What's new

[Release] Asuswrt-Merlin 384.11 is available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Will update this weekend, I have skipped a few versions, so feel this is the time to update.

I know this gets asked a lot, but to just to be sure does a reset (restore) via the GUI clear the nvram as well?

Thanks RMerlin
 
Last edited:
Have been running the new version for 8 hours 37 minute(s) 4 seconds and everything is fine at least on my setup, however, some devices fail to connect to 5GHz wifi unless I choose a channel manually , other then that, works great for me.
 
I loosely followed the beta thread so I know that people had issues with cloudflare + DNSSEC but I am confused. I just upgraded tonight, enabled DoT (to cloudflare, which I was already using) without issue. When I go to the cloudflare test page with DNSSEC disabled, it tells me that I am verifying DNSSEC. When I actually enable DNSSEC, it still tells me that I am validating but that I am no longer running DoT. People mentioned this as a bug in the beta thread, but also mentioned that DNSSEC should be disabled with cloudflare. What settings should I use? Is DNSSEC with "Validate unsigned DNSSEC replies" worth it? The tooltip for the validate option mentions a performance impact. People in the beta thread also mentioned that most websites don't support DNSSEC.

I should also add that besides the cloudflare test page saying that I am verifying DNSSEC when I have the option disabled, https://dnssec.vs.uni-due.de/ also says I am verifying. How is that working if I have it disabled?
All cloudflare testpages fail with dot+dnssec due to the test not being able to run properly with dnssec enabled. Cloudflare test only support being runned with it off and only test for the fact that cloudflare itself can validate and not that end user can validate.
 
So i ran tcpdump -s 0 -ni eth0 -p port 853 -w /tmp/mnt/whateverUsbdevice/mycap.pcap
then I opened it on wireshark and inspected some points
upload_2019-5-9_7-51-8.png

upload_2019-5-9_7-52-48.png

end to end encryption
 
Hello,

I used beta 2 and lost DNS using DOT + DNSSEC.
I only activated the DOT and even lost the DNS, even though I was connected to the internet.

With 384.11 the same thing, using DOT and cleanbrowsing.

DNS loss using DOT happens after a few hours.

No idea what's going on.

Code:
May  8 21:54:19 kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -1570 pad) in eraseblock at 002a0000
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:21 acsd: Adjusted channel spec: 0x1005 (5)
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: Adjusted channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:55:27 kernel: jffs2: warning: (750) jffs2_sum_write_data: Not enough space for summary, padsize = -1724
May  8 21:56:58 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link DOWN.
May  8 21:57:01 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link UP 10 mbps full duplex
 
Hello,

I used beta 2 and lost DNS using DOT + DNSSEC.
I only activated the DOT and even lost the DNS, even though I was connected to the internet.

With 384.11 the same thing, using DOT and cleanbrowsing.

DNS loss using DOT happens after a few hours.

No idea what's going on.

Code:
May  8 21:54:19 kernel: jffs2: warning: (1) jffs2_sum_write_data: Summary too big (-32 data, -1570 pad) in eraseblock at 002a0000
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:21 acsd: Adjusted channel spec: 0x1005 (5)
May  8 21:54:21 acsd: selected channel spec: 0x1005 (5)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: Adjusted channel spec: 0xe29b (157/80)
May  8 21:54:22 acsd: selected channel spec: 0xe29b (157/80)
May  8 21:55:27 kernel: jffs2: warning: (750) jffs2_sum_write_data: Not enough space for summary, padsize = -1724
May  8 21:56:58 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link DOWN.
May  8 21:57:01 kernel: eth3 (Ext switch port: 2) (Logical Port: 10) Link UP 10 mbps full duplex
i don't see DoT being lost by these logs - I see an ethernet device having issues communicating to the router.
 
another interesting test showing encryption layer change
upload_2019-5-9_8-1-46.png
 
Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?
did you select the wrong one to reply to?
 
Do you have skynet installed?

Yes I do. Let me guess it needs this to be set to dropped so it reverts it backed to dropped if you set it to accepted?
 
This time update was not smooth. And first ewer, it asked for manual reboot, without even needing it?
 
Hello everyone, thank you for your work on router.
I have a small problem I can't seem to find an answer. I have RT-AC1900U and on 384.11 right now. In Network Map > Client List, it's always a mess and mostly names of my devices becomes 'nw_ap_1552_sykevr_11'. I could not find any info on that. Sometimes they get unrelated icons, sometimes they get unrelated icons and nothing seems to fix it (reboot, restore with initializing settings). I'm attaching an example screenshot.

Screen Shot 2019-05-09 at 17.02.02.png


Thank you.
 
For clarification.

When selecting presets for DoT do we need to add a TLS port or SPKI Fingerprint? Or is leaving them blank fine?
 
For clarification.

When selecting presets for DoT do we need to add a TLS port or SPKI Fingerprint? Or is leaving them blank fine?
The question for me would is Comcast uses SPKI fingerprint ? However, please see link below per RMerlin:
https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy

It will only get linked to the Wiki index after 384.11 final is released.

In short, you don't need to change anything in the DNS fields. These should be left as they were before, just enable DNS Privacy, and add servers to the DNS-over-TLS list below.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top