This action might not be possible to undo. Are you sure you want to continue?
40 (6-March-2014) ============================================ About ----Asuswrt is the firmware developed by Asus for their newer routers. They are also porting it to some of their older models, like the RT-56U and RT-N16. While originally based on Tomato-RT, Asus has disabled some of the original Tomato features, and added others. Asuswrt-merlin is a customized version, which I am developing. The goal is to do some bugfixes and minor enhancements to Asus's firmware, without targeting at full-blown advanced featuresets such as provided by excellent projects like Tomato or DD-WRT. Some of the features that had been disabled by Asus have also been re-enabled. This aims to be a more restrained alternative for those who prefer to stay closer to the original firmware, with limited risks of seeing new features bring in new stability issues. I value stability over performance, and performance over features.
Supported Devices ----------------Supported devices are: * RT-N16 * RT-N66U * RT-AC66U * RT-AC56U * RT-AC68U NOTE: all the "R" versions (for example RT-N66R) are the same as their "U" counterparts, they are just different packages aimed at large retailers. The firmware is 100% compatible with both U and R versions of the routers. Features -------Here is a list of features that Asuswrt-merlin brings over the original firmware: System: - Based on 184.108.40.206.374_4561 sources from Asus - Various bugfixes and optimizations - Some components were updated to newer versions, for improved stability and security - Persistent JFFS partition - User scripts that run on specific events - Cron jobs - Ability to customize the config files used by the router services - LED control - put your Dark Knight in Stealth Mode by turning off all LEDs - Entware easy setup script (alternative to Optware - the two are mutually exclusive) (not available on RT-AC56U/RT-AC68U) Disk sharing: Enable/disable the use of shorter share names Disk spindown after user-configurable inactivity timeout NFS sharing (through webui)
- Improved compatibility with 3TB+ and Advanced Format HDDs Networking: - Force acting as a Master Browser - Act as a WINS server - SSHD - Allows tweaking TCP/UDP connection tracking timeouts - CIFS client support (for mounting remote SMB share on the router) - Layer7 iptables matching - User-defined options for WAN DHCP queries (required by some ISPs) - Improved NAT loopback (based on code from phuzi0n from the DD-WRT forums) - Advanced OpenVPN client and server support (all models except RT-N16) - Netfilter ipset module, for efficient blacklist implemetnation - Configurable min/max UPNP ports - IPSec kernel support - DNS-based Filtering, can be applied globally or per client Web interface: - Improved client list, with DHCP hostnames - Optionally save traffic stats to disk (USB or JFFS partition) - Enhanced traffic monitoring: added monthly, as well as per IP monitoring - Name field on the DHCP reservation list and Wireless ACL list - System info summary page - Wireless client IP and hostname on the Wireless Log page - Wifi icon reports the state of both radios - Display the Ethernet port states - The various MAC/IP selection pulldowns will also display hostnames when possible instead of just NetBIOS names - Wireless site survey A few features that first debuted in Asuswrt-Merlin have since been integrated/enabled in the official firmware: 64K NVRAM for the RT-N66U HTTPS Turning WPS button into a radio on/off toggle Use shorter share names (folder name only) WakeOnLan web interface (with user-entered preset targets) clickable MACs on the client list for lookup in the OUI database Display active/tracked network connections VPN client connection state report DualWAN and Repeater mode (while it was still under development by Asus) - OpenVPN client and server - Configurable IPv6 firewall Installation -----------Simply flash it like any regular update. You should not need to reset to factory defaults (see note below for exceptions). You can revert back to an original Asus firmware at any time just by flashing a firmware downloaded from Asus's website. NOTE: resetting to factory default after flashing is strongly recommended for the following cases:
- Switching between an SDK5 build and a regular build (RT-N66U) - Coming from Tomato/DD-WRT/OpenWRT firmwares If upgrading from anything older and you experience issues, then consider doing a factory default reset then as well. In all of these cases, do NOT load a saved copy of your settings! This would be the same thing as NOT resetting at all, as you will simply re-enter any invalid setting you wanted to get rid of. Make sure to create a new backup of your settings after reconfiguring.
Usage ----** JFFS ** JFFS is a writable section of the flash memory which will allow you to store small files (such as scripts) inside the router without needing to have a USB disk plugged in. This space will survive reboots (but it *MIGHT NOT survive firmware flashing*, so back it up first before flashing!). It will also be available fairly early at boot (before USB disks). To enable this option, go to the Administration page, under the System tab. First time you enable JFFS, it must be formatted. This can be done through the web page, same page where you enable it. Enabling/Disabling/Formating JFFS requires a reboot to take effect. I do not recommend doing frequent writes to this area, as it will prematuraly wear out the flash storage. This is a good place to put files that are written once like scripts or kernel modules, or that rarely get written to (like once a day). Storing files that constantly get written to (like logfiles) is NOT recommended - use a USB disk for that.
** User scripts ** These are shell scripts that you can create, and which will be run when certain events occur. Those scripts must be saved in /jffs/scripts/ (so, JFFS must be enabled and formatted). Available scripts: * dhcpc-event: Called whenever a DHCP event occurs on the WAN interface. The type of event (bound, release, etc...) is passed as an argument. * firewall-start: Firewall is started (filter rules have been applied) The WAN interface will be passed as argument (for example. "eth0") * init-start: Right after jffs is mounted, before any of the services get started * nat-start: nat rules (i.e. port forwards and such) have been applied (nat table) * post-mount: Just after a partition is mounted * pre-mount: Just before a partition is mounted. Be careful with this script. This is run in a blocking call and will block the mounting of the partition for which it is
services-start: Initial service start at boot services-stop: Services are stopped at shutdown/reboot unmount: Just before unmounting a partition. wan-start: WAN interface just came up (includes if it went down and back up). This is a blocking script. There is also an option to make ssh access available over WAN. and at boot time copy it to /var/spool/cron/crontabs/ using an init-start user script. You can also optionally insert a RSA or ECDSA public key there for keypair-based authentication.* * * * * * invoked till its execution is complete. Password-based login will use the same username and password as telnet/web access. The file must be named "admin" as this is the name of the system user. . This script is also passed the device path being mounted as an argument which can be used in the script using $1. Uses the same syntax/parameters as the "up" and "down" scripts in OpenVPN. You can put your cron tasks in /var/spool/cron/crontabs/ . Note that this location resides in RAM. Just run "cru" to see the usage information. or an OpenVPN client connects to a remote server. You can then put your "cru" commands inside a user script to re-generate your cron jobs at boot time. The WAN unit number will be passed as argument (0 = primary WAN) Don't forget to set them as executable: chmod a+rx /jffs/scripts/* And like any Linux script. This is done so that it can be used for things like running e2fsck on the partition before mounting. preserving it between router reboots (by default it is currently kept in RAM. so you would have to put your cron script somewhere such as in the jffs partition. they need to start with a shebang: #!/bin/sh ** SSHD ** SSH support (through Dropbear) was re-enabled. ** Enhanced Traffic monitoring ** Under Tools -> Other Settings are options that will allow you to save your traffic history to disk. The mount point is passed as an argument to the script. so be careful with it. A simple way to manage your cron jobs is through the included "cru" command. ** Crond ** Crond will automatically start at boot time. openvpn-event: Called whenever an OpenVPN server gets started/stopped. so it will disappear when you reboot). qos-start: Called after both the iptables rules and tc configuration are completed for QoS.
it is recommended to keep that frequency lower (for example. data somewhat unreliable. you must tell the router to create the data file.168. enable the IPTraffic Monitoring option. NOT you assign a static IP to devices you don't get a different IP over time. Each IP must be separated by a comma.) ** Disk Spindown when idle ** Jeff Gibbons's sd-idle-2. "/jffs/" if you have jffs enabled). Plugged hard drives will stop spinning after being inactive for that specified period of time. The per MAC. This option is called IPTraffic. to reduce wearing out your flash memory. preventing it from idling. Note that services like Download Master might be generating background disk activity. or exclude some IPs from monitoring. .password=Pas s" (backslashes must be doubled. ** Adjustable TCP/IP connection tracking settings ** Under Tools -> Other Settings there are various parameters that lets you tweak the timeout values related to connection tracking for TCP and UDP connections. by enabling "Create or reset IPTraffic data files". To enable this. Make sure not to forget the trailing slash ad the end of the path. you must also tell it to create the new data file. Also. Timeout values are in seconds. people will tweak the UDP timeout values to make them more VoIP-friendly. You can optionally specify which IP to monitor. or /mnt/sda1/ if you have a USB disk plugged in. Save frequency is also configurable . you must first set a custom location to store your traffic database (see above). The syntax will be something like this: mount \\\\192. once a day) if you are saving to jffs. It's strongly recommended that wish to monitor to ensure they which would make the collected monitoring is done per IP. You should be careful with those settings. Make sure you set "Create or reset data files" to "Yes".1.You can save it to a custom location (for example. Note that the first time you use that option.6 has been added to the firmware. Once again. Most commonly. allowing you to configure a timeout value (in seconds) on the Tools -> Other Settings page. This will add three new entries to the Traffic Monitor page selector (on the Traffic Monitoring page). ** Mounting remote CIFS shares on the router ** You can mount remote SMB shares on your router. Once done. Asuswrt-Merlin can track the traffic generated by each individual IP on your network.100\\ShareName /cifs1 -t cifs -o "username=User. by using smaller timeouts.
