Professional Documents
Culture Documents
========================
380.70 (8-Apr-2018)
- NOTE: This will be the final 380.xx release for
all models. The RT-N66U and RT-AC66U
support will be dropped, and all other
models have been migrated to the new gen
branch, as of release 384.4.
380.69_2 (28-Jan-2018)
- NOTE: The official IRC channel has moved to
Freenode (#asuswrt).
380.69 (11-Dec-2017)
- NEW: Added option to disable the Asus NAT tunnel service under
Other Settings -> Tweak. Not quite sure what this
partly closed source service is for, but it eats a
fair amount of CPU and RAM (backport from 382)
380.68_4 (4-Oct-2017)
- CHANGED: Updated dnsmasq to 2.78 (contains a number of
security fixes).
- FIXED: rstats could crash at start time in some situations.
- FIXED: QOS Scheduler would revert back to sfq after you had
re-enabled QOS while (fq_)codel was already selected.
- FIXED: Missing tabs on the Parental Control page.
- FIXED: Realtek port status wouldn't auto-refresh on the Sysinfo
page.
- FIXED: Incorrect sort by remaining time on the DHCP Lease page.
- FIXED: Some LAN clients couldn't be added to the TOR redirected
client list.
380.68_2 (12-Sept-2017)
- FIXED: Some models would show the wrong menu options while in
Repeater mode.
- FIXED: USB modem page not displayed if WAN type was set to USB.
- FIXED: CVE-2017-12754 security issue.
- FIXED: Incorrect LAN ports order on Networkmap (RT-AC3200)
(Asus bug)
- FIXED: Extra OpenVPN CA not properly handled for OpenVPN
clients 3, 4 and 5.
- FIXED: Invalid txrate shown on Wireless Client page if client
isn't authenticated yet
380.68 (18-Aug-2017)
- IMPORTANT: due to major webui changes, you will need to
either flush your browser cache, or force it
to reload the page (shift-reload) the first time
you access the webui after upgrading to 380.68.
380.67 (16-July-2017)
- NEW: Merged with GPL 380_7743 code, with binary blobs from
7378 for N66U
- NEW: Custom config support for quagga/ripd.
- NEW: Webui SSL certificate can now be saved so it gets reused
instead of a new one being constantly generated. It will
be stored under /jffs/ssl/, you can also easily provide
your own by storing cert.pem and key.pem in that location.
Settings to control this can be found under
Administration -> System.
- NEW: TLS support in vsftpd. Key and certs are automatically
generated, and can also be replaced by your own, as
ftp.key and ftp.crt under /jffs/ssl/
- NEW: fq_codel and configurable overhead support in Adaptive QoS.
- NEW: PEAP/MSCHAPv2 support via 802.1x on WAN interface, in
addition to existing MD5 support (patch by Rafi Khardalian)
- CHANGED: Remember chosen sort method on DHCP static reservations
page.
- CHANGED: Updated minidlna to 1.2.0.
- CHANGED: Updated nano to 2.8.5.
- CHANGED: Updated openssl to 1.0.2l.
- CHANGED: Updated ipset (ARM) to 6.32.
- CHANGED: Upgraded from vsftpd 2.0.4 to 3.0.3. You might need to
revise any custom configuration you have done (if any).
- CHANGED: Moved SMB2 support switch to the main samba page.
- CHANGED: Optimized all webui images for size
- CHANGED: Tor now runs as a limited user instead of as root
- CHANGED: Limited number of supported OpenVPN clients to 2 on
the RT-AC3200, to save on nvram.
- CHANGED: Removed tweak that allowed to disable/enable bridge
multicast snooping, as Asus now disables it upstream
at the kernel level.
- FIXED: OpenVPN client would be shown as having failed to connect
if a reconnect attempt initially failed to authenticate,
but succesfully connected afterward.
- FIXED: Quagga's log could fill up RAM, reduced the amount of
logging generated by it.
- FIXED: NFS sometimes failing to start properly (patch by john9527)
- FIXED: Layout issue of the status bar under Chrome when window
is larger than 1800px (patch by Cyrus Dargahi)
- FIXED: UPNP and SNMP issues in Dual WAN mode.
- FIXED: NAT Loopback (merlin mode) in Dual WAN mode wasn't supported.
- FIXED: Internal and external port specifications were swapped in
miniupnpd's config file (Asus/Tomato bug)
- FIXED: Enabling policy-based routing for a client connecting to
a server that doesn't push a redirect-gateway would fail
to properly route traffic (for instance with StrongVPN)
- FIXED: Invalid port trigger rules when specifying a port range
(patch by John Bacho)
- FIXED: OpenVPN client with a password containing an "&" could get
corrupted when re-editing that client's config.
- FIXED: Some remote syslogd would choke on syslog entries sent by
the router if there were spaces in the tag parameter.
Removed spaces where this was the case.
380.66_6 (22-June-2017)
- CHANGED: Updated OpenVPN to 2.4.3
- FIXED: Corrupted firewall rules if enabling SSHD brute-force
protection and Respond to WAN Ping at the same time
while in Dual WAN mode.
380.66_4 (26-May-2017)
- CHANGED: Updated dropbear to 2017.75
- FIXED: Security issue CVE-2017-7494 in Samba.
380.66_2 (16-May-2017)
- FIXED: AiCloud fail to start on RT-N66U and RT-AC66U.
- FIXED: The generated key/cert for httpds and AiCloud could
sometimes be invalid due to a timing probblem.
380.66 (12-May-2017)
- NEW: Merged with GPL 380_7378
Notable changes:
* Port forwards can select a specific source IP
* Security fixes for CVE-2017-5891, CVE-2017-5892
and CVE-2017-6547
Note:
* If you are experiencing new wifi stability
issues, try disabling Airtime Fairness on
the Wireless -> Professional page (on all
bands).
380.65_4 (28-Mar-2017)
- FIXED: Various LAN/WAN issues with the RT-AC3200 due to
incorrect GMAC state checks (Asus bug) (patch
by john9527)
- FIXED: Some models would sometime randomly fail to start one
of their wifi radio, possibly due to a hardware design
issue. Partly revert the 380.65 changes that removed
the automatic reboot if one radio was disabled at boot
time, but reduced the maximum number of reboots to 1.
380.65_2 (10-Mar-2017)
- FIXED: CVE-2017-6549 (implemented temporary workaround,
until a proper fix from Asus)
- FIXED: CVE-2017-6548 (backport from GPL 7266)
- FIXED: WOL page fails to load if adding a client with a
quote in its name.
- FIXED: Couldn't add a DHCP reservation client if its name
contained a quote.
380.65 (3-Feb-2017)
- NEW: Merged with parts of Asus GPL 380_4180, left out
most of it because of too many bugs in it.
- NEW: Upgraded to OpenVPN 2.4.0, and implemented support
for many of its new features:
* GCM ciphers
* LZ4 compression
* tls-crypt (uses the Static Key field)
* Cipher negotiation (NCP), with (optional)
fallback to legacy "cipher" parameter when
an OpenVPN 2.3 client connects to the
router's 2.4 server.
Please refer to the OpenVPN 2.4 documentation for
more info on these new features.
380.64_2 (8-Jan-2017)
- FIXED: IPv6 client list failing to properly show hostnames
(regression in 64_1)
- FIXED: A few potential buffer overruns in httpd
380.64_1 (6-Jan-2017)
- FIXED: Security issues in httpd (backport from GPL 4180 +
additional fixes of my own)
380.64 (16-Dec-2016)
- NEW: New firmware availability notification. The router will
notify you if a new firmware is available, and will also
let you view the changelog before sending you to the
download page (the update process remains manual).
380.63_2 (12-Nov-2016)
- CHANGED: Added detection for iPhone 7 models in networkmap
(patch by Andrei Coman).
- CHANGED: Enabled --dns-loop-detect support in dnsmasq
- CHANGED: Move Dual WAN static routes to a lower priority, so VPN
policy rules will have priority over them
- FIXED: Traditional QoS labels were off by one on the Stats page.
- FIXED: Adaptive QoS upload stats couldn't be retrieved because
qosd seems to be hardcoded to always set up classes on eth0
rather than on the real WAN interface.
- FIXED: USB driver was removed too early at shutdown time on the
RT-AC56U and RT-AC87U (fix by john9527)
380.63 (6-Nov-2016)
- NEW: QoS Statistics page, showing the amount of traffic assigned to
each available classes, as well as the current throughput.
- NEW: Charts added to various Traffic Monitor pages.
Note that you can click on legend items to reveal/hide the
DL/UL data. Hovering over a bar or a pie slice will
display the exact value for that item.
- NEW: Added pc_delete() to the helper script (patch by john95287)
- NEW: IPv6 firewall now supports fixed interface ID (EUI64) ipv6
destination addresses (Patch by john9527)
- CHANGED: Updated Tor to 0.2.8.9
- CHANGED: Updated OUI database.
- CHANGED: ipset was updated to version 6.29 on ARM models.
