Beta Asuswrt-Merlin 388.1 Beta is available for select models

[RamGuy]

No, it`s related to the kernel, therefore it will be the same on both Asuswrt and Asuswrt-Merlin.


Asus weren't aware until recently that the setting did not work on newer HND 5.04 models, Broadcom had only implemented it on the 5.02 models. The setting will also be removed from the next stock firmware release as it`s not doing anything at all.

Hmm, that is disappointing. So I have to choose between a 2.5Gbps downlink to my switch (10Gbps if I go with the GT-AX11000 Pro) or Full-Cone NAT on my RT-AX88U. When stuck with Symmetrical NAT solutions like building a small form factor X86-64 system and running OPNsense becomes a possibility as well.

 

[Mogsy]

Quite honestly, I ignore any Wifi-related complains. Because out of 10 complains, 9 of them turn out to be configuration issues, or caused by people using cheap, broken IoT wifi clients. There are wifi-related complains with every single release. I refuse to become an unpaid tech support devoting hours of my time trying to investigate every single issue, and I'm can't expect their engineers to start devoting time and resources helping people troubleshoot their network just for the odd case that there _might_ be a genuine issue. That's the job of the tech support department, not the engineering department.

Quite right. Been trying and testing Beta1-3 on AX86U. Finally solved this

Nov 26 06:18:45 acsd: eth6: COEX: downgraded chanspec 0x1906 (8) to 0x1008 (8): channel 1 used by exiting BSSs
Nov 26 06:33:50 acsd: eth6: COEX: downgraded chanspec 0x1906 (8) to 0x1008 (8): channel 1 used by exiting BSSs
Nov 26 06:48:55 acsd: eth6: COEX: downgraded chanspec 0x1906 (8) to 0x1008 (8): channel 1 used by exiting BSSs

Checked Wireless Log and saw Apple watch connected to 5Ghz (with WiFi 6 ) when it is capable of 802.11n only (Streams 1 (n) 20MHz and iPhone showing Streams 2 (ax) 80Mhz.) Thought it was “essential” to have it on the same SSID with my phone. Switch it to 2.4Ghz Guest, no more acsd log now.

But still can’t work out what this is, only appear in Beta 3 i think.

Nov 26 18:25:57 rc_service: conn_diag 1766:notify_rc restart_amas_portstatus
Nov 26 18:25:57 custom_script: Running /jffs/scripts/service-event (args: restart amas_portstatus)

WiFi signal has improved significantly imo with Beta 3. iPhone in bathroom reading RSSI -70 dBm.

Thank you for all the hard work @RMerlin

 

[raven-au]

Hmm, that is disappointing. So I have to choose between a 2.5Gbps downlink to my switch (10Gbps if I go with the GT-AX11000 Pro) or Full-Cone NAT on my RT-AX88U. When stuck with Symmetrical NAT solutions like building a small form factor X86-64 system and running OPNsense becomes a possibility as well.

It's a bit puzzling really.
There is an implementation around which might be able to be merged into either ASUS or Merlin firmware and yet we are left with "gaming routers" that can't do full cone NAT so anyone with two or more Xbox consoles will have problems ...

 

[SomeWhereOverTheRainBow]

Hmm, that is disappointing. So I have to choose between a 2.5Gbps downlink to my switch (10Gbps if I go with the GT-AX11000 Pro) or Full-Cone NAT on my RT-AX88U. When stuck with Symmetrical NAT solutions like building a small form factor X86-64 system and running OPNsense becomes a possibility as well.

Yea I definitely find stuffs like this disappointing as well, but it is one of the downside of the Broadcomm-Asus relationship. The sad part is we will probably see more things like this happen in the future.

 

[RamGuy]

Luckily the use of Symmetrical NAT is becoming less and less of an issue with gaming. Most AA and AAA games are hosting most things "in the cloud" resulting in you having less need for P2P connections to your own console/PC to happen. IPv6 is going to remove this issue entirely as there won't be any need for NAT to happen at all. Sadly the support for IPv6 in gaming is abysmal. I've had native IPv6 going for several years now, I think the only game that I've been playing that fully supports IPv6 is World of WarCraft of all things.

 

[Mogsy]

I had the same situation last night. Since upgraded my family says internet not stable, their phones getting no internet from time to time while other things still working. It happened to me last night also, I turned off WiFi on my phone and turned it back on. Once reconnected internet worked.

See attached log. Has anything looks strange?

iPhone iOS16.1? Known wifi bug I think. 16.1.1 fixed it

 

[Igor]

Case.
1. Upgrade RT-AX68U from 386.7_2 to 388.1-beta 3.
2. Saving settings.
3. Factory reset.
4. Restore settings.
Lost as a result:
- all static IP on DHCP,
- all trusted MAC addresses,
- encryption keys on OpenVPN,
- access to the router via SSH.

