Asus gebruikt voor zijn nieuwere routers, zoals de RT-AC66U en RT-AC87U, van Tomato afgeleide firmware met de naam Asuswrt. Deze firmware is, op enkele drivers na, opensource, waarbij de gesloten binaries wel meegeleverd worden. Asuswrt-merlin is op zijn beurt een aangepaste versie van de originele firmware van Asus. Het bevat onder meer bugfixes en kleine verbeteringen, maar probeert toch dicht bij het origineel te blijven, zodat het mogelijk blijft om nieuwe features die Asus introduceert toe te voegen aan de code. Versie 380.68 is uitgekomen en hierin zijn de volgende veranderingen en verbeteringen aangebracht:
- Due to major webui changes, you will need to either flush your browser cache, or force it to reload the page (shift-reload) the first time you access the webui after upgrading to 380.68.
- Merged GPL 380_7743 binary blobs for the RT-N66U.
- Backported Ethernet port status report on the Network Map from GPL 382.
- Description field added to OpenVPN client configuration
- Added missing hash types to ipset_arm (Patch by john9527)
- Added hostname Busybox applet, used by some Entware packages
- Added TPROXY netfilter target module (ARM only)
- Switched webui menu generation code to GPL 382 code. This new code is easier for me to maintain.
- Used webui menu icons from GPL 382.
- Re-organized VPN pages, merging some together.
- Reworked VPNStatus page, will now refresh itself every 5 seconds. It will also report a client's local and public IP addresses.
- Re-designed webui interface for managing SSL certificate. Added Upload button, and revamped certificate info display (includes some backports from GPL 382)
- Removed option to enable/disable persistent webui certificate - they are now always persistent.
- Reworked Tools -> Sysinfo page, dynamic data will refresh itself every 3 seconds, also port ordering will be more consistent, and display based on the new tableAPI from GPL 382.
- Backported system log page from GPL 382: moved logging settings to it, added option to set a remote syslog server's port, and shown log will auto refresh.
- Re-designed DHCP Lease log page to use the new tableAPI, with sortable fields (defaults to IP sort)
- Do not alternate between ntp server from webui and the one hardcoded in nvram - use webui one, unless it's empty - then use the second server set in nvram.
- Moved App icon out of the notification area and into the footer of the page, with other links.
- Updated Curl to 7.54.1
- Updated nano to 2.8.6
- Re-designed the way the Tor database gets backed up, so it won't grow stale by never being updated.
- Define and forward a small range of ports (57535-57565) for use for passive FTP (needed for TLS over WAN).
- Reduce the amount of logging done while configuring policy-based routing for an OpenVPN client when using the default log verbosity level of 3.
- Duplicate LAN port 1 shown for the RT-AC87U on the Sysinfo page.
- Port forward/UPNP issues with CTF enabled depending on selected NAT loopback mode.
- URL filtering wasn't working over IPv4.
- OpenVPN instances could potentially start too early at boot time (before clock was set)
- When multiple OpenVPN clients are connected to the router, their username wouldn't show as Connected.
- Progress report would go to 200% if you changed a setting and started or stopped an OpenVPN client or server.
- Security issues CVE-2017-11344, CVE-2017-11345 and CVE-2017-11420 in networkmap (patches by Kilo Foxtrot Papa)
- Webui self-generated certificate could sometime be invalid due to a race condition between the SSL and non-SSL httpd instances starting at the same time.
- Tor would fail to start if there was a backed up database in /jffs/.tordb, due to bad permissions.
- SMB sharing without user authentication would fail if router's admin username was changed from "admin" (Asus bug)
- SMB sharing without user authentication would cause SMB2 to downgrade to SMB1.
- 5GHz-2 would show an "undefined" channel on the Wireless-> General and in the wifi popup if 5GHz-1 was disabled (Asus bug).