1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato RAF Releases

Discussion in 'Tomato Firmware' started by Victek, Dec 28, 2012.

  1. mito

    mito LI Guru Member

    Hey Vicente, i agree 100% about your above coment.

    I am a dd-wrt follower as well as Tomato, and a Kong firm user as well as Raf happy user, and he seems to be a Tsunami in the Forum, R7000 has 206 pages he administrates and all others threads related to R6250, r6300v2, etc, etc,
    BS is dedicated to the rest of routers and their forum is quite active.
    Just my 2 cents.
    Abrazo:)
    guille
     
    Last edited: May 13, 2014
  2. Victek

    Victek Network Guru Member

    Well, we are less mature than dd-wrt but... we can ;) ... step by step..

    Hugs!

    Screenshot from 2014-05-13 01:04:57.png
     
    octra, Elfew, Edrikk and 2 others like this.
  3. mito

    mito LI Guru Member

    Last edited: May 13, 2014
  4. ladysman

    ladysman LI Guru Member

    My line was upgraded and I get 120 down and 25 up on wired. On 5ghz i get 60-65 down and 25 up. On 2.4, I only get 30-33 down and 25 up.
     
  5. Victek

    Victek Network Guru Member

    Are you using QoS?... Wireless rates are non evaluated since it depends of wireless card used.. what version do you use?
     
  6. Elfew

    Elfew Addicted to LI Member

    @lancethepants - thank you for DNSsec feature! Keep it!

    Now I miss only aria2 and nodog captive portal, because nocat sucks - works only sometimes, blank pages over captive portal, etc. but better than nothing and I can live with this :) I understand that there are others things which have higher priority
     
  7. Victek

    Victek Network Guru Member

    step by step... we're stable and doing consistent things ... to @lancethepants ;) great job!..hmmm.. it works ? :) .. Please share your findings and test done.
     
    mito likes this.
  8. Spyros

    Spyros LI Guru Member

  9. lancethepants

    lancethepants Network Guru Member

    @Victek Been running for a day on your mod, but for a few weeks on another. 2.70 apparently fixed some features when dnssec was compiled in, but not enabled. From what I can tell it should be fully functional, but will continue testing with and without dnssec enabled. The feature so far is optional and needs to be enabled on a per build basis.(DNSSEC=y) I didn't know if you plan blanket all the builds with it. The other mod that I initially made it for will not enable it in all builds, so that is why it is optional, and it will add a small amount of size to firmware.

    Code:
    lance@MediaBox:~$ dig org. SOA +dnssec
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> org. SOA +dnssec
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17153
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags: do; udp: 4000
    ;; QUESTION SECTION:
    ;org.                           IN      SOA
    
    ;; ANSWER SECTION:
    org.                    390     IN      SOA     a0.org.afilias-nst.info. noc.afilias-nst.info. 2011019842 1800 900 604800 86400
    org.                    390     IN      RRSIG   SOA 7 1 900 20140604192819 20140514182819 49587 org. JJRGhCIU3uORBGuZ5tA3aWVHTl4gtiaIC2/93m7bA4+2pBJr011TbrAT oCKCWFC+JEWnT4/iLyRa2LL1pY+/OAsPbkK4FF/W/OcfS27XDoWC8SRF hUUFHZN7E3/20gdMwAbxzaaixCRef9NpUlaLHnAyF7V3sJzE3RNwy/wo Amo=
    
    ;; Query time: 56 msec
    ;; SERVER: 192.168.10.1#53(192.168.10.1)
    ;; WHEN: Wed May 14 13:34:39 2014
    ;; MSG SIZE  rcvd: 258
    
    
    I get the 'ad' flag, which is what we want to see.

    @Spyros That's actually another repo you're looking at. I could create a pull request for the latest OpenVPN later though.
     
    Elfew likes this.
  10. Victek

    Victek Network Guru Member

    Thanks, I already updated openvpn in 1.3e to be released this weekend with DNSSEC integrated, here is the definitive changelog for 1.3e. Other features are postponed to v1.3f since this update it's very critical for the large packages update and we need to be sure everything works as we demand. I think it will be a 'Quality and Safety Update' ;)


    Release 9014-v1.3e (wip May 5,2014) internal test now (May,14,2014)

    #~ OpenVPN 2.3.4 -- released on 2014.05.02 (Change Log)
    The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.

