Šta je novo?

Merlin Firmware v388.2 Final - WireGuard podrška za Asus AX routere.

alex303

Moderator
Urednik
Super Moderator
Učlanjen(a)
19.04.2005
Poruke
3,859
Poena
2,095
Jako lepa vest za vlasnike jeftinijih Asus AX routera koji ne podržavaju ni jedan drugi firmware osim Merlin Firmware-a. Za one koji ne znaju, premium modeli Asus routera kao što je recimo Asus AC68U podržavaju flešovanje custom firmware-a kao što je OpenWRT, DD-WRT, FreshTomato...itd koji mogu značajno da prošire mogućnosti routera i njihov životni vek. Svi navedeni firmware-i podržavaju WireGuard Client/Server režim što ih čini odličnim za kućnu upotrebu u sprezi sa nekim VPN servisom kao što su Mullvad VPN ili NordVPN.

Jeftiniji Asus AX routeri u koje spada recimo Asus AX56U, nemaju podršku za gore navedene custom firmware. Takvi routeri podržavaju samo Merlin firmware koji je modifikacija originalnog Asus firmware-a sa proširenim mogućnostima. Merlin firmware je do danas podržavao samo OpenVPN a to nije dovoljno zbog mnogo većih brzina interneta. Korišćenje OpenVPN-a protokola na ovim routerima ima kao rezultat veliki pad brzine i odziva interneta kada se koristi neki od VPN servisa. Danas je tome došao kraj, jer je Merlin firmware v388.1-beta 1 v388.2 napokon dobio full WireGuard Client/Server podršku što će jeftinijim Asus AX routerima drastično povećati vrednost i upotrebljivost a pogotovo brzinu i odziv kada se koristi neki VPN servis.

Trenutno podržani router su:
  • RT-AX56U
  • RT-AX58U
  • RT-AX86U
  • RT-AX88U
  • GT-AX11000
  • RT-AX68U
  • GT-AXE11000
  • ZenWiFi Pro XT12
  • GT-AX6000
  • GT-AXE16000
  • GT-AX11000 Pro
  • RT-AX86U Pro

Firmware se može skinuti odavde. A ovo je changelog.

Kod:
Asuswrt-Merlin Changelog
========================

388.1 (xx-xxx-xxxx)
  - NOTE: This release is only available for AX models.
    AC models will remain on the 386_xx release branch.

  - NEW: Add RT-AX86U_PRO support.
  - NEW: Merged with GPL 388_20566 (RT-AX88U and GT-AX11000)
  - NEW: Merged with GPL 388_21224 (all other AX models)
  - NEW: Experimental ROG UI version for GT models, as a separate
         firmware image within the distribution archive, with
         "_rog" in the filename.
  - NEW: (Asus 388) WireGuard client and server.  The server uses
         the new 388 VPN server webui.  Implemented a webui for
         clients, based on the early development UI from Asus.

         WG client routing is handled by VPN Director - you must
         configure redirection rules through it, same as on stock
         firmware which requires configuring rules through
         VPN Fusion.

         DNS handling will be identical to OpenVPN's Exclusive DNS
         mode, forcing clients to use the DNS provided by it
         (if any is provided).

         Note that enabling WireGuard will disable hardware
         NAT acceleration due to compatiblity reasons.

  - UPDATED: getdns/stubby to 1.7.2/0.4.2.
  - UPDATED: zlib to 1.2.12 + backports.
  - UPDATED: openssl to 1.1.1s.
  - CHANGED: Rebranded DNSFilter as DNS Director.  This will prevent
             confusion with the company sharing the same name, and
             also better describes what the feature does.
  - CHANGED: Setting an OpenVPN client to redirect all traffic while
             in "Exclusive" DNS mode will now force redirect ALL
             DNS traffic just like in VPN Director mode.
             While this will allow redirecting clients with
             hardcoded DNS servers, it also means that your whole
             LAN will lose the ability of doing local name
             resolution.  It might be best to use VPN Director
             in that case to control which client should
             be involved in the DNS redirection, or use
             DNS Director instead of Exclusive DNS mode.
  - CHANGED: (Asus 388) nvram storage increased to 192 KB on newer
             HND 5.04 devices like the GT-AXE16000.
  - CHANGED: Reworked VPN Status page to only show currently
             active services.
  - CHANGED: Reworked VPN Director page design, added buttons to
             access a client's settings page, and allow leaving
             both source and destination IPs empty (for "all").
  - CHANGED: Optimized VPN Director WAN and DNS rule creation, so
             they no longer get re-created multiple times when
             editing VPNDirector rules.
  - FIXED: Wrong temperatures used by the temperature graphs
           (386.8 regression)
  - FIXED: CVE-2022-37434 in zlib.
  - FIXED: GT-AXE16000 random reboots when using an OpenVPN
           client with VPN Director and Adaptive QoS.
  - FIXED: Clients connected to Guest Network 1 aren't
           redirected if NTP interception is enabled.
  - FIXED: Name was truncated to 31 chars when enabling OpenVPN client's
           Server Certificate Name Validation.
  - REMOVED: Interface selector on Speedtest page (no longer
             working, possibly due to an ookla client update)
 
