Stable: 386.13_2-ion

ion release asuswrt merlin changelog

Date: May 05, 2024
Release: 386.13_2-ion

• FIXED: VPN Status page for IPsec clients and VPN Client IPsec connection status display issue
• UPDATED: strongswan to 5.9.14

Stable: 386.13-ion

ion release asuswrt merlin changelog

Date: April 16, 2024
Release: 386.13-ion

• NOTE: all the models supported by Asuswrt-Merlin on the
  386_xx series are now officialy on Asus' End of Life
  list, which means unless there are new major security
  issues, no new updates will be provided by Asus.

    ion will tentatively attempt to continue to
    provide updates and fixes
  

• ADDED: mtr 0.95

• ADDED: openconnect 9.12

• ADDED: webui add IPsec client support

• UPDATED: strongSwan to 5.9.12

• UPDATED: openvpn to 2.6.10.

• UPDATED: miniupnpd to 2.3.6.

• UPDATED: tor to 0.4.7.16.

• UPDATED: OUI database used by networkmap and the webui.

• CHANGED: QOS/Classification page can now resolve local IPv6
  addresses.

• CHANGED: Display tracked connections on the QoS/Classification
  page even if QoS isn't set to Adaptive QoS.

• CHANGED: Prevent the use of Apple's iCloud Private Relay
  when enabling "Prevent client auto DoH".

• CHANGED: NAT Passthrough page - removed the "Enabled + NAT
  Helper" option as the firewall no longer blocks
  traffic when set to disabled. This is back to the
  former behaviour, where this setting only controls
  whether or not to load the NAT helper. You might
  need to readjust that setting if you had previously
  changed it.

• CHANGED: SIP, RTSP and H323 ALG (NAT helpers) are now
  disabled by default, as these legacy features tend
  to create issues with modern VoIP setups.
  This change will only apply to people doing a
  factory default reset of their router.

• FIXED: CVE-2023-48795 in dropbear.

• FIXED: Various issues with the QOS Classification page.

• FIXED: UPNP leases without a description would not appear
  on the Forwarded Ports page.

• FIXED: web server crashing when entering certain settings on
  the Network Filter Page. Bypassed bug in closed source
  validation code for now.

• FIXED: Concurrent cronjob changes through cru could cause
  collisions, leading to missing jobs (dave14305)

• FIXED: CVE-2023-5678 & CVE-2024-0727 in openssl (backport from
  Ubuntu by RSDNTWK)

Unstable: 386.13-ion_beta1

ion release asuswrt merlin changelog

Date: April 01, 2024
Release: 386.13-ion_beta1

• NOTE: all the models supported by Asuswrt-Merlin on the
  386_xx series are now officialy on Asus' End of Life
  list, which means unless there are new major security
  issues, no new updates will be provided by Asus.

    ion will tentatively attempt to continue to
    provide updates and fixes
  

• ADDED: mtr 0.95

• ADDED: openconnect 9.12

• ADDED: webui add IPsec client support

• UPDATED: strongSwan to 5.9.12

• UPDATED: openvpn to 2.6.10.

• UPDATED: miniupnpd to 2.3.6.

• UPDATED: tor to 0.4.7.16.

• UPDATED: OUI database used by networkmap and the webui.

• CHANGED: QOS/Classification page can now resolve local IPv6
  addresses.

• CHANGED: Display tracked connections on the QoS/Classification
  page even if QoS isn't set to Adaptive QoS.

• CHANGED: Prevent the use of Apple's iCloud Private Relay
  when enabling "Prevent client auto DoH".

• FIXED: CVE-2023-48795 in dropbear.

• FIXED: Various issues with the QOS Classification page.

• FIXED: UPNP leases without a description would not appear
  on the Forwarded Ports page.

• FIXED: web server crashing when entering certain settings on
  the Network Filter Page. Bypassed bug in closed source
  validation code for now.

• FIXED: Concurrent cronjob changes through cru could cause
  collisions, leading to missing jobs (dave14305)

• UPDATED: dnsmasq to 2.90 (resolves CVE 2023-50868 and CVE 2023-50387).

• UPDATED: openvpn to 2.6.8 (fixes a crash introduced in 2.6.7)

• UPDATED: openssl to 1.1.1w.

• UPDATED: curl to 8.4.0.

• UPDATED: openvpn to 2.6.7.

• FIXED: WPS not working on SDK6/SDK7 devices (affecting
  RT-AC68U and RT-AC88U/3100/5300)

• FIXED: dcd constantly crashing (updated Trend Micro
  components)

Stable: 386.12-ion

ion release asuswrt merlin changelog

Date: September 15, 2023
Release: 386.12-ion

• UPDATED: Merged with GPL 386_51997.