    The Windows installer I001 has additional code to prevent problems during install and uninstall if installer bitness is wrong or if the OpenVPN-GUI or an OpenVPN process is running. The Windows installers also bundle OpenSSL 1.0.1g, which means that they are immune to the heartbleed vulnerability (OpenVPN-specifics here). All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003 should upgrade their installations immediately.

    #~ MiniDLNA update to version 1.1.2 from original idea by Bao William-bwq518 implemented by shibby.
    Changelog.
    1.1.2 - Released 06-Mar-2014.
    - Show client status on our basic presentation page.
    - Add a new force_sort_criteria option, to globally override the SortCriteria value sent by the client.
    - Fix a couple resource leaks.
    - Add configuration include file support.
    - Support DLNA/UPnP-AV searches issued by clients using the Grilo framework.
    - Fix some clients playing artwork instead of movie.
    - Fix bookmarks on Samsung Series E clients.
    - Add an extra folder level if there are multiple media locations.
    - Fix some multicast membership issues with changing network settings.
    - Make max number of children (connections) configurable.
    - Fix choppy playback with some file types on Panasonic clients by increasing the max connection limit..

    #- Comcast DSCP and buffer overflow fix. Thanks to @tvlz for pointing it and Lance Fredrickson (lancethepants) for switch GUI (Firewall Section)
    ipv6: don't install anycast address for /128 addresses on routers. http://goo.gl/WI0Nk8
    Incoming DSCP to 0x00. http://goo.gl/FHUkrq

    #- DNSSEC. credits to Lance Fredrickson (lancethepants). (Switch in Basic/Network GUI)

    #- Linksys E2500 v3 and other models support added. Thanks to @tvlz for the patch.

    I personally think that's time to go to CoAP to fix one security solution but in the meantime we strive security and connectivity as main goal for Tomato RAF.
     
    Last edited: May 14, 2014
    Elfew, zavar, Riddlah and 1 other person like this.
  11. Victek

    Victek Network Guru Member

    Ok, tests are running fine till now, one example of dnssec + dnscrypto + IPv6... strong security combination to safe communications...

    Code:
    vicente@vicente-K53SJ:~/tomato/release/src-rt$ dig org. SOA +dnssec
    
    ; <<>> DiG 9.9.5-3-Ubuntu <<>> org. SOA +dnssec
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10690
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 7
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags: do; udp: 4096
    ;; QUESTION SECTION:
    ;org.                IN    SOA
    
    ;; ANSWER SECTION:
    org.            900    IN    SOA    a0.org.afilias-nst.info. noc.afilias-nst.info. 2011020079 1800 900 604800 86400
    org.            900    IN    RRSIG    SOA 7 1 900 20140604234953 20140514224953 49587 org. Z8o7hWMKIwa3Ig/VmEbLWE8k9TR5wGDYncReFU+hjyrIYzalVvNxww8E SNOEJH1iEzXWqS+OJ0fx8pteEEzf2JgoRlGv6zTUFKkS3VYQs4bhBl/a xtkvUFZV71Xpe7vcQyfu6lI6iS7/bCXNByAIvNA/EvEvXyNRakkrA85L e7E=
    
    ;; AUTHORITY SECTION:
    org.            86400    IN    NS    a0.org.afilias-nst.info.
    org.            86400    IN    NS    b2.org.afilias-nst.org.
    org.            86400    IN    NS    b0.org.afilias-nst.org.
    org.            86400    IN    NS    d0.org.afilias-nst.org.
    org.            86400    IN    NS    a2.org.afilias-nst.info.
    org.            86400    IN    NS    c0.org.afilias-nst.info.
    org.            86400    IN    RRSIG    NS 7 1 86400 20140530155555 20140509145555 49587 org. RhjV6q9ZAIUX1EtZqjiD9kWP3FXOjj5zbVotq5QSZdw6KEK/CnOatBjT MmvW0RWXxl4BJXIA7roJ2qMlRwi2lcxbRwS71yvvxgYolypLn5VTdiAm vX4mZ9Rxc1yPU/dAinWHiui9Su7T7lchVMmy/8fSpx9tLB/ld/92LMoN 9H0=
    
    ;; ADDITIONAL SECTION:
    b0.org.afilias-nst.org.    37920    IN    A    199.19.54.1
    b0.org.afilias-nst.org.    26566    IN    AAAA    2001:500:c::1
    b2.org.afilias-nst.org.    11007    IN    A    199.249.120.1
    b2.org.afilias-nst.org.    24007    IN    AAAA    2001:500:48::1
    d0.org.afilias-nst.org.    11007    IN    A    199.19.57.1
    d0.org.afilias-nst.org.    11503    IN    AAAA    2001:500:f::1
    
