[Beta] Asuswrt-Merlin 384.7 Beta is now available

Asuswrt-Merlin 384.7 beta is now available for all supported models, with the exception of the RT-AC56U and RT-AC3200 (as the latest firmware available for these two models isn't compatible with the GPL version used by 384.7). The biggest change in this release is the replacement of the ez-ipupdate DDNS client with the more modern inadyn client.

Edit (30-Sept-2018): 384.7 Beta 3 released. Changes since beta 2:

Code:

0f4466852 (HEAD -> master, tag: 384.7-beta3, origin/master, origin/HEAD) rc: ddns: rely on inadyn's built-in CA certs location
2d94aa34d inadyn: hardcode SSL CA certs location
ed435437a Updated documentation
38c2be87f rc: dnsmasq: reject wpad hostname (protect against VU#598349)
3a5817d59 rc: ddns: roll AsusDDNS into main service case; minor cleanups
6de7827d7 rc: ddns: switch to built-in selfhost.de support added with inadyn 2.5
f44c37ed3 inadyn: updated to 2.5
4d8117f67 webui: fix clientlist layout on DNSFilter page; remove destIP field reference
c768123e5 rc: webui: dnsfilter: Add Quad9 to DNSFilter services; use https for DNSFilter services homepage links
34d4a9d1a rc: webui: dnsfilter: Remove discontinued Norton Safe services
a7b1b6928 rc: dnsfilter: replace Norton DNSFilter services with OpenDNS Family at boot time
7354abc68 Bumped version to beta 3
f3cc92125 inadyn: Don't try to resolve hostname for [email protected] service
6e74cf455 inadyn: fix previous commit, we were checking the IP instead of the hostname
768ae8074 inadyn: don't try to resolve all.dnsomatic.com
be09a6745 inadyn: recognize "nochg" responses in generic plugin (fixes selfhost.de)
bf829f6ac rc: inadyn: don't provide cache-dir location at runtime, it's now implemented in inadyn
97ece3de5 inadyn: change default cache location to /tmp/inadyn.cache for Asuswrt

Edit (24-Sept-2018): 384.7 Beta 2 released. Changes since beta1:

Code:

8d9cf9bb1 rc: remove temp file accidentally commited with e2b8ce3c6abfc8b38186cc61d967c97cba25c0d2
e563f8df0 Updated documentation
4baece1d3 webui: clarify the forced DDNS parameter
0a283695e rc: reset the forced ddns update timer when ddns_check() forces an update
e2b8ce3c6 rc: ensure we do issue a forced DDNS update after "x" days
773ba2049 webui: only display an OpenVPN client/router status table if it actually has content
ec12f5a06 nano: updated to 3.1.
8bf340922 rc: inadyn: trying a different update URL for selfhost.de that's closer to Asus's ez-ipupdate implementation
93e0b2f0e Bumped revision to beta 2

Here is a summary of the changes:

• Merged with Asus GPL 384_21152. The RT-AC87U binary blobs from GPL 382_50702 were merged in, allowing 384.7 to support this model (it wasn't available for 384.6).
• Replaced ez-ipupdate with inadyn. This DDNS client adds HTTPS support, more built-in DDNS services, easier support for additional services, and more. A new plugin was developed to fully support Asus's own DDNS service.
• All DDNS services now use HTTPS. Your DDNS login credentials are finally secure. Welcome to 2018 folks. If worried, now is a good time to change your DDNS password.
• Added freedns.afraid.org DDNS service to the webui.
• DDNS can now retrieve your public IP either Internally (the original method of using the IP on your router's WAN interface) or Externally (by querying a remote server). This allows the use of DDNS in a Dual NAT or CGNAT situation.
• DFS Channel information are now shown on the Wireless Log page (based on upstream code from Asus's stock firmware)
• Updated various components: curl (7.61.1), wget (1.19.5), openssl (1.0.2p), dnsmasq (2.80test4), nano (3.0 + backported fix).
• DNSFilter settings were moved to the LAN section, to make it clearer that this feature is completely unrelated to Trend Micro.
• A couple of IPv6-related fixes surrounding dnsmasq (like dnsmasq crashes on the RT-AC86U in stateful mode).

See the changelog for the complete details.

Things that require testing in this beta:

• All the DDNS services, using either the Internal or External IP checks. Please make sure to specify the service and the IP check method when providing feedback, also whether or not you are using a custom script. Note that some scripts might require some tweaks (and some can possibly be re-implemented as a custom inadyn service. Please check out the inadyn documentation for more information.
• Some code improvements were made to the OpenVPN server key/certs handling at start time. Please confirm that there are no new issues when starting the OpenVPN server.

Please keep the discussions in this thread to this specific beta release. Any off-topic posts will be either ignored, moved or deleted, depending on my mood a the time I run into them.

Downloads are here.
Changelog is here.

