Discussion in 'Tomato Firmware' started by Victek, Dec 28, 2012.
Thanks, deleted from Bugs list ...
Can I ask some help for IPv6 connectivity lack troubleshooting with latest versions?
I reverted to 1.3e for checking if 1.3f is the problem (it's possible I didn't really check it, can't remember. Fact is if I read tunnel live stats on SixXS it doesn't seem to have been non functional on 1.3e but just on 1.3f).
The provider says there are no known problems as of now for the tunnel itself, so I'm troubleshooting the issue on my part.
Some basic data about SixXS service:
it's static and I have a wan static IP, so I'm alright with them and don't need their additional aiccu utility for dynamic ips;
IPv6 Prefix 2001:****:100:***::1/64
PoP IPv6 2001:****:100:***::1
Your IPv6 2001:****:100:***::2
MTU 1480 (I can change this if needed)
IPv6 Them 2001:****:100:***::2/64
Reverse Zone *.*.*.126.96.36.199.0.*.*.*.*.188.8.131.52.ip6.arpa.
..notice the "8" added to the prefix.
So, I set Tomato 6to4 service to:
Assigned / Routed prefix: 2001:****:100:8***::/64 (Subnet Prefix)
Router IPv6 Address: (Manual) 2001:****:100:***::1 (Tunnel POP Ipv6)...I previously had this set to Auto, which did auto-input the additional "8"...this way it WAS definitively working, but it is not, now.
Static DNS: local ipv6 dnscrypt-proxies I set long time ago
Tunnel client IPv6 address: 2001:****:100:***::2/64 (Subnet IPv6 Them)
TTL: 64 (found this on their forum)
With these settings, I always had a perfect experience.
The major problem now seems to be that the Tomato router can't be pinged externally. SixXS pages say that I'm not ping-able, the tunnel is UP and that some data transit (Packets Out != 0, Packets In = 0).
The provider's own ipv6 router assigned to me can be pinged from the internet, from the router itself and from the clients too...but when pinging from the router or from clients they take less than 1ms to ping SixXS's IPv6 POP. Is this normal!? Websites offering ping services take more normal times like 20 to 130 ms. It sounds to me this is plain wrong as 0.5ms can be just my own router answering.
In the overview I see:
LAN - Router IPv6 Address: 2001:****:100:***::1 (Tunnel POP Ipv6). Perhaps this is just normal...not sure.
WAN - IPv6 Address: 2001:****:100:***::2/64 (Subnet IPv6 Them). This sounds normal. But this IP is not ping-able from anywhere outside the router ssh itself, not even the clients can ping this IP.
Under Firewall I enabled Respond to ICMP pings and even deleted the limit for being safe. I saw icmpv6 ping protection was added some versions ago. Do I need some more specific option to set the router to answer to icmpv6 pings on "wan" IPv6?
Thanks and sorry if this sounds inappropriate...any help is appreciated, this was all up and running some versions ago...
No Problem @MatteoV we all learn IPv6 cases every day, just to confirm then; 1.3e have the same issue as 1.3f when using SixXS service? but 1.3e was working fine before you updated to 1.3f, right?. In my case I tunned tunnelbroker.net and I have to say that experience in navigation is correct. Your configuration looks normal to me, what it surprises me are the low pings as you mention. IPv6 have changes in 1.3e and 1.3f with the DSCP Comcast fix but it only affects to EMF wireless, it's enabled by default.
Yes, that's what happened. To be honest I don't think I did personally test IPv6 with 1.3e, but reading the SixXS data on their website packets transited both the directions when I had 1.3e, so it seems it was working. Then I cleaned nvram, upgraded to 1.3f, cleaned nvram again and configured from scratch, manually, basing on the nvram export I did. After seeing the IPv6 problems, I did the same procedures, except I restored the previous nvram I saved before upgrading from 1.3e to 1.3f, instead of configuring from scratch. I think those pings to the SixXS POP are quite strange too..they seem not to go through them but just stop at the router, if I get the whole concept right. I saw the DSCP and will try to remove it, who knows
As expected, dscp didn't help.
hu tunnel works out of the box, instead.