remember to create mount point through init-start first if it doesn't exist!) group. you might be better using the postconf scripts added in 374. OpenVPN is far more secure and more flexible. with the filenames matching the client common names. To have a config file appended to the one created by the firmware.html Explaining the details of OpenVPN are beyond the scope of this documentation.net/index. or even completely replace them with custom config files you have created.conf exports (only exports. however it is not as easy to configure. I tried to stick to the same option descriptions as used by Tomato.add versions supported) hosts (for /etc/hosts) minidlna.php/open-source/downloads.add" at the end of the file listed below. The client can be obtained through this download page: http://openvpn. The list of available config overrides: * * * * * * * * * dhcp6s. passwd. Fortunately. and I am in no way an expert on OpenVPN.add supported) fstab (only fstab supported. shadow (only . Since some of these entries require dynamic parameters. Store them in the /jffs/configs/openvpn/ccd1/ (and ccd2/) directory based on which server instance they belong to.add suypported) . For example.conf dnsmasq. gshadow. You can append content to various configuration files that are created by the firmware. Those config override files must be stored in /jffs/configs/.36 (see the postconf scripts section below).conf profile (shell profile. The first method is through custom configs. and requires the installation of a client software on your computer client. Note that replacing a config file with your own implies that you properly fill in all the fields usually dynamically created by the firmware. See the OpenVPN documentation for more details on the ccd directory. there is a lot of available documentation and Howto guides out there.add will be added at the end of the dnsmasq configuration file that is created by the firmware. only profile. There are various methods through which you can interact with these config scripts to customize them. You can provide your own custom client config files for the two server instances. simply add ". For pointers. /jffs/configs/dnsmasq.conf pptpd. ** Customized config files ** The services executed by the router such as minidlna or dnsmasq relies on dynamically-generated config files.conf would completely replace it.** OpenVPN (client and server) ** OpenVPN is an SSL-based VPN technology that is provided as a secure alternative to the PPTP VPN. check the Wiki on the Asuswrt-Merlin Github repository. while /jffs/configs/dnsmasq. so about any guide written for Tomato can easily be used to guide you on Asuswrt-Merlin.conf.
short of entirely replacing the config file.conf smb. This means you can use those scripts to manipulate the configuration script.postconf upnp. The path/filename of the target config file is passed as argument to the postconf script. This makes it hard for advanced users to apply modifications to these.postconf minidlna.postconf hosts.postconf smb. The following dnsmasq.postconf dnsmasq.postconf group.postconf fstab. ** Postconf scripts ** A lot of the configuration scripts used by the router services (such as dnsmasq) are dynamically generated by the firmware.postconf radvd. Postconf scripts are the solution to that.postconf) openvpnserver1.postconf vsftpd. The list of available postconf scripts is: * * * * * * * * * * * * * * * * * dhcp6s.postconf exports.sh .conf upnp (for miniupnpd) Also.postconf script demonstrates how to modify the maximum number of leases in the dnsmasq configuration: ----#!/bin/sh CONFIG=$1 source /usr/sbin/helper.postconf shadow.postconf pptpd.conf vsftpd. a script providing support functions is available.postconf (and openvpnclient2.postconf To make things easier for novice users who don't want to learn the arcane details of using "sed".postconf (and openvpnserver2.postconf openvpnclient1.postconf gshadow. but before the related service gets started. using tools such as "sed" for example. you can put OpenVPN ccd files in the following directories: /jffs/configs/openvpn/ccd1/ /jffs/configs/openvpn/ccd2/ The content of these will be copied to their respective server instance's ccd directory when the server is started.* * * * radvd. Those scripts are executed after the router has generated a configuration script. Postconf scripts must be stored in /jffs/scripts/ .postconf) passwd.
or an Asterisk PBX). NFSv2 has various filesystem-level limitations. with recent .add . They are both online software repositories that let you easily install additional software to your router (such as an Apache web server. The NFS Exports interface can be accessed from the USB Applications section. The main benefit of Entware over Optware (which is used by Asus for their own Download Master) is it is very actively maintained.10 192. Note that by default. you can now also share any plugged hard disk through NFS.sync For more info. They will be added to any exports configured on the webui. Under options you can enter the export options. but this is not recommended.1.168.168. requiring a factory default reset to recover it.168.1. search the web for documentation on the format of the /etc/exports file. You can also manually generate an exports file by creating a file named /jffs/configs/exports. and entering your standard exports there. You can also enable NFSv2 support from that page. unless you are using an old NFS client that doesn't support V3.will give access to the whole local network 192. Click on the NFS Exports tab. Select the folder you wish to export by clicking on the Path field.0/24 . ** NFS Exports ** IMPORTANT: NFS sharing is still a bit unstable. Make sure those scripts do exit properly.pc_replace "dhcp-lease-max=253" "dhcp-lease-max=100" $CONFIG ----Three functions are currently available through helper. ** Easy Entware setup ** Entware is an alternative to Optware. In addition to SMB and FTP. or the router will be stuck during boot. The same syntax for the access list and the options is used by the webui. under Servers Center.sh: pc_replace "original string" "new string" "config filename" pc_insert "string to locate" "string to insert after" "config filename" pc_append "string to append" "config filename" Note that postconf scripts are blocking the firmware while they run.11 . separated by a comma. to ensure the service only gets started once the script is done. A few examples: 192. only NFSv3 is supported. For example: rw.will give access to the two IPs (separate with spa ces) Entering nothing will allow anyone to access the export.1. Under Access List you can enter IPs/Networks to which you wish to give access.
but force your children's devices to use Norton Connect Safe's DNS server that filters out malicious. and general mature content. by creating a client rule for these. To use it. you must first load the module: modprobe xt_layer7 Additionally. On this page you can force the use of a DNS service that provides security/parental filtering. with the following command: . and only filter out specific devices. For example. This will let you use any unsupported filtering nameserver. Note that Entware requires the JFFS partition to be enabled. Set the filtering rule to "Router" for this. You will need to manually configure the iptables rules to make use of it . Entware and Optware cannot be used at the same time however. If using a global filter. then specific devices can be told to bypass the global filter. Each of them can have a different type of filtering applied. ARM devices such as the RT-AC56 and RT-AC68 require that you manually enable traffic accounting. If this is an issue for you. then set the default filter to "None". You use you the can configure a filter rule to force your clients to whichever DNS is provided by the router's DHCP server (if changed it from the default value. This can be done globally. you can have your LAN use OpenDNS's server to provide basic filtering.software versions. DNSFilter also lets you define up to three custom nameservers. and an ext2/ext3 formatted USB disk (NTFS and FAT32 are not supported). and run "entware-setup. ** Layer7-based Netfilter module ** Support for layer7 rules in iptables has been enabled. so you can't use Download Master while using Entware. ** DNSFilter ** Under Parental Control there is a tab called DNSFilter. There is now a script to make setting up Entware ware easier. due to the different CPU architecture.sh". The defined protocols can be found in /etc/l7-protocols. This is a side effect of having devices forced to use a specific external nameserver. adult. or on a per device basis. otherwise it will be router's IP). for use in filtering rules. and setting it to "No Filtering". Access your router through SSH/Telnet. Note that DNSFilter will interfere with resolution of local hostnames.there is no web interface exposing this. Also note that Entware is not available for the RT-AC56U or RT-AC68U.
and will only do so if it was previously set to off). .40 alpha4 for now.FIXED: Numerous buffer overruns in networkmap that would result in crashes or empty/incomplete device list.clearfoundation. see the documentation on the project's website: http://l7-filter.sh script for postconf .com/RMerl/asuswrt-merlin History ------374. 374.FIXED: The OpenVPN instance wasn't restarted if it was currently stopped due to a syntax error in its config and you had just corrected it.KNOWN ISSUE: Some people are experiencing random reboots with the RT-AC68U running firmwares based on recent Asus GPL.FIXED: Various issues related to the helper. at: https://github.FIXED: Incorrect model detection prevented CPU temperature from being shown on the Sysinfo page on the "R" SKUs. which affects this model since 374_4422. for example. . except we won't enforce it to off in other scenarios. Was often visible on networks hosting a Windows Home Server machine. for processing later on in another chain: iptables -I FORWARD -m layer7 --l7proto ssh -j MARK --set-mark 22 These could be inserted in a firewall-start script. please revert to 374. Asus are looking into the issue. For more details on how to use layer7 filters.FIXED: Restarting the wireless service would stop emf/igs snooping until they were manually restarted/recconfigured.com/ Source code ----------The source code with all my modifications can be found on Github.FIXED: Asuswrt was calling wl_defaults() every time the wifi was restarted. (Asus bug) .echo 1 > nf_conntrack_acct An example iptable rules that would mark all SSH-related packets with the value "22".40 (6-March-2014) . . If you are are affected.40 Beta 2 (5-March-2014) .FIXED: Site survey was reporting 5G as being disabled on RT-N16. (Asus bug) . causing Regulation Mode to be overwritten. due to missing Array. .FIXED: Advanced wireless page broken on Internet Explorer.IndexOf() support in IE (Asus bug) . Now we force it to h mode if the router model and region requires DFS compliance (same as Asus's code.
