[Beta] Asuswrt-Merlin 380.67 Beta is now available

[RMerlin]

Thank you Eric, it did ran in Router mode, I'm wrong; sorry for the confusing.
And SWAP file was configured for router only, no other customization.

And preinit fail seems triggered by /dev/mtdblock3, I have one UFD for SWAP use and USB fan for cooling it down, is that related?

Doubt it.

Just in case, try reflashing the firmware again.

 

[taozhong]

Doubt it.

Just in case, try reflashing the firmware again.

Got it, doing it remotely right now, will update to you once found any.

 

[taozhong]

Got it, doing it remotely right now, will update to you once found any.

Tried 4 times, this preinit fail still exists.
syslog uploaded to following,
https://1drv.ms/f/s!Ajpekfhmqc0SgQnbxYMAjdVdaNlD

Update1: reset NVRAM and reflash FW again, still had preinit fail shows.

 

[Shonk]

Since the last build i compiled firefox trying to apply anything results in a logout
its fine on edge, not sure if its changes at firefox's end or with merlin

just pointing out out incase nobody else has noticed

Thu Jun 29 21:32:59 UTC 2017 @3b3bf31

 

[jernau]

Upgraded my RT-AC3200 yesterday evening to 380.67-beta2 from 380.66-6 with no NVRAM reset. All appears to be working fine so far. Haven't noticed any Wi-Fi issues as yet, OpenVPN client and server are running fine and the various OptwareNG packages I have including netflow, rsync and NTP daemon are working as expected.

Thanks again Merlin for a new release !

 

[stambeccuccio]

Let me know if this works and lasts for a couple of weeks with no drops. I found setting the channel and leaving everything on Auto did not resolve the issue for me. I have disabled all the usual suspects - including Airtime Fairness - and have my router on a cooling pad so the WiFi chips run real cool. Only using 40Mhz bandwidths cured the issue for me. I have yet to find any combo of General and Professional 5Ghz WiFi settings that I can use with 80Mhz channel widths. I still believe it is a closed driver firmware issue with Asus and/or Broadcom that Eric can't fix.

I always set "Control Channel" on a fixed channel
(channel 2 for 2.4GHz and "Channel bandwidth" 40 MHz - channel 36 for 5GHz and "Channel bandwidth" 20/40/80 MHz)
and I never had any disconnection problem.
Connections have always been good, stable for a long time (1 month) and no drops.

After updating router firmware, I did not realize that "Control Channel" was automatically set to "Auto" ... so started disconnecting issues, especially 5GHz band, in particular for Samsung Home Audio Wireless devices.

Perhaps some devices do not fully support all channels (36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140), especially those high, and there may be drops problems connection when router changes channels automatically.

When automatic channel change, connection stops and resumes.

This may be a devices wifi problem, but it may also be (and it's most likely) that it is a router wifi drivers problem with automatic management channels: the changing channels is not handle smoothly and without interruption.

Currently, as in the past, I set "Control Channel" over a fixed channel and so far I have no drops and no problems that, I repeat, I never had in the past.

 

[CristianM]

Asuswrt-Merlin 380.67 Beta 2 is now available for all supported model. This update merges with newer Asus GPL, improves SSL certificate support for the webui, and updates various components.

Changes in Beta 2:

