RMerlin
Asuswrt-Merlin dev
EDIT: 2-Dec-2017: 382.1_2 has been released, providing additional fixes, including KRACK for the RT-AC88U and RT-AC3100 (RT-AC86U was already patched in 382.1). Changes since 382.1:
After three months of development, Asuswrt-Merlin 382.1 is now available for the RT-AC86U, RT-AC88U and RT-AC3100 only. Other models will gradually be ported as Asus issues 382 GPL code for them.
Asuswrt-Merlin 382.xx was started from a clean GPL release, with the Asuswrt-Merlin changes re-applied on top of it. This was made necessary due to the large amount of changes between 380 and 382. Because of this, both branches will for the time being be developed in parallel, as models will gradually be ported over from the 380 code to the newer 382 code (as Asus progressively migrates them to this new code base).
Upgrading from 380.68 to 382.1 shouldn't require a factory default reset (but be prepared to do one if you encounter any unusual issue). Downgrading back to 380.xx however will require a factory default reset, as there has been some changes that are not backward-compatible, especially relative to SSH and OpenVPN.
Due to the large number of changes it's possible that there are still some issues remaining. Some of these will have to be fixed upstream by Asus. Others will be examined at a later date. For now, this release is stable enough, and has been running on my own primary router for a few weeks now.
The summary of changes between 380.68_4 and 382.1:
Make sure you read the complete Changelog for more information, as there are a lot of information related to the 382 changes.
Please don't ask for any ETA concerning other models, as I don't have any to give. First, Asus will have to release 382 GPL code for these other models before I can even begin to look into it.
Also, please keep discussions in this thread to this specific release.
Various notes:
The Mediafire download mirror is being phased out. Sourceforge is the new primary download site, with Onedrive acting as the mirror. The download page has been updated to reflect these changes (please always refer to https://asuswrt.lostrealm.ca/download when referring to the download site, as this URL will always contain the most up-to-date information).
Regarding KRACK: only the RT-AC86U release is patched in 382.1, as Asus hasn't released patches for the RT-AC88U or RT-AC3100 yet. Once again, let me remind you that the router is only vulnerable if running in Repeater or Media Bridge mode. While in Router or AP mode, only your clients are in need of patching.
382.1_2: AC88U and AC3100 are now patched as well.
The Git repository for the 382 code is at this location:
https://github.com/RMerl/asuswrt-merlin.382
What's next:
Once 382.1 has shown to not have any major issue in need of immediate fixing, I will slow things down for a while as I need a break after all the work that was involved in the 382 migration (I always knew the 382 merge would be a rough one, I'm sure glad it's behind me now.) Things that are on the table for the coming weeks/months:
Downloads are here.
Changelog is here.
Code:
- NEW: Added custom/add/postconf support for mcpd.conf (RT-AC86U)
- CHANGED: Updated odhcp6c to latest upstream version
(patch by theMIRon)
- CHANGED: cifs and xt_set kernel modules will get automatically
loaded as needed.
- CHANGED: Updated openssl to 1.0.2m.
- CHANGED: Updated libogg to 1.3.3 and libvorbis to 1.3.5.
- CHANGED: Merged wireless components from GPL 382_18991 for
RT-AC88U and RT-AC3100 (should in theory fix KRACK
issue on these two models)
- FIXED: allow IA_NA mode downgrade with forced IA_PD
(for ISPs with broken IPv6 support)
(patch by theMIRon)
- FIXED: SSH brute force protection would break WAN
connectivity (RT-AC86U)
- FIXED: Wrong Trend Micro signature updater was used when
compiling with FW update checker enabled.
- FIXED: QoS Upload chart missing on PPPoE connections with
Adaptive QoS enabled.
- FIXED: client and vendor id fields on WAN page would fail
to accept new values longer than 32 characters.
- FIXED: The Desc field in the OpenVPN policy section would
reject ":" if field contained a MAC address.
- FIXED: Security issues CVE-2017-15275, CVE-2017-12163 and
CVE-2017-12150 (backported to Samba 3.6 and 3.5)
- FIXED: DHCP static lease list would refuse any change if
the list of leases+hostnames was longer than 1000
chars due to an HND platform limitation (RT-AC86U)After three months of development, Asuswrt-Merlin 382.1 is now available for the RT-AC86U, RT-AC88U and RT-AC3100 only. Other models will gradually be ported as Asus issues 382 GPL code for them.