39) . preventing nameservers configured on the clients from working.CHANGED: New type of glue for the webui header . .40 Beta 1 (1-March-2014) . the FORWARD chain policy was still left to "DROP" .CHANGED: Updated dropbear to 2014.FIXED: When the firewall was disabled.FIXED: Allow LAN traffic while dualwan mode is set to lb (issue caused by the default policy fix in beta 1) 374.NEW: Added option to force DNSfilter clients to always use the DNS provided to them by the router's DHCP server (which will be the router itself if you didn't change it on the DHCP webui page) .FIXED: typo in SMB config ("use spne go") (Asus bug) .0.374.39 (31-Jan-2014) This version isn't available for the RT-N16 as support for the SDK5 platform is currently broken in the latest GPL sources. forcing them through the (IPv4-only) filtering nameserver .NEW: DNS-based filtering.NEW: Added support for up to three user-defined servers to DNSFilter .CHANGED: Switched to a shorter version numbering scheme .NEW: Merged with Asus 374_583 GPL. DNSFilter-enabled clients will now be prevented from using IPv6 nameservers. .4. Notable changes: * USB hub support .changed to "ACCEPT".FIXED: DNSFilter clients set to "None" would still be forced through your WAN-configured nameservers.NEW: Added OpenDNS Family Shield support to DNSFilter .FIXED: IPv6 Prefix Delegation issues (patch by pinwing) . .FIXED: Clients with a configured IPv6 DNS would bypass DNSFilter.FIXED: MTU setting on IPv6 connections (patch by pinwing) 3.CHANGED: The RT-N66U is now compiled with EM enabled by default. Now they will fully ignore the DNSFilter settings.NEW: Merged with Asus's 374_4561 GPL.63 .FIXED: RT-N16 firmware (missing files were obtained from the new GPL release Asus made for this model) ..FIXED: Last24 page wasn't properly displaying the Avg value (regression in 374. We now stick again to what's set in the webui by the end user.FIXED: PPPoE with an MTU of 1500 requires the WAN interface to have its MTU set at 1508 (patch by pinwing) . That means there will no longer be a separate experimental build for this.FIXED: reg_mode was being enforced to "h" (EU region) or "off" (others) since GPL 4422.FIXED: The global DNSFilter would sometime not get properly configured in the firewall. .0.FIXED: Channels above 153 were missing on 5 GHz band if width is set to 40 MHz (Asus bug) .NEW: Option to disable the DHCP6 Server (code contributed by kdarbyshirebryant) . . Notable changes: * Various security-related fixes * Redesigned Parental Control webui * Notification in case of insecure configuration . Under Parental Control there is . .
10 worked better for them. . . Look in the Experimental folder for the EM build .FIXED: Resolution of local machines with domain appended would fail when using a nameserver that does not return nxdomain errors (such as OpenDNS) (Asus bug) The new behaviour is configurable on the LAN-> DHCP page. See the postconf section for details.FIXED: SMB shares were accessible over WAN. .0.FIXED: DHCPv6 client failing to request an IP with some ISPs such as Comcast (Asus bug) (patch from Saintdev) . bypassing Netfilter (Asus bug) (AC56/AC68) .FIXED: Syntax error in DHCPv6 client config (Asus bug) .now a new tab called DNS Filter where you can enable a DNS-based filtering service. since its functionality is now provided by the new DNSFilter. Too many low-level changes from the minidlna author to make it easy to debug. The new EM builds resolved wifi range issues by running the SDK6 driver set in Engineering Mode (driver provided by Asus). .37 code. for ISPs that support RFC 4638. in case you run your own nameserver which is expected to handle both local and remote domains.NEW: helper. You might need to do a factory default reset after switching to an EM build. . .FIXED: USB read speed would be limited by the QoS upstream configuration (Asus bug) (AC56/AC68) . it seems to also break functionality for a small number of users.CHANGED: Reverted minidlna to 374. to simplify creation of postconf scripts.FIXED: Webui crash when importing an ovpn with invalid cert/keys . Supported are: OpenDNS.it will eventually become the standard build for the N66U once it gets sufficiently tested. Norton Connect Safe and YandexDNS.38_2 (17-Jan-2014): .CHANGED: Improved webui responsiveness by instructing the browser to cache images. .11 since nobody confirmed that 3.0.CHANGED: Allow PPPoE MTU up to 1500.374.FIXED: DHCPv6 client failing to start if the router username was changed from "admin" (Asus bug) (patch from Saintdev) .FIXED: Missing carriage return in dnsmasq.FIXED: Domain field wasn't clearly identified on the webui when DDNS set to Namecheap (Saintdev) .FIXED: Well-known services not properly applying settings on the Network Services Filtering page (Asus bug) .REMOVED: YandexDNS has been removed. for best results.CHANGED: Additional webui performance improvement by caching CSS. .CHANGED: Discontinued SDK5 builds for the RT-N66U.conf not reverted to its original content after an OpenVPN client that gets DNS pushed to it would disconnect.FIXED: OpenVPN Client page .sh script.conf when PPTP VPN . Default is to not forward these (to allow OpenDNS to work properly). and apply a specific filter both globally and on a per-client basis.4.FIXED: resolv. 3.CHANGED: Re-switched back to rp-pppoe 3.changing the local IP wouldn't always be properly saved. . While the latest code brings some fixes. .FIXED: The average rates on the realtime traffic page would be calculated based on the max number of samples (300) instead of the currently collected number of samples (Asus bug) . .
38 (11-Jan-2014): This version isn't available for the RT-N16 or the SDK5 build of the RT-N66U as support for the SDK5 platform is currently broken.374.CHANGED: Updated AC56 and AC68U wifi driver and CTF to January 3rd builds (provided by Asus) .FIXED: is enabled.FIXED: .163.FIXED: .2002 (r382208) * PPPoE HW acceleration should be fixed by the new SDK * Updated AiCloud closed source components (MIPS) . as it might have resolved or at least improved on the wifi range issues. Notable changes: * Updated SDK for MIPS devices .FIXED: Tools -> Run Cmd page wasn't working (regression in 374. Bogus "Config file is missing" error logged by pptpd when it was starting (Asus bug) "Advertise DNS" wasn't visible if the page was loaded and "Respond to DNS" was already enabled.6.38_1 (12-Jan-2014): ..9.0.5 .374.37) 3.4.374.37 (31-Dec-2013): * This build was pulled due to numerous issues * .0. as I see Asus is still making fixes to their own code past version 2078.38) .NEW: Merged with 374_2078 GPL provided by Asus (From RT-N66U). .30. Note that the RT-N66U did get a newer wifi driver. so give it a try.0.FIXED: emf/igs userspace tools were missing on ARM devices . Remember to do a factory default reset if switching from SDK5 to SDK6 builds! Keep a backup of your existing settings in case you decide to revert back to an SDK5 build.68 * radvd updated to 1.FIXED: Wifi stability on ARM devices (regression in 374.FIXED: .FIXED: USB devices missing on MIPS devices (regression in 374. (Asus bug) OpenVPN server export would always export the first server instance configuration.0.NEW: Merged with Asus 374_501 GPL (from RT-AC68U). 3.CHANGED: Reverted Parental Control code to our fixed code.36 Beta 1 for the time being on these two platforms. Notable changes in this version: * New SDK (wireless driver and CTF) for AC56/AC68 * dnsmasq updated to 2.37) .4.0.4. .FIXED: Router getting stuck on various webui changes due to a broken precompiled emf module (AC56/AC68) 3.0. causing LAN name resolution issues. Please stick to 374. (Asus bug) A few unescaped quotes in the French dict would break some webui pages (such as the Wireless page).
