1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Fork] Tomato by Shibby, compiled by @kille72

Discussion in 'Tomato Firmware' started by kille72, Mar 24, 2017.

  1. ghoffman

    ghoffman LI Guru Member

    thnak you. working on R6300v2.
    i had 138.13 AIO, and upgraded to 138.14 VPN with reset.
    funcions as main router for household without problem.

    however, some cosmetic issues:
    Captive Portal and Web Server appear in main menu, but are not implemented in VPN build; clicking on them goes to blank pages.
    this is fine, and may be a cleaner way to maintain than old implementation, which removed unavailable features from menues.
    i did not know if this is desired behavior or not.
    thnaks again.
     
    kille72 likes this.
  2. kille72

    kille72 LI Guru Member

    Last edited: Apr 16, 2017
  3. ghoffman

    ghoffman LI Guru Member

    @kille72: that did it. doh. thnak you.
     
    kille72 likes this.
  4. H48W30c0HK

    H48W30c0HK Network Newbie Member

    For what it's worth, my strange DHCP issue persists with 138.14 on a Asus RT-AC68U

    - single device (Vonage VDV23-VD ATA) seems to be stuck in DHCPDISCOVER/DHCPOFFER loop
    - tried a "hard" factory reset of the Vonage ATA as well as doing a full clear of NVRAM of router
    - problem goes away when I reinstall Shibby v138 AIO
     
  5. AndreDVJ

    AndreDVJ Addicted to LI Member

    There was changes on dnsmasq that I ported to Tomato-ARM recently. You may try 138.12 and see if the issue goes away.

    Maybe that DHCP client doesn't like the DHCPOFFER coming from dnsmasq, and broadcast another DHCPDISCOVER on the LAN. Please post logs coming from dnsmasq in either syslog or file specified as log-facility.

    The related change that comes into mind is: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=88a77a78ad27adc3ed87b7ee603643d26cb896ee

    Maybe reverting the relevant code to the previous version can solve the culprit, but now we are in danger of being stuck in version 2.76, and forced to backport any future changes.
     
    H48W30c0HK and kille72 like this.
  6. kille72

    kille72 LI Guru Member

    I got reports that Asus RT-AC68U had a tendency to freeze up from time to time with previous MultiWAN versions. After update of dnsmasq it has not happened so far. One thing is better and another worse, unfortunately...

    @H48W30c0HK: Have you cleared NVRAM and configured from scratch?
     
    Last edited: Apr 17, 2017
  7. kw_broadens

    kw_broadens Network Newbie Member

    Thanks @kille72! Upgraded my R8000 with nvram erase. Only problem I see is that Status Overview now tells me I can upgrade to Tomato by Shibby. I hoped for the briefest moment that he had released v139 :)

    !! Attention !!
    Tomato by Shibby undefined is now available.​

    I can get rid of it by unticking Tomato Update Notification System: Enable on the TomatoAnon page.

    Ken.
     
  8. edusodanos

    edusodanos Serious Server Member

    Kille72, thanks for your efforts ahead of the tomato, if you have time could compile the v132vpn with all the updates? Because there are many who do not need the multiwan function.
     
  9. AndreDVJ

    AndreDVJ Addicted to LI Member

    Update system matches string coming from nvram value os_version. @kille72 you should try and see if removing anon_update() function from status-overview.asp would work. Auto-update at this point is pretty pointless.
     
    kille72 likes this.
  10. GhaladReam

    GhaladReam Network Guru Member

    A while back, there was a bug in dropbear that broke Socks5 proxy.. The bug in question is referenced in this thread:

    http://www.linksysinfo.org/index.php?threads/ssh-daemon-issue-tunneling.72603/

    @kille72,

    Can you tell me if this bug is in your builds? Last I checked, Shibby's 138 release still had the bug (because of the broken version of dropbear)

    A better question is, what exact version of Dropbear is in 138.14? Looks like the problem was fixed in dropbear during June 2016.
     
  11. kille72

    kille72 LI Guru Member

    Yes, I will do that!
     
  12. kille72

    kille72 LI Guru Member

    Latest version of Dropbear:
    Code:
    # dropbear -V
    Dropbear v2016.74
    https://matt.ucc.asn.au/dropbear/CHANGES
     
  13. AndreDVJ

    AndreDVJ Addicted to LI Member

  14. H48W30c0HK

    H48W30c0HK Network Newbie Member

    @AndreDVJ @kille72

    Okay, I tried 138.12 and DHCP provisioning worked fine with the Vonage ATA. (And yes, to answer @kille72 , I did completely clear NVRAM when testing the 138.14 build).

    I'm going to reflash the 138.14 build now and will post logs for you.

    EDIT: I've attached the syslog (dnsmasq messages only). The problematic ATA device is MAC 60:6d:c7:yy:yy:yy (I've obscured unnecessary identifiers).
     

    Attached Files:

    Last edited: Apr 18, 2017
  15. AndreDVJ

    AndreDVJ Addicted to LI Member

    Are there any logs on your Vonage device that may tell us if it's discarding the DHCPOFFER packet or something?

    Anyway, I'd ask kille72 to revert file release/src-rt-6.x.4708/router/dnsmasq/src/rfc2131.c to the previous state and compile again.
     
  16. kille72

    kille72 LI Guru Member

    I can try to revert release/src-rt-6.x.4708/router/dnsmasq/src/rfc2131.c as @AndreDVJ propose and compile a test version. @H48W30c0HK What is your router? (AIO or VPN?)
     
  17. H48W30c0HK

    H48W30c0HK Network Newbie Member

    Thanks for the help, you guys are awesome.

    @kille72 : The build I'm using is RT-AC68U AIO.

    @AndreDVJ : I'll play around with the ATA today and see if I can pull any logs.
     
    kille72 likes this.
  18. kille72

    kille72 LI Guru Member

    @H48W30c0HK: I have sent download link to you as a private message.
     
  19. kille72

    kille72 LI Guru Member

    @H48W30c0HK: Glad to hear that the test version works fine. Test a few weeks and return with a report :) Thx @AndreDVJ!
     
  20. Elfew

    Elfew Network Guru Member

    So we have an issue with the new version of dnsmasq?
     
  21. AndreDVJ

    AndreDVJ Addicted to LI Member

    The issue isn't really with dnsmasq. It looks like that device doesn't like having RFC-6842 (Client-ids in DHCP replies.) being implemented in the DHCP server. We follow RFC's for the sake of compliance, and break compatibility with something else.

    Since Tomato is already hacked up to death, one more hack to make things work won't hurt anybody, once source code becomes a binary :p
     
    kille72 likes this.
  22. PetervdM

    PetervdM Network Guru Member

  23. AndreDVJ

    AndreDVJ Addicted to LI Member

  24. lubmar

    lubmar Network Newbie Member

    +1
    yep it would be nice to have a "simple" and newest (up to date) version ...
     
  25. feedzapper

    feedzapper Connected Client Member

    works also fine for me on Netgear R7000 -> 138.14 AIO-64k build
    nice to see OPENVPN 2.4.1 on arm :)
    I run all 2 openvpn clients at same time + 1 openvpn server with LZ4 compression
    meanwile for 4 days - STABLE
    Also tested AndreDVJ builds before , there are not compatible with my configuration from
    shibbys orginal V138 build AIO-64k. (got no WebGUI frontend after update)
    I need to reset to factory default before !
    No time to set all my router configs again :-(
     
    Last edited: Apr 20, 2017
  26. M_ars

    M_ars Network Guru Member

    You can use toastman versions, its based on v132 with a lot of updates and no multiwan
     
    kille72 likes this.
  27. edusodanos

    edusodanos Serious Server Member

    Toastman stopped upgrading and fixing bugs in January ...:(and @kille72 became a specialist in Shibby compilations ... if @kille72 have time, you can do a compilation on top of the 132vpn only for testing ...:)
     
  28. M_ars

    M_ars Network Guru Member

    The latest toastman builds are very stable. What bugs do you mean? I have not read about any problems :)
    Just because it does not include the latest updates of openvpn and so on its not old or does have bugs

