full chain certs is there:  /jffs/.le/***mydomain***.asuscomm.com/fullchain.cer 
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: Installing key to:/jffs/.le/***mydomain***.asuscomm.com/domain.key
Dec  6 20:58:13 kernel: [Sun Dec  6 20:58:13 GMT 2020] 
Dec  6 20:58:13 kernel: Installing full chain to:/jffs/.le/***mydomain***.asuscomm.com/fullchain.pem
Dec  6 20:58:51 kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Dec  6 20:59:00 rc_service: service 7625:notify_rc restart_letsencrypt
Dec  6 20:59:07 kernel: [Sun Dec  6 20:59:07 GMT 2020] 
Dec  6 20:59:07 kernel: Domains not changed.
Dec  6 20:59:07 kernel: [Sun Dec  6 20:59:07 GMT 2020] 
Dec  6 20:59:07 kernel: Skip, Next renewal time is: Thu Feb  4 12:58:13 UTC 2021
Dec  6 20:59:07 kernel: [Sun Dec  6 20:59:07 GMT 2020] 
Dec  6 20:59:07 kernel: Add '--force' to force to renew.
Dec  6 21:00:00 rc_service: service 8362:notify_rc restart_letsencrypt
Dec  6 21:00:08 kernel: [Sun Dec  6 21:00:08 GMT 2020] 
Dec  6 21:00:08 kernel: Domains not changed.
Dec  6 21:00:08 kernel: [Sun Dec  6 21:00:08 GMT 2020] 
Dec  6 21:00:08 kernel: Skip, Next renewal time is: Thu Feb  4 12:58:13 UTC 2021
Dec  6 21:00:08 kernel: [Sun Dec  6 21:00:08 GMT 2020] 
Dec  6 21:00:08 kernel: Add '--force' to force to renew.

Thanks

 

[Mutzli]

I seem to have a major issue with JFFS on my AX88U.

Installed 386 Beta 1 and discovered issues running the Astrill Router applet. Did a factory reset, JFFS format, and tried again.

Now, every time I try to format the JFFS partition, it kills the router - first 3 LEDs are on, Internet LED is red - no Wifi.

Hard Reset (WPS button held while applying power) and setup the router again from scratch.

But every time I select Format JFFS Partition, Apply, then reboot - it goes back to this dead state - Red Internet LED, WiFi not working.

Never had any trouble with the alphas.

You won't have to format the JFFS partition once its formated. Just do another reset if your stuck with the red led and then proceed with your router config. I had the same issue on alpha4.

 

[princi]

You won't have to format the JFFS partition once its formated. Just do another reset if your stuck with the red led and then proceed with your router config. I had the same issue on alpha4.

Thanks. I’ve reconfigured everything, and it’s all working - without doing a JFFS format.

My only concern is that if I reboot, I will lose the contents of the JFFS.

I’ve always had to format, then reboot 3 times for the JFFS to stick.

 

[bluepoint]

Enable JFFS custom scripts and configs?

Does that need to be on before attempting a format?

My usual procedure it to enable both at the same time, and reboot.

I’ve never had to manually mount the JFFS partition before. Is this the command?

admin@RT-AC3100-2C60:/dev# mount -t jffs2 /dev/mtdblock4 /jffs

My plan is to try and re-install the applet without re-formatting the partition first. Surely that will test whether it’s mounted or not.


On a related topic: do we still need to do the format, followed by 3 reboots?

What i meant is, after formatting the jffs( I do this when I'm going to restore to factory default) and reboot, the jffs gets unmounted for some reason. I'm trying to see if that's what happened to you.

 

[JWoo]

RT-AX58U crash should be fixed - the firmware was missing a userspace tool to control hardware acceleration.

RT-AX58U_386.1_beta1-ge88f0d2171_cferom_pureubi.w

W File

1drv.ms

Really awesome. Very much appreciated. Flashed it and working well.

 

[tyspeed42]

[QUOTE="RMerlin, post: 638633]

VPN issues with brand new - RT-AX86U after upgrade to 386.1 beta from stock firmware

Thanks for this. Everything works perfect except for my VPNs.

I upload the OVPNs from the providers and follow the config instructions but nothing seems to work.

I'm keep getting: Error - check configuration! on all my VPN configs (PIA and Nord VPN)

See system logs from router below

For NORD VPN
Dec 6 16:27:35 rc_service: httpd 1388:notify_rc start_vpnclient2
Dec 6 16:27:35 ovpn-client2[32267]: Options error: You must define CA file (--ca) or CA path (--capath)
Dec 6 16:27:35 ovpn-client2[32267]: Use --help for more information.
Dec 6 16:27:35 openvpn: Starting OpenVPN client 2 failed!

For PIA VPN
Dec 6 16:30:05 rc_service: httpd 1388:notify_rc start_vpnclient1
Dec 6 16:30:05 ovpn-client1[700]: DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
Dec 6 16:30:05 ovpn-client1[700]: Options error: You must define CA file (--ca) or CA path (--capath)
Dec 6 16:30:05 ovpn-client1[700]: Use --help for more information.
Dec 6 16:30:05 openvpn: Starting OpenVPN client 1 failed!

i see the "define ca file" in both error logs but the CAs were part of the ovpns, plus that part of the ui is no longer visible anymore, so i can't define the ca file even if i wanted to.
I'm kind of a newbie to this so I would appreciate help here. Thanks

I would check all your configs. I have tested Open VPN with Pia, and worked np.

 

[princi]

What i meant is, after formatting the jffs( I do this when I'm going to restore to factory default) and reboot, the jffs gets unmounted for some reason. I'm trying to see if that's what happened to you.