IMPORTANT: this means you will probably need to
update your script to the new syntax. You need to
load the xt_set.ko module at the start of your script.
There has been no change to MIPS models, due to their
older kernel. (original code by Shibby and Victek,
Asuswrt port by john9527) (ARM only)
- CHANGED: OpenVPN policy rules now start at prio 10000 instead of 1000
- CHANGED: Added help popups to various settings that are unique to
Asuswrt-Merlin.
- FIXED: Custom group/shadow/passwd weren't applied at boot time.
- FIXED: CVE-2016-5195 (Dirty COW) vulnerability in kernel
(patches by blackfuel and Joseph A. Yasi)
- FIXED: Network Service Filter rules would only apply to clients
under Parental Control if that was enabled (original
debugging by john9527) (Asus bug)
- FIXED: A few memory leaks in httpd and rc services.
380.62_1 (29-Sept-2016)
- CHANGED: Updated OpenSSL to 1.0.2j
380.62 (23-Sept-2016)
- NEW: Added nano 2.7.0 (user-friendly text editor)
Documentation: https://www.nano-editor.org/dist/v2.6/nano.html
Note that for space reasons, some of its features are disabled
for the RT-N66U and RT-AC66U. Entware users might want to
uninstall the Entware version if they had it installed and want
to use the built-in version instead.
- NEW: Option to toggle the display of passwords on the PPTPD and
OpenVPN server pages.
- NEW: Allow providing a vendor class on the WAN page (DHCP option 60)
- NEW: Add option to disable sending a RELEASE request when odhcp6c
exits, allowing you to retain your received prefix with some
ISPs.
- CHANGED: Updated nettle to 3.2 (used for dnssec) and increased
optimization level.
- CHANGED: Updated minidlna to 1.1.6
- CHANGED: Updated OpenVPN to 2.3.12
- CHANGED: Updated OpenSSL to 1.0.2i
- CHANGED: Revamped the Wireless Log page:
- Merged some columns to gain more horizontal space
- Longer hostname shown (truncated names are now
shown in a tooltip)
- Display clients' IPv6 if they have one
- CHANGED: Accept up to 250 characters for OpenVPN client's
username and password (one provider needs 64).
- CHANGED: Hide the WPA key on the Wireless config page, and only
reveal it when you click on the field to edit it.
- FIXED: OpenVPN client shouldn't display policy routing settings
when using a TAP interface.
- FIXED: DSL/ATM overhead setting was visible on MIPS models, which
don't support it.
- FIXED: Editing OpenVPN or PPTP users with any value longer than
32 chars could lead to corruption of the user list.
- FIXED: Custom config file for igmpproxy wasn't working.
- FIXED: After turning off a Guest network, the next visit to the
Wireless Settings page would show that guest network's settings
instead of the parent band settings (Asus bug)
- FIXED: Smart Connect rules didn't apply on the RT-AC88U (backported
fix from 380_3941).
- FIXED: Numerous memory leaks in the networkmap service. (Asus bug)
- FIXED: Potential buffer overrun in the networkmap service. (Asus bug)
- FIXED: Broken IPv6 connectivity if enabling SSH brute force
protection (only MIPS models were affected)
- FIXED: 5G LED would fail to turn back on when exiting stealth mode.
- FIXED: Only hostname was used as remote server in an exported
OpenVPN client config when using Namecheap DDNS.
- FIXED: Security vulnerability (XSS/CSR) in httpd (backported
fix from 380_4005).
- FIXED: Chrome would try to autofill some fields (such as on the
DDNS configuration page), which could be problematic.
- FIXED: IPTraffic database was no longer properly named after
the router's MAC address on the AC88/AC3100/AC5300.
If you recently enabled it, you will need to either
re-create a new database, or rename the existing
database from tomato_cstats_000000000000.gz to
tomato_cstats_XXXXXXXXXXXX.gz, where "XXXXXXXXXXXX" is
your MAC as found with "nvram get et2macaddr", in
lowercase (AC88/AC3100/AC5300 only).
380.61 (4-Aug-2016)
- FIXED: Connected OpenVPN clients reporting as disconnected
on the status page following any wireless config change
(Asus bug)
- FIXED: OpenVPN server would report being "Initializing"
while it already was ready, following any
wireless config change (Asus bug)
- FIXED: Various stability issues with minidlna (reverted some
of Asus's customizations)
380.60
There was no non-beta release, due to limited model support
and unsolved WAN stability issues.
- NEW: Merged with GPL 3479. This includes the new file format
required for certification purposes.
- NEW: Option to enable overhead calculation on Traditional QoS
for DSL users (ARM-only)
- NEW: Option on System page to disable the new forced
redirection to router.asus.com (defaults to disabled)
- CHANGED: Updated OpenVPN to 2.3.11
- CHANGED: Allow to specify IPv6 prefixes up to 126 on the IPv6 config
- CHANGED: Networkmap will now announce itself as "Asuswrt/networkmap"
when connecting to LAN's web services.
- FIXED: OpenVPN server instances weren't properly reporting
if an error occurred at start time.
- FIXED: wget was unable to access https site due to not
having a CA bundle to verify certificates
- FIXED: odhcp6c was sending bogus preferred prefixes, so
anything larger than 64 could result in an invalid
prefix
- FIXED: Language selector is missing on router set for the
JP region (reverted Asus change)
- FIXED: Client names with single quotes couldn't be edited
in the networkmap client popup (Asus bug)
- FIXED: Router wouldn't run SMB to provide browser master
or Wins services if no USB disk was plugged
- FIXED: Router would sometime fail to renew a WAN DHCP lease.
(fix by theMIROn)
380.59 (10-May-2016)
- NEW: Merged with 380_2697 GPL. This includes beta MU-MIMO support for
the RT-AC87U/AC88U/AC3100/AC5300, and IPTV fixes.
- NEW: Option on OpenVPN client/server page to reset them back to the
factory default settings.
- EXPERIMENTAL: Added support for codel and fq_codel to ARM models
(RT-AC56U and newer).
- CHANGED: WAN -> NAT Passthrough now allows you to determine whether or
not to load the NAT helper module for h323, rtsp and sip.
Asus's old behaviour is "Enabled + NAT Helper".
- CHANGED: DNSFilter client dropdown now uses Asus's new one integrated
with networkmap.
- CHANGED: minidlna now supports refreshing an existing database, so the
Tweak setting was updated accordingly
- CHANGED: Enable SPNEGO support in Samba
- CHANGED: Integrated Asus's networkmap into the DHCP reservations page
- CHANGED: Updated Tor to 0.2.7.6
- CHANGED: SSH WAN access will also work over IPv6
- CHANGED: Updated miniupnpd to 2.0
- CHANGED: Fields on the DHCP static lease page are now sortable
(original patch by Allan Jensen)
- CHANGED: Updated openssl to 1.0.2h
- FIXED: Daily/Monthly traffic monitoring shows invalid values on the
RT-AC88U/3100/5300, even with CTF disabled. Implemented a
temporary workaround.
- FIXED: WPS wasn't working on the RT-AC3200
- FIXED: Backported security fixes from OpenWRT to Samba 3.6.25,
addressing the following:
CVE-2015-5252, CVE-2015-5370, CVE-2015-5296,
CVE-2015-5299, CVE-2015-7560, CVE-2016-2110,
CVE-2016-2111, CVE-2016-2112, CVE-2016-2115,
CVE-2016-2118.
- FIXED: OpenVPN clients set to policy-based routing and Exclusive
DNS mode were still adding the tunnel nameservers to
dnsmasq, causing both routed and non-routed clients to use
them.
380.58 (20-Mar-2016)
- NEW: Merged with 380_1354 GPL
- NEW: Added Tweaks and Hacks settings to Tools -> Other Settings.
These are UNSUPPORTED tweaks, intended mostly for
experimentation, or very specific situations. If unsure how
to apply these, manually reboot after changing them.
One of new settings there lets you disable hourly network
rescans, to resolve issues with NAS/printers coming out
of sleep every hour.
- NEW: Added setting to configure OpenVPN's auth digest algo.
- NEW: Added setting to configure OpenVPN's logging verbosity.
Note that this setting is global to all clients/servers.
- CHANGED: Updated OpenVPN to 2.3.10
- CHANGED: Updated openssl to 1.0.2g
- CHANGED: Updated miniupnpd to 1.9.20160222
- CHANGED: Updated udpxy to 1.0-build 23-10 (backport from GPL
380_2345)
- CHANGED: if you set an OpenVPN client DNS mode to "Exclusive"
and you enable policy-based routing, then those policies
will also determine which DNS to use (the tunnel's or
the ISP's). This is based on DNSFilter's technology.
You no longer need to use DNSFilter to control
the DNS used by your OpenVPN clients.
- CHANGED: Made OpenVPN traffic bypass CTF, which resolves
some throughput issues with it
- CHANGED: Disabled X11 Forwarding support in Dropbear,
for security reasons.
