Skip to main content
Asuswrt-Merlin 3006.xxx Changelog
=================================

3006.102.2_2 (17-Nov-2024)
  - FIXED: Security issues in AiCloud (backports from Asus)


3006.102.2 (3-Nov-2024)
  - NEW: Added support for RT-BE88U (based on GPL 3.0.0.6.102_33921)
  - NEW: Added support for RT-BE86U (based on GPL 3.0.0.6.102_36216)
  - NEW: Added mDNS support to the router's local name resolution
         (nss).
  - UPDATED: OpenVPN to 2.6.12.
  - CHANGED: Support importing Wireguard config files that
             contain multiple AllowedIPs, Address or DNS
             declarations.
  - CHANGED: Re-added firmware version display on Sysinfo page
             (as you can't copy the version string from the
             header banner, this one can be).
  - CHANGED: VPN killswitch will now only be active if the
             VPN client itself is enabled.  If you stop/start
             the client yourself over SSH, you need to also
             update the enabled/disabled nvram setting.
  - CHANGED: Display public IP address for Wireguard clients.
  - FIXED: Generated web certificate wasn't using the FQDN
           for Namecheap DDNS users.
  - FIXED: DNSDirector and Tor pages would fail to properly load
           in some environment.
  - FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
           Implicit rejection for RSA PKCS#1 in openssl
           (backport from Ubuntu by RSDNTWK)
  - FIXED: UPnP options were missing on WAN page for models
           with multiservice WAN support.
  - FIXED: Guest Network table would still be shown on the
           DNSDIrector page if DNSDirector isn't enabled.
  - FIXED: VPN Fusion-related popup showing when editing
           an existing DHCP reservation - removed.
  - FIXED: 320 MHz chanspec would show as 160 on the Wifi
           icon status.
  - FIXED: Wifi icon status not properly shown on quad-band
           Wifi 7 models.
  - FIXED: DNS over TLS broken if IoT Guest Network (or other
           Guest Network sharing existing VLAN) is disabled.
           (patch from Asus)


3006.102.1 (28-Jun-2024)

  This is the initial release of Asuswrt-Merlin based on
  the 3006 codebase.  Only a few specific models are
  currently available, more will be added over time as
  Asus progressively migrates devices to the new codebase.

  3006 introduces a number of major features, these will not
  be listed - please review Asus' own documentation on the
  new features added in 3006 (AKA Asuswrt 5.0).  The two most
  notable ones are VLAN and Guest Network Pro (also called
  Self-Defined Networks, or SDN), both of which are supported
  in Asuswrt-Merlin.

  This initial 3006.102.xx release also includes a number of
  potentially breaking changes over 3004.  The most relevant
  ones will be listed below.

  Note that while Asus uses VPNFusion, Asuswrt-Merlin still
  uses VPNDirector.  The integration with Guest Network Pro
  had to be re-implemented to work with Asuswrt-Merlin,
  which required a few backend changes.

  Due to the VPN backend differences, it's strongly recommended
  to do a factory default reset after coming from the original
  Asus firmware if you used any VPN-related functionality.


  - NEW: Added support for GT-BE98_PRO.
  - NEW: Added support for RT-BE96U.
  - NOTE: Wifi 7 devices don't support NFS (issue with new
          toolchain), QoS classification page (issue with
          TrendMicro BWDPI) or Wifi Radar (not updated by
          Broadcom).
  - NEW: Added dnsmasq-INDEX.conf.add and stubby-INDEX.yml.add,
         which are appended to SDN config files (INDEX = SDN
         index number)
  - NEW: Added dnsmasq-sdn.postconf and stubby-sdn.postconf.
         They take two arguments:
           - path to the config file for that SDN's instance
           - the SDN index number (1 for the first SDN instance)

  - NEW: Rewrote VPN killswitch implementation.  The new method
         uses an always present routing rule to prohibit access to
         the main routing table, so it will be active even if the
         user manually stops a client.  Removing the prohibit rule
         requires disabling the killswitch on the webui.
         The rules are also created before WAN goes up, to reduce
         the risks of leaks between WAN going up and VPN connecting.
  - NEW: Added killswitch support for WireGuard clients.
  - UPDATED: Merged with GPL 3.0.0.6.102_34369.
  - UPDATED: Chart.js was upgraded from 2.x to 3.9, to share the
             same version used by Asus.  Any third party addon
             that used it will need to upgrade their charts to
             the new version.
  - UPDATED: wget to 1.24.5.
  - CHANGED: Switched to a different qrcode generation script, to
             share the same script used by Asus.
  - CHANGED: WireGuard and OpenVPN clients use different iproute2
             table IDs, to be in line with Asus's own table IDs.
             The names defined in rt_tables remain unchanged.
  - CHANGED: Implemented support for Wifi 7 and SDN on the
             Wireless Log page.
  - CHANGED: Implemented DNSDirector webui for SDN.
  - CHANGED: Removed stop/start and "Start with WAN" buttons from
             OpenVPN clients.  There is now just a single
             "Enable" option, which will immediately start the
             client when applying changes, and will also start it
             automatically when WAN comes up.  This is to reduce
             confusion, better integrate into SDN, and match how
             WireGuard clients already worked.
  - CHANGED: ipset is now compiled into the kernel rather than as
             modules (to match with Asus)
  - CHANGED: Removed led_disable nvram, we now share the same AllLED
             nvram as used by Asus for the LED button (and AiMesh sync)
  - FIXED: JS error on Wifi 6e/7 models when toggling DDNS.
  - REMOVED: Option dns_local_cache from Tools -> Tweak settings,
             to avoid issues with SDN that run their own
             dnsmasq instances.
  - REMOVED: Wifi Radar was removed (unsupported by Wifi 7 devices,
             and security issues cited by Asus in their own recent
             releases).