Asus gebruikt voor zijn nieuwere routers, zoals de RT-N66U en RT-AC66U, van Tomato afgeleide firmware met de naam Asuswrt. Deze firmware is, op enkele drivers na, opensource, waarbij de gesloten binaries wel meegeleverd worden.
Asuswrt-merlin is een aangepaste versie van de originele firmware die onder meer bugfixes en kleine verbeteringen bevat, maar toch dicht bij het origineel probeert te blijven, zodat het mogelijk blijft om nieuwe features die Asus introduceert toe te voegen aan de code. Versie 378.55 is uitgekomen en sinds 378.54_1 zijn de volgende veranderingen en verbeteringen doorgevoerd:
- DHCP lease page could get confused by IPv6 clients on the LAN.
Asuswrt-Merlin 378.55 Beta 2Changed:
- Updated dnsmasq to 2.73 RC9 (backport from GPL 6975)
- Updated odhcp6c to newer version (backport from GPL 6975)
- Updated openssl to 1.0.2d (fixes CVE-2015-1793, only present in Beta 1 - 54_2 was not affected)
- Display existing key/certs on the OpenVPN pages once they've been migrated to JFFS.
- Time scheduler-related features (Parental Control & Wifi scheduler) were broken (backported fix from Asus's GPL 6975) (beta 1 regression)
- QTN firmware was still being copied to RAM rather than rely on the symlink to flash added in Beta 1, to save 4 MB of RAM. (AC87U)
- Dropbox cloud sync would fail on some setups (backport from GPL 6975)
- Entware-setup script would generate an invalid services-start script
- Duplicate zoneedit entry on the DDNS service list.
Asuswrt-Merlin 378.55 Beta 1New:
- Merged with GPL 6117. Notable changes from Asus:
- New token-based webui authentication (more secure)
- OpenVPN certificates moved to JFFS2, saving nvram. key/cert fields will show up empty on the webui, any new key/cert you paste will be written back to /jffs/openvpn/ . This means that if you revert back to a previous version, your key/certs will no longer be in nvram, so OpenVPN instances will fail to start.
- New network client list on the network map
- CTF support for PPTP/L2TP WAN (Russian ISPs) (ARM)
- Reformatted DHCP lease list under System Log.
- Reformatted Port Forward page under System Log.
- Reformatted Route Table page under System Log.
- Reformatted IPv6 Status page under System Log.
- Display more details about UPNP/NAT-PMP/PCP redirections on the Port Forward page.
- The JFFS2 partition is now always enabled, as it is required by various firmware functions. The options to format it or to enable/disable user config/scripts remain configurable.
- Updated OpenVPN to 2.3.7.
- Updated OpenSSL to 1.0.2c.
- Use a pre-generated 2048-bit DH from RFC 3526 instead of generating our own when doing the first time setup for OpenVPN servers. This is necessary as openssl 1.0.2b and up now reject 512-bit DHs, and generating a 1024-bit would take far too long on a router. The end-user still has the possibility of providing his own - as long it's 1024-bit or stronger.
- Updated minidlna to upstream Git snapshot from 2015-06-26, and switched to the newer build system.
- Upgraded ffmpeg from 0.6.0 to 0.7.17.
- Accept DHCP lease duration of up to 31 days on the DHCP page
- No longer regularly flush caches from memory on ARM router. This will mean a lower amount of free memory is shown, however that memory gets freed whenever something actually needs it, so this is normal. (ARM)
- Display the size of cache memory on the Tools -> Sysinfo page
- Improvements to the Networkmap (ability to remove an entry, removed the alert() from modifying an existing entry)
- Wireless Log page would fail to load if the SSID contained certain characters
- Wireless Log page would fail to load when in Media Bridge mode on the RT-AC87U
- DDNS page would complain about an empty account field when setting it to CUSTOM with no prior value in that field.
- Automatically generated DH was too weak (512-bit) and preventing clients based on newer OpenSSL releases from connecting. We automatically replace any weak PEM with our 2048-bit one.
- minidlna could get stuck building its database (reverted Asus's recent memory optimizations)
- The exported opvn config for clients had the incorrect port value.
- Busybox's zcip was missing a patch from 378_4950, preventing it from working (and in turn preventing igmpproxy from working for people with PPPoE connections where their modem does not provide any DHCP lease to the physical WAN interface)