1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Fork] Asuswrt-Merlin 374.43 LTS releases (V36EA)

Discussion in 'Asuswrt-Merlin' started by john9527, Aug 14, 2014.

  1. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,781
    Location:
    United States
    LATEST RELEASE: Update-36EA/36LA
    1-November-2018
    Merlin fork 374.43_36EAj9527
    Download http://bit.ly/1YdgUcP
    ============================

    This is an LTS (Long Term Service) fork of Asuswrt-Merlin based on 374.43_2. This older code base has a history of being very stable, and some of the older code components may perform better in some environments. It may be a good choice for those who desire a 'set it and forget it' router solution. Additional information on the differences between this firmware and the later Asuswrt-Merlin releases can be found following the recent change highlights.

    The following routers are supported by this firmware:
    • N16, N66U, AC66U (original MIPS based revs)
    • AC56U, AC68U (Rev A1,A2,B1), AC68P (and the retail and color versions, R and W, of each router)
    • AC68U (Rev C1,E1), AC1900 and AC1900P (and the retail and color versions, R and W, of each router) and the AC66U-B1
    The following routers were released after the base code used for this fork was available, and are NOT supported.
    • AC87U, AC3100, AC3200, AC88U, AC5300, AC86U (and the retail R versions)

    Following are the major changes (full changelog is in the zip files)

    Update-36EA Highlights
    • Fix unauthorized user logon to OpenVPN server on the N66 and AC66
    • Using DNSSEC with DoT will now automatically use the DNSSEC validation built in to DoT (stubby) instead of dnsmasq DNSSEC
    • Update miniupnpd to version 20180907, including a PCP fix and an Asuswrt change to allow forwarding to private/reserved networks
    • Update nettle to version 3.4 (dnsmasq crypto)
    • Update nano to version 3.1
    • Fix orphan instances of udhcpc on WAN failure/recovery
    • Fix broken lz4/lz4-v2 compression option in OpenVPN server
    • Fix broken iptables-save (firewall rules) when using rules with a ROUTE target
    • Fix broken Peanuthull DDNS support
    • Fix to also move OpenVPN ca.key to/from jffs/nvram via move scripts

    Update-36E9 Highlights
    • dnsmasq updated to 2.80 final
    • dnsmasq updates to provide protection agains cert VU#598349
    • Fix for MIPS OpenVPN server not starting when not using username/password authorization
    • Fix for incorrect display of DNS servers in AP mode when using automatic DNS with LAN DNS servers specified on the parent router
    • Add nvram variables for stubby_timeout and stubby_retires to allow for DoT tuning without the need for a postconf script
    • Prevent syslog being spammed with Insecure DNS reply messages if DNSSEC is enabled on a non-DNSSEC DNS server
    • Add custom script support for afp configuation
    • dropbear: Wait to fail invalid usernames (backport from upstream)
    • Add OpenVPN option for lz4-v2 (backport)
    • Get default port forwarding description from services file if defined

    Update-36E4 Highlights
    • Fix for failing VPN Server logons failing with username/password auth on MIPS
      This was a regression in V34
    • Updated releases of OpenSSL(1.0.2p), dnsmasq(2.80test6), wget(1.19.5) and curl(7.16.1) and OpenPAM(upstream backports)
    • Stability improvements for DNS over TLS (DoT)
      Configuration changes should reduct sitching between servers.
    • Fix for disabling DoT via the gui breaking DNS in some configurations
    • DDNS HTTPS support
      This is provided via work by @theMIROn, who added ssl support to ez-ipupdate (THANKS!). The new iadyn DDNS updater in the main Merlin code will be evaluated as it gains further runtime/stability.
    • New QoS reserved minimum bandwidth settings for download
    • New NTPD filter to force use of routers NTP server
      If you have set up the router to act as your local NTP server, this option will force all client NTP requests to use the router instead of any other hardcoded server.
    • DNS rebind protection via the gui
    • New support for iptables TPROXY on AC56 and AC68 ('E' Builds ONLY)

