Beta Asuswrt-Merlin 386.2 Beta is now available

[RMerlin]

I have an interesting problem with this build AX88U at 386.2_beta1
I can only add a SINGLE user to my openvpn server1...
No matter how many entries I add in user/password table, only a single one persists and is injected into the shadow file...
I tried resetting the server do default, rebooting my unit, no success.
The users table lists the system user and a single one added with password.

The bug was introduced by a security fix added in 42095. Fixed for beta 2.

 

[RMerlin]

Thank you for clarifying what setting you were referring to (manually setting DST time). I did it, but by an unknown reason, my router time started the DST schedule a couple of days ago while I have the starting date set on Last Sunday of March.

I do not know if it is related to the underscore character (as discovered by snaunton) in the time zone name I use (MET-1DST_1) making the
time_zone_x variable not having appended the content of time_zone_dstoff=M3.5.0/2,M10.5.0/3, and perhaps forcing the application of a "generic" DST start date (maybe a USA one?) because time_zone_x and /etc/TZ have no content at all about DST.

Works for me. Selecting MAdrid, Paris does properly set time_zone_x with both the timezone and the DST start/end data:

time_zone_x=MET-1DST,M3.5.0/2,M10.5.0/3

 

[stevestebo]

Asuswrt-Merlin 386.2 Beta is now available for all supported models. This release introduces support for the GT-AX11000 and the RT-AX68U, and also adds a new QoS mode based on the Cake packet scheduler.

The highlights:

• Merged with GPL 386_42095
• Added support for the RT-AX68U and GT-AX11000 (VPN Fusion and other ROG-only features not supported).
• Added Cake to the list of QoS modes. This is only available on HND models (RT-AC86U or newer), and will also disable NAT acceleration, so it can't be used if you have a fast Internet connection (300-350 Mbps is probably the max speed possible on an RT-AX88U). See below for more details.
• Updated components: OpenVPN (2.5.1), OpenSSL (1.1.1j), iproute2 (5.11.0, HND models only).
• Added jittertimer-rngd to HND models, to improve entropy for cryptographic use (SSL key generation, etc...)

Please see the Changelogs for the details.


Cake:
Cake is a queue scheduler used by Linux to manage how packets are received/sent over the Internet. More intelligent management can greatly improve the user experience by ensuring that a large data stream (like a large download) will not impact smaller streams that are more timing-sensitive, like VoIP.

See https://www.bufferbloat.net/projects/codel/wiki/Cake/ for more info on Cake.

Cake is only available for kernels 4.1.xx, so that means the RT-AC86U and newer models, who are based on Broadcom's HND platform. It is also not compatible with NAT acceleration, just like Traditionnal QoS, so that means it cannot be used on Internet connections faster than around 300-350 Mbps (that limit may vary based on the router model and the amount of traffic).

The current implementation uses a diffserv3 queuing scheme for uploads (meaning that services like VoIP can get higher priority), and a single besteffort queue for download (as priority mapping of traffic coming from the Internet cannot be relied upon). On startup, Cake QoS will create two files:

/etc/cake-qos.conf, which contains the variables with parameters
/tmp/qos, which is the script that sets/removes the tc rules, based on the parameters retrieved from cake-qos.conf

cake-qos.conf can be overridden through the use of a /jffs/configs/cake-qos.conf.add file, which will be appended at the end of it. If you define any variable in the .add file, these will replace the values already defined in the router-generated cake-qos.conf.

You can also use the qos-start script that gets run before the /tmp/qos script to completely replace /tmp/qos with your own script, for more advanced customization of your Cake setup.

Make sure you configure the correct overhead when enabling Cake QoS, by selecting a preset from the list (by click on the red arrow). Selecting a preset will automatically configure the appropriate overhead, PMU and mode. If unsure, then select the Conservative option as a general safe value.

For upload/download, I recommend setting these to roughly 95% of your maximum speed. Setting it to "Automatic" will configure Cake for "unlimited bandwidth", which is generally not optimal.

A few additional notes for developers:

• The rc_support feature list will contain "cake" on models that supports it.
• The new iproute2 available on these same models now also supports outputting info in json format. Try "tc -s -json qdisc show dev eth0" for example.
• dual-dsthost/dual-srchost was used instead of the default triple-isolate, as this should in theory provide better traffic management when multiple hosts are using the Internet at once
• Various tc options were added to iproute2, like "ipset", "ematch" and "skbedit" support, allowing for more advanced tc filter rules to be defined.
• Cake QoS has a qos_type of 9 (so not to create conflicts if in the future Asus were to implement a new QoS mode and used qos_type 4, the first available number). Make sure to check for it when creating a qos-start script.