I will try 1.3d to see if it works
Ok, long story short: it seems it's SixXS having problems, because the same configuration doesn't work where it did, like 1.3e, 1.3d or even 1.2v or 1.2x. I will await their answer on the tunnel problems!
Sorry all for asking such a silly noob question but will the latest Belkin F7D4302v1 v1.3d work on a F7D4301v1?
Just wanted to update from F7D4301v1 v1.2e which still has the Heartbleed issue.
If not, can a walkthrough/configuration/files be provided for one self to create my own firmware specifically for the F7D4301v1?
PS. I have all the latest source codes for Tomato RAF as I regularly update GIT.
Has anyone been able to get the Media Server working in 1.3f?
Since 1.3e my Panasonic TV reports 'Server not found'. It could be a problem with the updated version of MiniDLNA although it states:
On lg and samsung it is working fine
Thanks for the clarification Elfew. What port have you specified?
It works with default tomato raf setting (both tvs set it automatically)
I purchased a Tenda W1800R. Is it ok to use tomato-RT-AC66U_9014-RAF-v1.3f.trx?
Shibby has a firmware for w1800r but I don't know Victek has it.
Hi, just a little follow up.
SixXS answered this way:
Would you help me understand what does this mean!?
I mean, my ISP historically has many contracts where clients don't have personal public IPs, but are instead in big MANs (Metropolitan Area Networks) and can have public IP only pay-as-you-go.
My contract is quite new and different, I have a static personal IP always available for free. The only thing that stayed is that I also have their own modem/router (NAT) that can't be changed, and it is actually on the top of my E4200 router with Tomato. I have the ability to set 25 ports to be forwarded on their own website, i.e. no access to their modem/router interface is provided directly to me, but just through their systems indirectly, for configuring ports and WiFi (disabled, actually). E4200 does another NAT of course, and the ports I needed to open are towards it. So..well, I don't think this is a problem, it must be the configuration of everyone here, isn't it ?
What do you think SixXS intended, if I can ask?
It's the same, you can use it.
openssl 7 bugs fixed !
..only 7bugs.. lucky us... OK, will update next weekend with some fixes for SNPMD with agentx, minidlna update to 1.1.3 and now OpenSSL 1.0.1h ... critic update we'll need a exhaustive testing, not bad.
Thanks. I just flashed it.
I flashed the 1.3f this morning on my RT-N66 wiping NVR and rebuilding the configuration from the UI. One this I noticed is that I had to delete any cached wifi connections on my printers and phones. Others didn't have a issue like the Xbox or the Roku.
True, wireless driver have hide changes .. testing now 1.3g with new features for mipsel and arm
Let me know if you need some testers ;D
Sure, what model do you own? I send you the link by PM..
Ok thanks...ready when you are for "G"...
Let me know where the changes are and I can test those specifically.
Victek it would be really nice if you could add paragon NTFS drivers like shibby so that i could use ur FW on my RT-AC66U
Victek can I test out the new firmware for the ac68u too?! Thanks.
Why paragon? Have you tested the speed? With Victeks build i have higher througput over usb than with shibys one
@RonV you have PM with the link for 1.3g test version, changelog here
not me. i am getting 13-14 MB/s up and down with shibby 119 on RT-AC66U
can Victeks latest build for RT-AC66U beat this or come close? last i tried it couldnt
@Elfew - why Paragon??
I personaly tested your and victek build on my ac56 - I get better throughput with victek build...
because ARM builds has already ufds (paragon) NTFS driver build-in but Connor asked for RT-AC (mipsel) build with paragon module. My mod has build-in this module, Victek`s doesn`t. Victek`s RT-AC version is using ntfs-3g module.
btw i also tested my and Victek ARM build and i cannot confirn your words Can you tell my your results?
Vic, Give test the firmware "G" for my Asus RT-N66U
Not yet, I'm waiting feedback from one user and other module included... it will be ready on next 24 hours, thanks.
Sorry I've been away for some time.
