1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Beta] Asuswrt-Merlin 384.14 Beta is now available

Discussion in 'Asuswrt-Merlin' started by RMerlin, Nov 7, 2019.

Thread Status:
Not open for further replies.
  1. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,818
    Location:
    Canada
    Asuswrt-Merlin 384.14 beta is now available for select models (the RT-AC87U, RT-AC3200 and RT-AC5300 are not available for this release, due to lack of updated components from Asus). This release focuses on merging the latest GPLs (which contained a good amount of code changes).

    7-Dec-2019: Beta 3 is now available. Changes since beta 2:

    Code:
    106c8fdc63 inadyn: re-disable cert validation for AsusDDNS - their server is once again using an expired certificate
    e9d5a74edd Bumped revision to beta 3
    979171cfeb Updated documentation
    0493c9b280 webui: fix malformed Certificate label on DDNS page
    935c9e8e29 webui: update popup help for local DNS queries to match the current default behaviour
    498663aed4 openvpn: do not run openvpn-event if custom scripts are disabled
    6c0ef79e93 kernel: backport 81351 kernel fixes to L2TP to the sdk7.x kernel
    b709848521 kernel: backport 81351 kernel fixes to L2TP to the sdk7114 kernel
    633622542c rp-l2tp: fix server route can't be added w/o ifname
    f5f43d48ac dnsmasq: update to 2.80-95-g1aef66b
    672b6b8758 Updated documentation
    6ce31ebb13 inadyn: switch Asus DDNS server to ns1.asuscomm.com since their server certificate is missing the nwsrv-ns1.asus.com SAN; re-enable certificate validation when updating an Asus DDNS account
    6147885ff9 Restore generic ARM prebuilts from 384_81351, which were accidentally downgraded by the RT-AC5300 81219 component merge in commit 19f730920271bb4c354d4282c3dccd340fbb59d3
    6483e2c750 webui: rc: harmonize max ntp server length with upstream, and ensure (legacy) ntp code has a matching buffer size
    89ebb9a624 webui: replace broken isPortConflict() with new function; added missing pwrsave code on System page
    19f7309202 Merge RT-AC5300 binary blobs from 384_81219
    

    28-Nov-2019: RT-AC5300 384.14 Beta 2 test build added to https://www.asuswrt-merlin.net/test-builds
    24-Nov-2019: Beta 2 is now available. Changes since beta 1:
    RT-AX88U:
    Code:
    31efcf7a90 Updated documentation
    1589bacedf rc: fix _unlock_erase() return value to match with the rest of the code
    5780fb5f8b socat: that is one fat cat, put him on a diet by removing unused features
    461cbf34a7 rc: ipv6 ns drop checking wrong nvram for dualwan/multiiptv builds
    4b799f4217 rc: silence a few modprobe failures (these either do not exist or are built-in)
    94c1890814 Bumped revision to beta 2
    35c3d046f7 Updated documentation
    ed5fe541ee rc: inadyn: always force AsusDDNS updates on LE-enabled build
    fcf39c96c3 inadyn: minor logging changes to Asus DDNS pplugin
    1d7eee1063 rc: tell inadyn to accept any SSL cert when using Asus DDNS
    a73a8eaed0 letsencrypt: backport new LE support from 384_81351 for AX branch
    197ea60300 Revert "dnsmasq: update to 2.80-93-g6ebdc95"
    
