Releases: oivano/asuswrt-merlin.ng
Stable: 386.13_2-ion
ion release asuswrt merlin changelog
Date: May 05, 2024
Release: 386.13_2-ion
- FIXED: VPN Status page for IPsec clients and VPN Client IPsec connection status display issue
- UPDATED: strongswan to 5.9.14
Stable: 386.13-ion
ion release asuswrt merlin changelog
Date: April 16, 2024
Release: 386.13-ion
-
NOTE: all the models supported by Asuswrt-Merlin on the
386_xx series are now officialy on Asus' End of Life
list, which means unless there are new major security
issues, no new updates will be provided by Asus.ion will tentatively attempt to continue to provide updates and fixes
-
ADDED: mtr 0.95
-
ADDED: openconnect 9.12
-
ADDED: webui add IPsec client support
-
UPDATED: strongSwan to 5.9.12
-
UPDATED: openvpn to 2.6.10.
-
UPDATED: miniupnpd to 2.3.6.
-
UPDATED: tor to 0.4.7.16.
-
UPDATED: OUI database used by networkmap and the webui.
-
CHANGED: QOS/Classification page can now resolve local IPv6
addresses. -
CHANGED: Display tracked connections on the QoS/Classification
page even if QoS isn't set to Adaptive QoS. -
CHANGED: Prevent the use of Apple's iCloud Private Relay
when enabling "Prevent client auto DoH". -
CHANGED: NAT Passthrough page - removed the "Enabled + NAT
Helper" option as the firewall no longer blocks
traffic when set to disabled. This is back to the
former behaviour, where this setting only controls
whether or not to load the NAT helper. You might
need to readjust that setting if you had previously
changed it. -
CHANGED: SIP, RTSP and H323 ALG (NAT helpers) are now
disabled by default, as these legacy features tend
to create issues with modern VoIP setups.
This change will only apply to people doing a
factory default reset of their router. -
FIXED: CVE-2023-48795 in dropbear.
-
FIXED: Various issues with the QOS Classification page.
-
FIXED: UPNP leases without a description would not appear
on the Forwarded Ports page. -
FIXED: web server crashing when entering certain settings on
the Network Filter Page. Bypassed bug in closed source
validation code for now. -
FIXED: Concurrent cronjob changes through cru could cause
collisions, leading to missing jobs (dave14305) -
FIXED: CVE-2023-5678 & CVE-2024-0727 in openssl (backport from
Ubuntu by RSDNTWK)
Unstable: 386.13-ion_beta1
ion release asuswrt merlin changelog
Date: April 01, 2024
Release: 386.13-ion_beta1
-
NOTE: all the models supported by Asuswrt-Merlin on the
386_xx series are now officialy on Asus' End of Life
list, which means unless there are new major security
issues, no new updates will be provided by Asus.ion will tentatively attempt to continue to provide updates and fixes
-
ADDED: mtr 0.95
-
ADDED: openconnect 9.12
-
ADDED: webui add IPsec client support
-
UPDATED: strongSwan to 5.9.12
-
UPDATED: openvpn to 2.6.10.
-
UPDATED: miniupnpd to 2.3.6.
-
UPDATED: tor to 0.4.7.16.
-
UPDATED: OUI database used by networkmap and the webui.
-
CHANGED: QOS/Classification page can now resolve local IPv6
addresses. -
CHANGED: Display tracked connections on the QoS/Classification
page even if QoS isn't set to Adaptive QoS. -
CHANGED: Prevent the use of Apple's iCloud Private Relay
when enabling "Prevent client auto DoH". -
FIXED: CVE-2023-48795 in dropbear.
-
FIXED: Various issues with the QOS Classification page.
-
FIXED: UPNP leases without a description would not appear
on the Forwarded Ports page. -
FIXED: web server crashing when entering certain settings on
the Network Filter Page. Bypassed bug in closed source
validation code for now. -
FIXED: Concurrent cronjob changes through cru could cause
collisions, leading to missing jobs (dave14305) -
UPDATED: dnsmasq to 2.90 (resolves CVE 2023-50868 and CVE 2023-50387).
-
UPDATED: openvpn to 2.6.8 (fixes a crash introduced in 2.6.7)
-
UPDATED: openssl to 1.1.1w.
-
UPDATED: curl to 8.4.0.
-
UPDATED: openvpn to 2.6.7.
-
FIXED: WPS not working on SDK6/SDK7 devices (affecting
RT-AC68U and RT-AC88U/3100/5300) -
FIXED: dcd constantly crashing (updated Trend Micro
components)
Stable: 386.12-ion
ion release asuswrt merlin changelog
Date: September 15, 2023
Release: 386.12-ion
- UPDATED: Merged with GPL 386_51997.