- FIXED: PPTP static route handling script was broken
- FIXED: minidlna would check for the wrong database filename
at start time
- FIXED: Wrong status shown for VPN Client 3
- FIXED: OpenVPN clients were run on the wrong CPU cores.
Now, odd instances correctly run on the second core.
- FIXED: Using DNSFilter with default mode set to "router" would
prevent using the router for IPv6 lookups.
- FIXED: Account limit wasn't properly allowing up to 10
clients for SMB/FTP (patch by vit9696)
- FIXED: Having multiple OpenVPN clients configured with
multiple "Accept DNS configuration" modes would
only apply the last client's setting. Now, we
apply the most restrictive setting of all
configured clients.
- FIXED: RT-AC68U 2.4 GHz was broken if CTF was disabled
(downgraded wifi driver to 6.37.14.105)
- FIXED: Diasbling the SIP NAT helper would also drop all port 5060
traffic. Some users need to keep the SIP helper disabled
with their SIP client. Reverted that GPL 858 change.
380.57 (24-Dec-2015)
- NEW: Merged with 380_1031 GPL
- NEW: Added RT-AC3100 and RT-AC5300 support
- NEW: Added RT-AC68U HW Revision C1 support
- NEW: Backup/Restore of the content of the JFFS
partition (under Administration Restore/Save Settings)
- NEW: Added DNSSEC support. Can be enabled under LAN -> DHCP.
- NEW: Added custom/postconf support for igmpproxy.conf.
- CHANGED: Increased user account limit from 16 to 32 on
the VPN server pages.
- CHANGED: Updated e2fsprogs to 1.42.13
- CHANGED: Increased maximum entries in Parental Control
(time scheduler) to 32.
- CHANGED: Updated miniupnpd to 1.9.20151119.
- CHANGED: Updated Openssl to 1.0.2e.
- CHANGED: Downgraded Dropbear to 2014.66, too many issues in
the newer releases.
- CHANGED: Improvements to VPN Status page
- FIXED: CTF not automatically disabled when enabling IPTraffic.
- FIXED: Openvpn clients 3 through 5 were all run on the first
CPU core. They are now properly alternated like the
first two (odd on CPU1, even on CPU0)
- FIXED: smb.log generated by networkmap could fill up RAM
- FIXED: upnpc_xml.log generated by miniupnpc could fill up RAM
- FIXED: Inconsistant names used on IPTraffic and Sysinfo page.
Now, we give priority to any description manually entered
on the networkmap, followed by static hostname, then any
current (lease) hostname.
- FIXED: MAC queries sent to the OUI database were broken due to
changes on the IEEE website
- FIXED: Applying changes to OpenVPN client page would start the
client even if it was disabled/stopped.
378.56_2 (2-Nov-2015)
- CHANGED: Reverted the memory buffering optimization
for ARM devices, as people keep panicking
over the lower amount of free RAM. You can
manually re-enable the optimization by setting
"drop_caches=0" in nvram.
- CHANGED: Allow using a port < 1024 for http(s) webui
interface.
- FIXED: EMF wasn't working on AC56/AC68/AC87.
- FIXED: Couldn't connect to ISPs using VLANs (RT-AC87U)
- FIXED: Editing Port Forward entry with ellipsis in
the description or the port range would
still edit the shortened version instead
of the full content.
- FIXED: Debug log from mDNSNetMonitor could gradually
fill up RAM - disabled it.
- FIXED: Router crash if pasting SSH key > 2047
characters.
- FIXED: Editing an entry on the networkmap would
clear the hostname if entry existed in
the DHCP static list.
- FIXED: OpenVPN server in secret key mode
would fail to start.
- FIXED: Couldn't add entries to the MAC Filter list
of Guest Networks (reverted our previous
implementation which conflicted with
Asus's new one).
- FIXED: NTP failing to refresh for some cases.
Implemented temporary workaround.
- FIXED: Some services not properly starting at
boot time (like Parental Control or Tor)
378.56 (25-Oct-2015)
NOTE: There is no 378.56 build for the RT-N66U at
this time, as Asus hasn't released updated
source code for this model yet, and there are
new closed source binary components that are
necessary for this new release.
378.55 (17-July-2015)
- FIXED: DHCP lease page could get confused by IPv6 clients on
the LAN.
378.54_1 (8-June-2015)
- Some of the builds were unstable, did a complete recompile of all
releases. There was no code change.
378.54 (7-June-2015)
IMPORTANT: if you were previously using the AiProtection ad blocker, you
will need to manually disable it over SSH after flashing this
release, by running the following commands:
378.53 (26-Apr-2015)
- NEW: Merged with Asus GPL 378_4980 (with pieces from 378_4850 for AC56/AC68
and 378_5183 beta for AC87)
- NEW: OpenVPN policy routing. You can select client IPs or destination
IPs which you want to route through your VPN tunnel. You can enter
a single IP (192.168.0.1) or a whole subnet in CIDR format (for
example 74.125.226.112/30).
You can optionally block WAN access to these as well when the
tunnel goes down.
- NEW: Ad blocker based on Trend Micro's Web Reputation System (WRS).
This is an EXPERIMENTAL feature implemented by Asus but that
isn't enabled in the stock firmware.
- CHANGED: Updated Tor to 0.2.5.12
- CHANGED: Those providing a signed SSL certificate for httpd can now
provide chain certificate. The three PEMs must be in
that order: client, intermediate, CA. (Patch by sasoiliev)
- CHANGED: The setting to enable the neighbour solication filter rule
for Comcast's request flooding was changed to "ipv6_ns_drop",
and now defaults to "0" as this hack causes issues with
other ISPs.
- CHANGED: Backported dnsmasq patch that reverts a fix for Windows 8
clients as it could cause issues with other clients.
- FIXED: DNSFilter would fail if you had it set to "Router", and didn't
have a DNS IP entered on the WAN page.
- FIXED: MSS clamping wasn't applied to traffic in both direction, moved
it to the mangle table.
- FIXED: OpenVPN client firewall "external" mode does not exist - removed
from the webui.
- FIXED: PPTP account list could become corrupted after removing an entry
on the PPTP server page.
378.52_2 (5-Apr-2015)
- CHANGED: Updated AiCloud prebuilt binaries for MIPS models
- CHANGED: Applied kernel patch for MIPS kernel ported from 376_3861,
related to CTF support
- FIXED: AiCloud would fail to start unless you had HTTPS enabled for
the webui (causing the key/cert to be missing)
- FIXED: DDNS hostname would become corrupted after backing up
your router configuration (Asus bug)
378.52 (3-Apr-2015)
- NEW: Merged with Asus GPL 378_4608
- NEW: Added ECDHE support to the webui (when accessed over HTTPS)
- NEW: The DHCP server can now provide a second DNS to its clients
- NEW: You can tell the router not to advertise itself as a DNS
- NEW: Experimental Tor support (feature originally developed by
Asus, but not available yet on stock firmware). You can
enable it in the VPN section of the webui.
- CHANGED: Updated miniupnpd to 1.9.20150309
- CHANGED: You can no longer disable the JFFS2 partition if
Traffic Analyzer is enabled. Likewise, you can
no longer enable Traffic Analyzer if the JFFS2
partition is disabled.
- CHANGED: The selected refresh rate of the Wireless Clients
page will be saved to a cookie
- CHANGED: Removed obsolete (non-safe) ciphers such as RC4
from the router's https webui
- CHANGED: Updated OpenSSL to 1.0.0r
- CHANGED: Removed Turbo button support from webui, as that feature
doesn't work with the current bootloader everyone is
using now (RT-AC68)
- CHANGED: Performance optimization to the httpd, dropbear
and rc services
- FIXED: 2.4 GHz and 5 GHz-1 clients were swapped on the
Sysinfo page (RT-AC3200 only)
- FIXED: Wifi PSK wasn't blurred until activated (regression
from 378.51)
- FIXED: Samba's custom config/postconf were ignoring the
state of the global option to enable them (they
would always be used)
- FIXED: Samba's custom config/postconf usage wasn't logged
- FIXED: Some services would fail on their first attempt
to start at boot time due to the QTN subsystem
taking too long. Implemented patch from Asus
which eliminates the long QTN stall at boot
time. This resolves the issue where some users
had trouble connecting their WAN at boot time (RT-AC87U)
- FIXED: NAT rules could occasionally fail to be applied
(patch by john9527)
- FIXED: The Apply button on the Adaptive Bandwidth page
had a clickable area so wide that it even covered
part of the left side menu. (Asus bug)
- FIXED: USB menu was removed instead of Parental Control on
DPI-enabled models
- FIXED: QoS page was still available on the AP/RP modes on
DPI-enabled models
- FIXED: Error on OpenVPN Server page if using a DHCP pool for
connected clients.
- FIXED: UPNP would be reported as enabled on the security report
if it was enabled on the secondary WAN even if Dual WAN
itself wasn't enabled. Now we check that Dual WAN itself
is also enabled before reporting so. (Asus bug)
- FIXED: mtd-erase was unable to erase the brcmnand partition, which
is used as the JFFS2 partition starting with the RT-AC66U
(patch by benoitm974)
- FIXED: JFFS2 partition couldn't be formatted for all routers but
the RT-N66U (wrong partition name). Also resolved the case
where a second reboot was required to mount it.