Stable: 386.10-ion

ion release asuswrt merlin changelog

Date: May 11, 2023
Release: 386.10-ion

• NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.

386.10 (10-Mar-2023)

• NEW: Added Site Survey page under Network Tools tab.
  (RT-AC86U/GT-AC2900).
• UPDATED: dnsmasq to 2.89.
• UPDATED: openvpn to 2.6.0.
• UPDATED: openssl to 1.1.1t.
• UPDATED: miniupnpd to 2.3.3.
• CHANGED: Moved WiFi Radar and Site Survey to the
  Network Tools tab
• CHANGED: Disabled auto logout on System Log and
  Wireless Log pages.
• CHANGED: Reduced EDNS packet size from 1280 to 1232
  bytes in dnsmasq, to better work with some
  upstream servers not fully supporting EDNS0.
• FIXED: NTP redirection wouldn`t work properly with
  Guest Network, removed redirection for these.
• FIXED: Added missing Tools icon on ROG UI (icon
  contributed by Cody).
• FIXED: RT-AC68U may crash when using Media Bridge mode
  with a specific SSID length (patch from Asus)

Stable: 386.9-ion

ion release asuswrt merlin changelog

Date: January 20, 2023
Release: 386.9-ion

• NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.

• NEW: Merged with GPL 386_50757.

• UPDATED: getdns/stubby to 1.7.2/0.4.2.

• UPDATED: zlib to 1.2.12 + backports.

• UPDATED: openssl to 1.1.1s.

• UPDATED: inadyn to 2.10.0.

• UPDATED: nettle to 3.8.1.

• UPDATED: openvpn to 2.5.8.

• UPDATED: dropbear to 2022.83.

• UPDATED: dnsmasq to 2.88.

• CHANGED: Rebranded DNSFilter as DNS Director. This will prevent
  confusion with the company sharing the same name, and
  also better describes what the feature does.

• CHANGED: Setting an OpenVPN client to redirect all traffic while
  in "Exclusive" DNS mode will now force redirect ALL
  DNS traffic just like in VPN Director mode.
  While this will allow redirecting clients with
  hardcoded DNS servers, it also means that your whole
  LAN will lose the ability of doing local name
  resolution. It might be best to use VPN Director
  in that case to control which client should
  be involved in the DNS redirection, or use
  DNSFilter instead of Exclusive DNS mode.
  editing VPNDirector rules.

• CHANGED: Switched generated self-signed certificate to an
  EC certificate.

• CHANGED: Disabled DSS key support in Dropbear SSH.

• FIXED: Wrong temperatures used by the temperature graphs
  (386.8 regression)

• FIXED: Guest Network clients couldn't route through VPN
  (regression in 386.4 following a GPL merge).

• FIXED: Clients connected to Guest Network 1 aren't
  redirected to the router's NTP if NTP interception is
  enabled.

• FIXED: Name was truncated to 31 chars when enabling OpenVPN
  client's Server Certificate Name Validation.

• FIXED: CVE-2022-37434 in zlib.

• REMOVED: Interface selector on Speedtest page (no longer
  working, possibly due to an ookla client update)

Unstable: 386.9-ion_beta1

ion release asuswrt merlin changelog

Date: January 04, 2023
Release: 386.9-ion_beta1

• NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.

• NEW: Merged with GPL 386_50757.

• UPDATED: getdns/stubby to 1.7.2/0.4.2.

• UPDATED: zlib to 1.2.12 + backports.

• UPDATED: openssl to 1.1.1s.

• UPDATED: inadyn to 2.10.0.

• UPDATED: nettle to 3.8.1.

• UPDATED: openvpn to 2.5.8.

• UPDATED: dropbear to 2022.83.

• CHANGED: Rebranded DNSFilter as DNS Director. This will prevent
  confusion with the company sharing the same name, and
  also better describes what the feature does.

• CHANGED: Setting an OpenVPN client to redirect all traffic while
  in "Exclusive" DNS mode will now force redirect ALL
  DNS traffic just like in VPN Director mode.
  While this will allow redirecting clients with
  hardcoded DNS servers, it also means that your whole
  LAN will lose the ability of doing local name
  resolution. It might be best to use VPN Director
  in that case to control which client should
  be involved in the DNS redirection, or use
  DNSFilter instead of Exclusive DNS mode.
  editing VPNDirector rules.

• CHANGED: Switched generated self-signed certificate to an
  EC certificate.

• CHANGED: Disabled DSS key support in Dropbear SSH.

• FIXED: Wrong temperatures used by the temperature graphs
  (386.8 regression)

• FIXED: Guest Network clients couldn't route through VPN
  (regression in 386.4 following a GPL merge).

