[Release] Asuswrt-Merlin 380.66 is now available

[RMerlin]

Asuswrt-Merlin 380.66 is now available for all supported models. This version merges Asus's GPL 380_7378, and includes various fixes and enhancements.

The highlight:

• Merged with Asus's GPL 3.0.0.4.380_7378. This includes security fixes, and allows to define an allowed source IP when defining a port forward rule. Also, some models gained Airtime Fairness support, which might cause issues with some wireless clients. If it does, I recommend disabling it.
• New Policy Rules mode for OpenVPN clients called "Policy Rules (strict)". In this mode, the OpenVPN client routing table will only contain rules specific to its tunnel, which will reduce the chances of leaks, or conflict with other simultaneous tunnels. I recommend using this mode, unless you have a special setup that requires manual static routes to work with your tunnelled clients.
• New option to disable the constant DNS-based Internet connectivity test. The option is within Tools -> Other Settings, in the Tweaks section.
• You can now disable the use of a DH with OpenVPN, by entering "none" in the DH cert field.
• Numerous enhancements to the ovpn OpenVPN config import procedure, adding support for "reneg-sec" and "port", multi-parameters "remote", dealing with cipher/digests entered in lower-case, and better feedback during the procedure.
• Updated components: OpenVPN (2.4.2), LZ4 (1.7.5), Tor (0.2.9.10) and nano (2.8.1).
• SSL certificates generated for HTTPS access to the webui will now contain valid SANs, preventing some of the security complains generated by browsers. The SANs will include the router's IP, the generic built-in router.asus.com name, as well as your DDNS name (if a valid one can be determined)
• Improvements to the UPNP daemon, might help various UPNP applications such as game consoles and DLNA servers.
• Disabled multicast_snooping on the LAN bridge, which could cause conflicts with EMF, DLNA, and other multicast-based applications. If for some reason this created new issues, you can re-enable it under Tools -> Other Settings, in the Tweaks section.
• OpenVPN fixes: fully disable Cipher Negotiation (NCP) if you do so on the webui, fixed server running in an IPv4/IPv6 setup with udp.
• Applied fix to the kernel against CVE-2016-10229 (unsure if kernel was actually vulnerable, but the fix is there nonetheless)
• Various other fixes
• Freshly repainted website

Note that you can no longer edit existing Port Forward rules, as the edit code is incompatible with Asus's new version of that page. This feature might make it back in a future release once it gets re-designed to work with the new code. For now, you will have to remove and re-add any foward you wish to change, like in the stock firmware.

Please consult the changelog for the complete list of changes.

Downloads are here.
Changelog is here.

 

[RMerlin]

Known issues:

• AiCloud fails to start on RT-N66U and RT-AC66U (Fixed in 380.66_2)
• AiCloud and httpd (SSL) could randomly fail to start at boot time, due to a timing issue with generation of the SSL certificate. (Fixed in 380.66_2)

 

[RMerlin]

For those wondering, I haven't published to the update server yet, will do so later tonight once I'm sure no last minute issue arises (and also because I'm currently busy with other RL stuff )

 

[iXNyNe]

I'm trying to get the RR-AC66U 380_66.0 firmware to install over 380_65.4 but it's telling me it's invalid.

Specially this is the message:
Invalid Firmware Upload
Firmware upgrade unsuccessful. This might result from incorrect image or error transmission, please check the model name RT-AC66U and version of firmware from support site and try again.

 

[skeal]

Ok running awesome! I have a lot of scripts and it's all good. Did not need to reset to factory defaults just rebooted after the flash was dome. Working awesome @RMerlin outstanding!!

 

[bbunge]

I'm trying to get the RR-AC66U 380_66.0 firmware to install over 380_65.4 but it's telling me it's invalid.

Specially this is the message:
Invalid Firmware Upload
Firmware upgrade unsuccessful. This might result from incorrect image or error transmission, please check the model name RT-AC66U and version of firmware from support site and try again.

Is your router an RT-AC66U B1? If so you will need to use the firmware for the AC68U. Please, be careful and check the model number not the hardware version!

Sent from my P01M using Tapatalk

 

[st3v3n]

Many thanks, for all of your hard work, and the fresh repainted website as well. Looking forward to advancing from 380.66b5 tomorrow.

 

[iXNyNe]

To try:
Remove usb devices, reboot, flash...

Reboot worked. I don't have any USB devices, so that wasn't an issue.

I've been having an issue even before upgrading that my 5ghz band shows channel 0 and my wifi icon shows only the left half green (basically I have no 5ghz). I don't seem to have the airtime fairness option on the professional tab like the change log mentions so I don't think that's the issue. I can create a separate thread if needed to discuss my issue.

 

[BigSnicker]

wow, I'm the 0th download for the AC-68U. (OMG!OMG!OMG!)

Install went super smoothly, I like both the paint and new features and the only hiccup I found in the logs turned out to be something I've had misconfigured for a long while and was quite happy to correct.

Thanks for everything, that donation money continues to pay off!

 

[rtn66uftw]

Thanks Merlin! 1st one to download 380.66 for AC-3100 here

After flashing over Ethernet & did the power cycle, the internet light on the AC-3100 turned red. On the Merlin network status page, it shows "Your ISP's DHCP does not function properly" and I can't connect to the internet anymore.

Anyone knows what went wrong? TiA

 

[RMerlin]

Thanks Merlin! 1st one to download 380.66 for AC-3100 here

After flashing over Ethernet & did the power cycle, the internet light on the AC-3100 turned red. On the Merlin network status page, it shows "Your ISP's DHCP does not function properly" and I can't connect to the internet anymore.

Anyone knows what went wrong? TiA

Try turning your modem off for a few minutes.

 

[rtn66uftw]

Try turning your modem off for a few minutes.

Thanks Merlin! It works but now my WAN IP address turns from a public to a private one 10.40.1x.xx. How to fix that?

 

[fiasko]

Thanks Merlin! It works but now my WAN IP address turns from a public to a private one 10.40.1x.xx. How to fix that?

For that you probably need to check the modem configuration. Maybe it's not in the bridge mode any more.

 

[thelonelycoder]

Maybe that is user error, but after the update, WPS was enabled on my AC87U.
Now, I don't remember ever setting this to on and I have no idea if it was indeed set to on before the update.
Is there any way to check? I have a settings backup file from just before the update.

I also updated my AC1900P and WPS was not activated after.
As I said, this might be my fck-up and I had it set to on unintentionally on the 87U.

Edit: I updated from 380.65_4

 

[thelonelycoder]

Maybe that is user error, but after the update, WPS was enabled on my AC87U.
Now, I don't remember ever setting this to on and I have no idea if it was indeed set to on before the update.
Is there any way to check? I have a settings backup file from just before the update.

I also updated my AC1900P and WPS was not activated after.
As I said, this might be my fck-up and I had it set to on unintentionally on the 87U.

OK, I just restored the old settings file and WPS is set to off, which means the update set it to on somehow?

 

[eclp]

@thelonelycoder
The WPS problem of the RT-AC87U was already several times conversation object in the forum. For me after every reboot, no matter what firmware version, but always only at 5ghz.
https://www.snbforums.com/threads/b...ta-is-now-available.38718/page-15#post-323350

 

[thelonelycoder]

@thelonelycoder
The WPS problem of the RT-AC87U was already several times conversation object in the forum. For me after every reboot, no matter what firmware version, but always only at 5ghz.
https://www.snbforums.com/threads/b...ta-is-now-available.38718/page-15#post-323350

I see, thanks. I was not aware of the issue.

 

[thelonelycoder]

@thelonelycoder
The WPS problem of the RT-AC87U was already several times conversation object in the forum. For me after every reboot, no matter what firmware version, but always only at 5ghz.
https://www.snbforums.com/threads/b...ta-is-now-available.38718/page-15#post-323350

For RT-AC87U users to be on the safe side, I've added this to my /jffs/scripts/services-start to make sure WPS is set to off after reboot:

#!/bin/sh

# make sure WPS is set to off after reboot
if [ "$(nvram get wl0_wps_mode)" != "disabled" ] || [ "$(nvram get wps_enable)" != "0" ] || [ "$(nvram get wps_enable_x)" != "0" ];then
   sleep 5
   logger "WPS has been disabled by $0"
   nvram set wl0_wps_mode=disabled
   nvram set wps_enable=0
   nvram set wps_enable_x=0
   nvram commit
   service restart_wireless
fi

 

[eclp]

Great work!
Thank you so much!

 

[MarCoMLXXV]

First of all, a huge thanks to @RMerlin, very happy with the new release. Installed the update early this morning (CET) and it seems running smoothly, has been up for about 6 hours now, running smooth like butter so far.

I did a factory reset beforehand and formatted and repartitioned my USB3-thumbdrive prior to upgrading, as I messed something up yesterday, couldn't figure out how to revert, so had a good reason to start from scratch.

The only thing I noticed, which I can't recall from the previous official release, is that my port 443 is now open by default on the WAN side, as a remote scan failed. Going through the UI, I noticed that I AICloud Smart Access was enabled. I did enable Samba for the local network, on the USB Application page, but never touched anything at the AICloud 2.0 page, as I don't use it. Is this a change coming from Asus or ? I'm not very keen on ports opened (at least, that's what it looks like) by default. Can anyone, not using AICloud 2.0 either, verify after upgrade or clean install with ShieldsUp or nmap to check whether their port 443 is open too?