I don’t think it was unmounted. I was able to reinstall the applet.

But since I didn’t (and can’t) follow my usual format then reboot 3 times procedure, I just hope it sticks.

I half expect to lose it at the next reboot.

 

[DreadnoughtX7]

DreadnoughtX7 said:
i see the "define ca file" in both error logs but the CAs were part of the ovpns, plus that part of the ui is no longer visible anymore, so i can't define the ca file even if i wanted to.

Merlin said: Either paste it on the Certificates page, or just re-import the .ovpn file from NordVPN.

@merlin
I've pasted the CA into the Cert location but still doesn't work
Also reimported the file but keep getting the same error.

Steps: Import file, add username and password, apply, then paste CA details into location in picture below, save and apply.
Result: ovpn-client2[32267]: Options error: You must define CA file (--ca) or CA path (--capath)
When i go back to check the certificates page, its blank.
Do you think formatting JFFS on next reboot will help here?

 

[DreadnoughtX7]

I would check all your configs. I have tested Open VPN with Pia, and worked np.

Dunno what else to do. I'll do a hard reset and see where that gets me

 

[jerrytouille]

Does 'Learn-from-home' qos actually work in the new 386.x builds?

 

[jata]

Really awesome. Very much appreciated. Flashed it and working well.

@JWoo - great you have this fixed. Thanks @RMerlin

@JWoo can you check / confirm if runner HW acceleration is present / working on the 58U? I think you will find the command (if it exists) by running the following from cmd/shell... ls /bin

@RMerlin - I have read that the bcm675x chip in the ax-58u does not use runner. If true, does that mean runner HW acceleration should not be included in the tools GUI (see pic from 384.19)

 

[tyspeed42]

Dunno what else to do. I'll do a hard reset and see where that gets me

Try logging into pia into your account, go to the OpenVPN Configuration Generator and create one for your specific server. Try importing that into your router OpenVpn Client.

 

[coaltrans]

I have a RT-5300AC and RT-AC68U. Factory reset both from 384-19 to 386 beta 1. Removed USB and clean start on both. Several issues required me to revert back to 384-19...

1) I could not Aimesh the routers, tried 4 or 5 times - 5300AC could not find AC68U. When I revered back to 384, 5300AC found the AC68U node right away and connected no problem.
2) the Network Map "view client" list was only showing a subset of connected clients - it seemed to only show clients that had a static IP assigned; no wifi clients were listed. It would also go blank, no clients listed, for a second then populate back to the subset.
3) the port forwarding or DHCP did not seem to be working, not sure which. I could not reach some of my servers on LAN or via the Wan. I tried adding some IPs to the static IP list and I was then able to connect.
3) there were wifi drop outs on some devices, i.e. I have a bose home speaker, kept dropping wifi connection after 15 20 minutes.

Back to 284-19 which works well. I'll keep watching for the changes and the stable build.

A great fan of all the work done here, much appreciated.

Best Regards,
Peter

I have exactly the same "RT-5300AC and RT-AC68U"
1) and 2)

And same issue. COuldn't get AI MESH to work.
I had to downgrade the RT-5300 with 384-19 to make it work (while the AC68u remains with 386-1)

 

[dave14305]

@JWoo - great you have this fixed. Thanks @RMerlin

@JWoo can you check / confirm if runner HW acceleration is present / working on the 58U? I think you will find the command (if it exists) by running the following from cmd/shell... ls /bin

@RMerlin - I have read that the bcm675x chip in the ax-58u does not use runner. If true, does that mean runner HW acceleration should not be included in the tools GUI (see pic from 384.19)

View attachment 28289

There is a 58U version of the runner script in the repo. Not sure if it’s used anymore.

asuswrt-merlin.ng/release/src-rt-5.02axhnd.675x/router-sysdep.rt-ax58u/bdmf_shell/scripts/runner at master · RMerl/asuswrt-merlin.ng

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

 

[DreadnoughtX7]

T

Try logging into pia into your account, go to the OpenVPN Configuration Generator and create one for your specific server. Try importing that into your router OpenVpn Client.

Thanks Tyspeed42
I did a hard reset of the router and that fixed it

 

[RMerlin]

@RMerlin - I have read that the bcm675x chip in the ax-58u does not use runner. If true, does that mean runner HW acceleration should not be included in the tools GUI (see pic from 384.19)

Asuswrt's code is not clear on this. Asus uses the same runner nvram variable for all HND model, yet when enabling/disabling that acceleration level they use archer on the 675x and runner on the 490x.

 

[RMerlin]

There is a 58U version of the runner script in the repo. Not sure if it’s used anymore.

It's not. Asus controls both HW acceleration levels using fc on the 675x the runner script is not included in the firmware.

        if (nvram_match("runner_disable", "1"))
#if defined(RTCONFIG_HND_ROUTER_AX_675X) && !defined(RTCONFIG_HND_ROUTER_AX_6710)
                /* apply archer instead of runner */
                eval("fc", "config", "--hw-accel", "0");
#else
                eval("runner", "disable");
#endif
        else if (!bootup)
#if defined(RTCONFIG_HND_ROUTER_AX_675X) && !defined(RTCONFIG_HND_ROUTER_AX_6710)
                /* apply archer instead of runner */
                eval("fc", "config", "--hw-accel", "1");
#else
                eval("runner", "enable");
#endif

 

[Diddy]

If your router has issues with its jffs partition and reports a bad block issue, then this isn`t related to the firmware code. 386.1 might be failing simply because it NEEDS a working jffs partition to store data in it.

Would that be something that's change from 384.19?