    Installation Notes
    • Firmware is now packaged as a zip file (consistent with Merlin firmware releases). Remember to extract the .trx file prior to updating the firmware. An sha256sum file is included in the zip file to validate the firmware.
    • For supported routers currently running ASUS firmware 380.3000 or above, or Merlin 380.60 or above, you cannot load this fork using the built in firmware update web interface. You must use the ASUS Firmware Restoration Tool from the ASUS support website or the built in CFE Mini-Web Server to install this fork firmware. You must always perform a factory default reset following the firmware update when moving from ASUS OEM or Merlin firmware above level 374 regardless if you updated via the web interface or Restoration Tool.
    • When using the ASUS Firmware Restoration Tool or CFE Mini-Web Server to install this fork firmware on MIPS based routers (N16, N66 or AC66 non_B1) the upgrade process can take from 40 minutes to 1 hour. Please be patient and do not interrupt the process.
    • Currently, two build streams are maintained.
      • The 'E' Builds are the recommended builds and contain the latest wireless drivers and related fixes, including the fixes for the KRACK exploit on all supported models except the N16 (ASUS never released a KRACK fix for the N16). The 'E' Builds for ARM routers also contain the latest ARM SDK providing support for the newer rev level AC68U and it's variations.
      • The 'L' Builds contain the original wireless drivers (2014 release) and DO NOT address the KRACK exploit, and for ARM routers DO NOT contain the latest SDK providing support for the latest AC68U rev levels. In addition, some fixes dependent on either the latest wireless drivers or latest ARM SDK may not be included in the 'L' builds. Please review the release notes/Changelog for further information.
    • If you are updating an AC56U or AC68U running a fork version V26 or earlier, a factory reset is recommended following the firmware update to V27 or later. You may also need to reformat and restore JFFS due to updates for compatibility with the Merlin releases. Other fork users running an N16, N66U or AC66 can update to the 'E' Build as normal without a factory reset.
    • Please review '@UpgradeMatrix.txt' in the download directory, which describes the upgrade options for all the supported routers. Included are the requirements for a Factory Default Reset or reformat of JFFS.
    • If you need to perform a factory reset and are currently running firmware level 380 or earlier, you may use my NVRAM SAVE/RESTORE utility (check for the latest version) to transfer your user settings from your current firmware to this fork. https://www.snbforums.com/threads/19521/
      Using the NVRAM SAVE/RESTORE utility coming from firmware levels 382 or later is not supported and these users must manually reconfigure following the factory reset.
      https://www.snbforums.com/threads/19521/
    • Users are reminded to have a jffs backup. For users with MIPS based routers, changes in the code image size may affect the jffs space. For users of ARM based routers, changes in the jffs partitioning may also affect the jffs allocations. If you are having jffs script errors or cannot access jffs after loading the firmware, please reformat jffs from the Administration page and restore your jffs backup.

    Additional Information
    The fork does include
    • Maintenance for documented security issues
    • Maintenance for supporting open source components (such as dnsmasq, miniupnpd, etc)
    • Backports of applicable fixes and new functions from Merlin's main branch
    • Some unique support for options requested by users, such as DoT, NTP Server and improved Traditional QoS
    • A different IPv6 stack which may work better in some environments
    • A separate build with older versions of the wireless drivers that some feel offer better performance (especially on the MIPS based routers)
    • Less of a lockdown on tweaking power levels
    The fork does not include
    • The new TrendMicro DPI engine functions for ARM routers
    • The enhancements to the networkmap for custom icons, client naming, etc.
    • Some of the enhanced gui formatting of later releases, for instance the new wireless log
    • Support for the ASUS router control app
    • Support for 5 VPN Clients as in Merlin (this fork supports 2 client instances). Note that the N16 does not support VPN Client/Server due to memory limitations.

