1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Neorouter modified firmware

Discussion in 'Tomato Firmware' started by averylinden, Feb 24, 2009.

  1. averylinden

    averylinden Addicted to LI Member

    I stumbled across the neorouter program when looking at VPN options for a home network. They have a tomato 1.23 ND image available for download and I was wondering if anyone had tried it?

    One feature that looks interesting is the ability for direct communication between remote VPN nodes. I use openvpn on ubuntu and all traffic needs to pass through the openvpn server.

    The site is www.neorouter.com
  2. occamsrazor

    occamsrazor Network Guru Member

    Very interesting find indeed... Seems they only have an ND build available, so am not going to try it yet on my WHR-G54S, but if it works with all the features it claims, it could be a very appealing new VPN solution.
  3. occamsrazor

    occamsrazor Network Guru Member

  4. hsyah

    hsyah Addicted to LI Member

    Can neorouter support site to site vpn ??

    Very interesting Neorouter modified firmware
  5. occamsrazor

    occamsrazor Network Guru Member

    Not sure if it can do site-to-site as in 1 router to another router but... one interesting feature is one vpn client can connect to another vpn client directly via P2P, with the server only being used for authentication. At least this is how I read it from here...

    "NeoRouter uses a hybrid peer-to-peer architecture. One of user's computers is designated as server to store user profiles and computer directory information, to handle authentication, and to mediate P2P connections among clients. Each client computer maintains a control connection to the server and establishes direct P2P connections to other clients for data transfer. If one or more clients are behind NAT or corporate firewalls, NeoRouter uses NAT traversal techniques to establish the direct connection."


    I'm keen to try it, but think my router (Buffalo WHR-G54S) needs a non-ND build of Tomato, so am waiting for them to compile it before I can do so... would be keen to hear from anyone who is able to try the current ND build they offer...
  6. occamsrazor

    occamsrazor Network Guru Member

    OK... so I took the jump and flashed the ND version of NeoRouter to my Buffalo WHR-G54S, which was previously running SgtPepper's "OpenVPN with GUI" mod. It flashed fine and kept all my settings from the previous firmware. The NeoRouter build based on Tomato 1.23 ND is available here:


    After flashing, you have to enable and format JFFS (which is where NeoRouter appears to store it's configuration and certificates), add the following line to the WAN UP script, and then reboot, to get the NeoRouter server running:

    /usr/bin/neorouter.sh start
    There's some more instructions here:


    There is no specific GUI in the tomato router, but that's OK because you configure everything through the NeoRouter Console software - which is part of the NeoRouter server software on the downloads page (I'm using the Windows version). Basically there's two applications to use:

    1. NeoRouter Network Explorer aka ClientUI - this is the VPN client app that you use to connect to the router. There's a portable version suitable for use on a USB key available. There's also a version-update facility via a menu.

    2. NeoRouter Configuration Explorer aka Console - this is the administration app you use to setup user accounts, computers, server port and domain.

    The NeoRouter server appears to contain a built-in dynamic dns service hosted at neorouter.com that also stores the server port number, so when you change the server port you don't need to change it on the clients. The clients just connect to a domain/username. I think you don't have to use this if you want, you could just use the server IP or your own dynamic address name.

    The default port is 32976, and the server appears to automatically open the firewall (though I haven't tested remotely). I tried changing it to 443, but had some problems and so reverted to the default port. Those problems may be fixable, I need to test more.

    For each remote computer that you enable access, you can define what services each user can connect to (FTP, SMB, VNC, etc). The cool thing is not only can each computer log onto the server, they can also connect directly to each other (if you allow that). So a file transfer from machine A to machine B will go directly - not via your router which is only used for authentication. This is the default behaviour - you can also set it so it does go via your router if you prefer that. So you can do stuff like Wake-on-LAN, VNC/Remote Desktop, File sharing etc from one client to another - you can fine tune what services are enabled to each user and machine in the Console. So you could allow one user access only to your shared folder, and a different user access to the shared folder plus VNC, etc.

    If you've ever used the peer-to-peer VPN application Hamachi, now known as LogMeIn I think, then you will find that NeoRouter is very similar in how it operates. The difference is that user accounts and authentication takes place on your router, not a 3rd Party server. Think a Hamachi server on your router.

    I still need to do some real testing of it, so far I've just installed it and tested it within my home LAN, but so far I have to say I am pretty impressed indeed.
  7. i1135t

    i1135t Network Guru Member

    Well, I tested to software itself without flashing the NeoRouter Mod and it works fine. I just had to port forward the port that the software was communicating on.

    Does the firmware mod allow the NeoRouter server to function without the need for a computer to be online to act as the server? If not, then I do not see the need to flash the NeoRouter firmware. All in all, a good piece of software just to have, kinda like Hamachi. Now I can VPN to my home connection and surf the web through the proxy addon. :)
  8. mstombs

    mstombs Network Guru Member

    Can someone explain the commercial status of NeoRouter?

