Asuswrt-Merlin Changelog
========================
386.10 (10-Mar-2023)
- NOTE: 386_xx releases are only for Wifi 5 (AC) models.
- NEW: Added Site Survey page under Network Tools tab.
(RT-AC86U/GT-AC2900).
- UPDATED: dnsmasq to 2.89.
- UPDATED: openvpn to 2.6.0.
- UPDATED: openssl to 1.1.1t.
- UPDATED: miniupnpd to 2.3.3.
- UPDATED: Asus security daemon updated to 2.0 engine (patch
from Asus)
- CHANGED: Moved WiFi Radar and Site Survey to the
Network Tools tab
- CHANGED: Disabled auto logout on System Log and
Wireless Log pages.
- CHANGED: Reduced EDNS packet size from 1280 to 1232
bytes in dnsmasq, to better work with some
upstream servers not fully supporting EDNS0.
- FIXED: NTP redirection wouldn`t work properly with
Guest Network, removed redirection for these.
- FIXED: Added missing Tools icon on ROG UI (icon
contributed by Cody).
- FIXED: RT-AC68U may crash when using Media Bridge mode
with a specific SSID length (patch from Asus)
386.9 (6-Jan-2023)
- NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.
- NEW: Merged with GPL 386_50757.
- UPDATED: getdns/stubby to 1.7.2/0.4.2.
- UPDATED: zlib to 1.2.12 + backports.
- UPDATED: openssl to 1.1.1s.
- UPDATED: inadyn to 2.10.0.
- UPDATED: nettle to 3.8.1.
- UPDATED: openvpn to 2.5.8.
- UPDATED: dropbear to 2022.83.
- UPDATED: dnsmasq to 2.88.
- CHANGED: Rebranded DNSFilter as DNS Director. This will prevent
confusion with the company sharing the same name, and
also better describes what the feature does.
- CHANGED: Setting an OpenVPN client to redirect all traffic while
in "Exclusive" DNS mode will now force redirect ALL
DNS traffic just like in VPN Director mode.
While this will allow redirecting clients with
hardcoded DNS servers, it also means that your whole
LAN will lose the ability of doing local name
resolution. It might be best to use VPN Director
in that case to control which client should
be involved in the DNS redirection, or use
DNSFilter instead of Exclusive DNS mode.
editing VPNDirector rules.
- CHANGED: Switched generated self-signed certificate to an
EC certificate.
- CHANGED: Disabled DSS key support in Dropbear SSH.
- FIXED: Wrong temperatures used by the temperature graphs
(386.8 regression)
- FIXED: Guest Network clients couldn't route through VPN
(regression in 386.4 following a GPL merge).
- FIXED: Clients connected to Guest Network 1 aren't
redirected to the router's NTP if NTP interception is
enabled.
- FIXED: Name was truncated to 31 chars when enabling OpenVPN
client's Server Certificate Name Validation.
- FIXED: CVE-2022-37434 in zlib.
- REMOVED: Interface selector on Speedtest page (no longer
working, possibly due to an ookla client update)
388.1 (3-Dec-2022)
- NOTE: This release is only available for AX models.
AC models will remain on the 386_xx release branch.
- NEW: Add RT-AX86U_PRO support.
- NEW: Merged with GPL 388_20566 (RT-AX88U and GT-AX11000)
- NEW: Merged with GPL 388_21224 (all other AX models)
- NEW: Experimental ROG UI version for GT models, as a separate
firmware image within the distribution archive, with
"_rog" in the filename.
- NEW: (Asus 388) WireGuard client and server. The server uses
the new 388 VPN server webui. Implemented a webui for
clients, based on the early development UI from Asus.
WG client routing is handled by VPN Director - you must
configure redirection rules through it, same as on stock
firmware which requires configuring rules through
VPN Fusion.
DNS handling will be identical to OpenVPN's Exclusive DNS
mode, forcing clients to use the DNS provided by it
(if any is provided).
Note that enabling WireGuard will disable hardware
NAT acceleration due to compatibility reasons.
- NEW: httpd support for EC certificates (Ivan Kruglov)
- UPDATED: getdns/stubby to 1.7.2/0.4.2.
- UPDATED: zlib to 1.2.12 + backports.
- UPDATED: openssl to 1.1.1s.
- CHANGED: Rebranded DNSFilter as DNS Director. This will prevent
confusion with the company sharing the same name, and
also better describes what the feature does.
- CHANGED: Setting an OpenVPN client to redirect all traffic while
in "Exclusive" DNS mode will now force redirect ALL
DNS traffic just like in VPN Director mode.
While this will allow redirecting clients with
hardcoded DNS servers, it also means that your whole
LAN will lose the ability of doing local name
resolution. It might be best to use VPN Director
in that case to control which client should
be involved in the DNS redirection, or use
DNS Director instead of Exclusive DNS mode.
- CHANGED: (Asus 388) nvram storage increased to 192 KB on newer
HND 5.04 devices like the GT-AXE16000.
- CHANGED: Reworked VPN Status page to only show currently
active services.
- CHANGED: Reworked VPN Director page design, added buttons to
access a client's settings page, and allow leaving
both source and destination IPs empty (for "all").
- CHANGED: Optimized VPN Director WAN and DNS rule creation, so
they no longer get re-created multiple times when
editing VPNDirector rules.
- CHANGED: Switched generated self-signed certificate to an
EC certificate.
- CHANGED: Disabled DSS key support in Dropbear SSH.
- FIXED: Wrong temperatures used by the temperature graphs
(386.8 regression)
- FIXED: CVE-2022-37434 in zlib.
- FIXED: GT-AXE16000 random reboots when using an OpenVPN
client with VPN Director and Adaptive QoS.
- FIXED: Clients connected to Guest Network 1 aren't
redirected if NTP interception is enabled.
- FIXED: Name was truncated to 31 chars when enabling OpenVPN client's
Server Certificate Name Validation.
- REMOVED: Interface selector on Speedtest page (no longer
working, possibly due to an ookla client update)
- REMOVED: NAT Type setting on HND 5.04 devices (fullcone is
not supported by kernel 4.19, so it wasn't working)
386.8 (13-Aug-2022)
- NOTE: This release is only available for the RT-AX88U as
well as the two new models listed below.
- NEW: Added support for the GT-AXE16000.
- NEW: Added support for the GT-AX11000_Pro.
- NEW: Added support for new RT-AX88U hardware revision.
- UPDATED: Merged with GPL 386_49634.
- CHANGED: Re-enabled IPv6 DDNS support.
- CHANGED: Once again block router DNS access over IPv6 when
using DNSFilter on a pre-HND model (reverted back
to 386.7 behaviour for that scenario)
- FIXED: inaccurate nvram usage on Sysinfo page for some HND
models. Now accurately report kernel nvram usage.
- FIXED: WiFi Radar page alignment.
- FIXED: AiMesh node new firmware popup would use the device model
(like RT-AC66U_B1) rather than the product id (like
RT-AC68U) for the generated download URL.
- FIXED: OVPN client with DNS set to strict had lower priority
than DNSPrivacy servers.
- FIXED: IPv6 DNS may be missing if DNSPrivacy is enabled.
- FIXED: Wifi Radar pages missing on XT12.
- FIXED: QRcode failing to generate if the SSID contained unicode
characters (like
