Firmware update: Asuswrt-Merlin 380.67

Asus uses Tomato-derived firmware called Asuswrt for its newer routers, such as the RT-AC66U and RT-AC87U. This firmware is, with the exception of a few drivers, open source, whereby the closed binaries are included. Asuswrt-merlin, in turn, is a modified version of the original firmware from Asus. It includes bug fixes and minor improvements, but still tries to stay close to the original, so that it remains possible to add new features that Asus introduces to the code. Version 380.67 has been released with the following changes and improvements:

New:

• Merged with GPL 380_7743 code, with binary blobs from 7378 for N66U
• Custom config support for quagga/ripd.
• Webui SSL certificate can now be saved so it gets reused instead of a new one being constantly generated. It will be stored under /jffs/ssl/, you can also easily provide your own by storing cert.pem and key.pem in that location. Settings to control this can be found under Administration -> System.
• TLS support in vsftpd. Key and certs are automatically generated, and can also be replaced by your own, as ftp.key and ftp.crt under /jffs/ssl/
• fq_codel and configurable overhead support in Adaptive QoS.
• PEAP/MSCHAPv2 support via 802.1x on WAN interface, in addition to existing MD5 support (patch by Rafi Khardalian)

Changed:

• Remember chosen sort method on DHCP static reservations page.
• Updated minidlna to 1.2.0.
• Updated nano to 2.8.5.
• Updated openssl to 1.0.2l.
• Updated ipset (ARM) to 6.32.
• Upgraded from vsftpd 2.0.4 to 3.0.3. You might need to revise any custom configuration you have done (if any).
• Moved SMB2 support switch to the main samba page.
• Optimized all webui images for size
• Tor now runs as a limited user instead of as root
• Limited number of supported OpenVPN clients to 2 on the RT-AC3200, to save on nvram.
• Removed tweak that allowed to disable/enable bridge multicast snooping, as Asus now disables it upstream at the kernel level.

Fixed:

• OpenVPN client would be shown as having failed to connect if a reconnect attempt initially failed to authenticate, but successfully connected afterward.
• Quagga’s log could fill up RAM, reduced the amount of logging generated by it.
• NFS sometimes failing to start properly (patch by john9527)
• Layout issue of the status bar under Chrome when window is larger than 1800px (patch by Cyrus Dargahi)
• UPNP and SNMP issues in Dual WAN mode.
• NAT Loopback (merlin mode) in Dual WAN mode wasn’t supported.
• Internal and external port specifications were swapped in miniupnpd’s config file (Asus/Tomato bug)
• Enabling policy-based routing for a client connecting to a server that doesn’t push a redirect-gateway would fail to properly route traffic (for instance with StrongVPN)
• Invalid port trigger rules when specifying a port range (patch by John Bacho)
• OpenVPN client with a password containing an “&” could get corrupted when re-editing that client’s config.
• Some remote syslogd would choke on syslog entries sent by the router if there were spaces in the tag parameter. Removed spaces where this was the case.