1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Release 384/NG] Asuswrt-Merlin 384.5 is now available

Discussion in 'Asuswrt-Merlin' started by RMerlin, May 13, 2018.

  1. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,445
    Location:
    Canada
    Asuswrt-Merlin 384.5 is now available for all supported models. In addition to new GPL merges, this release focuses on various things that had been waiting on the Todo list for a while. With this release, a lot of work has been done around the OpenVPN implementation in an attempt to simplify it a bit, removing rarely used or flat out broken settings.

    The highlight of this release:

    • Merged with GPL 384_20648.
    • Merged binary blobs from 384_20648 for RT-AC86U, RT-AC68U and RT-AC5300.
      Updated components: OpenVPN (2.4.6), Dropbear (2018.76), OpenSSL (1.0.2o), miniupnpd (20180503), nano (2.9.5).
    • Upgraded the RT-AC86U to the same Busybox release (1.25.1) as used by all other models.
    • Revised Traditional QoS implementation. Downstream traffic for instance should no longer be incorrectly throttled.
    • Added a new service-event script, executed before any service call (for example, restart_wireless). Note that this script will block the execution of the event until it returns, so be careful with it.
    • Revised OpenVPN server and client options. Please see below for more details on these changes.
    • Revised the System Log -> Connections page due to changes made by Asus to httpd. The new implementation removes the ability to resolve hostnames, and info is shown in a sortabled table (click on a header to sort by that field).
    • Added ability to resolve hostnames to the Network Tools -> Netstat page.
    • Changed Samba behaviour. From now on, enabling master browser and WINS support requires explicitely enabling SMB sharing.
    • Changes to the Firmware Upgrade page layout. Beta Firmware channel selector moved to Tools -> Other Settings, where it will now behave more predictably like a standard setting that can be saved to nvram.
    • Sending an empty DHCP option 252 (for WPAD) can now be disabled on the Tools -> Other Settings page.
    • Blocking custom scripts (like pre-mount) will now wait a maximum of 120 seconds before returning control, to prevent permanent lockouts.
    • Security fixes for dnsmasq (like CVE-2017-15107) were backported from upstream


    This is a summary of the changes made to OpenVPN:

    Server changes:
    • Removed "TLS Reneg time" (rarely used, can manually be set as a custom option)
    • Removed "Server Poll" (which didn't work properly), and reimplemented watchdog service as a cron job, hardcoded to 2 mins frequency.
    • Removed "Push LAN" and "Redirect Gateway", replaced with new Client Access setting
    • Removed Firewall setting (firewall rules are now always created, and the broken External mode was fixed and integrated into the new Client Access setting). You can now use the postconf script to override it.
    • Removed option to respond to DNS queries - enabling the option to Push DNS will also handle it
    • Added new Client Access setting to select between three types of access: LAN only, WAN only (will block access to the LAN, including the router itself) and LAN + WAN.
      Keys and certificates can now be up to 7999 characters long.

    Client changes:
    • Reorganized settings into groups
    • Removed "Poll Interval" (which didn't work properly), and reimplemented watchdog service as a cron job, with a hardcoded frequency of 2 mins.
    • Removed Firewall setting (firewall rules are now always created). You can now use the postconf script to override it.
    • Modified behaviour of Connection Retry. Instead of taking a value in seconds that only affected resolution failure, it now takes a number of attempts, and affects connection failures. Resolution failures will now retry for an infinite period of time (the default OpenVPN value).
    • Added "refresh" link which can be clicked to re-query the public IP endpoint of the tunnel
    • Keys and certificates can now be up to 7999 characters long.


    Downloads are here.
    Changelog is here.
     
    Last edited: May 13, 2018
    Sanna1967, popxunga, namtih and 45 others like this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    495
    Thanks! Great work!
     
  4. scjr

    scjr Senior Member

    Joined:
    Nov 21, 2017
    Messages:
    387
    Location:
    "While I Breathe, I Hope"
    Thank you, Eric!
     
  5. stambeccuccio

    stambeccuccio Senior Member

    Joined:
    Apr 13, 2015
    Messages:
    259
    Location:
    Italy
    Thanks, in dowload ...
     
  6. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,445
    Location:
    Canada
    I know the question always comes up, so here it is: if running beta 2, then you'll need to update to this final version, as it contains one security fix (can't go into details because Asus hasn't released a fixed version yet on their end). That's in addition to a few other fixes/changes.
     
  7. appleseed

    appleseed Regular Contributor

    Joined:
    Jun 26, 2010
    Messages:
    57
    Location:
    everywhere
    hah, I really really thought you were going to say "should I factory default reset?"...it comes up so often, and your excellent thread should be stickied at the top with javascript bright lights, foghorns, and vuvuzelas during every release week: https://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/
     
    Fam Money, Treadler and unsynaps like this.
  8. netmik3

    netmik3 Senior Member

    Joined:
    Dec 8, 2012
    Messages:
    237
    Perfect
     
  9. Blind@Spot

    [email protected] Occasional Visitor

    Joined:
    Jan 1, 2018
    Messages:
    25
    in the Beta 2 release, USB 3.0 storage won't mount without enabling 3.0 reduce interference. did you fix it in this release @RMerlin ?

    EDIT : updated & did a factry reset.
    strange, now USB 3.0 working without changing 3.0 reduce interference settings. but I faced this prolem in Beta 2.
     
    Last edited: May 14, 2018
  10. mikelees2

    mikelees2 Regular Contributor

    Joined:
    Feb 20, 2017
    Messages:
    98
    Location:
    U.S.A.
    Awesome job as always! Thanks again for all your hard work. @RMerlin
     
  11. Kal-EL

    Kal-EL Very Senior Member

    Joined:
    Aug 15, 2013
    Messages:
    1,410
    Location:
    Motor City, Michigan-USA
    Just flashed. Working as expected !! :D
     
  12. fearz

    fearz Regular Contributor

    Joined:
    Jun 20, 2012
    Messages:
    146
    Upgraded from beta 2 and since then, i feel very slow browsing, i didn't restore factory settings, however, i'm getting these a lot:


    May 13 22:04:04 kernel: ERR[parse_qos_conf:932] Can't set new QoS conf while QoS is started!
    May 13 22:04:04 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
    May 13 22:04:04 kernel: ioctl_iqos_op_config() fail!
    May 13 22:04:04 kernel: ERR[qos_start:3344] QoS is already started!
    May 13 22:04:04 kernel: ioctl_iqos_op_switch(1) fail!
    May 13 22:04:07 kernel: ERR[parse_qos_conf:932] Can't set new QoS conf while QoS is started!
    May 13 22:04:07 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
    May 13 22:04:07 kernel: ioctl_iqos_op_config() fail!
    May 13 22:04:07 kernel: ERR[qos_start:3344] QoS is already started!
    May 13 22:04:07 kernel: ioctl_iqos_op_switch(1) fail!

    I tried to turn it off then back on, same, i;m not using FreshJR script...

    any suggestions? I really don't want to re-do all settings again...
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,445
    Location:
    Canada
    Works for me.
     
  14. Stardust

    Stardust Occasional Visitor

    Joined:
    Dec 3, 2017
    Messages:
    28
    Location:
    Czech Republic
    Thanks - upgraded from 384.4_2 and works flawless :)
     
  15. marelit

    marelit Occasional Visitor

    Joined:
    Nov 8, 2017
    Messages:
    15
    Location:
    Munich
    Thank you @RMerlin ! Upgrade worked flawlessly on my AC56U.
     
  16. madfusker

    madfusker Regular Contributor

    Joined:
    Jul 20, 2014
    Messages:
    118
    So I went out this afternoon and picked up a 86U to see if I could improve my VPN speeds (see other threads). I started with this firmware right out of the gate since it came out today, I factory reset after the upgrade, and in basic routing mode with no settings I cannot get better than 36M down. Weird. If I connect my PC directly to my cable modem, I hit my cap instantly of 200M and it pegs there. I reset to factory defaults again (initialize), and got the exact same results.

    Folks with 86U, are you seeing full speeds you expect (not using VPN)?

    Next I loaded 384.4_2 and first thing I did is test speed again. Now I peg out.

    ==update==
    I will do more testing here and report back. I went again to 384.5 and got full speed. Very strange as last time I rebooted it and factory defaulted 384.5 a least 3 times and couldn't get over 36M.
     
    Last edited: May 13, 2018
  17. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,583
    Location:
    Canada
    Are you using the ovpn client on the router or through an app on a device?
     
  18. madfusker

    madfusker Regular Contributor

    Joined:
    Jul 20, 2014
    Messages:
    118
    No, it's a new router, see above. Factory defaults and no settings whatsoever on all my tests.
     
  19. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,583
    Location:
    Canada
    Use the ovpn client on the router. Your client on the device is held to the performance of that device. Configure your ovpn client on the router and test.
     
  20. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,467
    Location:
    United States
    Power down both the modem and router for about 1/2 hour. Then power up the modem and let it sync, then the router. Some ISPs get upset when they see a new piece of hardware and need to reset themselves.
     
  21. madfusker

    madfusker Regular Contributor

    Joined:
    Jul 20, 2014
    Messages:
    118
    Will try that. @skeal I am not ready for any VPN yet as I am trying to get acceptable performance just as a basic router.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!