Stavio sinoc na moj GT-AX 6000 i za sad radi kako treba, sve funkcije rade nisam imao crash ili reboot.
Instalirao obicnu verziju ROG mi se ne svidja previse sareno.
Wireguard client radi neverovatno brzo, koristim Nordvpn i Surfshark. Dostize i do 300Mps u downu i 140Mbps u uploadu i to za Ameriku :)
 
Stavio sinoc na moj GT-AX 6000 i za sad radi kako treba, sve funkcije rade nisam imao crash ili reboot.
Instalirao obicnu verziju ROG mi se ne svidja previse sareno.
Wireguard client radi neverovatno brzo, koristim Nordvpn i Surfshark. Dostize i do 300Mps u downu i 140Mbps u uploadu i to za Ameriku :)
Koliko si imao sa OpenVPN-om ? Čisto da znamo koliki je dobitak.
 
Evo sad testiram i nije ko sinoc ni blizu hmmm.
sad su priblizno iste vrednosti 150/50 a sinoc Wireguartd isao do 300 a OpenVPN ko i sad do 150.
Secam se na starom ruteru AC 68U OpenVPN nije hteo preko 50 tako da mnogo znaci jaci procesor na novom ruteru.
Tako da mogu da pocnem da razmisljam da stavljam uredjaje preko rutera, realno imam 5x OpenVPN i 5x Wireguard u VPN Directoru za settings.
Onda 10 uredjaja mogu na 10 lokacija razlicitih u isto vreme, nece to nikad biti korisceno tako naravno niti bi procesor to podneo ali moze.
 
Evo sad testiram i nije ko sinoc ni blizu hmmm.
To je zagušenje na strani NordVPN-a. To je kod njih i ExpressVPN-a normalna stvar jer koriste M247 cloud provajder. Punom brzinom rade samo kad nema mnogo ljudi.
sad su priblizno iste vrednosti 150/50 a sinoc Wireguartd isao do 300 a OpenVPN ko i sad do 150.
Čim si jednom uspeo da dobiješ 300, to je to. WireGuard radi posao.
Secam se na starom ruteru AC 68U OpenVPN nije hteo preko 50 tako da mnogo znaci jaci procesor na novom ruteru.
Naravno da znači. Samo glavni problem sa OpenVPN-om je taj što nije multithreadovan. Ako imaš dual core ili quad core procesor, on vidi samo jedno jezgro. Tu je WireGuard u velikoj prednosti jer je multithreadovan + je mnogo jednostavniji. Zato se i dobijaju ludačke brzine sa njim.
Tako da mogu da pocnem da razmisljam da stavljam uredjaje preko rutera, realno imam 5x OpenVPN i 5x Wireguard u VPN Directoru za settings.
Previše je to za običan consumer router.
Onda 10 uredjaja mogu na 10 lokacija razlicitih u isto vreme, nece to nikad biti korisceno tako naravno niti bi procesor to podneo ali moze.
Sa OpenVPN-om ne, ali mislim da 10 tunela nije problem za WireGuard. Čak i na slabijim routerima sa dual core procesorom.
 

Merlin Firmware v388.1-beta 2​

 
Izašla BETA-3. Upravo flešovao, sve radi ok. Još malo pa final release.

1669243775916.png
 
Izašla BETA-4 iz nekog čudnog razloga. Uflešovano, sve radi ok. Izgleda da ćemo još čekati za final release.

1669811476333.png
 
Jako lepa vest za vlasnike jeftinijih Asus AX routera koji ne podržavaju ni jedan drugi firmware osim Merlin Firmware-a. Za one koji ne znaju, premium modeli Asus routera kao što je recimo Asus AC68U podržavaju flešovanje custom firmware-a kao što je OpenWRT, DD-WRT, FreshTomato...itd koji mogu značajno da prošire mogućnosti routera i njihov životni vek. Svi navedeni firmware-i podržavaju WireGuard Client/Server režim što ih čini odličnim za kućnu upotrebu u sprezi sa nekim VPN servisom kao što su Mullvad VPN ili NordVPN.

