Release Asuswrt-Merlin 386.3 is now available

[QuikSilver]

Not quite - not getting prompted to re-join, they're just having issues staying connected. Which is odd as there should be no wireless difference in any of these releases.

Similar as to how my laptop was acting. It would join but connection would go up and down. I know there is no wireless differences which lead me to believe the issue may be the radio on the AC86u unit. Purchased AX86 unit and so far so good.

 

[lemmymania]

How I can get follow setup:
Specific hardware use VPN1
Another hardware use VPN 2
All other connected hardware should use VPN3


if I set Redirect Internet traffic through tunnel to Yes(All) then also defined hardware which should use VPN1&VPN2 is using VPN3.
But if I set VPN3 to strict then I have to enter first the IP address from the hardware.

What I have to do to to get the right result ?

 

[jsbeddow]

Similar as to how my laptop was acting. It would join but connection would go up and down. I know there is no wireless differences which lead me to believe the issue may be the radio on the AC86u unit. Purchased AX86 unit and so far so good.

Out of curiosity, did that laptop lose the entire radio connection, or did it report "connected, no internet"? I am occasionally seeing the latter on a brand new HP laptop with an AX capable wireless card (set to "Auto" on connection type, 5Ghz band only, and my router is an Rt-AC86U, so AC only). I can disable/re-enable that laptop connection and it will function again, but not sure of the root cause.

 

[Stevens243]

Dirty upgrade from 386.2_6. No issues to report from the upgrade. Thanks Merlin and the test folks!

 

[SwampKracker]

Well, let's see if every other AC3100 user experiences the same intractable problems you're experiencing. Then we'll have a better idea if the firmware is problematic on those devices, or just on your specific setup.

Just upgraded to 386.3 without issues. Everything is working as expected.

 

[RMerlin]

Hello Merlin. I wanted to report a minor issue with version 386.3 on AC88U. On the main page, I receive this in the browsers console log:

jquery.js:5 Mixed Content: The page at 'https://**********/index.asp' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://nw-dlcdnet.asus.com/plugin/js/extend_custom_icon.json'. This request has been blocked; the content must be served over HTTPS.

Just so you know. Keep up the great work

Known issue. For a long time Asus's servers had an invalid SSL certificate, so when they started adding these server-side stored files, they used http instead of https. They seem to have recently fixed the SSL certificate, but I don't want to rush in changing it in case the "fix" may be only temporary. I will most likely wait for them to officially switch to https with the GPL release.

 

[Brenneke]

I currenty have 3 active VPN clients set up and YazFi in use - is there anything I need to do / save before upgrading?

Will YazFi still be required with VPN Director?

I have never had a bad experience yet with Merlin FW but my knowledge on policy based routing etc. is very poor, am a bit reluctant witht this upgrade!

 

[octopus]

How I can get follow setup:
Specific hardware use VPN1
Another hardware use VPN 2
All other connected hardware should use VPN3


if I set Redirect Internet traffic through tunnel to Yes(All) then also defined hardware which should use VPN1&VPN2 is using VPN3.
But if I set VPN3 to strict then I have to enter first the IP address from the hardware.

What I have to do to to get the right result ?

Use VPN Director and your devices ip-number and DNS to Exclusive.

 

[John Adler]

dirty flash on beta
working fine !
thks Merlin !

 

[L&LD]

Almost 20 hours or so after flashing RMerlin 386.3_0 final on 2x RT-AX86U's in wired (2.5GbE) backhaul mode.

Method:

• Download and verify the file using HashTab.
• Flash the AiMesh Node. Wait for it to be fully 'up'.
• Flash the main router:
  • First, safely remove all USB drives/devices via the GUI.
  • Then, Flash the router.
  • If the above doesn't work, physically remove the USB devices after safely removing them, reboot the router, then flash.
• After the network has been up for at least 15 minutes after the final router has been flashed, perform a System Reboot via the AiMesh, System Settings, System Reboot via the GUI.

The results below speak for themselves. This is on an AC-powered laptop with an Intel AX210 (Wi-Fi 6E) adaptor from about 30' and a floor level away from the wired (2.5GbE backhaul) AiMesh node. Not too bad for an i7-5500 (yes, grossly underpowered ultrabook) laptop from 2015.

Note also that I am also currently running 2x QNAP QSW-1105-5T 5-Port Unmanaged 2.5GbE Switch between the two routers and all wired devices/computers.

My ISP connection is 1Gbps up/down symmetrical Fibre.

Thank you RMerlin for another great release.