- FIXED: RT-AC3200 port numbering was reversed on the Sysinfo page.
378.51 (6-Mar-2015)
- CHANGED: Updated OpenSSL to 1.0.0q (no real code change)
- CHANGED: Split the changelog into a separate file
- CHANGED: Added logging on custom config/script execution.
An error message will also be logged if those
are disabled while such a file is found.
- CHANGED: Allow pasting the password in some fields that would
disable it (patch by gfairchild)
- FIXED: RSSI not reported for guest clients (beta 1 regression)
- FIXED: DM failing to install on RT-AC66U (beta 1 regression)
376.49_5 (9-Jan-2015)
- FIXED: Vulnerability in infosvr (CVE-2014-9583) (Asus bug)
- FIXED: Additional security issue in infosvr (incorrect memcpy()
call) (Asus bug)
376.49_4 (27-Dec-2014)
- FIXED: WAN page error when entering a hostname, and broken
UPNP FAQ link
- FIXED: OpenVPN Server wasn't showing the Advertize DNS to
Client option (regression from 3677 merge)
- FIXED: bootloop when enabling Traditional QoS (or any other
feature that forces CTF to be disabled) due to
FA being left enabled (Asus bug) (AC87)
376.49_2 (23-Dec-2014)
- FIXED: Asus DDNS couldn't be configured on the webui
- FIXED: OpenVPN server wouldn't let you edit user accounts
- FIXED: Missing DLNA icon on clients (Asus bug) (N66, AC66)
376.49 (21-Dec-2014)
- NEW: Merged with Asus GPL 376_3677. This new code
includes a lot of changes related to USB modem
support.
- NEW: IPv6 handling based on dnsmasq + odhcp6c. This new
code which has been developped by Asus these past few
months but kept disabled so far has been enabled.
Initial tests show much better reliability with
different ISPs.
- NEW: Added IPv6 support to DNSFilter (currently only
Yandex has IPv6 servers). Note that unlike IPv4
filtering, we cannot automatically NAT queries
to the desire server, so the current implementation
works like Asus's YandexDNS service, where IPv6 servers
are simply returned to DHCPv6/RA client queries,
and ip6tables ensures that you cannot override
them, by rejecting connection to other DNS servers.
- CHANGED: Merged newer DPI engine from 378_3123 beta
(AC87)
- CHANGED: Removed SSLv2 and v3 support from OpenSSL
(we had already stopped using these in
376.48, so this removes unused code)
- CHANGED: The VPN webui is now a bit closer to Asus's code.
This will mostly make it easier to keep in
sync with future changes to that UI by
Asus (they rearranged the layout a bit in
376_36xx).
- CHANGED: Updated OpenVPN to 2.3.6
- CHANGED: Reverted to Asus's max-lease number calculation
for dnsmasq
- CHANGED: Hide wireless key on settings page unless field
has focus (patch by John9527)
- CHANGED: Ported USB 3.0 (XHCI) kernel driver from
Netgear GPL (which seems to have in turn
backported it from upstream kernel 3.x)
- CHANGED: Updated Quantenna to v36.7.3.23 (AC87)
- FIXED: vsftpd wasn't properly compiled with SSL
support.
- FIXED: MAC filtering couldn't be disabled on Guest
networks (Asus bug) (Patch by John9527)
- FIXED: Various fixes and tweaks to the new IPv6
code from Pinwing and saintdev
- FIXED: Editing a client on the networkmap would
cause any matching DHCP reservation entry to
lost its hostname
- REMOVED: The web redirection control setting was
removed, as it is being replaced by the
(simpler) redirection setting Asus added
to the System page.
376.48_3 (20-Nov-2014)
- FIXED: NAT loopback was broken on MIPS devices
(backported Asus fix from 376_3626)
376.48_2 (8-Nov-2014)
- FIXED: Samba would fail to start on the RT-N16 due to a
missing library.
376.48_1 (7-Nov-2014)
- FIXED: Max-lease calculation Asus introduced in 376_2769 is
broken - re-hardcode it to 253 like they used to do in
previous release. Will be properly fixed once they
release a newer GPL with this issue resolved.
(Asus bug)
376.48 (7-Nov-2014)
- NEW: Added the RT-AC68P to the list of supported devices
- CHANGED: Use sha256 checksums instead of MD5 for improved
security when validating your downloads.
(note: checksums are also posted on the support
forum at SmallNetBuilder)
- CHANGED: Switched my fix for unmounted/hidden partition
support with Asus's own fix from GPL 3561.
- FIXED: Samba would fail to start if the router admin username contained
upper case characters. Samba was modified to have it try to
local the UNIX user as provided (it was previously only
trying upper and lower case versions) (Samba 3.6 bug)
376.46 (26-Aug-2014)
- NEW: Merged with Asus GPL 2061. This is essentially
the new QTN driver for the AC87.
- FIXED: Various webui issues with IE10/IE11 (patch by pinwing)
- FIXED: OpenVPN Client page was visible on the RT-N16
- FIXED: DHCP pool validation error on VPN Server advanced page.
- FIXED: Couldn't edit the first VPN Client entry due to broken
duplicate check (Asus bug)
376.45 (17-Aug-2014)
- NEW: Compiled vsftpd with SSL support (must be manually
configured if you intend to use it)
- NEW: Report FA state (Level 2 CTF) on Sysinfo page.
- CHANGED: Updated dropbear to 2014.65.
- CHANGED: Updated openssl to 1.0.0n (numerous
security fixes)
- CHANGED: Updated lzo to 2.08
- CHANGED: Reworked VPN Server pages to be more intuitive
- FIXED: Garbled client dropdown selector on DNSFilter page
- FIXED: The Comcast neighbour solicitation block wasn't
enabled anymore (regression in 376.44) (Patch by
Sinshiva)
- FIXED: 5 GHz N+AC mode was incorrectly setting router to
N-only mode (Asus bug, fix backported from 2381,
additional fix by me for AC66)
- FIXED: PControl page failing to display on French and
Italian locales (Asus bug)
- FIXED: IPv6 can occasionally fail to work properly when
using a PPPoE WAN interface (patch by pinwing)
376.44 (3-Aug-2014)
IMPORTANT: Make a backup of your JFFS partition if upgrading
an RT-AC56U or RT-AC68U and you have stored files
on that partition! The partition layout has been
changed.
374.43_2 (7-June-2014)
- FIXED: NTFS disks couldn't be mounted (Paragon driver not
loading due to a kernel change) (AC56, AC68)
374.43 (6-June-2014)
- NEW: User-configurable refresh period to trigger a DDNS
update after a certain number of days.
- CHANGED: dnsmasq option 252 now defaults to an empty string,
to silence broken clients such as Win7.
Important: if you were previously using a customized
252 reply (to use with a valid wpad/pac file), you
will need to use a postconf script to change the
default config instead of appending your own
config.
If you use DNS-based WPAD setting, you will need
to remove the 252 option using postconf, as IE will
not query for the DNS entry if there is a 252
option through DHCP, even if it fails to connect to it.
374.42_2 (16-May-2014)
- FIXED: Time Machine support (AC56, AC68)
374.42 (9-May-2014)
- NEW: Merged with Asus's 374_5656 GPL.
- NEW: Added Comodo Secure DNS to supported DNSFilter services
- FIXED: Download2 folder wasn't selectable anymore on the
Media Server page.
- FIXED: Pass correct valid and preferred lifetime to radvd when
using DHCPv6-PD (Patch by pinwing)
- FIXED: IPv6 connectivity could be lost after 1-2 hours due
to the time shift caused by NTP at boot time
(Patch by pinwing)
- FIXED: Various IPv6 connectivity issues related to services
being (re)started at the wrong time, or twice.
(Patch by pinwing)
- FIXED: Build system would sometime try to use the local system's
header/libs - use a pkg-config wrapper to avoid this
issue (Patch by ppuryear)
- FIXED: Erratic 5G led blinking behaviour as the watchdog's software-
based blinking was constantly writing to the wireless chip's
registers for led control. (AC68)
- FIXED: LEDs weren't all turning back on when coming out of
Stealth Mode (AC56)
- CHANGED: Make the router use dnsmasq for internal name
resolution rather than directly using the WAN DNS.
- CHANGED: Upgraded OpenVPN to 2.3.4.
- CHANGED: Upgraded miniupnpd to 1.8.20140422 (PCP-related fixes)
374.41 (18-Apr-2014)
- NEW: Merged with Asus's 374_5047 GPL. Notable changes:
* Fixed RT-AC68U random reboots
* Additionnal security fixes
* Improved Media server, SMB and FTP webui
* minidlna and radvd updates
374.40 (6-March-2014)
- KNOWN ISSUE: Some people are experiencing random reboots
with the RT-AC68U running firmwares based on recent Asus GPL.