Just wondering if you still need the EA6900 flash dump or anything else that will help make Tomato available on that router.
I need the unit, cfe or nvram dump is not enough with latest models, sorry.
lol i tested RAF 1.3f last night on RT-AC66U
5MB/s up 10MB/s down
Shibby 119 on RT-AC66U
14MB/s up 14MB/s down
Installed RAF-v1.3f K26ARM on my RT-AC68R tonight. I'm much with it than I was with the firmware I came from but when checking differences I found that dnsmasq.conf now has dhcp-option=lan,252,"\n" auto inserted.
To limit the Win7 wpad traffic shouldn't that be dhcp-option=252,"\n" to stop the traffic on all dhcp ranges or at least dhcp-option=br0,252,"\n" since the default range set up is dhcp-range=tag:br0, ...
Bow to the experts on this. I only found it because I have used the option without a tag for some time on other firmwares. I didn't see this elsewhere so apologies if I am repeating a question.
Victek release the beast! Shibby just stole your thunder haha
Most changes already exist in raf and already using latest openvpn fix from lancethepants
Haha I did notice that from the changelog.. Just need the new version of ssl
Sent from my Nexus 4 using Tapatalk
I would love to test the latest for the Asus RT-N66
I actually just created the static openvpn binary separately (using the entware toolchain in fact), but didn't do the actual update of OpenSSL in tomato. (It wouldn't be that hard though).
Siproxd still avalible with 1.3f ?
Yes, I'm glad you like it
Sent from my iPhone using Tapatalk
Thanks for your reply, good to know.
Im currently running "Tomato RAF Firmware v1.28.9013 MIPSR2-RAF-V1.2v K26 USB".
Uptime 103 days, since last reboot.
Rock solid and the best for my 50/10mbit VDSL connection.
I might upgrade to 1.3f today and test Siproxd or should i better wait for Vic's 1.3g ?
Also, is there a way to free up the NVRAM on my RT-N16 ?
Got a few static IP's + port forwards and also a Open VPN Client + Firewall and Wan up script to manage my VPN.
32.00 KB / 1312 (4.00%) at the moment. it went down to 600-800 at some point.
Could i use a USB flash drive and put all my stuff there ? Couldnt find any tutorial about this and google wasnt my friend this time...
Siproxd did not change between those two versions AFAIK but I was meaning to rewrite the daemon code for it perhaps for 1.3g
victek -E4200 using latest g release - router failed to route any interanl connections to WAN after heavy downloading (video viewing by one wired client). the router remained visible from the WAN port (i was at work when my son called me to say our home internet was not working), and I could access the dyndns-addressed web interface of the router from my work. form the web interface on the router, i could successfully ping access points on the network that were connected by LAN and wireless. so it appears that WAN-LAN routing was affected.
i was running nly IPV4, and the only new feature was siproxd.
i disbaled siproxd and rebooted (remotely!) and everything ais now ok. i'll keep testng without siproxd (which might have added a little quality to my VOIP but i'm not sure)
thanks as always for your excellent work!
@roadkill, that would be nice sir. Is there any problem with the current version of Siproxd ?
And is there any advise for my free NVRAM problem ?
The current version of Siproxd was built for K2.4 I then made some modifications to run it with K2.6 and I still haven't tested the complete build with ARM the behind the scene daemon which interprets the calls as they going through the proxy can be built better I think.. I wrote it long time ago, however I'm not currently aware of any issues with Siproxd it's just my pedantic nature thinking it can be done in a better way .. Anyway you can expect an upgrade for it soon it'll mostly affect GUI update speed and other cosmetic issues.
Sent from my iPhone using Tapatalk
I'm using the latest 1.3f with my AC66U and got serious W-LAN problems.
I have to reboot the router daily because the W-Lan gets instable. Some of my devices have a really slow transfer (around 1MBit/s and below!!!) speed then, internet is unusable. This happens to all devices that are a few metres away of the router.
Devices which are in the same room or near to the router don't have a slow transfer speed.