Asuswrt-Merlin 382.xx was started from a clean GPL release, with the Asuswrt-Merlin changes re-applied on top of it. This was made necessary due to the large amount of changes between 380 and 382. Because of this, both branches will for the time being be developed in parallel, as models will gradually be ported over from the 380 code to the newer 382 code (as Asus progressively migrates them to this new code base).
Upgrading from 380.68 to 382.1 shouldn't require a factory default reset (but be prepared to do one if you encounter any unusual issue). Downgrading back to 380.xx however will require a factory default reset, as there has been some changes that are not backward-compatible, especially relative to SSH and OpenVPN.
Due to the large number of changes it's possible that there are still some issues remaining. Some of these will have to be fixed upstream by Asus. Others will be examined at a later date. For now, this release is stable enough, and has been running on my own primary router for a few weeks now.
The summary of changes between 380.68_4 and 382.1:
- Code re-implemented starting from a pristine 3.0.0.4.382_15098 GPL release
- Merged with GPL 3.0.0.4.380_16466
- Implemented support for the RT-AC86U. All previous Asuswrt-Merlin features are supported, except for IPTraffic, which is not compatible with the newer Linux kernel used by this model.
- Reworked OpenVPN implementation. Starting with 382_xxxx, Asus has made their OpenVPN implementation closed-source. Because of this, it was decided to stick to our (more advanced) existing implementation, and to fork away OpenVPN development from Asus's own. A lot of changes were made to the existing code as it no longer needed to remain in sync with Asus (and also to better interface with the new API Asus used with their new OpenVPN implementation). Because of this, it's also recommended to do a factory default reset when going back to Asus's stock firmware (or, be prepared to having to reconfigure your OpenVPN settings).
- Added Full Cone NAT support to the RT-AC86U.
- Added WiFi Radar to the RT-AC86U. This is Broadcom's own visualization engine, which can help troubleshoot wireless issues (for advanced users only). Make sure you read the full Changelog for more informations.
- SSH keys are now stored in /jffs/ssl/ rather than in nvram (in part to deal with a change in 382's nvram management that has problems with long nvram values).
- Updated OpenVPN to 2.4.4.
- Various webui enhancements to the OpenVPN, Operational Mode and SNMP pages.
- Changes to the new firmware check process (new manifest format, and also the Beta channel will now also check for any newer version from the Release channel)
Make sure you read the complete Changelog for more information, as there are a lot of information related to the 382 changes.
Please don't ask for any ETA concerning other models, as I don't have any to give. First, Asus will have to release 382 GPL code for these other models before I can even begin to look into it.
Also, please keep discussions in this thread to this specific release.
Various notes:
The Mediafire download mirror is being phased out. Sourceforge is the new primary download site, with Onedrive acting as the mirror. The download page has been updated to reflect these changes (please always refer to https://asuswrt.lostrealm.ca/download when referring to the download site, as this URL will always contain the most up-to-date information).
Regarding KRACK: only the RT-AC86U release is patched in 382.1, as Asus hasn't released patches for the RT-AC88U or RT-AC3100 yet. Once again, let me remind you that the router is only vulnerable if running in Repeater or Media Bridge mode. While in Router or AP mode, only your clients are in need of patching.
382.1_2: AC88U and AC3100 are now patched as well.
The Git repository for the 382 code is at this location:
https://github.com/RMerl/asuswrt-merlin.382
What's next:
Once 382.1 has shown to not have any major issue in need of immediate fixing, I will slow things down for a while as I need a break after all the work that was involved in the 382 migration (I always knew the 382 merge would be a rough one, I'm sure glad it's behind me now.) Things that are on the table for the coming weeks/months:
- Begin work on a 380.69 release which will mostly address KRACK issues when possible, provided Asus releases appropriate GPL updates and that these can be merged back into 380. 80.69 is expected to be a fairly minor release, as I currently have no plan in the near future for any new feature in that code branch.
- Evaluate the feasibility of merging Asus' 380_8120 into 380.69 once Asus releases the GPL for it.
- After 380.69, I will look into migrating more devices to the 382 code assuming Asus has released any new 382 GPL by then.
- There's an odhcp6c update planned for 380.69 and 382.2 which addresses some IPv6 connectivity issues for ISPs that don't properly follow some of the RFCs.
- An OpenSSL update is also planned, tho the main security fix in that new release only affects the x86 platform (so MIPS/ARM routers are not susceptible to it)
Downloads are here.
Changelog is here.
Last edited:
