[Release] Asuswrt-Merlin 384.10 is now available

[QuikSilver]

The only thing I have seen around here that deletes existing dnsfilter rules is the Stubby installer script. Do you use Stubby as discussed on these forums?

Might explain why I haven't seen it as I don't use Stubby...I learned something new today @dave14305!

 

[QuikSilver]

where did you see this? i thought all .11 will add is dns tls in the gui stuff.

i'm still on 384.8 because i can't live without some lan activity feedback.

I believe he is referring to the coming ASUS firmware update not Merlin's.

Edit: He may be referring to what Eric said to someone on his Twitter....
https://twitter.com/RMerlinDev/status/1113798510632161280

 

[Butterfly Bones]

Have any one seen or know what this message is in the system log?

Apr 14 08:12:27 kernel: dcd[19302]: unhandled level 3 translation fault (11) at 0x00000000, esr 0x92000007
Apr 14 08:12:27 kernel: pgd = ffffffc01577e000
Apr 14 08:12:27 kernel: [00000000] *pgd=000000001576a003, *pud=000000001576a003, *pmd=0000000011e7c003, *pte=0000000000000000
Apr 14 08:12:27 kernel: CPU: 1 PID: 19302 Comm: dcd Tainted: P O 4.1.27 #2
Apr 14 08:12:27 kernel: Hardware name: Broadcom-v8A (DT)
Apr 14 08:12:27 kernel: task: ffffffc019354b00 ti: ffffffc0115d4000 task.ti: ffffffc0115d4000
Apr 14 08:12:27 kernel: PC is at 0xf7342f44
Apr 14 08:12:27 kernel: LR is at 0x1dc74
Apr 14 08:12:27 kernel: pc : [<00000000f7342f44>] lr : [<000000000001dc74>] pstate: 600e0010
Apr 14 08:12:27 kernel: sp : 00000000ffc8f188
Apr 14 08:12:27 kernel: x12: 000000000009ff10
Apr 14 08:12:27 kernel: x11: 00000000f65ff024 x10: 00000000000a02b4
Apr 14 08:12:27 kernel: x9 : 00000000f65ffc18 x8 : 00000000000a076c
Apr 14 08:12:27 kernel: x7 : 00000000f65ffc50 x6 : 00000000000a0766
Apr 14 08:12:27 kernel: x5 : 0000000000000000 x4 : 00000000f65ffbfc
Apr 14 08:12:27 kernel: x3 : 0000000000000000 x2 : 0000000000000000
Apr 14 08:12:27 kernel: x1 : 000000000007c674 x0 : 0000000000000000

Started to appear now and then after updated to 384.10_2 and installed ntpMerlin

This is a known issuer that started in 384.9 and is noted in the changelog of the first post there. If you use the changelog link in post #1 of this thread you will see it has not been fixed because it is an ASUS issue that RMerlin cannot fix. Here is a helpful link.
https://www.snbforums.com/threads/r...-9-is-now-available.54843/page-28#post-469689

 

[DAVID LONG]

The problem I had when I first started getting those was the DCD part is very unobvious when bundled with all the other text, in that fault.

And, when it is discovered and you try to find more about it, it is not searchable with the forum search feature.

 

[RMerlin]

will .11 released be based on the new firmwares that are launched by asus? according to notes, it fixes the network mapping

No source code = nothing for me to merge.

 

[Butterfly Bones]

The problem I had when I first started getting those was the DCD part is very unobvious when bundled with all the other text, in that fault.

And, when it is discovered and you try to find more about it, it is not searchable with the forum search feature.

That is why it is highly recommended to read the links to changelog on new releases, or before updating if on an older version. Read back at least two and better 3-4 releases. It takes time, yes, but it WILL save you grief in the long run. Click this link, then do a Ctrl-F search for "dcd".

 

[jdavis]

The only thing I have seen around here that deletes existing dnsfilter rules is the Stubby installer script. Do you use Stubby as discussed on these forums?

Yes, I use Stubby as well. Thank you @dave14305 !

