Tomato RAF Releases

Discussion in 'Tomato Firmware' started by Victek, Dec 28, 2012.

  1. Victek

    Victek Network Guru Member

    mrQQ, sorry to say rude but you're not helping too much with your post relating problems and squeezing my brain to find reason and with the problem solved in next post due to laziness basic procedures to follow when the upgrade is done. The version was tested and will be enhanced step by step, vlan works fine, I can't help you.

  2. Msan2000

    Msan2000 Reformed Router Member

    For some reason the tomato-E1000v2-v21-1.28.9013MIPSR2-RAF-V1.1u-VLAN.bin seems to be too big for my E1000v2 when I try to flash it? I tried some other mods (toastman, Shibby etc..) and each of them came back as being too big??

    I had dd-wrt running on there fine, reflashed back to stock firmware and then flashed tomato-E1000v2-v21-NVRAM32K-1.28.0095MIPSR2_Flash_From_Stock_Firmware-Mini.bin

    Am I doing something wrong? Do I need to flash something else first?
  3. koitsu

    koitsu Network Guru Member

  4. Victek

    Victek Network Guru Member

    Yes, I read it in your post, thanks for heads up.

    @Msan2000 , no, nothing wrong, the generated image is too big for the flash RAM size, we can't reduce till now...
  5. Msan2000

    Msan2000 Reformed Router Member

    which image should I be using then instead?
  6. Victek

    Victek Network Guru Member

    No alternative until we can generate smaller images...
  7. Msan2000

    Msan2000 Reformed Router Member

    Is there any other mod/build i can use in the mean time? besides dd-wrt?
  8. koitsu

    koitsu Network Guru Member

  9. mrQQ

    mrQQ LI Guru Member

    Sorry Victek, and as an apology, I have donated a small amount.
    Toastman and kyrios like this.
  10. kyrios

    kyrios Networkin' Nut Member

    apology accepted :)
    You shall describe problem(s) by let Victek know how you encounter the problem (step-by-step), your browser, your version RAF. It will be easier for him (and other devs) to track it down. Am I left?
  11. Victek

    Victek Network Guru Member

    Yes, thank you, I received your donation.

    @koitsu , I know, it's a huge higway with bugs and corrections or improvements but I'm very happy to see the support from the community, then ... I think we are in the right path.
    gffmac and Elfew like this.
  12. Elfew

    Elfew Network Guru Member

  13. Victek

    Victek Network Guru Member

    Too late then... I'm building the last beta (z) before release r.1.2 :) ... wow! 32 days up, it's a good signal.
  14. Elfew

    Elfew Network Guru Member

    32days, but it could be more, there was a problem with electricity one month ago ;)


    New build "z" - does it obtain something new than your older build "z" has, which I was testing? I will flash it when you release it... PM me what to test

    When the "speedtest" build will have features which I need for my router in work I will flash it and post you a results under heavy usage (50+ clients over wifi, etc)... until than I will flash it only to my home router when I have more time - propably next weekend
  15. RonV

    RonV Network Guru Member

    Version Y up and running with 15 days. Haven't had to reboot after I configured it the day I flashed it...can't wait for "z"
  16. Victek

    Victek Network Guru Member

    Yes, the features you tested plus latest patches in the git..
    The @Speedtest version it's not a priority now, working now in new Dual Core CPU Broadcom 4708A0 built in RT-AC56U and RT-AC68U.
  17. eahm

    eahm LI Guru Member

    z has a lot of updates! Downloading right now, thanks Victek.
  18. Victek

    Victek Network Guru Member

    Ready to download now, yes, changelog in git and also in the Read before .. file. It's the last beta before stable V1.2 ... I exhausted the alphabet :)

    Please, as usual and more critical in this version, there are many updates in critical modules, please test and report any bug you might find.
    @kyrios ... qos rules as you demand ;)

    Thanks to all the people testing Tomato RAF!
    Elfew and eahm like this.
  19. eahm

    eahm LI Guru Member could start with numbers, and keep going until the end of time! z1...z2 :)

    Testing right now.

    eMule can't open UPnP ports with z, uTorrent and newer software are fine. Is anything changed in the UPnP part? Can anyone confirm? I don't use eMule, just testing, I guess it doesn't really matter if it doesn't work...
    Last edited: Aug 25, 2013
  20. Elfew

    Elfew Network Guru Member

    and what about build "y" - eMule and UPnP? It could help

    btw - I flashed "z" build right now, results tommorow
  21. Victek

    Victek Network Guru Member

    Never used emule, transmission and Utorrent are fine.. nothing changed in UPnP side.
  22. eahm

    eahm LI Guru Member

    x and y were fine, eMule 0.50a, same version, same PC, same router (N66U).

    I will test x and y to double check if you'd like me to but you have to give me until tonight (Arizona time, UFC-7).
  23. irvoh

    irvoh Reformed Router Member

    Has exFAT support been restored in build z? Thank you for all you do.
  24. Victek

    Victek Network Guru Member

    Please check it..weird, nothing changed in UPnP as you can check in the git, no hurry, Ying ;)

    @irvoh, no, still broken, the exfat/nofuse developper is working on it.
  25. RonV

    RonV Network Guru Member

    Got "z" flashed an running....keeping fingers crossed that RTM is next :D
  26. kyrios

    kyrios Networkin' Nut Member

    build z may has problem.
    iptables-restore: line 145 failed
    showed at Access Restriction tab and QOS Classification tab.
    Even after several reboot.

