[Beta] Asuswrt-Merlin 380.65 Beta is now available

[RMerlin]

Asuswrt-Merlin 380.65 Beta is now available for download, for all supported models.

This version contains a lot of changes, with the biggest ones being the upgrade to OpenVPN 2.4, Busybox 1.25.1, and GPL 380_4180 merge.

Beta 2 (Jan 22nd)
Uploading Beta 2 builds. Nothing major changed, but I'd prefer to have these retested again before a final release.

Changes since Beta 1:

a684eb1 Updated documentation
beb6678 Bumped revision to beta 2
330a0ad webui: integrated Tor page client display with Networkmap's clientlist
1e85623 webui: Ensure we always display a progress counter when applying on the OpenVPN client page.
b05794f curl,nano: Update gitignore
df7f647 webui: adjust wait timing when submitting OpenVPN client page
e511da4 cstats/rstats: update unset clock detection, by replacing the old Y2K value with Jan-1-2017; cast constant as unsigned long.
8a8b06e cstats: make rollover calculations properly deal with 64-bit values, and apply Asus's calculation tweak from rstats
5a03ad4 openvpn: store original IFS before changing it
1659357 vpnrouting: fix IFS not being stored before changing (broken since commit daa0df6acc814ac0cf33709cb2618e578d75fe8f)
fbd6f9f rc: format the reported firmware version that gets logged if new FW is available

Beta 3 (Jan 27th):
Some security updates came out this week, so I decided to delay the final release to have another round of test with these updates in place.

Changes since Beta 2:

   - CHANGED: Updated openssl to 1.0.2k
   - CHANGED: Updated tor to 0.2.9.9
   - FIXED: Webui layout was broken under Chrome 56
   - FIXED: miniupnpd errors at boot time about missing chains.
            Also streamlined miniupnpd stop/start events during
            boot, there are fewer of them now.

Beta 4 (Feb 1st):
GPL 4180 has been reverted to resolve numerous LAN applications that are broken in this GPL release. The httpd/www changes, miniupnpd fixes and minidlna/libdisk code from GPL 4180 has been kept, so these components can remain in-sync.

---

Highlights:

• (***REVERTED since beta 4***) Merged with GPL 380_4180. Note that the webui pages that were broken in 4180 (Network Tools, WOL, etc...) have been fixed.
• Upgrade to OpenVPN 2.4.0, and implemented support for many of its new features, including: GCM ciphers, NCP, LZ4 compression, tls-crypt. Existing 2.3 clients can still connect, provided you don't enable any of the new 2.4 features. Please see the Asuswrt-Merlin changelog, as well as the OpenVPN 2.4 manual page for more info on these new features. Also, obsolete RC ciphers were removed from the server webui.
• Upgrade to Busybox 1.25.1 ported to Asuswrt by TheMIROn. For most users this change is transparent, main benefit of this upgrade is making it easier to keep up-to-date with future security updates for Busybox (and probably a series of fixes between 1.20 and 1.25). A couple of new applets were also enabled, to assist script authors.
• A new "update-notification" script has been added, which gets run whenever the scheduled new firmware check finds a new version. That script can be used to send you an Email, an SMS, flash your router LEDs, etc... Also, generate a system log entry when a new firmware is available.
• Other updated components: Tor (0.2.9.8), nano (2.7.4).
• Host file will give priority to the hostname you configure for your router, over the hardcoded router.asus.com (will show up when doing a traceroute or any other router IP resolution).
• Fixed IPv6 request for some models (like the RT-AC88U) that were using a blank MAC when generating their DUID
• Numerous fixes to the Network Service Firewall that failed to work under various scenarios
• Additional fixes to OpenVPN (ovpn export, failure to clean up routes on restart)
• RT-N66U, RT-AC66U and RT-AC5300 would reboot up to three times if one of their wifi interface was disabled
• And quite a few more - make sure to read the complete Changelog

Things that need particular testing:

• OpenVPN, both existing configurations and the new features. Make sure you understand how these work first - NCP for instance isn't always intuitive in its behaviour.
• Existing scripts - make sure they still work fine with the Busybox upgrade
• The RT-N66U, RT-AC66U, RT-AC56U and RT-AC3200 have to reuse some older closed source components due to incomplete/missing GPL release from Asus. Look for any unusual behaviour, especially regarding wifi.

Make sure you read the Changelog for more details.

Downloads are here.
Changelog is here.

 

[RMerlin]

Reserved.

 

[RMerlin]

380.65 adds a new update-notification user script. Here is an example script that will email you when a new firmware is available. This script is designed for GMail, shouldn't be too hard to adapt to your own ISP's SMTP.