 

I have DDNS Probs
Sep 15 09:35:04 start_ddns: update WWW.SELFHOST.DE selfhost, wan_unit 0
Sep 15 09:35:04 inadyn[10099]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 15 09:35:05 inadyn[10099]: Update forced for alias xxxxxxx, new IP# xx.xxx.xx.xxx
Sep 15 09:35:05 inadyn[10099]: Fatal error in DDNS server response:
Sep 15 09:35:05 inadyn[10099]: [200 OK] nochg xx.xxx.xx.xxx
Sep 15 09:35:05 inadyn[10099]: Error response from DDNS server, exiting!
Sep 15 09:35:05 syslog: Error code 48: DDNS server response not OK

 

Smooth upgrade over alpha3 everything seems to start and work fine here.
Asus DDNS(internal) and vpn-server works fine.
Thank you!

 

What are those mean in wireless log page?

Code:

DFS State: In-Service Monitoring(ISM)    Time elapsed: 2593350ms    Channel cleared for radar: 100/80 (0xE06A)

 

I had similar issues, using no-ip. Had to disable to use the Pixelserv certificate to get it to update (Certificate = None). However, now I can't access the WebUI anymore, as Firefox doesn't trust the Pixelserv certificate anymore either. Removed it and added it again, but no avail.

Other than that, updating from 384.6 to 384.7 beta 1 seems to have gone just fine.

 

When switching back to Import/Auto-generated, WebUI hangs at 'Complete' with a spinning wheel. Syslog shows it generated a new certificate (even though Generate new is set to 'No') and performs an update, but WebUI is stuck:

Code:

Sep 15 10:19:58 inadyn[6499]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 15 10:19:58 httpd: Generating SSL certificate...
Sep 15 10:19:58 inadyn[6499]: Update forced for alias xxxxxxxxxx.ddns.net, new IP# xxx.xxx.xxx.xxx
Sep 15 10:20:00 inadyn[6499]: Updating cache for xxxxxxxxxx.ddns.net

Manually refreshing the page shows a new certificate has been issues and registering was successful?

Can I just import my Pixelserv certificate again?

 

<deleted>

 

you should see what channel you are on in relation to this message.
probably (guessing) means you are near (or not near) radar and 2.59 million milliseconds is around 40 minutes remaining (or counting up, not sure) for the next check. so probably a 5 or 10 minute (or hourly) check maybe. The other part, 80 (0xE06A) might be channel width of 80 on channel 100. just guessing I'm not really sure.

but DFS is definitely used to automatically change channels if it detects signals in a range specified by your country's equivalent to the FCC (Federal Communications Commission) in the US, like if you are near radar, satellite, planes, military, etc...

 

Syslog is flooded with

Code:

Sep 15 10:49:40 ovpn-client1[4409]: AEAD Decrypt error: bad packet ID (may be a replay): [ #822814 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

I haven't seen this error prior to installing 384.7 beta 1 (coming from 384.6 stable)

Edit: Error seems gone after a third reboot (rebooted twice after updating, noticed the error flooding syslog, now it's gone).

 

update went smooth on my ac5300, coming from 384.6-beta1. No issues to report so far. Thanks Eric!

 

@Merlin: Thanks really works with Asuscomm and double-NAT on RT-AC68U coming from stock 32738.
Tested letsencrypt and without encyrption, both ok!

Only what I found and probably could be improved:
On network map it is showing only internal WAN (private IP), would it be possible to show both IP's there, internal (private) and external public WAN-IP used for DDNS update?

Other question: Would it be even possible to allow this well done service in AP-mode too? I think thas would not really be a problem to run this feature on AP, only not possible to get WAN-page in GUI.
Sorry, I know you made a very good new feature many waiting since >5 years for, and one of the first comments is to ask for unlimit its usage in non router mode.

So it is meant to be only a question, not more or less, just please anwser, no will never be done (impossible) or could think about or maybe in a year or 2 - thanks!

UPDATE:
I can access directly AP-router_IP/Advanced_ASUSDDNS_Content.asp and change settings.
No errors, but does NOT update ASUSDDNS.

 

Someone has FreeDNS working? It works with custom ddns-start script, however, if I remove the script, it doesn't work.

My config is:

• Server: freedns.afraid.org
• Enable wildcard: No.
• Method to retrieve WAN IP: Internal.
  
• WAN IP and hostname verification: Yes.

Tested with API Key and Username password, as well as External method to retrieve WAN IP, right now I'm not using Let's Encrypt, so certificate has been chosen as 'None', nothing works for me.

Thanks in advance!

 

AC3100 up and running! Easy flash. Great work Eric, I see no issues at all.

 

On AC-87U I noticed these two (see screenshot). I did initialize after FW upgrade and reboot router several times but there were no changes. Never had this happen before:

1) The current timezone will not pick up automatically (in screenshot Greenwich Mean Time comes up as default) instead Central Time where I am at.

