Release Asuswrt-Merlin 386.1 is now available

[skeal]

Release after release, your router always seem to constantly get weird issues that no one else has. I have to wonder what you are running or configuring on your router to get all of these weird issues, assuming it's not a defective router...

Sure would like to know what is going on. I don't have a crazy configuration, it's all GUI stuff like DoT and DNSFilter I have about 20 static addresses. I have a VPN client and Server.I don't enter any custom commands by ssh like some do. So what part of factory resetting three times wouldn't correct this issue? Why, when I reset to defaults enter enough information to get online, do I see the same issues, with nothing configured other that the network connection and wireless. The usual quick internet setup. This still happens. How would this be a device issue, what would be the problem? My router has to have a lan mac, why is the firmware in some places just not reporting it? My router works well, I'm just pointing out what I experience as I upgrade firmware. For scripts I use skynet, diversion, and scribe, I backup my devices using screen shots. Compared to some on this forum @RMerlin my setup is quite vanilla. Thanks for your hard work, just looking for some help with real problems.

 

[Matthew Patrick]

Did you disable aiprotection? When mine was on it crashes quite often, been off for at least over a year now. My next is to try parental scheduling and see I it works properly.

(AC86U)Can confirm . Used to get constant reboots every few days on 384.19 . Seems like it's trend micro. After monthsss of headaches and RMA ing my unit, i tried withdrawing the thing and it stopped rebooting. Enabled all of em and it lasts 14 days and then it rebooted they prob changed something that stopped my constant rebooting.. I disabled aiprotection and it seems to be fine now. Time will tell tho

 

[nickie]

(AC86U)Can confirm . Used to get constant reboots every few days on 384.19 . Seems like it's trend micro. After monthsss of headaches and RMA ing my unit, i tried withdrawing the thing and it stopped rebooting. Enabled all of em and it lasts 14 days and then it rebooted they prob changed something that stopped my constant rebooting.. I disabled aiprotection and it seems to be fine now. Time will tell tho

my AC86U is on the original Asus firmware (386_41634; I bought just a month ago and still trying to have a feel if I need the Merlin version on it), with AiProtection on since the beginning, and haven't had a reboot. It has an uptime of 18 days (I restarted it when changing the modem). The only thing weird is RAM usage which currently has 93MB free and it started with 140 or so.

 

[jsbeddow]

So called "low" RAM is very, very rarely a problem on these routers and can generally be ignored quite safely.
See the website:

Help! Linux ate my RAM!

www.linuxatemyram.com

 

[QMax]

Finally I was able to update from 384.19 to 386.1 after a complete reset, on an RT-AC66U B1.
After about 20 mins the UI worked fine, so I spent some time to see what's changed.

Then I tried connecting to my VPN server running on router.

There are some warning never seen before, but connection to VPN server is fine.

2021-02-05 19:43:22 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-02-05 19:43:22 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-02-05 19:43:22 Windows version 10.0 (Windows 10 or greater) 64bit
2021-02-05 19:43:22 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Enter Management Password:
2021-02-05 19:43:25 ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!
2021-02-05 19:43:25 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:9999
2021-02-05 19:43:25 UDP link local: (not bound)
2021-02-05 19:43:25 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:9999
2021-02-05 19:43:25 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-02-05 19:43:26 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1537', remote='link-mtu 1521'
2021-02-05 19:43:26 [RT-AC68U] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:9999
2021-02-05 19:43:26 open_tun
2021-02-05 19:43:26 tap-windows6 device [Connessione alla rete locale (LAN)] opened
2021-02-05 19:43:26 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2021-02-05 19:43:26 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {5567ACE7-D52C-4F8A-B5B2-DFC040B207A7} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2021-02-05 19:43:26 Successful ARP Flush on interface [9] {5567ACE7-D52C-4F8A-B5B2-DFC040B207A7}
2021-02-05 19:43:26 IPv4 MTU set to 1500 on interface 9 using service
2021-02-05 19:43:31 Initialization Sequence Completed

This is the old client1.ovpn file generated by 384.19:

client
dev tun
proto udp
remote myddnshostname 9999
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
auth none
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
LINES REMOVED
-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

Then I decided to generate a new client.ovpn with updated firmware release.
Edited the remote address and replaced conf file in Windows 10 OpenVPN client:

