[Release] Asuswrt-Merlin 384.12 is now available

[Zenbiti]

It seems that I cannot get Traditional QoS to work on this release, once I have it enabled I lose access to routers UI. I took notes(sorry for the book).

Upgraded from 384.11.2 to 384.12 yesterday on my RT-AC68U router(NOT T-MOBILE).

Something is breaking my access to the UI(http) when I enable QoS. This has been happening in some form for the past few versions of Merlin although I was previously able to get QoS operational after disabling NAT acceleration. It's been a while since I last made changes to my config so I don't recall everything, in the past I just fiddled around until it worked which is not resolving it now. My internet seems to function perfectly fine, I just can't access my router.

I want to re-enable Traditional QoS with the fq-codel setting as my pings (e.g., pings to 8.8.8.8) jump up on my desktop when any other device on my network is using up most of the bandwidth such as a basic speed test.

As for the issue, when I try to log into my router I get the initial login screen as I normally would. But after logging in the page will either fail to load after timing out, or I get a partial page that is garbled in some way. Sometimes after waiting long enough I get most of the main page to load but with odd black test. This occurs in Opera, Edge, and IE with the same behavior.

Last night I performed the "Nuclear Reset" outlined by L&LD here: https://www.snbforums.com/threads/major-issues-w-rt-ac86u.56342/page-4#post-495710 and I will say my router seemed to behave better overall and quicker after this. I seemed to have access fine last night, including after enabling QoS but I had already been playing around with my router for several hours so I left it alone until this morning when I wanted to finish making config changes such as my UN/PWD and other basic settings but could no longer access the UI the same way I couldn't before.

So I'll replicate the issue with notes. For these tests EVERY hard/physical reboot is done with unplugging all items from Router for at least 10 seconds(or more when noted) before powering it back up and reconnecting other cables. I only have my WAN connection to my cable modem and 1 LAN connection for my desktop.

Test 1 - A base test for science!

1. WPS NVRAM Erase as outlined here: https://www.snbforums.com/threads/b...eta-is-now-available.55520/page-9#post-473141
2. Quick/temp wizard setup, then GUI initiated a reset to factory defaults including the option to 'initialize all settings'.
3. Another quick/temp wizard setup, and did performed the 'Format the JFFS partition on next boot' and made sure to hit Apply at the bottom of the page too before rebooting the router 3 times in the next 15 minutes. Waiting for at least 5 to 10 minutes between reboots. (assumed doing this for good measure on this troubleshooting even though I did it last night).
   1. Everything is current working A-OK, no config changes just the basic initial wizard setup and the 3 reboots with JFFS reformat each time.
4. For my first test, I simply enabled QoS using the 'Traditional QoS' type and 'fq_codel' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
5. Applied the above, and after logging in I have the same issue. Including after an additional reboot and waiting 5 more minutes.

Test 2 - Verify if SSH can work (should have enabled it last time).

1. WPS NVRAM Erase.
2. Quick/temp wizard setup, then GUI initiated a reset to factory defaults including the option to 'initialize all settings'.
3. Another quick/temp wizard setup, but I didn't bother with formatting the JFFS partition as it seems excessive at this point.
4. Enabled SSH, verified I can indeed use SSH via putty, stayed connected via Putty to see what happens.
5. Re-enabled QoS using the 'Traditional QoS' type and 'fq_codel' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
   1. My connection to Putty was severed after applying. "Remote side unexpectedly closed network connection" error.
6. After the router was done applying the settings, my UI was broken as expected. SSH seems to still work(although I don't know what I can do in SSH off hand. I tried using help, -help, -h, ?, man but I've never used the CLI on this router before. However I could login fine to SSH, no lag or anything.
   1. I did type 'reboot' into SSH which did reboot the router. Same issue after the reboot however. I get the initial login, but the UI fails to load after logging in.
7. At this point I tested the WRONG username and password to see what happens, and I did get an "invalid username or password error" so it's responding as it should for the actual login at least.
8. Via SSH I noticed that "TAB" does bring up a list of options. I used 'top' to see if my CPU usage was hight, but it's less than 1% and nothing else seems out of place including memory which was at 50756K and 205044K free.
   1. It's been a LONG time since I used any CLI, I couldn't seem to figure out much here such as disabling QoS.

Test 3 - Disabled STP and NAT Acceleration?

1. WPS NVRAM Erase.
2. Quick/temp wizard setup, then GUI initiated a reset to factory defaults including the option to 'initialize all settings'.
3. Another quick/temp wizard setup, but I didn't bother with formatting the JFFS partition as it seems excessive at this point.
   1. I also am ignoring SSH since it does me no good and seems unrelated.
4. This time I went to LAN>Switch Control and DISABLED 'NAT Acceleration' and 'STP'.
5. Re-enabled QoS using the 'Traditional QoS' type and 'fq_codel' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
6. Same issue again, rebooted, no change.

