Академический Документы
Профессиональный Документы
Культура Документы
========================
380.63 (xx-xxx-xxxx)
- NEW: QoS Statistics page, showing the amount of traffic assigned to
each available classes, as well as the current throughput.
- NEW: Charts added to various Traffic Monitor pages.
Note that you can click on legend items to reveal/hide the
DL/UL data. Hovering over a bar or a pie slice will
display the exact value for that item.
- NEW: Added pc_delete() to the helper script (patch by john95287)
- NEW: IPv6 firewall now supports fixed interface ID (EUI64) ipv6
destination addresses (Patch by john9527)
- CHANGED: Updated Tor to 0.2.8.9
- CHANGED: Updated OUI database.
- CHANGED: ipset was updated to version 6.29 on ARM models.
IMPORTANT: this means you will probably need to
update your script to the new syntax. You need to
load the xt_set.ko module at the start of your script.
There has been no change to MIPS models, due to their
older kernel. (original code by Shibby and Victek,
Asuswrt port by john9527) (ARM only)
- CHANGED: OpenVPN policy rules now start at prio 10000 instead of 1000
- CHANGED: Added help popups to various settings that are unique to
Asuswrt-Merlin.
- FIXED: Custom group/shadow/passwd weren't applied at boot time.
- FIXED: CVE-2016-5195 (Dirty COW) vulnerability in kernel
(patches by blackfuel and Joseph A. Yasi)
- FIXED: Network Service Filter rules would only apply to clients
under Parental Control if that was enabled (original
debugging by john9527) (Asus bug)
- FIXED: A few memory leaks in httpd and rc services.
380.62_1 (29-Sept-2016)
- CHANGED: Updated OpenSSL to 1.0.2j
380.62 (23-Sept-2016)
- NEW: Added nano 2.7.0 (user-friendly text editor)
Documentation: https://www.nano-editor.org/dist/v2.6/nano.html
Note that for space reasons, some of its features are disabled
for the RT-N66U and RT-AC66U. Entware users might want to
uninstall the Entware version if they had it installed and want
to use the built-in version instead.
- NEW: Option to toggle the display of passwords on the PPTPD and
OpenVPN server pages.
- NEW: Allow providing a vendor class on the WAN page (DHCP option 60)
- NEW: Add option to disable sending a RELEASE request when odhcp6c
exits, allowing you to retain your received prefix with some
ISPs.
- CHANGED: Updated nettle to 3.2 (used for dnssec) and increased
optimization level.
- CHANGED: Updated minidlna to 1.1.6
- CHANGED: Updated OpenVPN to 2.3.12
- CHANGED: Updated OpenSSL to 1.0.2i
- CHANGED: Revamped the Wireless Log page:
- Merged some columns to gain more horizontal space
- Longer hostname shown (truncated names are now
shown in a tooltip)
- Display clients' IPv6 if they have one
CHANGED: Accept up to 250 characters for OpenVPN client's
username and password (one provider needs 64).
CHANGED: Hide the WPA key on the Wireless config page, and only
reveal it when you click on the field to edit it.
FIXED: OpenVPN client shouldn't display policy routing settings
when using a TAP interface.
FIXED: DSL/ATM overhead setting was visible on MIPS models, which
don't support it.
FIXED: Editing OpenVPN or PPTP users with any value longer than
32 chars could lead to corruption of the user list.
FIXED: Custom config file for igmpproxy wasn't working.
FIXED: After turning off a Guest network, the next visit to the
Wireless Settings page would show that guest network's settings
instead of the parent band settings (Asus bug)
FIXED: Smart Connect rules didn't apply on the RT-AC88U (backported
fix from 380_3941).
FIXED: Numerous memory leaks in the networkmap service. (Asus bug)
FIXED: Potential buffer overrun in the networkmap service. (Asus bug)
FIXED: Broken IPv6 connectivity if enabling SSH brute force
protection (only MIPS models were affected)
FIXED: 5G LED would fail to turn back on when exiting stealth mode.
FIXED: Only hostname was used as remote server in an exported
OpenVPN client config when using Namecheap DDNS.
FIXED: Security vulnerability (XSS/CSR) in httpd (backported
fix from 380_4005).
FIXED: Chrome would try to autofill some fields (such as on the
DDNS configuration page), which could be problematic.
FIXED: IPTraffic database was no longer properly named after
the router's MAC address on the AC88/AC3100/AC5300.
If you recently enabled it, you will need to either
re-create a new database, or rename the existing
database from tomato_cstats_000000000000.gz to
tomato_cstats_XXXXXXXXXXXX.gz, where "XXXXXXXXXXXX" is
your MAC as found with "nvram get et2macaddr", in
lowercase (AC88/AC3100/AC5300 only).
Regular traffic monitoring (stored in
tomato_rstats_XXXXXXXXXXXX.gz) is fine.
380.61 (4-Aug-2016)
- FIXED: Connected OpenVPN clients reporting as disconnected
on the status page following any wireless config change
(Asus bug)
- FIXED: OpenVPN server would report being "Initializing"
while it already was ready, following any
wireless config change (Asus bug)
- FIXED: Various stability issues with minidlna (reverted some
of Asus's customizations)
380.61 Beta 1 (31-July-2016)
- NEW: Merged with GPL 3831.
- CHANGED: updated dropbear to 2016.74.
- FIXED: Do not enforce b/g mode as "auto" if wireless mode
is also set to Auto.
380.60
There was no non-beta release, due to limited model support
and unsolved WAN stability issues.
380.60 Beta 2 (5-July-2016)
IMPORTANT: The firmware image file format was changed by Asus.
Starting with 380.60, you will no longer be able to
flash versions older than 380.60, or Asus versions
older than 3.0.0.4.380_3000.
You can currently downgrade by using Firmware Recovery
mode, but there's not guarantee that this will keep
working in the future.
- NEW: Merged with GPL 3479. This includes the new file format
required for certification purposes.
- NEW: Option to enable overhead calculation on Traditional QoS
for DSL users (ARM-only)
- NEW: Option on System page to disable the new forced
redirection to router.asus.com (defaults to disabled)
- CHANGED: Updated OpenVPN to 2.3.11
- CHANGED: Allow to specify IPv6 prefixes up to 126 on the IPv6 config
- CHANGED: Networkmap will now announce itself as "Asuswrt/networkmap"
when connecting to LAN's web services.
- FIXED: OpenVPN server instances weren't properly reporting
if an error occurred at start time.
- FIXED: wget was unable to access https site due to not
having a CA bundle to verify certificates
- FIXED: odhcp6c was sending bogus preferred prefixes, so
anything larger than 64 could result in an invalid
prefix
- FIXED: Language selector is missing on router set for the
JP region (reverted Asus change)
- FIXED: Client names with single quotes couldn't be edited
in the networkmap client popup (Asus bug)
- FIXED: Router wouldn't run SMB to provide browser master
or Wins services if no USB disk was plugged
- FIXED: Router would sometime fail to renew a WAN DHCP lease.
(fix by theMIROn)
380.59 (10-May-2016)
- NEW: Merged with 380_2697 GPL. This includes beta MU-MIMO support for
the RT-AC87U/AC88U/AC3100/AC5300, and IPTV fixes.
- NEW: Option on OpenVPN client/server page to reset them back to the
factory default settings.
- EXPERIMENTAL: Added support for codel and fq_codel to ARM models
(RT-AC56U and newer).
When enabling Traditional QoS or Bandwidth Limiter,
you can now change from the default sfq queue
discipline to codel or fq_codel.
(based on Kyle Sanderson's Tomato backport)
NOTE: Traditional QoS is currently broken on the
newer models (RT-AC88U and up). This is a known
issue in recent Asus releases.
- CHANGED: WAN -> NAT Passthrough now allows you to determine whether or
not to load the NAT helper module for h323, rtsp and sip.
Asus's old behaviour is "Enabled + NAT Helper".
- CHANGED: DNSFilter client dropdown now uses Asus's new one integrated
with networkmap.
- CHANGED: minidlna now supports refreshing an existing database, so the
Tweak setting was updated accordingly
- CHANGED: Enable SPNEGO support in Samba
- CHANGED: Integrated Asus's networkmap into the DHCP reservations page
- CHANGED: Updated Tor to 0.2.7.6
- CHANGED: SSH WAN access will also work over IPv6
- CHANGED: Updated miniupnpd to 2.0
- CHANGED: Fields on the DHCP static lease page are now sortable
(original patch by Allan Jensen)
- CHANGED: Updated openssl to 1.0.2h
- FIXED: Daily/Monthly traffic monitoring shows invalid values on the
RT-AC88U/3100/5300, even with CTF disabled. Implemented a
temporary workaround.
- FIXED: WPS wasn't working on the RT-AC3200
- FIXED: Backported security fixes from OpenWRT to Samba 3.6.25,
addressing the following:
CVE-2015-5252, CVE-2015-5370, CVE-2015-5296,
CVE-2015-5299, CVE-2015-7560, CVE-2016-2110,
CVE-2016-2111, CVE-2016-2112, CVE-2016-2115,
CVE-2016-2118.
- FIXED: OpenVPN clients set to policy-based routing and Exclusive
DNS mode were still adding the tunnel nameservers to
dnsmasq, causing both routed and non-routed clients to use
them.
380.58 (20-Mar-2016)
- NEW: Merged with 380_1354 GPL
- NEW: Added Tweaks and Hacks settings to Tools -> Other Settings.
These are UNSUPPORTED tweaks, intended mostly for
experimentation, or very specific situations. If unsure how
to apply these, manually reboot after changing them.
One of new settings there lets you disable hourly network
rescans, to resolve issues with NAS/printers coming out
of sleep every hour.
- NEW: Added setting to configure OpenVPN's auth digest algo.
- NEW: Added setting to configure OpenVPN's logging verbosity.
Note that this setting is global to all clients/servers.
- CHANGED: Updated OpenVPN to 2.3.10
- CHANGED: Updated openssl to 1.0.2g
- CHANGED: Updated miniupnpd to 1.9.20160222
- CHANGED: Updated udpxy to 1.0-build 23-10 (backport from GPL
380_2345)
- CHANGED: if you set an OpenVPN client DNS mode to "Exclusive"
and you enable policy-based routing, then those policies
will also determine which DNS to use (the tunnel's or
the ISP's). This is based on DNSFilter's technology.
You no longer need to use DNSFilter to control
the DNS used by your OpenVPN clients.
- CHANGED: Made OpenVPN traffic bypass CTF, which resolves
some throughput issues with it
- CHANGED: Disabled X11 Forwarding support in Dropbear,
for security reasons.
- FIXED: PPTP static route handling script was broken
- FIXED: minidlna would check for the wrong database filename
at start time
interface.
- FIXED: EMF wasn't working on AC56/AC68/AC87.
- FIXED: Couldn't connect to ISPs using VLANs (RT-AC87U)
- FIXED: Editing Port Forward entry with ellipsis in
the description or the port range would
still edit the shortened version instead
of the full content.
- FIXED: Debug log from mDNSNetMonitor could gradually
fill up RAM - disabled it.
- FIXED: Router crash if pasting SSH key > 2047
characters.
- FIXED: Editing an entry on the networkmap would
clear the hostname if entry existed in
the DHCP static list.
- FIXED: OpenVPN server in secret key mode
would fail to start.
- FIXED: Couldn't add entries to the MAC Filter list
of Guest Networks (reverted our previous
implementation which conflicted with
Asus's new one).
- FIXED: NTP failing to refresh for some cases.
Implemented temporary workaround.
- FIXED: Some services not properly starting at
boot time (like Parental Control or Tor)
378.56 (25-Oct-2015)
NOTE: There is no 378.56 build for the RT-N66U at
this time, as Asus hasn't released updated
source code for this model yet, and there are
new closed source binary components that are
necessary for this new release.
Make sure to read the changelog of the two
previous betas for the complete list of
changes since 378.55.