    Before reboot
    iptables-restore: line 141 failed

    After 1st reboot
    iptables-restore: line 143 failed

    2nd reboot show this line
    iptables-restore: line 145 failed

    Has Anyone encounter the same problem?
  27. Victek

    Victek Network Guru Member

    Thanks @kyrios, it's a problem of IPv6 string implementation from shibby's git. Did you enabled IPv6 in your unit?

    Please pass me cat /etc/ip6tables list from line 141-145?
    I can't reproduce in my unit (IPv6 not enabled), so, I think is IPv6 related bug.
    Last edited: Aug 26, 2013
  28. kyrios

    kyrios Networkin' Nut Member

    I paste this at Tools => System:
    nvram set qos_reset="1"
    nvram set qos_irates="5-20,5-25,5-70,5-50,20-80,5-70,5-70,5-80,5-80,1-10"
    nvram set qosl_rules=""
    nvram set qos_rst="1"
    nvram set qosl_enable="0"
    nvram set qos_inuse="1023"
    nvram set qos_orules="0<<-1<d<53<0<<0:10<<0<DNS>0<<-1<d<37<0<<0:10<<0<Time>0<<17<d<123<0<<0:10<<0<NTP>0<<-1<d<3455<0<<0:10<<0<RSVP>0<<6<d<16014,20009<0<<<<0<OSKAM>0<<-1<d<9<0<<0:50<<4<SCTP, Discard>0<<-1<x<135,2101,2103,2105<0<<<<4<RPC (Microsoft)>0<<6<x<22,2222<0<<<<0<SSH>0<<6<d<23,992<0<<<<3<Telnet>0<<6<s<80,5938,8080,2222<0<<<<3<Remote Access>0<<-1<x<3389<0<<<<3<Remote Assistance>0<<-1<x<6970:7170,8554<0<<<<2<Quicktime/RealAudio>0<<-1<d<1220,7070<0<<<<2<Quicktime/RealAudio>0<<-1<x<554,5004,5005<0<<<<2<RTP, RTSP>0<<-1<x<1755<0<<<<2<MMS (Microsoft)>0<<-1<d<3478,3479,5060:5063<0<<<<1<SIP, Sipgate Stun Services>0<<-1<s<53,88,3074<0<<<<1<Xbox Live>0<<6<d<1718:1720<0<<<<1<H323>0<<-1<d<11031,11235:11335,11999,2300:2400,6073,28800:29100,47624<0<<<<1<Other games>0<<-1<d<1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001<0<<<<6<MSGR1 - Windows Live>0<<-1<d<1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002<0<<<<6<MSGR2 - Yahoo>0<<-1<d<194,1720,1730:1732,5220:5223,5298,6660:6669,22555<0<<<<6<MSGR3 - Additional>0<<-1<d<19294:19310<0<<<<6<Google+ & Voice>0<<6<d<6005,6006<0<<<<-1<Camfrog>0<<-1<x<6571,6891:6901<0<<<<6<WLM File/Webcam>0<<-1<a<<0<skypetoskype<<<1<Skype to Skype>0<<-1<a<<0<skypeout<<<1<Skype Phone>0<<-1<a<<0<youtube-2012<<<2<YouTube 2012 (Youtube)>0<<-1<a<<0<flash<<<2<Flash Video, (Youtube)>0<<-1<a<<0<httpvideo<<<2<HTTP Video, (Youtube)>0<<-1<a<<0<rtp<<<2<RTP>0<<-1<a<<0<rtmp<<<2<RTMP>0<<-2<a<<0<rtmp<<<2<RTMPT (RTMP over HTTP)>0<<-1<a<<0<shoutcast<<<2<Shoutcast>0<<-1<a<<0<irc<<<6<IRC>0<<6<d<80,443,8080<0<<0:512<<4<HTTP, HTTPS>0<<6<d<80,443,8080<0<<512:<<7<HTTP,SSL File Transfers>0<<6<d<20,21,989,990<0<<<<7<FTP>0<<6<d<119,563<0<<<<7<NNTP News & Downloads>0<<6<d<25,587,465,2525<0<<<<5<SMTP, Submission Mail>0<<6<d<110,995<0<<<<5<POP3 Mail>0<<6<d<143,220,585,993<0<<<<5<IMAP Mail>0<<17<d<1:65535<0<<<<9<P2P (uTP, UDP)"
    nvram set qos_ibw="3672"
    nvram set qos_udp="0"
    nvram set qos_syn="1"
    nvram set qos_ack="0"
    nvram set qos_burst0=""
    nvram set qos_burst1=""
    nvram set qos_classnames="Service VOIP/Game Media Remote WWW Mail Messenger FileXfer P2P/Bulk Crawl"
    nvram set qos_icmp="1"
    nvram set qos_pfifo="0"
    nvram set qos_enable="1"
    nvram set qos_obw="600"
    nvram set qos_default="8"
    nvram set qos_orates="10-20,5-25,5-25,5-50,20-80,5-80,5-80,5-80,5-80,1-10"
    nvram set qos_fin="1" 
    I also enable Access Restriction

    I don't enable IPV6
    Last edited: Aug 26, 2013
  29. Victek

    Victek Network Guru Member

    Thanks but it's not what I asked.. I edited my post with the correct questions (I hope).
  30. kyrios

    kyrios Networkin' Nut Member

    I tried again paste the code [Tools => System]
    Now the error is at line 157.
    Showed both at QOS Class and Access Restriction
  31. Elfew

    Elfew Network Guru Member

    I am in work right now, I dont use QoS or Access restriction so I didnt find this problem yesterday...

    I can check this in the evening... but I think it will be same
  32. kyrios

    kyrios Networkin' Nut Member

    here it is:
    :OUTPUT ACCEPT [0:0]
    :QOSO - [0:0]
    -A QOSO -j CONNMARK --restore-mark --mask 0xff
    -A QOSO -m connmark ! --mark 0/0x0f00 -j RETURN
    :QOSSIZE - [0:0]
    -I QOSO 3 -m connmark ! --mark 0/0xff000 -j QOSSIZE
    -I QOSO 4 -m connmark ! --mark 0/0xff000 -j RETURN
    -A QOSO -j CONNMARK --set-return 0xff00009
    -A FORWARD -o six0 -j QOSO
    -A OUTPUT -o six0 -j QOSO
    -A PREROUTING -i six0 -j CONNMARK --restore-mark --mask 0xff
    -A PREROUTING -i six0 -j IMQ --todev 0
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m rt --rt-type 0 -j DROP
    -A INPUT -p ipv6-nonxt -m length --length 40 -j ACCEPT
    -N shlimit
    -A shlimit -m recent --set --name shlimit
    -A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j DROP
    -A INPUT -i br0 -p tcp --dport 23 -m state --state NEW -j shlimit
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 129 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 130 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 131 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 132 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 133 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 134 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 135 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 136 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 141 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 142 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 143 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 148 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 149 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 151 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 152 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 153 -j ACCEPT
    -A OUTPUT -m rt --rt-type 0 -j DROP
    :FORWARD DROP [0:0]
    -A FORWARD -m rt --rt-type 0 -j DROP
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -i br1 -o br1 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    :restrict - [0:0]
    -A FORWARD -o six0 -j restrict
    -I INPUT 1 -i ! lo -p udp --dport 53 -j restrict
    :rres01 - [0:0]
    :rstr01 - [0:0]
    -A rres01 -p tcp -m multiport --dports 53,80,443 -j rstr01
    -A rres01 -p udp --dport 53 -j rstr01
    -I rstr01 1 -p tcp -m string --string "" --algo bm  --from 1 --to 600 -j REJECT --reject-with tcp-reset
    -I rstr01 1 -p udp -m string --string "" --algo bm  --from 1 --to 600 -j REJECT
    -I rstr01 1 -p tcp -m string --string "alcohol-soft" --algo bm  --from 1 --to 600 -j REJECT --reject-with tcp-reset
    -I rstr01 1 -p udp -m string --string "alcohol-soft" --algo bm  --from 1 --to 600 -j REJECT
    -I rstr01 1 -p tcp -m string --string "" --algo bm  --from 1 --to 600 -j REJECT --reject-with tcp-reset
    -I rstr01 1 -p udp -m string --string "" --algo bm  --from 1 --to 600 -j REJECT
    -I rstr01 1 -p tcp -m string --string "" --algo bm  --from 1 --to 600 -j REJECT --reject-with tcp-reset
    -I rstr01 1 -p udp -m string --string "" --algo bm  --from 1 --to 600 -j REJECT
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -i br1 -o br0 -j DROP
    -A FORWARD -o six0 ! -i br0 -j DROP
    -A FORWARD -p ipv6-nonxt -m length --length 40 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 129 -j ACCEPT
    -A FORWARD -i six0 -j wanin
    -A FORWARD -o six0 -j wanout
    -A FORWARD -i br0 -o six0 -j ACCEPT
    -A FORWARD -i br1 -o six0 -j ACCEPT
    Please remember right now error is at line 157 (after I pasted again the code)
  33. Victek

    Victek Network Guru Member

    If Ipv6 is not enabled and I can't reproduce... would you please erase nvram and enter settings again?

    Before when you said.. 'I paste this at Tools => System:' did you terminate with nvram commit?
    Last edited: Aug 26, 2013
  34. kyrios

    kyrios Networkin' Nut Member

    When upgraded to Z, I thicked After flashing, erase all data in NVRAM memory.
    Now, shall I use configuration => erase all data in NVRAM memory (thorough) ?
  35. kyrios

    kyrios Networkin' Nut Member

    OK, I think I knew the problem :)

    I re-upgraded again with z build and thicked After flashing, erase all data in NVRAM memory.
    After finished, I also executed configuration => erase all data in NVRAM memory (thorough).

    I wrote one by one my configuration.
    In QOS => bacis settings I also wrote manually.
    In QOS => Classification I also deleted few rules and add a rule manually.
    So far no problem :)

    In Access Restriction, I edit the default to this:
    iptables-restore: line 152 failed encountered. Sigh.. OK, I rebooted, the problem is gone.
    *** edit: Actually once the ppoe connection is established, the line error is now showing.
    Just wait 10 seconds and back to Access Restriction tab, the line error is now showing

    Still in Access Restriction, I add 1 rule again:
    iptables-restore: line 152 failed encountered. Sigh.. OK, I rebooted, the problem is still exist.
    Please take a note, the problem is exist, even the rule is actually disabled.

