forked from gzenux/asuswrt-rtn18u
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Changelog-RTN18U.txt
1431 lines (1295 loc) · 63.6 KB
/
Changelog-RTN18U.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Asuswrt-Merlin for RT-N18U Release Note
===================================================================
386.3_1
Changelog for RT-N18U:
- CHANGED: Moved IPTV profile settings back to webui instead of
httpd side.
- CHANGED: Enabled TEMPROOTFS option.
- FIXED: Watchdog started dnsmasq periodically on repeater mode.
- FIXED: Intranet access restriction for wifi guest network was
broken (regression from 386.1)
Changelog from Asuswrt-Merlin:
- UPDATED: curl to 7.79.1.
- UPDATED: vsftpd to 3.0.5.
- UPDATED: openssl to 1.1.1m.
- UPDATED: wget to 1.21.1.
- UPDATED: nettle to 3.7.3.
- UPDATED: dnsmasq to 2.86.
- UPDATED: openvpn to 2.5.5.
- UPDATED: tor to 0.4.5.11.
- UPDATED: miniupnpd to 2.2.3-git 20211017.
- UPDATED: inadyn to 2.9.1.
- UPDATED: CA bundle to 2021-12-13.
- UPDATED: amtm to 3.2.1 (thelonelycoder)
- CHANGED: replaced jitterentropy-rngd with haveged.
It uses more resources, but it works
properly on older platforms, and is
generally less CPU intensive in regular
use. This is implemented for all router
models.
- CHANGED: Switched dnsmasq crypto backend to nettle.
- CHANGED: Switched to Asus's own dhcp hostname support.
Existing dhcp_hostnames entries will be
converted on first boot.
- CHANGED: miniupnpd will now be supplied the public WAN
IP to improve compatibility with dual NAT
setups.
- CHANGEED: Disabling Auto DoH will now also disable
Windows' new Discovery of Designated
Resolvers (DDR) feature.
- FIXED: Wrong interface might be used for the default
gateway in an openvpn client routing table.
- FIXED: Generated OpenVPN certs used SHA1 signatures
instead of SHA256 (regression from 386.1)
- FIXED: Various issues with protocol handling when
importing an ovpn client file.
- FIXED: IPv6 not working while in Dual WAN mode.
- FIXED: Failed OpenVPN client connections might sometime
be stuck with a "Connecting" state.
- FIXED: NTP sometimes failing to update at boot time
when using IPv6.
- FIXED: Changes done by firewall-start may be lost after
ddns service gets stopped when using tunnelbroker
386.3
Changelog for RT-N18U:
- CHANGED: Disable firmware check by default since this project
does not update frequently. You still can enable
the firmware periodic check manually after the factory
default reset.
- FIXED: Cannot set traffic history save frequency to every 1 week
from webui.
Changelog from Asuswrt-Merlin:
- NOTE: First time you boot into this version, you need to
either shift-reload the main index page, or clear
your browser cache.
- NEW: Introducing VPN Director, which replaces the original
policy routing management interface for OpenVPN clients.
A bit similar to Asus's own VPN Fusion, OpenVPN routing
rules are now managed through a central web interface,
and they are stored in JFFS instead of nvram, to allow
creating more rules, and free up some nvram for
nvram-limited devices such as the RT-AC68U.
See the Wiki for more information.
- NEW: Added QR codes to the networkmap as well as the Guest
Network page, to allow easily connecting a mobile
device just by scanning the QR code.
The generated QR code can also be saved as a file
if you'd like to print it.
- CHANGED: Rewrote OpenVPN routing handling. The firmware will
now handle route creation itself rather than letting
the openvpn client create/remove routes.
The new implementation brings a few changes:
- "Force Internet traffic through tunnel" can now
be set to "No", "Yes (All)" or "VPN Director".
- This setting will now override whatever setting
pushed by the server regarding gateway redirection.
- The kill switch can now be used in both "Yes" and
"VPN Director" routing modes
- Manually stopping a client will remove the kill
switch. It will now only be applied at boot time
(if client was set to start at boot), or if the
tunnel is disconnected through a non-user event
- CHANGED: Reworked OpenVPN's DNS Exclusive mode implementation
and interaction with dnsmasq.
- CHANGED: Moved OpenVPN Custom settings content to JFFS, and
increased max storage length from around 350 chars
to 4095 chars.
- CHANGED: Moved the "Redirect Internet traffic" setting on
the OpenVPN Client page to the Network Settings
section to increase its visibility, as too many
users are forgetting to configure it.
- CHANGED: Display "Internet traffic not redirected" instead
of "Public IP Unknown" on the OpenVPN Client
status display when Redirect Internet traffic
is set to "No".
- UPDATED: chart.js to 2.9.4.
- UPDATED: tor to 0.4.5.8.
- UPDATED: root certificate bundle to June 5th 2021.
- UPDATED: nano to 5.7.
- UPDATED: curl to 7.76.1.
- UPDATED: dnsmasq to 2.85-openssl.
- UPDATED: openvpn to 2.5.3.
- UPDATED: getdns to 1.7.0.
- UPDATED: stubby to 0.4.0.