- CHANGED: Nameserver handling is more resilient to
scenarios where dnsmasq fails to start due
to a broken configuration
- FIXED: PPTP/L2TP client page broken on French locale
- FIXED: Entries on the Virtual Server page with ellipsis
in their name or port range weren't properly
copied to the Add fields when edited.
- FIXED: Additional fixes to truncated hostnames related
to networkmap
378.56 Beta 2 (18-Oct-2015)
- CHANGED: Increased Guest MAC filter entries limit to 64.
- CHANGED: DHCP query logging no longer override configured
syslog level, and option was renamed to "Hide queries"
to be more intuitive in regard to the level logging
configured.
- CHANGED: Enabling Hide DHCP queries also silences any RA
routine event.
- CHANGED: Reverted networkmap's printer detection change
as it didn't resolve the printer wakeups.
- CHANGED: Reorganized settings on the System page
- FIXED: QoS page layout in Firefox
(11-July-2015)
Updated dnsmasq to 2.73 RC9 (backport from GPL 6975)
Updated odhcp6c to newer version (backport from GPL 6975)
Updated openssl to 1.0.2d (fixes CVE-2015-1793, only present
in Beta 1 - 54_2 was not affected)
- CHANGED: Display existing key/certs on the OpenVPN pages once
they've been migrated to JFFS.
- FIXED: Time scheduler-related features (Parental Control & Wifi
- FIXED:
- FIXED:
- FIXED:
- FIXED:
NEW:
NEW:
NEW:
NEW:
NEW:
378.54_1 (8-June-2015)
- Some of the builds were unstable, did a complete recompile of all
releases. There was no code change.
378.54 (7-June-2015)
IMPORTANT: if you were previously using the AiProtection ad blocker, you
will need to manually disable it over SSH after flashing this
release, by running the following commands:
nvram set wrs_adblock_popup=0
nvram set wrs_adblock_stream=0
nvram commit
- NEW: Merged with Asus GPL 378_5134.
- NEW: OpenVPN policy rules can now be set to route matching traffic
through either the tunnel, or to your ISP (allowing you to
create exceptions to your tunnelling rules)
- NEW: Added OpenVPN server setting to let the OS manage
socket buffers (by inserting rcvbuf 0 and sndbuf 0 in
the server configuration)
- CHANGED: Upgraded OpenSSL to 1.0.2a, adding new tls ciphers
to OpenVPN and the https webui
- CHANGED: Updated miniupnpd to 1.9.20150430
- CHANGED: Reverted kernel backport of the parallel printer support,
and reintroduced fix in lprng. This should hopefully fix
the recent printing breakage issues.
- CHANGED: Removed AiProtection's ad blocker, as it's too buggy to
be usable, breaking numerous mobile applications,
and not being configurable in any way.
- CHANGED: OpenVPN policy routing rules are now applied at boot
time (when WAN comes up), so clients who are blocked while
a tunnel is down will immediately be blocked until
the tunnel comes up.
- CHANGED: Upgraded Quantenna firmware to 378_6065 release (AC87)
- FIXED: Router DNS weren't reverted to their original values
when shutting down an OpenVPN client with "explicitexit-notify" enabled. Now we manually clean it up
- FIXED:
- FIXED:
- FIXED:
- FIXED:
- FIXED:
- FIXED:
378.53 (26-Apr-2015)
- NEW: Merged with Asus GPL 378_4980 (with pieces from 378_4850 for AC56/AC68
and 378_5183 beta for AC87)
- NEW: OpenVPN policy routing. You can select client IPs or destination
IPs which you want to route through your VPN tunnel. You can enter
a single IP (192.168.0.1) or a whole subnet in CIDR format (for
example 74.125.226.112/30).
You can optionally block WAN access to these as well when the
tunnel goes down.
- NEW: Ad blocker based on Trend Micro's Web Reputation System (WRS).
This is an EXPERIMENTAL feature implemented by Asus but that
isn't enabled in the stock firmware.
- CHANGED: Updated Tor to 0.2.5.12
- CHANGED: Those providing a signed SSL certificate for httpd can now
provide chain certificate. The three PEMs must be in
that order: client, intermediate, CA. (Patch by sasoiliev)
- CHANGED: The setting to enable the neighbour solication filter rule
for Comcast's request flooding was changed to "ipv6_ns_drop",
and now defaults to "0" as this hack causes issues with
other ISPs.
- CHANGED: Backported dnsmasq patch that reverts a fix for Windows 8
clients as it could cause issues with other clients.
- FIXED: DNSFilter would fail if you had it set to "Router", and didn't
have a DNS IP entered on the WAN page.
- FIXED: MSS clamping wasn't applied to traffic in both direction, moved
it to the mangle table.
- FIXED: OpenVPN client firewall "external" mode does not exist - removed
from the webui.
- FIXED: PPTP account list could become corrupted after removing an entry
on the PPTP server page.
378.52_2 (5-Apr-2015)
- CHANGED: Updated AiCloud prebuilt binaries for MIPS models
- CHANGED: Applied kernel patch for MIPS kernel ported from 376_3861,
related to CTF support
- FIXED: AiCloud would fail to start unless you had HTTPS enabled for
- FIXED:
- FIXED:
- FIXED:
- FIXED:
- FIXED:
- FIXED:
376.49_5 (9-Jan-2015)
- FIXED: Vulnerability in infosvr (CVE-2014-9583) (Asus bug)
- FIXED: Additional security issue in infosvr (incorrect memcpy()
call) (Asus bug)
376.49_4 (27-Dec-2014)
- FIXED: WAN page error when entering a hostname, and broken
UPNP FAQ link
- FIXED: OpenVPN Server wasn't showing the Advertize DNS to
Client option (regression from 3677 merge)
- FIXED: bootloop when enabling Traditional QoS (or any other
feature that forces CTF to be disabled) due to
FA being left enabled (Asus bug) (AC87)
376.49_2 (23-Dec-2014)
- FIXED: Asus DDNS couldn't be configured on the webui
- FIXED: OpenVPN server wouldn't let you edit user accounts
- FIXED: Missing DLNA icon on clients (Asus bug) (N66, AC66)
376.49 (21-Dec-2014)
- NEW: Merged with Asus GPL 376_3677. This new code
includes a lot of changes related to USB modem
support.