If I reboot the router, all devices again have a really fast transfer speed (around 30MBit/s). But a few hours later, mostly a day, the speed is again really slow for some for my devices.
Because of this I cleared the NVRAM completely and installed RAF 1.3f again, 3x times now. This didn't help, it's just helping for a short period of time like the reboot but won't fix the problem.
I hope you can solve this, Victek. I didn't have this problem with Tomato Shibby v118 (had this firmware for about 4 months).
LAN speed is great as it should be.
I too have an AC66U running Shibbys 120 build. It currently has several show stopper bugS (especially the lack of the 80 MHz) under the 5ghz tab. At this point there isn't an eta for a bug fix. I was wondering if you had a beta of your latest firmware compiled or that would run on the AC66U. I would love to test it to see if it is working properly.
I thank you and shibby for your hard work.
80 Mhz works fine for me in the 5 GHz band using Shibbys firmware on my AC66U.
**Edit ** Sorry I just reread your post and see you're talking about build 120. I'm using 119.
I don't know if this by design or a bug but the LCP Echo Failure Threshold works as a sum of retries. Than means if you set to 9 fails before trying to reconnect then the router will keep in memory the fails and will try to reconnect even if the 9 fails are not consecutive, that will result in unnecessary disconnections and being unable to reconnect wit the ISP for some minutes due to error of exceeding simultaneous pppoe connections.
This is easy to reproduce in a dsl connection, eg set LCP Interval to 20s and Retries to 5 (that makes a total of 100 seconds), reset the modem's adsl connection, it will take about 60 seconds to train/resync and also leaves a window of 40 secs. Leave it for one day or two and if the modem tries to retrain for another minute then router will drop the pppoe connection after 40 secs. Normally the router should start counting back from zero, not from 60.
Excuse my language BUT WTF happened to Victek!? Any word from him?
It is only a hobby.
AMEN... It's only a hobby... +1
Do I have to reply any post? ...
It's fixed in 1.3g version updated to minidlna 1.1.3 version.
great to hear from you! waiting for the G release
Ok, G release is major update since I found it very stable in the earlier beta test, read changelog:
#~ Tomato v1.28.9014 MIPSR2-RAF-v1.3g MIPS && ARM Platform
#~ Openssl 1.0.1h update security and bug fixes.
#~ dnsmasq 2.72 test3. - June 23 2014
#~ PHP 5.5.13. - June 2014
#~ ucarp 1.5.2 - Jun 10 2014
#~ nettle 3.0 - Jun 2014
#~ minidlna 1.1.3 - from git June 2014
I dont see the updated firmware on your website
click in changelog line ... Read here.
Victek, I dont understand. If your trying to imply that in the changelog it says wip and that its not out yet then I was only asking because I thought when you meant RELEASE..that you had released it. IF you are not being sarcastic then I must be blind and an idiot for still not being able to find the new firmware for the asus ac68u...
Excellent news Thanks for incorporating this. I'm willing to test, if possible.
does this mean i need to get WRT-1900AC now?
"G" release download ???
Yes. The file that says 1.3f is the "G" release download. Go for it.
The changelog is for wip version, when I release then the changelog is updated and shows next letter and the updates or changes, I can't evaluate what's your understanding or status, simply I explain the way I work.
Yea I still don't understand...I'll just let this one go. I thought post #3659 meant you released it and just didn't change the changelog yet to update the date and time. Theres others on this forum being funny and telling ppl that the firmware has been updated and you just didn't change the name from f to g. Either way ill just sit back and wait.
Better wait the new releases to be public, some beta testers already test it, here is your confusion.
Oh! Thanks for the heads up! I guess the sarcasm, the eye rolling etc in the post wasn't very obvious... :roll:
(Jesus, they're all out there today)
Trouble is that not everyone on this forum is english first language and sometimes the sarcasm or other intonation is lost in translation
Thanks Vic for all the efforts and thanks to all our members for testing, comments, and in general making this an interesting community
I dont know is it me or my router (E900) or victek's 'f' build but i noticed when i fiddle with settings (lets say open a port) my ipv6 connection drops and resumes 3-5minutes later.