- FIXED: Setting an OpenVPN client's DNS mode to Exclusive
could fail to work for certain configurations
- FIXED: DNS Exclusive redirections applied in Policy mode
could be executed in the wrong order if you had
overlapping policy rules in two separate clients.
- FIXED: Clients connected to Guest Network 1 couldn't be
routed through an OpenVPN tunnel.
- FIXED: Clients connected to Guest Network 1 would bypass
DNSFilter rules.
- FIXED: Missing error report on OpenVPN client connection
failure
- FIXED: profile.add getting used even if JFFS scripting
was disabled (dave14305)
- FIXED: Freedns authentication errors would not
properly be reported as errors.
- FIXED: Only the first OpenVPN client would be used if
you had multiple clients connected and the first
one had a Redirect Internet set to "No". Now,
setting this to "No" means that client's routing
table will no longer get a default gateway
configured, allowing traffic to be processed
by other RPDB tables if there wasn't a matching
route within that client's table.
- FIXED: IPV6-compatible DNSFilter servers weren't
properly configured in dnsmasq.
- FIXED: DNSFilter client rules may get corrupted after a
reboot.
386.2_2
Changelog for RT-N18U:
- FIXED: CPU spike problem caused by mismatching openssl library
version between libcurl and some AsusWRT prebuilt
components. This bugfix is a workaround solution by
downgrading the linking ssl version for curl.
- CHANGED: Roll back the following prebuilt binaries to the latest
upstream commit that are using downgraded ssl version:
- asuswebstorage
- dropbox_client
- ftpclient
- lighttpd-1.4.39 prebuilt modules
- CHANGED: Revert asusnatnl and wb packages to GPL 382_52288 due
to the CPU spike problem.
- REMOVED: jitterentropy-rngd feature. It's an optional feature
introduced by recent upstream Asuswrt-Merlin.
We removed it to reduce CPU load.
Changelog from Asuswrt-Merlin:
- No Updates Available.
386.2_1
Changelog for RT-N18U:
- NOTE: The upstream Asuswrt-Merlin source tree has been rebased.
The 386.2_4 and the rebased 386.2_4 are merged by this
release.
- CHANGED: Used prebuilt wlconf (from GPL 382_52288) instead of
compiling form source code due to the rebase changes.
- CHANGED: Do not create /jffs/wglst file in wget command.
Changelog from Asuswrt-Merlin:
- NEW: Added jitterentropy-rngd to non-HND models, in addition
to HND models.
- UPDATED: OpenVPN to 2.5.2.
- UPDATED: jitterentropy-rngd to 1.2.2 (library 3.0.3)
- FIXED: OpenVPN server would flip into an error state (being
shown as "initializing" on the webui) whenever an
inbound client failed to connect to it.
386.2
Changelog for RT-N18U:
- NEW: Reimplemented the temperature graph in home page.
This feature was removed by 386.1 but now add it back.
Changelog from Asuswrt-Merlin:
- NOTE: due to changes in how custom device icons are handled,
first time you boot with 386.2 you need to either
shift-reload the main index page, or clear your
browser cache.
- UPDATED: Merged GPL 386_42095.
- UPDATED: Openssl to 1.1.1k.
- UPDATED: OpenVPN to 2.5.1.
- UPDATED: root certificate bundle to March 9th 2021.
- CHANGED: qos-start "init" user script now runs in blocking
mode to ensure it's able to complete any changes
it may apply to qos configs before these
configs get applied.
- CHANGED: If dropbear cannot create keys in /jffs then
create temporary ones in /etc so SSH can work even
without a working JFFS partition.
- CHANGED: Enabling DOS protection will now also rate limit
ICMPV6 echo (type 128) packets, like with IPv4.
- FIXED: DST not getting applied to some timezones (snauton)
- FIXED: Traditional QoS was broken in 386.1 (dave14305)
- FIXED: Userspace conntrack tool was no longer working
- FIXED: webui incorrectly complaining about mismatched timezone
between browser and webui for some timezones (dave14305)
- FIXED: IPv6 pings were blocked if sent below the rate limit
instead of above (issue introduced in 42095)
- FIXED: Field that accepted a float value would reject
values equal to the allowed minimum (for example
the QoS bandwidth limits)
- FIXED: QoS Bandwidth settings were hidden on
non-HND models when accessing the QoS page.
- REMOVED: SSH Brute Force Protection option (already handled
by Asuswrt's protect service daemon)
386.1_2
Changelog for RT-N18U:
- FIXED: Wireless authentication problem caused by bad merging.
Changelog from Asuswrt-Merlin:
- CHANGED: Use local OUI database instead of remote one hosted
on Asus's server (allows queries to work even when
accessing webui over https)
- FIXED: OUI lookups on site survey page not working
(for non-HND models)
386.1_1
Changelog for RT-N18U:
- No Updates Available.
Changelog from Asuswrt-Merlin:
- UPDATED: inadyn to 2.8.1.
- UPDATED: nano to 5.5.
- UPDATED: Openssl to 1.1.1j.
- FIXED: IPv6 ending with "::" were considered invalid on the
webui (was breaking the Prefix field on the 6in4 tunnel
page for instance).