- NEW: IPv6 handling based on dnsmasq + odhcp6c. This new
code which has been developped by Asus these past few
months but kept disabled so far has been enabled.
Initial tests show much better reliability with
different ISPs.
- NEW: Added IPv6 support to DNSFilter (currently only
Yandex has IPv6 servers). Note that unlike IPv4
filtering, we cannot automatically NAT queries
to the desire server, so the current implementation
works like Asus's YandexDNS service, where IPv6 servers
are simply returned to DHCPv6/RA client queries,
and ip6tables ensures that you cannot override
- FIXED: Samba would fail to start if the router admin username contained
upper case characters. Samba was modified to have it try to
local the UNIX user as provided (it was previously only
trying upper and lower case versions) (Samba 3.6 bug)
376.48 Beta 3 (02-Nov-2014)
- CHANGED: Updated miniupnpd to release 1.9 (plus upstream
- FIXED: Couldn't edit share permissions for Samba if your
contained an unmounted/hidden partition (Asus bug
- FIXED: Couldn't edit share permissions for Samba for the
internal SDcard reader (Asus bug in 2769)
- FIXED: Missing Max User field to Samba page (Asus bug)
PCP fix)
disk
in 2769)
RT-N66U
376.47 (20-Sept-2014)
- NEW: Added sha256 and sha512 HMAC support to dropbear (SSH)
- CHANGED: Moved OpenVPN postconf scripts right before server/client
gets started, so you can also use them to modify the other
generated files such as the exported ovpn config file.
- FIXED: SSHD options visibility (patch by pinwing)
- FIXED: EMF/IGMP settings were reverting to the select profile
default (Asus bug introduced in GPL 2678)
- FIXED: PPTP account list failed to display (regression in Beta 1)
- FIXED: VPN server page was switching back to PPTP when changing
OpenVPN unit and you were initially on the PPTP page
- FIXED: Activity indicator wasn't shown during a networkmap
scan
376.47 Beta 1 (14-Sept-2014)
- NEW: Merged with Asus GPL 2678 (AC87)
- NEW: Report Quantenna FW version on Sysinfo page
- NEW: Enabled experimental FTP and Samba Cloud Sync support in AiCloud.
This feature is still in development by Asus, so it might not be
fully functional yet.
- NEW: Enabled experimental SNMPD support, under Administration -> SNMP.
This feature is still in development by Asus, so it might not be
fully functional yet. (not available on the RT-N16)
- NEW: Added option to enable WAN access to SNMPD, defaults to disabled.
(Asus's implementation has it open to the WAN by default)
- CHANGED: Re-increased max allowed FTP user limit to 10 (was reverted
to 5 in the GPL merge when the setting was moved to the
FTP page)
- FIXED: PPTPD was getting enabled every time you clicked Apply while on
the PPTPD VPN Server page
376.46 (26-Aug-2014)
- NEW: Merged with Asus GPL 2061. This is essentially
the new QTN driver for the AC87.
- FIXED: Various webui issues with IE10/IE11 (patch by pinwing)
- FIXED: OpenVPN Client page was visible on the RT-N16
- FIXED: DHCP pool validation error on VPN Server advanced page.
- FIXED: Couldn't edit the first VPN Client entry due to broken
duplicate check (Asus bug)
376.45 (17-Aug-2014)
- NEW: Compiled vsftpd with SSL support (must be manually
configured if you intend to use it)
- NEW: Report FA state (Level 2 CTF) on Sysinfo page.
- CHANGED: Updated dropbear to 2014.65.
- CHANGED: Updated openssl to 1.0.0n (numerous
security fixes)
- CHANGED: Updated lzo to 2.08
- CHANGED: Reworked VPN Server pages to be more intuitive
- FIXED: Garbled client dropdown selector on DNSFilter page
- FIXED: The Comcast neighbour solicitation block wasn't
enabled anymore (regression in 376.44) (Patch by
Sinshiva)
- FIXED: 5 GHz N+AC mode was incorrectly setting router to
N-only mode (Asus bug, fix backported from 2381,
additional fix by me for AC66)
(Patch by pinwing)
- FIXED: Various IPv6 connectivity issues related to services
being (re)started at the wrong time, or twice.
(Patch by pinwing)
- FIXED: Build system would sometime try to use the local system's
header/libs - use a pkg-config wrapper to avoid this
issue (Patch by ppuryear)
- FIXED: Erratic 5G led blinking behaviour as the watchdog's softwarebased blinking was constantly writing to the wireless chip's
registers for led control. (AC68)
- FIXED: LEDs weren't all turning back on when coming out of
Stealth Mode (AC56)
- CHANGED: Make the router use dnsmasq for internal name
resolution rather than directly using the WAN DNS.
- CHANGED: Upgraded OpenVPN to 2.3.4.
- CHANGED: Upgraded miniupnpd to 1.8.20140422 (PCP-related fixes)
374.41 (18-Apr-2014)
- NEW: Merged with Asus's 374_5047 GPL. Notable changes:
* Fixed RT-AC68U random reboots
* Additionnal security fixes
* Improved Media server, SMB and FTP webui
* minidlna and radvd updates
- NEW: PCP support (Port Control Protocol)
- NEW: Option to allow/deny FTP access from WAN. Default is to
reject WAN connections. The option can be found on the
USB Servers -> FTP Share
- NEW: Option to control web redirection while Internet is
down (configurable on the WAN page).
- CHANGED: Upgraded miniupnpd to 1.8.20140401.
- CHANGED: Disk idle exclusion now supports up to 9 disks.
- FIXED: WOL wasn't working (Asus bug in 4887/5047)
- FIXED: Replaced webui glue with permanent concrete. It won't
fall again.
- FIXED: Language dropdown not properly shown with 8-bit
characters.