    Maybe kille72 will do a special build v132 but i think that is a lot of work... why dont you use the latest multiwan build from kille72? Have not tested the latest build but the source code @ bitbucket looks very good. What is not working for you?
     
    edusodanos and kille72 like this.
  29. Elfew

    Elfew Network Guru Member

    I think that there wont be any updated build based on v132 from kille. Use Toastman if you dont need multi wan, or use latest kille build
     
    kille72 likes this.
  30. kille72

    kille72 LI Guru Member

    Toastman compiles versions without MultiWan that are stable and appreciated. My versions containing MultiWan, the goal is to get it better and better. I collaborate with Shibby, AndreDVJ and many others, picking up the best goodies. I don't have time and effort to start a new project and spend hundreds of hours with it, rather I put energy on existing MultiWAN.

    Summary:
    Shibby: multiWAN versions
    Kille72: multiWAN versions with tight updates
    Jacky: AdvancedTomato multiWAN
    Andre: AdvancedTomato multiWAN with tight updates
    Toastman: singleWAN versions
     
    Last edited: Apr 21, 2017
    M_ars, Elfew and edusodanos like this.
  31. edusodanos

    edusodanos Serious Server Member

    Forgive my ignorance, I figured it was only "swapping" packages to upgrade, not a lot of work and dedications, more thanks to everyone who keeps the tomato very much alive.;)

    I currently use the v138.14vpn (7000)
     
    M_ars and kille72 like this.
  32. AndreDVJ

    AndreDVJ Addicted to LI Member

    It's not that straight-forward to backport everything that was done on Multi-WAN to 132. Just looking at the commits page of my repo is enough to make me give up of retrofitting code and hacks back to what 132 was.

    I would need to see where AdvancedTomato GUI breaks. All I can do is to compare the GUI's and see if there's something that I would need to change. As far as I know, updating OpenVPN is just a "drag'n drop". If there are Tomato-specific stuff in the source code, I would need to hack them back to the source tree. Also I have been cherry-picking whatever killer72 pushes, just because often I'm lazy to update stuff myself, and git cherry-pick does all the job.
     
    kille72 likes this.
  33. RMerlin

    RMerlin Network Guru Member

    As a heads-up, you and the other Tomato maintainers might want to take a look at my recent changes to the gencert.sh script used to generate the httpd SSL certificate. A number of changes were recently made to it to better handle newer versions of Chrome and Firefox, which are deprecating the use of the CN field in favor of the SANs:

    https://github.com/RMerl/asuswrt-merlin/commits/master/release/src/router/httpd/gencert.sh

    There's a few pieces in it that are specific to Asuswrt which will need to be adjusted/removed (like the DDNS part or the hardcoded router.asus.com), but otherwise it would be a fairly simple adaptation for Tomato.

    The discussion that sparked these changes:

    https://www.snbforums.com/threads/warning-on-chrome-58.38671/
     
  34. feedzapper

    feedzapper Connected Client Member

    Image3.jpg
    Sorry AndreDVJ,
    maybe i miss understood.
    There is not a only problem for the AdvancedTomatoGUI.
    If i logged in to my normal WebGUI config , i got no regular WEB frontend in HTML.
    Only some points - i don`t no what exatly (i got it not in my brain) were accessible.
    I think there was only "Firmware Update" accessible and some other ones
    without TREE access.
    "ALL" without graphical Interface :-(
    Seems to that all services ran correctly with settings from nvram (also openvpn)
    only WebGUI fails.
    maybe different configs with Administration-> Web Admin settings. ?
    e.g. TTB Themes settings or /+ GUI Files ?
    Ok ok my favorite theme shows ASUS, but the router is always an NETGEAR R7000
     
    Last edited: Apr 23, 2017
  35. alf5683

    alf5683 Connected Client Member

    Hey :d

    So after 1 week of test I can say it's perfect !!
    I hav tested Multiwan, MultiVlan, virtual wirless, tor, OpenVpn, brandwitch limiter, AdBlock ! And of course Tinc !! the only thing is for tinc, I had to test with raspbian client beacause my RTN16 tinc client's is not update so tinc doesn't work. I think it's normal !

    If we exept the tinc compatibility issue's , it's perfect for me !

    I hope the problem with Radius/WPA2 Enterprise will be fix soon ^^
     
    William Clark and kille72 like this.
  36. kille72

    kille72 LI Guru Member

    @alf5683: I'm glad that you like it.
    @lancethepants: How is compatibility of 1.1pre14 with earlier versions?
     
    William Clark likes this.
  37. alf5683

    alf5683 Connected Client Member

    I saw lot of posts, and the problem is very regular... So pre14 run with pre14 and can't run correctly with pre11.
    For my exemple, I havhe this error :
    "Handshake phase not finished yet from client1"

    But some people have a compression issue... (not my case, compressoin "on" or "off" change nothing) So I think the best thing is run pre11 with pre11 ! and wait tinc's team resolve the compatibility issue ! Maybe one day ^^

    For now I reinstalled 138.13-Kille72 for tinc compatibility.
     
  38. kille72

    kille72 LI Guru Member

    Shibby's v140 for MIPS will contain Tinc 1.1pre14 for your RT-N16 :)
     
    Last edited: Apr 23, 2017
  39. edusodanos

    edusodanos Serious Server Member

    Will it be released version 139? He is already testing the 140 ...
     
  40. kille72

    kille72 LI Guru Member

    No official version 139, it was just a test-version. The official version will be 140.
     
  41. alf5683

    alf5683 Connected Client Member

    And we have to waiting patiently :d !!
     
  42. Elfew

    Elfew Network Guru Member

    Code:
    TO-DO:
    1. Problem with Radius/WPA2 Enterprise (since MultiWAN)
    2. "Tweak" Switch3/4g/Watchdog
    3. Slow 2.4GHz WiFi Netgear R6400
    4. Problem with Wireless Client Mode (since MultiWAN)
    5. Modeminfo in GUI
    6. UPS ON/OFF in GUI
    Will be #2 and #5 available in v140? Dont you know?
     
  43. kille72

    kille72 LI Guru Member

    #1: Shibby would look at this problem, I don't know if he's done with any fix in version 140.
    #2: It's my and Pedros project, we're testing it now. I come later with test versions 140.x that contain news for testing.
    #3: According to Shibby, it's hard to fix it without new drivers.
    #4: Has it ever worked?
    #5: NeoX is working on this project, now he paused so I do not know when it's ready.
    #6: Available in version 140.
    #7: Pedro and I also work with, Clean/Modify Tomato UI according to the Web Consortium W3C standard.
    #8: Tomato Autoupdate system will inform about new versions by Kille72 (in my builds).

    There will be some more news in version 140 by Shibby, you'll see soon :)
     
    Last edited: Apr 23, 2017
    Elfew, William Clark and M_ars like this.
  44. lancethepants

    lancethepants Network Guru Member

    In my tinc thread I have this.

    I was hoping 1.1 final was coming soon, but it has been years with only a few more pre-releases since. There are ways around tinc versioning if you can't upgrade all your routers at once. Pretty much mount binding static binaries stored in jffs over top the ones built in tomato. It's what I've done in the past.
     
    kille72 likes this.
  45. AndreDVJ

    AndreDVJ Addicted to LI Member

    Chrome 58 indeed complains about SAN missing, but still renders stuff correctly (I use AT GUI, no idea about the default GUI, neither I care).

    I tried to update this using several approaches, but ended up ripping off your code for the most part.

    upload_2017-4-24_14-12-58.png

    Regarding this:
    Obsolete Connection Settings
    The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).

    I have no idea how to generate a key with a different algorithm.

    I wanted somehow to keep the epoch stuff when we generate certificates, but I had compilation issues that drove me so mad that I got rid of all hacks in the source. Binary size got up by 100KB but I don't care anymore. At least I don't have to worry anymore about getting back all hacks in place when updating OpenSSL.

    https://bitbucket.org/AndreDVJ/advancedtomato-arm/commits/all

    I am known of breaking stuff, so I initially didn't want to push my changes to my repo but did anyway. If anyone knows anything else that requires OpenSSL, let me know.