- FIXED: Erasing the JFFS partition would often require a second
reboot since the operation failed when encountering
a bad block. These are now properly skipped.
- FIXED: ATM checkbox could not be enabled on QOS page.
386.1
Changelog for RT-N18U:
- MERGED: GPL 386_41700 from asuswrt-merlin (master).
- CHANGED: Enabled WL_SCHED_V3 option to use the new scheduler
format for wireless scheduler feature.
- CHANGED: Revised firmware update process.
- FIXED: Some broken webui pages caused by merged GPL 386_41700.
- REMOVED: CPU/Wireless temperature shown in home page.
(incompatible with GPL 386)
To check the temperature information, use Tools_Sysinfo
page instead.
Changelog from Asuswrt-Merlin:
- UPDATED: Merged GPL 386_41700
- REMOVED: Option to select sfq as a queue scheduler for t.QoS
or Bandwidth Limiter, and always use fq_codel.
384.19_1
Changelog for RT-N18U:
- No Updates Available.
Changelog from Asuswrt-Merlin:
- UPDATED: dnsmasq to 2.84, resolving CVE-2020-25681,
CVE-2020-25682, CVE-2020-25683, CVE-2020-25687,
CVE-2020-25684, CVE-2020-25685 and
CVE-2020-25686 aka DNSpooq (themiron)
384.19
Changelog for RT-N18U:
- NEW: Add the speedtest feature powered by Ookla.
(backported from asuswrt-merlin GPL 386_40577)
- NEW: Add the login captcha option to WebUI.
(backported from asuswrt-merlin GPL 386_40577)
- NEW: Re-add Merlin NAT loopback feature.
(no longer supported by asuswrt-merlin)
- NEW: Implement advanced wireless TX power adjustment feature.
- UPDATED: WebUI language translation and the help description.
(backported from asuswrt-merlin GPL 386_41350)
- CHANGED: Enabled EXT4FS option to support utilities for ext4
filesystem.
- CHANGED: Decoupled the LED control behavior between WPS button
and 'disable LEDs' option (stealth mode).
- CHANGED: firmware update checks are no longer using the
server address stored in nvram, for security
reasons. (follow asuswrt-merlin's change)
- CHANGED: Set default temperature unit to °C in home status page
when the browser cookie is empty.
- FIXED: The traffic unit shows empty option in TrafficMonitor
pages when the browser cookie is empty.
Changelog from Asuswrt-Merlin:
- NEW: Added stub and stub-v2 compression options to OpenVPN
clients. Not added to server, since compression is
considered deprecated, and will be removed most likely
in OpenVPN 2.6, for security reasons.
- NEW: Added tls-crypt-v2 support to OpenVPN clients.
- NEW: Added option to select an OpenVPN client when
running Oookla Speedtest.
- UPDATED: Openssl to 1.1.1i.
- UPDATED: Updated to OpenVPN 2.5.0. Note that OpenVPN
2.4.0 or newer is now required by the exported
client config file. You can still manually
configure an older client to connect with your
router.
- UPDATED: nano to 5.2.
- UPDATED: curl to 7.72.0.
- UPDATED: zlib to 1.2.11.
- UPDATED: lz4 to 1.9.2.
- UPDATED: e2fsprogs to 1.45.6.
- UPDATED: dropbear to 2020.81.
- UPDATED: miniupnpd to 2.2 (git snapshot from 20201129)
- UPDATED: Switched userspace ipset from 6.32 to 7.6 (to match
with upstream)
- CHANGED: The old legacy cipher setting in OpenVPN is now only
available when running with static key authentication.
- CHANGED: Tweaks to the OpenVPN webui layout
- CHANGED: OpenVPN clients will now NAT all outbound traffic,
regardless of the source subnet.
- CHANGED: Reworked the display of DNSPrivacy presets
- CHANGED: Added AdGuard (ad blocking) and CIRA Canadian Shield
(non US-based service) to the DNSPrivacy presets.
- CHANGED: At boot time, OpenVPN killswitch will only be
applied for clients set to auto-start with WAN.
- CHANGED: Increased number of available mount points for addon
webpages to 20.
- CHANGED: Multiple routes can now be defined per client on the
OpenVPN client-specific configuration.
- CHANGED: When logging allowed connections is enabled, also log
outbound LAN connections (reverts to the behaviour from
a few years ago)
- FIXED: OpenVPN client remote IP wasn't updated on client
stop/restart.
- FIXED: Couldn't force generating a new SSL certificate for the
webui.
- REMOVED: Option to disable NCP. The NCP cipher list is
now used both for NCP and non-NCP endpoints.
384.18
Changelog for RT-N18U:
- UPDATED: Merged GPL 384_81992 from asuswrt-merlin (mainline).
- UPDATED: Merged RT-N18U GPL release 382_52288
- NEW: Added captcha feature support.
- CHANGED: Removed switchable protectionSrv feature introduced in
384.12 and use GPL 382_52288 (closed source) insteaded.
Changelog from Asuswrt-Merlin:
- NEW: Added support for static routes for PPTP/L2TP VPN
clients, on the Static Route page (themiron)
- NEW: Added notification when JFFS free space drops
below 3 MB.