Things in need of testing:

• Cake in general. When testing, don't just rely on bufferbloat scores from DSLReports, but also test performance for example while doing a large file transfert or running a torrent at the same time you are trying to either ping a remote server or doing general web browsing
• If you are skilled enough at it, experiment Cake with different queue priorities, like besteffort on both ingress/egress, triple-isolate, etc...
• When reporting feedback, make sure you mention the following: Router model, connection speed, the type of connection (cable, VDSL2, etc...).

Please review the changelog for the complete list of changes as well as important upgrade informations.

Also, please limit discussions in this thread to this specific release. General support questions should be posted in a separate thread.


Downloads are here.
Changelog is here.

I tried it and it seems like it will not resolve DNS with a love DNS server. The last released firmware works as attended but the new alpha and beta I have problems with dns resolving.

RT-AC5300

 

[RMerlin]

I don't know if this information will help you to improve Cake.

In my implementation I already use two separate instances: one for uploads (on the WAN interface), and one for downloads (an ifb copy of the WAN interface). I'm unsure if using the LAN interface (which in Asuswrt is a bridge) would work properly. It would at least create issues with network setups that use multiple bridges.

Users can test on their own setup by customizing /etc/cake-qos.conf, and changing the DLIF to use $(nvram_get("lan_ifname") instead of "eth0".

 

[RMerlin]

I tried it and it seems like it will not resolve DNS with a love DNS server. The last released firmware works as attended but the new alpha and beta I have problems with dns resolving.

RT-AC5300

Try again with Beta 2 once it's available, I have reverted a change Asus had done in 42095 where they were establishing static routes for WAN DNS servers.

 

[Don->]

I should also mention my Synology NAS is used for both DHCP and DNS on my LAN, i have disabled DHCP server on router. Guessing i have a very unique use-case that's unfortunately affected by Asus changes. May need to adjust my setup, i have not used DNSFilter to be honest.

You are not alone. I have a local DNS server that I use (adguardHome) However I configure it slightly differently. I encrypt DNS over LTS to 192.168.2.5:853 Then the Adguard used DNS over QUIC to my external DNS provider. Has worked flawlessly. It also is my DHCP server.

 

[JIPG]

@RMerlin Did not understand.
How to set the time manually?

I'm getting the same issue, in UK.
Time is off by an hour; setting to GMT fixes it for now, but come last weekend of March and the time will be off by an hour again.

He means DST start and finish dates/hours. You can change them manually and not relay in the "automatic" ones, supposedly associated to each time zone.

Are you in the last 386.2 beta?. I think that it includes a change proposed by snaunton, where a problem with some nvram variables is solved. The DST dates (manually or automatically established) are correctly stored in these variables, and then, DST is correctly applied. With previous versions the DST data was not in the NVRAM variables for some Time zones (the ones with problems, even having the same GMT offset than others, have an underscore in the internal name, e.g. London is GMT0DST_1 (No OK), while GMT is GMT0 (OK), Madrid is MET-1DST_1 (No OK), while Amsterdam is MEZ-1DST (OK).

What it is strange for me is that three days ago, the DST was started (for the ones not having last beta?), although I (we?) have it manually defined in the GUI. Probably, as it is not adequately loaded in the NVRAM variables, a "generic DST start time was used (I guess, as I have no other explanation).

 

[JIPG]

Regarding DST, why aren’t there people jumping up and down in the Asus (stock) forum? This was a problem Asus introduced in an earlier 386 GPL, no? Why are only Merlin users seemingly affected (or vocal)?

Edit: it may not have been a widely released GPL firmware (40996 or greater).

Some of us have never used the stock firmware (well, only during a few minutes until I loaded Merlin´s one ), and this problem seems to be solved in Merlin 386.2 beta per Merlin answer.

By the way, I have to say thank you to Merlin and all posters who helped with their answers. I have learned a lot about how TZ and DST are encoded in ASUS code, and this has helped me to look for a workaround until 386.2 final is released (I cannot test all alpha and beta releases as my family relay in the router to work and study remotely).