    If anyone has anything to suggest as an improvement, feel free to do so, otherwise I'm done with that script. It doesn't look good, but it works at my end.
     
    William Clark and kille72 like this.
  46. AndreDVJ

    AndreDVJ Addicted to LI Member

    I am also pushing R7000 build (what's running on my router) and an AC68U build in my repo. Well since these two devices are the most popular ARM ones, will be easier to hear out if I broke something else.
     
    kille72 likes this.
  47. RMerlin

    RMerlin Network Guru Member

    Make sure you implemented ECDHE support in mssl. My commits are here:

    https://github.com/RMerl/asuswrt-merlin/commit/f6b875f2bbf330fe40bcb55031a6ccd0a2cad3be
    https://github.com/RMerl/asuswrt-merlin/commit/b819b5f3c16760ba7e683b1c1a98ad66051f3167

    Also note that some versions of Safari have broken ECDHE support. I'm not sure if disabling it for Safari is still relevant today, I haven't revisited that code since I initially implemented it.
     
  48. AndreDVJ

    AndreDVJ Addicted to LI Member

    Shibby implemented: https://bitbucket.org/pl_shibby/tomato-arm/commits/d5514b3cc69da85c17380920f978788e1be14aae

    And yes I found by myself what broke. Rebooting the router, web interface starts before WAN, so router is still back at the start of UNIX's epoch time. Certificate gets created and is valid from that time until January 1st 1980.

    I'm no good with OpenSSL, but I will try something to set these dates. Hacking back setstartsecs can be an option.
     
  49. RMerlin

    RMerlin Network Guru Member

    I believe that's why Asus uses the SECS global var, tho I never really investigated that specific bit.

    I remember openssl also used to have a patch related to certificates, but I can't remember what it was for - been years since I've upgraded from the heavily patched openssl to a more vanilla-one. There was one specific patch which I've kept at the time.
     
  50. AndreDVJ

    AndreDVJ Addicted to LI Member

    Something else did the trick, and better than I wanted.

    I added support for -startdate and -enddate arguments in req command for OpenSSL.

    I still don't know how to enforce another key exchange algorithm. I copied/pasted AsusWRT's mssl.c, and had the same result. Something has to do with httpd, but I have no clue what to look.

    I can't get much better than this, but at least I got somewhere.

    upload_2017-4-25_13-54-3.png
     
    William Clark, Elfew and kille72 like this.
  51. RMerlin

    RMerlin Network Guru Member

    Try a different browser and see what key exchange mechanism it uses.

    You could also test everything by exposing your webui to the WAN, then running a test suite such as https://www.ssllabs.com/ssltest/ on your router's webui.

    This is what I get here with my router:

    Code:
    
    
    # TLS 1.2 (suites in server-preferred order)
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256
    TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)    128
    TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)    256
    TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)    128
    TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)    256
    TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)    128
    TLS_RSA_WITH_AES_256_CBC_SHA (0x35)    256
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)    256
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)    128
    TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK    112
    
     
    William Clark likes this.
  52. Elfew

    Elfew Network Guru Member

    That sounds like a plan :) I am looking forward!
     
    The Master likes this.
  53. The Master

    The Master Network Guru Member

    Nice new Funktions :) I LIKE IT...

    But no Date :/
     
  54. alf5683

    alf5683 Connected Client Member

    One Day !
     
  55. kille72

    kille72 LI Guru Member

    Last edited: Apr 29, 2017
    William Clark, Elfew, M_ars and 2 others like this.
  56. kille72

    kille72 LI Guru Member

    Some news that are visible in UI:

    1.png 2.png 3.png 6.png 7.png
     
    The Master and M_ars like this.
  57. The Master

    The Master Network Guru Member

  58. kille72

    kille72 LI Guru Member

  59. ve52001

    ve52001 Network Newbie Member

    Hey kille72, maybe you can help me when you get a chance. I'm running 138.13 and it had the same behavior in 138.14. When I put in dhcp-option DNS 209.222.18.222 in my openvpn config for my openvpn client it pushes this dns to everyone on the router. Is there a dnsmaq custom script or something you suggest on how I can prevent this? I'm still learning but I did try some IPtables scripts in the firewall but was unsuccessful. And I also want to thank everyone who is contributing to keep tomato alive, it is great firmware to use.
     