#!/bin/sh

# SMTP parameters
SMTP="smtp.gmail.com"
PORT="465"
USERNAME="you@gmail.com"
PASSWORD="gmail-password"

# Mail Enveloppe
FROM_NAME="Router"
FROM_ADDRESS="you@gmail.com"
TO_NAME="Your Name"
TO_ADDRESS="you@gmail.com"


### Do not change below

# Retrieve version
TMPVERS=$(nvram get webs_state_info)
VERS=${TMPVERS:5:3}.${TMPVERS:8:10}
ROUTER_IP=$(nvram get lan_ipaddr)

echo "From: \"$FROM_NAME\" <$FROM_ADDRESS>" > /tmp/mail.txt
echo "To: \"$TO_NAME\" <$TO_ADDRESS>" >> /tmp/mail.txt
echo "Subject: New router firmware notification" >> /tmp/mail.txt
echo "" >> /tmp/mail.txt
echo "New firmware version $VERS is now available for your router at $ROUTER_IP." >> /tmp/mail.txt


curl --url smtps://$SMTP:$PORT \
  --mail-from "$FROM_ADDRESS" --mail-rcpt "$TO_ADDRESS" \
  --upload-file /tmp/mail.txt \
  --ssl-reqd \
  --user "$USERNAME:$PASSWORD" --insecure


rm /tmp/mail.txt

Might be a good idea to define an application password to use here, since your GMail password would end up stored in the clear in that script.

 

[pietjepuk100]

Sweet, I'll put it up on my AC68U, acting as an AP, first. Thanks!

 

[pattiri]

Installed it on AC88u and checked everything I'm using and all seems stable.

just saw that;

Jan 15 11:32:46 dnsmasq[1256]: query[A] dns.msftncsi.com from 127.0.0.1
Jan 15 11:32:46 dnsmasq[1256]: /tmp/mnt/entware/adblocking/blacklist.txt dns.msftncsi.com is 0.0.0.0

router is asking this domain frequently. I've searched dnsmasq logs which are saved by ab-solution and couldn't see this domain on older logs. Seems like router asking this domain with 380-65 beta. I've added this to blacklist because of windows 10 privacy concerns. Is it something important for router? if it is; I can remove it from blacklist.

Thanks.

Edit: I've googled it and as far as I understand its some kind of a connection control so I've deleted it from blacklist and router still asking this in about every five seconds

 

[thelonelycoder]

380.65 adds a new update-notification user script. Here is an example script that will email you when a new firmware is available. This script is designed for GMail, shouldn't be too hard to adapt to your own ISP's SMTP.

#!/bin/sh

# SMTP parameters
SMTP="smtp.gmail.com"
PORT="465"
USERNAME="you@gmail.com"
PASSWORD="gmail-password"

# Mail Enveloppe
FROM_NAME="Router"
FROM_ADDRESS="you@gmail.com"
TO_NAME="Your Name"
TO_ADDRESS="you@gmail.com"


### Do not change below

# Retrieve version
TMPVERS=$(nvram get webs_state_info)
VERS=${TMPVERS:5:3}.${TMPVERS:8:10}
ROUTER_IP=$(nvram get lan_ipaddr)

echo "From: \"$FROM_NAME\" <$FROM_ADDRESS>" > /tmp/mail.txt
echo "To: \"$TO_NAME\" <$TO_ADDRESS>" >> /tmp/mail.txt
echo "Subject: New router firmware notification" >> /tmp/mail.txt
echo "" >> /tmp/mail.txt
echo "New firmware version $VERS is now available for your router at $ROUTER_IP." >> /tmp/mail.txt


curl --url smtps://$SMTP:$PORT \
  --mail-from "$FROM_ADDRESS" --mail-rcpt "$TO_ADDRESS" \
  --upload-file /tmp/mail.txt \
  --ssl-reqd \
  --user "$USERNAME:$PASSWORD" --insecure


rm /tmp/mail.txt

Might be a good idea to define an application password to use here, since your GMail password would end up stored in the clear in that script.

For AB-Solution users: This will be a built in option for the upcoming AB3.1 release.
It will use your email config settings in AB to send the email notification and generate the necessary files for you.

Edit: No use to implement it as, apparently, Asus works on a WebUI version for the notification email.

 

[thelonelycoder]

Installed it on AC88u and checked everything I'm using and all seems stable.

just saw that;

Jan 15 11:32:46 dnsmasq[1256]: query[A] dns.msftncsi.com from 127.0.0.1
Jan 15 11:32:46 dnsmasq[1256]: /tmp/mnt/entware/adblocking/blacklist.txt dns.msftncsi.com is 0.0.0.0

router is asking this domain frequently. I've searched dnsmasq logs which are saved by ab-solution and couldn't see this domain on older logs. Seems like router asking this domain with 380-65 beta. I've added this to blacklist because of windows 10 privacy concerns. Is it something important for router? if it is; I can remove it from blacklist.

Thanks.

Edit: I've googled it and as far as I understand its some kind of a connection control so I've deleted it from blacklist and router still asking this in about every five seconds

Beware: Your Windows PC's will show the 'no internet' notification icon if you blacklist both the msftncsi.com and dns.msftncsi.com subdomain.

 

[proditaki]

I installed it on AC5300 and it seems to be running stable.

