Release Asuswrt-Merlin 386.4 is now available

[abdullah salahaldin]

Awesome, thanks for the update

 

[bbq]

Hi Merlin,

Did 386.3.2 include all the vulnerabilities which were addressed with stock ASUS Version 3.0.0.4.386.45375
2021/08/31? Based on someone else's post in a TPLINK forum, I noticed ASUS made several updates to WPA in the 8/31 release as follows and I'm wondering if this is what is causing many of our TP-Link Smart Bulb WIFI disconnect issues once we upgraded from 386.3.2 to 386.4. I'm just trying to isolate so we can get TP-Link to fix.

WPA Vulnerabilities addressed with 3.0.0.4.386.45375 included:

- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Have you seen this thread:
https://www.snbforums.com/threads/a...devices-tp-link-hs200-hs105-switch-etc.76590/

It looks like ASUS release a beta firmware on Jan 5 that address this issue with TP-Link / Kasa bulbs and switches.

 

[emwgee]

The problem isn't pertinent to TP-Link devices only, my LG washer and dryer are experiencing the same problem, they connected fine with my GT-AX11000 router running 386.3-2 version firmware, but not with the 386.4 upgrade.

All my IoT devices were working fine with my GT-AX11000 router running ASUS original firmware up to version GT_AX11000_300438644266, and since I had connection problems with all their newer firmwares, that was why I switched to Merlin firmware, but now it happens again.......

By changing 2.4G band wireless mode to "Legacy" solved my problem, all my TP-Link devices and LG washer/dryer are now back online.
It works for me so far, I will monitor for a couple of days to see if it keeps.



GT-AX11000 on 386.4 firmware

 

[Elmer]

HI Elmer,

What model bulbs are you using? If newer than mine, maybe I'll upgrade them all so I can use the newer firmware. Also, are you running yours in a guest network? Did you change any other settings on the 2.4 ghz radio?

I have tried both the 2.4ghz channel on both auto and channel 6 (least congested channel) and and could not get any of the bulbs to stay connected. No AImesh activated, only one AX88U router in my house. I tried turning off universal beamforming and airtime fairness and it did not help. Ironically, all my bulbs work with 386.3.2 with both Airtime fairness and universal beam forming enabled.

@CLK had the same problem as me and can only get his bulbs to connect if he sets his 2.4ghz wireless mode to legacy which would not work for me given the bandwidth limitations for non IOT devices.

AX88/386.4_0: The bulbs are KL-130. One is about 10 yards from the house. I do not use guest. I do use an AImesh, and looking at connections, it shows most are connected to an AC68 mesh station and an AC88 mesh station. So that could very well be the difference. I also have in wall switches HS200/HS220, along with a variety of plugs (HS100/HS105/HS107/KP400). Some of those are connected to AX88, but others to the mesh. While the TP-Links are fairly stable, I am having problems with Amazon Echoes often not reconnecting.

 

[akb]

Have you seen this thread:
https://www.snbforums.com/threads/a...devices-tp-link-hs200-hs105-switch-etc.76590/

It looks like ASUS release a beta firmware on Jan 5 that address this issue with TP-Link / Kasa bulbs and switches.

Awesome so it will work its way into merlin eventually since asus knows it is their fault

 

[bbunge]

Neither asus app clean install nor instant guard clean install didn't fix the issue. On official Asus firmware right before uodtae it was working just fine. Now its not.

Did you clear the InstantGuard settings on the Android? If not Instant guard will never work.
On the phone ot tablet go to Settings - Apps - find InstantGuard - open Storage and Cache - then delete both storage and cache. Connect the Asus router app to the router and open instant guard from the router app . The new security keys will be brought over to the phone and you can tap to connect InstantGuard.

 

[shabbs]

Awesome so it will work its way into merlin eventually since asus knows it is their fault

Yeah, I guess we wait then... I have a lot of TP-Link devices too. Ugh.

 

[dave14305]

YEs tried that and no difference. Only legacy mode works.

AX88/386.4_0: The bulbs are KL-130. One is about 10 yards from the house.

Too many Elmers…

 

[Dezzo]

My 5ghz went out again twice tonight and the router had to be rebooted.
2.4ghz remained working this time though. AX68U.

Looks like ASUS has really messed something up here. Have they acknowledged this issue yet?

I reverted back to 386.3_2 for now.
I did a factory reset, then downgraded, then did another reset, then flashed 386.3_2 once again from the setup screen, then used the config file I created before updating to 386.4 as Merlin suggested, but I still lost the Hostnames in the DHCP table anyway. Only the Client Names were retained.

 

[tramchamploo]

Seems the new version of dnsmasq has poor support for long list of custom servers, previous version works fine. After upgrading, dnsmasq process uses a whole cpu and top suggest a very high load around 10.

I checked the changelog for dnsmasq it indeed did something related and they claimed to have a much better performance which in my case is opposite.

FYI, I have a custom list of servers with 60000+lines. Now I have to shut it down.

 

[arewhy]

Network has been very stable for 386.4, once I determined the best channel to use for the 5 GHz-2 band. One little nit-noid issue, under the wireless log tab, the DFS Status line is not displayed for 5 GHz-2. However, the DFS status information is present if you view low level details. Example below

Wireless 5 GHz-1

SSID: hancockvfa2	Mode: AP
Noise: -89 dBm	Channel: 40/80	BSSID: F0:2F:74:xx:xx:xx
DFS State: Idle	Time elapsed: 0h 0m 0s	Channel cleared for radar: 40/160

Wireless 5 GHz-2

SSID: hancockvfa3	Mode: AP
Noise: -89 dBm	Channel: 149/80	BSSID: F0:2F:74:xx:xx:xx

 

[RMerlin]

What factory firmware is 386.3.2 based upon?