03e93bc sshd: disable the new 20 mins timeout by default as dropbear's keep-alive support seems broken
3b3bf31 nano: Updated to 2.8.5 (closes #1393)
2b1d74d Updated documentation
642258a webui: restart httpd if the persistent https certificate setting was changed
80316dc vsftpd: implement TLS support
db0eebd openssl: make gencert.sh handle either httpd or ftp certs
2132943 httpd: moved stored SSL certs to /jffs/ssl/, as we have other certs to store
72cdf4d openvpn: better handle misconfigurations where we're missing a route_vpn_gateway
514d1b7 openvpn: put redirect-gateway def1 into the custom area if found in an imported ovpn
1ed8353 Updated documentation
b3fa0bd kernel-mips, kernel-sdk7.x: merge GPL 7743 changes to ppp
8c34035 Merge with GPL 7743 binary blobs for RT-AC66U and RT-AC3200 (minus missing wifi driver); updated kludges
60db666 webui: update SSL persistent certificate location in the tooltip
8216384 Merge pull request #1382 from rmk40/master
fd2de3b upnp: external and internal port arguments are swapped in miniupnpd's config file
23ba41b Bumped revision to beta 2
ddc7959 wpa_supplicant: Support for PEAP/MSCHAPv2 via 802.1x

The highlights:

• Merged with GPL 380_7743. Note that Asus hasn't released GPL drops for all models, so the following models will use a mixture of 7743 and 7378: N66U, AC87U, AC3200.
• Webui SSL certificates can now be saved to the /jffs/ssl/ folder, and made persistent across reboots. New settings can be found under Administration -> System on the webui.
• Updated numerous components to their latest versions: minidlna, nano, openssl, ipset (ARM). (for those who missed it, OpenVPN was already updated to 2.4.3 in the 380.66_6 security update).
• Vsftpd was upgraded from 2.0.4 to 3.0.3. You might need to adjust any custom configuration you might have done in the past.
• Added TLS support in VSFTPD, which can be enabled on the FTP configuration page. Certificates are also persistent, located under /jffs/ssl/ as ftp.cert and ftp.key.
• As SMB1 is getting deprecated by Microsoft, the switch to enable SMB2 support has been moved to the Samba settings page rather than kept as a tweak.
• Optimized webui images to reduce their size
• Tor runs as a limited user now instead of root, for enhanced security.
• The option to enable/disable bridge multicast snooping was removed, as Asus has now permanently disabled it at the kernel level.
• A few other minor enhancements - see the Changelog for details

Things in need of specific testing:

• The new webui SSL certificate enhancements. Try providing your own certificates under /jffs/https/. To have httpd start using them (after enabling it under Administration -> System), you must restart httpd: "service restart_httpd".
• Vsftpd: make sure it still works properly after the upgrade to the newer 3.x branch
• Tor: make sure it still works properly
• ipset on ARM models: make sure the update to 6.32 didn't break anything
• openvpn: make sure nothing was broken by the recent update to 2.4.3 in 380.66_6.

Downloads are here.
Changelog is here.

Please keep discussion in this thread on these specific beta releases. Off-topic posts will be moved or deleted.

Big problem with 380.beta 1 and beta 2: After upgrade the speed of my RCS-RDS 500 Mbit/s Fiberlink connection became limited to 180 Mbit/s. I checked the link directly and the speed of PPPoE was OK.
Consequently I downgraded the firmware to 380.66 (stable) and everything went to normal.
I suspect that hardware acceleration (CTF) is affected by these betas.

My router Asus RT-68U had no problems of this kind with firmwares before these 380.67 betas!

Another user ( Laszlo Ladanyi, post #14 on this topic) experienced the same problem.

He repeated the warning (see post #127 on this topic):

380.67 beta2 also has limited pppoe wan speed. It stucks at ~300-320Mbit/s as beta1.
380.66.6 works fine with 900+ Mbit/s. Something is wrong with beta. I think I'm not alone, because other guys complain about this issue in another forum.
(model: ASUS AC87U)

Please check carefully the next stable 380.67 for this issue before being published!

 

[WET]

Just wanted to chime in that my RT-AC68U is running perfectly on 380.67 beta2. I am at 150 Mbps service from Comcast, my download speed tests obtain 171 Mbps. My hardware acceleration is Enabled (CFT only).

Just to convert to Mbit/s my downloads speed is 1368 Mbit/s.

 

[RMerlin]

Please check carefully the next stable 380.67 for this issue before being published!