    ;; Query time: 205 msec
    ;; SERVER: 127.0.1.1#53(127.0.1.1)
    ;; WHEN: Thu May 15 01:51:39 CEST 2014
    ;; MSG SIZE  rcvd: 668
    
    vicente@vicente-K53SJ:~/tomato/release/src-rt$
    
     
    Last edited: May 15, 2014
    Elfew likes this.
  12. Victek

    Victek Network Guru Member

    After some hours testing I add the following options in dnsmasq GUI, I think it's needed and will resolve faster depending of user configuration:
    Code:
    #~ dnsmasq: -no-resolv || -strict-order || none checkbox in dnsmasq GUI. Remedy:
    [*]a) --no-resolv flag = Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq configuration file.
    [*]b) --strict-order flag = By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
    [*]c) none 
     
    Elfew likes this.
  13. Elfew

    Elfew Addicted to LI Member

    Good, so "enterprise" features pospone to build f? Any problem with them?

    Good job victek and lance!
     
  14. Victek

    Victek Network Guru Member

    Missed/incomplete code and want to isolate changes for better troubleshooting if bugs appear.
     
  15. Lorenceo

    Lorenceo Networkin' Nut Member

    There are definitely some bugs with the wireless.
    According to Status, Device list the highlighted phone is still connected:
    [​IMG]
    However that phone is around 5KM away from the router at the moment.
     
  16. Victek

    Victek Network Guru Member

    Thanks Lorenceo, you know we can't do nothing with wireless drivers from Broadcom binaries. It's an annoying Broadcom bug... but in another side the new driver stability is noticeable, I suggest to live with it or open a bug in broadcom site ;)
     
    mito likes this.
  17. MatteoV

    MatteoV Serious Server Member

    Hi Victek, if that's an option about strict order, great. If it's hard coded "on", please don't do it, or, well, at least reconsider it. We spoke about the issues with it some time ago, do you remember? Stuck dnscrypt server (eg during key exchange) means a noticeable freeze of the Internet!

    Thank you ;)

    Inviato dal mio Nexus 4 utilizzando Tapatalk
     
  18. Victek

    Victek Network Guru Member

    No worries ... now we all have the option. ;)

    Strict order = checked
    Non resolve = unchecked

    But I added a clear explanation in the page foot notes also.

    upload_2014-5-15_21-47-13.png
     
    Last edited: May 15, 2014
    MatteoV, Toastman and pharma like this.
  19. Edrikk

    Edrikk Network Guru Member

    Is the order on the GUI the same as the order in the file? If one is "out of order" from the other, it would cause a lot of questions... I would assume no, but I thought to state so anyways... (user would assume in GUI order, vs order that's in the file)...
     
  20. ladysman

    ladysman LI Guru Member

    I'm not using any QoS at all. This is on the 1.3c version. Is there a new driver in the d or e version (Doesnt look like it but if it is, i'll test it)
     
  21. Victek

    Victek Network Guru Member

    Yes, it's sorted but the ternary condition used in the new code (will update late today by roadkill) don't care about it. here is the example how it looks now.
    dnscrypt_combo.png


    Better wait for version 1.3e to be released tomorrow Saturday to have fun during weekend ;).

    OK.. so version 1.3e is done, here it's the final Changelog with interesting changes and updates, also for ARM:

    Code:
    Release 9014-v1.3e (wip May 5,2014) internal test finished May,16,2014. Forecast Release May,17,2014.
    
    #~ OpenVPN 2.3.4 -- released on 2014.05.02 (Change Log)
    The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.
    
    The Windows installer I001 has additional code to prevent problems during install and uninstall if installer bitness is wrong or if the OpenVPN-GUI or an OpenVPN process is running. The Windows installers also bundle OpenSSL 1.0.1g, which means that they are immune to the heartbleed vulnerability (OpenVPN-specifics here). All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003 should upgrade their installations immediately.
    