    Where is the source-code used to build their mod of Tomato?
  9. occamsrazor

    occamsrazor Network Guru Member

    Yes and no... The firmware mod acts as the authentication server and controls all the interaction between the clients. The advantage being you don't need one particular computer running as server. So as long as the Tomato router is running, client A can connect to client B while C is off, or B to C while A is off, etc. The actual data connection can be via the router, or direct P2P.

    The disadvantage over OpenVPN is that each machine you want to connect to must have the client running and connected. So for example if remote client A wants to connect to LAN machine B, then LAN machine B must have the NeoRouter client running and connected. That may be OK for you, but so far their client doesn't support auto-reconnect, so if you're away and machine B's connection drops, you've got a problem.

    I've had a little time to test this remotely now, and these are my thoughts:


    - Minimal configuration - all certificates and authentication handled automatically. It's pretty user-friendly.
    - Client can run as a portable off of a USB key
    - Clients can make direct P2P connections e.g. for file transfer or VNC
    - Ability to fine-tune access permissions on a user or computer level.
    - Built-in (or add-on) functionality such as Remote Desktop, file-sharing, VNC, etc.
    - Built-in easily-setup dynamic dns (optional, you can use your own or direct IP if you prefer)


    - The NeoRouter/Tomato router/server doesn't give you a "raw" vpn connection to the LAN, as if you were at home connected by ethernet, like OpenVPN does. This is a client-to-client P2P architecture. Clients all get 8.x.x.x IP addresses, not IP addresses of the local LAN.
    - Any machine you want to connect to must have the client running and connected - that means non-computer devices e.g. a VOIP adapter with web interface on the LAN can't be accessed, and also computers that don't have a working client can't be accessed e.g. there is no Mac OS X client yet.
    - Inability (so far, they are working on it) for clients to auto-connect, meaning if you want to remotely connect to LAN machines, you're going to have a problem if the LAN machine's connection to the NeoRouter drops.
    - Making the actual connection is a bit buggy in my opinion. Sometimes it just doesn't work for me, e.g. if the connection drops and I try to reconnect it thinks I'm still logged on and won't let me logon again.

    A lot of the problems they are already aware of and have added to their fixing "to-do" list.

    To summarize, I think this is a great piece of software to allow remote clients to connect to each other wherever they are. If you have say multiple remote users in different places who need to connect to each other, this is a very good solution. If however your primary interest is in a straight and "pure" remote vpn connection into your LAN, then you are better served by OpenVPN.

    It is still rather "beta" in terms of reliability etc, but shows a lot of promise.

    mstombs - Yes, I was wondering that too....

  10. jz2000

    jz2000 Addicted to LI Member

    NeoRouter has just release new version 0.9.5, which supports both Tomato and Tomato-ND. The new changes including auto-sign, remembering password, bug fixes and so on. It starts supporting FON firmware as well. Check out www.neorouter.com
  11. jz2000

    jz2000 Addicted to LI Member

    NeoRouter has just release new version 0.9.65, which supports both Tomato and Tomato-ND. The new changes including Windows x64 support, NeoRouter for USB and so on. For details, check out www.neorouter.com:)
  12. jz2000

    jz2000 Addicted to LI Member

    NeoRouter has just released the latest version v0.9.8.


    * Mac OS X support
    * Multiple-language support
    * Skin support
    * Signed drivers for Vist+ x64, Windows 2008 R2 and Windows 7 X64 support
    * Added full command set to CLI on Win2k, Linux and Max OS X
    and more...

    For more information about NeoRouter, please check out http://www.neorouter.com
  13. jz2000

    jz2000 Addicted to LI Member

    NeoRouter has just released the latest version v0.9.8.


    * Mac OS X support
    * Multiple-language support
    * Skin support
    * Signed drivers for Vist+ x64, Windows 2008 R2 and Windows 7 X64 support
    * Added full command set to CLI on Win2k, Linux and Max OS X
    and more...

    For more information about NeoRouter, please check out http://www.neorouter.com
  14. occamsrazor

    occamsrazor Network Guru Member

    @jz2000 - Seeing as you've been posting all the Neorouter update info I'm assuming you work for them. If so could you comment on why Neorouter is using modified Tomato firmware but is not releasing the source code?
    At least last time I looked there was no source available, and while I'm no expert, wouldn't that be a GPL violation?
    If the situation has changed and the source is now available then my apologies....
  15. jz2000

    jz2000 Addicted to LI Member

    Hi occamsrazor,

    Thanks for your question. I am involved a little bit in the NeoRouter project and I basically agree with you in terms of the GPL license. I think they will publish the tomato source code sooner or later.

    But I'd like to clarify a little bit here, in case some users misunderstood about it. NeoRouter is a proprietary software running on the Tomato firmware (linux) or any other firmware like OpenWrt. It does not use any GPL libraries, so it does not break any rules defined in GPL license. Just like Oracle can run on Linux and so on.