Test 4 - I don't know what to do next but try reinstalling firmware.

1. Downloaded 384.12 firmware from OneDrive instead of SourceForge, verified SHA256 sig. and uploaded.
2. Tried enabling both HTTP and HTTPS access on a whim.
   1. Confirmed access via HTTPS over port 8443.
3. Re-enabled QoS using the 'Traditional QoS' type and 'fq_codel' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
4. Seems both HTTP and HTTPS have the same issue. Both give me the login screen, but fails to load GUI after login.

Test 5 - Does Adaptive QoS work?

1. WPS NVRAM Erase.
2. Quick/temp wizard setup, then GUI initiated a reset to factory defaults including the option to 'initialize all settings'.
3. Enabled QoS with the default settings for 'Adaptive QoS' using 'sfq' queue. 'Web Surfing' mode selected.
4. UI is still functional over HTTP.
5. Soft rebooted router to confirm.
6. UI still functional, Adaptive QoS settings are intact after reboot.
7. Changed queue disipline from 'sfq' to 'fq_codel' for the Adaptive QoS.
8. Changed Bandwidth Setting to Manual and set the WAN packet overhead to Cable (DOCSIS) with 5/10 U/D bandwidth.
9. Still functional.

So far it does seems to be related to only the Traditional QoS option. I'll try a couple more things since I've already been at this for several hours.

Test 6 - using existing settings from Test 5, no resets. Just disabling a bunch of stuff and trying a different Queue for Traditional QoS.

1. Disabled NAT Acceleration and STP for the Switch Control.
2. Disabled UPnP.
   1. Did a random speed test (no particular reason) and the results were better than I've seen before and absolutely no jitter.
      1. 70/6Mbps result.
   2. Re-enabled UPnP, speed test again.
   3. Damn, I never would have thought UPnP would have such an impact
      1. 50/4Mbps result with UPnP enabled with a slow ramp up in speed rather than all out like before.
      2. https://www.speedtest.net/result/8374473388
   4. Disabled UPnP again and tested again. Wow.
      1. https://www.speedtest.net/result/8374478565
3. Verified IPv6 is disabled on the WAN interface as well as the firewall.
4. Changed from 'Adaptive QoS' to 'Traditional QoS' type and 'sfq' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
5. I still have access to the router UI…..?
   1. Speed test this time was 48/4Mbps. https://www.speedtest.net/result/8374493210
6. Because tech is weird, I changed the Queue to 'fq_codel'.
7. I still have access?
8. I'm thinking UPnP is the culprit so I enabled it.
9. Lost access to UI but only temporarily.
   1. Confirmed my settings are intact and QoS is still Traditional with fq_codel and UPnP is enabled.
10. Rebooted router to see if the fix holds.
11. Issue started again. UI fails to load after login screen. Waited several minutes to confirm reboot finished.

Final Test - Replicate potential fix?

1. WPS NVRAM Erase.
2. Quick/temp wizard setup, then GUI initiated a reset to factory defaults including the option to 'initialize all settings'.
3. Disabled UPNP.
4. Enabled 'Traditional QoS' type and 'sfq' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
   1. Lost Access again, DOH!
5. WPS NVRAM Erase.
6. Quick/temp wizard setup.
7. Disabled UPnP, STP, and NAT Acceleration and IPv6 Firewall.
8. Enabled 'Traditional QoS' type and 'sfq' Queue and 'Cable (DOCSIS)' for WAN packet overhead and 5Mb Upload with 50Mb Download set.
9. Broke again, and at this point so am I.

I'll live without it but I hope my exploration helps find out what is happening? Can anyone with an RT-AC68U replicate this?

 

[Delusion]

If I have dnssec and dns over tls configured . I configure my vpn (openVPN client) to run on x,y,z devices using Policy Rules (strict) , which settings do I need to change to make the devices x,y,z to use the VPN service dns servers which I need to enter manually ?

Right now, I use "Accept DNS Configuration: Exclusive". If I turn on DNS Filter and configure Custom 1 and Custom 2 dns servers and force the devices x,y,z to use those two dns servers, I should leave "Accept DNS Configuration" Exclusive or use Strict or Relaxed?

 

[octopus]

Can confirm problem to reach login page, have to "service restart_ httpd" to get it working again.
No sign in log though. First time that happend.

EDIT: possible problem.
When use Network Tools - Network Analysis and ping something not answered GUI get unresponsive
and have to use "service restart_httpd" to get answer again.