Jeftiniji Asus AX routeri u koje spada recimo Asus AX56U, nemaju podršku za gore navedene custom firmware. Takvi routeri podržavaju samo Merlin firmware koji je modifikacija originalnog Asus firmware-a sa proširenim mogućnostima. Merlin firmware je do danas podržavao samo OpenVPN a to nije dovoljno zbog mnogo većih brzina interneta. Korišćenje OpenVPN-a protokola na ovim routerima ima kao rezultat veliki pad brzine i odziva interneta kada se koristi neki od VPN servisa. Danas je tome došao kraj, jer je Merlin firmware v388.1-beta 1 napokon dobio full WireGuard Client/Server podršku što će jeftinijim Asus AX routerima drastično povećati vrednost i upotrebljivost a pogotovo brzinu i odziv kada se koristi neki VPN servis.

Trenutno podržani router su:
  • RT-AX56U
  • RT-AX58U
  • RT-AX86U
  • RT-AX88U
  • GT-AX11000
  • RT-AX68U
  • GT-AXE11000
  • ZenWiFi Pro XT12
  • GT-AX6000
  • GT-AXE16000
  • GT-AX11000 Pro
  • RT-AX86U Pro

Firmware se može skinuti odavde. A ovo je changelog.

Kod:
Asuswrt-Merlin Changelog
========================

388.1 (xx-xxx-xxxx)
  - NOTE: This release is only available for AX models.
    AC models will remain on the 386_xx release branch.

  - NEW: Add RT-AX86U_PRO support.
  - NEW: Merged with GPL 388_20566 (RT-AX88U and GT-AX11000)
  - NEW: Merged with GPL 388_21224 (all other AX models)
  - NEW: Experimental ROG UI version for GT models, as a separate
         firmware image within the distribution archive, with
         "_rog" in the filename.
  - NEW: (Asus 388) WireGuard client and server.  The server uses
         the new 388 VPN server webui.  Implemented a webui for
         clients, based on the early development UI from Asus.

         WG client routing is handled by VPN Director - you must
         configure redirection rules through it, same as on stock
         firmware which requires configuring rules through
         VPN Fusion.

         DNS handling will be identical to OpenVPN's Exclusive DNS
         mode, forcing clients to use the DNS provided by it
         (if any is provided).

         Note that enabling WireGuard will disable hardware
         NAT acceleration due to compatiblity reasons.

  - UPDATED: getdns/stubby to 1.7.2/0.4.2.
  - UPDATED: zlib to 1.2.12 + backports.
  - UPDATED: openssl to 1.1.1s.
  - CHANGED: Rebranded DNSFilter as DNS Director.  This will prevent
             confusion with the company sharing the same name, and
             also better describes what the feature does.
  - CHANGED: Setting an OpenVPN client to redirect all traffic while
             in "Exclusive" DNS mode will now force redirect ALL
             DNS traffic just like in VPN Director mode.
             While this will allow redirecting clients with
             hardcoded DNS servers, it also means that your whole
             LAN will lose the ability of doing local name
             resolution.  It might be best to use VPN Director
             in that case to control which client should
             be involved in the DNS redirection, or use
             DNS Director instead of Exclusive DNS mode.
  - CHANGED: (Asus 388) nvram storage increased to 192 KB on newer
             HND 5.04 devices like the GT-AXE16000.
  - CHANGED: Reworked VPN Status page to only show currently
             active services.
  - CHANGED: Reworked VPN Director page design, added buttons to
             access a client's settings page, and allow leaving
             both source and destination IPs empty (for "all").
  - CHANGED: Optimized VPN Director WAN and DNS rule creation, so
             they no longer get re-created multiple times when
             editing VPNDirector rules.
  - FIXED: Wrong temperatures used by the temperature graphs
           (386.8 regression)
  - FIXED: CVE-2022-37434 in zlib.
  - FIXED: GT-AXE16000 random reboots when using an OpenVPN
           client with VPN Director and Adaptive QoS.
  - FIXED: Clients connected to Guest Network 1 aren't
           redirected if NTP interception is enabled.
  - FIXED: Name was truncated to 31 chars when enabling OpenVPN client's
           Server Certificate Name Validation.
  - REMOVED: Interface selector on Speedtest page (no longer
             working, possibly due to an ookla client update)
Merlin samo i moze na high end Asus ruterima :p
Sada su i jeftiniji dobili podrsku. OpenWRT i prijatelji ne valjaju na Asus ruterima, posto koriste open source Wifi drajver, koji ne podrzava MU-MIMO...
Tako da jedini firmware koji valja osim Asus-ovog, je Merlin.
 
Jel vama radi Wireguard?
Meni od B2 ne radi ni jedna konfiguracija na ruteru, Nord, Surfshark ili Keepsolid.
Sve isto ko i kod B1ali ne radi startujem u Directoru i pokaze zelenu kvaku ali kad odem u vpn client wireguard pise enabled ali stopped.
1669894393324.png1669894455018.png
 
Taj problem ima i fabrički firmware kada se koristi OpenVPN. To se vuče već godinama. Kada se mnogo flešuje i mnogo čačka oko VPN-a, ta stranica pobrljavi. Ja sam to rešavao tako što stvarno stavim client na disable i rebootujem router. Posle reboot-a uradim enable i sve radi. Kad to ne pomogne, onda obrišem ceo setup i krenem od nule.
 