  60. kille72

    kille72 LI Guru Member

    Show us the entire OpenVPN configuration with print screens please.
     
  61. ve52001

    ve52001 Network Newbie Member

  62. ve52001

    ve52001 Network Newbie Member

    In the logs I see this, which shows it pushing the dns option to everyone it looks like to me.

    Apr 29 15:22:35 unknown daemon.info dnsmasq[3761]: reading /etc/resolv.dnsmasq
    Apr 29 15:22:35 unknown daemon.info dnsmasq[3761]: using nameserver 209.222.18.222#53
    Apr 29 15:22:35 unknown daemon.info dnsmasq[3761]: using nameserver 209.222.18.218#53
    Apr 29 15:22:35 unknown daemon.info dnsmasq[3761]: using nameserver 2607:f428:ffff:ffff::2#53
    Apr 29 15:22:35 unknown daemon.info dnsmasq[3761]: using nameserver 71.10.216.1#53
    Apr 29 15:22:35 unknown daemon.info dnsmasq[3761]: using nameserver 71.10.216.2#53

    The first two dns servers are only inputted in the openvpn config
     
  63. kille72

    kille72 LI Guru Member

    Accept DNS configuration: Strict, have you tested other options there?
     
  64. ve52001

    ve52001 Network Newbie Member

    yes I have, relaxed = normal dns for everyone including clients on vpn which ignores the dns config, and strict & exlusive = everyone on the dns server from my openvpn config.
     
  65. kille72

    kille72 LI Guru Member

    Has it worked in earlier versions with older OpenVPN?
     
  66. ve52001

    ve52001 Network Newbie Member

    I noticed it when I switched to 138.14 then tried 138.13, from shibby 138. So I believe I noticed it after 2.39, because doesn't 138.13 have 2.40 and 138.14 have 2.41? I know when useing PIA in 2.41 i never could get the right config set to keep the vpn from timing out over time as well, but that has to do with their configs and 2.41 I believe. The timing out, is something PIA will have to adjust probably to allow more clients to use 2.41 with their vpn service.
     
  67. ve52001

    ve52001 Network Newbie Member

    I would hate to go back to a previous version. The Wifi seems much better on the builds you have released on my R7000 recently.
     
  68. kille72

    kille72 LI Guru Member

    Yes, in version 138.14 > OpenVPN: updated to 2.4.1. I have not changed anything in WiFi, which version works best for you?
     
  69. ve52001

    ve52001 Network Newbie Member

    If I want to keep useing the vpn client with the dns option I guess I would have to go back to a version with 2.3.9. I was hoping I was missing something with a config or something, and would be able to stay with 2.4 and maybe soon go back to 2.41. The WiFi on your versions vs older Shibby versions seems better on my R7000, so I'll just stay put on 138.13 till 140 comes out and test it. Thanks for looking.
     
    kille72 likes this.
  70. kille72

    kille72 LI Guru Member

    I'm not an OpenVPN expert, I hope some other people can also look at your problem...
     
  71. ve52001

    ve52001 Network Newbie Member

    I was hoping someone else noticed it, but maybe when v140 comes out more will notice. Thanks again for replying.
     
    kille72 likes this.
  72. RMerlin

    RMerlin Network Guru Member

    cybrnook, jerrm, Mercjoe and 2 others like this.
  73. kille72

    kille72 LI Guru Member

    Version 139 coming soon... Special thanks to AndreDVJ and Pedro, cheers!