Did anyone notice similar behavior??
I think this was not the case with shibby's build (can't say for sure)
My E900 works well for me with IPV6. My main router has a /48 tunnel to HE and I distribute /64s to my AP and test router (the e900). I did notice that type of issue at one point and I think that it was triggered by RA announcements and/or a bad default ipv6 default route on the e900 (I was playing with manual config and there must have been something left in NVRAM.
Did you reset your configuration to default after flashing the new build?
g is on the loose
Not for the RT-AC68U yet . Glad we are getting some precious security fixes and minidlna issues
I dont use a tunnel i have native ipv6 from ISP and yes i did clear NVRAM after flashing.
RT-N66U raf .g
advanced/routing gui is still buggy
ip traffic graph ? :\
The gui has a hard-coded value for maximum length. I reported this to Victek and he's looking into it. If your 'buggy' is what I saw, it is especially obvious on certain themes.
IP traffic graph can affected of many things, ex wrong iptables rules, max 11 of iptraffic sets and some others.
Been running G release on RT-N66U since yesterday. Working fine so far, but my configuration is quite simple: PPPoE to bridged ADSL modem, 2.4GHz and 5GHz wireless set up with WPA2 personal and AES, DHCP configured for LAN clients, DDNS configured using afraid.org, JFFS enabled and working, adblock and pixelserv configured and working, USB flash drive connected and available, SSH enabled (LAN only) and working.
Test DLNA ... it's by far the best update I saw till now fixing many issues with dlna ...
You're a tease!
If/when g releases, do you recommend an nvram wipe coming from f?
ok ... guys i didn't mean the normal graphs (sry)... works fine for me
i mean the ip traffic pie chart .... same as shibby builds have (vic knows what i mean ... hopefully ...)
no, I updated simply.. no need. If you don't use minidlna you can stay with the buggy dlna
I know, g release is internal updates and fixes, I'll look shibby code but if implies ipset (as I think) then it will overload CPU and increase sirq ... something that I don't like too much.
I'm considering getting a new router since the wireless on my N66U is a bit underwhelming. Which one do you need more test subjects for Victek? The RT-AC68U or R7000?
I was in the same question, after one week decided R7000 cuz faster and better cooling.
Enviado desde mi LG-D805 mediante Tapatalk
Yeah, I think R7000 is the top 'today'.
Hi Vic, may I know in the new build for RT-AC56U, is there an option to setup the OpenVPN server allowing users to login by username and password? Like the below picture in RMerlin build (server mod is OpenVPN instead).
Currently I have a few friends who needs to use my internet connection as a VPN channel for some websites. What I did is to setup different username and password for them so that it's easier to manage. The generating different ovpn setting files manually method is too techie for me
Thank you for the wonderful build, as always!
Very interesting, i was thinking to change my router for an asus RT-AC68U, but if victek says R7000 is better, maybe i have to change my decission.
I am disapointed with wifi range of my E4200 and i want to buy a better router.
Any update for E2000?
Guys give download G версию для RT-N66U?
Is g also up for AC66U?
Edit: There it is, thanks victek!
In order to avoid misunderstandings the directory access has been disabled in the web, all versions are in 'Downloads' page....
Vic, the link for the E2000 firmware download is wrong at the downloads page, atm it is: http://victek.is-a-geek.com/Reposit...-E2000-NVRAM60K-1.28.9014MIPSR2-RAF-v1.3g.bin
It should be: http://victek.is-a-geek.com/Repositorios/v1.3x/tomato-E2000-NVRAM60K-1.28.9014MIPSR2-RAF-v1.3g.bin
R7000 has been ordered. Hopefully it doesn't take long to arrive. Is there anything specific that needs testing on its build?
Also can I flash it straight to 1.3f from the stock firmware or do I need to use Shibby's initial image?
1.3g doesn't seem to be available for it on the downloads page yet.
Will check, thx.
Will post the migration (bridge) version too, better use mine since I prepared basic packages in the first migration for RAF, no problem. 1.3g release will appear in this week, it's under testing.