# Config generated by Asuswrt-Merlin 386.1, requires OpenVPN 2.4.0 or newer.

client
dev tun
proto udp
remote myddnshostname 9999
resolv-retry infinite
nobind
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
auth none
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
LINES REMOVED
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
LINES REMOVED
-----END PRIVATE KEY-----

</key>

With this configuration file I'm not able to connect to VPN server, this is Windows OpenVPN client log:

2021-02-05 20:19:47 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-02-05 20:19:47 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-02-05 20:19:47 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-02-05 20:19:47 Windows version 10.0 (Windows 10 or greater) 64bit
2021-02-05 20:19:47 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Enter Management Password:
2021-02-05 20:19:50 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.2:9999
2021-02-05 20:19:50 UDP link local: (not bound)
2021-02-05 20:19:50 UDP link remote: [AF_INET]192.168.0.2:9999
2021-02-05 20:20:50 [UNDEF] Inactivity timeout (--ping-restart), restarting
2021-02-05 20:20:50 SIGUSR1[soft,ping-restart] received, process restarting
2021-02-05 20:20:55 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.2:9999
2021-02-05 20:20:55 UDP link local: (not bound)
2021-02-05 20:20:55 UDP link remote: [AF_INET]192.168.0.2:9999
2021-02-05 20:21:46 SIGTERM[hard,] received, process exiting

And a spinning wheel appear on router VPN server page, near the export CFG file, that will spin until I reboot the router:

As I can see the only missing cfg line in the new client1 is cipher AES-128-CBC, but adding this line to the newly generated conf file doesn't help.

Am I the only one?

My actual workaround is to restart router to stop the spinning wheel and use the old client1.ovpn file from 384.19.


Thanks to Merlin for the great job and to all users who can help me to fix this small problem.

Max


EDIT: Post modified, my apologies for posting an invented domain resulting in a live domain.
I'm sorry.

 

[Martineau]

DONT POST YOUR REAL CONNECTION DETAILS.

I suggest you immediately change the OpenVPN port remote ????????? 99999 and preferably your DDNS name.

 

[Matthew Patrick]

my AC86U is on the original Asus firmware (386_41634; I bought just a month ago and still trying to have a feel if I need the Merlin version on it), with AiProtection on since the beginning, and haven't had a reboot. It has an uptime of 18 days (I restarted it when changing the modem). The only thing weird is RAM usage which currently has 93MB free and it started with 140 or so.

Yeah it's trend micro with my clients probably. Since a new RMA unit ( new 2020 unit ) is doing the same thing. Until it finally stopped and rebooted on week 2. Disabled aiprotection and seems to be fine. But I rebooted so idk , need to wait 2 more weeks to see if it reboots or not

 

[QMax]

@Martineau​

Thanks, but are both fake.

 

[NeoXx]

I tried upgrading on AX88U and it almost bricked the device. First it said 'success' and asked me to manually reboot the router which I did, and then when it booted up I could see white LED's on WiFi bands, but a red one on WAN. Also WiFi did not work at all, no device could see any band emitting from the router. After connecting the router to the laptop via ethernet, I could see that the router does not have a default gateway.

I then used the ASUS rescue tool and tried flashing the new 386.1 firmware again. It flashed but the router again didn't work (I re-downloaded the firmware just in case the first download was corrupt). I then used the rescue tool again but to flash the previous version 349_10 which flashed successfully and the router is working now well (it even remember all my settings!).

I am not sure if this is something with my router specifically, however I thought it was worth reporting it.

 

[HellDiver]

Just calling in to report no problems doing a dirty flash of Merlin 386.1 ontop of Asus 9.0.0 beta on my 2xAX56U AiMesh setup. Will be doing the 3xAX56U AiMesh at MIL's tomorrow.

Seems to have cured the random reboots of the Asus beta firmware.

 

[bradbort]

I tried upgrading on AX88U and it almost bricked the device. First it said 'success' and asked me to manually reboot the router which I did, and then when it booted up I could see white LED's on WiFi bands, but a red one on WAN. Also WiFi did not work at all, no device could see any band emitting from the router. After connecting the router to the laptop via ethernet, I could see that the router does not have a default gateway.

I then used the ASUS rescue tool and tried flashing the new 386.1 firmware again. It flashed but the router again didn't work (I re-downloaded the firmware just in case the first download was corrupt). I then used the rescue tool again but to flash the previous version 349_10 which flashed successfully and the router is working now well (it even remember all my settings!).