     
    Last edited: Apr 30, 2017
    gffmac and Elfew like this.
  74. rs232

    rs232 Network Guru Member

    2x question on tinc:

    I've upgraded from .14 to v139 without flashing the nvram (which I should probably do at this point)

    - Can you please confirm what the "tinc poll" function does in v139?
    Is this the same as this?
    http://www.linksysinfo.org/index.php?threads/tinc-mesh-vpn.70257/page-3#post-281490

    - Regardless under the Tinc page (on 2x different units) only the Config tab is visible. The others are empty.

    Thanks
     
  75. racef@ce

    racef@ce Network Newbie Member

    Thanks @kille72 - Keep up the Great work.

    Router: Netgear R6250
    Firmware: Tomato v1.28.0000 -139-kille72- K26ARM USB VPN-64K
    Kernel: 2.6.36.4 brcmarm #6 SMP PREEMPT Sat Apr 29 21:48:37 CEST 2017 armv
    Status: Working stable
    Reset: No, upgraded from version: 138.14

     
    kille72 likes this.
  76. kille72

    kille72 LI Guru Member

    First bug: SAVE button in /basic-static.asp :(
     
  77. Nelbin Binag

    Nelbin Binag Reformed Router Member

    Router: Linksys EA6900
    Firmware: 139 fork by kille72
    Kernel: Linux kernel 2.6.36.4brcmarm and Broadcom Wireless Driver 6.37.14.86 (r456083)
    Status: Stable as of now
    Connection Uptime: 0 days, 00:05:36
    Reset: Yes
     
    kille72 likes this.
  78. The Master

    The Master Network Guru Member

    Is there a Plan for a new Build Fix?
     
  79. kille72

    kille72 LI Guru Member

    I'm removing v139, fix coming soon!
     
    The Master likes this.
  80. The Master

    The Master Network Guru Member

    Thank you :)
     
    kille72 likes this.
  81. ArmsAsuncion

    ArmsAsuncion New Member Member

    I don't know where to ask, but going to ask here anyways.

    I'm new to Tomato FW, and I'm currently using your latest fork (138.14), on a Linksys AE6900. I set-up my network to use the local DNS feature, and set the cache size to 10,000 via the Custom configuration. It seems to be working fine as the dnsmasq w/ log-queries logs shows that it's caching. But...

    I tried using the DIG command so I could check the response time between the cached and un-cached results. (I can't post the DIG results since I'm new here...)

    First time I used DIG (Un-cached, fetched from my ISP's DNS): 200ms
    And here's the second try (I tried it the third/fourth time and I got the same query time): 179ms

    Is this normal? Also, other domain names has a higher query time (Eg. 270~ uncached and 240~ cached). I tried using a different DNS server, like Google's, but it doesn't fix the problem. I heard cached queries should be 1ms, or at least 2 digits.

    Thanks~!
     
  82. lancethepants

    lancethepants Network Guru Member

    Yes, it is in response to the post you mentioned. It is implemented in the same manner that OpenVPN poll is done. Tinc worked fine at the time and commit of my pull request, I can't say what you're currently experiencing.
     
    alf5683, rs232 and kille72 like this.
  83. kille72

    kille72 LI Guru Member

    No problem here, maybe clear browser cache...

    1.png 2.png 3.png 4.png 5.png
     
    William Clark and rs232 like this.
  84. kille72

    kille72 LI Guru Member

    Last edited: May 1, 2017
    alf5683, Aardvark, gffmac and 2 others like this.
  85. The Master

    The Master Network Guru Member

    kille72 likes this.
  86. Aardvark

    Aardvark Reformed Router Member

    Wireless Site Survey doesn't seem to be working (RT-AC68U VPN version). The page never populates with anything, other than the "Warning: Wireless connections to this router may be disrupted while using this tool" message.

    Edit:
    Status > Device List is also empty, even though there are clients connected to the router.

    Anyone else having these symptoms?
     