- UPDATED: dnsmasq to 2.82-openssl (themiron)
- CHANGED: Rewrote a large portion of the OpenVPN implementation,
to make the code easier to maintain. The new libovpn
code is released under a GPL licence. Functionality
should largely remain the same.
- CHANGED: Replaced updown-*.sh OpenVPN event handler scripts
with binary libovpn functions. The new code does
stricter validation of the configuration.
- CHANGED: Enabling Client Config Dir (ccd) for an OpenVPN
server in non-exclusive mode will no longer accept
duplicate common names (to prevent issues with
two clients trying to share the same settings).
If you need such an unusual setup, you should
enable "Username/Password auth only", which will
make the common name become the username. Or
better, ensure that you have unique certificates
for all of your users.
- CHANGED: Removed the (undocumented) vpn_debug setting. Debug
logging will now only come from OpenVPN itself
(configurable through the log verbosity setting).
- CHANGED: Improved mechanism for providing an available
mount point for addon API scripters (dave14305)
- CHANGED: Harmonized the various SSL certificate modes with
upstream.
0-None - will be self-generated
1-Imported - lets you upload your own (no longer
self generated unless you don't
upload one)
2-Let's Encrypt (unchanged)
Self-generated cert will be stored to /jffs/cert.tgz,
just like upstream.
- FIXED: ddns updates and OpenVPN instances might be launched
twice at boot time if the initial ntp clock sync
happened too fast.
- FIXED: Enforced DNS and tQoS fix would be lost when the
firewall gets restarted while an OpenVPN client
is running.
- FIXED: Various issues surrounding error state report
when an OpenVPN client failed to start properly.
- FIXED: WINS provided by an OpenVPN server weren't properly
used.
- FIXED: Some large DNS queries could fail when using DoT
(patch backported from upstream)
384.17
Changelog for RT-N18U:
- UPDATED: Merged GPL 384_81918 from asuswrt-merlin (mainline).
- CHANGED: Synchronize the static OUI database in networkmap with
webui.
Changelog from Asuswrt-Merlin:
- UPDATED: amtm to 3.1.7.
- UPDATED: Root certificate bundle to June 3rd 2020.
- UPDATED: OUI database used by the webui.
- UPDATED: Dropbear 2020.80 (themiron)
- UPDATED: nano to 4.9.3.
- CHANGED: Optimized OpenVPN routing policy storage (this change
is NOT backward compatible with previous firmwares)
- FIXED: ssh/scp client would fail to connect while negotiating
a chacha20 connection (themiron)
384.16
Changelog for RT-N18U:
- No Updates Available.
Changelog from Asuswrt-Merlin:
- NEW: Add Chacha20-poly1305 support to dropbear (themiron)
- UPDATED: dnsmasq to 2.81-openssl (themiron)
- UPDATED: openvpn to 2.4.9.
- UPDATED: curl to 7.69.1.
- UPDATED: openssl-1.1 to 1.1.1g (themiron)
- UPDATED: nano to 4.9.2.
- FIXED: Various webui issues with sorting DHCP reservations.
384.15
Changelog for RT-N18U:
- No Updates Available.
Changelog from Asuswrt-Merlin:
- NEW: Added ed25519 support in Dropbear (themiron)
- UPDATED: Tor to 0.4.2.6.
- UPDATED: curl to 7.68.0.
- UPDATED: nano to 4.8.
- UPDATED: dnsmasq to 2.81rc4-33-g7558f2b-openssl (themiron)
- UPDATED: inadyn to 2.7 (themiron, merlin)
- UPDATED: getdns to 1.6.0 (themiron)
- UPDATED: stubby to 0.3.0 (themiron)
- UPDATED: amtm to 3.1.6 (thelonelycoder)
- UPDATED: openssl-1.1 to 1.1.1f (themiron, merlin)
- UPDATED: Chart.js to 2.9.3
- CHANGED: Wireless Log page will now regroup Guest Network
clients together and identify which guest instance
they are connected to.
- CHANGED: Added down/upload monitor to network status page, and
removed useless RAM chart to free some space.
- CHANGED: Security hardening in dropbear dropped CBC and 3DES
ciphers, removed version disclosure from ident
string (themiron)
- FIXED: Disks with a single quote in their name would fail to
properly list on various USB service pages.
384.14_1
Changelog for RT-N18U:
- No Updates Available.
Changelog from Asuswrt-Merlin:
- FIXED: DNS server was unreachable when connecting to an OpenVPN
server with Advertise DNS enabled, due to firewall rules.
- FIXED: miniupnpd would reject private WAN IPs - changed that
upstream behaviour to allow these.
- FIXED: Would require you to reset the DHCP scope if you
changed the LAN hostname.
- FIXED: Couldn't set http mode to http-only if you previously
had WAN access enabled but have since switched to
non-router mode.
- FIXED: CVE-2020-8597 security issue.
384.14
Changelog for RT-N18U:
- UPDATED: Merged GPL 385_10002 from asuswrt-merlin.