    Custom features of the fork which are not exposed in the gui can be set by an nvram variable. These custom features are documented in the Merlin_Fork_Options file in the download directory.

    Thanks to all for your continued interest in this fork.

    Source: https://github.com/john9527/asuswrt-merlin : branch 374.43_2-update

    SHA256
    Code:
    (Default Build - All supported routers)
    8a09b77d82c03efb47e617a650566f6fa21bfe92e4851d48237b3dee239bd70b  RT-N16_374.43_36EAj9527.trx
    99576076245572a8a13bf59e6f14525f1a51b6bc3ba96e09e14f6ebb0917b9ca  RT-AC66U_374.43_36EAj9527.trx
    df0543482938be3f53904bd3126b11d37856519b388a418163df994fdc740043  RT-N66U_374.43_36EAj9527.trx
    7c5a72d6209e4e6a51a3f32f58462e115b98e314e41e68cc0b1a237ab60d90c9  RT-AC68U_374.43_36EAj9527.trx
    aeecf8412283c6ce3b0efc7226872e6a0f522a7eaab52df3551af450ad376a84  RT-AC56U_374.43_36EAj9527.trx
    
    (Legacy Only Builds)
    bed83cca1f0dc0103d522d77e938f4d9d8654127b622909e7624c35e24fec556  RT-AC68U_3.0.0.4_374.43_2-36LAj9527.trx
    ec75e1b18f282c0605a77c8e9888522669f43853c91bc9e44abac8f4d2aa853f  RT-AC56U_3.0.0.4_374.43_2-36LAj9527.trx
    caf33f815a21cbf0a3560c194320c19289584a4f8418a114a69b455bd38ef4fa  RT-N16_3.0.0.4_374.43_2-36LAj9527.trx
    a3ab575e81248b3ba918c30876116fd2458803d0658671b893bb72e23c99fe21  RT-AC66U_3.0.0.4_374.43_2-36LAj9527.trx
    d382040dc9faa28a88595b5db912f6d48d7c78e24f3ae4af28d511e1cf902814  RT-N66U_3.0.0.4_374.43_2-36LAj9527.trx
    
     
    Last edited: Nov 14, 2018 at 11:00 AM
    I am JK, lev, Bob.Dig and 79 others like this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Raiu

    Raiu Regular Contributor

    Joined:
    Dec 10, 2013
    Messages:
    186
    This is awesome man! I haven't tried it yet. My wife is in school so I need 100% up time right now lol
     
  4. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    Awesome!
    A maintenance update for 374.43 :)

    I flashed it on top of 374.43 and so far so good.
    Nice work.

    MD5 checksum I got for the RT-N66U .trx file: E10E98C4F6CF380B00712A6A6BEEE2A1
     
  5. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,781
    Location:
    United States
    Glad to hear that the flash on N66U worked!
    Good point on the MD5 checksum....I added them for all the releases in the first post.
     
  6. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    Nothing funny in the syslog so far.
    Glad to see my MD5 is the same as your source. :)

    For my understanding, the fixes/changes above are they all from Github?
    Or did you merge them in yourself?
     
  7. kiesa1231

    kiesa1231 Regular Contributor

    Joined:
    Jul 13, 2013
    Messages:
    91
    Please fix to work huawei e3276s 4g modem in 374.43_3 build thanks.
     
  8. Jeffo

    Jeffo New Around Here

    Joined:
    Jul 17, 2014
    Messages:
    4
    Add maintenance of Huawei 3g/4g lte dongle to 374.43

    Same here. Requesting for maintance fix for the Huawei compatibility issue for 3G/4G/LTE dongle. it was working from Merlin 374.40Alpha4 and older also the latest 376.44 series. the firmwares in between doesn't work.
    Using a Huawei e3276s here too.
     
  9. lwizard

    lwizard Regular Contributor

    Joined:
    Jan 27, 2014
    Messages:
    95
    minidlna

    Is it possible also updating minidlna to 1.1.3?

    Thanks for the work.