Probao ne pomaze, restartovao router i importovao postavke na novo.
Za razliku od openvpn u wireguard postavkama nema dugmeta Default da se postavke vrate na "prazno".
Openvpn radi bez problema sta god da ubacim, tako da sumnjam na firmware i dalje a neda mi se da restujem router na fabricke pa sve iz pocetka.
To cu kad izadje finalna verzija ovog firmwarea, do sad flashujem dirtu jedno preko drugog.
 
Pa možeš da sačivaš config, uradiš factory defaults, i onda opet učitaš config. Ne gubiš baš ništa.
 
Da nista sem sto ce me ukucani lincovati zbog downtime routera.
Videcu jedino nocu ili neko vreme kad niko u kuci ne koristi net, preko 20 raznih uredjaja je sto na LAN sto na VLAN.
 
Dodata je podrška za:
  • GT-AXE11000
  • ZenWiFi Pro XT12
 
Beta test je završen. Finalna verzija 388.1 je dostupna za download.

1670123200665.png
 
Probao ne pomaze, restartovao router i importovao postavke na novo.
Za razliku od openvpn u wireguard postavkama nema dugmeta Default da se postavke vrate na "prazno".
Openvpn radi bez problema sta god da ubacim, tako da sumnjam na firmware i dalje a neda mi se da restujem router na fabricke pa sve iz pocetka.
To cu kad izadje finalna verzija ovog firmwarea, do sad flashujem dirtu jedno preko drugog.
Za razliku od openVPN, WireGuard ne radi iza CG-NATA, treba ti server sa public IP adresom...
 
Kada flešujem sa Merlina na Merlin uvek radim dirty. Samo sačuvam config pre flešovanja.
 
Za razliku od openVPN, WireGuard ne radi iza CG-NATA, treba ti server sa public IP adresom...
Sad mi radi bila je greska u config file, glupavo objasnjenje kod providera.
Treba da se napravi par kljuceva private i public i da se skine config u kome vec stoje neki kljucevi.
Ja menjao oba jer kao sto bi imao dva svoja, a poenta je da se samo jedan menja. Tako da....
Otkad ima cg-nat na optici?
 
Ne vidim sto ne bi imao? Naravno, ako kod nas ne natuju one sa optikom, tim pre da predjem na optiku :p
Lose sam formulisao, naravno da moze ali sam hteo reci da kolko znam nema na MTS.
Sto i potvrdjuje to sto mi funkcionise Wireguard, ako kazes da on ne radi iza cg-nata.
 
Verzija 388.2 je izašla. Pogledati changelog ispod. Najbitnije promene su označene crvenom bojom.

388.2 (12-Apr-2023)
- NOTE: This release is currently not available for the XT12 due to issues with that model's GPL.
- NEW: Added support for the RT-AX88U Pro.
- NEW: Merged with GPL 388_22525.
- NEW: Added Site Survey page under Network Tools tab. This is the same network scan that is available for pre-HND models, with Wifi 6E support added.
- UPDATED: dnsmasq to 2.89.
- UPDATED: openvpn to 2.6.2.
If your client fails to connect then your custom settings must contain settings no
longer supported by OpenVPN 2.6. Review the System
Log, then remove unsupported settings that are
reported in your log.

- UPDATED: nettle to 3.8.1.
- UPDATED: inadyn to 2.10.0.
- UPDATED: dropbear to 2022.83.
- UPDATED: miniupnpd to 2.3.3.
- UPDATED: openssl to 1.1.1t.
- UPDATED: curl to 8.0.1.
- CHANGED: moved WiFi Radar to the Network Tools tab.
- CHANGED: Disabled auto logout on System Log and Wireless Log pages.
- CHANGED: Reduced EDNS packet size from 1280 to 1232 bytes in dnsmasq, to better work with some upstream servers not fully supporting EDNS0.
- CHANGED: Allow empty fields on WireGuard Client page if the client is disabled. This allow users to manually clear settings when they are no longer using a client.
- FIXED: NTP redirection wouldn't work properly with Guest Network, removed redirection for these.
- FIXED: Added missing Tools icon on ROG UI (icon contributed by Cody).
- FIXED: DDNS was being refreshed every time IPv6 bound6() event occured even if IPv6 DDNS update was disabled.
- FIXED: Wireless Log wouldn't properly show IPv6 address for clients with multiple addresses.
- FIXED: ICMPv6 pings would be dropped when DoS protection was enabled (regression in 388.1).
 
Nazad
Vrh Dno