I have had to recreate the DNSfilter rule several times but I have only installed Stubby once. I will watch to see if updating the Stubby configuration deletes the rule as well.

 

[Pergola Fabio]

No source code = nothing for me to merge.

ah, not everytime the source is released then?

 

[dave14305]

Yes, I use Stubby as well. Thank you @dave14305 !

I have had to recreate the DNSfilter rule several times but I have only installed Stubby once. I will watch to see if updating the Stubby configuration deletes the rule as well.

When you run the installer script it will ask you “Would you like to force all client DNS requests through Stubby (DNSFilter)”. If you say yes, it overwrites your existing rules. If you say no, it disables DNSFilter completely. It won’t just leave it as-is.

 

[L&LD]

ah, not everytime the source is released then?

No, the point is no source has been released.

 

[Asad Ali]

ah, not everytime the source is released then?

ASUS don't usually release the Source Code exactly at the same time they issue a new firmware update. They release the code later on. ( how late is upto them )

 

[fearz]

I was wondering if I can use those DNS over TLS but with my own DNS providers...well you see, I use specific DNS servers for services such as unblocking streaing websites via DNS, so i wish to use those DNS but couldn't find a way to use both..like stubby + those DNS IPs...

Any suggestions?

 

[RMerlin]

I was wondering if I can use those DNS over TLS but with my own DNS providers

No. A DNS server needs to specifically support DoT for you to use it with that server.

 

[JonEngland]

384.10 is working great on my end.

My ISP is now throttling the VPN protocol connection and ports ( TCP and UDP ) and I am wondering if there's anyway to force the connection to use the SSL Protocol for AirVPN with Asus-WRT Merlin? Thanks!

Hi BuckyBucky

yes, I have my Merlin router setup to do this. I found the AirVPN forum post below useful
https://airvpn.org/topic/12751-ssl-tunnel-via-dd-wrt/

but in summary, you'll need to
1. install stunnel and screen e.g. via entware - https://github.com/RMerl/asuswrt-merlin/wiki/Entware
2. generate the required airvpn config files (airvpn client area > config generator > select advanced > select linux > *select udp (or tcp) > select ssl (port 443) > choose a single/specific server of your choice)
* you can probably skip this step and just select ssl as you will only need these three files:

airvpn_<servername>_SSL-443.ovpn
airvpn_<servername>_SSL-443.ssl
stunnel.crt​

3. use wan-start script to create the stunnel on startup, e.g.

#!/bin/sh
sleep 20
screen -wipe
screen -dmS airvpnstunnel stunnel /jffs/stunnel/airvpn_<servername>_SSL-443.ssl​

4. put the .crt file in same folder as the .ssl file (e.g. /jffs/stunnel/) and edit the .ssl file to have the correct filepath for the .crt file, e.g.

CAfile = /jffs/stunnel/stunnel.crt​

5. reboot, or execute the wan-start script
6. add airvpn client to merlin gui using the airvpn_<servername>_SSL-443.ovpn file generated above

Note: It was some time ago I set this up so I've tried to include everything I can remember you'll need but without going through setting it up again I'm not 100% sure it's all there

btw, switching from udp/tcp to ssl my vpn increased from ~20-25Mbps to ~30-35Mbps (when I was using an ac68u). I've now got an ac86u and vpn is around 80-90Mbps. My connection is 100Mbps and I get around 90-95Mbps when not using vpn.

edit: there is now an official guide here: https://airvpn.org/ssl/ - (doesn't mention using screen though)

Hope this helps
Jon

 

[Boogieman]

Is there any changes in this or update before this one that could improve the media bridge mode?

I am running 3.0.0.4.384_45149 on a RT-AC2900 and as a router connecting with a AC-66U media bridge node and its certainly not working well.
Drop outs about every 30-60 minutes (AC-66u still says connected but cannot reach the AC2900 via the 66u - not even connecting to UI on the 2900 via 192.168.1.1) and sometimes reconnects after about 1 minute, but sometimes i need to restart either 66 or 2900 to get it up and running againg.