I am not sure if this is something with my router specifically, however I thought it was worth reporting it.

I upgraded my AX88U with no issues.

 

[L&LD]

349_10?

 

[Morac]

I would leave Enable IGMP Snooping enabled as it optimizes wireless multicast traffic. I would also try forgetting the network connection on each Apple device and recreate a new one since the router was reset.

Have you tried using a wireless survey program to see what channels are being used around you and so you can pick the least congested or the one that gives you the best experience on the network? WiFi Explorer Lite is a good one to use on Apple devices.

Something odd happened, since I decided to switch it back to channel 44 since the noise level on that channel is lower than 157 (which auto picked) and the RSSI of all my devices is higher on 44 as well. Pings stabilized on my iPad. Pings still dropped on my iPhone 12 Pro Max, but according to the router that iPhone was in "powersave mode" which doesn't make a lot of sense since the battery was at 95% and the screen was on. Once I got the phone's WiFi out of powersave mode, the pings stabilized for it as well.

Very odd.

I hope the factory reset fixes the lockups since that's what I'm trying to solve at this point. I'll find out in about 2 days as since upgrading to 386.1, my router has locked up around every 2.5 days.

 

[telUK]

Yeah it's just like when you do a clean install. Just install the 384.19, after it rebooted. Make sure it is now 384.19 if it is. I recommend to just go straight to wps reset. Since it apparently wipes the jffs too ... I do not reset since i already have a working 384.19 backup before going to 386 . So I just went to 384.19 and then restored both jffs and the backed up configuration..

The only thing I hate about 384.19 atleast in my AC86U is that it seems like there's a memory leak. Seems like it's from trend micro stuff but idk. I can see it go up in ram usage per hour and yeah I can see it pushing to swap usage after a day or two. And I don't use much addons. It's fixed on 386 though since I've run it for 2 days and the ram usage is consistent there. But yeah let me know if you experienced 2.4ghz problems as well. So far 4 and a half hour on 384.19 and 2.4ghz is still going strong. Will check it regularly to see if it happens here or not. I'd assume not

Cheers, yeah will let you know how it is.

 

[Morac]

Do a hard reset and configure it all over again. I've been running 386.1 on my AC88U and didn't face any issue like that since this build has been released.
Also check the syslog if after hard reset issue continues to find what could be causing it.

There was nothing in the logs and since I can't ssh in or connect I can't tell why it's locked up.

Did a rest last night. I'm hoping that fixes it since it's been locking up every 2.5 days (plus or minus a few hours).

 

[Morac]

wl -i eth2 chanspec_txpwr_max


wl -i eth2 country

The first command gave me no output whatsoever.

The second one gave me "US (Q2/992) UNITED STATES".

 

[RMerlin]

just looking for some help with real problems.

I would start by testing things without using any scripts. Some of these can be quite taxing on router resources, particularly memory usage.

Also see if issues could be caused by a specific client. I have seen cases in the past where one single client could be causing issues to the whole network.

Another thing to consider is the power. I remember at least one user in the past who resolved general router instability just by replacing his power bar - it might have had an issue causing a lot of unfiltered noise or power fluctuation, causing connected devices to have an unreliable power supply.

 

[Maverickcdn]

Another thing to consider is the power. I remember at least one user in the past who resolved general router instability just by replacing his power bar - it might have had an issue causing a lot of unfiltered noise or power fluctuation, causing connected devices to have an unreliable power supply.

Second that, while not as common as out right failure, most of the dead/flaky devices (Including old WRT54G routers) I've dealt with over the years was the wallwart power supply. Sometimes they can supply dirty/insufficient power allowing devices to boot but not function at full performance. Cheap power strips they're plugged into can cause the same.

 

[Deleted member 22229]

Question about DNS/TLS. On the wan page do i select connect to DNS server automatically do i leave this at default or select no ? I have DNS/TLS selected and picked Google for both v4 and v6.

 

[dave14305]

Question about DNS/TLS. On the wan page do i select connect to DNS server automatically do i leave this at default or select no ? I have DNS/TLS selected and picked Google for both v4 and v6.

Your preference. The WAN DNS servers will be used until Stubby starts up, and the router will continue to use these servers when it resolves names for itself. Clients will get forwarded through dnsmasq and Stubby.