About This File
Asuswrt-merlin is a customized version of Asus's firmware. The goal is to provide bugfixes and minor enhancements to Asus's firmware, with also
a few occasional feature additions. This is done while retaining the look and feel of the original firmware, and also ensuring that the two codebases remain close enough so it will remain possible to keep up with any new features brought by Asus in the original firmware.
This project's goal is NOT to develop yet another firmware filled with many features that are rarely used by home users - that is already covered by other excellent projects such as Tomato or DD-WRT. This more conservative approach will also help ensuring the highest level of stability possible. Priority is given to stability over performance, and performance over features.
Supported devices are:
- RT-AC66U_B1 (use the RT-AC68U firmware)
- RT-AC68U, RT-AC68P, RT-AC68UF (including HW revision C1 and E1)
- RT-AC2900 (use the RT-AC86U firmware)
- RT-AC1900 & RT-AC1900P (use the RT-AC68U firmware)
What's New in Version 380.66 See changelog
380.66 (12-May-2017) - NEW: Merged with GPL 380_7378 Notable changes: * Port forwards can select a specific source IP * Security fixes for CVE-2017-5891, CVE-2017-5892 and CVE-2017-6547 Note: * If you are experiencing new wifi stability issues, try disabling Airtime Fairness on the Wireless -> Professional page (on all bands). - NEW: Option to disable Wanduck's constant DNS probing for WAN state (Tools -> Other Settings) - NEW: Allow disabling the use of DH, by entering "none" in the DH field for OpenVPN server config. - NEW: Added new Internet redirection mode to OpenVPN clients called "Policy Rule (Strict)". The difference from the existing "Policy Rule" mode is that in strict mode, only rules that specifically target the tunnel's interface will be used. This ensures that you don't leak traffic through global or other tunnel routes, however it also means any static route you might have defined at the WAN level will not be copied either. - CHANGED: Ovpn importer now recognizes the "port" and "reneg-sec" parameters. - CHANGED: Ovpn importer now support a third argument for the "remote" parameter, allowing to specify the protocol. - CHANGED: Updated Tor to 0.2.9.10 - CHANGED: Updated nano to 2.8.1 - CHANGED: Updated OpenVPN to 2.4.2 - CHANGED: Updated LZ4 to 1.7.5 (used by OpenVPN) - CHANGED: SSL certificate generated for httpds will now contain SANs for hostname, router.asus.com, IP and DDNS hostname. - CHANGED: Make minidlna always use the same uuid, based on the LAN MAC (original patch by john9527) - CHANGED: Better feedback provided when an ovpn file upload generates a problem due to a key/cert that's not provided inline. Inform the user which of these he will need to manually provide. - CHANGED: Disable bridge multicast_snooping, as this should be unnecessary, and it could interfere with EMF, UPNP and other multicast applications. Can be re-enabled from the Tools -> Other Settings page. - REMOVED: The Virtual Server page no longer allows users to edit existing port forwards (our existing code is incompatible with Asus's newer webui code and will need to be re-implemented.) - FIXED: WOL page fails to load if adding a client with a quote in its name. - FIXED: Couldn't add a DHCP reservation client if its name contained a quote. - FIXED: New outbound connections weren't logged if firewall logging was enabled. - FIXED: OpenVPN server didn't always work properly in udp mode when in a dual stack IPv4/IPv6 environment (backport from GPL 382_9736) - FIXED: When disabling NCP support in OpenVPN, the router could still be trying to use it if the remote end had it enabled. - FIXED: Potential CVE-2016-10229 security issue in kernel (unsure whether our kernel was vulnerable or not) - FIXED: ovpn file import would fail to import auth hash or cipher if they weren't uppercase. - FIXED: Couldn't edit SMB permissions if the disk had multiple partitions (Asus bug) (patch by Jeremy Goss) - FIXED: Exporting a client.ovpn file with no existing CA could generate garbled output in the generated file.