 

[JohnNerd]

Dear Merlin, Great work again. Thanks. Working good here so far on both AC66 and AC87. AC66 is in bridge mode.
I think that WPS should be off as default. It turns itself on again after power cycle or upgrade of firmware.

Have a nice day!

 

[GoNz0]

380.65 adds a new update-notification user script. Here is an example script that will email you when a new firmware is available. This script is designed for GMail, shouldn't be too hard to adapt to your own ISP's SMTP.

#!/bin/sh

# SMTP parameters
SMTP="smtp.gmail.com"
PORT="465"
USERNAME="you@gmail.com"
PASSWORD="gmail-password"

# Mail Enveloppe
FROM_NAME="Router"
FROM_ADDRESS="you@gmail.com"
TO_NAME="Your Name"
TO_ADDRESS="you@gmail.com"


### Do not change below

# Retrieve version
TMPVERS=$(nvram get webs_state_info)
VERS=${TMPVERS:5:3}.${TMPVERS:8:10}
ROUTER_IP=$(nvram get lan_ipaddr)

echo "From: \"$FROM_NAME\" <$FROM_ADDRESS>" > /tmp/mail.txt
echo "To: \"$TO_NAME\" <$TO_ADDRESS>" >> /tmp/mail.txt
echo "Subject: New router firmware notification" >> /tmp/mail.txt
echo "" >> /tmp/mail.txt
echo "New firmware version $VERS is now available for your router at $ROUTER_IP." >> /tmp/mail.txt


curl --url smtps://$SMTP:$PORT \
  --mail-from "$FROM_ADDRESS" --mail-rcpt "$TO_ADDRESS" \
  --upload-file /tmp/mail.txt \
  --ssl-reqd \
  --user "$USERNAME:$PASSWORD" --insecure


rm /tmp/mail.txt

Might be a good idea to define an application password to use here, since your GMail password would end up stored in the clear in that script.

I can't find the script?

 

[GoNz0]

Dear Merlin, Great work again. Thanks. Working good here so far on both AC66 and AC87. AC66 is in bridge mode.
I think that WPS should be off as default. It turns itself on again after power cycle or upgrade of firmware.

Have a nice day!

WPS stays off for me.

 

[JohnNerd]

WPS goes on on 5 gHz for some reason. I've done the factory default reset, but still goes back on.

 

[Piter]

380.65 adds a new update-notification user script. Here is an example script that will email you when a new firmware is available. This script is designed for GMail, shouldn't be too hard to adapt to your own ISP's SMTP.

#!/bin/sh

# SMTP parameters
SMTP="smtp.gmail.com"
PORT="465"
USERNAME="you@gmail.com"
PASSWORD="gmail-password"

# Mail Enveloppe
FROM_NAME="Router"
FROM_ADDRESS="you@gmail.com"
TO_NAME="Your Name"
TO_ADDRESS="you@gmail.com"


### Do not change below

# Retrieve version
TMPVERS=$(nvram get webs_state_info)
VERS=${TMPVERS:5:3}.${TMPVERS:8:10}
ROUTER_IP=$(nvram get lan_ipaddr)

echo "From: \"$FROM_NAME\" <$FROM_ADDRESS>" > /tmp/mail.txt
echo "To: \"$TO_NAME\" <$TO_ADDRESS>" >> /tmp/mail.txt
echo "Subject: New router firmware notification" >> /tmp/mail.txt
echo "" >> /tmp/mail.txt
echo "New firmware version $VERS is now available for your router at $ROUTER_IP." >> /tmp/mail.txt


curl --url smtps://$SMTP:$PORT \
  --mail-from "$FROM_ADDRESS" --mail-rcpt "$TO_ADDRESS" \
  --upload-file /tmp/mail.txt \
  --ssl-reqd \
  --user "$USERNAME:$PASSWORD" --insecure


rm /tmp/mail.txt

Might be a good idea to define an application password to use here, since your GMail password would end up stored in the clear in that script.

Is any chance to add option/feature to configure notification by email in GUI ? This will be better solution and faster.

 

[GoNz0]

WPS goes on on 5 gHz for some reason. I've done the factory default reset, but still goes back on.

I have noted it do this when using the backup/restore script posted on the forums but I have not had it happen with straight updates for a long time.

 

[octopus]

I can't find the script?

You kidding ? #3

 

[thelonelycoder]

Is any chance to add option/feature to configure notification by email in GUI ? This will be better solution and faster.

AB-Solution 3.1 will have it as an option.
Edit: Asus apparently works on it, sorry.

 

[Piter]

AB-Solution 3.1 will have it as an option.

But it also is no in GUI. But thanks

 

[proditaki]

WPS goes on on 5 gHz for some reason. I've done the factory default reset, but still goes back on.

I also do not have this problem.

 

[thelonelycoder]

I can't find the script?

You have to create /jffs/scripts/update-notification yourself, set the permissions and fill in your edited details.

 

[binggesoft]

After I refresh the default SSID changed, before the ASUS_10_2G, now became the ASUS_00_2G. do not know what the situation!