Stable: 386.10-ion
ion release asuswrt merlin changelog
Date: May 11, 2023
Release: 386.10-ion
- NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.
386.10 (10-Mar-2023)
- NEW: Added Site Survey page under Network Tools tab.
(RT-AC86U/GT-AC2900). - UPDATED: dnsmasq to 2.89.
- UPDATED: openvpn to 2.6.0.
- UPDATED: openssl to 1.1.1t.
- UPDATED: miniupnpd to 2.3.3.
- CHANGED: Moved WiFi Radar and Site Survey to the
Network Tools tab - CHANGED: Disabled auto logout on System Log and
Wireless Log pages. - CHANGED: Reduced EDNS packet size from 1280 to 1232
bytes in dnsmasq, to better work with some
upstream servers not fully supporting EDNS0. - FIXED: NTP redirection wouldn`t work properly with
Guest Network, removed redirection for these. - FIXED: Added missing Tools icon on ROG UI (icon
contributed by Cody). - FIXED: RT-AC68U may crash when using Media Bridge mode
with a specific SSID length (patch from Asus)
Stable: 386.9-ion
ion release asuswrt merlin changelog
Date: January 20, 2023
Release: 386.9-ion
-
NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.
-
NEW: Merged with GPL 386_50757.
-
UPDATED: getdns/stubby to 1.7.2/0.4.2.
-
UPDATED: zlib to 1.2.12 + backports.
-
UPDATED: openssl to 1.1.1s.
-
UPDATED: inadyn to 2.10.0.
-
UPDATED: nettle to 3.8.1.
-
UPDATED: openvpn to 2.5.8.
-
UPDATED: dropbear to 2022.83.
-
UPDATED: dnsmasq to 2.88.
-
CHANGED: Rebranded DNSFilter as DNS Director. This will prevent
confusion with the company sharing the same name, and
also better describes what the feature does. -
CHANGED: Setting an OpenVPN client to redirect all traffic while
in "Exclusive" DNS mode will now force redirect ALL
DNS traffic just like in VPN Director mode.
While this will allow redirecting clients with
hardcoded DNS servers, it also means that your whole
LAN will lose the ability of doing local name
resolution. It might be best to use VPN Director
in that case to control which client should
be involved in the DNS redirection, or use
DNSFilter instead of Exclusive DNS mode.
editing VPNDirector rules. -
CHANGED: Switched generated self-signed certificate to an
EC certificate. -
CHANGED: Disabled DSS key support in Dropbear SSH.
-
FIXED: Wrong temperatures used by the temperature graphs
(386.8 regression) -
FIXED: Guest Network clients couldn't route through VPN
(regression in 386.4 following a GPL merge). -
FIXED: Clients connected to Guest Network 1 aren't
redirected to the router's NTP if NTP interception is
enabled. -
FIXED: Name was truncated to 31 chars when enabling OpenVPN
client's Server Certificate Name Validation. -
FIXED: CVE-2022-37434 in zlib.
-
REMOVED: Interface selector on Speedtest page (no longer
working, possibly due to an ookla client update)
Unstable: 386.9-ion_beta1
ion release asuswrt merlin changelog
Date: January 04, 2023
Release: 386.9-ion_beta1
-
NOTE: 386_xx release are only for Wifi 5 (802.11ac) models.
-
NEW: Merged with GPL 386_50757.
-
UPDATED: getdns/stubby to 1.7.2/0.4.2.
-
UPDATED: zlib to 1.2.12 + backports.
-
UPDATED: openssl to 1.1.1s.
-
UPDATED: inadyn to 2.10.0.
-
UPDATED: nettle to 3.8.1.
-
UPDATED: openvpn to 2.5.8.
-
UPDATED: dropbear to 2022.83.
-
CHANGED: Rebranded DNSFilter as DNS Director. This will prevent
confusion with the company sharing the same name, and
also better describes what the feature does. -
CHANGED: Setting an OpenVPN client to redirect all traffic while
in "Exclusive" DNS mode will now force redirect ALL
DNS traffic just like in VPN Director mode.
While this will allow redirecting clients with
hardcoded DNS servers, it also means that your whole
LAN will lose the ability of doing local name
resolution. It might be best to use VPN Director
in that case to control which client should
be involved in the DNS redirection, or use
DNSFilter instead of Exclusive DNS mode.
editing VPNDirector rules. -
CHANGED: Switched generated self-signed certificate to an
EC certificate. -
CHANGED: Disabled DSS key support in Dropbear SSH.