If you are are affected, please revert to 374.40 alpha4 for now.
Asus are looking into the issue, which affects this model since
374_4422.
3.0.0.4.374.39 (31-Jan-2014)
This version isn't available for the RT-N16 as support for the
SDK5 platform is currently broken in the latest GPL sources.
3.0.0.4.374.38_2 (17-Jan-2014):
- CHANGED: Improved webui responsiveness by instructing the browser
to cache images.
- CHANGED: Reverted minidlna to 374.37 code. While the latest code
brings some fixes, it seems to also break functionality
for a small number of users. Too many low-level changes
from the minidlna author to make it easy to debug.
- FIXED: Syntax error in DHCPv6 client config (Asus bug)
- FIXED: Domain field wasn't clearly identified on the webui
when DDNS set to Namecheap (Saintdev)
- FIXED: Missing carriage return in dnsmasq.conf when PPTP VPN
is enabled, causing LAN name resolution issues.
(Asus bug)
- FIXED: A few unescaped quotes in the French dict would break
some webui pages (such as the Wireless page).
(Asus bug)
- FIXED: OpenVPN server export would always export the first
server instance configuration.
- FIXED: Bogus "Config file is missing" error logged by pptpd when
it was starting (Asus bug)
- FIXED: "Advertise DNS" wasn't visible if the page was loaded and
"Respond to DNS" was already enabled.
3.0.0.4.374.38_1 (12-Jan-2014):
- FIXED: Tools -> Run Cmd page wasn't working (regression
in 374.38)
- FIXED: Router getting stuck on various webui changes due
to a broken precompiled emf module (AC56/AC68)
3.0.0.4.374.38 (11-Jan-2014):
This version isn't available for the RT-N16 or the SDK5 build
of the RT-N66U as support for the SDK5 platform is currently
broken. Please stick to 374.36 Beta 1 for the time being on
these two platforms.
Note that the RT-N66U did get a newer wifi driver, so give it a
try, as it might have resolved or at least improved on the wifi
range issues.
3.0.0.4.374.37 (31-Dec-2013):
* This build was pulled due to numerous issues *
3.0.0.4.374.35_4 (30-Nov-2013):
- CHANGED: Added a VPN mode selector on the VPN Server Details page.
- FIXED: JS error on the VPN Server Details page related to PPTP
- FIXED: Clicking on "Apply" on VPN Details page would fail to
apply your new settings to a running OpenVPN server.
- FIXED: Some port forward rules were incorrectly generated when
in load-balancing mode (Asus bug)
- FIXED: After adding/removing a user to OpenVPN Server, the password
file was not immediately updated. Note that this fix will
break backward compatibility with Asus as the nvram value
storing the list of OpenVPN user/pass had to be renamed
(so not to be instanced).
- FIXED: VPN client not working on MIPS devices (N66/AC66).
- FIXED: Various formatting issues with generated client.ovpn file
3.0.0.4.374.35_2 (24-Nov-2013):
- FIXED: updown.sh script location was changed in
339, causing issues with OpenVPN clients
3.0.0.4.374.35 (24-Nov-2013):
- NEW: Merged with Asus 374_339 GPL (from RT-AC68U).
Asus added some new features in this release:
* Support for HFS+ and Time Machine (AC56/AC68U only)
* OpenVPN support. Their implementation uses the backend
code from Asuswrt-Merlin but with a more
simplistic, novice-friendly webui. This required
adapting the current webui to be able to retain some
of their improvements without sacrificing the
flexibility of being able to have two separate server
and client configurations.
3.0.0.4.374.34_2 (01-Nov-2013):
- FIXED: DNS resolution not working for VPN clients
(bug in Asus 374_979)
- FIXED: USB disk detection on AC56/AC68.
- FIXED: Turbo mode option couldn't be saved (RT-AC68)
3.0.0.4.374.34 (30-Oct-2013):
- NEW: Merged with Asus 374_979 (from RT-N66U).
AC56/AC68 AiCloud components taken from 374_217.
- NEW: Added RT-AC68U support.
- NEW: Added IPSec support to the kernel. Userspace tools
such as StrongWAN must be installed from Optware/Entware,
and manually configured. (Patch provided by saintdev)
- NEW: Adjustable MTU for DHCP/static IP WAN users
- NEW: WAN interface name passed as argument to firewall-start
- NEW: Configurable min/max ports allowed to be redirected by UPNP.
This allows WHS users to change the min allowed port from
the default value of 1024 to allow UPNP forwarding of
HTTP/HTTPS.
- NEW: Display CPU temperature on Sysinfo page (AC56 and AC68)
- NEW: Display CPU chart on Performance page (AC56 and AC68)
- CHANGED: UPnP rules will now be processed after manual
forwards and port trigger rules.
- CHANGED: Site Survey now reports supported protocol.
- CHANGED: Updated Dropbear to 2013.60.
- CHANGED: Updated dnsmasq to 2.67 final.
- FIXED: Some Traffic Monitor pages were missing the page tabs.
- FIXED: The webui would allow you to enable SSHD while not
setting an authkey or enabling password-based authentication.
- FIXED: 802.11h options should only be available on the 5 GHz band.
- FIXED: Wifi icon hover would report 5G channel as undefined if
2.4GHz radio was disabled.
- FIXED: IPv6 clients list failed to properly merge IPs from similar
MACs (Asus bug)
- FIXED: Minor layout issues with the Clients list
- FIXED: Samba wasn't started at boot time if browser master or WINS
was enabled and we had no USB disk plugged in.
- FIXED: Router/minidlna crashes when processing very large image
collections - various memory leaks plugged.
(patches provided by Paulo Capani)
- FIXED: Buffer overrun when entering more than 35 MACs on the
filter list. We now support up to 64 MACs.
3.0.0.4.374.33 (3-Oct-2013):
* IMPORTANT *: RT-N66U users must revert back to factory defaults and
manually reconfigure their settings if coming from a FW
older than 3.0.0.4.374.xxx (applies to both Asus or
Asuswrt-Merlin).
- NEW: Merged with Asus 374_726 code from RT-AC66U GPL. Notable changes:
* RT-N66U now based on the SDK6 driver. This resolved the
numerous connectivity issues, at the expense of a shorter
range (a separate SDK5 build based on driver 5.100 is
available in the Experimental folder as an alternative).
* AiCloud 2.0
- NEW: Added bonding.ko kernel module.
- NEW: Repeater mode moved into regular builds.
- NEW: Dual WAN moved into regular builds.
Note that there are still a few issues left, such as recovery
from failover mode when the primary WAN comes back up.
- NEW: YandexDNS support moved into regular builds. This is
a DNS-based filter list, which can be configured under
Parental Control.
- NEW: Added support for last seen devices on Ethernet port status
(Tools-> Sysinfo) for RT-AC56U.
- NEW: Option to control 802.11 extensions that deal with
regulations. On the Wireless Professional page
you can now enable 802.11d and 802.11h support.
- CHANGED: robocfg now (almost) completely supports the
Northstar platform (RT-AC56U)
- CHANGED: Enabled Syn Cookies for ARM devices (RT-AC56U)
- CHANGED: Allow selecting the Download2 folder for media server
location.
- CHANGED: MIPS builds optimized for mips32r2 code generation, which
should improve general performance. (N16/N66/AC66)
- CHANGED: More openssl backports from 1.0.2, adding
mips32r2 support, improving performance
especially for sha1 (RT-N16/N66/AC66)
- CHANGED: Increased OpenVPN crt/key fields to allow up to 3499
characters - enough to accomodate even a 4096 bits key.
- CHANGED: Removed the firewall rules for acsd since it no longer
listens on a TCP socket.
- FIXED: Samba binding to WAN interface would cause warnings
about WINS/master browser (regression in 374)
- FIXED: The ARM kernel was missing the Advanced IP Routing option,
preventing some of the "ip" command functions from
working (was breaking Astrill's plugin) (RT-AC56U)
- FIXED: With FW 374 Asus changed the Samba priority from too high to
too low (-19), resulting in poor sharing performance.
I changed it to a priority of 0, providing more balanced
performance. (N16/N66/AC66)
- FIXED: Some fields would allow invalid characters (such as
single quotes) which might break the webui JS. There might
still be a few unprotected fields.
- FIXED: Memory leak in httpd service (Asus bug)
- FIXED: Parental Control not working with certain schedules
(patch provided by Makkie2002)
- FIXED: Potential key truncation in httpd if one was to use very
large OpenVPN keys and certs in all fields of all four
instances.
- FIXED: Samba would start sharing local disks even if all you
wanted was its WINS/Browser services.
- FIXED: The JFFS formatting code could encounter a case
where it wouldn't write back its cleared
format flag.
- FIXED: Restarting the wireless service would break
stealth mode.
- FIXED: The new thumbnail cache code Asus added in build 720's
minidlna will prevent scanning from completing on very
large collections. Reverted that code for now.
- FIXED: Wireless key field was automatically activated on
page load, which could lead to accidental changes
(issue introduced in 374_720).
- FIXED: Router believed that NTP wasn't properly working after a
LAN or wireless service restart (issue introduced in
374_720).
- FIXED: IPv6 client list was incorrectly displayed if a client
didn't have a known hostname (Asus bug)
3.0.0.4.374.32 (24-Aug-2013):
- NEW: Merged with Asus 374_168 GPL code.
- NEW: wan-start script will get passed the WAN unit number as
argument
- NEW: Webui option to select the location of the DLNA database
(patch by VinceV)
- NEW: IPv6 firewalling. Originally, Asuswrt would allow any IPv6
traffic to be forwarded to your LAN devices. This new option
(enabled by default) will prevent traffic forwarding to LAN
devices. You can also create firewall rules to allow inbound
traffic to specific hosts. The firewall configuration can be
accessed through the "Firewall -> IPv6 Firewall" page.
- CHANGED: Upgraded OpenVPN to 2.3.2
- CHANGED: Implemented IPTraffic support in DualWAN - Load balanced
mode (Experimental builds)
- CHANGED: Updated miniupnpd to 20130730
- CHANGED: Updated some prebuilt binaries (RT-AC56U)
- CHANGED: Updated 2.6.36 kernel to the latest code used
in 372_184 (RT-AC56U), includes some changes
related to USB3, and PPP/CTF.
- CHANGED: Smarter location selection for the DLNA database
location to reduce the chances of having it in
RAM if left to default location, filling it up
(patch by VinceV)
- CHANGED: Updated e2fsprogs to 1.42.8 to be in sync with Asus
- FIXED: Web server would crash if you entered too much data in
OpenVPN key/cert fields.
- FIXED: The ACSD service could be exploited by a LAN user to
gain shell access to the router. TCP connections to
ACSD are now blocked by the firewall.
- FIXED: You could not define time periods on the Parental
Control calendar under IE.
- FIXED: Wireless client list would sometime return incorrect
hostname or be missing IP.
- FIXED: Security issue with Samba and symlinks
3.0.0.4.372.31_2 (28-July-2013):
- FIXED: Samba wouldn't start due to missing symlink (RT-AC56U)
3.0.0.4.372.31 (24-July-2013:
- NEW: Merged with 372_1393 code from Asus. Notes:
* Beamforming support for RT-AC66U/RT-AC56U
* RT-N66U driver still downgraded to build 270 (which
means no HW acceleration for PPP, but more reliable
connectivity on the 5 GHz band)
* Minidlna was updated to 1.1.0
* AiCloud security hole fixed
* Parental Control ui still broken under IE10 (use Fx or Chrome
for now)
3.0.0.4.372_30_3 (11-July-2013):
- NEW: Added support for newest RT-N66U hardware revision.
This router has a new model of flash, you can NOT
use any older FW on these. (RT-N66U)
3.0.0.4.372.30_2 (7-July-2013):
(note: since people always thought adding a "b" meant "beta'
rather than revision "b", I am switching to Asus's new
numbering scheme, hence "30_2" for this revised 372.30.)
3.0.0.4.372.30 (5-July-2013):
- NEW: Merged with preliminary 372 code provided by Asus
(initialy meant for the ARM environment)
- NEW: RT-AC56U support. Various bugs have been fixed
over the original FW that initially shipped with these routers.
Thanks to Asus for providing a development sample.
- NEW: Added JFFS support to RT-AC56U.
- CHANGED: Downgraded wireless driver + CTF to build 270 version
(RT-N66U, fixes 5 GHz stability issues). Note that this
means that HW acceleration for PPPoE is no longer
available for the RT-N66U, as it was new in the 5.110 SDK.
- CHANGED: Updated iptables-1.4.x to 1.4.14 (RT-AC56U)
- CHANGED: Brought back the Connection page under System Logs
- CHANGED: Updated e2fsprogs to 1.42.7. Amongst other things
this new version is more memory-efficient on large
filesystems.
- CHANGED: Renamed Advanced (Per IP) Traffic monitoring for
IPTraffic (to match the Tomato name for that same
functionality)
- FIXED: GRO kills upload speed if CTF is disabled (patch provided
by Asus, RT-AC56U)
- FIXED: Buffer overrun in NVRAM handling, leading to random crashes
(Asus bug, RT-AC56U)
- FIXED: NVRAM values getting corrupted or disappearing if using more
than 32 KB (Asus bug, RT-AC56U)
- FIXED: Reapply layout fixes to Guest network and DHCP page (were
lost in a recent webui update)
- FIXED: JFFS2 could get reformated again at each subsequent reboots.
- FIXED: Devices with a NetBIOS name of 15 chars long would have
their name merged with the next device's.
- FIXED: Empty Site Survey list if there was only one AP found
- FIXED: Saved settings might fail to restore if they contained
OpenVPN or SSHD keys with CRLF line endings. You should
access the OpenVPN Keys page, click on Apply to re-save
them, then re-create any backup you had of your router
settings.
- FIXED: Numerous bugs in ipt_account for Kernel 2.6.36 (RT-AC56U)
- CHANGED: Removed WOL webui - Asus added their own WOL support on
the Network Tools page. You will have to re-add your
WOL entries.
- CHANGED: Removed System Log -> Connections page, and integrated it
into the new Network Tools -> Netstat page from Asus (as
NAT Connections)
- CHANGED: Removed wol binary, since Asus's WOL page uses ether-wake.
- CHANGED: Removed option to control SIP helper on Firewall page
(use the new Asus option from WAN - NAT PAssthrough page
instead)
- CHANGED: WPS button when set as a radio toggle will now behave the
same way as Asus's firmware: pressing it will fully
enable/disable both radios in the webui, rather than just
toggle the state of the enabled radios. This means the
button will override the webui, and radio states will
survive reboots.
- FIXED: Avoid duplicate shares when using simpler share naming
using Asus's code from 354)
- FIXED: Improved fdisk support for 4KB sector size
- FIXED: openvpn: Client-specific entries weren't properly parsed
- FIXED: dnsmasq warning in syslog if DHCP static leases are disabled
3.0.0.4.270.26b (17-Mar-2013):
- FIXED: Volume labels with spaces were rejected (Asus used the same
code to validate hostnames and volume labels)
3.0.0.4.270.26 (15-Mar-2013):
- NEW: ipset Netfilter support + userspace tool to create ipset lists.
- CHANGED: Router's hostname is now set all the time, regardless of
telnet/ssh states (and including in AP mode)
- CHANGED: Added device name field on the LAN page, since it's now
relevant to the router's hostname (not just SMB). Left
it on the SMB page as well, for those used to see it there.
- CHANGED: Router will supply its device name when requesting an IP
while in AP mode.
- CHANGED: Various webui lists were increased from 32 to 128 entries
allowed.
- CHANGED: Improved networkmap:
* Will also use DHCP hostnames and user-defined static
names instead of just NetBIOS names
* Client list will show an animation while networkmap is
still busy scanning and resolving device names
* Dropdown menus that use Networkmap to build a list
of devices will also display names in addition to IP/MAC.
- CHANGED: Don't restart the whole network if you only changed DHCP
reservations (LAN -> DHCP page)
- FIXED: Openvpn: Non-CBC ciphers weren't working (their use is still
not recommended)
- FIXED: Proxy auto-configuration support (Asus bug)
3.0.0.4.270.25b (3-Mar-2013):
- FIXED: Disabling DHCP logging would cause a syntax error in
dnsmasq's configuration (regression from dnsmasq update)
- FIXED: Outbound VPN client traffic was dropped (regression from
firewall_2 fix)
3.0.0.4.270.25
- NEW: NFS folder sharing. Webui can be found on the
USB Applications -> Servers Center page (NFS Exports tab)
- NEW: dhcpc-event and zcip-event scripts (called on WAN events)
- NEW: Ccustom configs: group.add, gshadow.add, passwd.add,
shadow.add, exports.add
- NEW: New script that will setup Entware for you (written by
ryzhov_al). Run "entware-setup.sh" through SSH/Telnet to
launch the install process.
- CHANGED: Added a folder picker to the Tools Other Settings page to
select a location to store your traffic data files.
- CHANGED: Updated dnsmasq to 2.65 (backported from 3.0.0.4.334)
- CHANGED: Enabled additional optimizations for openssl and openvpn
for a significant performance gain
- CHANGED: Reverted wireless driver to build 220 (RT-AC66U only)
- FIXED: Added missing badblocks program
- FIXED: Timing issues under IE where resolved device names would
not display on certain pages (such as the Sysinfo page)
- FIXED: VPN client "common name" wasn't getting saved
- FIXED: DHCP client will be less aggressive in attempting to obtain
a lease (wait 2 mins instead of 20 secs between attempts),
should help with ISPs like Charter who will blacklist you
if you send too many Discovery packets in a short period of
time.
- FIXED: Made profile.add be run after any Optware profile, so the
user changes will have priority over anything else.
