[Beta] Asuswrt-Merlin 380.66 Beta is now available

[MarvinAndro]

Posted this https://www.snbforums.com/threads/r...65-is-now-available.37295/page-38#post-321643 under the previous version, sorry. Yes, I have rebooted. Also, I don't know how to reproduce it. Some times I'd expand the QoS on one device, it'll look fine, try another device - again good, go back to the first one and I'd see those negatives. Repeat the same back and forth again and it's fine on both sides. Gut feeling is that it has something to do with (sudden) speed fluctuations, jumping over 50-100Mbps and probably variables that don't support long long int, pure guess.

 

[brummygit]

@RMerlin there is a bug on my RT-AC68U with downstream multicast IPTV streams that show as upstream data (default class) in the QoS stats and causes QoS to throttle back my upstream when I watch BT-TV in UK. This causes all sorts of issues as my upstream speed is close to the 8Mbps it measures upstream when I watch an HD channel. The bug also exists in the current official firmware and other users have told me that it has been around for quite some time in previous versions.

Is this something you can help with in your releases?

 

[uTK]

Thank you Merlin for your awesome firmware and greetings to everyone.

I've been using Asuswrt-Merlin since the beginning. I realized something with Traffic Analyzer:

When I choose Statistic then show by Daily to Monthly, "all clients" changes to "all apps". It changes back to all clients when I choose show by: "Download".

Gif link 1: https://ibb.co/hd6Qi5
Gif link 2: https://ibb.co/cr4BO5

In addition, for example I want to see a clients monthly usage. But It's only shown currently active clients in the drop-down list. Is this normal?

I hope I can express myself clearly. Thank you.

 

[RMerlin]

Posted this https://www.snbforums.com/threads/r...65-is-now-available.37295/page-38#post-321643 under the previous version, sorry. Yes, I have rebooted. Also, I don't know how to reproduce it. Some times I'd expand the QoS on one device, it'll look fine, try another device - again good, go back to the first one and I'd see those negatives. Repeat the same back and forth again and it's fine on both sides. Gut feeling is that it has something to do with (sudden) speed fluctuations, jumping over 50-100Mbps and probably variables that don't support long long int, pure guess.

The Trend Micro engine is outside of my control. Nothing I can do about it.

 

[RMerlin]

@RMerlin there is a bug on my RT-AC68U with downstream multicast IPTV streams that show as upstream data (default class) in the QoS stats and causes QoS to throttle back my upstream when I watch BT-TV in UK. This causes all sorts of issues as my upstream speed is close to the 8Mbps it measures upstream when I watch an HD channel. The bug also exists in the current official firmware and other users have told me that it has been around for quite some time in previous versions.

Is this something you can help with in your releases?

Anything related to IPTV will have to resolved by Asus, I don't touch that portion of the code.

 

[RMerlin]

Thank you Merlin for your awesome firmware and greetings to everyone.

I've been using Asuswrt-Merlin since the beginning. I realized something with Traffic Analyzer:

Quite frankly, I have never been able to really use their Traffic Analyzer. The web interface is very confusing to use, I'm not even sure how it's meant to be used...

 

[brummygit]

Anything related to IPTV will have to resolved by Asus, I don't touch that portion of the code.

OK thank you, I suspected that would be the answer but it was worth asking.

As always I appreciate your hard work which makes your firmware so great.

 

[Alitai]

Should i disable both ATF Entries? I looked into the Source but it's really hard to understand and even to find the right File. (A lot of Code...)
@RMerlin: Great work from your Site to bring this Firmware forward!

PS: Maybe when someone can say which the ATF Files are? I will compare to older Version for 2,4Ghz Problem with DHCP (recive no dhcp) and ATF ON.

 

[MarkRH]

Thank you Merlin for your awesome firmware and greetings to everyone.

I've been using Asuswrt-Merlin since the beginning. I realized something with Traffic Analyzer:

When I choose Statistic then show by Daily to Monthly, "all clients" changes to "all apps". It changes back to all clients when I choose show by: "Download".

Gif link 1: https://ibb.co/hd6Qi5
Gif link 2: https://ibb.co/cr4BO5

In addition, for example I want to see a clients monthly usage. But It's only shown currently active clients in the drop-down list. Is this normal?

I hope I can express myself clearly. Thank you.

When going to the Monthly Statistics, click on the "Apps" button first, then stay there or click back on the "Router" button to really get it into Client mode. Now, if you select "Download" it will stay in the same category. For whatever reason when I first go to "Monthly" the "Router" button is depressed but it is actually showing the Apps in the graph.

 

[RMerlin]

Should i disable both ATF Entries? I looked into the Source but it's really hard to understand and even to find the right File. (A lot of Code...)

It's not a file, it's a setting on the webui.

 

[Revelstone77]

That is nothing broken only a new way to use openvpn.