- FIXED: Comcast's IPv6 network would flood the LAN with
neighbour solicitation packets, which should normally
not cross beyond their modem. There is now an ip6tables
rule to filter out those packets, preventing your log
from being spammed with table overflows. The filter is
is enabled by default and can be disabled by setting the
"ipv6_neighsol_drop" nvram setting to "0". (rule suggested
by diplomat7)
- FIXED: EMF wasn't properly configured after wireless was
restarted (patch from Vahur)
- FIXED: Router crashing when more than around 30 static routes
were entered
- FIXED: webui would die for some users when accessing the VPN Server
config page and there were connected OpenVPN clients
- FIXED: Added missing iptables-save on ARM platform (AC56, AC68)
- FIXED: nvram factory default reset would sometime fail on MIPS
devices (N16, N66, AC66) (Patch by ryzhov_al)
- FIXED: Under a certain situation the router could lose track of
whether an OpenVPN server/client instance was running or not.
This could result in the webui trying to restart it, and
returning an error message because it was already running.
- REMOVED: The Media server database location is no longer
- NEW: Added option to force DNSfilter clients to always use the DNS
provided to them by the router's DHCP server (which will be
the router itself if you didn't change it on the DHCP
webui page)
- NEW: Option to disable the DHCP6 Server (code contributed by
kdarbyshirebryant)
- CHANGED: The RT-N66U is now compiled with EM enabled
by default. That means there will no longer be a separate
experimental build for this.
- CHANGED: Updated dropbear to 2014.63
- CHANGED: New type of glue for the webui header
- CHANGED: Switched to a shorter version numbering scheme
- FIXED: RT-N16 firmware (missing files were obtained from
the new GPL release Asus made for this model)
- FIXED: Last24 page wasn't properly displaying the
Avg value (regression in 374.39)
- FIXED: Clients with a configured IPv6 DNS would bypass
DNSFilter. DNSFilter-enabled clients will now
be prevented from using IPv6 nameservers, forcing
them through the (IPv4-only) filtering nameserver
- FIXED: DNSFilter clients set to "None" would still be
forced through your WAN-configured nameservers,
preventing nameservers configured on the clients
from working. Now they will fully ignore the DNSFilter
settings.
- FIXED: The global DNSFilter would sometime not get properly
configured in the firewall.
- FIXED: When the firewall was disabled, the FORWARD chain
policy was still left to "DROP" - changed to "ACCEPT".
- FIXED: typo in SMB config ("use spne go") (Asus bug)
- FIXED: PPPoE with an MTU of 1500 requires the WAN interface
to have its MTU set at 1508 (patch by pinwing)
- FIXED: IPv6 Prefix Delegation issues (patch by pinwing)
- FIXED: MTU setting on IPv6 connections (patch by pinwing)
3.0.0.4.374.39 (31-Jan-2014)
This version isn't available for the RT-N16 as support for the
SDK5 platform is currently broken in the latest GPL sources.
- NEW: Merged with Asus 374_583 GPL. Notable changes:
* USB hub support
- NEW: DNS-based filtering. Under Parental Control there is
now a new tab called DNS Filter where you can enable
a DNS-based filtering service, and apply a specific
filter both globally and on a per-client basis. Supported
are: OpenDNS, Norton Connect Safe and YandexDNS.
- NEW: helper.sh script, to simplify creation of postconf
scripts. See the postconf section for details.
- CHANGED: Discontinued SDK5 builds for the RT-N66U. The new EM
builds resolved wifi range issues by running the SDK6
driver set in Engineering Mode (driver provided by Asus).
Look in the Experimental folder for the EM build - it will
eventually become the standard build for the N66U once
it gets sufficiently tested. You might need to do a
factory default reset after switching to an EM build,
for best results.
- CHANGED: Re-switched back to rp-pppoe 3.11 since nobody confirmed
that 3.10 worked better for them.
- CHANGED: Allow PPPoE MTU up to 1500, for ISPs that support RFC 4638.
3.0.0.4.374.35 (24-Nov-2013):
- NEW: Merged with Asus 374_339 GPL (from RT-AC68U).
Asus added some new features in this release:
* Support for HFS+ and Time Machine (AC56/AC68U only)
* OpenVPN support. Their implementation uses the backend
code from Asuswrt-Merlin but with a more
simplistic, novice-friendly webui. This required
adapting the current webui to be able to retain some
of their improvements without sacrificing the
flexibility of being able to have two separate server
and client configurations.
-
3.0.0.4.374.34_2 (01-Nov-2013):
- FIXED: DNS resolution not working for VPN clients
(bug in Asus 374_979)
- FIXED: USB disk detection on AC56/AC68.
- FIXED: Turbo mode option couldn't be saved (RT-AC68)
3.0.0.4.374.34 (30-Oct-2013):
- NEW: Merged with Asus 374_979 (from RT-N66U).
AC56/AC68 AiCloud components taken from 374_217.
- NEW: Added RT-AC68U support.
- NEW: Added IPSec support to the kernel. Userspace tools
such as StrongWAN must be installed from Optware/Entware,
and manually configured. (Patch provided by saintdev)
- NEW: Adjustable MTU for DHCP/static IP WAN users
- NEW: WAN interface name passed as argument to firewall-start
- NEW: Configurable min/max ports allowed to be redirected by UPNP.
This allows WHS users to change the min allowed port from
the default value of 1024 to allow UPNP forwarding of
HTTP/HTTPS.
- NEW: Display CPU temperature on Sysinfo page (AC56 and AC68)
3.0.0.4.372.30_2 (7-July-2013):
(note: since people always thought adding a "b" meant "beta'
rather than revision "b", I am switching to Asus's new
numbering scheme, hence "30_2" for this revised 372.30.)
- FIXED: NAT loopback (invalid iptable rules was silently accepted
by iptables)
- FIXED: Removed empty Yandex tab
- FIXED: Entware setup script missing from all builds
- FIXED: pptpd failing to start (was missing from build)
- FIXED: OpenVPN server not starting if using a static key
- FIXED: Disks plugged to USB 2.0 port weren't getting mounted
(RT-AC56U)
3.0.0.4.372.30 (5-July-2013):
- NEW: Merged with preliminary 372 code provided by Asus
(initialy meant for the ARM environment)
- NEW: RT-AC56U support. Various bugs have been fixed
over the original FW that initially shipped with these routers.