ovpn if the router has "User authentication only" enabled CHANGED: Display in which chain a given port forward rule is.11 to 3. CHANGED: The state of PPTP/L2TP client connections will be reported on the VPN Status page.FIXED: Some VPN client username/passwords were incorrectly handled . Note: traffic accounting must be manually enabled on these devices (see the Layer7 section in the FW's README) . 3.- * Improved IPv6 support * Fixed Parental Control (A-M's own fix was replaced with this new one for consistency) * More details shown on Wireless Log page (their changes were merged with our own changes) CHANGED: Dropbear default path will now include the locations inside /opt CHANGED: Don't include a cert/key section in exported .FIXED: Adjusted various timings in networkmap which should help with device lists being incomplete especially after a reboot. and could result in very long delays during scan (Asus bug) .FIXED: When disabling Dual WAN. the exported ovpn file would contain your CA with the Asus-signed client cert/key.CHANGED: Extended retry period for WAN DHCP queries to 160 secs in Normal DHCP mode to give time to Charter to unblacklist customers being accidentally blocked by them.35_4 (30-Nov-2013): .FIXED: If you replaced the Asus generated CA with your own. on the Port Forwarding page. .CHANGED: Updated dropbear to 2013. 3. preventing users from editing the correct unit (Asus bug) . .374.CHANGED: Downgraded rp-pppoe from 3.conf generated when adding an OpenVPN client DNS to it FIXED: OpenVPN Client static key was incorrectly processed when shown on the webui. WAN unit wasn't being reset to unit 0. . AC68).conf) before the service using it gets started.374. This allow you to modify a generated config file (for example. CHANGED: Removed the display of global OpenVPN statistics on the VPN Status page. we only insert the client cert/key if it was signed by the current CA.NEW: postconf scripts.10 to see if it's more stable for some PPPoE users .FIXED: MSS clamping for clients connecting to the PPTPD server (Asus bug) . smb.FIXED: networkmap's DLNA detection was broken with some devices.CHANGED: Improved rendering of the VPN Status page .0.36 Beta 1 (23-Dec-2013): . CHANGED: Upgraded AiCloud binary components on MIPS routers to 374_1631 build (N16/N66/AC66) FIXED: OpenVPN clients with DNS set to "Strict" weren't properly setting dnsmasq to use "strict-order" FIXED: Garbled resolv.NEW: layer7 Netfilter module on ARM devices (AC220.127.116.11. Now.CHANGED: Added a VPN mode selector on the VPN Server Details page. .0.NEW: Added ECDSA key support for SSH . Allows to distinguish manual forwards from upnp forwards.0.62 .
fix backported from kernel 2.4..ovpn config file to configure a client connection on the router 3.FIXED: Clicking on "Apply" on VPN Details page would fail to apply your new settings to a running OpenVPN server.0.FIXED: updown. the password file was not immediately updated. .4. This required adapting the current webui to be able to retain some of their improvements without sacrificing the flexibility of being able to have two separate server and client configurations.35_2 (24-Nov-2013): . CHANGED: IPTraffic will now account for traffic going through an OpenVPN tunnel CHANGED: VPN webui is now an hybrid of our original webui.FIXED: JS error on the VPN Server Details page related to PPTP ..sh script location was changed in 339. NEW: Support for Namecheap DDNS (Patch provided by saintdev) NEW: Added qos-start user script FIXED: Incorrect range validation for UPnP ports on WAN page.0. causing issues with OpenVPN clients 3. Asus added some new features in this release: * Support for HFS+ and Time Machine (AC56/AC68U only) * OpenVPN support.FIXED: After adding/removing a user to OpenVPN Server.NEW: Merged with Asus 374_339 GPL (from RT-AC68U).FIXED: DNS resolution not working for VPN clients (bug in Asus 374_979) .0.FIXED: USB disk detection on AC56/AC68.. .374.0.374. novice-friendly webui.4." it would be incorrectly saved.ovpn file 3.34_2 (01-Nov-2013): .FIXED: VPN client not working on MIPS devices (N66/AC66).37) FIXED: If an IP/CIDR on the IPv6 firewall page was long enough to be shortened with ".374. Their implementation uses the backend code from Asuswrt-Merlin but with a more simplistic. . .FIXED: Various formatting issues with generated client.0. FIXED: Accidentaly lock out of webui due to software hammering the router's webui without valid login credentials FIXED: NAT Loopback broken with CTF enabled (AC56/AC68) (Asus bug) FIXED: Backing up your settings would return an empty CFG file. along with Asus's own.35 (24-Nov-2013): .0.6. This allows the addition of these features developed by Asus: * Ability to export an ovpn config file to give to your clients * Support for username/password authentcation on the built-in server * Ability to import a tunnel provider's . Note that this fix will break backward compatibility with Asus as the nvram value storing the list of OpenVPN user/pass had to be renamed (so not to be instanced). FIXED: Kernel panic when inserting ebtables rule (AC56/AC68.FIXED: Some port forward rules were incorrectly generated when in load-balancing mode (Asus bug) .
. . Userspace tools such as StrongWAN must be installed from Optware/Entware.ko kernel module. . . at the expense of a shorter range (a separate SDK5 build based on driver 5. * AiCloud 2.NEW: YandexDNS support moved into regular builds.NEW: Added IPSec support to the kernel.33 (3-Oct-2013): * IMPORTANT *: RT-N66U users must revert back to factory defaults and manually reconfigure their settings if coming from a FW older than 3.NEW: Dual WAN moved into regular builds.NEW: Merged with Asus 374_726 code from RT-AC66U GPL.NEW: WAN interface name passed as argument to firewall-start .CHANGED: Updated Dropbear to 2013. .CHANGED: Updated dnsmasq to 2. .374.11h options should only be available on the 5 GHz band.FIXED: Turbo mode option couldn't be saved (RT-AC68) 3.0. and manually configured.FIXED: Samba wasn't started at boot time if browser master or WINS was enabled and we had no USB disk plugged in. .CHANGED: Site Survey now reports supported protocol.0 .4.NEW: Added bonding. 3.60. . This resolved the numerous connectivity issues. .4GHz radio was disabled.FIXED: 802. (Patch provided by saintdev) .0.xxx (applies to both Asus or Asuswrt-Merlin). This is a DNS-based filter list.FIXED: The webui would allow you to enable SSHD while not setting an authkey or enabling password-based authentication.0.FIXED: Buffer overrun when entering more than 35 MACs on the filter list.0.NEW: Configurable min/max ports allowed to be redirected by UPNP.NEW: Adjustable MTU for DHCP/static IP WAN users .FIXED: Minor layout issues with the Clients list . which can be configured under .374.. (patches provided by Paulo Capani) .CHANGED: UPnP rules will now be processed after manual forwards and port trigger rules.FIXED: IPv6 clients list failed to properly merge IPs from similar MACs (Asus bug) . .4. Notable changes: * RT-N66U now based on the SDK6 driver.NEW: Repeater mode moved into regular builds.NEW: Display CPU chart on Performance page (AC56 and AC68) .FIXED: Some Traffic Monitor pages were missing the page tabs. This allows WHS users to change the min allowed port from the default value of 1024 to allow UPNP forwarding of HTTP/HTTPS.4. We now support up to 64 MACs.FIXED: Router/minidlna crashes when processing very large image collections .34 (30-Oct-2013): .0. . Note that there are still a few issues left. such as recovery from failover mode when the primary WAN comes back up.100 is available in the Experimental folder as an alternative). .NEW: Display CPU temperature on Sysinfo page (AC56 and AC68) .67 final. . AC56/AC68 AiCloud components taken from 374_217.FIXED: Wifi icon hover would report 5G channel as undefined if 2. . .NEW: Added RT-AC68U support.374.0.NEW: Merged with Asus 374_979 (from RT-N66U). .various memory leaks plugged.
.11d and 802.32 (24-Aug-2013): .2.FIXED: Some fields would allow invalid characters (such as single quotes) which might break the webui JS.CHANGED: Removed the firewall rules for acsd since it no longer listens on a TCP socket. . . .0.FIXED: Potential key truncation in httpd if one was to use very large OpenVPN keys and certs in all fields of all four instances.FIXED: Wireless key field was automatically activated on page load.CHANGED: Enabled Syn Cookies for ARM devices (RT-AC56U) . On the Wireless Professional page you can now enable 802.FIXED: Router believed that NTP wasn't properly working after a LAN or wireless service restart (issue introduced in 374_720). . (N16/N66/AC66) .11h support.374. .CHANGED: robocfg now (almost) completely supports the Northstar platform (RT-AC56U) . (N16/N66/AC66) .FIXED: Memory leak in httpd service (Asus bug) . .CHANGED: MIPS builds optimized for mips32r2 code generation. . which should improve general performance.FIXED: IPv6 client list was incorrectly displayed if a client didn't have a known hostname (Asus bug) 3.FIXED: Parental Control not working with certain schedules (patch provided by Makkie2002) . resulting in poor sharing performance. .NEW: Merged with Asus 374_168 GPL code. There might still be a few unprotected fields.4.FIXED: Samba binding to WAN interface would cause warnings about WINS/master browser (regression in 374) .FIXED: Restarting the wireless service would break stealth mode. adding mips32r2 support.NEW: Option to control 802. improving performance especially for sha1 (RT-N16/N66/AC66) .FIXED: With FW 374 Asus changed the Samba priority from too high to too low (-19). providing more balanced performance.NEW: Added support for last seen devices on Ethernet port status (Tools-> Sysinfo) for RT-AC56U.CHANGED: Increased OpenVPN crt/key fields to allow up to 3499 characters . Reverted that code for now.0. preventing some of the "ip" command functions from working (was breaking Astrill's plugin) (RT-AC56U) . .FIXED: The new thumbnail cache code Asus added in build 720's minidlna will prevent scanning from completing on very large collections. which could lead to accidental changes (issue introduced in 374_720).FIXED: The ARM kernel was missing the Advanced IP Routing option. . I changed it to a priority of 0. .CHANGED: Allow selecting the Download2 folder for media server location.11 extensions that deal with regulations.FIXED: Samba would start sharing local disks even if all you wanted was its WINS/Browser services.CHANGED: More openssl backports from 1.enough to accomodate even a 4096 bits key. .0. .FIXED: The JFFS formatting code could encounter a case where it wouldn't write back its cleared format flag. .Parental Control.