    OK, I deleted the new rule to see whether the line failed will be gone or not.
    And I rebooted, and line error still exist :)
    Last edited: Aug 26, 2013
  36. kyrios

    kyrios Networkin' Nut Member

    I did the same procedure like above again, 5 minutes ago.
    Actually, in the 1st edit (the beginning) of Access Restriction and then I rebooted.
    The line 152 error actually is exist.
    I thought it was gone. After reboot the RT-N16, the line error is not showing.
    But once ppoe connection is established (wait 10 sec or more), suddenly the line error 152 is showing.
  37. Victek

    Victek Network Guru Member

    Ok, thanks for the detailed description, I'll try to recreate with pppoe protocol, no warning with dhcp. What router are you using now?
  38. kyrios

    kyrios Networkin' Nut Member

  39. RMerlin

    RMerlin Network Guru Member

    Some quite interesting servers you are trying to intercept there BTW...
    Armand1234 likes this.
  40. Elfew

    Elfew Network Guru Member

    I noticed too :)
  41. Victek

    Victek Network Guru Member

    @kyrios , found the problem. You can see it, type from the cli:
    nvram set debug_logeval=1 ; nvram commit ; tail -f /var/log/messages .. some modules are not loaded.

    Aug 26 16:02:40 unknown user.err syslog: module xt_web not found in modules.dep
    Aug 26 16:02:40 unknown user.crit init[1]: Error while loading rules. See /etc/iptables.error file.
    Aug 26 16:02:56 unknown login[1040]: root login on 'pts/0'
    I'll test some hours in my router and release v1.2 at the end!!!

    Edit: Thanks @koitsu's a bug in shibby's trunk when I tried to include IPv6 string restriction...
    Last edited: Aug 26, 2013
  42. koitsu

    koitsu Network Guru Member

    It appears MAC addressing filtering is busted in some particular way. This is the 2nd person who has reported this. The first person who I have seen report this:

    ...who has still not gotten back to me about the results of manually testing to see what the actual errors are.

    For those going to reply to my comment here: read the entire thread slowly and in full before making a remark. Yes it's long, but it's filled with good information.

    Footnote to other developers: eval logging (see above thread) didn't work for reasons I haven't investigated, but in short we really need a clear/concise way to debug situations like this. The existing model is nearly impossible to debug, with vague/ambiguous errors that do not correlate with "reality" at all because of how the actual code works. People start thinking to go looking at /etc/iptables and so on but that isn't entirely relevant with Access Restrictions given how it's designed.

    In the meantime, I would recommend folks experiencing this problem please try an older firmware version, or try Toastman's firmware, to see if the problem happens there. You will need to do a thorough NVRAM clear and manually (by hand, not through Configuration!) re-apply all of your settings.
  43. konax

    konax Serious Server Member

  44. Victek

    Victek Network Guru Member

  45. Edrikk

    Edrikk Network Guru Member

    Maybe it's because of all that (I'm sure legally purchased) software that you're trying to get around registering..
  46. kthaddock

    kthaddock Network Guru Member

    We do that with a hoost. :eek:
  47. Elfew

    Elfew Network Guru Member

    Guys, just one thing - maybe off topic - but my friend needs a wifi repeater (extender) - 1gbit wan/lan; 300mbits n wifi support - is there any recommendations? Thank you (maybe ASUS rt-12D1 or something from TPlink?)

    btw - Victek - stability is without problem with latest fw, I just checked status page in my router and no restart or problem since yesterday. I am going to check the error which you posted above
  48. Victek

    Victek Network Guru Member

    Ok, Uploading for all the models the stable release 1.28.9013 v1.2 ... :)

    @Elfew, Thank you, error already solved and patched in the git. About extender.. the features you request are for a router (WAN-LAN ??).. so ... you can sale your RT-N16 and buy RT-AC56U (by far more performance versus RT-N66) .. not? ;)
    zavar likes this.
  49. Elfew

    Elfew Network Guru Member

    :) exiciting, after 8months of hard work new release! Thank you Victek!

    about my RT-16n - no, I like it, we are good friends after all flashing procedures :D and I dont need 5GHz band - all of my devices at home are only 2,4GHz compatible except 2 smartphones. My rt-16n is stable as a rock, performance is not bad and it has your excellent support! I am waiting for @speedtest version (now I dont need it, because of low bandwidth - only 150/100Mbps... but next year it will be 200/100Mbps connection and @speedtest fw will be must have)
  50. Victek

    Victek Network Guru Member

    Yes... after 8 months and 27 beta releases cleaning, testing, sorting problems. Thanks to all and enjoy it!!