Changelog from Asuswrt-Merlin:
- NEW: wan-event script. The first parameter will be the WAN unit
(0 for first WAN, 1 for secondary). The second parameter
will be a string describing the type of event (init,
connected, etc...). A wan-event of type "connected" will
be identical to when the original wan-start script was
being run (wan-start should be considered deprecated
and will be removed in a future release)
- NEW: Implemented an official API for addon developers to
better integrate with the router. This includes up
to ten different pages that can be added anywhere within
the webui, and a dedicated storage repository for your
settings, which can be interacted with through your
custom web page or through a shell script.
See the Wiki for more information:
https://github.com/RMerl/asuswrt-merlin/wiki/Addons-API
- NEW: amtm (Asuswrt-Merlin Terminal Menu) by thelonelycoder has
been added to the firmware. Running "amtm" over SSH will
give you a menu allowing you to select and install various
addons, such as Diversion (ad blocker) or SKynet (an
advanced firewall extension). The plugins for amtm are
still maintained by its original author (thelonelycoder).
https://github.com/RMerl/asuswrt-merlin/wiki/AMTM
- UPDATED: Backported some fixes from 384_81981, mostly related
to WAN, port bonding and mdns.
- UPDATED: odhcp6c to 1.1-97-ge199804 (themiron)
- UPDATED: curl to 7.67.0.
- UPDATED: openssl-1.0 to 1.0.2u
- UPDATED: dnsmasq to 2.80-114-ge40d8be (themiron)
- CHANGED: Replaced entware-setup.sh script with link to amtm, as
using the amtm Entware installer is now the supported
method.
- CHANGED: Improved connection handling in httpd (themiron)
- FIXED: Some of the newest DNSFilter servers weren't properly set
up with IPv6 (dave14305)
384.13_1
Changelog for RT-N18U:
- FIXED: LED stealth mode always resets to disable after reboot.
- FIXED: Invalid apply button on Guest Network page.
- FIXED: Issues on QoS_EZQoS page once QoS activated:
- Download/Upload Bandwidth fields are blank.
- Missing User-defined QoS rules/priority options in
the selection box.
Changelog from Asuswrt-Merlin:
- FIXED: Missing cifs kernel module
- FIXED: stubby was linked with OpenSSL 1.0 instead of 1.1
- FIXED: some routers were reporting the Internet connection being
disconnected. If you were affected and you had flashed
a customized bootloader, then please reflash your original
bootloader, as your modded bootloader is invalid, and other
potential issues may appear over time.
- FIXED: Random traffic spikes logged in Traffic Monitor (regression
from 384_81351)
384.13
Changelog for RT-N18U:
- NEW: Merge GPL 384_81351 from asuswrt-merlin.
- NEW: Allow switching LED stealth mode with WPS button.
To enable this feature, change the WPS button function on
System page.
- NEW: Implement option to switch the logging protocol for
rsyslog feature. The logging protocol is UDP by default and
can switch to TCP on General Log page.
- REMOVED: Unused Main_AdmStatus_Content page
- REMOVED: Strongswan IPsec VPN feature support.
It sometimes causes the router crash reboot when using
USB modem as the WAN access.
- CHANGED: Replace syslogd backend service with rsyslogd.
- CHANGED: Use unified ping list on System, DualWAN and
NetworkAnalysis pages.
This also fixed the ping item "Яндекс" and "ВКонтакте"
are not shown correctly on System page.
- CHANGED: Disable ProtectionSrv service by default.
- FIXED: Invalid USB mode option on System page.
- FIXED: Some bug fixes caused by rsyslog feature migration.
- FIXED: Temperature Info may not refresh on IE8.
Changelog from Asuswrt-Merlin:
- NEW: Implement option to prevent Firefox's automatic usage of DoH.
By default, this will only apply if you have DNSPrivacy
enabled, or if you have DNSFilter enabled with a global
filter, to ensure that Firefox will not bypass either of
these. You can also have this override applied all the
time, or completely disable it.
- NEW: Added "split" busybox applet.
- NEW: Added IPv6 support to Network Analysis webui
- NOTE: You might need to reconfigure your device hostname on the
LAN -> LAN IP page due to a GPL-level change.
- UPDATED: miniupnpd 20190824
- UPDATED: dnsmasq 2.80-95-g1aef66b (themiron)
- UPDATED: OpenSSL 1.0.2 to 1.0.2t (themiron)
- UPDATED: OpenSSL 1.1.1 to 1.1.1d (themiron)
- UPDATED: Curl 7.66.0
- UPDATED: nano 4.4
- UPDATED: OpenVPN 2.4.8
- UPDATED: OUI database to 2018-08-17 version
- UPDATED: CA root certificates to October 9th 2019
- CHANGED: Made webui SSL certificate generation compliant with
IOS 13 and MacOS 10.15 new requirements.
- CHANGED: Rewrote the faketc script used to inject Codel into
Adaptive QoS as a C program for improved performance.
- CHANGED: IPv6 firewall now accepts empty values for local IP
(which means any local IP).
- FIXED: Webui wouldn't notify when running dangerously low on
free nvram (feature was lost at some point in the past)
- FIXED: Custom clientlist would be wiped if stopping an
OpenVPN server instance.