 

[QuikSilver]

Out of curiosity, did that laptop lose the entire radio connection, or did it report "connected, no internet"? I am occasionally seeing the latter on a brand new HP laptop with an AX capable wireless card (set to "Auto" on connection type, 5Ghz band only, and my router is an Rt-AC86U, so AC only). I can disable/re-enable that laptop connection and it will function again, but not sure of the root cause.

Would lose entire connection while I was surfing internet and then reconnect itself.

 

[Unetwork]

Hello, regarding the new VPN Director feature, is my rule correct to redirect all flows from my LAN to the VPN ? (I want to avoid all leaks) I also configured the exclusive DNS.
I am not an expert, thanks for your help.

 

[Lynx]

Upgraded and so far so good. VPN Director is the new Lynx effect - classifying oneself as such is a great hit with the ladies.

Regarding the post above, whilst that rule looks like it should include the router, the router itself is always taken out. I have never understood that properly, but I think if you want to route everything over VPN the way to do it is 'Force Internet traffic through VPN: Yes'. RMerlin can hopefully explain the logic behind router being excluded when using PBR better. And yes, I think this does mean greater potential for leaks originating from router. Not sure how to address that properly since 'Force Internet traffic through VPN: Yes' breaks spdMerlin. I found I could manually add the DNS server IP addresses as destinations and at least then the DNS lookups go through VPN. But there could be other traffic getting through? Or perhaps DNS pretty much covers it?

I think the above consideration is not properly understood by many users and could do with some explanation and perhaps even elaboration for the WIKI. I mean that rule really looks like it should include the router. What gives? And is putting DNS as destinations desirable? DNS over TLS is an option, but that doesn't work with DNSFilter. And DNSFilter is hugely useful (at least for me).

 

[Unetwork]

Upgraded and so far so good. VPN Director is the new Lynx effect - classifying oneself as such is a great hit with the ladies.

Regarding the post above, whilst that rule looks like it should include the router, the router itself is always taken out. I have never understood that properly, but I think if you want to route everything over VPN the way to do it is 'Force Internet traffic through VPN: Yes'. RMerlin can hopefully explain the logic behind router being excluded when using PBR better. And yes, I think this does mean greater potential for leaks originating from router. Not sure how to address that properly since 'Force Internet traffic through VPN: Yes' breaks spdMerlin. I found I could manually add the DNS server IP addresses as destinations and at least then the DNS lookups go through VPN. But there could be other traffic getting through? Or perhaps DNS pretty much covers it?

I think the above consideration is not properly understood by many users and could do with some explanation and perhaps even elaboration for WIKI. I mean that rule really looks like it should include the router. What gives? And is putting DNS as destinations desirable?

Thank you for taking the time to answer. So to avoid any leakage, I should configure like this ?

I also delete my VPN Director rule which is not used anymore ?

 

[Lynx]

Yes, but this means EVERYTHING including router goes through VPN. This may be fine for your but it breaks spdMerlin.

If you want to be paranoid you can install over Entware 'tcpdump' and then issue a 'tcpdump -vnpi eth0' or 'tcpdump -vnpi tun11' and see what is going over the interface(s). And you can also look at the routing. But others can advise on that better than me.

 

[Unetwork]

Yes, but this means EVERYTHING including router goes through VPN. This may be fine for your but it breaks spdMerlin.

If you want to be paranoid you can install over Entware 'tcpdump' and then issue a 'tcpdump -vnpi eth0' or 'tcpdump -vnpi tun11' and see what is going over the interface(s). And you can also look at the routing. But others can advise on that better than me.

thank you for your answer. I just wanted to know what is better to avoid any leaks. The VPN Director rule or the setting (Yes all)

 

[heysoundude]

I did a dirty upgrade from 386.2_6 to 386.3 on my RT-AC88U. I lost IPV6 after the upgrade for some reason which hasn't happened in years. I toggled IPV6 off and then back on again and got IPV6 back. Other than that it seems okay so far.

Cannot report the same experience w/ IPv6 on AC86.
Smooth upgrade, probably because I remembered to remove my USB and power cycle my gateway while the router was flashing itself

 

[glrush]

Hi, I am running a AX88U and an AC88U in a mesh setup using Nord VPN. I upgraded this morning and now the VPN Director says I am connected to a server in Miami (which is where my VPN server is) but when I run a IP check, it gives my location in Iowa (where my ISP is).
Any ideas on what I need to tweak ?

 

[netware5]

Dirty upgrade from 386.2_6. Uptime 0 days 6 hour(s) 52 minute(s) 7 seconds. No issues so far. Thanks Merlin and beta testers!

 

[pinkfloyd1173]

Dirty upgrade, no issues.

Thank you Mr. Merlin.