    I start now with RT-AC56/RT-AC68U integration (xing fingers). New features or bugs patch will be applied to release v1.2 in parallel with new models integration, I'll try to merge all models in the same trunk so new features will be backwards compatible with existing models (if Flash RAM allows it). ;)

    So again, thank you to all folks stressing and testing Tomato RAF until this stable release. Also I would like to thank @roadkill for the support and teamwork. ;)
    kthaddock, gffmac and Elfew like this.
  51. Elfew

    Elfew Network Guru Member

    32MB flash memory in RT-16n :) I hope it will be enought :D

    so now RT-AC56, maybe nodog and @speedtest version which would be nice. I am curious for ac56 version - download and upload speed with tomato fw
  52. Planiwa

    Planiwa Network Guru Member

    I like stability:

    13.08.26_14:55:01  eth1: 4 -86dBm 47°C 6 2.4GHz "251-2.4"  eth2: 1 -84dBm 51°C 40u 5GHz "251-5"
    80% /tmp 7% /dev 0% /tmp/mnt/KINGSTON    Mem: 63204K free,
    CPU: 8% usr 0% sys 0% nic 91% idle 0% io 0% irq 0% sirq Load average: 0.00 0.00 0.00 1/40 11651
    Boot 78d17h ago    INIT 20 Aug 17:05    WAN up 26 Aug 13:27    FW up 26 Aug 13:27  QOS: 0
    But the 3 month uptime will come to an end real soon when I install v1.2. :)
    (I meant that in the best possible way, of course. :))
  53. BlaSTiWi

    BlaSTiWi Network Guru Member


    Thank you so much for your hard work & congrats on the 1.28.9013 v1.2 release!

    Do you have any CRC or checksum reference on the v1.2 files? ... just in case ...
  54. RMerlin

    RMerlin Network Guru Member

    With CTF disabled, I can push my RT-AC56U to 240 Mbits in WAN-LAN routing (with Asuswrt-Merlin). So I would expect Tomato to be able to hit the 200 Mbits mark without any problem on that router.

    @Victek: just howler if you have any question.
  55. RMerlin

    RMerlin Network Guru Member

    I have a few customers using an RT-N12 as repeater (with stock FW). It's a decent, inexpensive solution, provided you don't mind the performance loss.
    Elfew likes this.
  56. Victek

    Victek Network Guru Member

    @RMerlin, thanks, what you wrote it's one of my reasons to go for it. Additionally I expect that Dual Core will allow other features requiring more CPU intensive usage (VPN) then performance throughput, but I know, there is a lot of pending job still to run multitask in this CPU and some manufacturer released with one core disabled ... :confused: ... marketing ...

    @BlaSTiWi , you can find it in the download area.
    Last edited: Aug 26, 2013
  57. fubdap

    fubdap LI Guru Member

    Great job Victek!!! Now take some time off and enjoy yourself.
    Quick question - the N66U 64k that was released on May, is that the stable version or do you plan on updating that one soon?
  58. Elfew

    Elfew Network Guru Member

    Check one page back post in this topic - 209mbit download for rt-16n with speedtest mod ;) it is really nice result for this quite old device. My next router will be again asus but I need tomato :)
  59. Victek

    Victek Network Guru Member

    As I wrote some posts ago.. stable for now .... then I'll start with the updates to release v1.3, not in the same update frequency as I did until now because the system is running really stable and few bugs remains (I hope), so next betas will be focused in new features and transition to new models.

    @Elfew, old device? ;) .. then we are prehistoric !!!!
  60. RMerlin

    RMerlin Network Guru Member

    Their kernel doesn't have SMP enabled, so enabling that second core won't be a problem for third party firmware authors - it's just a kernel option, once the rest of your firmware is known to be stable in an SMP environment (which can introduce all sort of potential racing conditions).

    I was also seeing pretty good results on USB file sharing on my RT-AC56U, in part due to (finally!) working GRO support (it had a very measurable performance improvement when I compared with it disabled), and also the new CPU architecture.
  61. Victek

    Victek Network Guru Member

    We'll laugh and cry a lot with new porting... I imagine...
  62. RMerlin

    RMerlin Network Guru Member

    The good news is, if Asus were able to make Asuswrt work pretty well under SMP, then making sure Tomato itself behaves in a SMP environment should be doable. Hopefully easier than getting Netgear's firmware to behave under SMP (which, I assume, was the reason why they will only enable SMP in a later firmware release).

    Be glad you won't have to debug the buggy Broadcom nvram kernel code. I spent a good three weeks on that one, including quite a bit of back and forth between Asus and I, until enabling SLAB debugging in the kernel spat out a nice buffer overrun in a very specific kernel location.
  63. martinqiu

    martinqiu Addicted to LI Member

    Victek, thank you for your work! I have just flashed
    Cisco - E3200 VLAN-VPN-NOCAT-NGINX

    Please look at my webui, there is not USB menu:


    Please make a check on it, I want using NGINX.

    Thank you.
    Last edited: Aug 27, 2013
  64. Victek

    Victek Network Guru Member

    Ok, I'll check it...hopefully I have one unit to test. Thanks
    Edit: I built for E2500, ok, along today you can find a new version tagged 'Updated' in the download area for v1.2 version.

    @martinqiu , Ready to download.
    Last edited: Aug 27, 2013
  65. RonV

    RonV Network Guru Member

    Thank you Victek for all the hard work you put into this release. I downloaded late last night but didn't have time to flash. Once I get my "wife accepted" router running I am going to prepare a router for the field that has some really tight QOS requirments along with blocking due to the limited bandwith in their area. Using the built NGINX to block ads should free up a lot of their bandwidth. Last time I checked with their ISP they could only get 512k down/96 k up due to the distance from the CO.

    On the captive portal side I still haven't done much work on how to promote this service to my clients but with fall and winter coming it will give me a bit of downtime to think more about it.
  66. Elfew

    Elfew Network Guru Member

    Captive portal is based on nocat, I am waiting for nodog, because of some problems which I had.
  67. RonV

    RonV Network Guru Member

    Rocking the release version of Tomato RAF on my primary router (RT-N66U) and everything is working great. I am going to let it burn in with the same configured features as the "z" release for the next few days. So far VPN, QOS, Logging, Access restrictions, and both the 2.4 and 5.8 wireless are working there little butts off.
  68. martinqiu

    martinqiu Addicted to LI Member

    Victek, thank you very much for your so many works. Yes, it has USB menu now. Maybe I have to update my router, because on E3200 5G wireless also has connection problem as Shibby's. I don't want waste your time on it.

    Thank you again. I will choose one new router that will working well with your Speedversion and NGINX later.

  69. 4char

    4char Network Guru Member

    1st, Thank Victek's great work.
    I'm not sure it's just me. I flashed the RT-N66U with tomato-RT-N66-1.28.9013MIPSR2-RAF-V1.2.trx (from 1.1y and didn't clear the nvram). I couldn't login to the router any more. then I reset the router and it come back to and did a thorough erase nvram again, I was able to set most of the settings by manually enter the settings. But When I enter "Domain Name" in the Basic->Identification and hit SAVE, it got stuck for awhile (for few minutes, it seems the machine lost the IP from router, I can't login and reload the page). After awhile, it comes back but the Domain Name is still empty. I tried several time with the same results. Don't know why. Does anyone have the same issue?

  70. Malitiacurt

    Malitiacurt Networkin' Nut Member

    You're not alone, the E3200 seems to have some issues with the USB radio. I have a few E3200's and I will never get a router with internal USB wireless radio again.

    I flashed one of my E3200's 1.1y at an offsite location last week. It was unstable with the settings and was rebooting every few minutes. I have a few suspicions on what triggers it since when I first cleared the nvram after the flash it was fine but after applying my settings the reboots/5GHz radio issues started occuring.

    I didn't have enough time so I flashed it back to Shibby's and restored original settings. When I get more time I'll probably look into it.

    One thing that drives me nuts on Shibby's (and Toastman's) firmware is after setting up the router with guest wifi's, openvpn, and multi-vlan ports, the 5GHz radio disappears after a reboot. This is the log/issue stating failed to attach USB at bootup.

    Dec 31 16:00:51 unknown user.warn kernel: rpc_dbus_state_change: DBUS is down
    Dec 31 16:00:51 unknown user.warn kernel: bcm_rpc_tp_attach: dbus_attach failed
    And no I don't have a USB device attached to the router. But the rest is stable so I use Shibby's for now without dual band.
  71. martinqiu

    martinqiu Addicted to LI Member

    In fact, there is ONE which works on E3200 very well I already have used it more than one month, no any problem at all(But I want to try NGINX now). Maybe it is a pity that it is a Chinese language version. If you want have a try, here is the link:
  72. Victek

    Victek Network Guru Member

  73. koitsu

    koitsu Network Guru Member

    These messages relate to functions rpc_dbus_state_change() and bcm_rpc_tp_attach() and have nothing to do with USB. They relate to the proprietary Broadcom network driver (for 802.11 support), particularly the 802.11 MAC layer. See for yourself (and here). Be aware that this code is the "shim" that connects the binary blob wireless driver (which nobody has source code to) to the rest of the system; if that code does not match, behaviour-wise, the underlying wireless driver (i.e. the two are not in complete sync), then problems can occur. Or, simply put, this would be a Broadcom wireless driver (and shim code) bug, which because of the proprietary nature of it, we're at the mercy of the vendor.

    Welcome to why open-source chips, with proper/thorough public documentation (released by the manufacturer), are important. Broadcom does not operate this way.
  74. Victek

    Victek Network Guru Member

    Question, don't panic ... LOL, Some of this board users is so mad and crazy to test Tomato RAF version for RT-AC66 router? ;) If yes please send me a PM and I'll indicate the link for download and test.

    In case of malfunction in the flash you can revert safely to your firmware using Asus recover method but I think it should work fine and now you have another third party firmware with other features ...

    The difference in this version is that new code and kernel is embedded into Tomato RAF-RT-N, the goal is to unify all models into one only source code and then any feature can be shared by all the models (limited by the firmware size and Flash RAM of your device of course...). The same way is foreseen for dual core CPU routers... and if it works the RT-N suffix will be deleted to become simply Tomato RAF for all models.
    Last edited: Aug 28, 2013
    Elfew likes this.
  75. 4char

    4char Network Guru Member

    Some how my router is not handing out the IP. I looked at the log I found that the dnsmasq was not started.

    user.debug kernel: vlan2: add 33:33:00:00:00:01 mcast address to master interface
    user.debug kernel: vlan2: add 01:00:5e:00:00:01 mcast address to master interface
    daemon.crit dnsmasq[1093]: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus support) at line 11 of /etc/dnsmasq.conf
    daemon.crit dnsmasq[1093]: FAILED to start up dnscrypt-proxy[1103]: Initializing libsodium for optimal performance
    user.debug init[1]: starting rstats.
    user.debug init[1]: starting cstats. init[1]: Asus RT-N66U: Tomato 1.28.9013 MIPSR2-RAF-V1.2 K26 USB VLAN-NGINX-64K Dec 31 16:10:09 tmtRAF-RT-N66U user.debug init[1]: dnsmasq terminated unexpectedly, restarting.
    daemon.crit dnsmasq[1129]: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus support) at line 11 of /etc/dnsmasq.conf
    daemon.crit dnsmasq[1129]: FAILED to start up

    And here's the dnsmasq.conf:
    root@tmtRAF-RT-N66U:/tmp/home/root# cat /etc/dnsmasq.conf

    I did checked "Mute dhcpv4 logging" and "Mute dhcpv6 logging" in Advanced->DHCP/DNS
    and after uncheck those options. the dnsmasq started up.