0. filling it up (patch by VinceV) .CHANGED: Updated miniupnpd to 20130730 .NEW: Merged with 372_1393 code from Asus. You can also create firewall rules to allow inbound traffic to specific hosts.2 . (Experimental builds only) . See the OpenVPN and Custom Config sections of the firmware's documentation for more info. TCP connections to ACSD are now blocked by the firewall. includes some changes related to USB3.CHANGED: Updated e2fsprogs to 1. The firewall configuration can be accessed through the "Firewall -> IPv6 Firewall" page.4.372. This new option (enabled by default) will prevent traffic forwarding to LAN devices.NEW: User-provided client config files (ccd) for OpenVPN server.8 to be in sync with Asus .yandex.NEW: wan-start script will get passed the WAN unit number as argument .FIXED: The ACSD service could be exploited by a LAN user to gain shell access to the router.CHANGED: Upgraded OpenVPN to 2. .FIXED: Samba wouldn't start due to missing symlink (RT-AC56U) 3.0. Asus is currently implementing support in the firmware for this DNS-based filter. .372.CHANGED: Updated 2. This can be found under Parental Control. Asuswrt would allow any IPv6 traffic to be forwarded to your LAN devices..31 (24-July-2013: .0. .42.CHANGED: Smarter location selection for the DLNA database location to reduce the chances of having it in RAM if left to default location.36 kernel to the latest code used in 372_184 (RT-AC56U).NEW: YandexDNS. See http://dns.CHANGED: Connections list under System Log will now progressively display the result while the router is still .NEW: Webui option to select the location of the DLNA database (patch by VinceV) .NEW: IPv6 firewalling.CHANGED: Implemented IPTraffic support in DualWAN . Notes: * Beamforming support for RT-AC66U/RT-AC56U * RT-N66U driver still downgraded to build 270 (which means no HW acceleration for PPP.3.4.FIXED: Security issue with Samba and symlinks 3.CHANGED: Updated some prebuilt binaries (RT-AC56U) .1.ru/ for more info (go go Google translate!).0 * AiCloud security hole fixed * Parental Control ui still broken under IE10 (use Fx or Chrome for now) . .FIXED: Wireless client list would sometime return incorrect hostname or be missing IP.31_2 (28-July-2013): .6. Originally.Load balanced mode (Experimental builds) . . but more reliable connectivity on the 5 GHz band) * Minidlna was updated to 1.0. and PPP/CTF. .FIXED: You could not define time periods on the Parental Control calendar under IE.FIXED: Web server would crash if you entered too much data in OpenVPN key/cert fields. .
FIXED: Reapply layout fixes to Guest network and DHCP page (were lost in a recent webui update) .372. .4.4.FIXED: Removed empty Yandex tab . . Various bugs have been fixed over the original FW that initially shipped with these routers.since 372 that is only true for ARM devices.0.42.NEW: Added support for newest RT-N66U hardware revision. fixes 5 GHz stability issues). . RT-AC56U) .x to 1.30.0.FIXED: JFFS2 could get reformated again at each subsequent reboots. RT-AC56U) . RT-AC56U) .FIXED: Entware setup script missing from all builds .FIXED: pptpd failing to start (was missing from build) .4.resolving IPs (if that option was enabled).0.0.372_30_3 (11-July-2013): . .) .CHANGED: Brought back the Connection page under System Logs .FIXED: NVRAM values getting corrupted or disappearing if using more than 32 KB (Asus bug.4.0 port weren't getting mounted (RT-AC56U) 3.372. . leading to random crashes (Asus bug. .4.FIXED: OpenVPN server not starting if using a static key .FIXED: Disks plugged to USB 2.FIXED: Sysinfo page was reporting IPv6 as reason for CTF to be disabled .CHANGED: Updated e2fsprogs to 1.110 SDK.0. hence "30_2" for this revised 372.FIXED: OpenVPN Server in TAP mode + DHCP wasn't routing properly (DHCP was overruling the default GW) 3.NEW: Added JFFS support to RT-AC56U. Amongst other things this new version is more memory-efficient on large filesystems. Note that this means that HW acceleration for PPPoE is no longer available for the RT-N66U.14 (RT-AC56U) . .30_2 (7-July-2013): (note: since people always thought adding a "b" meant "beta' rather than revision "b". Thanks to Asus for providing a development sample.CHANGED: Downgraded wireless driver + CTF to build 270 version (RT-N66U.FIXED: Buffer overrun in NVRAM handling.CHANGED: OpenVPN client password hidden by default (and added checkbox to display it similar to what Asus added to the System page) . This router has a new model of flash. as it was new in the 5.30 (5-July-2013): .NEW: Merged with preliminary 372 code provided by Asus (initialy meant for the ARM environment) .CHANGED: Renamed Advanced (Per IP) Traffic monitoring for IPTraffic (to match the Tomato name for that same functionality) .NEW: RT-AC56U support. you can NOT use any older FW on these.0. I am switching to Asus's new numbering scheme. (RT-N66U) 3.FIXED: GRO kills upload speed if CTF is disabled (patch provided by Asus.CHANGED: Updated iptables-1.7.FIXED: NAT loopback (invalid iptable rules was silently accepted by iptables) .
click on Apply to re-save them.FIXED: Improved compatibility with USB disks > 2 TB (must use ext2 or ext3) .KNOWN ISSUE: 5 GHz 40 MHz is unreliable with some wireless cards (RT-N66U) . .4. .354. .FIXED: PPTP/L2TP Internet connection unable to reconnect after going down (unsure if Asus bug or 358.0.20130426 .4 GHz was disabled on a router without 5 GHz support (RT-N16) .28 Beta 1 (19-Apr-2013): .FIXED: Saved settings might fail to restore if they contained OpenVPN or SSHD keys with CRLF line endings.FIXED: Wifi status icon would remain half-lit if 2.NEW: Report currently used channels when mousing over the wifi icon at the top of the webui .354.FIXED: br0 would change MAC address when starting an OpenVPN server with a tap interface.CHANGED: Warn if trying to do a site survey with either radios disabled. 3.NEW: Wireless site survey (on the Wireless tab) . causing the flag not to be cleared on the mtd partition.CHANGED: Updated to miniupnpd 1.36 (RT-AC56U) 3.NEW: RT-N16 is no longer an experimentally supported device.FIXED: Syslogd must be restarted if we had to adjust its log level for DHCP query logging.FIXED: Various fixes related to site survey display . Read the OpenVPN documentation on the "up" and .CHANGED: Updated to dropbear 2013.6.FIXED: Unable to clear DMZ IP (fixed in 364 webui files) .364 . . .FIXED: Asking for traffic monitoring (regular and Per IP) database to be re-created would re-create it again on next reboot if in the mean time you didn't change any other settings.FIXED: Empty Site Survey list if there was only one AP found .KNOWN ISSUE: Sort order is sometimes wrong on the Site Survey page . Thanks to Mike from Sapphyre Software for providing me with an RT-N16. .FIXED: Numerous bugs in ipt_account for Kernel 2. . You should access the OpenVPN Keys page.4.29 Beta 1 (17-May-2013): ..0.0.8.CHANGED: Merged with webui content from 3.28 bug) .0.28) .0.FIXED: Sysinfo: 5G radio infos weren't hidden if the router did not support that band (RT-N16) .0.FIXED: Sysinfo: Port numbering order (RT-N16) .4.NEW: openvpn-event user script that gets run when a tunnel goes up/down. . or if update requests occured in a too short period of time.NEW: Sysinfo: Ethernet port state will report each port's VLAN ID.FIXED: Devices with a NetBIOS name of 15 chars long would have their name merged with the next device's.FIXED: Numerous bugs in the Per IP traffic monitoring causing inaccurate traffic accounting if there was too much traffic. then re-create any backup you had of your router settings.KNOWN ISSUE: 5 GHz 40 MHz is unreliable with some wireless cards (RT-N66U) .FIXED: PPTP/L2TP Internet connection unable to connect at boot (bug introduced in 358.58 .CHANGED: Increased list height on Site Survey page .