    Other models:
    Code:
    31efcf7a90 Updated documentation
    41f01b9346 socat: that is one fat cat, put him on a diet by removing unused features
    461cbf34a7 rc: ipv6 ns drop checking wrong nvram for dualwan/multiiptv builds
    3c81fa4543 rc: silence a few modprobe failures (these either do not exist or are built-in)
    94c1890814 Bumped revision to beta 2
    35c3d046f7 Updated documentation
    1795fcf34b rc: migrate AP hostname from computer_name to lan_hostname
    6c41f71cd2 rc: remove obsolete conn_diag.o blob
    fbbc20f31f Merged RT-AC68U binary blobs + SDK from 384_81351
    bd000fe9b7 Merge with GPL 384_81351 + binary blobs (RT-AC86U)
    ed5fe541ee rc: inadyn: always force AsusDDNS updates on LE-enabled build
    fcf39c96c3 inadyn: minor logging changes to Asus DDNS pplugin
    1d7eee1063 rc: tell inadyn to accept any SSL cert when using Asus DDNS
    197ea60300 Revert "dnsmasq: update to 2.80-93-g6ebdc95"
    

    The original plan was to wait for new releases originally expected from Asus in October, but since these were delayed, I decided to go ahead with what I currently have rather than wait any longer.

    The highlights:

    • GPL updates: 384_6436 (RT-AX88U), 384_81351 (other models, with 384_81116 binary blobs used for the RT-AC88U/RT-AC3100)
    • Added option to prevent automatic DoH upgrade by Firefox. By default this option will only prevent automatic upgrade if you use DNSFilter or DNSPrivacy (DNS-over-TLS). You can change it to always prevent the upgrade. Note that this option has no impact if you manually decide to enable DoH in Firefox, only for its automatic option currently only available in the US.
    • Updated components: miniupnpd 20190824, dnsmasq 2.80-95-g1aef66b, OpenSSL (1.0.2t/1.1.1d), curl (7.66), OpenVPN (2.4.8) and nano (4.4).
    • Made self-generated SSL certificate compliant with new IOS 13 and MacOS 10.15 requirements (reduced duration to two years, and added missing attribute)
    • Reimplemented the faketc script (which injects fq_codel support into Adaptive QoS) as a binary executable for better performance (reducing the chances of warning messages during QoS initialization if QoS took too long to initialize)
    • Enhancements to the IPv6 firewall webui (now accepts empty fields to denote "Any IP", and improved EUI-64 handling)
    • Re-added low nvram notification (was lost a few years ago in the move to 382)
    • A number of fixes to Let's Encrypt support
    • A number of misc fixes, please see the changelog for the complete list

    Things that require particular testing:

    • LED disabling option. That feature was completely re-implemented to make the code simpler and easier to maintain. Please confirm that when LEDs are disabled through the webui, that they work as intended. (disabling through the physical button was unchanged)
    • Confirm that there are no oddities when using codel/fq_codel with Adaptive QoS. If you previously saw warnings about QoS "missing rules" in the past, are these warnings gone now with the new implementation?
    • Beta 2 Let's Encrypt support (both with Asus DDNS, and other DDNS providers, which use a different validation method)
    • Beta 2 DNS/DHCP stability on RT-AX88U - does dnsmasq still randomly stops answering queries?
    • Beta 2JFFS mounting at boot time for RT-AX88U - does it still fail for those it used to?
    • Beta 2: Look for any new issues following the merge of newer GPL code on AC68U/AC88U/AC3100/AC86U

    Please keep posts on topics specific to these beta builds.

    Downloads are here.
    Changelog is here.
     
    Last edited: Dec 7, 2019
    netmik3, inaroundroom, Hawk and 35 others like this.
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,818
    Location:
    Canada
    Known issues:

    • Let's Encrypt doesn't work (ACME client no longer supported, will have to be fixed by Asus in the future due to the closed source portions of this feature) Fixed in beta 2 with GPL 384_81351 merge/backport)
    • JFFS partition fails to mount on RT-AX88U if you had tried to wipe it/reset it (bug in GPL 384_6436, fixed in beta 2)
    • dnsmasq random failure on RT-AX88U (Seems to be a bug in latest dnsmasq code, reverted that code for beta 2)
    • L2TP client fails to connect/setup routes (bug in Asus 384_81351 code, fixed in beta 3)
     
    Last edited: Dec 4, 2019
    eclp, ololo, Vexira and 1 other person like this.
  3. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    372
    I thought the 2 year limit was not necessary for self-generated certificates.
     