    This was working at least 1.1y (didn't try 1.1z).

  76. mstombs

    mstombs Network Guru Member

    oops so tomato still needs a patch to enable those quiet-dhcp commands, was discussed here recently, and I remember seeing this historic link...

    DHCP Spam
  77. Victek

    Victek Network Guru Member

    @4char , Thanks for the information, please try stable V1.2 and feedback if the problem is gone, between y version and the last stable version I updated dnsmasq from the creator trunk, see git. If not surely we must disable patches from KDB for quiet v4-6 dhcp

  78. 4char

    4char Network Guru Member

  79. koitsu

    koitsu Network Guru Member

    @Victek -- quiet-dhcp is believed to be a Tomato customisation and is not part of stock dnsmasq.

    References for that statement (relevant posts, with the last few acting as confirmation):

    Can you verify that the latest trunk version of dnsmasq has quiet-dhcp in it (grep -r quiet-dhcp in its source directory should be sufficient)? If not, then no, that option won't work/do anything without Teddy's patches, and someone really needs to officially submit them to the dnsmasq guy.
  80. Victek

    Victek Network Guru Member

    Yes, it's

    src/option.c: { "quiet-dhcp", 0, 0, LOPT_QUIET_DHCP },
    src/option.c: { "quiet-dhcp6", 0, 0, LOPT_QUIET_DHCP6 },

    Go to review Kevin's patch...
  81. noyp

    noyp Network Guru Member

    hi vic,
    which v1.2 stable firmware to use for linksys e900 64k nvram ?

  82. Victek

    Victek Network Guru Member

    If not in the list, none.
  83. Just loaded 1.2 on my RT-N66R with no problems. Great job Victek! :D
    Last edited by a moderator: Aug 29, 2013
  84. JugsteR

    JugsteR Addicted to LI Member

    It was mentioned earlier that Tenda w1800r was identical to Asus 66AC with regards to hardware in the box.

    Does that mean tomato will run on it, or is work required for it to do so?

    It is available for some 130-140 US dollars which I find quote inexpensive. This is from China though so I guess anything could be in it in reality.

    Signature? Signature!
  85. kthaddock

    kthaddock Network Guru Member

    look in repo, new goodies :rolleyes:
  86. Victek

    Victek Network Guru Member

    Yes, @rainlake ported Tomato to this device and gave us the inspiration to port RT-AC66U also, so, afaik it's compatible but better wait rainlake confirmation, send PM to him or wait answer since he's mentioned in the post now.

    Yep... you can find a more updated info here ... ;)
  87. 4char

    4char Network Guru Member

    Just FYI.
    In commit:
    the dnsmasq.h file changed:

    #ifdef HAVE_QUIET_DHCP //Originally a TOMATO option
    - #define OPT_QUIET_DHCP 41
    - #define OPT_QUIET_DHCP6 42
    - #define OPT_QUIET_RA 43
    - #define OPT_LAST 44
    + #define OPT_LAST 42
    + #define OPT_QUIET_DHCP 43
    + #define OPT_QUIET_DHCP6 44
    + #define OPT_QUIET_RA 45
    - #define OPT_LAST 41
    + #define OPT_LAST 42
    #endif //HAVE_QUIET_DHCP

    It seems that would exclude the QUIET_DHCP options.
  88. Victek

    Victek Network Guru Member

    Partially true... the developper introduced 'define OPT_FAST_RA 41', then I had to shift it... also for options.c, the tomato code is not in the developper trunk and might be it can be a reason for this bug.
    #define OPT_TFTP 40
    +#define OPT_FAST_RA 41
    #ifdef HAVE_QUIET_DHCP //Originally a TOMATO option
    - #define OPT_QUIET_DHCP 41
    - #define OPT_QUIET_DHCP6 42
    - #define OPT_QUIET_RA 43
    - #define OPT_LAST 44
    + #define OPT_LAST 42
    + #define OPT_QUIET_DHCP 43
    + #define OPT_QUIET_DHCP6 44
    + #define OPT_QUIET_RA 45
    - #define OPT_LAST 41
    + #define OPT_LAST 42
    #endif //HAVE_QUIET_DHCP
  89. rainlake

    rainlake Reformed Router Member

    W1800R works fine with @shibby build and my build. I use this router as daily basis.

    however. this router's pci bus for 2.4G and 5G is different from AC66U. so 2.4G is on eth2 and 5G on eth1.
    I tried to switch them but not works perfectly, signal got very weak.
    it's not a big problem, just no be suprised that the tomato_5G SSID is actually 2.4G
  90. kyrios

    kyrios Networkin' Nut Member

    Did you mean firmware for AC-66U can be used for W1800R?
    Or W1800R must use specific f/w targeted for itself?
  91. rainlake

    rainlake Reformed Router Member

    @kyrios , yes , tomato for ac-66u should work on W1800R.
  92. Msan2000

    Msan2000 Reformed Router Member

    I just flashed tomato-E1000v2-v21-NVRAM32K-1.28.9013MIPSR2-RAF-V1.2-Mini.bin on my E1000v2 and have a serious problem.. I can't save any settings on the Basic: Network tab.. when I click on the save button nothing happens.. I tried most of the other settings pages and they all seem to save just fine.. I cleared the NVRAM, reflashed the firmware again, but still can't save the settings.. Is there anyway to force it via the address bar? (also the ports on the status page come up as undefined? (I can live with that..))