    #~ MiniDLNA update to version 1.1.2 from original idea by Bao William-bwq518 implemented by shibby.
    Changelog.
    1.1.2 - Released 06-Mar-2014.
    - Show client status on our basic presentation page.
    - Add a new force_sort_criteria option, to globally override the SortCriteria value sent by the client.
    - Fix a couple resource leaks.
    - Add configuration include file support.
    - Support DLNA/UPnP-AV searches issued by clients using the Grilo framework.
    - Fix some clients playing artwork instead of movie.
    - Fix bookmarks on Samsung Series E clients.
    - Add an extra folder level if there are multiple media locations.
    - Fix some multicast membership issues with changing network settings.
    - Make max number of children (connections) configurable.
    - Fix choppy playback with some file types on Panasonic clients by increasing the max connection limit..
    
    #~ Comcast DSCP and buffer overflow fix. Thanks to @tvlz for pointing it and Lance Fredrickson (lancethepants) for switch GUI.
    ipv6: don't install anycast address for /128 addresses on routers. http://goo.gl/WI0Nk8
    Incoming DSCP to 0x00. http://goo.gl/FHUkrq
    
    #~ DNSSEC. credits to Lance Fredrickson (lancethepants).
    
    #~ dnsmasq. updated to version 2.70.
    
    #~ Linksys E2500 v3, EA6500 v1, Tenda N60 support added. Thanks to @tvlz and bwq for the patch.
    
    #~ dnsmasq -no-resolv -strict-order switch placed in Basic-network GUI like DNSSEC switch too. Explanation:
    - The --no-resolv flag simply means; Don't read /etc/resolv.conf. Get upstream servers only from the command line or /etc/dnsmasq.conf
    - The --strict-order flag means; By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
    - The none Flag don't write anything in /etc/dnsmasq.conf file. Leaving control to the user.
    
    #~ router/services.c warnings during (don't tread a pointer as one integer, *ipv6 not used....) compilaton fixed.
    
    #~ libsodium-0.5.0. 13-May-2014 23:11 . Updated, it saves ~30KB in the firmware file size. Changelog.
    - sodium_mlock()/sodium_munlock() have been introduced to lock pages
    in memory before storing sensitive data, and to zero them before
    unlocking them.
    - High-level wrappers for crypto_box and crypto_secretbox
    (crypto_box_easy and crypto_secretbox_easy) can be used to avoid
    dealing with the specific memory layout regular functions depend on.
    - crypto_pwhash_scryptxsalsa208sha256* functions have been added
    to derive a key from a password, and for password storage.
    - Salsa20 and ed25519 implementations now support overlapping
    inputs/keys/outputs (changes imported from supercop-20140505).
    - New build scripts for Visual Studio, Emscripten, different Android
    architectures and msys2 are available.
    - The poly1305-53 implementation has been replaced with Floodyberry's
    poly1305-donna32 and poly1305-donna64 implementations.
    - sodium_hex2bin() has been added to complement sodium_bin2hex().
    - On OpenBSD and Bitrig, arc4random() is used instead of reading
    /dev/urandom.
    - crypto_auth_hmac_sha512() has been implemented.
    - sha256 and sha512 now have a streaming interface.
    - hmacsha256, hmacsha512 and hmacsha512256 now support keys of
    arbitrary length, and have a streaming interface.
    - crypto_verify_64() has been implemented.
    - first-class Visual Studio build system, thanks to @evoskuil
    - CPU features are now detected at runtime.
    
    And that's all for version 1.3e. 
     
    Last edited: May 17, 2014
    Elfew likes this.
  22. gutsman7

    gutsman7 Networkin' Nut Member

    Will there be a version of version 1.3e for the belkin share max?
     
  23. nurofen

    nurofen Serious Server Member

    Will there be a version of version 1.3e for the ASUS RT-N66U ?

    Vic, thank you!
     
  24. Edrikk

    Edrikk Network Guru Member


    Any chance of an R7000 build along side the others for 1.3e Victek or too soon still? ;)
     
  25. The Doctor

    The Doctor LI Guru Member

    What's going on with the ARM builds? I believe bandwidth monitoring doesn't work ATM, are you still working on this actively, or has it been back-burnered while you update mips Tomato?

    Not complaining, just wondering.
     
  26. Elfew

    Elfew Addicted to LI Member

    Mips and arm sources are same except core code (kernel). So be kind, it is a hobby
     
  27. Spyros

    Spyros LI Guru Member

    Nice changelog @Victek

    There are some fixes in later dnsmasq that affect DNSSEC and you use 2.69-test3 or not?
     
  28. lancethepants

    lancethepants Network Guru Member

    Updated to 2.70
     
  29. Victek

    Victek Network Guru Member

    R7000 and usually ARM builds are released by shibby.. I can release too but as you see I'm digging in modules update to be shared with ARM. The R7000 I have is working now with version 1.3e, it's not earlier, two days more for porting these modules to the ARM repo, test and release..... looks simple eh?.. not at all but we laugh a lot.
     
  30. Victek

    Victek Network Guru Member

    Actively? I'm dreaming with my eyes open every second!!! .. I know it's not a complaint, mmm.. sure? :)

    The work you see is for Tomato platform, all architectures ...
     
    Last edited: May 17, 2014
    Malitiacurt likes this.
  31. Victek

    Victek Network Guru Member

    Not 100% .. we try but architecture don't allow it always, then we have to split code depending of CPU and kernel version. In any case, more job..
     
  32. Victek

    Victek Network Guru Member

    Yes, one for you with your avatar instead of Linux logo.. like it? ;)

    @gutsman7 .. yes.

    Go to sleep guys, have a great weekend!!!
     
    Last edited: May 17, 2014
    mito likes this.
  33. The Doctor

    The Doctor LI Guru Member

    Victek, perhaps my words weren't well chosen. What I meant was getting ARM working seemed to be the main focus, but now you're working on the overall platform without much ARM talk. Wondering what happened is all. It's quite clear to anyone who visits here that you certainly haven't gone on vacation:)

    Of course, I will be thrilled when my RT-AT68 is fully operational:D
     
  34. Elfew

    Elfew Addicted to LI Member

    ARM is something new for tomato, devs are working hard to make it stable and fully functional... I think (I have ARM and I use Victeks build on my asus) builds for arm devices are really stable, no crash, no bugs in routering. There are still some bugs in other features (bw monitor, qos, etc) but it is not a big problem. ARM builds get better and better every day. Big thanks for all devs - especially victek, shibby and roadkill! Keep good work
     
    mito likes this.
  35. vlads

    vlads Serious Server Member

    @Victek - with recent firmware size reductions - is there a chance you might be able to create a K26 MiniVPN (OpenVPN only if that's what it takes) image for 4MB routers such as the Cisco M10?
     
  36. Victek

    Victek Network Guru Member

    no
     
  37. Campigenus

    Campigenus Serious Server Member

    FYI: On the download page the release for RT-N16 is shown as "e" but the link is to "d". "e" exists, so it's just a matter of copying the link, pasting it in the address field link, replacing the "d" to an "e", and hitting enter.

    Some folks might find this complicated so ...
     
  38. ghoffman

    ghoffman Addicted to LI Member

    my linksys e4200v1 is now enjoying tomato RAF 1.3e.
    feedback to follow but so far great.
    thanks, victek!
     
  39. Victek

    Victek Network Guru Member

    Solved.. I'm uploading one by one after testing and received feedback from beta testers.. I didn't receive OK from all of them yet.. Thanks.
     
    mito likes this.
  40. Victek

    Victek Network Guru Member

    Thank you for the update and confidence in the new version.
     
  41. AmyGrrl

    AmyGrrl LI Guru Member

    Does going from 1.3d to 1.3e require a nvram earse and reconfig? I just installed 1.3e on my Asus RT-N66U. Thanks!
     
  42. fubdap

    fubdap Addicted to LI Member

    Victek - same situation for N66.

     
  43. Victek

    Victek Network Guru Member

    Please do to get rigorous trace if some bug appear. Thanks
     
  44. Victek

    Victek Network Guru Member

    Fixed.
     
  45. AmyGrrl

    AmyGrrl LI Guru Member

    Nevermind
     
  46. mito

    mito LI Guru Member

    Vicente, Great replay;)
     
  47. Spyros

    Spyros LI Guru Member

    Anyone testing e2000 no usb build? I can test but not until Sunday night 22:00 GMT+3
     
    Last edited: May 18, 2014
  48. Victek

    Victek Network Guru Member

    Yes, there are three people testing it, no feedback yet... but I think it will be OK.
     
    Spyros likes this.
  49. ghoffman

    ghoffman Addicted to LI Member

    i am always eager to test and report.
    any build for an f7d4301, or 'generic' builds <8mb mipsr2 32knvram, rt/rtn?
     
  50. Badders44

    Badders44 LI Guru Member

    Just a small issue when defining\enabling the media server with 1.3e on an RT-N16:


    upload_2014-5-18_14-9-53.png
     
  51. Victek

    Victek Network Guru Member

    Opss, thanks .. you have to set one port number ... by the way .. did you erased nvram after flashing this version?, this warning should not happen...
     
