[Release] Asuswrt-Merlin 384.12 is now available

[DAVID LONG]

Yes, and no.

Direct reply and reason from RMerlin:
https://www.snbforums.com/threads/p...-asus-openvpn-client.43029/page-2#post-426754

My memory is not as good as it once was.

 

[bbunge]

Except that this is happening with Cloudflare and now Quad9.

Where will i find stubby.postconf ? I have searched with WinSCP in an SSH session, but no matches found.

You need to create the file /jffs/scripts/stubby.postconf

You can do this with WinSCP. Navigate to /jffs/scripts. Right click in the right window and select New/File or Shift + F4. Name the file stubby.postconf and enter the following (just copy and paste):

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "idle_timeout: 9000" "idle_timeout: 2000" $CONFIG
pc_replace "tls_connection_retries: 2" "tls_connection_retries: 5" $CONFIG
pc_replace "timeout: 3000" "timeout: 2000" $CONFIG
pc_replace "round_robin_upstreams: 1" "round_robin_upstreams: 0" $CONFIG

Save the file. Right click on the file and check the boxes next to the three X's to make the Octal:755 then click OK. Restart Stubby by turning DoT off then on or in a terminal session with
service restart_stubby

These settings seem to help at least on my ISP. I have found Cloudflare to be the most reliable for me with CleanBrowsing next then Quad9. I manage a couple of routers on another ISP and Quad9 seems to work better than Cloudflare. I feel it is how the DNS resolver anycast addresses are routed. The closest Quad9 data center to me is 100 miles away as the crow flies but I get routed to another Quad9 data center 1,000 miles away and have been routed to the Quad9 data center clear across the country on the west coast! Using Cloudflare I'm routed to the data center 100 miles away. Also feel that DNSSEC is handled better by Cloudflare.

 

[Sanna1967]

haven't had them on previous build of firmware

Known message in the log for long time . On my side I have it too since several builds( when my bridge disconect and reconnect to wifi). If it's really boring for you, just put "Log only messages more urgent than" on INFO in General log tab
Its just a Asus debug message , harmless

 

[dave14305]

I am getting these messages all the time in log, haven't had them on previous build of firmware

Jun 26 18:34:18 WLCEVENTD: eth2: Disassoc E4:0E:EE:24: D0:35
Jun 26 18:34:47 WLCEVENTD: eth2: ReAssoc E4:0E:EE:24: D0:35
Jun 26 18:34:47 WLCEVENTD: eth1: Disassoc E4:0E:EE:24: D0:35
Jun 26 18:35:18 WLCEVENTD: eth1: ReAssoc E4:0E:EE:24: D0:35
Jun 26 18:35:18 WLCEVENTD: eth2: Disassoc E4:0E:EE:24: D0:35
Jun 26 18:35:18 kernel: br0: received packet on eth1 with own address as source address

If it’s the same MAC switching between eth1 and eth2, your device is switching between WiFi bands, I believe. Pick one and forget the other on the device, or are you using smart connect?

 

[VikingRulez]

Im new to this forum and I'm not sure if this bug has been reported yet.
I'm using a Asus AC86U router with Merlin firmware 384.12 installed. The bug which I believe I found is in the OPENVPN section. When choosing the vpn file you want to upload to the router initially it reads the file name but after upload it correctly shows all updated settings but are now displaying "no file found" and you cant rename ex. vpn client 1 to "your vpn server location/name" either. What if you had 5 vpn clients installed but you dont know which one is taking you to England?

 

[Val D.]

Im new to this forum and I'm not sure if this bug has been reported yet.
I'm using a Asus AC86U router with Merlin firmware 384.12 installed. The bug which I believe I found is in the OPENVPN section. When choosing the vpn file you want to upload to the router initially it reads the file name but after upload it correctly shows all updated settings but are now displaying "no file found" and you cant rename ex. vpn client 1 to "your vpn server location/name" either. What if you had 5 vpn clients installed but you dont know which one is taking you to England?

I don't see this on my router. It accepts the files properly. The name has to be changed after the file is uploaded.

 

[Sanna1967]

and you cant rename ex. vpn client 1 to "your vpn server location/name" either.

IF I remember you have to start the client first after uploading settings and then you can make the changes

 

[bbunge]

Im new to this forum and I'm not sure if this bug has been reported yet.
I'm using a Asus AC86U router with Merlin firmware 384.12 installed. The bug which I believe I found is in the OPENVPN section. When choosing the vpn file you want to upload to the router initially it reads the file name but after upload it correctly shows all updated settings but are now displaying "no file found" and you cant rename ex. vpn client 1 to "your vpn server location/name" either. What if you had 5 vpn clients installed but you dont know which one is taking you to England?

You may be better off using OpenVPN on your PC. Fewer problems. Just try it if you do not have a good reason to have everything on your local network go over VPN.

Sent from my SM-T380 using Tapatalk

 

[m3tpe]

On this firmware right now. Is NAT acceleration AUTO "controlled by CPU" working? I just swapped to 1 gigabit internet through comcast, but i can't seem to get higher download than 400mbps. Trying to enable NAT accleration, but only gives me AUTO mode.
Should I factory reset the router?

 

[doczenith1]

Auto mode is correct. Have you rebooted the router? I have found that a full reboot is required after adjusting the acceleration off or to auto and also when making other changes to the router that affect nat acceleration.

What does the HW acceleration show on the Tools page?

And if you haven't performed a reset in a while then it's not a bad idea to do so with a minimal configuration to rule out issues from a settings conflict.

 

[Thermaltake]

If it’s the same MAC switching between eth1 and eth2, your device is switching between WiFi bands, I believe. Pick one and forget the other on the device, or are you using smart connect?

