1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Beta] Asuswrt-Merlin 384.14 Beta is now available

Discussion in 'Asuswrt-Merlin' started by RMerlin, Nov 7, 2019.

  1. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,333
    Location:
    Canada
    Asuswrt-Merlin 384.14 beta is now available for select models (the RT-AC87U, RT-AC3200 and RT-AC5300 are not available for this release, due to lack of updated components from Asus). This release focuses on merging the latest GPLs (which contained a good amount of code changes).

    The original plan was to wait for new releases originally expected from Asus in October, but since these were delayed, I decided to go ahead with what I currently have rather than wait any longer.

    The highlights:

    • GPL updates: 384_6436 (RT-AX88U), 384_81116 (other models, with 384_81049 binary blobs used the RT-AC86U)
    • Added option to prevent automatic DoH upgrade by Firefox. By default this option will only prevent automatic upgrade if you use DNSFilter or DNSPrivacy (DNS-over-TLS). You can change it to always prevent the upgrade. Note that this option has no impact if you manually decide to enable DoH in Firefox, only for its automatic option currently only available in the US.
    • Updated components: miniupnpd 20190824, dnsmasq 2.80-93-g6ebdc95, OpenSSL (1.0.2t/1.1.1d), curl (7.66), OpenVPN (2.4.8) and nano (4.4).
    • Made self-generated SSL certificate compliant with new IOS 13 and MacOS 10.15 requirements (reduced duration to two years, and added missing attribute)
    • Reimplemented the faketc script (which injects fq_codel support into Adaptive QoS) as a binary executable for better performance (reducing the chances of warning messages during QoS initialization if QoS took too long to initialize)
    • Enhancements to the IPv6 firewall webui (now accepts empty fields to denote "Any IP", and improved EUI-64 handling)
    • Re-added low nvram notification (was lost a few years ago in the move to 382)
    • A number of misc fixes, please see the changelog for the complete list

    Things that require particular testing:

    • LED disabling option. That feature was completely re-implemented to make the code simpler and easier to maintain. Please confirm that when LEDs are disabled through the webui, that they work as intended. (disabling through the physical button was unchanged)
    • Confirm that there are no oddities when using codel/fq_codel with Adaptive QoS. If you previously saw warnings about QoS "missing rules" in the past, are these warnings gone now with the new implementation?

    Please keep posts on topics specific to these beta builds.

    Downloads are here.
    Changelog is here.
     
    Kado, Quoc Huynh, oso2276 and 31 others like this.
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,333
    Location:
    Canada
    Known issues:

    • Let's Encrypt doesn't work (ACME client no longer supported, will have to be fixed by Asus in the future due to the closed source portions of this feature)
     
    ololo, Vexira and [email protected]@ like this.
  3. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    316
    I thought the 2 year limit was not necessary for self-generated certificates.
     
  4. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,333
    Location:
    Canada
    No idea, the documentation available at the time did not mention that.
     
  5. octopus

    octopus Very Senior Member

    Joined:
    Jul 17, 2012
    Messages:
    1,239
    Just updated to beta1 and working fine so far.
    Uptime 0 days 0 hour(s) 25 minute(s) 37 seconds
     
    bitmonster and AntonK like this.
  6. Asad Ali

    Asad Ali Very Senior Member

    Joined:
    May 25, 2017
    Messages:
    505
    Location:
    Pakistan
    It's not necessary for Root CA but certificates signed with it still needs to be 2 years or less.
     
    gattaca likes this.
  7. rgnldo

    rgnldo Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    266
    Very good job. I will install it on another device. I will give the return.
     
  8. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    316
    I did a dirty updated from 384.13 and it works as expected. I noticed that this update fixed the QoS being lost after updating. All the settings transferred over without any issues.
     
    Vexira and Kingp1n like this.
  9. rgnldo

    rgnldo Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    266
    @RMerlin I don't know how they do it, the NextDNS service can stop the hole made by using other DNS or VPN.

    [​IMG]
    Something like
     
  10. ICDeadPpl

    ICDeadPpl New Around Here

    Joined:
    Sep 27, 2012
    Messages:
    8
    Disabling and enabling LEDs via WebUI works fine on my RT-AX88U.
     
    Kingp1n likes this.
  11. miroco

    miroco Regular Contributor

    Joined:
    Mar 12, 2014
    Messages:
    79
     
  12. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    316
    Isn't that a cloud DoH service similar to what Cloudflare and Firefox offers with Firefox Private Network? If so, they control a user generated black list.
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,333
    Location:
    Canada
    No, because it's an Asuswrt-Merlin specific setting, and I have no control over which settings are propagated by AiMesh's config_sync service.
     
  14. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,333
    Location:
    Canada
    The DoH automatic switch handling is done through a special canary domain defined by Mozilla. If that canary domain fails to resolve, then Firefox will not automatically switch to DoH. Asuswrt-Merlin's implementation is simply a config entry in dnsmasq to reject that canary domain.
     
    L&LD, QuikSilver and rgnldo like this.
  15. TheOldMan

    TheOldMan Regular Contributor

    Joined:
    Jan 24, 2013
    Messages:
    183
    Location:
    USA
    Color me shocked that 384.14_b1 works better than the alphas I had issues with. Thanks, @RMerlin. All the programmers that work with you deserve kudos for fixing bugs. Will report if I find more bugs. So far everything is working like it should.
     
    Kingp1n likes this.
  16. rgnldo

    rgnldo Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    266
    Had added in unbound. But it only works if Firefox's DoH "network.trr.mode" option is 2. If you are an advanced user, you will choose 3. I don't find this implementation useful. Best control is by proxy or firewall.
     
  17. rgnldo

    rgnldo Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    266
    From what I noticed, it's not a list. I'm seeing how they do DNS level
     
  18. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,083
    Dirty update from 14.2 Alpha on my AC86. Everything functioning normally. Hopefully changes will eliminate random spontaneous reboots that were happening every couple of days.
     
  19. Rossco57

    Rossco57 New Around Here

    Joined:
    Oct 12, 2019
    Messages:
    1
    Bit of topic but I’m running ASUS beta with wpa 3 and Wi-fi 6 on for new iPhone when will that be included in Merlin
    As I’m having issues with chrome cast appearing multiple times and some iot stuff homebridge I’m having to reboot router every other day
    Thanks
     
  20. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,427
    Location:
    /etc
    Asus is still Beta testing WPA 3.