- FIXED: WOL list corruption when removing an entry in some browsers
- FIXED: No longer forward packets with a LAN IP as destination
(Asus bug, fixed CDRouter test firewall_2)
- FIXED: IPv6 WAN would have the wrong prefix length (Asus bug, patch
submitted by PiotrKa)
3.0.0.4.270.24 (13-Feb-2013):
- NEW: Rebased on 3.0.0.4.270. Notable changes:
o New driver builds (these are NOT the new major versions that
Asus are still working on)
o NTP-related changes
- NEW: Report CTF (HW Acceleration) state on Sysinfo page.
- NEW: Display Ethernet port states on the Sysinfo page.
- NEW: Replaced Busybox fsck/mkfs tools with those from e2fsprogs,
should be more reliable.
- CHANGED: Temperatures on Sysinfo page will now auto-update every 3
seconds.
- CHANGED: Connections page now uses Ajax for slightly better rendering
- CHANGED: Improved name resolution on traffic monitor page, now uses
a device's hostname if it reported one.
- CHANGED: Client List now uses our improved name resolution code,
will overwrite names with those entered on the DHCP static
lease page.
- CHANGED: Updated to OpenVPN 2.3.0 and lzo 2.06.
- CHANGED: Updated Busybox to 1.20.2 (with Oleg/wl500g patches
re-applied). Lots of fixes, including GPT support in
fdisk.
- CHANGED: Updated Miniupnpd to version 1.8. NOTE: previous
versions were NOT affected by the recent UPNP exploit
disclosure. This is just as an added security precaution.
- FIXED: Temperature on Performance Tuning page would fail to update
if a radio was disabled.
- FIXED: Various timing issues causing some TrafficMonitoring and the
Sysinfo pages to often fail loading under IE.
- FIXED: JS error on the Per Device pages if FW failed to load the
traffic history.
- FIXED: ebtables were still broken, fixed by a complete rebuild.
- FIXED: Some OpenVPN fields rejected -1 as being valid.
- FIXED: Hide 5G radio info from Sysinfo page if router is \
single band (RT-N16)
- FIXED: Master Browser/WINS would not work if there was no USB disk
plugged.
- FIXED: Samba would bind to the WAN interface while in router mode
(Asus bug)
- FIXED: Backported various kernel fixes from Oleg/WL500G, Tomato
and Kernel.org to help improve HDD > 2 TB support (still
not perfect, some USB enclosures are simply not Linux
compatible)
- FIXED: Display of Connections under IE
- FIXED: Trying to apply settings on the System page with a username
containing a non-alphanum would incorrectly assume you just
tried to change to an account name that already existed
(Asus bug).
- FIXED: Wouldn't enable wins in Samba if you had a WINS IP entered
on the DHCP configuration page.
3.0.0.4.266.23b (31-Dec-2012):
- FIXED: The IE fix ended up breaking Firefox (and meanwhile, Chrome
worked fine no matter which method was used to build that
dropdown).
3.0.0.4.266.23 (31-Dec-2012):
- NEW: Rebased on 3.0.0.4.266 (from the RT-AC66U GPL)
- NEW: Tools icon contributed by Maximilian Czarnecki.
- FIXED: Skip bad blocks while erasing MTD partition (fixes RT-AC66U
failing to format JFFS2 partition due to bad blocks)
- FIXED: Router would have no hostname if you enabled ssh but kept
telnet disabled.
- FIXED: Couldn't add new ebtables rules (regression in 264.22)
- FIXED: customized minidlna.conf
- FIXED: Traffic monitoring per IP is unreliable if HW acceleration
is enabled. Do not load CTF if booting with cstats enabled.
- FIXED: Per Device traffic monitor pages missing under IE
3.0.0.4.264.22 (15-Dec-2012):
- NEW: Rebased on 3.0.0.4.264 (from the RT-N53 GPL).
- NEW: Traffic monitoring per IP added to the Traffic Monitor section.
Based on the Tomato IPTraffic implementation by Teaman.
- NEW: Option to disable the Netfilter SIP helper (Firewall page),
allows people to manually forward port 5060 to their own SIP
server
- NEW: Option to enable/disable logging DHCP client queries
(LAN->DHCP page)
- FIXED: Tabs would disappear while on the Monthly traffic page.
- FIXED: Really fixed Firefox issue (the fix wasn't merged
in release 260.21).
- FIXED: Router crash if the list of MAC filters + their names got
too long.
- FIXED: OpenVPN webui: TLS Reneg and Connection Retry wouldn't let
you enter -1 as value.
- FIXED: Layout issues on the DHCP page (one in Asus code, another
in Merlin code)
- FIXED: Beeline Corbina was unable to connect to PPTP/L2TP server
due to DNS issues.
- CHANGED: System log starts at the bottom (backported from GPL 314)
- CHANGED: Dual WAN is no longer enabled in regular builds - too many
issues with it at this point. Regular USB failover
still works.
3.0.0.4.260.21 (5-Dec-2012):
- NEW: Rebased on 3.0.0.4.260. This version should
resolve issues with some Russian ISPs. Note that
the RT-N66U build still uses the wireless driver
from release 220, as this seems to be the most stable
at this time.
- NEW: Option to force the router into becoming the SMB Master Browser.
- NEW: Option to make the router act as a WINS server.
- NEW: Option to control Spanning-Tree Protocol
- NEW: fstab custom config file
- FIXED: Firefox compatibility issues on the DHCP static and
MAC filter name fields.
- FIXED: Wifi status icon wasn't accurately reporting states if they
were changed by a radio schedule.
- FIXED: QIS would report newer firmwares, potentially overwriting
Asuswrt-Merlin with an original Asus firmware.
- FIXED: Wifi LEDs would turn back on if radios were enabled while
in Stealth Mode (now they turn back off after a few seconds)
- FIXED: Webui would break if a network device had an invalid
NetBIOS name (such as the Sonos Dock).
3.0.0.4.246.20 (14-Nov-2012):
- NEW: Wifi status icon will be half colored if only one radio is
enabled.
- NEW: Wifi status icon popup will report the state of each radios.
- NEW: upnp custom config file for miniupnpd
- NEW: unmount user script
- NEW: led_ctrl and makemime (for use in conjunction with sendmail)
applets.
- NEW: Implemented control for network switch LEDs (all four at once)
- NEW: Stealth Mode: option to disable all LEDs
- NEW: Added CONFIG_IP_NF_RAW and CONFIG_NETFILTER_XT_TARGET_NOTRACK
modules.
- FIXED: Radio toggle through WPS button would be overriden by a
scheduled radio. Reverted "switch" to "toggle" code to
prevent this.
- FIXED: You couldn't disable DMZ by clearing the IP field.
- FIXED: You couldn't edit entered text in DHCP/MAC/etc name field
- FIXED: clientid passing for some ISPs requiring it (like Sky UK)
was broken with the DHCP client change of build 220.
- FIXED: No longer reboot the router three times during boot time if
one of the radios is disabled by the user. (RT-N66U)
- FIXED: Changing the router login name to anything other than "admin"
would prevent radvd, ecmh and the cru script from working
properly - they all assumed "admin". Made then use
http_username instead (which is tied to the superuser)
- CHANGED: Improved SMB and vsftpd read performance by up to 30%
3.0.0.4.246.19b (26-Oct-2012):
- FIXED: Reverted wireless driver to build 220 version as the new
one caused various connection issues for some (RT-N66U).
3.0.0.4.246.19 (23-Oct-2012):
- NEW: Rebased on 3.0.0.4.246. Some notable changes:
o New "Enhanced interference management" option under
Wireless -> Professional.
o Improved AiCloud webui
o dnsmasq updated to 2.64
- NEW: Option to enable simpler share names. When enabled, the folder
Share will be shared as "Share" instead of "Share (on sda1)".
The option can be found on the Misc tab, under USB Application.
- NEW: User customized config files for various services. Those custom
config entries can either be appended, or completely replace the
config file generated by the firmware.
- NEW: Added Name field to the Wireless ACL page.
- NEW: Added service applet to rc. For example, "service restart_samba" will
restart the Samba service. For advanced usage/debugging only.
- NEW: Backported OpenSSL ASM optimization from 1.0.1, for significant
performance
improvements in applications such as OpenVPN or SSH when using AES.
- NEW: Report the current CFE/Bootloader version on the Sysinfo page.
- FIXED: Minor tweaks to the AiCloud pages so they can fit on a 15" laptop
screen
(some close buttons at the bottom were unreachable)
- FIXED: Enabling SSH access from WAN didn't work if DualWAN
was set to load-balancing.
- FIXED: Removed MAC Filter page, as it doesn't work (not compatible
with Parental Control).
- FIXED: OpenVPN Client "Username Auth only" option was broken.
- FIXED: Limit valid characters in a DHCP/WOL description to prevent
breaking the webui by using invalid ones such as quotes.
- FIXED: OpenVPN Client wasn't properly applying DNS settings that
the server was pushing to us.
- FIXED: Wireless client list alignment in AP mode.
- CHANGED: Less strict rules when validating user-entered MAC hwaddr.