Thanks to Asus for providing a development sample.
- NEW: Added JFFS support to RT-AC56U.
- CHANGED: Downgraded wireless driver + CTF to build 270 version
(RT-N66U, fixes 5 GHz stability issues). Note that this
means that HW acceleration for PPPoE is no longer
available for the RT-N66U, as it was new in the 5.110 SDK.
- CHANGED: Updated iptables-1.4.x to 1.4.14 (RT-AC56U)
- CHANGED: Brought back the Connection page under System Logs
- CHANGED: Updated e2fsprogs to 1.42.7. Amongst other things
this new version is more memory-efficient on large
filesystems.
- CHANGED: Renamed Advanced (Per IP) Traffic monitoring for
IPTraffic (to match the Tomato name for that same
functionality)
- FIXED: GRO kills upload speed if CTF is disabled (patch provided
by Asus, RT-AC56U)
- FIXED: Buffer overrun in NVRAM handling, leading to random crashes
(Asus bug, RT-AC56U)
- FIXED: NVRAM values getting corrupted or disappearing if using more
than 32 KB (Asus bug, RT-AC56U)
- FIXED: Reapply layout fixes to Guest network and DHCP page (were
lost in a recent webui update)
- FIXED: JFFS2 could get reformated again at each subsequent reboots.
- FIXED: Devices with a NetBIOS name of 15 chars long would have
their name merged with the next device's.
- FIXED: Empty Site Survey list if there was only one AP found
- FIXED: Saved settings might fail to restore if they contained
OpenVPN or SSHD keys with CRLF line endings. You should
access the OpenVPN Keys page, click on Apply to re-save
them, then re-create any backup you had of your router
settings.
- FIXED: Numerous bugs in ipt_account for Kernel 2.6.36 (RT-AC56U)
3.0.0.4.354.29 Beta 1 (17-May-2013):
- KNOWN ISSUE: 5 GHz 40 MHz is unreliable with some wireless
cards (RT-N66U)
- NEW: RT-N16 is no longer an experimentally supported device.
Thanks to Mike from Sapphyre Software for providing
me with an RT-N16.
3.0.0.4.270.26 (15-Mar-2013):
- NEW: ipset Netfilter support + userspace tool to create ipset lists.
- CHANGED: Router's hostname is now set all the time, regardless of
telnet/ssh states (and including in AP mode)
- CHANGED: Added device name field on the LAN page, since it's now
relevant to the router's hostname (not just SMB). Left
it on the SMB page as well, for those used to see it there.
- CHANGED: Router will supply its device name when requesting an IP
while in AP mode.
- CHANGED: Various webui lists were increased from 32 to 128 entries
allowed.
- CHANGED: Improved networkmap:
* Will also use DHCP hostnames and user-defined static
names instead of just NetBIOS names
* Client list will show an animation while networkmap is
still busy scanning and resolving device names
* Dropdown menus that use Networkmap to build a list
of devices will also display names in addition to IP/MAC.
- CHANGED: Don't restart the whole network if you only changed DHCP
reservations (LAN -> DHCP page)
- FIXED: Openvpn: Non-CBC ciphers weren't working (their use is still
not recommended)
- FIXED: Proxy auto-configuration support (Asus bug)
3.0.0.4.270.25b (3-Mar-2013):
- FIXED: Disabling DHCP logging would cause a syntax error in
dnsmasq's configuration (regression from dnsmasq update)
- FIXED: Outbound VPN client traffic was dropped (regression from
firewall_2 fix)
3.0.0.4.270.25
- NEW: NFS folder sharing. Webui can be found on the
USB Applications -> Servers Center page (NFS Exports tab)
- NEW: dhcpc-event and zcip-event scripts (called on WAN events)
- NEW: Ccustom configs: group.add, gshadow.add, passwd.add,
shadow.add, exports.add
- NEW: New script that will setup Entware for you (written by
ryzhov_al). Run "entware-setup.sh" through SSH/Telnet to
launch the install process.
- CHANGED: Added a folder picker to the Tools Other Settings page to
select a location to store your traffic data files.
- CHANGED: Updated dnsmasq to 2.65 (backported from 3.0.0.4.334)
- CHANGED: Enabled additional optimizations for openssl and openvpn
for a significant performance gain
- CHANGED: Reverted wireless driver to build 220 (RT-AC66U only)
- FIXED: Added missing badblocks program
- FIXED: Timing issues under IE where resolved device names would
not display on certain pages (such as the Sysinfo page)
- FIXED: VPN client "common name" wasn't getting saved
- FIXED: DHCP client will be less aggressive in attempting to obtain
a lease (wait 2 mins instead of 20 secs between attempts),
should help with ISPs like Charter who will blacklist you
if you send too many Discovery packets in a short period of
time.
- FIXED: Made profile.add be run after any Optware profile, so the
user changes will have priority over anything else.
- FIXED: WOL list corruption when removing an entry in some browsers
3.0.0.4.270.24 (13-Feb-2013):
- NEW: Rebased on 3.0.0.4.270. Notable changes:
o New driver builds (these are NOT the new major versions that
Asus are still working on)
o NTP-related changes
- NEW: Report CTF (HW Acceleration) state on Sysinfo page.
- NEW: Display Ethernet port states on the Sysinfo page.
- NEW: Replaced Busybox fsck/mkfs tools with those from e2fsprogs,
should be more reliable.
- CHANGED: Temperatures on Sysinfo page will now auto-update every 3
seconds.
- CHANGED: Connections page now uses Ajax for slightly better rendering
- CHANGED: Improved name resolution on traffic monitor page, now uses
a device's hostname if it reported one.
- CHANGED: Client List now uses our improved name resolution code,
will overwrite names with those entered on the DHCP static
lease page.
- CHANGED: Updated to OpenVPN 2.3.0 and lzo 2.06.