I am using smart connect. And when it's enabled I don't have a control of choosing channel it's automatically on auto.

Known message in the log for long time . On my side I have it too since several builds( when my bridge disconect and reconnect to wifi). If it's really boring for you, just put "Log only messages more urgent than" on INFO in General log tab
Its just a Asus debug message , harmless

View attachment 18418

Thank you, I set it to only info now.

 

[MDM]

On this firmware right now. Is NAT acceleration AUTO "controlled by CPU" working? I just swapped to 1 gigabit internet through comcast, but i can't seem to get higher download than 400mbps. Trying to enable NAT accleration, but only gives me AUTO mode.
Should I factory reset the router?

I would first reboot the comcast modem!

 

[VikingRulez]

I don't see this on my router. It accepts the files properly. The name has to be changed after the file is uploaded.

I have tried to reset the router in between setting up the VPN clients. I have used files from different vendors but I can't get access and get errors ex. "No file found", authentication error and missing certification authentication error. I can see all the vendor changes. I verified that the cert key was saved. Port numbers matches vendor specific settings.

The

 

[richardeid]

• The router will now directly use the WAN-configured DNS for name resolution done on the router itself by default. The option is still configurable under Tools -> Other Settings for those who have a particular need that requires the former default behaviour. This matches how stock firmware works, and this change has zero impact on your LAN clients.

Just looking for some info on this. I have a thermostat that I can push certain data to (like current weather info for my area) and have it show on the display. The way I do this is I pull data from a source, use jq to parse the data and then curl to push it to the thermostat. I give the thermostat a reserved IP and in doing that I assign it a hostname. So I would use that hostname to push the data through it using curl.

So of course, this stopped working when I updated to 384.12. Reading the changelog helped me figure out the issue rather quickly, but I was pretty stumped at first because while the router couldn't ping that device by its hostname, all the other devices on my network could. Hitting that line item and the "zero impact on your LAN clients" part made it click.

I'm wondering what the purpose of the change is and the pros and cons of doing it either way. For now I've changed it back to the old way unless I can be convinced the new way would be better going forward.

 

[CaptainSTX]

I have tried to reset the router in between setting up the VPN clients. I have used files from different vendors but I can't get access and get errors ex. "No file found", authentication error and missing certification authentication error. I can see all the vendor changes. I verified that the cert key was saved. Port numbers matches vendor specific settings.

The

By any chance are you running any scripts on your router? If yes there is the possibility that that they might have corrupted your Iptables and/or Ipconfig. This happened to me and I could not get VPN client 1 & 2 running. The solution for me totally erase the router's memory and start from scratch.

 

[zoggy]

Using Asus RT-AC88U. I was plagued with 2.4Ghz issues back on the 384.x and had to downgrade to 380.70 until the buggy driver included in the gpl got updated.
I didn't have any wireless issues while on 384.8_2 and was still good on 384.9, which had been stable for a few months (170 days+ router uptime with no need to reset anything).
Then a few weeks ago I got around to upgrading to 384.11_0 and the wireless problem came back (every couple days the 2.4Ghz band would need to be reset to make things work on it).
Last week 384.12 came out and I upgraded but sadly the wireless problem is still there, have had to reset the 2.4Ghz band twice now in 5 days.

 

[martinr]

....,.I'm wondering what the purpose of the change is and the pros and cons of doing it either way. For now I've changed it back to the old way unless I can be convinced the new way would be better going forward.

This might be a starting point but you might need to dig a bit deeper:

https://www.snbforums.com/threads/dns-security.56784/page-2#post-494348

 

[cmkelley]

Using Asus RT-AC88U. I was plagued with 2.4Ghz issues back on the 384.x and had to downgrade to 380.70 until the buggy driver included in the gpl got updated.
I didn't have any wireless issues while on 384.8_2 and was still good on 384.9, which had been stable for a few months (170 days+ router uptime with no need to reset anything).
Then a few weeks ago I got around to upgrading to 384.11_0 and the wireless problem came back (every couple days the 2.4Ghz band would need to be reset to make things work on it).
Last week 384.12 came out and I upgraded but sadly the wireless problem is still there, have had to reset the 2.4Ghz band twice now in 5 days.

Wireless is all closed source and out of RMerlin's control. There is literally nothing he can do about it.

 

[Webheadfred]

I'm an old dude with an RT-AC88u on 380.65. How much trouble should I expect upgrading dirty. I'll probably have an AX88u by the end of the week and figured I'd give it a go. With the wife-unit squawking so much with me 'experimenting' with the router, I adopted the "if it aint broke" mentality for home harmony. Cheers y'all!

Well..... I did it. I wrote down or screen shot every setting for 380.65 I had running. From the update page on the UI, I selected the 384.12 file and uploaded it from a wired connection. After three minutes or so, the router rebooted and the log-in screen was a little jumbled so I refreshed the browser window and was able to log in perfectly. Every setting was saved. I'm not going to do a factory reset unless the wife-unit complains about the speed. So far, so good. Cheers y'all!

 

[RMerlin]

I'm wondering what the purpose of the change is and the pros and cons of doing it either way. For now I've changed it back to the old way unless I can be convinced the new way would be better going forward.

This was changed to prevent various potential issues. Here are a few:

- Local DNS-based tests to determine if the connection was up could incorrectly report as being up since the response would come from dnsmasq's cache without actually trying to access the Internet
- More robust handling of Internet connections that rely on DHCP + VPN to establish a connection in two stages (like Russia's Beeline)
- More robust handling in case dnsmasq fails to start due to a misconfiguration of some sort
- More robust handling in case something went wrong with a VPN client or DNS over TLS configuration