Downloads

Firmware update: Asuswrt-Merlin 386.1

By admin
Spread the love

Asus uses a Tomato-derived firmware called Asuswrt for its routers, such as the RT-AC68 and RT-AX88. This firmware is, with the exception of a few drivers, open source, whereby the closed binaries are included. Asuswrt-merlin, in turn, is a modified version of the original firmware from Asus. It includes bug fixes and minor improvements, but still tries to stay close to the original, so that it remains possible to add new features that Asus introduces to the code. The changelog for version 386.1 looks like this:

Asuswrt-Merlin 386/NG Changelog

Switched to the new 386 code base. 386 introduces AiMesh 2.0, finalizes the move to OpenSSL 1.1.1 firmware-wide, adds a new speedtest (powered by Ookla). For more details, please refer to Asus’s own release notes.

Note:

  • For developers, note that firmware code is once again back on the master branch, with both mainline and ax being reunified again.
  • Some users upgrading might have to go through some database maintenance on first boot, which means the router might be slower or have a non-responsive webui for a while. This can take anywhere from 5 minutes up to an hour, depending on your model, just give it time to complete the process.

New:

  • Added support for the RT-AX86U.
  • Added support for the GT-AC2900, with a few restrictions:
    • Non-ROG UI is used
    • VPN Fusion is not supported
    • A few other ROG-specific features are not supported
      This is an experiment done in collaboration with Asus.
  • Added support for the RT-AC68U V3.
  • Added stub and stub-v2 compression options to OpenVPN clients. Not added to server, since compression is considered deprecated, and will be removed most likely in OpenVPN 2.6, for security reasons.
  • Added tls-crypt-v2 support to OpenVPN clients.
  • Added option to select an OpenVPN client when running Ookla Speedtest.

Updated:

  • Merged GPL 386_41700
  • Openssl to 1.1.1i.
  • Updated to OpenVPN 2.5.0. Note that OpenVPN 2.4.0 or newer is now required by the exported client config file. You can still manually configure an older client to connect with your router.
  • dnsmasq to 2.84, resolving CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686 aka DNSpooq (themiron )
  • nano to 5.2.
  • curl to 7.72.0.
  • zlib to 1.2.11.
  • lz4 to 1.9.2.
  • e2fsprogs to 1.45.6.
  • drop bear to 2020.81.
  • miniupnpd to 2.2 (git snapshot from 20201129)
  • Switched userspace ipset from 6.32 to 7.6 (to match with upstream)

Changed:

  • firmware update checks are no longer using the server address stored in nvram, for security reasons. Devs who were using that nvram should instead edit the webs_scripts/* to use their own URL.
  • The old legacy cipher setting in OpenVPN is now only available when running with static key authentication.
  • Tweaks to the OpenVPN web layout
  • OpenVPN clients will now NAT all outbound traffic, regardless of the source subnet.
  • Reworked the display of DNSPrivacy presets
  • Added AdGuard (ad blocking) and CIRA Canadian Shield (non US-based service) to the DNSPrivacy presets.
  • At boot time, OpenVPN killswitch will only be applied for clients set to auto-start with WAN.
  • Increased number of available mount points for addon webpages to 20.
  • Multiple routes can now be defined per client on the OpenVPN client-specific configuration.
  • Improved NAT acceleration report for newer models on the sysinfo page. Now query the hardware for the current state instead of reporting the nvram values.
  • When logging allowed connections is enabled, also log outbound LAN connections (reverts to the behavior from a few years ago)

Fixed:

  • DHCP could fail to renew its lease with some ISPs when Trend Micro engine was enabled (workaround provided by Asus)
  • OpenVPN client remote IP wasn’t updated on client stop/restart.
  • Couldn’t force generating a new SSL certificate for the webui.

Removed:

  • Option to disable NCP. The NCP cipher list is now used both for NCP and non-NCP endpoints.
  • fq_codel support for Adaptive QoS. Due to a change in how Trend Micro configures QoS, it is no longer possible to intercept these to inject fq_codel.
  • Option to select sfq as a queue scheduler for t.QoS or Bandwidth Limiter, and always use fq_codel.
  • Support for the Cloudcheck mobile app.

Version number 386.1
Release status Final
Website Asuswrt-Merlin
Download https://www.asuswrt-merlin.net/download
License type GPL
You might also like
News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable