Asus gebruikt voor zijn routers, zoals de RT-AC68 en RT-AX88, van een Tomato afgeleide firmware met de naam Asuswrt. Deze firmware is, op enkele drivers na, opensource, waarbij de gesloten binaries wel meegeleverd worden. Asuswrt-merlin is op zijn beurt een aangepaste versie van de originele firmware van Asus. Het bevat onder meer bugfixes en kleine verbeteringen, maar probeert toch dicht bij het origineel te blijven, zodat het mogelijk blijft om nieuwe features die Asus introduceert, toe te voegen aan de code. De complete changelog voor versie 384.19 is op deze pagina te vinden, dit zijn in het kort de hoogtepunten:
[Release] Asuswrt-Merlin 384.19 is now availableAsuswrt-Merlin 384.19 is now available for all supported models, except for the RT-AX56U (no up-to-date GPL available for that model).
The main changes of this release are the merge of GPL updates, and a nearly complete rewrite of the OpenVPN implementation (functionality should remain mostly unchanged, aside from a few minor things documented in the changelog, and a few bug fixes.)
IMPORTANT: due to a flash partition layout change from Asus on the RT-AC86U, the JFFS partition content for that model may be missing or corrupted following the upgrade to 384.19. Make sure you make a backup of your JFFS partition before upgrading. If you run into issues, then reformat the JFFS partition (don`t forget to reboot), then restore your JFFS backup.
New:Updated:
- Added support for static routes for PPTP/L2TP VPN clients, on the Static Route page (themiron)
- Added notification when JFFS free space drops below 3 MB.
Changed:
- Merged GPL 384_9354 for AX models.
- Merged GPL 384_81992 for mainline models.
- Merged SDK + binary blobs 384_9354 for RT-AX58U.
- Merged SDK + binary blobs 384_9107 for RT_AX88U.
- Merged binary blobs + SDK 384_81981 for RT_AC5300.
- Merged binary blobs + SDK 384_81992 for RT-AC86U.
- Merged bwdpi components from 385_20630 firmware image for RT-AC68U.
- dnsmasq to 2.82-openssl (themiron)
Fixed:
- Rewrote a large portion of the OpenVPN implementation, to make the code easier to maintain. The new libovpn code is released under a GPL licence. Functionality should largely remain the same.
- Replaced updown-*.sh OpenVPN event handler scripts with binary libovpn functions. The new code does stricter validation of the configuration.
- Enabling Client Config Dir (ccd) for an OpenVPN server in non-exclusive mode will no longer accept duplicate common names (to prevent issues with two clients trying to share the same settings). If you need such an unusual setup, you should enable "Username/Password auth only", which will make the common name become the username. Or better, ensure that you have unique certificates for all of your users.
- Removed the (undocumented) vpn_debug setting. Debug logging will now only come from OpenVPN itself (configurable through the log verbosity setting).
- Improved mechanism for providing an available mount point for addon API scripters (dave14305)
- Harmonized the various SSL certificate modes with upstream.
0 - None - will be self-generated
1 - Imported - lets you upload your own (no longer self generated unless you don't upload one)
2 - Let's Encrypt (unchanged)
Self-generated cert will be stored to /jffs/cert.tgz, just like upstream.
- Broken French webui on AX models (fixed with Asus's GPL update)
- Chacha20 wasn't prioritized for bcm675x models which lacked AES acceleration (RT-AX56U and RT-AX58U)
- ddns updates and OpenVPN instances might be launched twice at boot time if the initial ntp clock sync happened too fast.
- Enforced DNS and tQoS fix would be lost when the firewall gets restarted while an OpenVPN client is running.
- Various issues surrounding error state report when an OpenVPN client failed to start properly.
- WINS provided by an OpenVPN server weren't properly used.
- Some large DNS queries could fail when using DoT (patch backported from upstream)