[Release] Asuswrt-Merlin 384.14 (and 384.13_2) are now available

[Frankflash]

Firmware has been pulled from the web page.

Tried it for 20 minutes, WAN was down the whole time.

its still their

 

[RMerlin]

Back to Beta 3 on my RT-AC86U. The GUI had locked up twice this afternoon running 383.14 release.

As I posted before, there was zero code change between beta 3 and final, the only changes were two webui tweaks...

merlin@ubuntu-dev:~/amng$ git log --oneline 384.14-beta3-mainline..384.14-mainline
52ba83252a (tag: 384.14-mainline) Merge branch 'master' into mainline
cdb88358fe Bumped revision to 384.14 final
57cfecda72 Updated documentation
742e8cf6c2 webui: right-align values on the QoS stats tables
4efa360a3c webui: there's no popup help for this item, so remove the anchor
488bedbdcb (tag: 384.14-beta3) Updated documentation

And the complete exact list of changes between beta3 and final:

merlin@ubuntu-dev:~/amng$ git diff 384.14-beta3-mainline..384.14-mainline
diff --git a/Changelog-NG.txt b/Changelog-NG.txt
index 5725af921d..20c8238220 100644
--- a/Changelog-NG.txt
+++ b/Changelog-NG.txt
@@ -1,7 +1,7 @@
 Asuswrt-Merlin 384/NG Changelog
 ===============================

-384.14 (xx-xxx-xxxx)
+384.14 (14-Dec-2019)^M
   - NEW: Implement option to prevent Firefox's automatic usage of DoH.
          By default, this will only apply if you have DNSPrivacy
          enabled, or if you have DNSFilter enabled with a global
@@ -21,10 +21,6 @@ Asuswrt-Merlin 384/NG Changelog
   - UPDATED: RT-AC5300 to GPL 384_81351 and binary blobs from
              384_81219.

-  - NOTE: This release is not available on the RT-AC87U and
-          RT-AC3200 due to the lack of updated compatible
-          components from Asus.
-
   - UPDATED: miniupnpd 20190824
   - UPDATED: dnsmasq 2.80-95-g1aef66b (themiron)
   - UPDATED: OpenSSL 1.0.2 to 1.0.2t (themiron)
@@ -65,6 +61,39 @@ Asuswrt-Merlin 384/NG Changelog
            scripts were globally disabled


+384.13_2 (14-Dec-2019)^M
+  This release is only available for the RT-AC87U and RT-AC3200.^M
+^M
+  - NEW: Added "split" busybox applet.^M
+  - UPDATED: OpenSSL 1.0.2 to 1.0.2t (themiron)^M
+  - UPDATED: OpenSSL 1.1.1 to 1.1.1d (themiron)^M
+  - UPDATED: CA root certificates to October 9th 2019^M
+  - CHANGED: Rewrote the faketc script used to inject Codel into^M
+             Adaptive QoS as a C program for improved performance.^M
+  - CHANGED: Made webui SSL certificate generation compliant with^M
+             IOS 13 and MacOS 10.15 new requirements.^M
+  - CHANGED: IPv6 firewall now accepts empty values for local IP^M
+             (which means any local IP).^M
+  - FIXED: Non-working link to YandexDNS on the webui for^M
+           Russian models.^M
+  - FIXED: Webui wouldn't notify when running dangerously low on^M
+           free nvram (feature was lost at some point in the past)^M
+  - FIXED: Custom clientlist would be wiped if stopping an^M
+           OpenVPN server instance.^M
+  - FIXED: Incorrect detection of EUI64 addresses on the IPv6^M
+           firewall (would prevent using ::/0 for instance).^M
+  - FIXED: EUI64 support missing while in Load Balancing or^M
+           using Multicast IPTV.^M
+  - FIXED: Asus DDNS failing to update due to an invalid^M
+           certificate on Asus's server.^M
+  - FIXED: Let's Encrypt no longer working due to deprecated ACMEv1^M
+           protocol usage (backport from GPL 81351)^M
+  - FIXED: Let's Encrypt support would sometime fail when using^M
+           Asus DDNS (fixed DNS publishing of validation record)^M
+  - FIXED: IPv6 neighbour solicitation drop toggle not working^M
+           for some models^M
+^M
+^M
 384.13_1 (12-Aug-2019)
   - FIXED: RT-AC87U failing to boot when configuring in AP mode.

diff --git a/release/src-rt/version.conf b/release/src-rt/version.conf
index e51d543ce7..9d0ba147a3 100644
--- a/release/src-rt/version.conf
+++ b/release/src-rt/version.conf
@@ -1,5 +1,5 @@
 KERNEL_VER=3.0
 FS_VER=0.4
 SERIALNO=384.14
-EXTENDNO=beta3
+EXTENDNO=0
 RCNO=0
diff --git a/release/src/router/www/Advanced_WAN_Content.asp b/release/src/router/www/Advanced_WAN_Content.asp
index 4a80ce8860..86ad6a290c 100644
--- a/release/src/router/www/Advanced_WAN_Content.asp
+++ b/release/src/router/www/Advanced_WAN_Content.asp
@@ -1632,7 +1632,7 @@ function change_wizard(o, id){
                </tr>

