Download Firmware Asuswrt-Merlin 380.66

Asus uses Tomato-derived firmware called Asuswrt for its newer routers, such as the RT-AC66U and RT-AC87U. This firmware is, with the exception of a few drivers, open source, whereby the closed binaries are included. Asuswrt-merlin, in turn, is a modified version of the original firmware from Asus. It includes bug fixes and minor improvements, but still tries to stay close to the original, so that it remains possible to add new features that Asus introduces to the code. Version 380.66 has been released with the following changes and improvements:

New:

• Merged with GPL 380_7378
  Notable changes:
  • Port forwards can select a specific source IP
  • Security fixes for CVE-2017-5891, CVE-2017-5892 and CVE-2017-6547

  Note:

  • If you are experiencing new wifi stability issues, try disabling Airtime Fairness on the Wireless -> Professional page (on all bands).
• Option to disable Wanduck’s constant DNS probing for WAN state (Tools -> Other Settings)
• Allow disabling the use of DH, by entering “none” in the DH field for OpenVPN server config.
• Added new Internet redirection mode to OpenVPN clients called “Policy Rule (Strict)”. The difference from the existing “Policy Rule” mode is that in strict mode, only rules that specifically target the tunnel’s interface will be used. This that you don’t leak ensures traffic through global or other tunnel routes, however it also means any static route you might have defined at the WAN level will not be copied either.

Changed:

• Ovpn importer now recognizes the “port” and “reneg-sec” parameters.
• Ovpn importer now support a third argument for the “remote” parameter, allowing to specify the protocol.
• Updated Tor to 0.2.9.10
• Updated nano to 2.8.1
• Updated OpenVPN to 2.4.2
• Updated LZ4 to 1.7.5 (used by OpenVPN)
• SSL certificate generated for httpds will now contain SANs for hostname, router.asus.com, IP and DDNS hostname.
• Make minidlna always use the same uuid, based on the LAN MAC (original patch by john9527)
• Better feedback provided when an ovpn file upload generates a problem due to a key/cert that’s not provided inline. Inform the user which of these he will need to manually provide.
• Disable bridge multicast_snooping, as this should be unnecessary, and it could interfere with EMF, UPNP and other multicast applications. Can be re-enabled from the Tools -> Other Settings page.

Removed:

• The Virtual Server page no longer allows users to edit existing port forwards (our existing code is incompatible with Asus’s newer webui code and will need to be re-implemented.)

Fixed:

• WOL page fails to load if adding a client with a quote in its name.
• Couldn’t add a DHCP reservation client if its name contained a quote.
• New outbound connections weren’t logged if firewall logging was enabled.
• OpenVPN server didn’t always work properly in udp mode when in a dual stack IPv4/IPv6 environment (backport from GPL 382_9736)
• When disabling NCP support in OpenVPN, the router could still be trying to use it if the remote end had it enabled.
• Potential CVE-2016-10229 security issue in kernel (unsure whether our kernel was vulnerable or not)
• ovpn file import would fail to import auth hash or cipher if they weren’t uppercase.
• Couldn’t edit SMB permissions if the disk had multiple partitions (Asus bug) (patch by Jeremy Goss)
• Exporting a client.ovpn file with no existing CA could generate garbled output in the generated file.