NEW: Option to prevent SSH port hammering (patch submited by dodava) . . and integrated it into the new Network Tools -> Netstat page from Asus (as NAT Connections) .0. . as they were more recent than the GPL ones .CHANGED: Port state on Sysinfo page now uses the new OUI lookup code from Asus .25 implementation.FIXED: LAN traffic going through the NAT loopback would be counted in the Per IP traffic monitoring. except it can be enabled/disabled Asus considers build 354 to still be beta.FIXED: Client list wasn't using the new OUI code from Asus (was missing from the GPL archive) . Now."down" events for more on how to use this script. and to use the passed parameters. .NAT PAssthrough page instead) .4.FIXED: Cannot create/modify folders in AiDisk .bumped back to INFO as in previous versions (resolves DHCP events not being logged).FIXED: Couldn't resolve LAN hostnames if WAN was down (the web redirection would hijack all DNS queries).FIXED: smbpasswd wasn't properly updated when deleting a user (Asus bug) .FIXED: Cannot set webui to HTTPS-only (causes port conflict error) (Asus bug in 354) .CHANGED: Removed wol binary.4.0.NEW: Enabled sftp support in Dropbear (the sftp server must be installed from Entware) .CHANGED: Merged with webui pages extract from the Asus released FW.FIXED: IE rendering of the Other Settings page when toggling Per IP monitoring .FIXED: Fixed support for Broadcom Wimax devices . . Notable changes: * New wireless driver * New Network Tools * WOL (Under Network Tools * HW acceleration support for PPPoE * DHCP Normal/aggressive behaviour.27 Beta 1 (31-Mar-2013): .CHANGED: Removed option to control SIP helper on Firewall page (use the new Asus option from WAN .354.FIXED: Port numbering on the Sysinfo page for devices that has them backward (untested) (RT-N16) . so be advised that there might still be some issues left (there are known issues related to 3G/4G dongles for instance).CHANGED: Removed System Log -> Connections page.FIXED: Aicloud: handling of disks with multiple partitions on the webui (Asus bug) (fix submitted by hshang) 3. .FIXED: Build 354 reduced minimum syslog level to WARNING . since Asus's WOL page uses ether-wake.0.Asus added their own WOL support on the Network Tools page. to handle routers that got upgraded with the new loglevel already set. Also ensured we readjusted it if DHCP logging is enabled.354.0. we let dnsmasq handle both LAN and redirected queries. .NEW: Merged with 3. You will have to re-add your WOL entries. Similar to the 270. .CHANGED: Removed WOL webui .CHANGED: Try to report on Sysinfo what is forcing HW acceleration to be disabled .
.25b (3-Mar-2013): .CHANGED: Various webui lists were increased from 32 to 128 entries allowed.0. . shadow.270. .0.NEW: dhcpc-event and zcip-event scripts (called on WAN events) . .FIXED: dnsmasq warning in syslog if DHCP static leases are disabled 3.FIXED: Disabling DHCP logging would cause a syntax error in dnsmasq's configuration (regression from dnsmasq update) . exports.add.26 (15-Mar-2013): . rather than just toggle the state of the enabled radios.FIXED: Openvpn: Non-CBC ciphers weren't working (their use is still not recommended) .CHANGED: Router will supply its device name when requesting an IP while in AP mode.4..FIXED: Improved fdisk support for 4KB sector size .add. and radio states will survive reboots.add .add. regardless of telnet/ssh states (and including in AP mode) . for those used to see it there.NEW: ipset Netfilter support + userspace tool to create ipset lists. Left it on the SMB page as well. passwd.270.CHANGED: Added a folder picker to the Tools Other Settings page to .0.FIXED: Proxy auto-configuration support (Asus bug) 3.FIXED: Outbound VPN client traffic was dropped (regression from firewall_2 fix) 3. since it's now relevant to the router's hostname (not just SMB).NEW: NFS folder sharing. .add. This means the button will override the webui.CHANGED: WPS button when set as a radio toggle will now behave the same way as Asus's firmware: pressing it will fully enable/disable both radios in the webui.NEW: New script that will setup Entware for you (written by ryzhov_al).0.FIXED: Avoid duplicate shares when using simpler share naming using Asus's code from 354) .CHANGED: Router's hostname is now set all the time.CHANGED: Improved networkmap: * Will also use DHCP hostnames and user-defined static names instead of just NetBIOS names * Client list will show an animation while networkmap is still busy scanning and resolving device names * Dropdown menus that use Networkmap to build a list of devices will also display names in addition to IP/MAC.FIXED: Volume labels with spaces were rejected (Asus used the same code to validate hostnames and volume labels) 3.0.sh" through SSH/Telnet to launch the install process.4.0. .NEW: Ccustom configs: group. .270. Run "entware-setup.CHANGED: Don't restart the whole network if you only changed DHCP reservations (LAN -> DHCP page) .4.CHANGED: Added device name field on the LAN page.26b (17-Mar-2013): .270. gshadow.0.4. Webui can be found on the USB Applications -> Servers Center page (NFS Exports tab) .FIXED: openvpn: Client-specific entries weren't properly parsed .0.25 .
.FIXED: Timing issues under IE where resolved device names would not display on certain pages (such as the Sysinfo page) . This is just as an added security precaution. fixed CDRouter test firewall_2) .FIXED: Various timing issues causing some TrafficMonitoring and the Sysinfo pages to often fail loading under IE.CHANGED: Updated dnsmasq to 2.CHANGED: Improved name resolution on traffic monitor page.FIXED: Added missing badblocks program .NEW: Rebased on 3.FIXED: ebtables were still broken.18.104.22.168 and lzo 2. .2 (with Oleg/wl500g patches re-applied).FIXED: DHCP client will be less aggressive in attempting to obtain a lease (wait 2 mins instead of 20 secs between attempts).CHANGED: Enabled additional optimizations for openssl and openvpn for a significant performance gain .0.4.0. .NEW: Replaced Busybox fsck/mkfs tools with those from e2fsprogs. .CHANGED: Reverted wireless driver to build 220 (RT-AC66U only) .FIXED: Made profile. .add be run after any Optware profile. . .0. now uses a device's hostname if it reported one. . including GPT support in fdisk. Notable changes: o New driver builds (these are NOT the new major versions that Asus are still working on) o NTP-related changes .65 (backported from 3. should be more reliable. . will overwrite names with those entered on the DHCP static lease page.06.CHANGED: Client List now uses our improved name resolution code. .CHANGED: Temperatures on Sysinfo page will now auto-update every 3 seconds.FIXED: IPv6 WAN would have the wrong prefix length (Asus bug.FIXED: WOL list corruption when removing an entry in some browsers . .3.CHANGED: Connections page now uses Ajax for slightly better rendering . should help with ISPs like Charter who will blacklist you if you send too many Discovery packets in a short period of time.NEW: Report CTF (HW Acceleration) state on Sysinfo page.NEW: Display Ethernet port states on the Sysinfo page.24 (13-Feb-2013): .FIXED: Some OpenVPN fields rejected -1 as being valid.334) . fixed by a complete rebuild. .select a location to store your traffic data files.4.CHANGED: Updated Busybox to 1. . .FIXED: VPN client "common name" wasn't getting saved .FIXED: No longer forward packets with a LAN IP as destination (Asus bug.4. NOTE: previous versions were NOT affected by the recent UPNP exploit disclosure.270.FIXED: Hide 5G radio info from Sysinfo page if router is \ single band (RT-N16) .FIXED: JS error on the Per Device pages if FW failed to load the traffic history. .CHANGED: Updated to OpenVPN 2. Lots of fixes. . . so the user changes will have priority over anything else.FIXED: Temperature on Performance Tuning page would fail to update if a radio was disabled.0. patch submitted by PiotrKa) 3.CHANGED: Updated Miniupnpd to version 1.0.270.FIXED: Master Browser/WINS would not work if there was no USB disk plugged. .
3.too many issues with it at this point.0.4.NEW: Option to enable/disable logging DHCP client queries (LAN->DHCP page) .FIXED: Per Device traffic monitor pages missing under IE 3.FIXED: Wouldn't enable wins in Samba if you had a WINS IP entered on the DHCP configuration page.FIXED: Backported various kernel fixes from Oleg/WL500G.FIXED: Display of Connections under IE .NEW: Option to disable the Netfilter SIP helper (Firewall page).FIXED: The IE fix ended up breaking Firefox (and meanwhile.266.22 (15-Dec-2012): .FIXED: Router crash if the list of MAC filters + their names got too long.0. Based on the Tomato IPTraffic implementation by Teaman.264 (from the RT-N53 GPL).0.NEW: Rebased on 3.FIXED: Router would have no hostname if you enabled ssh but kept telnet disabled.FIXED: Really fixed Firefox issue (the fix wasn't merged in release 260.0. .266.FIXED: Couldn't add new ebtables rules (regression in 264.22) . Do not load CTF if booting with cstats enabled.264.CHANGED: Dual WAN is no longer enabled in regular builds .org to help improve HDD > 2 TB support (still not perfect.0.FIXED: Tabs would disappear while on the Monthly traffic page. .0. .0. .CHANGED: System log starts at the bottom (backported from GPL 314) .4.FIXED: Layout issues on the DHCP page (one in Asus code.0. . 3. another in Merlin code) .4.4.4. .NEW: Traffic monitoring per IP added to the Traffic Monitor section. .FIXED: Beeline Corbina was unable to connect to PPTP/L2TP server due to DNS issues.FIXED: Trying to apply settings on the System page with a username containing a non-alphanum would incorrectly assume you just tried to change to an account name that already existed (Asus bug).21). allows people to manually forward port 5060 to their own SIP server . .conf . Regular USB failover still works.FIXED: customized minidlna. Chrome worked fine no matter which method was used to build that dropdown). .266 (from the RT-AC66U GPL) .0.NEW: Tools icon contributed by Maximilian Czarnecki.FIXED: OpenVPN webui: TLS Reneg and Connection Retry wouldn't let you enter -1 as value.FIXED: Skip bad blocks while erasing MTD partition (fixes RT-AC66U failing to format JFFS2 partition due to bad blocks) .FIXED: Samba would bind to the WAN interface while in router mode (Asus bug) . .23 (31-Dec-2012): .NEW: Rebased on 3. .FIXED: Traffic monitoring per IP is unreliable if HW acceleration is enabled. Tomato and Kernel. some USB enclosures are simply not Linux compatible) .0. ..23b (31-Dec-2012): .