                <tr>
-                       <th><a class="hintstyle" href="javascript:void(0);" onClick=""><#Extend_TTL_Value#></a></th>
+                       <th><#Extend_TTL_Value#></th>
                                <td>
                                        <input type="radio" name="ttl_inc_enable" class="input" value="1" <% nvram_match("ttl_inc_enable", "1", "checked"); %>><#checkbox_Yes#>
                                        <input type="radio" name="ttl_inc_enable" class="input" value="0" <% nvram_match("ttl_inc_enable", "0", "checked"); %>><#checkbox_No#>
diff --git a/release/src/router/www/QoS_Stats.asp b/release/src/router/www/QoS_Stats.asp
index 5c37ec2a3f..be3a793627 100644
--- a/release/src/router/www/QoS_Stats.asp
+++ b/release/src/router/www/QoS_Stats.asp
@@ -470,11 +470,11 @@ function draw_chart(data_array, ctx, pie) {
                }

                code += '<tr><td style="word-wrap:break-word;padding-left:5px;padding-right:5px;border:1px #2C2E2F solid; border-radius:5px;background-color:'+color[i]+';margin-right:10px;line-height:20px;">' + label + '</td>';
-               code += '<td style="padding-left:5px;">' + value.toFixed(2) + unit + '</td>';
+               code += '<td style="text-align:right;padding-left:5px;">' + value.toFixed(2) + unit + '</td>';
                rate = comma(data_array[i][2]);
-               code += '<td style="padding-left:20px;">' + rate.replace(/([0-9,])([a-zA-Z])/g, '$1 $2') + '</td>';
+               code += '<td style="text-align:right;padding-left:20px;">' + rate.replace(/([0-9,])([a-zA-Z])/g, '$1 $2') + '</td>';
                rate = comma(data_array[i][3]);
-               code += '<td style="padding-left:20px;">' + rate.replace(/([0-9,])([a-zA-Z])/g, '$1 $2') + '</td></tr>';
+               code += '<td style="text-align:right;padding-left:20px;">' + rate.replace(/([0-9,])([a-zA-Z])/g, '$1 $2') + '</td></tr>';
        }
        code += '</table>';

 

[Mick Mickle]

Because the stock firmware ONLY uses LE for https, therefore enabling LE without https makes no sense.

I've been using Let's Encrypt on my RT-AC88U, 384.13, with only HTTP authentication (LAN access only). It provides a valid certificate for AiCloud which, of course, uses HTTPS. Now, 384.14 requires HTTPS or "BOTH" for the LE section to work (although it sticks on "Updating...").

Am I off base here?

 

[Treadler]

I've been using Let's Encrypt on my RT-AC88U, 384.13, with only HTTP authentication (LAN access only). It provides a valid certificate for AiCloud which, of course, uses HTTPS. Now, 384.14 requires HTTPS or "BOTH" for the LE section to work (although it sticks on "Updating...").

Am I off base here?

I have mine set to ‘both’.

 

[htismaqe]

As I posted before, there was zero code change between beta 3 and final, the only changes were two webui tweaks...

I understand that and that's why I don't get it. But there's definitely some issue on my end that is being caused by final that wasn't happening in betas 2 or 3.

 

[htismaqe]

So interestingly enough, it appears some of the issues I'm seeing are known and or active.

https://www.snbforums.com/threads/rebooting-and-stability.60611/

I'm going to try disabling the TrendMicro stuff and see what happens.

 

[htismaqe]

Yep, it appears my issues may be related to AI Protection. In the system log prior to the last hang/reboot, I see dozens of entries of my daughter's iPhone associating and disassociating over and over again. In the AI Protection log, under Malicious Site Blocking, 1109 of the 1127 suspected spam/ad sites blocked were on my daughter's iPhone.

She's back at school today. My guess is I don't have any lockups at all while she's gone. Later today I'll nuke the AI Protection settings and re-flash 14 final and see what happens.

 

[dev_null]

Yep, it appears my issues may be related to AI Protection. In the system log prior to the last hang/reboot, I see dozens of entries of my daughter's iPhone associating and disassociating over and over again. In the AI Protection log, under Malicious Site Blocking, 1109 of the 1127 suspected spam/ad sites blocked were on my daughter's iPhone.

Can you post (as a spoiler so it doesn't take up a whole page!) or PM the list of those sites? The folks over on FreshTomato (nee Shibby) are fighting through freezes/reboots that some (including myself) are attributing to iDevices. Would be interesting to see the list AI Protection identified, to see if it will help narrow down the issue.

See: https://www.linksysinfo.org/index.php?threads/freshtomato-freezes-recent-builds.74932/

(Maybe you could post over there if you have an account/are so inclined.)

