Release Asuswrt-Merlin 386.3 is now available

[Smokey613]

Success !!!! It only took 6 tries but it finally updated.

 

[Tom Ames]

Successfully upgraded last night. 10 hrs 22 min later it's still chugging along. The UI locked up and then disappeared about 20 minutes after the upload. Spontaneously reappeared about 20 minutes later.

 

[shabbs]

Upgraded the router this morning after doing the APs last night. Restarted all gear following the router upgrade.
So far so good. VPN auto start config preserved and running fine - no DNS leaks. DNS filter looks to be operating as expected as well.
Cameras, IOT, Google devices all chatting.
Internet speed test looks good too.

 

[Ryansr]

Thanks, I have upgraded from default ASUSWRT (386_43588) successfully to this version of the Merlin firmware (386.3_2). No issues found on the RT-AX58U and everything works as expected thus far (20 min).

 

[Jumpstarter]

Step One, I put on my glasses and downloaded "correct" fw
Unmounted USB device via gui
Uploaded fw and router rebooted.
LAN/WAN working smoothly!

View attachment 35536 "That RMerlin is a real righteous dude!"

I am practicing firmware abstinence so I don't flash too much.

 

[SePcGuy]

I just got a RT-AX86U (previously on RT-AC88U), and upgraded to Merlin like how I had on RT-AC88U. However, previously if you selected Traditional QoS, you were given the option of Queue Discipline to implement. Now when I select Traditional QoS, I am not given a queue discipline option. The default queue discipline is fq_codel, correct?

 

[Kingp1n]

All is good with a dirty upgrade to 386.3_2. Everything working smoothly. For those having problems updating...try using a different browser. I use Edge but i had to use chrome in the past when it wldnt update.

 

[ColinTaylor]

I just got a RT-AX86U (previously on RT-AC88U), and upgraded to Merlin like how I had on RT-AC88U. However, previously if you selected Traditional QoS, you were given the option of Queue Discipline to implement. Now when I select Traditional QoS, I am not given a queue discipline option. The default queue discipline is fq_codel, correct?

I don't know what firmware version you were previously using but the release notes for 386.1 says:

  - REMOVED: fq_codel support for Adaptive QoS.  Due to a change
             in how Trend Micro configures QoS, it is no longer
             possible to intercept these to inject fq_codel.
  - REMOVED: Option to select sfq as a queue scheduler for t.QoS
             or Bandwidth Limiter, and always use fq_codel.

 

[Deleted member 22229]

386.3_2 is now available.

  - NOTE: closed down the Issue tracker on Github, as 90%
          of it was people asking for technical support,
          or failing to use the supplied submission form.
  - CHANGED: Re-disabled jitterentropy-rngd on non-HND
             models.  It kept using CPU time every two
             seconds and had a very marginal impact on
             the entropy pool (which it never could push
             above the target threshold of 1024).
  - CHANGED: Moved the "Redirect Internet traffic" setting on
             the OpenVPN Client page to the Network Settings
             section to increase its visibility, as too many
             users are forgetting to configure it.
  - CHANGED: Display "Internet traffic not redirected" instead
             of "Public IP Unknown" on the OpenVPN Client
             status display when Redirect Internet traffic
             is set to "No".
  - FIXED: Only the first OpenVPN client would be used if
           you had multiple clients connected and the first
           one had a Redirect Internet set to "No".  Now,
           setting this to "No" means that client's routing
           table will no longer get a default gateway
           configured, allowing traffic to be processed
           by other RPDB tables if there wasn't a matching
           route within that client's table.
  - FIXED: IPV6-compatible DNSFilter servers weren't
           properly configured in dnsmasq.
  - FIXED: DNSFilter client rules may get corrupted after a
           reboot.

Just installed 386.3_2 AX58U working excellent.

 

[Lynx]

Update worked first time on my RT-AX86u. No issues. Although surprisingly the router tried to work with a movie file when I uploaded that by mistake!

 

[Howard_inGA]

Install went fine to the 386.3.2 update.

Here are the log entries after NORD VPN start that are present in this 386.3 and subsequent update:

Aug 7 11:29:28 ovpn-client1[2955]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Aug 7 11:29:28 ovpn-client1[2956]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 7 11:29:29 ovpn-client1[2956]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1618', remote='link-mtu 1634'
Aug 7 11:29:29 ovpn-client1[2956]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Aug 7 11:29:30 ovpn-client1[2956]: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Aug 7 11:29:32 ovpn-client1[2956]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Are these of concern and what should I do? I am a new at VPN use, so I followed the NORD install instructions closely. After this update, these started to show?

 

[Igor-KC]

Dirty upgraded and everything works great
Thanks, Merlin

 

[RMerlin]

Do you recommend when enableing ipv6 also enable ipv6 firewall under settings

Definitely, with IPv6 every single IP on your LAN will be a public one, directly reachable over the Internet.

also should i enable drop ipv6 neighbour solicitation broadcasts?

Only if you use Comcast.

How does dnsfilter manage ipv6?

Barely. The only thing it does is if the DNS service is known to also support IPv6, then dnsmasq will provide that server IP to DHCP clients. It's not very useful, but for now it's better than nothing.

 

[RMerlin]

Are these of concern and what should I do?

No, ignore them.

 

[flyingpretzels]

Hi folks, I am about to upgrade my RT-AC68U to 386.3_2. My router is currently running 384.19.
Should it be safe to dirty upgrade directly to 386.3_2, or should I incrementally upgrade for example 384.19 -> 385.x -> 386.3_2?
I also have a USB flash drive plugged in that I use to store the SWAP file. Should I do anything before I unplug this USB before upgrading?

Thanks in advance!

 

[Howard_inGA]

No, ignore them.

Thanks, Eric...

 

[JT Strickland]

I suppose it's a coincidence, but I am unable to print to my HP officejet pro after a dirty upgrade from 386.3.0 to 386.3.2.
It seems it is connected to the network.

 

[JT Strickland]

Hi folks, I am about to upgrade my RT-AC68U to 386.3_2. My router is currently running 384.19.
Should it be safe to dirty upgrade directly to 386.3_2, or should I incrementally upgrade for example 384.19 -> 385.x -> 386.3_2?
I also have a USB flash drive plugged in that I use to store the SWAP file. Should I do anything before I unplug this USB before upgrading?

Thanks in advance!

i would say that is a long way to swing without a safety net.
In other words, I would do a factory reset first and forget the incremental upgrades.

 

[L&LD]

Welcome to the forums @flyingpretzels.

Flash the firmware to the latest current version (first). Safely remove any USB devices via the GUI, if inserted. Also physically remove them if needed to allow the flashing to succeed (be sure to reboot the router first).

If there are any issues, reset to factory defaults afterward. Do not use any saved backup config files. Do not 'blindly' use old settings that worked 'once upon a time'.

Be sure to read the changelog of the firmware you download. Note any changes that may affect you, specifically. (Begin from your version to the current one being installed).

 

[Jumpstarter]

Definitely, with IPv6 every single IP on your LAN will be a public one, directly reachable over the Internet.


Only if you use Comcast.


Barely. The only thing it does is if the DNS service is known to also support IPv6, then dnsmasq will provide that server IP to DHCP clients. It's not very useful, but for now it's better than nothing.

Is there any way to update the iptables for better support on ipv6.