  4. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,818
    Location:
    Canada
    No idea, the documentation available at the time did not mention that.
     
  5. octopus

    octopus Very Senior Member

    Joined:
    Jul 17, 2012
    Messages:
    1,267
    Just updated to beta1 and working fine so far.
    Uptime 0 days 0 hour(s) 25 minute(s) 37 seconds
     
    bitmonster and AntonK like this.
  6. Asad Ali

    Asad Ali Very Senior Member

    Joined:
    May 25, 2017
    Messages:
    559
    Location:
    Pakistan
    It's not necessary for Root CA but certificates signed with it still needs to be 2 years or less.
     
    gattaca likes this.
  7. rgnldo

    rgnldo Very Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    583
    Very good job. I will install it on another device. I will give the return.
     
  8. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    372
    I did a dirty updated from 384.13 and it works as expected. I noticed that this update fixed the QoS being lost after updating. All the settings transferred over without any issues.
     
    Vexira and Kingp1n like this.
  9. rgnldo

    rgnldo Very Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    583
    @RMerlin I don't know how they do it, the NextDNS service can stop the hole made by using other DNS or VPN.

    [​IMG]
    Something like
     
    gattaca likes this.
  10. ICDeadPpl

    ICDeadPpl New Around Here

    Joined:
    Sep 27, 2012
    Messages:
    9
    Disabling and enabling LEDs via WebUI works fine on my RT-AX88U.
     
    Kingp1n likes this.
  11. miroco

    miroco Regular Contributor

    Joined:
    Mar 12, 2014
    Messages:
    106
     
  12. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    372
    Isn't that a cloud DoH service similar to what Cloudflare and Firefox offers with Firefox Private Network? If so, they control a user generated black list.
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,818
    Location:
    Canada
    No, because it's an Asuswrt-Merlin specific setting, and I have no control over which settings are propagated by AiMesh's config_sync service.
     
  14. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,818
    Location:
    Canada
    The DoH automatic switch handling is done through a special canary domain defined by Mozilla. If that canary domain fails to resolve, then Firefox will not automatically switch to DoH. Asuswrt-Merlin's implementation is simply a config entry in dnsmasq to reject that canary domain.
     
    L&LD, QuikSilver and rgnldo like this.
  15. TheOldMan

    TheOldMan Senior Member

    Joined:
    Jan 24, 2013
    Messages:
    205
    Location:
    USA
    Color me shocked that 384.14_b1 works better than the alphas I had issues with. Thanks, @RMerlin. All the programmers that work with you deserve kudos for fixing bugs. Will report if I find more bugs. So far everything is working like it should.
     
    Kingp1n likes this.
  16. rgnldo

    rgnldo Very Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    583
    Had added in unbound. But it only works if Firefox's DoH "network.trr.mode" option is 2. If you are an advanced user, you will choose 3. I don't find this implementation useful. Best control is by proxy or firewall.
     
  17. rgnldo

    rgnldo Very Senior Member

    Joined:
    Nov 12, 2018
    Messages:
    583
    From what I noticed, it's not a list. I'm seeing how they do DNS level
     
  18. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,229
    Dirty update from 14.2 Alpha on my AC86. Everything functioning normally. Hopefully changes will eliminate random spontaneous reboots that were happening every couple of days.
     
  19. Rossco57

    Rossco57 Occasional Visitor

    Joined:
    Oct 12, 2019
    Messages:
    10
    Bit of topic but I’m running ASUS beta with wpa 3 and Wi-fi 6 on for new iPhone when will that be included in Merlin
    As I’m having issues with chrome cast appearing multiple times and some iot stuff homebridge I’m having to reboot router every other day
    Thanks
     
  20. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,627
    Location:
    Saskatchewan
    Asus is still Beta testing WPA 3.
     
Thread Status:
Not open for further replies.