    Last edited: May 18, 2014
  52. Victek

    Victek Network Guru Member

    I'll do today since it's a tested unit. Thanks
     
  53. Spyros

    Spyros LI Guru Member

    Thank you and testers so much, im eager to get back home put everybody to sleep and flash the new firmware.
     
  54. FattysGoneWild

    FattysGoneWild LI Guru Member

    Victek,

    Not to be rude or nitpick. Just a suggestion. I remember you say when going from 1.3c, d, e, etc. NVRAM erase (thorough) is not needed. Unless stated so in release notes. I am noticing you suggesting to do just that for this latest release. But, its not in the releases notes saying so. In the future. Possibly editing change log now or next version. Can you please state so with your suggestion personally when needed. It would be greatly appreciated. :D
     
  55. Elfew

    Elfew Addicted to LI Member

    better to use erase nvram after every flash... less problems ;)
     
    mpegmaster likes this.
  56. mpegmaster

    mpegmaster Addicted to LI Member

    +1... AMEN :cool:
     
  57. The Master

    The Master LI Guru Member

    dnsmasq version 2.71 is out
     
  58. Victek

    Victek Network Guru Member

    Something remarkable ? .. more security, less size, faster? ;)

    Changelog...
    Fix total DNS failure and 100% CPU use if cachesize set to zero,

    Ok.. something to be done for 1.3f version but no critical in tomato tests...
     
    Last edited: May 19, 2014
  59. dc361

    dc361 LI Guru Member

    @Victek The link for: E3000 - Beta 9014-v1.3e. does not seem to be working on the download site. V1.3e working fine so far on my E900, E4200 and RT-N66U.

    Thanks for the fine work!
     
  60. Victek

    Victek Network Guru Member

    Didn't get confirmation from beta tester .. you know I don't have E3000 so.. want to be sure..
     
  61. dc361

    dc361 LI Guru Member

    Ahh... ok, you could PM me the link and I'll give it a shot... DC
     
  62. Badders44

    Badders44 LI Guru Member

    I've never entered a port before; the page is entered via an unchanged iMacros script - I'll check that out and repost if required. Should it select a random port when port 0 is specified?

    and yes, to erase nvram.
     
  63. s44

    s44 Reformed Router Member

    *refreshes futilely*
     
  64. Victek

    Victek Network Guru Member

    Please look your in tray .. here is the link for E3000 and 8MB USB with 60K nvram for test. Thanks
     
  65. Spyros

    Spyros LI Guru Member

    How to use a custom dnscrypt server? Put server in static dns field and then what option to choose? Tried both three options and didn't work.
     
  66. DarkFnh

    DarkFnh Serious Server Member

    I too would love to know how to use a dnscrypt server other than opendns.. Something like dnscrypt.eu ..

    Edit: Figured it out using Static DNS and priority worked thanks Victek.
     
    Last edited: May 19, 2014
  67. Spyros

    Spyros LI Guru Member

    You used strict-order? Hm maybe the dns server i put doesnt support dnscrypt and reverts to opendns.
     
  68. DarkFnh

    DarkFnh Serious Server Member

    yeah and I tested using https://dnsleaktest.com/
     
  69. lancethepants

    lancethepants Network Guru Member

    The GUI simply does NOT support using any other provider than OpenDNS for DNSCrypt. DNSCrypt does not use static dns at all for anything. There are plans to support other dnscrypt enabled nameservers, something I'm going to work on for a later release sometime.
     
    Spyros likes this.
  70. Spyros

    Spyros LI Guru Member

    Ah thanks for the link.

    It seems that router's log reports that im using OpenDNS but this site reports im using resolver2.dnscrypt.eu

    Now how do i put these in static ipv6 field? How do i set port 443:confused:

    Code:
    [2a00:d880:3:1::a6c1:2e89]:443
     
  71. dc361

    dc361 LI Guru Member

    Thanks @Victek - the imaged flashed fine - Testing now ..
     
  72. Desolator

    Desolator Reformed Router Member

    I updated from D to E without nvram erase and everything is working fine, the only thing I had to do was powercycle the router, it came not up after the initial reboot.

    Openvpn 2.3.4 is working.
     