Had the same problem before, but not as bad, with two AC66Us in same config (earlier FW).

It seems like media bridge has become a lot worse since they started with AI mesh, just a guess.

My log in the 2900 is filled with this (about 6 times per minute) even though none of my devices connects or disconnects. And its different MACs all the time
(replaced first part of MAC with xx:xx:xx:xx:xx
Apr 16 02:07:39 WLCEVENTD: eth6: Disassoc xx:xx:xx:xx:xx:00
Apr 16 02:07:45 WLCEVENTD: eth6: Disassoc xx:xx:xx:xx:xx:5A
Apr 16 02:07:46 WLCEVENTD: eth6: Assoc xx:xx:xx:xx:xx:00
Apr 16 02:07:52 WLCEVENTD: eth6: Assoc xx:xx:xx:xx:xx:5A

I have changed on the 2900 as below:
Modulation Scheme to MCS9

And disabled below to make sure those are not causing issues since im using the 66u in the other end (and does not support it)
Airtime Fairness
Multi-User MIMO
802.11ac Beamforming
Universal Beamforming

No difference though

Cheers
Boogie

 

[Livin]

Updated my two RT-AC68U routers from 384.8_2 to 384.10_2 and now I have major problems with my devices communicating.

Looks like 2 related issues...
(1) router is 'tricking' the phone into thinking it has a fast connection
(2) throughput is SUPER SLOW
... I only run my tablets/phones on 5ghz so only testing that.

On the devices, connections show they are at high mbps (400-700) but I cant get any comms to happen. Then they will almost always show 7-15 mbps after a few minutes... still no throughput over very very little.

This is Everywhere, on 2 routers... not just specific house locations. Even places where I used to have consistent 500- 550mbps (direct line of sight, nothing but air) I'm getting an initial connect at 585 then immediately drops to 260 then bounces back to 702.

I've not changed anything at all in my router config in ages (see screenshots for config)

The survey shows a VERY weak 5ghz (LW5) when my phone shows it at 702mbps but the speeds are super slow, 5mpbs when loading simple web pages, facebook, gmail, etc

I appreciate the help, I'm going to roll back until this is fixed.

 

[Makaveli]

I've not changed anything at all in my router config in ages (see screenshots for config)

Was this a dirty upgrade from 8_2 to 10_2?

If so have you tried saving your config and resetting the routers to defaults then testing before restoring saved settings?

And on the Tablets and phones clearing the saved wifi network then reconnecting?

 

[Livin]

Was this a dirty upgrade from 8_2 to 10_2?

If so have you tried saving your config and resetting the routers to defaults then testing before restoring saved settings?

And on the Tablets and phones clearing the saved wifi network then reconnecting?

Yes, I never wiped prior to upgrading from one Merlin to another... only from John's to Merlin. Never had an issue.

Yes, tried that same issue. Its weird. I'll try reflashing

 

[penguin22]

Is there any changes in this or update before this one that could improve the media bridge mode?

My experiences with lots of testing across many firmwares is that MB mode is a half-baked, non-functional compromise that should not be used. If you insist on using a transparent ARP client bridge, either go with WDS (I did not have much success), use DD-WRT (not really transparent, but stable), or use Merlin in repeater mode and do not use the repeated WiFi with any devices. I found that repeater mode has been stable for weeks at a time and functions as a pseudo-bridge, though not as transparent ARP, meaning devices will not show in the router as they share the repeater's MAC address.

 

[Ro berto]

has anyone noticed there is a Cinco de Mayo (May 5 07:05:05 kernel) date on the System Log in the webUI after rebooting?

(last line before reboot)

Apr 17 11:11:25 custom_script: Running /jffs/scripts/services-stop

(first line after reboot)

May 5 07:05:05 syslogd started: BusyBox v1.25.1

(first line after reboot sequence)

Apr 17 11:12:20 rc_service: ntp 994:notify_rc restart_diskmon