 

[askan7]

@RMerlin
I've been doing some tests with Cake while having apex legends open, and it turns out Cake does indeed screw with ping packets.

I used Wireshark and the game sends frame rate=packets per second to the server up to 60fps. At 144fps it sends around 72 packets, each between 100 and 200 bytes in size, 200fps, 100 packets per second and soo on. Since my screen is only 144hz, i play on a fixed 144fps.
The server sends a fixed 20 packets per second and it doesn't get affected by frame rate. These are all UDP.


The time between me sending a packet and the server responding is VERY consistent and doesn't correlate to the ping spikes i get while running pingplotter or other ping tools, I even tried pinging with tcp instead of icmp and even with tcp it shows those spikes.

I also felt my gaming experience was much better with cake, soo those spikes didn't make that much sense, and now i know why.

Out of curiosity the meter.net/ping-test uses tcp and around 14 packets per second, and i can also see the high ping variation between the packets using wireshark.

 

[askan7]

Also tested pubg.

From server i get fixed 60 packets per second, from 100 to 300bytes in size each.
And to server also depends on the frame rate of the game, it's frame rate= packet rate up to 152fps. Max is 152 packets per second even with game client frame rate at 200-300, each with 20-50 bytes in size.
Soo much better than apex servers.

 

[deeker1]

Testing 386.2_beta1 for about 4-5 days now on an RT-AX88U. Cable Internet. Raw speed tests at 430/16.5 consistently.

Using cake for Qos with settings at 95% of the above - works great.

Changed to the below - still works great. HAve run large downloads and speedtests while on VOIP calls and Skype/MSFT Teams calls. no lag or degradation of signal is apparent.

 

[New2This]

What’s the MPU setting for ?

 

[Jeffrey Young]

What’s the MPU setting for ?

From http://manpages.ubuntu.com/manpages/focal/man8/tc-cake.8.html

mpu BYTES
            Rounds  each  packet (including overhead) up to a minimum length BYTES. BYTES may not
       be negative; values between 0 and 256 (inclusive) are accepted.

This link may also be useful;

Cake Built-in Setup, Overhead MPU speed limits

Hi, I'm so glad merlin has cake Built-in in latest alpha build and it's awesome for HND users, it's a one time setup and magic done thingy, Thanks to @RMerlin I've FTTH(fiber to home) GPON Connection and fiber going direct to ISP modem and ISP modem is obviously in bridge mode and PPPOE...

www.snbforums.com

 

[maxbraketorque]

@RMerlin, would it be possible to add a Web UI element to enable/disable EEE and CPU wait?

 

[ahyrych]

sorry, but why, what's the point

 

[RMerlin]

@RMerlin, would it be possible to add a Web UI element to enable/disable EEE and CPU wait?

No.

 

[Makaveli]

No.

Agreed Asus engineer's know what is best for their hardware, and advanced users can run the command from an SSH prompt. Putting it the UI is just going to have novice users messing with it when they shouldn't. And will just cause more support issues.

 

[Catalinus]

I had similar issue with several remote clients connecting simultaneously to OpenVPN Server with UDP 1194: what worked for me was to add an extra line to the OpenVPN Server custom configuration (link):

username-as-common-name

Hit Apply, and export the new .ovpn configuration and use in the clients. Maybe this will work for you?

YES, thank you, that was it - it was actually hinted in the log that the issue was that it was considering those as the same client but the first time when I tried I was too much in a hurry

As a somehow related question - how is OpenVPN speed now? To me it looks like the CPU load never gets to the equivalent of 100% on one core as before but the speed also seems to be slower.

 

[maxbraketorque]

Agreed Asus engineer's know what is best for their hardware, and advanced users can run the command from an SSH prompt. Putting it the UI is just going to have novice users messing with it when they shouldn't. And will just cause more support issues.

Both of your reasons don't make immediate sense to me. On your first reason, If I understand correctly, Merlin enabled CPU wait for 384.1, but it was disabled in the GPL. Another good example is that pretty much everyone on this forum would agree that its better to disable Universal Beam Forming, and yet it comes enabled stock. On your second reason, I'd say that there are plenty of settings in the stock UI can put the router in a poor running state.

 

[bradbort]

I've been running the beta on AX88U since it was posted, with about 25 clients using AC AX and 2.4. I'm not running Mesh. Everything has been nicely uneventful and boring. Thanks!