I have no control over hardware acceleration, it's closed source. Repeating the same thing multiple times is not gonna change the facts.

 

[pattiri]

I'm not sure if this is new with 380.67_beta2 or not but if I enable my VPN Client 1 to be started with WAN, after router rebooted, router gets IP address from ISP but can't update DDNS or system time. In fact as I checked whole DNS is not working. Router itself and my pc can ping IP addresses but can't resolve any domain names.

I disabled Start with WAN, rebooted and after that I enabled my VPN client manually and all worked OK.

Edit: I don't know how did happened but after about 5-6 reboots this time all worked OK even "Start with WAN" is enabled. I'm afraid to reboot the router again

 

[RMerlin]

I'm not sure if this is new with 380.67_beta2 or not but if I enable my VPN Client 1 to be started with WAN, after router rebooted, router gets IP address from ISP but can't update DDNS or system time. In fact as I checked whole DNS is not working. Router itself and my pc can ping IP addresses but can't resolve any domain names.

I disabled Start with WAN, rebooted and after that I enabled my VPN client manually and all worked OK.

Edit: I don't know how did happened but after about 5-6 reboots this time all worked OK even "Start with WAN" is enabled. I'm afraid to reboot the router again

This might be a timing issue. What tunnel provider are you using? How is your DNS configured (both on the VPN client and on your WAN page)?

 

[pattiri]

This might be a timing issue. What tunnel provider are you using? How is your DNS configured (both on the VPN client and on your WAN page)?

I'm using a droplet on DigitalOcean for VPN Client. On WAN page DNS is selected as "Connect to DNS Server automatically" but I'm using DNSCrypt(I'm not sure if it is related but as I checked logs DNSCrypt starts as usual). On VPN Client page Accept DNS Configuration is disabled.

I've tried many reboots, totally 10 or more. Sometimes VPN client couldn't connected sometimes did but everytime router got WAN IP from ISP and I was able to ping IP addresses but not domains. As you've told seems like a timing issue, how can I configure VPN client to connect after about 1 min later than WAN connected?

 

[john9527]

The key factor is making sure the system time can be set. I had to add a lot of dependency checking in my fork to make sure things wait to be sequenced correctly. Easiest thing to try is to change your time server from using a fqdn to an ip address and see if that helps.

 

[pattiri]

The key factor is making sure the system time can be set. I had to add a lot of dependency checking in my fork to make sure things wait to be sequenced correctly. Easiest thing to try is to change your time server from using a fqdn to an ip address and see if that helps.

Thanks for the advice John but I've tried putting the IP address of my NTP server this time router set the correct time and set the DDNS also VPN client connected, pinging IP addresses was OK. I've used AB-Solution to follow dnsmasq logs and dnsmasq was getting the IP addresses of the domains but my pc, laptop and phone can't access to any website.


I also use this nat-start script.

https://www.snbforums.com/threads/vpn-routing-issue.39591/#post-330374

may be this is the problem?

 

[RMerlin]

I'm using a droplet on DigitalOcean for VPN Client. On WAN page DNS is selected as "Connect to DNS Server automatically" but I'm using DNSCrypt(I'm not sure if it is related but as I checked logs DNSCrypt starts as usual). On VPN Client page Accept DNS Configuration is disabled.

I've tried many reboots, totally 10 or more. Sometimes VPN client couldn't connected sometimes did but everytime router got WAN IP from ISP and I was able to ping IP addresses but not domains. As you've told seems like a timing issue, how can I configure VPN client to connect after about 1 min later than WAN connected?

First, I would try to isolate the issue, to determine if it's really caused by DNSCrypt or the VPN tunnel. Test a couple of times with DNSCrypt disabled to see how it goes.

For the VPN, are you connecting through the droplet's IP or a hostname? If you use an IP, try to connect to a hostname instead - that way, it won't be able to connect the VPN until DNS resolution works properly. That might cause the VPN tunnel to delay its connection (make sure you have it set to retry multiple times).