• FIXED: Clients connected to Guest Network 1 aren't
  redirected to the router's NTP if NTP interception is
  enabled.

• FIXED: Name was truncated to 31 chars when enabling OpenVPN
  client's Server Certificate Name Validation.

• FIXED: CVE-2022-37434 in zlib.

• REMOVED: Interface selector on Speedtest page (no longer
  working, possibly due to an ookla client update)

Stable: 386.5_2-ion

ion release asuswrt merlin changelog

Date: April 24, 2022
Release: 386.5_2-ion

• UPDATED: quagga to 1.2.4
• UPDATED: Dropbear to 2022.82
• UPDATED: Readline to 8.1
• NOTE: enabled following quagga services; bgpd, ospfd. Disabled everything else.

Stable: 386.4-ion

ion release asuswrt merlin changelog

Date: January 14, 2022
Release: 386.4-ion

 This firmware is based on Upstream Merlin 386.4

• NOTE: DSL-AC68U removed support for the following functions; amas bwdpi cfg_sync cloudsync
  conndiag email fileflex gameMode media ookla optimize_xbox pptpd printer repeater
  rrsut snmp timemachine user_low_rssi yadns
  Streamlined RAM usage and cleaned js Web UI pages to show only enabled functions,
  please refer to README.md for Web UI layout of all ion release(s).

Stable: 386.3-ion

Changes from the latest stable ion build (386.2-ion):

• libovpn: rewrote OpenVPN client routing implementation
• openvpn: move custom config from nvram to JFFS, to allow storing more content
• libovpn: fixed a few compile warnings
• Updated documentation
• httpd: fix import of hmac setting from uploaded ovpn file
• Implement VPN Director
• rc: implement importing pre-VPN Director rules; fix the import process not always writing back to flash
• Updated documentation
• webui: tweaks to VPNDirector page
• rc: Fix vpn_client_clientlist import on HND models
• webui: show start_client button on VPNDirector page if client is in an error state, instead of stop_client
• webui: re-add base64.js, as it's used by some add-ons
• libovpn: tighten file perms on vpndirector_rulelist and vpn_*_custom3 JFFS storage
• webui: make killswitch CSS style match with routing style
• webui: re-add option to display OpenVPN server passwords
• webui: remove OpenVPN Server show pass checkbox for all models, turns out they really are encrypted, just not immediately stored as such
• rc: migrate OpenVPN policy-strict mode to regular policy mode
• libovpn: don't specify a /32 subnet to route_net_gateway as it may be provided as a hostname instead of an IP
• libovpn: fix OVPN routes not being configured if DNS mode was set to "Ignore"
• rc: fix typo in format.c preventing compiling
• libovpn: update DNS exclusive handling to use VPN Director instead of the previous clientlist rules
• libovpn: remove vpn_client?_clientlist handling from OpenVPN reset to default function
• webui: improve field validation on VPNDirector rule entry
• libovpn: handle DNS exclusive iptable rules separately, and refresh them on vpnrouting events
• webui: renamed "Policy Rules" for "VPN Director" on OpenVPN client dropdown; updated help popup
• webui_ update VPN Director page to use VPN Director instead of Policy Rule in its summary table
• libovpn: rework DNS Exclusive mode interaction with dnsmasq
• rc: fix vpnrouting event missing ovpn client 5; reverse order so DNS exclusive rules will be in the correct order in iptables's PREROUTING table
• libovpn: ensure that DNS exclusive iptables rules are always in the correct order
• libovpn: rc: move openvpn-event script back to route-up and route-pre-down handlers instead of up and down handlers.
• libovpn: clear custom settings in reset_ovpn_settings()
• HND5.02p1: Add support for BCM50991
• webui: properly handle switch state when starting OpenVPN client with missing username/password
• libovpn: only use first available DNS servers for Exclusive mode; tweaked logging
• openvpn: Updated to 2.5.3
• Updated documentation
• rc: add missing change missing in acb41da
• libovpn: clarify log entries for VPN Director rule configuration
• rc: allow Guest Network 1 clients to use an OpenVPN tunnel in the firewall
• libovpn: set remote endpoint route by its actual IP instead of the --remote parameter
• libovpn: cleanup client instance on ovpn_stop_client() even if client isn't running
• getdns/stubby: Update to 1.7.0/0.4.0.
• stubby: re-implement syslog support
• stubby: fix resolvconf config support (broken in 0.4.0)
• rc: intercept all bridge interfaces, not just the LAN interface, for DNSFilter
• rc: fix netool pings sent to non-responding target never sending the "completed" signature
• webui: fix location of the DHCP options table on the WAN page
• net-snmp: update to 5.9.1
• net-snmp: fix compiling