  73. Mitro

    Mitro Reformed Router Member

    i'm trying to get 4G ZTE K5008-Z usb dongle to work but i think the modeswitch is not present for this device:

    Bus 001 Device 003: ID 19d2:1032
    The data for this device can be found here: http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=3&t=1730

    Can someone help me with implementation and/or compiling a new version with this data?

    I'm currently using victek's latest build: Tomato RAF Firmware v1.28.9014 MIPSR2-RAF-v1.3e K26 USB
    Router is E4200 v1

    Thanks in advance!


    (sorry for overposting, how can i delete my post on shibby's thread?)
     
  74. Victek

    Victek Network Guru Member

    Thanks, no, it's not included, I understand how important is for you.. you can download the repo sources and include it or wait for future versions with this stuff included, it's not a priority now.
     
  75. Victek

    Victek Network Guru Member

    Glad to read it, a subject solved, go ahead.
     
  76. Victek

    Victek Network Guru Member

    Thanks, I released two images finally, one for net version and the other with minidlna ... it's the only solution.
     
  77. Victek

    Victek Network Guru Member

    Fixed.. thanks.
     
  78. Badders44

    Badders44 LI Guru Member

    Thank You! :)
     
  79. Spyros

    Spyros LI Guru Member

    Is it normal for the dnscrypt-proxy to refetch server cert every one hour? Also dnsmasq and httpd restart every 6 hours with sigterm received and this happens in every tomato build and variation.
     
  80. ghoffman

    ghoffman Addicted to LI Member

    on status->overview, memsize is wrong (should be 64k). this is what is displayed:
    ModelLinksys E4200 v1
    ChipsetBroadcom BCM4716 chip rev 1 pkg 10
    CPU Clock480 MHz
    CPU Load3.08%
    CPU Load (1 / 5 / 15 mins)0.00 / 0.00 / 0.00
    Date & TimeTue, 20 May 2014 20:30:21 -0500
    Uptime3 days, 04:06:47
    Flash RAM Size16 MB
    RAM Size / Free60.00 MB / 39.54 MB (65.89%)
    NVRAM Size / Free60.00 KB / 25.20 KB (42.01%)
     
  81. tstrike2000

    tstrike2000 Network Guru Member

    Victek, I'm running 1.3e on my 66u and it seems to be running good. My question is, is it normal behavior in this release to show wireless devices in the device list to still be connected with a wireless signal, even though they've been shut down? For example, an iPhone still shows as connected even when away from the house.
     
  82. JoeDirte

    JoeDirte Serious Server Member

    I'm running the same fw on the same router. The devices in my device list remain until the lease expires. However, devices which are not currently connected do not show as having an associated: Interface, RSSI, Quality or Tx/Rx Rate. For disconnected clients, I only see the MAC address, IP address, (name if available) and remaining lease time. This is the same behavior I have seen on other (Shibby) Tomato variants as well.

    DeviceList1.PNG
     
    Toastman and koitsu like this.
  83. oneaty

    oneaty Connected Client Member

    Hi, I'm new to Tomato (and this forum) and would like to know how should I proceed in upgrading the openssl libraries.

    Will a new firmware version soon be available for my router's model (Linksys E1200 v2)?

    I'm running tomato-E1200v2USB-NVRAM64K-1.28.9013MIPSR2--RAF-VLAN-VPN-NOCAT.bin (openssl 1.0.1 from 03/14/2012)

    Thanks
     
    EzRyder likes this.
  84. s44

    s44 Reformed Router Member

    Not to keep reposting, but has there been some holdup on the 4301/8301? I thought Victek's last post said it had already been tested...
     
  85. Direwolf

    Direwolf Network Newbie Member

    Could you please clarify the differences between the E3000 and E3000 (extended) beta versions? Sounds like the extended version includes minidlna? But what is missing from extended that's included in non-extended? Thanks.
     
  86. Elfew

    Elfew Addicted to LI Member

    OK, I flashed latest build on my all routers. One question about DNSsec - I wanna use it with google public DNS servers (8.8.8.8; 8.8.4.4) - so just add these two adresses into DNS field and reboot? How to check it is working? Thanks
     
  87. Victek

    Victek Network Guru Member

    DNSSEC
     
  88. lancethepants

    lancethepants Network Guru Member

    That is right. If you have IPv6 enabled, I would also make sure to put in some static IPv6 nameservers that support DNSSEC too. DNSMasq will pull from whatever DNS has been made available, but will only validate from namservers that support it. No reboot required, it takes affect after hitting save.