3.0.0.4.220.18b (25-Sept-2012):
- NEW: Report both rx and tx rates on wifi connections
- FIXED: Handle cases where the wireless driver returns a speed of -1
- FIXED: Removed rssi retrieval retries, as it would make the first access to
the wireless page take forever if you had multiple connected clients.
You will have to manually refresh the page the first time you access it
if the RSSI is reported as "??".
3.0.0.4.220.18 (23-Sept-2012):
- NEW: Added OpenVPN logging verbosity setting (vpn_loglevel, must be
manually set to a value between 0 and 15, with 3 being the default).
- FIXED: Buffer overrun in init code that would crash the router when
too many features were enabled at compile time.
- FIXED: Re-enabled DualWAN (RT-N66U, RT-AC66U)
- FIXED: Re-enabled Beceem (Wimax) support in RT-AC66U.
- FIXED: OpenVPN 'Start with WAN' and 'Respond to DNS' settings were
not properly saved.
- FIXED: First time a client's rssi is polled it would return 0.
- FIXED: post-mount user script wasn't executed (regression in 220.17)
- CHANGED: Added some info to the OpenVPN server and client pages.
- CHANGED: Improved load time of the VPN Status page.
3.0.0.4.220.17 (18-Sept-2012):
- NEW: Rebased on 3.0.0.4.220, which includes:
* Fixes to IPv6 6rd
* Fixes to AC66U Wifi + QoS
* AiCloud
* Interference mode once again enabled
- NEW: Display last received rate and rssi for each clients on Wireless Log page.
- FIXED: dnsmasq not listening to DNS requests from OpenVPN clients
if you had just enabled the option on the webui.
- FIXED: PPTP clients not always showing on VPN Status page.
- CHANGED: Disabled DualWAN as it's currently broken in 220.
- CHANGED: Disabled Beceem Wimax support in RT-AC66U as it bricks
the router.
- CHANGED: Removed firmware update checker to avoid accidental
revert to original FW.
3.0.0.3.178.16 Beta:
- NEW: (RT-N66U, RT-AC66U) Implemented OpenVPN, based on code written by
Keith Moyer (from the Tomato project).
- NEW: Added crontab command
- FIXED: (RT-AC66U) Would crash when accessing a LAN device through either
VPN or the NAT Loopback (GRO is now disabled for that device)
- FIXED: dnsmasq was listening to all interfaces by default, allowing
even dhcp requests to be serviced from the wan side if you
had the firewall disabled (Asus bug) (fixed by dev0id)
- FIXED: Default disk idle spindown now set to 0 (disabled).
- FIXED: Corrupted WOL list when using IE.
- CHANGED: Upgraded openssl to 1.0.0j.
- CHANGED: Included fully functional openssl command (will allow you to
create keypairs and certificates from the router).
- CHANGED: Removed power adjustments from the Performance page, as they
are redundant, and not as reliable.
- CHANGED: (RT-N16) Disabled Dual WAN, as it exhibited many issues, and I
am unable to work on them without an actual router.
3.0.0.3.178.15 (17-Aug-2012):
- NEW: Rebased on 3.0.0.3.178. Notable fixes by Asus:
* Radio turns back on based on schedule
* Reorganized QoS pages
* Turning WAN DHCP connection off will first release current DHCP lease
- NEW: RT-AC66U officialy supported, with all the same features as the RT-N66U.
- NEW: (RT-AC66U) Implemented JFFS support. Limiting partition to 32 MB
max, as using the whole 90+ MB available makes little sense for
JFFS, and was also displaying some issues.
- NEW: Added nat-start user script, as NAT rules get applied separately from
other firewall rules (firewall-start changes to the nat table are
being overwritten when the router starts NAT)
- NEW: Added additional info to Sysinfo page
- NEW: Added chroot applet
- NEW: Option to allow SSH access from WAN
- NEW: Option to exclude specific devices from idle spindown
- FIXED: Performance page now uses the new Sysinfo API, and is now able
to deal with cases where radios are disabled.
3.0.0.3.162.14b:
- FIXED: Web server would crash for some people when accessing
the Wireless Log page.
3.0.0.3.162.14:
- NEW: Spin down disks after (user-configurable) inactivity timeout
(using Jeff Gibbons' sd-idle-2.6)
- NEW: System information page under the Tools menu.
- NEW: Station list on the Wireless Log page will now report associated
IP and hostnames (when possible).
- CHANGED: Upgraded to MiniDLNA 1.0.25 (changelog:
http://sourceforge.net/projects/minidlna/files/minidlna/1.0.25/)
- CHANGED: Better integration of the Run Cmd page.
- FIXED: Incorrect left menu rendering when under the Tools menu.
3.0.0.3.162.13:
- NEW: Rebased on 3.0.0.3.162.
- CHANGED: Switched to WPS radio toggle code Asus added,
now on the Administration -> System tab.
3.0.0.3.157.12 Beta:
This is based on unreleased Asus code, which they have
graciously provided me with.
3.0.0.3.144.10 (30-June-2012):
- NEW: Rebased on 3.0.0.3.144.
- NEW: Support for 64K NVRAM enabled. ***First flash will
wipe out ALL your settings! And you cannot restore
from saved settings - you must manually reconfigure
everything. Be warned!***
- NEW: Enabled support for Broadcom Wimax devices
- NEW: Added cifs kernel module (for mounting remote SMB shares)
- NEW: Added layer7 iptables matching
- NEW: Added user-options for DHCP on the WAN page
- FIXED: Router crashing when connecting to it over Wifi
and running the newer QoS code (disabled GRO)
- FIXED: Router crashing when connecting to a network
device behind the router from over a VPN
connection (disabled GRO).
- FIXED: Incorrect timezone set unless enabling
manual DST.
3.0.0.3.130.9 (10-June-2012):
- NEW: Enabled new Dual WAN support from Asus
- FIXED: no-ip DDNS entry would revert to Asus DDNS on webui
3.0.0.3.130.8 (8-June-2012):
*** Reverting to factory defaults BEFORE and AFTER flashing
this version is strongly recommended! The newer Asus code base
seems to have changed quite a few settings, so you'll want to
not only start with the new default values, but also get rid
of obsolete settings. Otherwise you will be wasting a
good amount of the limited available nvram. ***
- KNOWN ISSUE: Memory leak when using IPv6 (bug in Asus's code
and/or kernel code)
- KNOWN ISSUE: PPTP VPN can randomly reboot the router if accessing
a LAN device behind the router. Workaround is to
use an IP range outside of the local LAN
(i.e. 10.0.0.0 instead of 192.168.1.0), and either
set your VPN to use the VPN tunnel as default
gateway, or manually add a route to your VPN
client.
3.0.0.3.108.6 (14-May-2012):
- NEW: HTTP access list (backported from build 112)
- NEW: PPTP VPN encryption options (backported from build 112)
- FIXED: Traffic history location was't properly saved
when changed in webui.
- FIXED: Disabled traffic history saving to nvram for now,
to avoid people accidentally filling their limited nvram space.
- FIXED: Missing bottom pixels from the bottom of General menu
- FIXED: Removed invalid CSS attribute
- FIXED: typo in VPN iptables entries (bug in Asus's code)
3.0.0.3.108.5 (5-May-2012):
- NEW: Crond starts at boot time.
- NEW: init-start is a new user script that will be run early on
at boot time (right after jffs is mounted, and before any
service gets started)
- NEW: Can save traffic history to a custom location (USB or
JFFS, for instance) to preserve it between reboots.
- NEW: Added Monthly traffic page (ported from Tomato)
- NEW: Added the Performance Tuning page (with temperature).
- FIXED: Webui authentication was bypassed by the web server (bug in
Asus's code)
- FIXED: Httpd crash when uploading a FW or settings file over
https - should simply fail now. For now you have to
use http for flashing the FW or restoring your settings
from a saved config file.
3.0.0.3.108.4 (28-Apr-2012):
- NEW: Clicking on the MAC address of an unidentified client will do a lookup in
the OUI database (ported from DD-WRT).
- NEW: Added HTTPS access to web interface (configurable under Administration)
- NEW: Option to turn the WPS button into a radio on/off toggle (under
Administration)
- FIXED: sshd would start even if disabled
- CHANGE: Switched back to wol, as people report better compatibility with it.
ether-wake remains available over Telnet.
3.0.0.3.108.3 (18-Apr-2012):
- NEW: JFFS support (mounted under /jffs)
- NEW: services-start, services-stop, wan-start and firewall-start user scripts,
must be located in /jffs/scripts/ .
- NEW: SSHD support
- IMPROVED: Fleshed out this documentation, updated Contact info with SNB forum
URL
- CHANGE: Removed wol binary, and switched to ether-wake (from busybox) instead.
- CHANGE: Added "Merlin build" next to the firmware version on web interface.
3.0.0.3.108.2 (14-Apr-2012):
- NEW: Added WakeOnLan web page
3.0.0.3.108.1 (5-Apr-2012):
- Initial release.