    Last edited: Aug 29, 2013
  93. dnguyen826

    dnguyen826 Reformed Router Member

    I am having the same issues with my E2000 using the tomato-E2000-NVRAM60K-1.28.9013MIPSR2-RAF-V1.2-VPN firmware.

    Edit: I went through the repositories and found tomato-E2000-NVRAM60K-1.28.9011MIPSR2-RAF-NOCAT-NCC-VLAN-VPN which is working fine for me. I guess I'll use this until there's a resolution to the issue.
    Last edited: Aug 29, 2013
  94. Yobo

    Yobo Addicted to LI Member

    @Victek - Great release!! Just installed 1.2 on my E4200 and so far things look great.

    I have a couple of comments \ requests regarding the configuration of NGINX web server.

    First, the explanation for "Web Server Name" is not correct, as far as I understand. This setting sets the server_name parameter. As it used now, it has no effect whatsoever. NGINX uses it if several "virtual servers" are used on the same host (see

    In fact, there is a good use for this NGINX setting for security purposes, but it needs additional tweaking. If, in addition to the "server {}" block one adds the following:

    server {
        listen      85  default_server;
        server_name  _;
        return      444;
    then NGINX would only serve requests of the form http://<server name>/... and would refuse requests of the form http://<ip address>/... This is good because it closes the door on IP scanners.

    This brings me to my second point. I want to make changes to the "http {}" block of the config file. But to do this, I can't use custom configuration in RAF's GUI... So I try to modify the config file directly. I "check Keep Config Files" and things work fine. Problem is, the changes are persisted after a reboot. So it's kind of pointless. I can write a script that copies my config file, but I want to make sure it is done before the server starts, or start the server myself. But I would still like to use the built-in features as much as possible. So I thought it might be a good idea to add a setting "Use custom config file ..." which would allow the user to specify a location of a config file (on JFFS or CIFS) that should be used instead of the system generated one.

    Hope any of this makes sense.
  95. Victek

    Victek Network Guru Member

    Please try with other browser or erase cookies to verify since the GUI is common for all models...remember that if you modified settings but leaved
    The problem will be common then for the rest of models... but I think you leaved some field not completed and then you can't save... try also erasing cookies in your browser or try another browser (explicit, don't use IE).

    Thanks, great idea.. window to enter the path (thinking also on USB devices) to config file or showing the default path as it is......then I trash option to keep files..
  96. godraab

    godraab Networkin' Nut Member

    I've been using RAF for several years, have had no problems, but today after installing 1.2 on my N66, after a few hours, the router grinds to a halt. I am able to log in, but just to change from one page to another takes several minutes. I then do a reboot and after some hours the same thing happens again. How do I troubleshoot. Tips?
  97. Victek

    Victek Network Guru Member

    Are you under heavy P2P load or Hight Traffic? enter via telnet and check top command...
  98. plgvie

    plgvie Networkin' Nut Member

    Final installed just after release and no issues at all with both E3000 and E4200. Unfortunately I can't report on RT-N66U anymore as there's an additional UPS now which has to communicate with the router's USB-port so I had to switch to Shibby's Mod. in order to use (having that included in RAF would be great ).

    Anyway, almost two years with RAF on ttl 9 devices and not even once frozen nor a single (unintended) reboot - Many thanks!

    Kind rgds
  99. zapoqx

    zapoqx Networkin' Nut Member

    So I wanted to mention that I have still been using 1.1y instead of 1.2 cause I was seeing people having issues and this week would have been hell trying to make sure everything was running. What I wanted to mention is that this week, I had an odd thing happen as of today. While using my phone on WiFi, I had trouble maintaining a call as the person on the other end was having troubles hearing me. At first, I thought it was someone was using up the upload. I was partially right, but not really (Turned off the source, but it only helped mildly). I then figured maybe there was maintenance going on, but none to be reported. So after I finished my call, I went to the router to check some things and make sure everything was hunky dory. It seems the WiFi Transfer Rate wanted to drop to "26 Mbps" reportedly on both 2.4 and 5GHZ. Curiously, I check around and still nothing. I was starting to question what could be the culprit. So I decided to change one setting that I made over the past week.
    I was looking up possible issues involving Blutooth and WiFi when I learned a little bit of Blutooth Coexistence. I know it said on tomatousb that as of 2012, few used such a method, but I figured I'd try it. It fixed an issue I had (which is great) seemingly. The thing is, since its the only thing that I changed for 2.4GHZ (Enable instead of Disable), I was wondering if its possible the issue came from having that enabled only on 2.4 GHZ network?
  100. godraab

    godraab Networkin' Nut Member

    No more load then for the last 5 years, I am not able to login via Telnet when this happens. But I was able to grab some errors from the log.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice