[Release] Asuswrt-Merlin 380.66 is now available

[Alfred]

Thank you very much for 380.66. Nice paint on the website also
Feature Request regarding the following fix in 380.66: FIXED: New outbound connections weren't logged if firewall logging was enabled.
Request: option to exclude logging of new outbound connections if firewall logging is enabled.

 

[Gregory Phillips]

Thank you Merlin for your support and tireless efforts to perfect our Asus routers. I also ran a port scanner test on my RT-AC88U and the unit passed with flying colors.
http://www.whatsmyip.org/port-scanner/

 

[Diamond67]

The only thing I noticed, which I can't recall from the previous official release, is that my port 443 is now open by default on the WAN side, as a remote scan failed. Going through the UI, I noticed that I AICloud Smart Access was enabled. I did enable Samba for the local network, on the USB Application page, but never touched anything at the AICloud 2.0 page, as I don't use it. Is this a change coming from Asus or ? I'm not very keen on ports opened (at least, that's what it looks like) by default. Can anyone, not using AICloud 2.0 either, verify after upgrade or clean install with ShieldsUp or nmap to check whether their port 443 is open too?

Updated from 380.65_2 to 380.66_0, without doing factory reset.

I have always had AICloud Smart Access disabled. And after updating to 380.66 it still remained disabled. GRC ShieldsUP Common Ports test showed all ports "Stealth", port 443 as well.

I have Samba enabled (LAN).

 

[shooter40sw]

I installed today and did a factory reset, something that I haven't noticed before was an iptables rule

 817 60888 SECURITY_PROTECT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 443

I have this port open to WAN to do ssh tunnel on that port, but I have it already restricted to an specific IP address so the danger is lower, like Im not there at the time I cant test if I will be able to connect from that location, is this new rule going to stop me from doing so?

 

[rtn66uftw]

For that you probably need to check the modem configuration. Maybe it's not in the bridge mode any more.

Thanks for the reply! But why would the modem not be in Bridge mode anymore? I didn't touch it at all. And looks like I coudn't login to the modem now

 

[bobiii]

Working great, as always, on my RT5300! (380.66)

 

[RMerlin]

Maybe that is user error, but after the update, WPS was enabled on my AC87U.

Asus should eventually get around to fixing it. The issue is specific to that model, and they're aware of it.

 

[RMerlin]

The only thing I noticed, which I can't recall from the previous official release, is that my port 443 is now open by default on the WAN side, as a remote scan failed. Going through the UI, I noticed that I AICloud Smart Access was enabled. I did enable Samba for the local network, on the USB Application page, but never touched anything at the AICloud 2.0 page, as I don't use it. Is this a change coming from Asus or ?

AiCloud features shouldn't be enabled by default. Might be you accidentally enabled it if you used the AiDisk wizard to configure your disk sharing rather than manually enabling the SMB server.

I have this port open to WAN to do ssh tunnel on that port, but I have it already restricted to an specific IP address so the danger is lower, like Im not there at the time I cant test if I will be able to connect from that location, is this new rule going to stop me from doing so?

The security server is a new feature in GPL 7378 that will protect against brute force attacks, by blocking the IP of repeated offenders. So far I believe Asus only protect SSH. The feature was a backport from 382, so it's not the more advanced version where they also protect other services such as httpd. That more advanced version in 382 is also closed source now...

Thanks for the reply! But why would the modem not be in Bridge mode anymore? I didn't touch it at all. And looks like I coudn't login to the modem now

Could be that whoever made it into bridge mode didn't write the change to its flash, so a reboot caused it to revert back to its factory default mode. If you don't manage that modem, you might need to contact the ISP to request that they put it into bridged mode.

 

[tomsk]

Asus should eventually get around to fixing it. The issue is specific to that model, and they're aware of it.

i upgraded my AC68U to 380.66 earlier and noticed the WPS was set to on after the upgrade. I'm pretty sure i had disabled it some time ago., but must admit i cant be 100% sure of the state prior to the update. may be something for people to keep an eye on.
Im all other respects its working beautifully...

 

[thelonelycoder]

i upgraded my AC68U to 380.66 earlier and noticed the WPS was set to on after the upgrade. I'm pretty sure i had disabled it some time ago., but must admit i cant be 100% sure of the state prior to the update. may be something for people to keep an eye on.
Im all other respects its working beautifully...

Have a look at the 'fix' I posted earlier.

 

[tomsk]

Have a look at the 'fix' I posted earlier.

Yes i saw you post that bit of script (nicely done) ...i have switched the WPS back off for now and will keep an eye out if it reverts to on after a reboot.
I have a bit of weirdness going on now....after switching the WPS off, if i click on the WPS tab the GUI jumps to the network map page....

EDIT : logged out of the GUI and back in fixed that

 

[rtn66uftw]

Could be that whoever made it into bridge mode didn't write the change to its flash, so a reboot caused it to revert back to its factory default mode. If you don't manage that modem, you might need to contact the ISP to request that they put it into bridged mode.

Thanks! I put it in Bridge mode myself about a year ago (Ubee DDC2700 U10C038 modem). Since then I have restarted it several times without any issue with IPs. It only happened yesterday after flashing to 380.66 final from Beta 1. I tried the MAC clone trick several times to no avail

 

[Diamond67]

i upgraded my AC68U to 380.66 earlier and noticed the WPS was set to on after the upgrade. I'm pretty sure i had disabled it some time ago., but must admit i cant be 100% sure of the state prior to the update.

Are your SSIDs hidden or not? I have AC68U as well, and updating to 380.66 didn't activate WPS. But my SSIDs are hidden and there is this note in Wireless - WPS tab:

Note: WPS function will not be available if SSID is hidden.

So you cannot manually activate WPS from GUI if SSID is hidden.

 

[bobpow]

I loaded 380.66 on AC1900 so far works great, but WPS was turned on. I know it was off in 380.65.

 

[skeal]

Are your SSIDs hidden or not? I have AC68U as well, and updating to 380.66 didn't activate WPS. But my SSIDs are hidden and there is this note in Wireless - WPS tab:


So you cannot manually activate WPS from GUI if SSID is hidden.

I can verify this as well if ssid is hidden there is no effect.

 

[fiasko]

Thanks! I put it in Bridge mode myself about a year ago (Ubee DDC2700 U10C038 modem). Since then I have restarted it several times without any issue with IPs. It only happened yesterday after flashing to 380.66 final from Beta 1. I tried the MAC clone trick several times to no avail

It doesn't matter what you do with your ASUS router, the facts won't change. Unless you set a static IP for its WAN port, the IP it shows comes from your modem or through it from your ISP. If you got the modem from your ISP, is very common that they push updates or do some other remote reconfiguration which can affect your own settings.

I suggest you to do factory default reset for your modem and reconfigure it in bridged mode again. If you can't do this, then you need to contact your ISP support.

 

[Deleted member 22229]

Just updated to 380.66_0 on the 3100 all good works fine. Thanks Eric.

 

[cs1]

I had a very strange effect after upgrading to 380.66. I came from 380.65 and after the upgrade, all devices that where connected to a switch which in turn was connected to one of the switchports of my RT-AC68U immediately lost connectivity to (a) the router (no HTTPS would work) and (b) to the internet. Even stranger was the fact that ICMP packets still worked (from machines that where connected to the switch in question I could ping hosts internally and on the internet) and also DHCP seemed to work but all other TCP traffic didn't. Without changing the configuration I downgraded to 380.65_4 and everything started working again (it had worked for many previous versions of Asuswrt-Merlin, I've been on this firmware since I bought the router and my network topology hasn't changed for many Asuswrt-Merlin releases). I can't see anything in the changelog that would explain this behaviour but I could definitely reproduce it and downgrading to 380.65_4 immediately helped fix the problem. There's nothing in the router's logs that would explain what's going on. Has anyone else experienced anything similar?

 

[reerden]

I loaded 380.66 on AC1900 so far works great, but WPS was turned on. I know it was off in 380.65.

Asus may have changed the setting in NVRAM, so the firmware sets the defaults which is WPS on for 2.4ghz.

 

[Martin_D]

I have updated to 380.66 and now am seeing this in the logs

May 13 21:03:52 kernel: nvram: consolidating space!

NVRAM usage 77526 / 131072 bytes

My setup

RT-AC5300 - AB-Solution 3.8.1 - DNSCrypt