    Due to the Tomato limitation, comparing to OpenWrt, NeoRouter has to be compiled using the same tool chain based on the Tomato firmware and released in this way, instead of released as models or packages like for OpenWrt. But to ensure the firmware's quality, it always uses the Tomato official release (currently it's 1.23) and didn't change anything (not like TomatoVPN).

    I believe they can publish the source code, but it's actually useless for normal users, as the Tomato source code used in NeoRouter firmware is exactly same as the official package.

    If someone requests for the Tomato source code from them, I think they would be happy to provide it.

    On the other hand, the reason I posted the news here is because I think some Tomato users may like it. Though we have Tomato VPN (very good mod), but openvpn is still a little bit hard for some non-tech users to play with.

    Let me know if I was wrong.

  16. occamsrazor

    occamsrazor Network Guru Member

    Thanks for taking the time to clarify, makes more sense to me now. I am no expert in the GPL, and don't pretend to be, I was just curious about the issue.
    I did try NeoRouter myself for a while, and it is pretty clever at what it does, I was quite impressed, though for my personal needs I decided to stick with TomatoVPN.
    The two systems actually fulfil different objectives once you understand how each works.
  17. rhester72

    rhester72 Network Guru Member

    So there are no modifications to the Tomato GUI to support Neorouter?

  18. jz2000

    jz2000 Addicted to LI Member

    There is no modification to the Tomato GUI.

    Instead of using the Tomato GUI, NeoRouter provides with an easy-to-use configuration tool to manage the server running on the box. Because there are so many information need to maintain, such as user accounts, computer information, firewall/ACL setting and so on, it's hard to use web pages to implement. Another benefit is that it can be upgraded without flushing the firmware.

    The configuration tool is included in the client package and it can be used for managing NeoRouter servers running on other platforms as well.

  19. mstombs

    mstombs Network Guru Member

    It embeds the open source OpenSSL and SQLite utilities and links to the open source uClibc and libpthread libraries. None of these are full GPL, nor prevent binary distribution, but they do have their own license requirements - the copyright notice for OpenSSL, for example should be retained.

    The server is enabled by the user adding a control script to the WANUP scripts, which also starts a cron job to restart it it should fail - I assume the binary doesn't allow multiple copies to run! It requires /jffs to store certificates.

    There's no obvious changes to stock Tomato, but is it "too good to be true"? Presumably it can't remain a 'free' service for ever?
  20. jz2000

    jz2000 Addicted to LI Member

    To save the valuable space on a router, these license files for Openssl and so on are published in the client package and website separately. I think it should be claimed in an obvious place some where before users download it.

    The server is allowed to run multiple instances by specified different DB paths (not recommend), but a home router may not have enough ram to do this. Basically a server can support at least 30 clients (on ASUS 520gu), as it uses P2P technology. It would be good enough for most users.

    /jffs is used for storing certificates, database and config files.

    The NeoRouter Free edition is free and I think they would like to make it free for ever. The reason is they plan to release a Pro edition in the future, which is a paid version, and there are a lot of similar software are free of charge, such as OpenVPN, Hamachi and so on. Without a free edition, they will lost users, though it has better features.

  21. mstombs

    mstombs Network Guru Member

    You need to be aware the WANUP script runs everytime the WAN comes up, this can be when a new WAN IP is obtained or various web config changes. The current script has the potential to start multiple copies, hence my comment. Also it would be better for the server to daemonize itself with a call to daemon(), rather than starting with the "&" parameter, this frees up more resources.
  22. jz2000

    jz2000 Addicted to LI Member

    Hi mstombs,

    thanks for your post. please correct me if I was wrong.

    The server has the logic to detect and avoid multiple instances if didn't specify the db path by default, so it won't cause problem while running from the WAN UP script. But from the top, you may see multiple processes, which are threads created from the main process.

    The server is actually running as a daemon by default. If you check "more /proc/xxxx/stat" , you will see the tty_nr is 0, e.g there is no controlling terminal for the nrserver process.

  23. jz2000

    jz2000 Addicted to LI Member

    NeoRouter v1.0 for Tomato is finally released.

    This is an official build for Tomato users. NeoRouter is the first package, that can help you to create VLAN on the Tomato firmware. It is also a cross-platform zero-configuration VPN solution that securely connects Windows, Mac and Linux computers at any locations into a virtual LAN and provides a networking platform for various applications like remote desktop, shared folders and printers, offsite backup, voice & video chat, games, etc. It is the ideal Remote Access and VPN solution for small businesses and homes.

    Many small businesses or homes have high-speed Internet and multiple computers, and users are facing challenges like remote access, directory management and network security. To solve similar problems at large enterprises, skilled administrators can deploy very expensive and complex tools like VPN gateway, domain controller and corporate firewall. But small business or home users do not have the right tools that fit their needs. NeoRouter solves these challenges with a low-cost, integrated and user-friendly solution.

    For more information about NeoRouter, please check out http://www.neorouter.com

Share This Page