    Last edited: May 1, 2017
  87. kille72

    kille72 LI Guru Member

    It works here, try to delete cache in the browser. Maybe someone else also test please?

    devices.png wifi.png
     
  88. Aardvark

    Aardvark Reformed Router Member

    Doh, cleared cache and now working :rolleyes:. Thank you!
     
    kille72 likes this.
  89. kille72

    kille72 LI Guru Member

  90. racef@ce

    racef@ce Network Newbie Member

    Router: Netgear R6250
    Firmware: Tomato v1.28.0000 -139-kille72- K26ARM USB VPN-64K
    Kernel: 2.6.36.4brcmarm #6 SMP PREEMPT Mon May 1 03:32:41 CEST 2017 armv7
    Status: Working stable so far
    Reset: No, upgraded from faulty version: 139
     
    kille72 likes this.
  91. Elfew

    Elfew Network Guru Member

    @kille72 - can you please fix lan LED for RT-18u? This router has only one led for LAN, so if you connect anything into LAN 1-4 it should be on, with Tomato this led is not working (turned off all the time, maybe there will be needed some code from Asus fw).

    Anyway I saw these commits from SDK7 branch (from shibby) on bitbucket, does it mean that shibby is working on it? https://bitbucket.org/AndreDVJ/advancedtomato-arm/commits/branch/SDK7
     
  92. kille72

    kille72 LI Guru Member

    @Elfew: Ok, we'll try to look at it.

    It's old Shibby's commits that André has ported to his new SDK7 repo :)
     
    Elfew likes this.
  93. Elfew

    Elfew Network Guru Member

    I am free for testing (RT-18u) - I reported this bug to shibby over PM last year - he wrote me that it is easy to fix but it needs some part of code from stock Asus fw.
     
    kille72 likes this.
  94. rs232

    rs232 Network Guru Member

    Can I add a short feature request list here?

    - Modify the warning popup for shutdown to be e.g. large, with lot of text and with plenty of exclamation marks. If you ask me the location of Shutdown is far too close to Reboot and if clicked by mistake while connected remotely does lead to logistic problems.
    - add mtr to the builds (extremely useful tool)
    - add a control page e.g. after tools/trace (like tools/mtr) to operate mtr from the GUI
    - prevent the very same mac addresses to be used on different interfaces - same device (e.g. WAN MAC and WLAN MAC). Yes a MAC address is locally significant only but this is a bad practice and should be avoided

    Thanks
     
    kille72 likes this.
  95. EvilMacGuyver

    EvilMacGuyver New Member Member

    Hello,
    I think I have found a small bug in Tomato Firmware 1.28.0000 -138.14-kille72- K26ARM USB AIO-64K. I have a device that is shown in the device list page but does not appear on the IP Traffic - Real-Time page. The device is named "Remix-Tablet". What is interesting about this is that I have a different device from the same manufacturer named "Remix-Mini" and it appears on both pages as expected. Both devices also have static DHCP entries.
    What is the best way to track down why this is happening?
     
  96. kille72

    kille72 LI Guru Member

    Test to enable IPTrafic in /basic-static.asp

    static.png
     
  97. feedzapper

    feedzapper Connected Client Member

    Test with : 139-kille72-AIO-64K and Netgear R7000

    both OPENVPN Clients 1+2 marked with : "Start with WAN"

    Client1 got Routing Policy :
    Redirect through VPN = X
    From Source IP : 192.168.0.3
    From Source IP : 192.168.0.112/29

    Client2 got Routing Policy :
    Redirect through VPN = X
    From Source IP : 192.168.0.2
    From Source IP : 192.168.0.5
    From Source IP : 192.168.0.104/29


    After reboot, WAN comes UP normaly and both clients comes up at the same time.
    Only the Routing Policy for the Client2 would be executed here....
    (The Syslog reports also this, that only the Policy Routing for Client2 had been set)
    If i STOP Client1 manually and restart it again, also the routing policy for client1 would be also now executed.
    with 138.14 it works correctly after reboot with the 1 try !
    maybe a timing problem ?
     
    Last edited: May 2, 2017
  98. kille72

    kille72 LI Guru Member

    We'll look at it.
     
    Elfew likes this.
  99. Elfew

    Elfew Network Guru Member

    OK, @shibby20 release v140 - does it contain all of your fixes from build v139?
     
    alf5683 likes this.
  100. kille72

    kille72 LI Guru Member

Share This Page