I don't remember. Check in the changelog, it's always documented there every time I upgrade to a newer GPL code base.

 

[RMerlin]

Did 386.3.2 include all the vulnerabilities which were addressed with stock ASUS Version 3.0.0.4.386.45375
2021/08/31?

Some but not all (and I don't have an accurate list to share, sorry).

One little nit-noid issue, under the wireless log tab, the DFS Status line is not displayed for 5 GHz-2. However, the DFS status information is present if you view low level details. Example below

DFS channel isn't used on the second radio.

 

[Amwjujo]

All my devices lost connection over the night and every time I tried to connect a client to the router(this morning) I was giving the - Cannot obtain IP address. The issue was fixed with a reboot of the router.
I saved the logs but have no idea what to look after.
The most repetitive message I can see there is for wlceventd : Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
and in messages i get restart DNS mask and then "not mesh client, can't update it's ip".

 

[maidmeow4]

dirty flash from 386.3_2, currently I have two problems:

1. WebUI often says Internet disconnected, but after 1 or 2 minutes it disappears and shows connected again.
2. Random lost of connection inside online games, this only happen one hour or more after the router booted up.

For problem 1, I have already set dns_probe_content and dns_probe_host to default values, and the router itself can resolve dns.msftncsi.com correctly.
For problem 2, I tried ping my DNS server while this happens, and I got random packet lost (see attached image).
(I live in China, this DNS server is a well-known service in China and every ISP have a direct connection to it, so it should not performance badly.)

EDIT: had go back to 386.3_2 since the Internet connection on 386.4 is very unstable, every webpage takes a long time to load. And just like the attached image shows there are many random packet losts.

 

[eshmootie]

Hi guys,

Recently dirty upgraded to 386.4 from latest stable

AX58U.

So it seems like i have the same issue with 2.4ghz devices that some others have had.

My sonos speakers is connected to the internet but i cannot access them from any other device or access them through the browser.

So it looks like they're connected to the wifi but with some kind of failure, Any suggestions?

2.4ghz settings covered in the pics.

 

[underdose]

TL;DR: After a power loss, Entware installation and all my user scripts on the USB were gone. Had to reinstall them all.

I installed 386.4 over 386.4 beta 2 a week ago and everything were running smoothly. After an unexpected power loss the other day (power line damaged by construction workers), I noticed that my router was not running any of the scripts on the USB, as well as the Entware. WAN connection was there, all the settings were the same but none of the scripts were executed and add-ons tab was missing. So, I rebooted the router via GUI to fix issues but to no avail.

Trying to SSH into the router threw an "SSH key/fingerprint does not match" error, so I've manually edited my ./ssh/known_hosts and after that I was able to connect to router without a problem. Once I got connected, ran "amtm" and none of the scripts were there, it was like I was trying to install scripts to a vanilla Merlin firmware.

I've installed all the scripts one by one, starting with Diversion which read the backup files successfully, and now everything is back to normal even after a couple of reboots (via GUI).

Sadly, I don't have the log files for when the incident occurred but I'm pretty sure USB is not the cause.

My network is simple: Several LAN Devices -> AX58U (Router Mode) -> DOCSIS 3.0 Cable Modem (Bridged) -> The Internet

Just wanted to share my experience to see if anyone had the same issue.

PS: Thank you RMerlin for your hard work.

 

[128bit]

i took the plunge and things went well for the most part. all devices appear to be working but i get persistent logs on the following:

Jan 8 04:58:59 dnsmasq-dhcp[1581]: DHCPOFFER(br0) 192.11.3.156 5c:cf:7f:bd:9d:bf​

Jan 8 04:59:07 kernel: tntfs error (device sdb2, pid 2042): ntfs_prepare_pages_for_non_resident_write(): Failed (error 5).​

Jan 8 04:59:27 kernel: tntfs error (device sdb2, pid 2042): ntfs_prepare_pages_for_non_resident_write(): Failed (error 5).​

these tntfs errors are new with 386.4 and if they are associated with that mac in the dnsmasq entry, i can tell u it's a la crosse weather station on the 2.4 radio. i should add, my ac86u is behind another router and it runs nas with several static ips defined.
rmerlin works too hard for me to not provide some test feedback. i'm glad i did.

 

[richard_svk]

I've had weird problems with a number of RTL USB 2.0 adapters over the years. I had to disable "Protected Management Frames" before the device could connect, though in my scenario I could see the network but not be able to connect - across many versions of firmware.

I keep this off (was off by default) on my router. It is really strange the laptop can't even see the network. I would not figure out any logical reason for this other than that I noticed the same issue when WiFi 6 is on.

 

[Unetwork]

Hi,

RT-AX88U = Upgraded from 386.3_2 to 386.4 + Reset WPS + Format JFFS partition + complete reconfiguration = everything works fine for now. Internet connection OK, MAC filtering with OnePlus smarphone OK, Wifi printer OK.
And unlike other users, the status "internet connected" is well present and without display bug on the main page. Everything is very stable.

Thanks to @RMerlin and the whole team for this phenomenal work

The display problem in the tab "system status" and "wireless" is now solved. All boxes are filled in correctly. I had reported this problem on version 386.3_2 but now it's fixed !