Asuswrt-Merlin 3004.388.7

0
9

Asus uses a Tomato-derived firmware called Asuswrt. This firmware is, except for a few drivers, open source, with closed binaries included. Asuswrt-Merlin is in turn a modified version of the original firmware from Asus. It includes bug fixes and minor improvements, but still tries to stay close to the original, so that it remains possible to add new features that Asus introduces to the code. Version 3004.388.7 has been released and the following changes and improvements have been made:

Note:

  • RT-AX56U is exceptionally included in this release.

NEW:

  • IGD2 support for UPNP/PCP. This will allow IPv6 pinhole support for clients. It must be enabled on the WAN page. Existing pinholes will be listed on the System Log -> IPV6 page.
    Note that IGDv2 has compatibility issues with various clients that do not properly follow the standard.

Updated:

  • Openvpn to 2.6. 10.
  • TOR to 0.4.8.10.
  • wsdd2 to 2023-12-21 snapshot.
  • miniupnpd to 2.3.6.
  • wireguard kernel to v1.0.20220627.< /li>
  • wireguard tools to 2023-08-04 snapshot.
  • dropbear to 2024.84.
  • strongswan to 5.9.13 (fixes CVE-2023-41913)

Changed:

  • Hardcoded location of the CA bundle in inadyn, so it no longer needs to be manually defined in custom configurations.
  • Re-designed Tools->Sysinfo page, adding graphs and removing useless content.
  • Updated free memory report on networkmap to also consider reclaimable memory as being free (kjbracey)
  • “Prevent client auto DoH” will also prevent the use of Apple's iCloud Private Relay.
  • NAT Passthrough page – removed the “Enabled + NAT Helper” option as the firewall no longer blocks traffic when set to disabled. This is back to the former behavior, where this setting only controls whether or not to load the NAT helper. You might need to readjust that setting if you had previously changed it.
  • SIP, RTSP and H323 ALG (NAT helpers) are now disabled by default, as these legacy features tend to create issues with modern VoIP setups. This change will only apply to people doing a factory default reset of their router.

Fixed:

  • Concurrent cronjob changes through cru could cause collisions, leading to missing jobs (dave14305)
  • crond would not use the new timezone if it got changed.
  • MiniDLNA web interface could only be accessed through an IP address (regression in 3004.388.6).
  • CVE-2023-5678 & CVE-2024-0727 in openssl (backport from Ubuntu by RSDNTWK)
  • Long lists on System Log -> Connections tab could result in a timeout (Sani Huttunen)

Removed:

  • Temperature page (charts are now part of the redesigned Tools->Sysinfo page ).