- FIXED: Incorrect detection of EUI64 addresses on the IPv6
firewall (would prevent using ::/0 for instance).
- FIXED: EUI64 support missing while in Load Balancing or
using Multicast IPTV.
- FIXED: Asus DDNS failing to update due to an invalid
certificate on Asus's server.
- FIXED: Let's Encrypt support would sometime fail when using
Asus DDNS (fixed DNS publishing of validation record)
(in addition to general failure fixed by GPL 81351)
- FIXED: IPv6 neighbour solicitation drop toggle not working
for some models
- FIXED: openvpn-event scripts would be executed even if custom
scripts were globally disabled
384.12
Changelog for RT-N18U:
- NEW: Merged RT-N18U GPL release 382_51640
- NEW: Enabled Strongswan IPsec VPN feature
- NEW: Let ProtectionSrv be switchable and enable it by default.
The option is under Administration -> System page.
Changelog from Asuswrt-Merlin:
- NEW: ChaCha20-Poly1305 support in Strongswan (themiron)
- UPDATED: Curl 7.65.3.
- CHANGED: dhcp_staticlist no longer contains hostnames, these
have been moved to dhcp_hostnames for better
compatibility with upstream and closed source
components, also allows more static leases to be
defined before reaching the size limit.
- CHANGED: Replace Nettle with OpenSSL for dnsmasq's DNSSEC
validation, which opens the door to supporting
more ciphers. (themiron)
- FIXED: Firmware Update check button would redirect to Asus
support site if scheduled checks are disabled.
- FIXED: IGMP Snooper daemon crashing when more than 32 hosts
are present (themiron)
- FIXED: Devices without a networkmap-defined alias wouldn't fallback
to their hostname on some webui pages like the IPTraffic
and QoS Classification pages.
- FIXED: Remote IP field filtering on Classification page wasn't
working.
- FIXED: Incorrect user permissions displayed on the FTP page.
384.11_2
Changelog for RT-N18U:
- FIXED: WebUI loading sometimes broken with traditional QoS
enabled.
- FIXED: Invalid apply button on changing the QoS slide switch
from ON to OFF in QoS page.
Changelog from Asuswrt-Merlin:
- FIXED: External DDNS IP checker would fail for Chinese users,
as checkip.dyndns.org is blocked - switched to .com TLD.
384.11_1
Changelog for RT-N18U:
- FIXED: Samba with password login does not work correctly.
Changelog from Asuswrt-Merlin:
- FIXED: Firefox was showing a no-op Uninstall button on the
AiCloud page
- FIXED: FTP would be accessible from the WAN even while disabled
if you had DualWAN load balancing enabled, or IPTV
configured.
384.11
Changelog for RT-N18U:
- NEW: Merged RT-N18U GPL release 382_51634
- REMOVED: Unsupported erp_monitor code
Changelog from Asuswrt-Merlin:
- NOTE: The project now has its own domain name. Official website
is now https://www.asuswrt-merlin.net/ and my email address
for anything related to the project is now
merlin@asuswrt-merlin.net.
- NEW: Added WS-Discovery support. This allows Windows clients
to detect the router's shared USB drives even if SMBv1
support is disabled.
- NEW: Re-added option to extend the WAN's TTL (from stock
firmware, was previously disabled as it used to
be broken)
- UPDATED: Merged GPL 384_45717
- UPDATED: Nano 4.2.
- UPDATED: OpenSSL-11 to 1.1.1c.
- UPDATED: OpenSSL-10 to 1.0.2s.
- UPDATED: curl 7.65.1.
- UPDATED: miniupnpd 20190604.
- CHANGED: Local clients will be shown by their hostname
on the Classification page.
- CHANGED: Reworked handling of up/down events in OpenVPN.
Server instance will now also use its own
updown script, which will handle firing up
openvpn-event (if present).
- CHANGED: Inbound traffic sent to you through an OpenVPN client
will now be dropped by default. This can be changed
through the new "Inbound Firewall" parameter found
on the OpenVPN client page. You should only change
this to "Allow" if running a site2site tunnel with
a trusted remote server, or if you do expect
traffic to be forwarded to you through the tunnel.
- CHANGED: The router will now use ISP-provided resolvers
instead of local dnsmasq when attempting to
resolve addresses, for improved reliability.
This reproduces how stock firmware behaves.
This only affects name resolution done
by the router itself, not by the LAN clients.
The behaviour can still be changed on the
Administration -> Other Settings page.
- CHANGED: Randomize the serial number of certificates
generated by the router for its httpd. If
using a router-generated certificate, then
it's recommended to generate a new one.
- CHANGED: Allow USB idle values up to 9999.
- CHANGED: Reworked how some services are started when the WAN
interface comes up to prevent deadlocks between
the WAN completing its initialisation, and the
clock getting set. These could result is fairly
long boot time for some ISPs.
- FIXED: openvpn-event script not launching if the
client was configured in Secret Key auth
mode.
- FIXED: Page redirection failing to apply at boot
time if WAN was down.