- NEW: Added new Internet redirection mode to OpenVPN clients
         called "Policy Rule (Strict)".  The difference from the
         existing "Policy Rule" mode is that in strict mode,
         only rules that specifically target the tunnel's
         interface will be used.  This ensures that you don't
         leak traffic through global or other tunnel routes,
         however it also means any static route you might have
         defined at the WAN level will not be copied either.
         In general, it's recommended to use this new strict
         mode.

I cant for the life of me find where these settings are. i went back to Beta 3 so i could try it. is there anywhere i can look for info on this. This sounds like a great improvement, if i could just figure it out.

 

[RMerlin]

I cant for the life of me find where these settings are. i went back to Beta 3 so i could try it. is there anywhere i can look for info on this. This sounds like a great improvement, if i could just figure it out.

Same place as before, as "Redirect Internet", except the dropdown got a fourth option added beside No, All and Policy Rules.

 

[elnino]

Thanks for this very good firmware . I have a little issue and would like to ask if it is a router problem.
My Asus RT-68 loses sometimes (1-2 times a week) his internet connection. I can connect to the router and it shows its connected to the internet but it doesnt work . After a reset of the router everything works fine again . I dont know why that happens .
Its a t-online account from germany ... Is it possible to log this action ?

thanks

 

[Adamm]

After updating from Beta1 > Beta 3 for whatever reason custom scripts are being executed twice. I don't see anything in the gibhub changes that would indicate why.

Aug  1 10:00:33 hotplug[869]: USB ext4 fs at /dev/sda1 mounted on /tmp/mnt/Main
Aug  1 10:00:33 usb: USB ext4 fs at /dev/sda1 mounted on /tmp/mnt/Main.
Aug  1 10:00:33 custom script: Running /jffs/scripts/firewall-start (args: eth0)
Aug  1 10:00:33 kernel: EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: user_xattr
Aug  1 10:00:33 Debug: [firewall-start executed]
Aug  1 10:00:33 rc_service: udhcpc 552:notify_rc start_upnp
Aug  1 10:00:33 rc_service: waitting "stop_upnp" via udhcpc ...
Aug  1 10:00:34 custom script: Running /jffs/scripts/post-mount (args: /tmp/mnt/Main)
Aug  1 10:00:34 rc_service: hotplug 869:notify_rc restart_nasapps
Aug  1 10:00:34 iTunes: daemon is stopped
Aug  1 10:00:34 FTP Server: daemon is stopped
Aug  1 10:00:34 Samba Server: smb daemon is stopped
Aug  1 10:00:35 kernel: gro disabled
Aug  1 10:00:35 Timemachine: daemon is stopped
Aug  1 10:00:35 kernel: gro enabled with interval 2
Aug  1 10:00:37 Samba Server: daemon is started
Aug  1 10:00:39 miniupnpd[957]: HTTP listening on port 39048
Aug  1 10:00:39 miniupnpd[957]: Listening for NAT-PMP/PCP traffic on port 5351
Aug  1 10:00:40 crond[961]: crond (busybox 1.25.1) started, log level 8
Aug  1 10:00:40 ntp: start NTP update
May  4 19:23:04 rc_service: ntp 954:notify_rc restart_upnp
May  4 19:23:04 miniupnpd[957]: shutting down MiniUPnPd
May  4 19:23:04 kernel: xt_set: Unknown symbol ip_set_add (err 0)
May  4 19:23:04 kernel: xt_set: Unknown symbol ip_set_test (err 0)
May  4 19:23:04 kernel: xt_set: Unknown symbol ip_set_del (err 0)
May  4 19:23:04 kernel: xt_set: Unknown symbol ip_set_nfnl_put (err 0)
May  4 19:23:05 kernel: xt_set: Unknown symbol ip_set_nfnl_get_byindex (err 0)
May  4 19:23:05 kernel: * Make sure sizeof(struct sw_struct)=160 is consistent
May  4 19:23:05 rc_service: ntp 954:notify_rc restart_diskmon
May  4 19:23:05 disk_monitor: Finish
May  4 19:23:06 miniupnpd[1009]: HTTP listening on port 59756
May  4 19:23:06 miniupnpd[1009]: Listening for NAT-PMP/PCP traffic on port 5351
May  4 19:23:07 kernel: ip_set: protocol 6
May  4 19:23:09 disk monitor: be idle
May  4 19:23:09 kernel: IDPfw: TrendMicro forward module ver-1.0.34
May  4 19:23:09 kernel: IDPfw: Apply module param dev_wan=eth0
May  4 19:23:09 kernel: IDPfw: Apply module param sess_num=30000
May  4 19:23:09 kernel: IDPfw: Init chrdev /dev/idpfw with major 191
May  4 19:23:09 kernel: IDPfw: IDPfw is ready
May  4 19:23:09 kernel: sizeof forward param = 160
May  4 19:23:13 rc_service: udhcpc 552:notify_rc start_firewall
May  4 19:23:13 dhcp client: bound 124.191.26.64 via 124.191.0.1 during 3600 seconds.
May  4 19:23:15 miniupnpd[1009]: shutting down MiniUPnPd
May  4 19:23:15 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
May  4 19:23:16 custom script: Running /jffs/scripts/firewall-start (args: eth0)
May  4 19:23:16 Debug: [firewall-start executed]
May  4 19:23:17 miniupnpd[1240]: HTTP listening on port 54887
May  4 19:23:17 miniupnpd[1240]: Listening for NAT-PMP/PCP traffic on port 5351

 

[RMerlin]

After updating from Beta1 > Beta 3 for whatever reason custom scripts are being executed twice. I don't see anything in the gibhub changes that would indicate why.

