Asus gebruikt voor zijn routers, zoals de RT-AC68 en RT-AX88, van een Tomato afgeleide firmware met de naam Asuswrt. Deze firmware is, op enkele drivers na, opensource, waarbij de gesloten binaries wel meegeleverd worden. Asuswrt-merlin is op zijn beurt een aangepaste versie van de originele firmware van Asus. Het bevat onder meer bugfixes en kleine verbeteringen, maar probeert toch dicht bij het origineel te blijven, zodat het mogelijk blijft om nieuwe features die Asus introduceert, toe te voegen aan de code. De changelog voor versie 386.1 ziet er als volgt uit:
Asuswrt-Merlin 386/NG Changelog
Switched to the new 386 codebase. 386 introduces AiMesh 2.0, finalizes the move to OpenSSL 1.1.1 firmware-wide, adds a new speedtest (powered by Ookla). For more details, please refer to Asus's own release notes.Note:
- For developers, note that firmware code is once again back on the master branch, with both mainline and ax being reunified again.
- Some users upgrading might have to go through some database maintenance on first boot, which means the router might be slower or have a non-responsive webui for a while. This can take anywhere from 5 minutes up to an hour, depending on your model, just give it time to complete the process.
- Added support for the RT-AX86U.
- Added support for the GT-AC2900, with a few restrictions:
- Non-ROG UI is used
- VPN Fusion is not supported
- A few other ROG-specific features are not supported
This is an experiment done in collaboration with Asus.
- Added support for the RT-AC68U V3.
- Added stub and stub-v2 compression options to OpenVPN clients. Not added to server, since compression is considered deprecated, and will be removed most likely in OpenVPN 2.6, for security reasons.
- Added tls-crypt-v2 support to OpenVPN clients.
- Added option to select an OpenVPN client when running Oookla Speedtest.
- Merged GPL 386_41700
- Openssl to 1.1.1i.
- Updated to OpenVPN 2.5.0. Note that OpenVPN 2.4.0 or newer is now required by the exported client config file. You can still manually configure an older client to connect with your router.
- dnsmasq to 2.84, resolving CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686 aka DNSpooq (themiron)
- nano to 5.2.
- curl to 7.72.0.
- zlib to 1.2.11.
- lz4 to 1.9.2.
- e2fsprogs to 1.45.6.
- dropbear to 2020.81.
- miniupnpd to 2.2 (git snapshot from 20201129)
- Switched userspace ipset from 6.32 to 7.6 (to match with upstream)
- firmware update checks are no longer using the server address stored in nvram, for security reasons. Devs who were using that nvram should instead edit the webs_scripts/* to use their own URL.
- The old legacy cipher setting in OpenVPN is now only available when running with static key authentication.
- Tweaks to the OpenVPN webui layout
- OpenVPN clients will now NAT all outbound traffic, regardless of the source subnet.
- Reworked the display of DNSPrivacy presets
- Added AdGuard (ad blocking) and CIRA Canadian Shield (non US-based service) to the DNSPrivacy presets.
- At boot time, OpenVPN killswitch will only be applied for clients set to auto-start with WAN.
- Increased number of available mount points for addon webpages to 20.
- Multiple routes can now be defined per client on the OpenVPN client-specific configuration.
- Improved NAT acceleration report for newer models on the sysinfo page. Now query the hardware for the current state instead of reporting the nvram values.
- When logging allowed connections is enabled, also log outbound LAN connections (reverts to the behaviour from a few years ago)
- DHCP could fail to renew its lease with some ISPs when Trend Micro engine was enabled (workaround provided by Asus)
- OpenVPN client remote IP wasn't updated on client stop/restart.
- Couldn't force generating a new SSL certificate for the webui.
- Option to disable NCP. The NCP cipher list is now used both for NCP and non-NCP endpoints.
- fq_codel support for Adaptive QoS. Due to a change in how Trend Micro configures QoS, it is no longer possible to intercept these to inject fq_codel.
- Option to select sfq as a queue scheduler for t.QoS or Bandwidth Limiter, and always use fq_codel.
- Support for the Cloudcheck mobile app.