- FIXED: CVE-2019-11477, CVE-2019-11478 and
CVE-2019-11479 (themiron)
384.10
Changelog for RT-N18U:
- NEW: Merge GPL 384_45713 from asuswrt-merlin.
- NEW: rstats: enable BCM530X0-based traffic monitoring.
The missing code is taken from RT-N18U GPL 378_8041
- CHANGED: Moved online upgrade option to firmware upgrade page
- CHANGED: Review the logic of new firmware version check feature
- Do not associate the online upgrade option with
the schedule check option
- Allow check firmware from server instead of opening
product page when the schedule check option disabled
- Reset the new firmware notification status when
'check for new beta firmware' option is changed
- Do not run the javascript code when its option state
is not changed
- CHANGED: Show available stable/beta firmware version within
the new firmware notification popup.
- CHANGED: Do not reboot the router when the wireless tx power is
changed.
Changelog from Asuswrt-Merlin:
- NEW: Added OpenSSL 1.1.1b in parallel to 1.0.2. Some services
like AiCloud are still linked against 1.0.2 because they
would require Asus to recompile them against 1.1.1.
Main services that currently use OpenSSL 1.1.1:
httpd (webui), OpenVPN, wget, net-snmp, Tor, inadyn,
vsftpd, avahi.
Models that lack AES acceleration will prioritize the use
of CHACHA20 over AES-256-GCM, for a small performance
improvement (for instance with the webui).
Note that OpenVPN 2.4.7's support is still limited.
TLS 1.3 is supported, but CHACHA20 support is
only expected with OpenVPN 2.5.0.
The 1.0.2 userspace tool is still named "openssl", while
the 1.1.x version is named "openssl11".
- NEW: Added DNS Privacy feature, with support for
DNS-over-TLS (also known as DoT).
You can configure it on the WAN -> Internet Connection
page. You can manually add your own servers, or chose
one (or a few) from the preset list. (themiron)
- NEW: NTP daemon on the router, to allow your LAN clients to
synchronize their clocks with it.
- NEW: Option to intercept NTP requests from clients, and
redirect them to the router's own NTP daemon.
- NEW: Added service-event-end custom script, executed at the
end of an rc service call. Receives the same arguments
as service-event, but is a non-blocking script.
- NEW: Added sqlite3 CLI command, to allow script authors to
create/manage their own sqlite3 database
- NEW: Implemented source/destination IP filtering
for the Netool version of Netstat web page.
- UPDATED: Nano 4.0.
- UPDATED: Curl 7.64.1.
- UPDATED: Dropbear 2019.78.
- CHANGED: Replaced the custom ntpclient with a proper ntpd
implementation, for reduced memory usage and
increased accuracy.
- CHANGED: Made the secondary NTP server configurable through the
webui. Note that ntpd will use both servers, so clear
the second server if there is one and you don't want
to use it.
- CHANGED: Re-designed firmware upgrade page, moving the schedule
option to that page.
- CHANGED: Removed popup messages showing on the DDNS page when
a service state change was detected. Report it within
the page instead.
- CHANGED: Report firmware version within the new firmware
notification popup that appears at the top of the webui.
- CHANGED: Moved LED control (formerly known as Stealth Mode) to
the System page.
- CHANGED: Allow URLs up to 64 chars long on the URL filter.
- CHANGED: pre-mount user script now receives the filesystem
as second argument.
- CHANGED: Moved various DNS-related settings from the DHCP page
to a more appropriate location on the WAN page.
- CHANGED: OpenSSL default dir moved to /etc/ssl/. Allows
programs to automatically locate the CA bundle
without requiring explicit configuration.
- CHANGED: Optimized service restarts generated by the
System page.
- CHANGED: Replaced Network Analysis and Netstat pages (under
Network Tools) with new versions based on Asus's
Netool daemon (RT-AC86U, RT-N18U)
- CHANGED: Backported multiple fixes and improvements
for ntpd from upstream, improving handling
of failed server hostname resolution, and better
clock sync discipline.
- FIXED: CVE-2019-1543 issue with Chacha20-poly1305 in
OpenSSL 1.1 (themiron)
- FIXED: Client count on the Sysinfo page was missing
Guest clients
- FIXED: Miniupnpd sometimes sending ssdp notifies to
the wrong interface (themiron)
384.9_1
Changelog for RT-N18U:
- CHANGED: Do not restart router's time service when issuing a
WoL request (backporting)
- CHANGED: Minor webui layout/rendering updates (backporting)
- FIXED: Duplicate code on System page preventing USB sleep
settings from applying (backporting)
- FIXED: The Download Master not show in USB applications menu
(backporting)
Changelog from Asuswrt-Merlin:
- CHANGED: Do not restart whole network whenever changing an IP
reservation on the Networkmap card.
- FIXED: Reboot scheduler would sometime get stuck, or corrupt
plugged USB drives. Now doing a more thorough
shutdown of services, should hopefully make it
more reliable.
384.9
Changelog for RT-N18U:
- NOTE: The firmware version is not direct mapping to official
Asuswrt-Merlin release starting from now since there are
no available prebuilt binary and no more new features
introduced for this model in recent codebase.
- NEW: Merge GPL 384_45149 from asuswrt-merlin.