 

[pattiri]

First, I would try to isolate the issue, to determine if it's really caused by DNSCrypt or the VPN tunnel. Test a couple of times with DNSCrypt disabled to see how it goes.

For the VPN, are you connecting through the droplet's IP or a hostname? If you use an IP, try to connect to a hostname instead - that way, it won't be able to connect the VPN until DNS resolution works properly. That might cause the VPN tunnel to delay its connection (make sure you have it set to retry multiple times).

I'm connecting through the droplet's IP address. I'll test these when I have time. Thank you all for your help.

 

[Xentrk]

EDIT: I've been able to determine that the behavior below is coming from one of the blocking scripts I use. I have not determined which one yet. But this is not an issue with 380.67 Beta 2. Sorry for making noise.

I have been up on two AC88U routers for over 2.5 days now. One is VPN All Traffic and the other VPN Policy Rules.

The only issue I found is with the site speedtest.net on the router with VPN Policy Rules. On this router, speedtest.net gives the following behavior:

MS Edge: Your ad blocker is breaking Speedtest.net
Chrome and Firefox: Spins for an extended period of time. Eventually displays site with hyper links (see below). I can click on the hyper link to the beta.speedtest.net site and that works.

This happens thru the VPN Tunnel and thru native WAN, if the VPN Tunnel is enabled, disabled and AB-Solution turned on or off. Only on the router with VPN Policy Rules. I use the package pfBlockerNG on my pfSense for ad blocking and don't have any problems with the site. Anyway, this is a minor issue and there are other speed test sites I can use. I will need to flash to an earlier version of FW during the Sunday afternoon maintenance window to see if I can duplicate the issue.

 

[JMB64]

I always set "Control Channel" on a fixed channel
(channel 2 for 2.4GHz and "Channel bandwidth" 40 MHz - channel 36 for 5GHz and "Channel bandwidth" 20/40/80 MHz)
and I never had any disconnection problem.
Connections have always been good, stable for a long time (1 month) and no drops.

After updating router firmware, I did not realize that "Control Channel" was automatically set to "Auto" ... so started disconnecting issues, especially 5GHz band, in particular for Samsung Home Audio Wireless devices.

Perhaps some devices do not fully support all channels (36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140), especially those high, and there may be drops problems connection when router changes channels automatically.

When automatic channel change, connection stops and resumes.

This may be a devices wifi problem, but it may also be (and it's most likely) that it is a router wifi drivers problem with automatic management channels: the changing channels is not handle smoothly and without interruption.

Currently, as in the past, I set "Control Channel" over a fixed channel and so far I have no drops and no problems that, I repeat, I never had in the past.

View attachment 9716

As I stated earlier, I do set the control channel. I have tried all the channels available on my router and unless channel bandwidth is kept at 40Mhz, all connections drop and the SSID disappears even though the router LED shows the WiFi still broadcasting. You may be right about clients but I only have 2 classes of clients: Roku Ultras and Apple iDevices (TV, Phones, iPads, MacBooks). Prior to my AC88U I had an AC87U linking to an EA87 media bridge and had no issues. I am going to try using the media bridge again and hard wire some of my clients to it like before and see if that fixes the issue.

 

[pietjepuk100]

Add "auth no-cache" to your configuration. I don't know yet if it's a bug with OpenVPN or PIA (or could be an OpenVPN bug but PIA hasn't updated yet). That's the solution that PIA came up with when I talked to them about it.

Am having the same challenge. I'm using VyperVPN as the provider. Where should I set the "auth no-cache" in the vpn client?

Thanks in advance.

 

[taozhong]

Am having the same challenge. I'm using VyperVPN as the provider. Where should I set the "auth no-cache" in the vpn client?

Thanks in advance.

In your VPN configure file before <ca> line, it usually has "ovpn" as file type if you export from router configure page.