NEW: unmount user script .246.0.FIXED: Changing the router login name to anything other than "admin" would prevent radvd.FIXED: Firefox compatibility issues on the DHCP static and MAC filter name fields.4.0. .NEW: led_ctrl and makemime (for use in conjunction with sendmail) applets.0.246.0. ecmh and the cru script from working properly .FIXED: Wifi LEDs would turn back on if radios were enabled while in Stealth Mode (now they turn back off after a few seconds) .0.4. .21 (5-Dec-2012): .NEW: Wifi status icon popup will report the state of each radios. 3.4.NEW: Option to force the router into becoming the SMB Master Browser. o Improved AiCloud webui .FIXED: You couldn't disable DMZ by clearing the IP field.NEW: Option to make the router act as a WINS server. 3.NEW: fstab custom config file . .NEW: upnp custom config file for miniupnpd . .0. .19b (26-Oct-2012): .CHANGED: Improved SMB and vsftpd read performance by up to 30% 3.FIXED: No longer reboot the router three times during boot time if one of the radios is disabled by the user.0. potentially overwriting Asuswrt-Merlin with an original Asus firmware.FIXED: Webui would break if a network device had an invalid NetBIOS name (such as the Sonos Dock).NEW: Implemented control for network switch LEDs (all four at once) . .NEW: Stealth Mode: option to disable all LEDs .NEW: Wifi status icon will be half colored if only one radio is enabled. .4.0. This version should resolve issues with some Russian ISPs.FIXED: Radio toggle through WPS button would be overriden by a scheduled radio.FIXED: clientid passing for some ISPs requiring it (like Sky UK) was broken with the DHCP client change of build 220. as this seems to be the most stable at this time.0.FIXED: QIS would report newer firmwares.4.FIXED: Reverted wireless driver to build 220 version as the new one caused various connection issues for some (RT-N66U).246.20 (14-Nov-2012): .NEW: Rebased on 3.19 (23-Oct-2012): .0. Some notable changes: o New "Enhanced interference management" option under Wireless -> Professional. (RT-N66U) .NEW: Option to control Spanning-Tree Protocol . . .FIXED: You couldn't edit entered text in DHCP/MAC/etc name field .NEW: Rebased on 3. Reverted "switch" to "toggle" code to prevent this. Made then use http_username instead (which is tied to the superuser) .260. . .NEW: Added CONFIG_IP_NF_RAW and CONFIG_NETFILTER_XT_TARGET_NOTRACK modules.260. .4. .3. Note that the RT-N66U build still uses the wireless driver from release 220.246.0.they all assumed "admin".FIXED: Wifi status icon wasn't accurately reporting states if they were changed by a radio schedule.0.
as it would make the first access to the wireless page take forever if you had multiple connected clients . 3. .4. When enabled.FIXED: Re-enabled DualWAN (RT-N66U. . For example.FIXED: OpenVPN 'Start with WAN' and 'Respond to DNS' settings were not properly saved.64 .FIXED: Re-enabled Beceem (Wimax) support in RT-AC66U. . .0. . .0.NEW: Added Name field to the Wireless ACL page.0. 3.NEW: Added OpenVPN logging verbosity setting (vpn_loglevel.FIXED: Removed MAC Filter page. . or completely replace the config file generated by the firmware.0. the folder Share will be shared as "Share" instead of "Share (on sda1)". .4.CHANGED: Added some info to the OpenVPN server and client pages. .NEW: Report the current CFE/Bootloader version on the Sysinfo page. .220.FIXED: post-mount user script wasn't executed (regression in 220. 3. For advanced usage/debugging only. . under USB Application. "service restart_samba" will restart the Samba service.FIXED: OpenVPN Client "Username Auth only" option was broken.NEW: User customized config files for various services. . with 3 being the default).FIXED: Wireless client list alignment in AP mode. . Those custom config entries can either be appended.NEW: Option to enable simpler share names.FIXED: Minor tweaks to the AiCloud pages so they can fit on a 15" laptop sc reen (some close buttons at the bottom were unreachable) .NEW: Added service applet to rc.FIXED: Limit valid characters in a DHCP/WOL description to prevent breaking the webui by using invalid ones such as quotes. You will have to manually refresh the page the first time you access it if the RSSI is reported as "??". .17) .18b (25-Sept-2012): . . RT-AC66U) .220. as it doesn't work (not compatible with Parental Control).17 (18-Sept-2012): .4.o dnsmasq updated to 2.1.220.CHANGED: Less strict rules when validating user-entered MAC hwaddr.CHANGED: Improved load time of the VPN Status page.FIXED: Enabling SSH access from WAN didn't work if DualWAN was set to load-balancing. for significant perfor mance improvements in applications such as OpenVPN or SSH when using AES.FIXED: Removed rssi retrieval retries. must be manually set to a value between 0 and 15.NEW: Report both rx and tx rates on wifi connections . .FIXED: Buffer overrun in init code that would crash the router when too many features were enabled at compile time.0.FIXED: First time a client's rssi is polled it would return 0. The option can be found on the Misc tab.FIXED: OpenVPN Client wasn't properly applying DNS settings that the server was pushing to us.0.NEW: Backported OpenSSL ASM optimization from 1. .18 (23-Sept-2012): .0. .FIXED: Handle cases where the wireless driver returns a speed of -1 .
0.0. .NEW: Added nat-start user script. . and is now able to deal with cases where radios are disabled.FIXED: dnsmasq was listening to all interfaces by default.16 Beta: . as NAT rules get applied separately from other firewall rules (firewall-start changes to the nat table are being overwritten when the router starts NAT) .FIXED: dnsmasq not listening to DNS requests from OpenVPN clients if you had just enabled the option on the webui.CHANGED: Upgraded openssl to 1.3.0.NEW: Added additional info to Sysinfo page .0.CHANGED: Removed power adjustments from the Performance page.14b: . . 3.3.CHANGED: Disabled Beceem Wimax support in RT-AC66U as it bricks the router.NEW: Option to exclude specific devices from idle spindown .162.FIXED: Performance page now uses the new Sysinfo API. and was also displaying some issues.FIXED: PPTP clients not always showing on VPN Status page.NEW: Option to allow SSH access from WAN .CHANGED: Disabled DualWAN as it's currently broken in 220.0j.. Limiting partition to 32 MB max.3. 3. .0. and not as reliable. . . as they are redundant. . . . 3. as it exhibited many issues.0.CHANGED: Removed firmware update checker to avoid accidental revert to original FW.NEW: (RT-AC66U) Implemented JFFS support.FIXED: (RT-AC66U) Would crash when accessing a LAN device through either VPN or the NAT Loopback (GRO is now disabled for that device) . .178.15 (17-Aug-2012): .NEW: RT-AC66U officialy supported.CHANGED: (RT-N16) Disabled Dual WAN. RT-AC66U) Implemented OpenVPN.0. which includes: * Fixes to IPv6 6rd * Fixes to AC66U Wifi + QoS * AiCloud * Interference mode once again enabled . and I am unable to work on them without an actual router. . allowing even dhcp requests to be serviced from the wan side if you had the firewall disabled (Asus bug) (fixed by dev0id) .NEW: (RT-N66U.NEW: Rebased on 3. as using the whole 90+ MB available makes little sense for JFFS.0. with all the same features as the RT-N66 U. based on code written by Keith Moyer (from the Tomato project).0.NEW: Added crontab command .0.4.3.220.NEW: Added chroot applet .178.0. .FIXED: Corrupted WOL list when using IE.NEW: Rebased on 3. .CHANGED: Included fully functional openssl command (will allow you to create keypairs and certificates from the router).FIXED: Default disk idle spindown now set to 0 (disabled).NEW: Display last received rate and rssi for each clients on Wireless Log pa ge.178. Notable fixes by Asus: * Radio turns back on based on schedule * Reorganized QoS pages * Turning WAN DHCP connection off will first release current DHCP lea se .
