Asuswrt-Merlin 3006.xxx Changelog
=================================
3006.102.2_2 (17-Nov-2024)
- FIXED: Security issues in AiCloud (backports from Asus)
3006.102.2 (3-Nov-2024)
- NEW: Added support for RT-BE88U (based on GPL 3.0.0.6.102_33921)
- NEW: Added support for RT-BE86U (based on GPL 3.0.0.6.102_36216)
- NEW: Added mDNS support to the router's local name resolution
(nss).
- UPDATED: OpenVPN to 2.6.12.
- CHANGED: Support importing Wireguard config files that
contain multiple AllowedIPs, Address or DNS
declarations.
- CHANGED: Re-added firmware version display on Sysinfo page
(as you can't copy the version string from the
header banner, this one can be).
- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- CHANGED: Display public IP address for Wireguard clients.
- FIXED: Generated web certificate wasn't using the FQDN
for Namecheap DDNS users.
- FIXED: DNSDirector and Tor pages would fail to properly load
in some environment.
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
- FIXED: UPnP options were missing on WAN page for models
with multiservice WAN support.
- FIXED: Guest Network table would still be shown on the
DNSDIrector page if DNSDirector isn't enabled.
- FIXED: VPN Fusion-related popup showing when editing
an existing DHCP reservation - removed.
- FIXED: 320 MHz chanspec would show as 160 on the Wifi
icon status.
- FIXED: Wifi icon status not properly shown on quad-band
Wifi 7 models.
- FIXED: DNS over TLS broken if IoT Guest Network (or other
Guest Network sharing existing VLAN) is disabled.
(patch from Asus)
3006.102.1 (28-Jun-2024)
This is the initial release of Asuswrt-Merlin based on
the 3006 codebase. Only a few specific models are
currently available, more will be added over time as
Asus progressively migrates devices to the new codebase.
3006 introduces a number of major features, these will not
be listed - please review Asus' own documentation on the
new features added in 3006 (AKA Asuswrt 5.0). The two most
notable ones are VLAN and Guest Network Pro (also called
Self-Defined Networks, or SDN), both of which are supported
in Asuswrt-Merlin.
This initial 3006.102.xx release also includes a number of
potentially breaking changes over 3004. The most relevant
ones will be listed below.
Note that while Asus uses VPNFusion, Asuswrt-Merlin still
uses VPNDirector. The integration with Guest Network Pro
had to be re-implemented to work with Asuswrt-Merlin,
which required a few backend changes.
Due to the VPN backend differences, it's strongly recommended
to do a factory default reset after coming from the original
Asus firmware if you used any VPN-related functionality.
- NEW: Added support for GT-BE98_PRO.
- NEW: Added support for RT-BE96U.
- NOTE: Wifi 7 devices don't support NFS (issue with new
toolchain), QoS classification page (issue with
TrendMicro BWDPI) or Wifi Radar (not updated by
Broadcom).
- NEW: Added dnsmasq-INDEX.conf.add and stubby-INDEX.yml.add,
which are appended to SDN config files (INDEX = SDN
index number)
- NEW: Added dnsmasq-sdn.postconf and stubby-sdn.postconf.
They take two arguments:
- path to the config file for that SDN's instance
- the SDN index number (1 for the first SDN instance)
- NEW: Rewrote VPN killswitch implementation. The new method
uses an always present routing rule to prohibit access to
the main routing table, so it will be active even if the
user manually stops a client. Removing the prohibit rule
requires disabling the killswitch on the webui.
The rules are also created before WAN goes up, to reduce
the risks of leaks between WAN going up and VPN connecting.
- NEW: Added killswitch support for WireGuard clients.
- UPDATED: Merged with GPL 3.0.0.6.102_34369.
- UPDATED: Chart.js was upgraded from 2.x to 3.9, to share the
same version used by Asus. Any third party addon
that used it will need to upgrade their charts to
the new version.
- UPDATED: wget to 1.24.5.
- CHANGED: Switched to a different qrcode generation script, to
share the same script used by Asus.
- CHANGED: WireGuard and OpenVPN clients use different iproute2
table IDs, to be in line with Asus's own table IDs.
The names defined in rt_tables remain unchanged.
- CHANGED: Implemented support for Wifi 7 and SDN on the
Wireless Log page.
- CHANGED: Implemented DNSDirector webui for SDN.
- CHANGED: Removed stop/start and "Start with WAN" buttons from
OpenVPN clients. There is now just a single
"Enable" option, which will immediately start the
client when applying changes, and will also start it
automatically when WAN comes up. This is to reduce
confusion, better integrate into SDN, and match how
WireGuard clients already worked.
- CHANGED: ipset is now compiled into the kernel rather than as
modules (to match with Asus)
- CHANGED: Removed led_disable nvram, we now share the same AllLED
nvram as used by Asus for the LED button (and AiMesh sync)
- FIXED: JS error on Wifi 6e/7 models when toggling DDNS.
- REMOVED: Option dns_local_cache from Tools -> Tweak settings,
to avoid issues with SDN that run their own
dnsmasq instances.
- REMOVED: Wifi Radar was removed (unsupported by Wifi 7 devices,
and security issues cited by Asus in their own recent
releases).