[Experimental] Asuswrt-Merlin 384.13 test - AiMesh/DNSSEC through OpenSSL

[jerry6]

First post Jerry :



So , no, AiMesh is off until switched on manually.

Thanks , sorry my heartbeat is 32 bpm these days , not thinking or comprehending much or very well , i'll give it a try
Thanks to allthat put in the work to bring us this FW

 

[Treadler]

Hi, I installed this code 6 hours ago in my rt-ax88 and I am seeing higher temps than before (CPU temp around 86C when it used to be around 72C or lower with previous versions). Anyone seeing this ?

I was normally at 60°, 70° now.....

 

[Treadler]

I think this is due to a problem with the DNSSEC at their end. The domain sa.gov.au looks OK, but that site redirects you to www.sa.gov.au which according to Verisign is not so OK.

Changing DNS server from Cloudflare to Quad9 (both with DNSSEC enabled), fixed it for me.

 

[Kingp1n]

Changing DNS server from Cloudflare to Quad9 fixed it for me.

Did you disable DNSSEC while using Quad9 or kept it enabled?

 

[Treadler]

Did you disable DNSSEC while using Quad9 or kept it enabled?

Quad9, DNSSEC enabled.

 

[Martin_D]

I was normally at 60°, 70° now.....

Yep same was about 72 now 80

 

[Delusion]

Strange... DNSSEC seems to be working even when disabled (support+validation) as long as the dns servers on WAN are supporting dnssec. My isp dns servers don't support DNSSEC , if I enable DoT (dnssec disabled) then I see DNSSEC working .

 

[skeal]

Strange... DNSSEC seems to be working even when disabled (support+validation) as long as the dns servers on WAN are supporting dnssec. My isp dns servers don't support DNSSEC , if I enable DoT (dnssec disabled) then I see DNSSEC working .

I think @RMerlin mentioned this issue.

The implementation required a fair amount of changes to dnsmasq itself, and so it will require in-depth testing to ensure it works properly. I have already personally observed some oddities: when using my ISP's DNS, I am able to to validate DSA signatures despite it not being enabled in dnsmasq. Seems like somehow dnsmasq accepts the upstream server's validation.

 

[jerry6]

RT5300 running at least 10 degrees hotter with this FW used to run at 45 and 60 now at 54 c and 73 c , guess I'll throw those usb fans on it again , not that i think it is beyond safe specs , but better safe , can't hurt. House is 65 degrees F year round so summer orwinter router temps should be stable , just strange i got this jump in temp since FW changes should have no effect on this old style router
with one 140mm usb fan now runs cool 45c and 52 c

 

[RMerlin]

RT5300 running at least 10 degrees hotter with this FW used to run at 45 and 60 now at 54 c and 73 c , guess I'll throw those usb fans on it again , not that i think it is beyond safe specs , but better safe , can't hurt

Probably just because it's the summer. There has been no change to older models, only the RT-AX88U no longer uses the CPU Wait instruction. Older models never supported that.

Anything around 75C-80C is pretty much the norm for that model

 

[Treadler]

IMHO, the new amended DNSSEC function + Quad9 works superbly for me.


Formerly this combination was unable to open, or slow to open, many sites.
Cloudflare was much better, but still had (+ has) a few glitches.

Very nice.......

 

[SomeWhereOverTheRainBow]

@RMerlin


What is the next step for DNSSEC testing part, will this pretty soon AUTO manage dnssec validations without having to use a Gui option to enable?

 

[RacerRon]

Mesh is working great with Ax88u as main router and ac88u as a node. I tried it both with wireless and now wired backhaul. Updates show correctly for both routers. I have not tried dnssec but use DOT with both cloudflare and quad9. Even with wireless , node speeds were more than double what it was in repeater mode. I am also running diversion , skynet with 2 openvpn servers and 1 openvpn pia client.

Sent from my Pixel using Tapatalk

 

[bluepoint]

IMHO, the new amended DNSSEC function + Quad9 works superbly for me.


Formerly this combination was unable to open, or slow to open, many sites.
Cloudflare was much better, but still had (+ has) a few glitches.

Very nice.......

Yes, same observation here, QUAD9 doesn't appear to choke anymore with DOT/DNSSEC enabled. And on top of that QUAD9 has returned my route to NYC again.

 

[RMerlin]

What is the next step for DNSSEC testing part, will this pretty soon AUTO manage dnssec validations without having to use a Gui option to enable?

No, there will always be an option to enable/disable the validation done by the router itself, as this adds an extra layer of security.

 

[Magnus33]

Interesting it seems that after a period of time i loose access to the web UI although the router is performing fine otherwise.

A reboot restore access to the AC86U.

One other thing of note is access to shared drives through the router is restored in this alpha compared to it not working in version 12.

 

[Sanna1967]

i loose access to the web UI although the router is performing fine otherwise.

problem known for a long time
https://www.snbforums.com/threads/rt-ac86u-cannot-access-gui.49020/

 

[jerry6]

seems i did well in the testusing quad 9and cloudflair with 384.13alpha 1 and alpha 2

 

[skeal]

I was able to add my AC68U as a aimesh node. Took a few tries. Works like a charm though.

 

[RMerlin]

Alpha 2 builds are being uploaded.

This time the main change is implementation of support for AiMesh nodes running on Asuswrt-Merlin. Once again, please test adding a node running Asuswrt-Merlin, downgrading its firmware, and upgrading back.

The one limitation to keep in mind is if you use the global "Upgrade" button, only nodes running stock firmware will be able to download and install automatically the latest update. While the webui will be able to report if there is an update available for a Merlin node (and even let you view its changelog), you will need to use the "Upload" link on these nodes to manually upload new firmwares.

Also, note that the JFFS switch for enabling AiMesh is no longer required.

Changes since alpha 1:

2ea69110d9 (master) Bumped revision to alpha 2
41ae24b770 Updated documentation
0b7ed2fc71 webui: display properly formatted new firmware version string during QiS
490093d656 httpd: rewrite code that parse arp/lease lists for wireless clients
c108568ff4 Revert "webui: disable AiMesh Node support"
a3fffd8cfc (node) webui: handle displaying new release notes from Merlin AiMesh nodes
3ab2638162 webui: Make check_AiMesh_fw_version() use regexp instead of iterating an array
27d5212801 rc: fix missing default route when in non-router mode
e2a9e5911e webui: enhance "Firmware Update" button location in AiMesh Router mode
31f7395fe7 dnssec: remove target.mak option, and enable it (with OpenSSL support) in config_base
308bff9c91 (origin/mainline) Revert "dnsmasq: enable OpenSSL support for dnssec"
43d4d7a008 webui: disable AiMesh Node support
4ed4f1c831 rc: webui: Remove amas_force flag
7104341b93 lldpd: log custom TLV add/remove at the debug level instead of info