-
FIXED: Wrong temperatures used by the temperature graphs
(386.8 regression) -
FIXED: Guest Network clients couldn't route through VPN
(regression in 386.4 following a GPL merge). -
FIXED: Clients connected to Guest Network 1 aren't
redirected to the router's NTP if NTP interception is
enabled. -
FIXED: Name was truncated to 31 chars when enabling OpenVPN
client's Server Certificate Name Validation. -
FIXED: CVE-2022-37434 in zlib.
-
REMOVED: Interface selector on Speedtest page (no longer
working, possibly due to an ookla client update)
Stable: 386.5_2-ion
ion release asuswrt merlin changelog
Date: April 24, 2022
Release: 386.5_2-ion
- UPDATED: quagga to 1.2.4
- UPDATED: Dropbear to 2022.82
- UPDATED: Readline to 8.1
- NOTE: enabled following quagga services; bgpd, ospfd. Disabled everything else.
Stable: 386.4-ion
ion release asuswrt merlin changelog
Date: January 14, 2022
Release: 386.4-ion
This firmware is based on Upstream Merlin 386.4
- NOTE: DSL-AC68U removed support for the following functions; amas bwdpi cfg_sync cloudsync
conndiag email fileflex gameMode media ookla optimize_xbox pptpd printer repeater
rrsut snmp timemachine user_low_rssi yadns
Streamlined RAM usage and cleaned js Web UI pages to show only enabled functions,
please refer to README.md for Web UI layout of all ion release(s).
Stable: 386.3-ion
Changes from the latest stable ion build (386.2-ion):
- libovpn: rewrote OpenVPN client routing implementation
- openvpn: move custom config from nvram to JFFS, to allow storing more content
- libovpn: fixed a few compile warnings
- Updated documentation
- httpd: fix import of hmac setting from uploaded ovpn file
- Implement VPN Director
- rc: implement importing pre-VPN Director rules; fix the import process not always writing back to flash
- Updated documentation
- webui: tweaks to VPNDirector page
- rc: Fix vpn_client_clientlist import on HND models
- webui: show start_client button on VPNDirector page if client is in an error state, instead of stop_client
- webui: re-add base64.js, as it's used by some add-ons
- libovpn: tighten file perms on vpndirector_rulelist and vpn_*_custom3 JFFS storage
- webui: make killswitch CSS style match with routing style
- webui: re-add option to display OpenVPN server passwords
- webui: remove OpenVPN Server show pass checkbox for all models, turns out they really are encrypted, just not immediately stored as such
- rc: migrate OpenVPN policy-strict mode to regular policy mode
- libovpn: don't specify a /32 subnet to route_net_gateway as it may be provided as a hostname instead of an IP
- libovpn: fix OVPN routes not being configured if DNS mode was set to "Ignore"
- rc: fix typo in format.c preventing compiling
- libovpn: update DNS exclusive handling to use VPN Director instead of the previous clientlist rules
- libovpn: remove vpn_client?_clientlist handling from OpenVPN reset to default function
- webui: improve field validation on VPNDirector rule entry
- libovpn: handle DNS exclusive iptable rules separately, and refresh them on vpnrouting events
- webui: renamed "Policy Rules" for "VPN Director" on OpenVPN client dropdown; updated help popup
- webui_ update VPN Director page to use VPN Director instead of Policy Rule in its summary table
- libovpn: rework DNS Exclusive mode interaction with dnsmasq
- rc: fix vpnrouting event missing ovpn client 5; reverse order so DNS exclusive rules will be in the correct order in iptables's PREROUTING table
- libovpn: ensure that DNS exclusive iptables rules are always in the correct order
- libovpn: rc: move openvpn-event script back to route-up and route-pre-down handlers instead of up and down handlers.
- libovpn: clear custom settings in reset_ovpn_settings()
- HND5.02p1: Add support for BCM50991
- webui: properly handle switch state when starting OpenVPN client with missing username/password
- libovpn: only use first available DNS servers for Exclusive mode; tweaked logging
- openvpn: Updated to 2.5.3
- Updated documentation
- rc: add missing change missing in acb41da
- libovpn: clarify log entries for VPN Director rule configuration
- rc: allow Guest Network 1 clients to use an OpenVPN tunnel in the firewall
- libovpn: set remote endpoint route by its actual IP instead of the --remote parameter
- libovpn: cleanup client instance on ovpn_stop_client() even if client isn't running
- getdns/stubby: Update to 1.7.0/0.4.0.
- stubby: re-implement syslog support
- stubby: fix resolvconf config support (broken in 0.4.0)
- rc: intercept all bridge interfaces, not just the LAN interface, for DNSFilter
- rc: fix netool pings sent to non-responding target never sending the "completed" signature
- webui: fix location of the DHCP options table on the WAN page
- net-snmp: update to 5.9.1
- net-snmp: fix compiling