- CHANGED: Updated Busybox to 1.20.2 (with Oleg/wl500g patches
re-applied). Lots of fixes, including GPT support in
fdisk.
- CHANGED: Updated Miniupnpd to version 1.8. NOTE: previous
versions were NOT affected by the recent UPNP exploit
disclosure. This is just as an added security precaution.
- FIXED: Temperature on Performance Tuning page would fail to update
if a radio was disabled.
- FIXED: Various timing issues causing some TrafficMonitoring and the
Sysinfo pages to often fail loading under IE.
- FIXED: JS error on the Per Device pages if FW failed to load the
traffic history.
- FIXED: ebtables were still broken, fixed by a complete rebuild.
- FIXED: Some OpenVPN fields rejected -1 as being valid.
- FIXED: Hide 5G radio info from Sysinfo page if router is \
single band (RT-N16)
- FIXED: Master Browser/WINS would not work if there was no USB disk
plugged.
- FIXED: Samba would bind to the WAN interface while in router mode
(Asus bug)
- FIXED: Backported various kernel fixes from Oleg/WL500G, Tomato
and Kernel.org to help improve HDD > 2 TB support (still
not perfect, some USB enclosures are simply not Linux
compatible)
- FIXED: Display of Connections under IE
- FIXED: Trying to apply settings on the System page with a username
containing a non-alphanum would incorrectly assume you just
tried to change to an account name that already existed
(Asus bug).
- FIXED: Wouldn't enable wins in Samba if you had a WINS IP entered
on the DHCP configuration page.
3.0.0.4.266.23b (31-Dec-2012):
- FIXED: The IE fix ended up breaking Firefox (and meanwhile, Chrome
in Stealth Mode (now they turn back off after a few seconds)
- FIXED: Webui would break if a network device had an invalid
NetBIOS name (such as the Sonos Dock).
3.0.0.4.246.20 (14-Nov-2012):
- NEW: Wifi status icon will be half colored if only one radio is
enabled.
- NEW: Wifi status icon popup will report the state of each radios.
- NEW: upnp custom config file for miniupnpd
- NEW: unmount user script
- NEW: led_ctrl and makemime (for use in conjunction with sendmail)
applets.
- NEW: Implemented control for network switch LEDs (all four at once)
- NEW: Stealth Mode: option to disable all LEDs
- NEW: Added CONFIG_IP_NF_RAW and CONFIG_NETFILTER_XT_TARGET_NOTRACK
modules.
- FIXED: Radio toggle through WPS button would be overriden by a
scheduled radio. Reverted "switch" to "toggle" code to
prevent this.
- FIXED: You couldn't disable DMZ by clearing the IP field.
- FIXED: You couldn't edit entered text in DHCP/MAC/etc name field
- FIXED: clientid passing for some ISPs requiring it (like Sky UK)
was broken with the DHCP client change of build 220.
- FIXED: No longer reboot the router three times during boot time if
one of the radios is disabled by the user. (RT-N66U)
- FIXED: Changing the router login name to anything other than "admin"
would prevent radvd, ecmh and the cru script from working
properly - they all assumed "admin". Made then use
http_username instead (which is tied to the superuser)
- CHANGED: Improved SMB and vsftpd read performance by up to 30%
3.0.0.4.246.19b (26-Oct-2012):
- FIXED: Reverted wireless driver to build 220 version as the new
one caused various connection issues for some (RT-N66U).
3.0.0.4.246.19 (23-Oct-2012):
- NEW: Rebased on 3.0.0.4.246. Some notable changes:
o New "Enhanced interference management" option under
Wireless -> Professional.
o Improved AiCloud webui
o dnsmasq updated to 2.64
- NEW: Option to enable simpler share names. When enabled, the folder
Share will be shared as "Share" instead of "Share (on sda1)".
The option can be found on the Misc tab, under USB Application.
- NEW: User customized config files for various services. Those custom
config entries can either be appended, or completely replace the
config file generated by the firmware.
- NEW: Added Name field to the Wireless ACL page.
- NEW: Added service applet to rc. For example, "service restart_samba" will
restart the Samba service. For advanced usage/debugging only.
- NEW: Backported OpenSSL ASM optimization from 1.0.1, for significant perfor
mance
improvements in applications such as OpenVPN or SSH when using AES.
- NEW: Report the current CFE/Bootloader version on the Sysinfo page.
- FIXED: Minor tweaks to the AiCloud pages so they can fit on a 15" laptop sc
reen
(some close buttons at the bottom were unreachable)
- FIXED: Enabling SSH access from WAN didn't work if DualWAN
was set to load-balancing.
- FIXED: Removed MAC Filter page, as it doesn't work (not compatible
with Parental Control).
- FIXED: OpenVPN Client "Username Auth only" option was broken.
- FIXED: Limit valid characters in a DHCP/WOL description to prevent
breaking the webui by using invalid ones such as quotes.
- FIXED: OpenVPN Client wasn't properly applying DNS settings that
the server was pushing to us.
- FIXED: Wireless client list alignment in AP mode.
- CHANGED: Less strict rules when validating user-entered MAC hwaddr.
3.0.0.4.220.18b (25-Sept-2012):
- NEW: Report both rx and tx rates on wifi connections
- FIXED: Handle cases where the wireless driver returns a speed of -1
- FIXED: Removed rssi retrieval retries, as it would make the first access to
the wireless page take forever if you had multiple connected clients
.
You will have to manually refresh the page the first time you access
it
if the RSSI is reported as "??".
3.0.0.4.220.18 (23-Sept-2012):
- NEW: Added OpenVPN logging verbosity setting (vpn_loglevel, must be
manually set to a value between 0 and 15, with 3 being the default).
- FIXED: Buffer overrun in init code that would crash the router when
too many features were enabled at compile time.
- FIXED: Re-enabled DualWAN (RT-N66U, RT-AC66U)
- FIXED: Re-enabled Beceem (Wimax) support in RT-AC66U.
- FIXED: OpenVPN 'Start with WAN' and 'Respond to DNS' settings were
not properly saved.
- FIXED: First time a client's rssi is polled it would return 0.
