[Release] Asuswrt-Merlin 384.11 is available

telUK

Regular Contributor
Will update this weekend, I have skipped a few versions, so feel this is the time to update.

I know this gets asked a lot, but to just to be sure does a reset (restore) via the GUI clear the nvram as well?

Thanks RMerlin
 
Last edited:

Delusion

Senior Member
Have been running the new version for 8 hours 37 minute(s) 4 seconds and everything is fine at least on my setup, however, some devices fail to connect to 5GHz wifi unless I choose a channel manually , other then that, works great for me.
 

Swistheater

Very Senior Member
I loosely followed the beta thread so I know that people had issues with cloudflare + DNSSEC but I am confused. I just upgraded tonight, enabled DoT (to cloudflare, which I was already using) without issue. When I go to the cloudflare test page with DNSSEC disabled, it tells me that I am verifying DNSSEC. When I actually enable DNSSEC, it still tells me that I am validating but that I am no longer running DoT. People mentioned this as a bug in the beta thread, but also mentioned that DNSSEC should be disabled with cloudflare. What settings should I use? Is DNSSEC with "Validate unsigned DNSSEC replies" worth it? The tooltip for the validate option mentions a performance impact. People in the beta thread also mentioned that most websites don't support DNSSEC.

I should also add that besides the cloudflare test page saying that I am verifying DNSSEC when I have the option disabled, https://dnssec.vs.uni-due.de/ also says I am verifying. How is that working if I have it disabled?
All cloudflare testpages fail with dot+dnssec due to the test not being able to run properly with dnssec enabled. Cloudflare test only support being runned with it off and only test for the fact that cloudflare itself can validate and not that end user can validate.
 

telUK

Regular Contributor

Swistheater

Very Senior Member
So i ran tcpdump -s 0 -ni eth0 -p port 853 -w /tmp/mnt/whateverUsbdevice/mycap.pcap
then I opened it on wireshark and inspected some points
upload_2019-5-9_7-51-8.png

upload_2019-5-9_7-52-48.png

end to end encryption
 

PoloNes

Occasional Visitor
Hello,

I used beta 2 and lost DNS using DOT + DNSSEC.
I only activated the DOT and even lost the DNS, even though I was connected to the internet.

With 384.11 the same thing, using DOT and cleanbrowsing.

DNS loss using DOT happens after a few hours.

No idea what's going on.

Code:
May  8 21:54:19 kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -1570 pad) in eraseblock at 002a0000
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:21 acsd: Adjusted channel spec: 0x1005 (5)
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: Adjusted channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:55:27 kernel: jffs2: warning: (750) jffs2_sum_write_data: Not enough space for summary, padsize = -1724
May  8 21:56:58 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link DOWN.
May  8 21:57:01 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link UP 10 mbps full duplex
 

Swistheater

Very Senior Member
Hello,

I used beta 2 and lost DNS using DOT + DNSSEC.
I only activated the DOT and even lost the DNS, even though I was connected to the internet.

With 384.11 the same thing, using DOT and cleanbrowsing.

DNS loss using DOT happens after a few hours.

No idea what's going on.

Code:
May  8 21:54:19 kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -1570 pad) in eraseblock at 002a0000
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:21 acsd: Adjusted channel spec: 0x1005 (5)
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: Adjusted channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:55:27 kernel: jffs2: warning: (750) jffs2_sum_write_data: Not enough space for summary, padsize = -1724
May  8 21:56:58 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link DOWN.
May  8 21:57:01 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link UP 10 mbps full duplex
i don't see DoT being lost by these logs - I see an ethernet device having issues communicating to the router.
 

Swistheater

Very Senior Member
another interesting test showing encryption layer change
upload_2019-5-9_8-1-46.png
 

Swistheater

Very Senior Member
Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?
did you select the wrong one to reply to?
 

dvohwinkel

Regular Contributor
Do you have skynet installed?
Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?
 

Swistheater

Very Senior Member

MDM

Senior Member
This time update was not smooth. And first ewer, it asked for manual reboot, without even needing it?
 

xus2

New Around Here
Hello everyone, thank you for your work on router.
I have a small problem I can't seem to find an answer. I have RT-AC1900U and on 384.11 right now. In Network Map > Client List, it's always a mess and mostly names of my devices becomes 'nw_ap_1552_sykevr_11'. I could not find any info on that. Sometimes they get unrelated icons, sometimes they get unrelated icons and nothing seems to fix it (reboot, restore with initializing settings). I'm attaching an example screenshot.

Screen Shot 2019-05-09 at 17.02.02.png


Thank you.
 

Therion87

Regular Contributor
For clarification.

When selecting presets for DoT do we need to add a TLS port or SPKI Fingerprint? Or is leaving them blank fine?
 

Kingp1n

Very Senior Member
For clarification.

When selecting presets for DoT do we need to add a TLS port or SPKI Fingerprint? Or is leaving them blank fine?
The question for me would is Comcast uses SPKI fingerprint ? However, please see link below per RMerlin:
https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy

It will only get linked to the Wiki index after 384.11 final is released.

In short, you don't need to change anything in the DNS fields. These should be left as they were before, just enable DNS Privacy, and add servers to the DNS-over-TLS list below.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top