@RMerlin

 

[JemTheWire]

You need to create the file /jffs/scripts/stubby.postconf

You can do this with WinSCP. Navigate to /jffs/scripts. Right click in the right window and select New/File or Shift + F4. Name the file stubby.postconf and enter the following (just copy and paste):

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "idle_timeout: 9000" "idle_timeout: 2000" $CONFIG
pc_replace "tls_connection_retries: 2" "tls_connection_retries: 5" $CONFIG
pc_replace "timeout: 3000" "timeout: 2000" $CONFIG
pc_replace "round_robin_upstreams: 1" "round_robin_upstreams: 0" $CONFIG

Save the file. Right click on the file and check the boxes next to the three X's to make the Octal:755 then click OK. Restart Stubby by turning DoT off then on or in a terminal session with
service restart_stubby

These settings seem to help at least on my ISP. I have found Cloudflare to be the most reliable for me with CleanBrowsing next then Quad9. I manage a couple of routers on another ISP and Quad9 seems to work better than Cloudflare. I feel it is how the DNS resolver anycast addresses are routed. The closest Quad9 data center to me is 100 miles away as the crow flies but I get routed to another Quad9 data center 1,000 miles away and have been routed to the Quad9 data center clear across the country on the west coast! Using Cloudflare I'm routed to the data center 100 miles away. Also feel that DNSSEC is handled better by Cloudflare.

UPDATE:
Since doing this (creating stubby.postconf), i haven't had the issue return. I am still using Cloudflare and my DoT DNS provider.

 

[Thermaltake]

Torrents need an open port to work as intended, then or you open and set one manually in router and utorrent or you let uPnP do it for you, so the log is normal (1h timeout and it closes the port if no more open torrent).

For the other, if you clear AiProtection log you have that message.

I have open port on both routers for utorrent and set that same port manually in utorrent, so there are no automatic port changing in utorrent.

Is it still normal for message like that to appear even when port is open ? Do I need uPnP enabled or should I disable it.


P.S

No messages in AiProtection.

 

[MDM]

I have open port on both routers for utorrent and set that same port manually in utorrent, so there are no automatic port changing in utorrent.
Is it still normal for message like that to appear even when port is open ? Do I need uPnP enabled or should I disable it.

P.S
No messages in AiProtection.

If you set it manually, no you don't, not for torrents.
Do you need it for some other program/device, only you know...
But generally it is regarded as a security risk.

 

[ZNP_83]

This might sound bonkers and it took me a while to narrow it down, but after updating to this release from the previous beta, enabling wifi on my iPhone causes my 86u to drop connection, as well as my primary router (U-Verse BGW210) to briefly fail to resolve any IP on its default gateway.

Turning on cellular data and disabling wifi and then refreshing either the WAN DNS page in Merlin or doing a full reboot of the 86u resolve the issue. The 86u is running DoT using the Cloudflare addresses.

Anyone have a hint as to what the heck is happening here?

 

[ironclad]

It seems that I cannot get Traditional QoS to work on this release, once I have it enabled I lose access to routers UI. I took notes(sorry for the book).
I'll live without it but I hope my exploration helps find out what is happening? Can anyone with an RT-AC68U replicate this?

I have the same problem with my 68u, though I don't know if the issue is exclusive to this build. My interface is HTTPS only. Once I enable QOS with fq_codel all router pages slow to a crawl. Most pages still work if I'm patient and it seems like it's just the network map page that doesn't work properly.

I've killed httpd and restarted it, didn't fix it. Nothing interesting in the logs either besides these warning messages:

kernel: HTB: quantum of class 10001 is big. Consider r2q change.
kernel: HTB: quantum of class 10002 is big. Consider r2q change.
kernel: HTB: quantum of class 10060 is big. Consider r2q change.
kernel: HTB: quantum of class 20001 is big. Consider r2q change.
kernel: HTB: quantum of class 20002 is big. Consider r2q change.
kernel: HTB: quantum of class 20060 is big. Consider r2q change.

Edit: The Network table in "Tools" is completely broken too. It's missing everything besides the Hardware Acceleration information.

Network
HW acceleration Disabled - incompatible with: QoS
Connections
Ethernet Ports

Wireless Clients (2.4 GHz)
Wireless clients (5 GHz)

 

[reejue]

That's a known but with Asus who hasn't relase a fix for it yet.

Thank you for reply , I am obsessed by this problem.
it was well at 384.11_2 , but i upgrade to 384.12 and it happend, even though I have done Factory default+Format JFFS.

my setting:

after reboot:

my setting lost after reboot ...

 

[Raphie]

I’m running the RT5300 vanilla with below exceptions
- 5Gh bonding
- LAN 1/2 bonding to Synology
- USB stick with AMTM, Diversion, Skynet and pixelserv

It just runs GREAT, no issues, no performance issues, no reason to implement user “best practises” other “scripts”

 

[psychbiz]

I too have been having problems with 384.12 from 384.11 on my RT-AC86U Initially I did a simple flash upgrade and found neither my VPN server nor SSH worked. The only change I had made over the previous firmware was to activate QoS (defaults). So I did a WPS NVram erase (twice) and rebooted did a factory reset from browser and manually reconfigured everything. After that I could use SSH and VPN ok. When clicking reboot button on Browser setting screen, the router did not reboot, it shutdown and switched off. That's never happened before. This morning, after powering on the router after shutdown the last evening, and ALL settings were gone! It presented me with the initial setup wizard again.

I have manually reconfigured everything (But no QoS this time) and tried rebooting from the Browser and the router simply shut down again.

My apologies for my lack of technical skill, but thought I should at least report that this firmware update has some serious bugs for me. And would certainly appreciate any advice to avoid these issues

 

[hotsauce2007]

Latest FW over here, AC86u, I am getting at least one or two drops of the connection in one week, I never had it before

 

[Thermaltake]

If you set it manually, no you don't, not for torrents.
Do you need it for some other program/device, only you know...
But generally it is regarded as a security risk.

Okay, thnx for advice. I'll turn it off, no need for uPnP at the moment.

 

[martinr]

I too have been having problems with 384.12 from 384.11 on my RT-AC86U Initially I did a simple flash upgrade and found neither my VPN server nor SSH worked. The only change I had made over the previous firmware was to activate QoS (defaults). So I did a WPS NVram erase (twice) and rebooted did a factory reset from browser and manually reconfigured everything. After that I could use SSH and VPN ok. When clicking reboot button on Browser setting screen, the router did not reboot, it shutdown and switched off. That's never happened before. This morning, after powering on the router after shutdown the last evening, and ALL settings were gone! It presented me with the initial setup wizard again.

I have manually reconfigured everything (But no QoS this time) and tried rebooting from the Browser and the router simply shut down again.

My apologies for my lack of technical skill, but thought I should at least report that this firmware update has some serious bugs for me. And would certainly appreciate any advice to avoid these issues

Is it still under warranty?

Perhaps try the Nuclear Reset and see what it’s like afterwards.

 

[psychbiz]

Is it still under warranty?

Perhaps try the Nuclear Reset and see what it’s like afterwards.

I don't think it is still under warranty, but did wonder whether it might be a hardware issue. I didn't get every step of the nuclear reset right, but that was what I was trying to do

 

[martinr]

I don't think it is still under warranty, but did wonder whether it might be a hardware issue. I didn't get every step of the nuclear reset right, but that was what I was trying to do

Maybe try and follow it to the letter, then you’ll be as certain as you can be that it’s not a software problem.

Are you using the original ASUS power supply; you’re not using a different one? You don’t have a spre one you could try just to rule that variable out?

 

[martinr]

I don't think it is still under warranty, but did wonder whether it might be a hardware issue. I didn't get every step of the nuclear reset right, but that was what I was trying to do

You’ve probably seen https://www.snbforums.com/threads/asus-rt-ac5300-bricked-what-to-do.35718/#post-501666

Maybe as a last resort (if the full Nuclear Reset doesn’t help) you could try pressing reset AND WPS whilst powering on. Nothing to lose, but don’t get your hopes up!

 

[joe scian]

I’m running the RT5300 vanilla with below exceptions
- 5Gh bonding
- LAN 1/2 bonding to Synology
- USB stick with AMTM, Diversion, Skynet and pixelserv

It just runs GREAT, no issues, no performance issues, no reason to implement user “best practises” other “scripts”

yes same here - we are lucky and astute to have the RT AC-5300. The number of issues that people are having with the AC86U - or the overheating 68U are mind bogling!

 

[MDM]

Someone recently wrote here that for the (problematic?) RT-AC86U factory/nuclear reset isn't apparently enough to really reset it, and only forced recovery mode flashing (ASUS FW) and then the latest RMerlin helped?
Worth a try, if all else fails, and you would all then know the reset itself is buggy (it does not properly clear the nvram part or something - probably only ASUS can fix)...

 

[martinr]

yes same here - we are lucky and astute to have the RT AC-5300. The number of issues that people are having with the AC86U - or the overheating 68U are mind bogling!

I’m not sure anyone’s got an overheating 68U, in the sense that the router performance is falling off with temperature or that routers are shutting down because of high temperatures. I think it’s simply that people see a cpu temperature in the 80s (Centigrade) and feel they need to do something about it. I don’t believe anyone has demonstrated there is even a hint of a problem. (There’s been a lot of armchair theorising, but that’s not the same thing.). If Merlin hadn’t included the temperature information we’d all be none the wiser and we’d be taking the dog for a walk instead of attaching fans and Peltier devices, drilling holes and reseating heat sinks with thermal paste. I should know: I played around enough with my main 68U (for the hell of it), but when I got my spare one, I never even bothered with the thermal paste, let alone fans. When it comes to the RT-AC68U, I’m one of it’s strongest fans!