- NEW: Show the CPU/Wireless temperature in home page.
- CHANGED: Merge asuswrt-merlin's Tools menu into existing menu:
- Tools_Sysinfo.asp moved into 'System Log' menu
- Tools_OtherSettings.asp moved into
'Administration' menu
- CHANGED: Update the translation in the wireless site survey
page.
- CHANGED: Do not automatically scan site (also disable
the rescan button) in the wireless site survey page
when the radio is not enabled.
- FIXED: The notification flashing interval is not reset after
checked the firmware update.
- REMOVED: Temperature page since it's integrated into
the home page.
Changelog from Asuswrt-Merlin:
- NEW: Report the number of spatial streams and the PHY type
used by wireless clients for models supporting it
- NEW: Display tracked connections on the QoS Stats page (now
relabeled "Classification").
Fields can be sorted by clicking on the column headers.
Thanks to FreshJr for his help in deciphering the packet
mark values.
- NEW: Implemented lcp-ident option in PPP (required by some ISPs)
(Themiron).
- NEW: You can now choose between having your router do internal
DNS queries locally (through dnsmasq) or with your WAN
configured DNS (like stock firmware). This does not
affect DNS lookups from your clients, only those made
by the router itself. The option is under
Administration -> Other Settings. (Themiron)
- CHANGED: Updated wget to 1.20.
- CHANGED: Updated nano to 3.2.
- CHANGED: Updated curl to 7.64.0.
- CHANGED: Updated OpenVPN to 2.4.7.
- CHANGED: Updated OpenSSL 1.0.x to 1.0.2r.
- CHANGED: Updated Tor to 0.3.5.8.
- CHANGED: Updated Chart.js to 2.7.3.
- CHANGED: Updated dnsmasq to 2.80-44-g608aa9f (Themiron)
- CHANGED: Optimized some JS files to reduce their size
- CHANGED: OpenVPN clients can now accept CNs up to 255 chars
when using it to validate the certificate.
- CHANGED: No longer reset the OpenVPN client's description,
policy mode and existing rules when uploading an
.ovpn config file.
- CHANGED: No longer accept any server-provided route
when OpenVPN client set to Policy (Strict).
- CHANGED: Clients bound to DNSFilter rules will no longer
bypass it by using DoT. DNSFilter servers that
support DoT (like Quad9) will only allow filtered
clients to use that server
- CHANGED: Re-worked the Classification page. New design
is much faster, allows filtering, and shows
additional info when hovering on a field.
- CHANGED: Reworked DNS WAN probe implementation (Themiron)
- CHANGED: Increased OpenVPN interface queue length from 100
to 1000 bytes, to reduce the amount of dropped
packets if router can't keep up.
- CHANGED: Updated CA bundle to January 23rd 2019 version
- FIXED: DNSFilter clients could use a different nameserver
when using an IPv6 connection
- FIXED: NFSv2 support
- FIXED: PPP host-uniq support (Themiron)
- FIXED: OpenVPN key/certs would sometime end up in nvram in
addition to in /jffs
- FIXED: Couldn't remove an existing OpenVPN key/cert by
clearing the field on the webui
- FIXED: Resetting OpenVPN client to Default values wasn't
removing any existing Extra CA certificate
- FIXED: Moviestar VLAN routes weren't properly configured
(broken quagga configuration)
- FIXED: Missing tooltip content for the new local DNS
resolution setting on the Tweak page
- FIXED: OpenVPN CA would be overwritten if there was no
server key or cert present - only generate them
if all three are missing.
- FIXED: Bandwidth Limiter not working properly in some
cases, as it failed to disable hardware acceleration
- REMOVED: CFB and OFB ciphers from OpenVPN client
384.8_3
Changelog for RT-N18U:
- CHANGED: Update webui translations from GPL 384_45149
- CHANGED: Review the logic of online firmware update feature:
The beta release will be used only if it's newer than
the latest stable and the checking beta option is
enabled.
- FIXED: The sysinfo page now can show 'jffs2' in feature field.
- FIXED: Some wrong help descriptions in QoS page
Changelog from Asuswrt-Merlin:
- FIXED: Syslog not properly copied to JFFS on reboot
(John Bacho)
- FIXED: SSH brute force protection didn't work in Dual WAN
load balancing mode.
- FIXED: USB disk idle config changes not applying without a
reboot.
- FIXED: "Strict" DNS mode wasn't working properly with OpenVPN
clients
384.8_2
Changelog for RT-N18U:
- CHANGED: Do not alternate between customized ntp server (from
webui) and built-in list - only use built-in list if
the ntp server is not customized.
- FIXED: Ntpclient command storm happened when no any
network time is available.
Changelog from Asuswrt-Merlin:
- CHANGED: Updated miniupnpd to 20181205.
- CHANGED: Push LAN domain to OpenVPN clients as DNS suffix
for the connection.
- FIXED: Cannot save custom settings on OpenVPN server page
on non-HND models.
- FIXED: Some webui pages fail to load properly in French
- FIXED: dnsmasq fails to start when certain options are
configured (themiron)
- FIXED: Persistent SSL cert was wiped at boot time in
some specific scenarios.