2) There no synchronization with NTP servers. I clicked on the link but wasn't sure how to fix this.

Thank you

 

No issues starting the OpenVPN server. Works like a charm.

After re-importing the Pixelserv certificate (see previous post), everything appears to work as described. Using no-ip.com, tried both Internal and External succesfully and I'm not using a custom script.

 

Working fine here - I never had a custom script - I switched to freedns during the alpha phase. I am using the same settings you have with username and password - with a 60 minute check.

During boot I get the following update lines -

Code:

Sep 15 06:57:17 inadyn[632]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 15 06:57:18 inadyn[632]: Update forced for alias redacted.mooo.com, new IP# xx.xxx.xx.x

I assume freedns actually got updated but didn't try setting a fake IP before to see if the update makes it - will do that now and see if the 60 minute check catches i....

 

I have rebooted the router to get a new IP address and it never updates the IP in freedns.afraid.org automatically

So, I don't know what happens really because I have the same log than you, if you can test it with a different public IP and check in the website of DDNS Service if this changes or not.

Thanks!

 

Just did a test setting a different IP through manual post on freedns.afraid.org - verified that it showed
Then I rebooted the router (AC68U) and it updated back to the correct IP - so for me the update is working....

If there is anything else I can help to try I'd be happy to (likely won't be before tomorrow afternoon - I have family come and visit in a little bit....)

 

Odd, cause it did report a positive result on the check (200 OK).

Enable debugging, then initiate a DDNS update:

Code:

nvram set ddns_debug=1
service restart_ddns

Then post the syslog content.

Sounds like after the client reconnected, the server thought it was the same session rather than a new one. Stopping the client for a few minutes should have fixed it. In any case, OpenVPN hasn't changed in quite some time, so it's unrelated to 384.7.

Need log content to analyze. FreeDNS is working fine for me.

 

Router: RT-AC88U
Firmware: 384.7_beta1 (installed over 384.7_alpha3-gf2a90e48c, no reset)

Server: www.dyndns.org

Configuring to just one of my hostnames in my dyndns account does work.

Code:

...
Sep 15 11:06:32 start_ddns: update WWW.DYNDNS.ORG [email protected], wan_unit 0
Sep 15 11:06:32 inadyn[13076]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 15 11:06:32 inadyn[13076]: Update forced for alias xxx.dynxxx.com, new IP# xxx.yyy.zzz.101
Sep 15 11:06:33 inadyn[13076]: Updating cache for xxx.yyy.zzz.101
Sep 15 11:07:22 rc_service: httpd 346:notify_rc restart_ddns
...

But.
Attempting to configure DDNS on this router to my 'dyndns' account using my _multiple_ (3) hostnames associated with my dynamic IP address. No good, 'Apply' fails with an errors. The errors depending on whether I attempt to use coma-delineation or by separating the multiple hostnames with spaces in the 'Host Name' box of the admin gui.

Example:

Code:

...
Sep 15 10:59:51 rc_service: watchdog 350:notify_rc start_ddns
Sep 15 10:59:51 start_ddns: update WWW.DYNDNS.ORG [email protected], wan_unit 0
Sep 15 10:59:52 inadyn[12935]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 15 10:59:52 inadyn[12935]: /etc/inadyn.conf:4: unexpected token ','
Sep 15 10:59:52 inadyn[12935]: Parse error in /etc/inadyn.conf
Sep 15 10:59:52 syslog: Error code 74: Missing .conf file
Sep 15 11:00:21 watchdog: start ddns.
Sep 15 11:00:21 rc_service: watchdog 350:notify_rc start_ddns
...
Sep 15 11:01:16 start_ddns: update WWW.DYNDNS.ORG [email protected], wan_unit 0
Sep 15 11:01:16 inadyn[12964]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 15 11:01:16 inadyn[12964]: /etc/inadyn.conf:4: no such option 'xxxx.yyydns.com'
Sep 15 11:01:16 inadyn[12964]: Parse error in /etc/inadyn.conf
Sep 15 11:01:16 syslog: Error code 74: Missing .conf file
Sep 15 11:01:21 watchdog: start ddns.
...

To summarize:
Configure one hostname = good. Attempt to configure multiple hostnames = fail.

I see from the 'man inadyn' that hostnames are configured with the '--alias' switch. The '--alias' switch can be applied multiple times for multiple hostnames. Looking at '/etc/inadyn' logged in to a command prompt I'm not seeing any obvious way to add the extra hostnames (alias) so that this will work. Doing some sort custom config might be the workaround? I did not look into that possibility.

http://manpages.ubuntu.com/manpages/trusty/man8/inadyn.8.html
http://manpages.ubuntu.com/manpages/trusty/man5/inadyn.conf.5.html

.