Scripts are event-based, not timeline based. If a feature require the firewall to be reconfigured when they are initialized, then they will request a firewall restart during their initialization phase, with the associated script being executed as normal at the end of the event. It's not a bug, it's just about understanding how Asuswrt handles events.

So, the firewall will be restarted whenever, among other things, miniupnpd is started, the WAN interface gets connected, etc...

 

[mikeyranks]

Thanks for this very good firmware . I have a little issue and would like to ask if it is a router problem.
My Asus RT-68 loses sometimes (1-2 times a week) his internet connection. I can connect to the router and it shows its connected to the internet but it doesnt work . After a reset of the router everything works fine again . I dont know why that happens .
Its a t-online account from germany ... Is it possible to log this action ?

thanks

I have this issue too. Haven't had time to explore in detail but I think mine is VPN related.

 

[Naftali Oziel]

380.66 Beta 3 is being uploaded.

eb129ac webui: implement help popup for OpenVPN's Internet Redirection options
b5e7b94 Bumped revision to beta 3
bec8038 openvpn: re-implemented code to only copy rules related to the intended tunnel, but as a new Internet routing mode called "Policy Rules (strict)".
0b1aa1c openvpn: use the defined max number of openvpn clients as defined in shared.h where appropriate
6e777ac webui: fix incorrect variable names in the rangeFloat method (bug in upstream code)
f0bfb69 Updated documentation

Please test the new Policy Rules (strict) if you were already using policy rules. This is the same feature that was implemented in beta1, except I chose for now to make it available as a separate mode, in case it might cause issues with certain configurations. The new strict mode is recommended for people who run multiple tunnels, or who need to ensure that no route gets leaked into their client's routing table.

Do you have a set timeline in mind in terms of releasing the stable version of .66?

 

[Blinkyz]

Cricket!

 

[Alfsu]

Something must be different in your configuration then is the AC56U doesn't have that problem, as the code is totally identical for all models, and also I've been unable to reproduce the issue here. For me, all my tunnels are started sequentially, one after the other when I set two of them to start at boot time. I could always introduce an additional delay before launching each instance, maybe one of your instances is taking a long time to complete its connection, but no guarantee that would help.

This is my Firewall-start script:

#!/bin/sh

# Run Win10_Tracking_Blocker
/jffs/scripts/windows-10-tracking-blocker.sh

# Run block Tor and Countries
/jffs/scripts/block-tor-and-countries.sh

# Load IPSET filter rules
/jffs/scripts/malware-filter.sh
/jffs/scripts/privacy-filter.sh
/jffs/scripts/ipset_block.sh init nolog​

and this is my service-start script:

#!/bin/sh

# Set Cron jobs
/usr/sbin/cru a StrongDNS "*/10 * * * * /jffs/scripts/StrongDNS.sh" # Updates public IP address with smart DNS provider
/usr/sbin/cru a malware-filter "0 */12 * * * /jffs/scripts/malware-filter.sh"
/usr/sbin/cru a privacy-filter "0 */12 * * * /jffs/scripts/privacy-filter"
/usr/sbin/cru a IPSET_SAVE "0 * * * * /jffs/scripts/ipset_block.sh save" #Every hour
/usr/sbin/cru a IPSET_BACKUP "0 5 * * * /jffs/scripts/ipset_block.sh backup" #05:00 every day​

Then that would mean that provider fails to push a default gateway, and rely entirely on that blanker route to handle traffic. From a network point of view it's not exactly a good idea, but not much you could do about it if that's the case.

Both VPN servers push their own DNS servers:

May 2 19:24:06 openvpn[1218]: PUSH: Received control message: 'PUSH_REPLY,route xxx.xxx.xxx.xxx 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS xxx.xxx.xxx.xxx,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9,peer-id 0,cipher AES-256-GCM'
( I do manage this VPN server remotely)

May 2 19:25:05 openvpn[12744]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS xxx.xxx.xxx.xxx,dhcp-option DNS xxx.xxx.xxx.xxx,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 30,ifconfig 10.4.0.166 255.255.255.0'
(This is a VPN service provider)​

Strict mode shouldn't affect performance, in fact if there is any difference it should be a few microseconds faster, as there are fewer routes to process than in regular mode.

Sorry, I take my previous comment back, further testing showed similar throughput as with regular mode.

Will run some more tests this coming weekend and try to ping-point what is causing the VPN clients routing conflicts.

 

[RMerlin]

Do you have a set timeline in mind in terms of releasing the stable version of .66?

Not yet, won't be until I'm satisfied with things. There will definitely be at least another beta, as more things will need to be tested.