- FIXED: post-mount user script wasn't executed (regression in 220.17)
- CHANGED: Added some info to the OpenVPN server and client pages.
- CHANGED: Improved load time of the VPN Status page.
3.0.0.4.220.17 (18-Sept-2012):
- NEW: Rebased on 3.0.0.4.220, which includes:
* Fixes to IPv6 6rd
* Fixes to AC66U Wifi + QoS
* AiCloud
* Interference mode once again enabled
- NEW: Display last received rate and rssi for each clients on Wireless Log pa
ge.
- FIXED: dnsmasq not listening to DNS requests from OpenVPN clients
if you had just enabled the option on the webui.
- FIXED: PPTP clients not always showing on VPN Status page.
- CHANGED: Disabled DualWAN as it's currently broken in 220.
- CHANGED: Disabled Beceem Wimax support in RT-AC66U as it bricks
the router.
- CHANGED: Removed firmware update checker to avoid accidental
revert to original FW.
3.0.0.3.178.16 Beta:
- NEW: (RT-N66U, RT-AC66U) Implemented OpenVPN, based on code written by
Keith Moyer (from the Tomato project).
- NEW: Added crontab command
- FIXED: (RT-AC66U) Would crash when accessing a LAN device through either
VPN or the NAT Loopback (GRO is now disabled for that device)
- FIXED: dnsmasq was listening to all interfaces by default, allowing
even dhcp requests to be serviced from the wan side if you
had the firewall disabled (Asus bug) (fixed by dev0id)
- FIXED: Default disk idle spindown now set to 0 (disabled).
- FIXED: Corrupted WOL list when using IE.
- CHANGED: Upgraded openssl to 1.0.0j.
- CHANGED: Included fully functional openssl command (will allow you to
create keypairs and certificates from the router).
- CHANGED: Removed power adjustments from the Performance page, as they
are redundant, and not as reliable.
- CHANGED: (RT-N16) Disabled Dual WAN, as it exhibited many issues, and I
am unable to work on them without an actual router.
3.0.0.3.178.15 (17-Aug-2012):
- NEW: Rebased on 3.0.0.3.178. Notable fixes by Asus:
* Radio turns back on based on schedule
* Reorganized QoS pages
* Turning WAN DHCP connection off will first release current DHCP lea
se
- NEW: RT-AC66U officialy supported, with all the same features as the RT-N66
U.
- NEW: (RT-AC66U) Implemented JFFS support. Limiting partition to 32 MB
max, as using the whole 90+ MB available makes little sense for
JFFS, and was also displaying some issues.
- NEW: Added nat-start user script, as NAT rules get applied separately from
other firewall rules (firewall-start changes to the nat table are
being overwritten when the router starts NAT)
- NEW: Added additional info to Sysinfo page
- NEW: Added chroot applet
- NEW: Option to allow SSH access from WAN
- NEW: Option to exclude specific devices from idle spindown
- FIXED: Performance page now uses the new Sysinfo API, and is now able
to deal with cases where radios are disabled.
3.0.0.3.162.14b:
- FIXED: Web server would crash for some people when accessing
the Wireless Log page.
3.0.0.3.162.14:
- NEW: Spin down disks after (user-configurable) inactivity timeout
(using Jeff Gibbons' sd-idle-2.6)
- NEW: System information page under the Tools menu.
- NEW: Station list on the Wireless Log page will now report associated
IP and hostnames (when possible).
- CHANGED: Upgraded to MiniDLNA 1.0.25 (changelog:
http://sourceforge.net/projects/minidlna/files/minidlna/1.0.25/)
- CHANGED: Better integration of the Run Cmd page.
- FIXED: Incorrect left menu rendering when under the Tools menu.
3.0.0.3.162.13:
3.0.0.3.108.6 (14-May-2012):
- NEW: HTTP access list (backported from build 112)
- NEW: PPTP VPN encryption options (backported from build 112)
- FIXED: Traffic history location was't properly saved
when changed in webui.
- FIXED: Disabled traffic history saving to nvram for now,
to avoid people accidentally filling their limited nvram space.
- FIXED: Missing bottom pixels from the bottom of General menu
- FIXED: Removed invalid CSS attribute
- FIXED: typo in VPN iptables entries (bug in Asus's code)
3.0.0.3.108.5 (5-May-2012):
- NEW: Crond starts at boot time.
- NEW: init-start is a new user script that will be run early on
at boot time (right after jffs is mounted, and before any
service gets started)
- NEW: Can save traffic history to a custom location (USB or
JFFS, for instance) to preserve it between reboots.
- NEW: Added Monthly traffic page (ported from Tomato)
- NEW: Added the Performance Tuning page (with temperature).
- FIXED: Webui authentication was bypassed by the web server (bug in
Asus's code)
- FIXED: Httpd crash when uploading a FW or settings file over
https - should simply fail now. For now you have to
use http for flashing the FW or restoring your settings
from a saved config file.
3.0.0.3.108.4 (28-Apr-2012):
- NEW: Clicking on the MAC address of an unidentified client will do a lookup
in
the OUI database (ported from DD-WRT).
- NEW: Added HTTPS access to web interface (configurable under Administration
)
- NEW: Option to turn the WPS button into a radio on/off toggle (under Admini
stration)
- FIXED: sshd would start even if disabled
- CHANGE: Switched back to wol, as people report better compatibility with it
.
ether-wake remains available over Telnet.
3.0.0.3.108.3 (18-Apr-2012):
- NEW: JFFS support (mounted under /jffs)
- NEW: services-start, services-stop, wan-start and firewall-start user scrip
ts,
must be located in /jffs/scripts/ .
- NEW: SSHD support
- IMPROVED: Fleshed out this documentation, updated Contact info with SNB for
um URL
- CHANGE: Removed wol binary, and switched to ether-wake (from busybox) inste
ad.
- CHANGE: Added "Merlin build" next to the firmware version on web interface.
3.0.0.3.108.2 (14-Apr-2012):
- NEW: Added WakeOnLan web page
3.0.0.3.108.1 (5-Apr-2012):
- Initial release.