[Beta] Asuswrt-Merlin 384.12 Beta is now available

[RMerlin]

384.12 Beta 2 is now available. Changes since beta 1:

5e4d494650 Migrate to the new dedicated domain name; update to the new fwupdate file structure
aad0216a8f Updated documentation
a9fb116f5c rc: further tweaks to ntpd handling on wanup()
bae3069e0a curl: update to 7.65.1
3dcb7c8ebf rc: remove unnecessary linking with libbcmcrypto
7711e8c535 rc: only start ddns and Openvpn in wan_up() if ntpd is set, with a small max wait period, and start both of these on the first ntpd sync event
eac9723ad5 openssl11: Revert the DEVRANDOM_WAIT feature
f2972c5a21 openssl11: issue-8998: Ensure that the alert is generated and reaches the remote
fbe9230036 openssl11: The SHA256 is not a mandatory digest for DSA.
4e91815532 rc: firewall: define VUPNP and PUPNP chains in default nat_rules
4520e3fe38 webui: fix Network Analysis symlinks location for RT-AC5300
5e8f5f302d rc: re-add variable to start_ovpn_*() funtions that is required
9166dd215a rc: reduce max wait for ntp sync on wanup from 51 to 26 secs
a11bc194f0 rc: openvpn: remove waits for ntp sync in openvpn code since wanup already does it before starting OpenVPN instances.
a34c408f6e netool: enable netool for the RT-AC87U - missing in 588ab6ea97 (closes #316)
6688a6d2ab Bumped revision to beta 2

There's been a number of changes in how some services are started at boot time, mainly relative to NTP, and services that require a properly updated clock (DDNS and OpenVPN, due to their TLS needs). Please make sure that these services still start correctly The changes should reduce the number of times these services get restarted at boot, in addition to preventing lengthy stalls during the initial WAN connection (particularly for PPPoE users).

Also as a heads-up, the project website will soon be moved from my personal domain into its own dedicated domain (this will also include my email address for things related to this project). This beta already points the update checks to the new domain.

The project website content will remain the same, only the URL will change. I will wait a while before configuring an automated redirection, to give people some time to become aware that this is a planned change and not a hijack of some sort.

 

[octopus]

Just loaded Beta2 and seems working just fine.
Uptime 0 days 0 hours 15 minute(s) 15 seconds

Thank you Rmerlin.

 

[Zastoff]

Smooth update to Beta 2 on 87u
Looking good
Thanks RMerlin

 

[AndreiV]

https://github.com/RMerl/asuswrt-merlin.ng/issues/310

This has nothing to do with WiFi actually being disconnected.

What you link to was an issue where the GUI was reporting that the link was disconnected when the internet was actually working .

 

[MDM]

Dirty upgrade from 384.12_beta1-g69e0eaefe1.
netool finally works, and looks cool!

 

[rgnldo]

Excellent compilation. It's working smooth. No problem detected. I finally got to like DNSMASQ + DoT. Excellent DNS solution. You're doing better than the Unbound. If you can add the authoritative feature to DNSMASQ, it will be great. OpenSSL is working fine. Tanks @RMerlin @themiron

Tip: If you are using DoT, there is no need to enable the option DNS Rebind Protection

 

[scjr]

Tip: If you are using DoT, there is no need to enable the option DNS Rebind Protection

Why is that? Haven’t seen that mentioned here.

 

[rgnldo]

Why is that? Haven’t seen that mentioned here.

I didn't write that Merlin recommended. That's my opinion. The DNS Rebind Protection option is for DNSMASQ without the DoT. I don't think it's necessary. DoT already does this service in a sophisticated way.

 

[MDM]

I think it does not, its not the same things...

 

[no_name]

Flashed RT-AC86U from 384.12_beta1 to 384.12_beta2-g7e33ba641a

Format JFFS partition on next boot and manually reconfigured settings

Settings used

DHCP Server
VPN Client with ExpressVPN
DoT
Traffic Analyzer
Adaptive QoS
Various scripts

Thanks RMerlin, thelonelycoder, cmkelley, JackYaz & Adamm

An observation I have which has occurred on previous builds is the clock, date and year fail to update with a message something like NTP server failed, 5 minutes please fix immediately

A second reboot and all is up and running by the time I’ve logged back in.

It’s unpredictable and doesn’t happen all the time





Sent from my iPad using Tapatalk[/IMG]

 

[scjr]

I didn't write that Merlin recommended. That's my opinion. The DNS Rebind Protection option is for DNSMASQ without the DoT. I don't think it's necessary. DoT already does this service in a sophisticated way.

I didn’t know this. Thanks for the explanation.

 

[dave14305]

I didn't write that Merlin recommended. That's my opinion. The DNS Rebind Protection option is for DNSMASQ without the DoT. I don't think it's necessary. DoT already does this service in a sophisticated way.

This is the rebind feature description for dnsmasq:

--stop-dns-rebind
Reject (and log) addresses from upstream nameservers which are in the private IP ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network.

Do you have a similar reference from getdns/stubby documentation? I’ve never heard of this before with Stubby.

 

[Mutzli]

Always using manual modes. In our house Channel 6 and 44 works best. Regarding beanforming or not.....I don't understand. If WiFi is DEAD and only works again by disconnection router from power, it must be something else. Beanforming is aboute coverage and strength. For These problems started from 384.12

You probably have to do a complete factory reset once the new firmware is loaded. It must be some setting that gets messed up when you update from the old to new firmware.

 

[rgnldo]

Do you have a similar reference from getdns/stubby documentation? I’ve never heard of this before with Stubby.

You see, I'm not saying you don't use this option. It's a hint of mine. Particularly use the Stubby with little DNSMASQ interference. The DNSMASQ for me is just a forwarder. Thanks to the work of @RMerlin
@themiron the Stubby was well embedded in the DNSMASQ

 

[scjr]

You see, I'm not saying you don't use this option.

When would you use this option? I’m not technically savvy and have enabled this security feature based on responses here in the forum. Are you saying that some setups will function properly with rebind protection off?

 

[CarlyElise]

I am having an issue on the network map page where the internet status comes up as disconnected even though the wan connection is connected. This started after making changes in the NTP Settings

 

[dave14305]

When would you use this option? I’m not technically savvy and have enabled this security feature based on responses here in the forum. Are you saying that some setups will function properly with rebind protection off?

I would leave your settings as they are. It’s an extra layer of protection for DNS, and there is no reason to turn it off that I have seen. I think @rgnldo is an advanced user who has delved into Unbound and its advanced features. The rest of us are better off following the basics.

 

[scjr]

I would leave your settings as they are. It’s an extra layer of protection for DNS, and there is no reason to turn it off that I have seen. I think @rgnldo is an advanced user who has delved into Unbound and its advanced features. The rest of us are better off following the basics.

Thank you, Dave.

 

[Clark Griswald]

Beta 1 easily survived my Family's 1st week of summer vacation.
Then to get beta 2 on Father's Day! What a wonderful gift!
Thank You RMerlin

 

[dave14305]

I am having an issue on the network map page where the internet status comes up as disconnected even though the wan connection is connected. This started after making changes in the NTP Settings

Check what your Network Monitoring settings are on the Administration / System page. Then verify on the tools other settings page what “Wan: Use local caching server...” is set to. Should be set to no by default in 384.12 now.