    I am scared about trying 44 since it seems to cause lot of troubles in very important things like wifi and general speeds... and actually 43.2 is working right for me..
     
  10. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    Come on gents, cut the Huawei crap.
    That one is complicated and for ASUS to fix.
    Send ASUS a bug report!

    And put the router in question in your signature.
    Do we have to smell what you are using?

    Do try the fork from john9527 and give him some feedback.
    Much better than only asking.
     
    Last edited: Aug 15, 2014
  11. Kal-EL

    Kal-EL Very Senior Member

    Joined:
    Aug 15, 2013
    Messages:
    1,452
    Location:
    Motor City, Michigan-USA
    Can someone running this build explain more about it ? Is this a build that has the fixes for 44 but the interface of 43_2 ? Any comments would be great..
     
  12. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    Don't be scared, just give 376.44 a try.
    See if it works in your environment and decide yourself.
    If not, simply revert to what you are using now.
     
  13. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    That seems the case as far as I can see.

    Maybe john9527 can tell us a bit more...
     
  14. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,781
    Location:
    United States
    All the fixes have been committed by Merlin in his master branch. For this build, I merged them in by hand....gave me a chance to double check they were applicable (some I looked at were not) and gave me the chance to work through how git really worked. The exception was the openssl update...that one I let 'git cherry-pick' for me (146 updated files!).
     
  15. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,781
    Location:
    United States
    Merlin kindly tags all his releases in github, so I was able to make a branch of exactly the 374.43 release. With that as a base, I looked at what had been fixed in later builds that may have been seen on the 43 code (a good example is the Plex miniupnpd syslog flood). So I picked up that specific fix and added it to the 43 code.

    So what this is, is the 43 code, with just a couple of fixes on top of it that may help people out who don't want to upgrade to the next major release yet.
     
  16. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,781
    Location:
    United States
    Right now the minidlna update is not in the plan (there is one minidlna fix picked up)....Asus actually picked that up, so it's rolled into Merlin's big merge without a specific commit I can go after (and I need to learn more to do an update that big ;) ) This is unlike the openssl commit where I was just able to grab Merlin's work (only picked up to stay on top of any security issues).

    Also, as you said, for me 43.2 is running pretty well....there were just a couple of things that needed addressing in my environment which led me into this project. I don't want to do too much and end up destabilizing the 43.2 base.
     
  17. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    Great choice!

    The problem with 376.44 is that you can't localize the router any more.
    This is ASUS crap because of some FCC regulations.
    FCC has no jurisdiction in my country, but ASUS doesn't care.

    This means that with 376.44 I'm stuck with only 4 channels on 5GHz and reduced range on both WiFi bands.

    So I stick with 374.43 unless there are serious security issues that needs to be fixed.
    Probably a lot of people will do the same.
    Such a shame for a great open source project.

    That's why I am happy to see john9527's update on the 374.43 base. :)
     
  18. Builder71

    Builder71 Senior Member

    Joined:
    Oct 14, 2012
    Messages:
    492
    Location:
    The Netherlands
    Running fine, nothing unusual seen in syslog. :)
     

    Attached Files:

  19. DrTeeth

    DrTeeth Senior Member

    Joined:
    Mar 29, 2013
    Messages:
    380
    Many, many thanks indeed. Just what the Dr ordered, no pun intended.

    Please keep up the good work. If you do keep it up, please set up a donation page.
     
    Last edited: Aug 16, 2014
  20. Raiu

    Raiu Regular Contributor

    Joined:
    Dec 10, 2013
    Messages:
    186


    From what I have read those that went to 44 and that wanted to go back were stuck and couldn't get their settings to work right.
     
  21. Kal-EL

    Kal-EL Very Senior Member

    Joined:
    Aug 15, 2013
    Messages:
    1,452
    Location:
    Motor City, Michigan-USA
    I tried 44 two times and went back to 43_2 with no issues just make sure you do a complete factory reset.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!