FIXED: Accessing the WOL page would make it resend the last WOL request.0.157. . now on the Administration -> System tab.0. such as timezone DST.0.144.FIXED: Retrieve dhcpc options for the correct wan interface 3.144. .3.0.0.net/projects/minidlna/files/minidlna/1..CHANGED: Switched to WPS radio toggle code Asus added.NEW: Station list on the Wireless Log page will now report associated IP and hostnames (when possible). Replaced with new code based on a suggestion from Phuzi0n on the DD-WRT forums.NEW: Added link to the command shell page in Tools menu.. etc. .FIXED: Brought max PPTPD password lenght back to 32 chars (Asus had reduced it to 16 in recent versions) . Upgraded radvd .3.NEW: Webui option to enable resolving IPs on the Connections tab .3. https auth.0.0.25 (changelog: http://sourceforge.0.157.FIXED: NAT loopback rules would actually NAT every lan to lan connections instead of only those needing the loopback (bug in Asus's code). 3.162.10 (30-June-2012): .0.3.3.FIXED: Web server would crash for some people when accessing the Wireless Log page. ***First flash will . They fixed many issues.0.NEW: Name field added to DHCP reservation list .3.FIXED: 'cru' was using 'root' instead of 'admin' .NEW: Support for 64K NVRAM enabled.CHANGED: Improved WOL page functionality. . .162.CHANGED: Upgraded to MiniDLNA 1. which they have graciously provided me with.14: .NEW: Rebased on 3.13: .162.NEW: (RT-N16) Enabled power settings (EXPERIMENTAL) . 3.CHANGED: Increased dhcp options from 32 to 128 characters .144.0.11 Beta (6-July-2012): .25/) .NEW: Spin down disks after (user-configurable) inactivity timeout (using Jeff Gibbons' sd-idle-2. .0.NEW: Rebased on 3.CHANGED: Better integration of the Run Cmd page. IPv6 tunnel memory leak fixed .0. . 3..0.NEW: Added "tee" command.0.NEW: Rebased on 3.NEW: System information page under the Tools menu.3.FIXED: Incorrect left menu rendering when under the Tools menu.0. .12 Beta: This is based on unreleased Asus code. making some of my patches no longer necessary. Notable changes from Asus: .3.NEW: Store a list of computer MACs to use as WOL targets .CHANGED: Re-enabled Dual WAN (EXPERIMENTAL) .CHANGED: Made tracked connections load async from rest of the page .0.CHANGED: Increased hostname width on Connection status page . 3.0. .6) . . .
KNOWN ISSUE: PPTP VPN can randomly reboot the router if accessing a LAN device behind the router. The QoS code remains from build 108.0.NEW: Keyword-based filter (new in 130) . *** .NEW: Added "diff" utility .130 (RT-N53U sources).KNOWN ISSUE: Memory leak when using IPv6 (bug in Asus's code and/or kernel code) . or manually add a route to your VPN client.130. so you'll want to not only start with the new default values.3) . Be warned!*** NEW: Enabled support for Broadcom Wimax devices NEW: Added cifs kernel module (for mounting remote SMB shares) NEW: Added layer7 iptables matching NEW: Added user-options for DHCP on the WAN page FIXED: Router crashing when connecting to it over Wifi and running the newer QoS code (disabled GRO) FIXED: Router crashing when connecting to a network device behind the router from over a VPN connection (disabled GRO). FIXED: Incorrect timezone set unless enabling manual DST.168.3. not sure what else (as I have no changelog between 112 and 130).- wipe out ALL your settings! And you cannot restore from saved settings . Otherwise you will be wasting a good amount of the limited available nvram.4.0. as build 130 is unstable.FIXED: Memory leak in sit.130.1.25.FIXED: no-ip DDNS entry would revert to Asus DDNS on webui 3. 3.ko (backported from Linux 2.e.9 (10-June-2012): .NEW: Enabled new Dual WAN support from Asus . Workaround is to use an IP range outside of the local LAN (i. and either set your VPN to use the VPN tunnel as default gateway.FIXED: Firmware/settings can now be uploaded over HTTPS (bug fixed by Asus) .0.0." (bug in Asus's code) .3.0.FIXED: Firewall would break when applying a game preset that had multiple ports separated by a ".0).0 instead of 192. Build 130 brings various code changes to IPv6. 10.FIXED: Buffer overflow in networkmap that would cause garbled device names to appear on the clists list (bug in Asus's code) .FIXED: WOL through webui wasn't working when IPv6 is enabled .NEW: Rebased patches on 3.you must manually reconfigure everything.0.8 (8-June-2012): *** Reverting to factory defaults BEFORE and AFTER flashing this version is strongly recommended! The newer Asus code base seems to have changed quite a few settings. but also get rid of obsolete settings. .0.0. .IMPROVED: /jffs/scripts/ will be created automatically if it doesn't exist (you must still make any new script executable using "chmod a+rx script_filename") .6.
FIXED: Disabled traffic history saving to nvram for now. 3.FIXED: Missing bottom pixels from the bottom of General menu . .CHANGE: Switched back to wol.0. to avoid people accidentally filling their limited nvram space.NEW: Can save traffic history to a custom location (USB or JFFS.6 (14-May-2012): .NEW: Added HTTPS access to web interface (configurable under Administration ) .0.FIXED: typo in VPN iptables entries (bug in Asus's code) 3.FIXED: sshd would start even if disabled . . 3.NEW: Added the Performance Tuning page (with temperature). . as I get -80db from the other end of the house no matter if I use 40 or 500 mW.NEW: HTTP access list (backported from build 112) .3. . for instance) to preserve it between reboots. as people report better compatibility with it .3.FIXED: Webui authentication was bypassed by the web server (bug in Asus's code) .NEW: Added netstat-nat command. .3. .0.FIXED: Removed invalid CSS attribute .0. ether-wake remains available over Telnet. and before any service gets started) .108.NEW: Added webui page under System Log to display active/tracked network connections.NEW: Added pre-mount and post-mount user scripts (patch submitted by Shantanu Goel) .4 (28-Apr-2012): .108.FIXED: Httpd crash when uploading a FW or settings file over https .FIXED: Removed check in Asus's code that would reject txpower > 80 unless you clicked three times on Apply (?!). For now you have to use http for flashing the FW or restoring your settings from a saved config file.0.108.NEW: PPTP VPN encryption options (backported from build 112) .NEW: Allows tweaking TCP/UDP connection tracking timeouts .NEW: init-start is a new user script that will be run early on at boot time (right after jffs is mounted.NEW: Option to turn the WPS button into a radio on/off toggle (under Admini stration) . NOTE: Still not sure power setting even works.NEW: Clicking on the MAC address of an unidentified client will do a lookup in the OUI database (ported from DD-WRT).NEW: Added Monthly traffic page (ported from Tomato) .3.FIXED: Traffic history location was't properly saved when changed in webui. .should simply fail now.3.108.com support to DDNS (patch submitted by Igor Pavlov) .0.0.NEW: Added no-ip.7 (27-May-2012): .NEW: Crond starts at boot time. .0. .5 (5-May-2012): .
under the Asus Wireless section.0. updated Contact info with SNB for um URL .ca Twitter: https://twitter.smallnetbuilder. There's a dedicated Asuswrt-Merlin sub-forum there.2 (14-Apr-2012): . Contact information ------------------SmallNetBuilder forums (preferred method: http://forums.0.NEW: SSHD support . Drop me a note if you are using this firmware and are enjoying it. and switched to ether-wake (from busybox) inste ad.0. please use the SmallNetBuilder forums whenever possible.3 (18-Apr-2012): .com/RMerlinDev IRC: #asuswrt on DALnet Download: http://www.NEW: Added WakeOnLan web page 3. and also providing me with support when needed.0.lostrealm. 3.108.108.NEW: JFFS support (mounted under /jffs) .1 (5-Apr-2012): . --Eric Sauvageau .com/RMerl/asuswrt-merlin Email: email@example.com/ Github: https://github. . If you really like it and want to give more than a simple "Thank you". Much appreciated! Logo designed by r00t4rd3d.Initial release. there is also a Paypal donation button on my website. thank you everyone who has donated through Paypal.IMPROVED: Fleshed out this documentation. You can also keep a closer eye on development as it happens through the Github site. must be located in /jffs/scripts/ .com/show thread.php?t=7047 as RMerlin) Website: http://www.CHANGE: Removed wol binary. Also.3. services-stop.lostrealm.ca/asuswrt-merlin/download Development news will be posted on Twitter.108. wan-start and firewall-start user scrip ts.3. I want to give my special thanks to Asus for showing an interest in this project. For support questions.NEW: services-start.0. .CHANGE: Added "Merlin build" next to the firmware version on web interface.3.0.3.