 

[htismaqe]

Can you post (as a spoiler so it doesn't take up a whole page!) or PM the list of those sites? The folks over on FreshTomato (nee Shibby) are fighting through freezes/reboots that some (including myself) are attributing to iDevices. Would be interesting to see the list AI Protection identified, to see if it will help narrow down the issue.

See: https://www.linksysinfo.org/index.php?threads/freshtomato-freezes-recent-builds.74932/

(Maybe you could post over there if you have an account/are so inclined.)

I don't have an account but I can PM you a list if that work...

 

[htismaqe]

I don't even need to send you a PM or post a spoiler. Once I removed duplicate entries and any entry that only appeared once, I was left with a table that only has 9 lines. I've pasted the table below for reference as well. Here are my findings:

1. As mentioned previously, of 1127 total events, 1016 of them were generated by my oldest daughter's iPhone 8 (Daughter #2 in the table).
2. Lines 1 and 8 appear to be unique to Android/Google and appear only a dozen or so times in over 1000 entires.
3. Line 2 only appears a dozen or so times as well.
4. Lines 3, 4, and 7 only appear a handful of times but since they were listed more than once, I included them in the table.

That leaves lines 5 and 6. Together, they appear probably 1000 times in the event table. It appears that one (or both) of these domains are causing the issue. Line 5 appears to be the most prevalent entry, FWIW.

Line     Threat                     Source                   Destination
1        Made for AdSense sites     Daughter #1 Android      rt.udmserve.net
2        Malware Accomplic          Daughter #1 Android      v.shulply.com
3        Spam                       Daughter #1 Android      v-42.gwmprogrammatic.com
4        Spam                       Daughter #1 Android      c.smrpm.com
5        Made for AdSense sites     Daughter #2 Android      servg.scrollplr.com
6        Spam                       Daughter #2 Android      v.itonoow.com
7        Spam                       Daughter #2 Android      www.webtracks.net
8        Made for AdSense sites     Mother-in-Law Pixel 2    rt.udmserve.net

 

[Krism]

Couldn't upgrade at first.
Using the web interface to check for updates: always got: unable to connect to the update server . (running 384.13 on my ac3200).
Figured out that: nvram get apps_wget_timeout gives 3O .

Look at the weird '3O'.

So I set it to 30 and then the check for updates worked again

 

[SolluxCaptor]

Does anyone running IPv6 + DNS over TLS know the best practice for setup in web GUI? Would I need IPv4 DoT servers in the list as well as IPv6? Or am I fine just using IPv6 DoT servers? As I understood, DNS6 can also return IPv4 responses - but wanted to ensure this is accurate for DoT as well, or if it introduces response latency. Apologies if newbie question, loving this firmware + Skynet + Diversion!

 

[martinr]

...1109 of the 1127 suspected spam/ad sites blocked were on my daughter's iPhone.. .......Later today I'll nuke the AI Protection settings and re-flash 14 final and see what happens.

And nuke her iPhone while your at it.

 

[randomName]

Back to Beta 3 on my RT-AC86U. The GUI had locked up twice this afternoon running 383.14 release.

Have you tried this, service restart_httpd, in putty? It worked for me a while ago.

 

[htismaqe]

FWIW, I also just realized that I have zero entries for servg.scrollplr.com or v.itonoow.com since downgrading from final to Beta 3. I'm guessing that's why the problem started when I upgraded. Maybe those sites were added to the TrendMicro list or something?

 

[htismaqe]

And nuke her iPhone while your at it.

What would that accomplish exactly?

 

[dev_null]

I don't even need to send you a PM or post a spoiler. Once I removed duplicate entries and any entry that only appeared once, I was left with a table that only has 9 lines.

Excellent, I shall quote this post over in the FT forums. Thanks again for your help!

EDIT, additional comment: You've listed daughters as Android in the code but you mentioned daughter's iPhone previously. Just want to be clear which device type we're talking about here.

 

[JMS]

RT-AX88U with 384.14 perfect
Thanks for the update!!!

 

[ollimoe]

Received a brand new RT-AX88U this afternoon, router was accessbile on 192.168.50.1 as default, all I did was upgrade to 384.14 - since then I cannot get to the main page anymore - neither on 192.168.1.1 not 50.1 - currently trying to figure how to get access - not sure even reset or recovery mode works - PANIC
Luckily enough my RT-AC86U works ...

 

[JMS]

Received a brand new RT-AX88U this afternoon, router was accessbile on 192.168.50.1 as default, all I did was upgrade to 384.14 - since then I cannot get to the main page anymore - neither on 192.168.1.1 not 50.1 - currently trying to figure how to get access - not sure even reset or recovery mode works - PANIC
Luckily enough my RT-AC86U works ...

Unplug, then press the wps button while plugging it in, leave it pressed for about 30 seconds (all lights will go out) then unplug and you can plug it in to configure it.