 

[Tech9]

4. Restore settings.

Seems like you didn't restore jffs partition contents.

 

[Igor]

Seems like you didn't restore jffs partition contents.

No. jffs was also saved, then restored.

 

[Tech9]

You first upgraded 386 -> 388 and then saved your settings. You had to save your settings first and then upgrade. Restoring the settings from another firmware is not guaranteed and not recommended. I wouldn't do it between 386 and 388 firmware. Your saved settings on 386 would serve a go back to 386 purpose only. Start fresh with 388. Also - 388 is beta, not intended for production. Testing only.

 

[L&LD]

@Igor, restoring your settings after doing a reset to factory defaults is the same as not doing the factory default reset in the first place.

Fully Reset / Best Practice Setup / More

 

[RMerlin]

Hmm, that is disappointing. So I have to choose between a 2.5Gbps downlink to my switch (10Gbps if I go with the GT-AX11000 Pro) or Full-Cone NAT on my RT-AX88U. When stuck with Symmetrical NAT solutions like building a small form factor X86-64 system and running OPNsense becomes a possibility as well.

Full Cone NAT is overhyped by gamers, quite honestly. Very few routers actually support it, it reduces your network's security, and when discussing it with an engineer, his question was: "Can you give me one precise scenario where it is necessary", which I couldn't answer (and apparently nobody can at a technical level, all you will find online are "My console complains about NAT mode").

Since so few routers support it, I refuse to believe that so many online games would be broken for such a large amount of people.

The fact that you had a non-working Fullcone switch for so long without realizing it should tell you something.

But still can’t work out what this is, only appear in Beta 3 i think.

Related to AiMesh, beyond that I don't know what this specific service does.

There is an implementation around which might be able to be merged into either ASUS or Merlin firmware and yet we are left with "gaming routers" that can't do full cone NAT so anyone with two or more Xbox consoles will have problems ...

I've reviewed two of them. One only works with UDP and does not support TCP. The other one requires completely replacing the kernel's masquerade implementation, which means it has a high chance of breaking a lot of other things - assuming that implementation is even compatible with 4.19's Netfilter.

Lost as a result:
- all static IP on DHCP,
- all trusted MAC addresses,
- encryption keys on OpenVPN,
- access to the router via SSH.

All of these are stored in the JFFS partition. This tells me you didn't properly save or restore the JFFS partition content if they are still missing.

 

[RMerlin]

There's also a problem with Firewall. If I enable IPv4 firewall with IPv6 firewall all of my IPv6 client are naked on the internet (I can access my IPv6 client port all over the internet)

For some reason enabling IPv4 firewall rules adds a rule to the IPv6 FORWARD chain that allows all WAN traffic to the LAN. I will have to track down where this rule is created, might be a rule that's written to the wrong script during generation of firewall entries (so it ends up in the IPv6 firewall rather than the IPv4 firewall).

 

[Tech9]

If this issue is present in Asuswrt base as well - it needs immediate fix.

 

[Deleted member 22229]

For some reason enabling IPv4 firewall rules adds a rule to the IPv6 FORWARD chain that allows all WAN traffic to the LAN. I will have to track down where this rule is created, might be a rule that's written to the wrong script during generation of firewall entries (so it ends up in the IPv6 firewall rather than the IPv4 firewall).

So does this cause a security issue ? And if so is there a work around till it's fixed ? I would think Asus would want this fixed like NOW.

 

[RMerlin]

So does this cause a security issue ? And if so is there a work around till it's fixed

Don't enable the IPv4 Inbound Firewall Rules option, this is what triggers it.

Note that this is NOT the same thing as the IPv4 firewall. IPv4 Firewall Rules is what allows you to add user-defined firewall rules, and this is new in 388.

 

[Igor]

This tells me you didn't properly save or restore the JFFS partition content if they are still missing.

On the "Administration - Restore/Save/Upload Setting" page
Router settings -> Save setting
JFFS Partition -> Backup JFFS partition
Factory default.
Then Restore setting and Restore JFFS partition.

It is not right?

 

[Deleted member 22229]

Don't enable the IPv4 Firewall Rules option, this is what triggers it.

Note that this is NOT the same thing as the IPv4 firewall. IPv4 Firewall Rules is what allows you to add user-defined firewall rules, and this is new in 388.

Thanks for the quick reply. This still needs a fix asap it's amazing Asus would release a firmware with this type of issue.

 

[Tech9]

It is not right?

What is not right you did it after updating 386 -> 388. You had to do it before.

 

[RMerlin]

Thanks for the quick reply. This still needs a fix asap it's amazing Asus would release a firmware with this type of issue.

All we know is the issue exists in 21224. It's possible they might have already fixed it in newer versions.