    Most guides show the following to check DNSSEC functionality.
    Code:
    dig org. SOA +dnssec
    
    Look for the 'ad' flag in the flags section. Most desktop linux distros come with the dig command. You can also install 'bind-dig' from entware.
     
    Elfew likes this.
  89. Spyros

    Spyros LI Guru Member

    @Victek i downloaded a 5MB file with 1.3e for e2000 and now i see the file is missing and another 7.4MB file is there
     
  90. Victek

    Victek Network Guru Member

    Correct, I included more features since this router have 8MB flash... nginx+php is included now. You can use extended storage to keep the document files if you like to use it.
     
  91. Spyros

    Spyros LI Guru Member

    I just flashed it, no space for jffs, router has no usb port or other storage to host web server files, what do you mean by extended storage.
     
  92. tstrike2000

    tstrike2000 Network Guru Member

    Ok, thanks. It appears to be just my router that has the phantom device still showing as connected though it is not. It doesn't hurt functionality or anything, just something I hadn't had before.
     
  93. tstrike2000

    tstrike2000 Network Guru Member

     
  94. Victek

    Victek Network Guru Member

    I planned to build jffs space .. have to review, thanks.

    @tstrike2000 You can delete the device clicking on it in device list.
     
  95. Elfew

    Elfew Addicted to LI Member

    I can use IPv6 or IPv4 - both are supported by my provider and both works. There were some problems with IPv6 so I switched back to IPv4. So there should be enought to add IPv4 DNS adresses from Google and it should be working, I will let you know.
    Thanks
     
  96. DarkFnh

    DarkFnh Serious Server Member

    I noticed there was no build of 1.3e for the AC66U
    So I would like to know if there will be a build of 1.3e for the AC66U?

    Thanks, I am really loving it on my N66 :)
     
  97. Victek

    Victek Network Guru Member

    :confused: a version for AC66U in your N66? ... anyway, yes, I'll do when back home this weekend.. thanks.
     
  98. tstrike2000

    tstrike2000 Network Guru Member

    Thanks, Victek. It only happens on some wireless connections and when I go to delete the wireless connection, it'll still show its interface and the last RSSI signal it had. Anyway, not a big deal, this is a small thing I had a question on, merely cosmetic. The firmware works great, which is all that matters. Speed, VPN, QoS, port forwarding, and all of the usual good stuff works great, as usual. Thanks to everyone for their hard work. I have Shibby, Toastman, and Victek builds spread across various routers for friends and family and have had no complaints.
     
  99. DarkFnh

    DarkFnh Serious Server Member

    Oh no .. A friend of mine who has an AC66U was looking for it so I thought I would ask :D
     
  100. oneaty

    oneaty Connected Client Member

    Not sure if this is the right place to ask for help, as a standard, more a less newbie user (I have some experience with DD-WRT and Openwrt)
    If not, please let me know and if possible, advise for the right forum.
    Anyway, after three days of running Tomato RAF (and really apreciatting it in regards to performance as well as user interface), I have an issue regarding scheduled reboot: after completing the reboot, Internet access is unavailable. Not sure if this addresses the cause, but after manually renewing DHCP lease, the router successfully connected to Internet.
    I tweaked around a couple of times with scheduled reboot, sometimes the router got connected to the Internet, sometimes not.

    My environment:

    Main router:
    • Linksys E1200v2
    • tomato-E1200v2USB-NVRAM64K-1.28.9013MIPSR2--RAF-VLAN-VPN-NOCAT.bin
    • wireless disabled, DHCP, firewall enabled
    Wireless AP
    • TP-LINK WR841N/Openwrt 12.09/ standing as a dumb AP (DHCP, firewall disabled), conected to one of E1200 lan ports
    Ubuntu Server 14.04 PC on a AMD Athlon 64 bits
    • Connected to E1200 lan port
    • On 24X7
    • Cacti monitoring
      • Interface statistics graph for this server shows clearly that after router reboot, Internet access was lost
    • Yacy server

    If this can help, the log entries generated by Tomato before, "during" and after reboot:

    [​IMG]

    and this

    [​IMG]

    Below, TCP connections and Bandwidth usage graphs, showing that Internet was down at the exact moment when Tomato reboot:

    [​IMG]
    [​IMG]

    The Internet usage seen in the graphs comes from the Ubuntu server running Yacy p2p search engine
     
    Last edited: May 23, 2014

Share This Page