1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Shibby's Releases

Discussion in 'Tomato Firmware' started by shibby20, Feb 26, 2011.

  1. Rangaistus

    Rangaistus Network Newbie Member

    i'm not exactly sure what you're referencing, so i'm going to say a bunch of nonsense that will hopefully clear things up. i'm not sure what you already know.

    the removal of subdomains that i suggested is an enhancement to reduce the number of duplicate entries in the blacklist; not an added feature.

    the current functionality, as far as i understand it, works like this:
    1. DL from each URL
    2. consolidate all the DLed lists into one blacklist list (aka $WORK1)
    3. remove (some) duplicates
    4. remove whitelisted entries
    5. create additional dnsmasq config file (aka /tmp/etc/dnsmasq.adblock)

    the dnsmasq config file that is created, is formatted as:
    Code:
    address=/domain.xxx/0.0.0.0
    
    dnsmasq itself will block all subdomains of domain.xxx by design.
    i.e. it is not necessary to create:
    address=/sub1.domain.xxx/0.0.0.0
    address=/ads.domain.xxx/0.0.0.0
    address=/etc.domain.xxx/0.0.0.0

    in my view, IF the black list contains domain.xxx, then all listed subdomains should be considered as a duplicate. in other words, the functional behavior of:
    1. this
      Code:
      address=/domain.xxx/0.0.0.0
      address=/www.domain.xxx/0.0.0.0
      address=/ads.domain.xxx/0.0.0.0
      address=/etc.domain.xxx/0.0.0.0
      
    2. and
      Code:
      address=/domain.xxx/0.0.0.0
      
    is exactly the same. so why have a bloated list (#1), when we could have a more compact list (#2)?

    in your example of "block system.mondeos.pl but allow mondeos.pl", it depends how the list is structured.
    if the list is like:
    Code:
    127.0.0.1 system.mondeos.pl
    
    then that's good. it will work as you want. it will still block system.mondeos.pl and *.system.mondeos.pl, but *.mondeos.pl is allowed (except system.mondeos.pl).
    sideNOTE: if you put mondeos.pl into the whitelist, then even system.mondeos.pl will be removed.

    if the list is like:
    Code:
    127.0.0.1 mondeos.pl
    127.0.0.1 system.mondeos.pl
    127.0.0.1 ads.mondeos.pl
    127.0.0.1 tracking.mondeos.pl
    
    then system.mondeos.pl will be blocked because of the line "mondeos.pl" anyway.
    following my suggestion of removing subdomains will remove system.mondeos.pl, ads.mondeos.pl, and tracking.mondeos.pl, but only because "mondeos.pl" is listed.

    if the list is like:
    Code:
    127.0.0.1 system.mondeos.pl
    127.0.0.1 ads.mondeos.pl
    127.0.0.1 tracking.mondeos.pl
    
    then subdomains will not be removed. mondeos.pl is allowed, as well as *.mondeos.pl, except system, ads and tracking.

    PS> if i was smarter, i'd know how to be brief.
     
    pharma and kille72 like this.
  2. scorpeeon

    scorpeeon Networkin' Nut Member

    Hello!

    I have a noob question (sorry about that).
    So I have an E4200, and am using Shibby's Tomato on it since ever, it works very reliably and has a lot of functionality, so I'm very satisfied with it. I just upgraded my internet from 120/40 Mbps to 1000/200 and noticed that I can't get internet speeds significantly over 100 Mbps (speedtests show around 100/140 Mbps).
    Is maybe the router's processing power just not fit to handle this kind of bandwidth? What I don't get is when copying files over LAN it can copy files around gigabit speeds (or at least over 700 Mbps) - so why such big difference there, why does it need so much processing power for WAN than just local LAN?
    After a quick search I found an advice to enable BCM_NAT (with the command: modprobe bcm_nat) and with that I can get around 200/200 Mbps but is still has ways to go.
    Can anyone advice me on what's the problem? If it's indeed a hardware limitation, what kind of router would I need to be able to really get around 1000 Mbps on the WAN?
     
  3. jerrm

    jerrm Network Guru Member

    @Rangaistus - pretty much all your fixes/suggestions are valid, and have been addressed in the various adblock script threads. I would leave the whitelist functionality as raw regular expressions, as that affords a lot of flexibility. At most have a checkbox to enforce "strict" matching.

    I think @shibby20 brought adblock (with some fixes) over from another from another firmware. If you want your suggestions incorporated, work them up and submit as patches. I doubt @shibby20 will spend much time on it - and hope he doesn't - there are other core issues that need addressing in 138+.
     
  4. jungu234

    jungu234 Network Newbie Member

  5. TTROUT

    TTROUT Network Newbie Member

    That is not true, 2.6.36 is also EOL. Both LTSI and kernel.org stopped supporting them a while ago.
    List of supported kernel releases:

    https://www.kernel.org/category/releases.html
    http://ltsi.linuxfoundation.org/downloads/releases

    And yes shibby includes very old versions of nginx php, e.g.:

    06 Mar 2014, PHP 5.5.10

    5.5 is eol and the latest was 5.5.38

    In terms of security this is really questionable and the user should get a warning, that exposing these services on WAN should be avoided.
     
  6. koitsu

    koitsu Network Guru Member

    Where I got my statements:

    "Versions 2.6.16 and 2.6.27 of the Linux kernel were unofficially supported in a long-term support (LTS) fashion, before a 2011 working group in the Linux Foundation started a formal long-term support initiative."

    Reference: https://en.wikipedia.org/wiki/Linux_kernel#Releases_before_2.6.0
    Reference: https://www.linuxfoundation.org/new...nces-consumer-electronics-long-term-stable-ke

    So, there is conflicting information here -- or rather, it sounds like Wikipedia has outdated information.

    The duration listed by the CE Workgroup is somewhere between 2-3 years. 2.6.36 was released in October 2010, so I guess that would be considered expired. Fair enough. 2.6.39 was the last 2.6.x release, dated May 2011, so that's still a couple years expired. The only ones which would fall into this category are 3.2.x or newer.

    But guess what: it doesn't really matter, does it? What mandates the kernel version at this point -- talking about the reality, not idealism -- is for the most part the binary blob wireless drivers (and likely Ethernet switching, but unsure about that one). In other words: complaints about the kernel being too old should be directed at a) vendors (to put pressure on Broadcom, with whom they have a relationship) and/or b) Broadcom.

    And I'd still like an answer to my question you omitted:

    If you can't bring anything to the table, then are you here to shit on the project or...? Let me be clear: I do not believe in OS (or project/firmware/whatever) advocacy in general. I just do not see the "driving force" behind your posts. If you could shed light on that, that'd be appreciated. Everyone is entitled to an opinion (I have zero problem with disagreements), but I'm having trouble understanding "where you're coming from" (as a modus operandi).
     
  7. Rangaistus

    Rangaistus Network Newbie Member

    that's a good point. i did not think of passing the pattern thru the list. :p

    i'm not sure what this means. i'm not familiar with tomato or github contribution procedures.
    any help would be appreciated.
     
  8. OndrejB

    OndrejB New Member Member

    Hello,

    I have ASUS RT-N12 (and RT-N12D), first works as router with IP 192.168.1.1, the second is just an AP with IP 192.168.1.1 and disabled DHCP. I have WLAN with name C33 and then two other C33-1 and C33-2 to be able to connect to router or AP directly.

    I have Xbox 360 connected by cable to AP (192.168.1.2) and I am trying to get my NAT status to Open instead of Moderate. Even if I set port forwarding manually, it does not work. For example Skype opens its ports by UPnP OK.

    Now I finally tried to connect Xbox directly to router (192.168.1.1) and NAT is suddenly Open. So I guess I am struggling with double NAT or something similar.

    I am running Tomato Firmware 1.28.0000 MIPSR2-138 K26 Max (router on 192.168.1.1) and Tomato Firmware 1.28.0000 MIPSR2-138 K26 MiniIPv6 (AP on 192.168.1.2).

    Any ideas, please?
     
  9. Elfew

    Elfew Network Guru Member

    @shibby20 - Hi, will be there any Christmas release as a present for us? :)

    I would like to flash Tomato on the friend's router (he uses Asus stock one).
     
  10. koitsu

    koitsu Network Guru Member

    That is exactly what the problem is.

    Port forwarding needs to be applied in two places. I'm sorry I have to use this code syntax because the forum turns colon-P into a stupid :p emoticon:

    Code:
    Step 1: On 192.168.1.1, forward portX --> 192.168.1.2:portX
    Step 2: On 192.168.1.2, forward portX --> ip-of-xbox:portX
    
    If a port range is needed, then replace portX above with the port range.

    An alternate approach would be to use a port forwarding + DMZ combination. E.g.
    Code:
    Step 1: On 192.168.1.1, forward portX --> 192.168.1.2:portX
    Step 2: On 192.168.1.2, set DMZ destination to ip-of-xbox
    
    However, the alternate approach has security ramifications: any packet arriving at 192.168.1.2 which cannot be associated in the NAT state table will be send to ip-of-xbox. This can have security implications (maybe not for the XBox, but for PCs/etc. yes absolutely). In general, use of DMZ is something to avoid.

    I would recommend you simply leave the XBox connected to 192.168.1.1 via an Ethernet cable. Depending on what types of games you play, latency may be a factor -- and wireless does not cater well to latency (ever).
     
  11. OndrejB

    OndrejB New Member Member

    koitsu, thanks for quick reply.

    So there is no way I can get UPnP to work, without need of manual forwarding? All devices should be on the same subnet and AP should be transparent (no DHCP on AP, Routing set to Router, not Gateway), so why it's not working?

    Router (.1) is far from me, so that's why I have second Asus here to serve as switch and AP (desktop, laptop, Xbox, phone,...).

    I would really prefer if it works with AP (.2).
     
  12. koitsu

    koitsu Network Guru Member

    You just changed focal subjects. You were discussing port forwarding in general when using 2 routers, and didn't disclose "how" you had set up your network, throwing in "oh Skype does UPnP and it works" (it probably doesn't but you think it does because of how Microsoft does certain things in Skype without your knowledge -- I can explain this later in detail if you want). I didn't realise we were discussing UPnP specifically. Kinda not cool, but I'll live. :p

    You need to describe every part of your network. Please open a new thread -- do not continue this in the Shibby thread, it's irrelevant to Shibby -- and provide full network details of each AP, including LAN details (size/subnet/EVERYTHING), as well as IPs of clients (ex. XBox, etc.). I'm going to need to know if they use DHCP and how you have EVERYTHING configured. It matters. SSDP/UPnP is particularly sensitive to this given how it works.

    The short of it: the more complicated your network, the more likely things will not work. Yeah, it really is that easy. :)

    I look forward to your thread.
     
  13. mgeorge

    mgeorge Reformed Router Member

    Thank you, I don't know why I didn't see this one by myself. Do you know maybe, what is the difference between VPN and miniVPN?
     
  14. kille72

    kille72 LI Guru Member

    miniVPN - [miniVPN (small BTgui-VPN) for routers with 8MB flash like Netgear 3500L, RT-N10u or RT-N15U]
    NTFS=y OPENVPN=y BBEXTRAS=y USBEXTRAS=y MULTIWAN=y EBTABLES=y MEDIASRV=y IPV6SUPP=y USB="USB" BTGUI=y PPTPD=y NO_JFFS=y

    VPN
    NTFS=y OPENVPN=y BBEXTRAS=y USBEXTRAS=y MULTIWAN=y EBTABLES=y MEDIASRV=y IPV6SUPP=y USB="USB" DNSCRYPT=y PPTPD=y
     
  15. scorpeeon

    scorpeeon Networkin' Nut Member

    An update on this: after looking at more powerful routers and ready to buy, as a last try with nothing to lose, I just flashed back the factory firmware to check how it performs, and to my surprise the WAN speed drastically increased, I'm measuring 800+ Mbps (with tomato it was 100 Mbps and 200 Mbps with BCM_NAT enabled).
    Any tips what might cause this huge gap in performance between tomato and stock firmware?
    Is there some proprietary stuff used in stock fw to get these speeds that can't be used in tomato - or maybe something is not configured correctly? What do you think?
     
  16. microchip

    microchip Serious Server Member

    your router is MIPS-based and hardware acceleration in Tomato does not work on MIPS routers
     
  17. kille72

    kille72 LI Guru Member

  18. koitsu

    koitsu Network Guru Member

    Last edited: Dec 11, 2016
  19. The Master

    The Master Network Guru Member

    kille72 likes this.
  20. flashy

    flashy New Member Member

    Hi,
    I'm using shibby's mod for a long time and be very happy with it.

    There is a problem with newer router's firmware, they are blocking 3rd party firmware because of the new FCC regulations.

    @shibby20
    So does anybody know if there'll be a workaround for this situation?

    For example the Asus RT-AC68U with revision E1?

    Or is there a newer WiFi-AC router which can be flashed?
     
  21. Frequenzy

    Frequenzy Networkin' Nut Member

    if the E1 is the same as C1, then tomato doesn't support it. just use merlin fw.
     
  22. scorpeeon

    scorpeeon Networkin' Nut Member

    That's too bad, because otherwise I found Tomato to be much superior in any other aspects than the stock firmware.. So now it looks like I'm stuck with stock fw...
    Why is this btw? Proprietary drivers/software in stock fw that simply can't be included in custom fws?
     
  23. koitsu

    koitsu Network Guru Member

    Subject in question has been discussed for 6+ years. Here's a recent thread (read it, don't skim it) covering both FastNAT and CTF; you will find my post enlightening, but I get the impression it's not going to be enough for you: http://www.linksysinfo.org/index.php?threads/hardware-nat-ctf-fa-in-tomato.72182/

    If you really want 1000mbit/sec NAT'd traffic, then Tomato on MIPS is not going to do it. You might be able to get close to it with ARM with CTF (read the thread: there are features/risks involved), else you need higher-end equipment. Start talking to companies like Ubiquiti, Juniper, and Cisco and explain to them your needs. This kind of bandwidth borders on insane; if you can afford that connection, then you can afford the equipment needed to handle it. (Now you understand why ISPs offering gigE also tend to hand you very specific routers/devices that are to be used with the service)
     
  24. scorpeeon

    scorpeeon Networkin' Nut Member

    Thanks, I'll certainly give those a read.

    About the argument about affording the equipment: I'm not sure how it is in the US (though I heard some bad stories :) ) but I live in Hungary and this 1000 Mbps connection's monthly cost is only 3 USD higher than the 120 Mbps (the monthly cost is equivalent to about 23 USD), which is not too much even in here, especially considering that it's used by pretty big family here.

    I'm not too cheap when it comes to routers, my E4200 costed like 200 USD when I bought it (which is quite a lot around here, most folks here have routers costing much less), and I'm willing to pay similar for equipment that can perform well and reliable for years to come - though professional grade stuff you mention I image could cost much more.
    I really didn't expect to see that 1000 Mbps is so problematic today with these cool open source router firmwares (tomato, ddwrt, etc.) - even though most recent routers can do it with stock firmwares..
    I'm not sure what to do now. I might keep using the E4200 with stock fw, but it already feels less repsonsive than it was with tomato even though it can achieve much higher bandwidth trough WAN.
    I also read that newer Asus routers (with ARM CPU I think like AC68U, AC87U, AC88U) have stock fw that is already tomato based and there is even a custom version (I think they call it Merlin) with additional features that still can use hardware NAT, so that could also be an option maybe.

    Update: so I read though the thread you linked and my basic understanding is that even today's most powerful home routers just aren't powerful enough to handle gigabit connections properly, which is why they use hardware NAT/CTF as a way to bypass to CPU and this part is not even open source - hence the challenge to make it into open firmwares like tomato. But this hardware NAT is a bit like cheating and bypasses some stuff routers normally shouldn't bypass. Interesting indeed.
    I'm wondering if this would be still a problem if they used today's ARM based flagship smartphone CPUs that have typically 4x 64 bit cores running above 2 GHz while only consuming a few watts. Maybe we'll just have to wait a few more years until CPUs like that make their way into home routers?
     
  25. Guso.

    Guso. Reformed Router Member

  26. Toastman

    Toastman Super Moderator Staff Member Member

    Smartphone CPU's run at maximum speed for quite short lengths of time, most of the time they idle at a fraction of advertised speed. That's because phones have no way to get rid of excess heat. A router under heavy load passing gigabyte traffic is rather a different animal.
     
  27. Bird333

    Bird333 Network Guru Member

    Last edited: Dec 15, 2016
  28. scorpeeon

    scorpeeon Networkin' Nut Member

    Yes, this is typically true, though for some new uses like VR, being able to handle heavy load for longer times is needed, so for instance Android 7 has a "sustained performance mode" to do that - they still can get quite hot though.
    Also: what's stopping manufacturers from slapping a big CPU cooler on the router? Is it the aesthetics, routers have to be lean an good looking, can't they be monstrous? I mean I wouldn't mind it, they aren't smartphones to have to fit on your pocket. :) Or is it the added cost? My desktop PC has a gigantic cooler (being able to handle overclocked CPUs running at 4.5 GHz consuming 100 watts) and it costs like $30.
    I don't think this should be as big problem as it is now... I mean it's far more challenging for gamer PCs to provide 4K resolution at 60 fps with ~10 billion transistors, thousands of shader processors running at 2 GHz (~10 TFLOPS performance) and keep it cool at the same time, yet they manage to do that (with 500-1000 watts and pretty big coolers of course) :)
    I guess there's just not enough people with gigabit connections yet...
     
  29. Rangaistus

    Rangaistus Network Newbie Member

    i don't believe it. read where?
     
    koitsu likes this.
  30. Jimmy Jimenez

    Jimmy Jimenez New Member Member

    I have a Netgear R6300v2. I tried going from the latest netgear stock version 1.0.4.06 to Tomato using the tomato-r6300v2.initial.chk file. The router is now stuck on constant reboot loop. It's stays amber under 10 seconds, before it cycles through a reboot loop. I've tried the 30-30-30 method, I've tried using TFTP to load the original stock firmware back, but unfortunately it fails. I'm able to get some pings to the device, but again since it's stuck in the loop, the pings are not consistent. If anyone has come across this, I'd be very thankful for advice.

    Thanks in advance.
     
  31. jerrm

    jerrm Network Guru Member

    Google around. Current ASUS firmware started life as a port of the cleanly licensed portions of Tomato - probably just Linux and a few other GPL and similarly licensed bits. I don't think they could use anything "(c) John Zarate" which pretty much eliminated the UI in total.

    But that was years ago and things have diverted significantly. I have to wonder how relevant the fact is now.
     
  32. RMerlin

    RMerlin Network Guru Member

    Asuswrt was indeed originally forked from TomatoUSB, with some pieces from DD-WRT and OpenWRT (like the FTP and PPTP support).

    The OpenVPN code was taken by me from Tomato, and ported to Asuswrt, which Asus integrated into the stock firmware afterward.

    So yes, still a lot of common DNA between the two, enough for me to collaborate with the Tomato devs on some things. Or Shibby taking the ARM support from Asuswrt and merging it back into Tomato.
     
  33. Rangaistus

    Rangaistus Network Newbie Member

    possible bug with adblock -- what's the proper procedure to file a bug?

    previously posted here.

    adblock fails to activate entries.
    Code:
    15:12:55 Router user.info adblock: activated - 36341 entries
    15:13:00 Router user.info adblock: activated - 0 entries
    
    it may be related to the physical WAN interface going down (too frequently?).

    Code:
    Dec 13 15:12:13 Router user.info init[1]: MultiWAN: MWAN is 1 (max 4).
    Dec 13 15:12:13 Router user.notice root: Transmission daemon successfully stopped.
    Dec 13 15:12:13 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:13 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:13 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:13 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:13 Router user.warn kernel: vlan2: Setting MAC address to  XX XX XX XX XX XX.
    Dec 13 15:12:13 Router user.debug kernel: vlan2: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:13 Router daemon.notice pppd[9048]: Modem hangup
    Dec 13 15:12:13 Router daemon.info pppd[9048]: Connect time 4.0 minutes.
    Dec 13 15:12:13 Router daemon.info pppd[9048]: Sent 35367 bytes, received 25953 bytes.
    Dec 13 15:12:13 Router user.debug kernel: vlan2: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:13 Router daemon.notice pppd[9048]: Connection terminated.
    Dec 13 15:12:13 Router daemon.info pppd[9048]: Terminating on signal 15
    Dec 13 15:12:13 Router daemon.info pppd[9048]: Exit.
    Dec 13 15:12:13 Router daemon.info pppd[9999]: Plugin rp-pppoe.so loaded.
    Dec 13 15:12:13 Router daemon.info pppd[9999]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
    Dec 13 15:12:13 Router daemon.notice pppd[10000]: pppd 2.4.5 started by root, uid 0
    Dec 13 15:12:13 Router user.info kernel: device eth1 left promiscuous mode
    Dec 13 15:12:13 Router user.info kernel: br0: port 2(eth1) entering disabled state
    Dec 13 15:12:13 Router user.info kernel: device eth2 left promiscuous mode
    Dec 13 15:12:13 Router user.info kernel: br0: port 3(eth2) entering disabled state
    Dec 13 15:12:13 Router user.info kernel: device wl0.1 left promiscuous mode
    Dec 13 15:12:13 Router user.info kernel: br2: port 2(wl0.1) entering disabled state
    Dec 13 15:12:13 Router user.info kernel: device eth1 entered promiscuous mode
    Dec 13 15:12:13 Router user.info kernel: br0: port 2(eth1) entering forwarding state
    Dec 13 15:12:13 Router user.info kernel: device eth2 entered promiscuous mode
    Dec 13 15:12:13 Router user.info kernel: br0: port 3(eth2) entering forwarding state
    Dec 13 15:12:13 Router user.info kernel: device wl0.1 entered promiscuous mode
    Dec 13 15:12:13 Router user.info kernel: br2: port 2(wl0.1) entering forwarding state
    Dec 13 15:12:15 Router user.info adblock: prepare to download ...
    Dec 13 15:12:15 Router user.info adblock: skip disabled blacklist - http://hostsfile.mine.nu/Hosts
    Dec 13 15:12:15 Router user.info adblock: skip disabled blacklist - https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
    Dec 13 15:12:15 Router user.info adblock: [1] downloading blacklist - http://localnas/hostfinal.txt
    Dec 13 15:12:16 Router user.info adblock: ... [1] found 36494 entries
    Dec 13 15:12:17 Router user.debug init[1]: rstats stopped.
    Dec 13 15:12:17 Router user.debug init[1]: cstats stopped.
    Dec 13 15:12:17 Router user.info init[1]: NGinX - killing daemon
    Dec 13 15:12:17 Router user.emerg init[1]: OUT checkConnect, wan is disconnected
    Dec 13 15:12:17 Router user.debug init[1]: 255: pptp peerdns disabled
    Dec 13 15:12:17 Router user.emerg init[1]: OUT checkConnect, wan is disconnected
    Dec 13 15:12:17 Router user.notice root: MySQL successfully stoped
    Dec 13 15:12:17 Router daemon.notice miniupnpd[9682]: shutting down MiniUPnPd
    Dec 13 15:12:18 Router daemon.info pppd[10000]: PPP session is 39171 (0x9903)
    Dec 13 15:12:18 Router daemon.warn pppd[10000]: Connected to XX:XX:XX:XX:XX:XX via interface vlan2
    Dec 13 15:12:18 Router daemon.info pppd[10000]: Using interface ppp0
    Dec 13 15:12:18 Router daemon.notice pppd[10000]: Connect: ppp0 <--> vlan2
    Dec 13 15:12:18 Router daemon.err openvpn[9696]: event_wait : Interrupted system call (code=4)
    Dec 13 15:12:18 Router daemon.notice openvpn[9696]: /sbin/route del -net 192.168.1.64 netmask 255.255.255.192
    Dec 13 15:12:18 Router daemon.notice openvpn[9696]: Closing TUN/TAP interface
    Dec 13 15:12:18 Router daemon.notice openvpn[9696]: /sbin/ifconfig tun21 0.0.0.0
    Dec 13 15:12:18 Router daemon.notice openvpn[9696]: SIGTERM[hard,] received, process exiting
    Dec 13 15:12:19 Router daemon.info pppd[10000]: Terminating on signal 15
    Dec 13 15:12:19 Router daemon.notice pppd[10000]: Connection terminated.
    Dec 13 15:12:19 Router daemon.info pppd[10000]: Exit.
    Dec 13 15:12:19 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:19 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:19 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:19 Router user.debug kernel: vlan2: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:20 Router user.info kernel: br0: port 3(eth2) entering disabled state
    Dec 13 15:12:20 Router user.info kernel: br0: port 2(eth1) entering disabled state
    Dec 13 15:12:20 Router user.info kernel: br0: port 1(vlan1) entering disabled state
    Dec 13 15:12:21 Router user.debug kernel: vlan1: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:21 Router user.debug kernel: vlan1: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:21 Router user.debug kernel: vlan1: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:21 Router user.debug kernel: vlan1: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:21 Router user.info kernel: device vlan1 left promiscuous mode
    Dec 13 15:12:21 Router user.info kernel: br0: port 1(vlan1) entering disabled state
    Dec 13 15:12:21 Router user.info kernel: device eth1 left promiscuous mode
    Dec 13 15:12:21 Router user.info kernel: br0: port 2(eth1) entering disabled state
    Dec 13 15:12:21 Router user.info kernel: device eth2 left promiscuous mode
    Dec 13 15:12:21 Router user.info kernel: br0: port 3(eth2) entering disabled state
    Dec 13 15:12:21 Router user.info kernel: br1: port 1(vlan3) entering disabled state
    Dec 13 15:12:21 Router user.debug kernel: vlan3: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:21 Router user.debug kernel: vlan3: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:21 Router user.debug kernel: vlan3: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:21 Router user.debug kernel: vlan3: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:21 Router user.info kernel: device vlan3 left promiscuous mode
    Dec 13 15:12:21 Router user.info kernel: br1: port 1(vlan3) entering disabled state
    Dec 13 15:12:22 Router user.info kernel: br2: port 2(wl0.1) entering disabled state
    Dec 13 15:12:22 Router user.info kernel: br2: port 1(vlan4) entering disabled state
    Dec 13 15:12:22 Router user.debug kernel: vlan4: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:22 Router user.debug kernel: vlan4: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:22 Router user.debug kernel: vlan4: del XX:XX:XX:XX:XX:XX mcast address from vlan interface
    Dec 13 15:12:22 Router user.debug kernel: vlan4: del XX:XX:XX:XX:XX:XX mcast address from master interface
    Dec 13 15:12:22 Router user.info kernel: device vlan4 left promiscuous mode
    Dec 13 15:12:22 Router user.info kernel: br2: port 1(vlan4) entering disabled state
    Dec 13 15:12:22 Router user.info kernel: device wl0.1 left promiscuous mode
    Dec 13 15:12:22 Router user.info kernel: br2: port 2(wl0.1) entering disabled state
    Dec 13 15:12:23 Router user.notice kernel: klogd: exiting
    Dec 13 15:12:23 Router syslog.info syslogd exiting
    Dec 13 15:12:23 Router syslog.info syslogd started: BusyBox v1.25.0
    Dec 13 15:12:23 Router user.err syslog: module usbcore not found in modules.dep
    Dec 13 15:12:25 Router user.debug kernel: vlan1: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.debug kernel: vlan1: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.info kernel: vlan1: dev_set_allmulti(master, 1)
    Dec 13 15:12:25 Router user.info kernel: device eth1 entered promiscuous mode
    Dec 13 15:12:25 Router user.info kernel: device eth2 entered promiscuous mode
    Dec 13 15:12:25 Router user.info kernel: br0: port 3(eth2) entering forwarding state
    Dec 13 15:12:25 Router user.info kernel: br0: port 2(eth1) entering forwarding state
    Dec 13 15:12:25 Router user.info kernel: br0: port 1(vlan1) entering forwarding state
    Dec 13 15:12:25 Router user.debug kernel: vlan3: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.debug kernel: vlan3: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.info kernel: vlan3: dev_set_allmulti(master, 1)
    Dec 13 15:12:25 Router user.info kernel: br1: port 1(vlan3) entering forwarding state
    Dec 13 15:12:25 Router user.debug kernel: vlan4: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.debug kernel: vlan4: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.info kernel: vlan4: dev_set_allmulti(master, 1)
    Dec 13 15:12:25 Router user.info kernel: device wl0.1 entered promiscuous mode
    Dec 13 15:12:25 Router user.info kernel: br2: port 2(wl0.1) entering forwarding state
    Dec 13 15:12:25 Router user.info kernel: br2: port 1(vlan4) entering forwarding state
    Dec 13 15:12:25 Router user.warn kernel: vlan2: Setting MAC address to  XX XX XX XX XX XX.
    Dec 13 15:12:25 Router user.debug kernel: vlan2: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router user.debug kernel: vlan2: add XX:XX:XX:XX:XX:XX mcast address to master interface
    Dec 13 15:12:25 Router daemon.info pppd[10651]: Plugin rp-pppoe.so loaded.
    Dec 13 15:12:25 Router daemon.info pppd[10651]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
    Dec 13 15:12:25 Router daemon.notice pppd[10652]: pppd 2.4.5 started by root, uid 0
    Dec 13 15:12:26 Router user.info kernel: device eth1 left promiscuous mode
    Dec 13 15:12:26 Router user.info kernel: br0: port 2(eth1) entering disabled state
    Dec 13 15:12:26 Router user.info kernel: device eth2 left promiscuous mode
    Dec 13 15:12:26 Router user.info kernel: br0: port 3(eth2) entering disabled state
    Dec 13 15:12:26 Router user.info kernel: device wl0.1 left promiscuous mode
    Dec 13 15:12:26 Router user.info kernel: br2: port 2(wl0.1) entering disabled state
    Dec 13 15:12:26 Router user.info kernel: vlan1: dev_set_promiscuity(master, 1)
    Dec 13 15:12:26 Router user.info kernel: vlan1: dev_set_allmulti(master, -1)
    Dec 13 15:12:26 Router user.info kernel: device eth1 entered promiscuous mode
    Dec 13 15:12:26 Router user.info kernel: br0: port 2(eth1) entering forwarding state
    Dec 13 15:12:26 Router user.info kernel: device eth2 entered promiscuous mode
    Dec 13 15:12:26 Router user.info kernel: br0: port 3(eth2) entering forwarding state
    Dec 13 15:12:26 Router user.info kernel: vlan3: dev_set_promiscuity(master, 1)
    Dec 13 15:12:26 Router user.info kernel: vlan3: dev_set_allmulti(master, -1)
    Dec 13 15:12:26 Router user.info kernel: vlan4: dev_set_promiscuity(master, 1)
    Dec 13 15:12:26 Router user.info kernel: vlan4: dev_set_allmulti(master, -1)
    Dec 13 15:12:27 Router user.info kernel: device wl0.1 entered promiscuous mode
    Dec 13 15:12:27 Router user.info kernel: br2: port 2(wl0.1) entering forwarding state
    Dec 13 15:12:29 Router user.info adblock: prepare to download ...
    Dec 13 15:12:30 Router user.emerg init[1]: OUT checkConnect, wan is disconnected
    Dec 13 15:12:30 Router user.info init[1]: NGinX - daemon not enabled cancelled generation of config file
    Dec 13 15:12:30 Router user.info adblock: skip disabled blacklist - http://hostsfile.mine.nu/Hosts
    Dec 13 15:12:30 Router user.debug init[1]: starting rstats.
    Dec 13 15:12:30 Router user.info adblock: skip disabled blacklist - https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
    Dec 13 15:12:30 Router user.debug init[1]: starting cstats.
    Dec 13 15:12:30 Router user.notice root: MySQL successfully stoped
    Dec 13 15:12:31 Router daemon.info pppd[10652]: PPP session is 39173 (0x9905)
    Dec 13 15:12:31 Router daemon.warn pppd[10652]: Connected to XX:XX:XX:XX:XX:XX via interface vlan2
    Dec 13 15:12:31 Router daemon.info pppd[10652]: Using interface ppp0
    Dec 13 15:12:31 Router daemon.notice pppd[10652]: Connect: ppp0 <--> vlan2
    Dec 13 15:12:31 Router user.notice root: Stoping NFS Server ...
    Dec 13 15:12:31 Router user.notice root: NFS Server stoped ...
    Dec 13 15:12:31 Router user.info init[1]: Asus RT-N66U: Tomato 1.28.0000 MIPSR2-138 K26AC USB AIO-64K
    Dec 13 15:12:31 Router user.info adblock: [1] downloading blacklist - http://localnas/hostfinal.txt
    Dec 13 15:12:31 Router user.notice root: Transmission daemon successfully stopped.
    Dec 13 15:12:32 Router user.info adblock: ... [1] found 36494 entries
    Dec 13 15:12:34 Router daemon.err apcupsd[10519]: apcupsd FATAL ERROR in linux-usb.c at line 609 Cannot find UPS device -- For a link to detailed USB trouble shooting information, please see <http://www.apcupsd.com/support.html>.
    Dec 13 15:12:34 Router daemon.err apcupsd[10519]: apcupsd error shutdown completed
    Dec 13 15:12:34 Router daemon.notice pppd[10652]: PAP authentication succeeded
    Dec 13 15:12:34 Router daemon.notice pppd[10652]: peer from calling number XX:XX:XX:XX:XX:XX authorized
    Dec 13 15:12:34 Router daemon.notice pppd[10652]: local  IP address X.X.X.X
    Dec 13 15:12:34 Router daemon.notice pppd[10652]: remote IP address X.X.X.X
    Dec 13 15:12:34 Router daemon.notice pppd[10652]: primary   DNS address X.X.X.X
    Dec 13 15:12:34 Router daemon.notice pppd[10652]: secondary DNS address X.X.X.X
    Dec 13 15:12:34 Router user.debug ip-up[10959]: 255: pptp peerdns disabled
    Dec 13 15:12:34 Router user.debug init[1]: 255: pptp peerdns disabled
    Dec 13 15:12:45 Router daemon.notice miniupnpd[11323]: version 2.0 started
    Dec 13 15:12:45 Router daemon.notice miniupnpd[11323]: HTTP listening on port 28903
    Dec 13 15:12:46 Router user.info kernel: tun: Universal TUN/TAP device driver, 1.6
    Dec 13 15:12:46 Router user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Dec 13 15:12:46 Router user.info kernel: device tun21 entered promiscuous mode
    Dec 13 15:12:46 Router daemon.notice openvpn[11338]: OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 31 2016
    Dec 13 15:12:46 Router daemon.notice openvpn[11338]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: Diffie-Hellman initialized with 2048 bit key
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: Socket Buffers: R=[114688->114688] S=[114688->114688]
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: TUN/TAP device tun21 opened
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: TUN/TAP TX queue length set to 100
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: /sbin/ifconfig tun21 192.168.1.65 pointopoint 192.168.1.66 mtu 1500
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: /sbin/route add -net 192.168.1.64 netmask 255.255.255.192 gw 192.168.1.66
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: UDPv4 link local (bound): [undef]
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: UDPv4 link remote: [undef]
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: MULTI: multi_init called, r=256 v=256
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: IFCONFIG POOL: base=192.168.1.68 size=14, ipv6=0
    Dec 13 15:12:47 Router daemon.notice openvpn[11342]: Initialization Sequence Completed
    Dec 13 15:12:55 Router user.info adblock: activated - 36341 entries
    Dec 13 15:12:55 Router user.debug init[1]: 255: pptp peerdns disabled
    Dec 13 15:13:00 Router user.info adblock: activated - 0 entries
    Dec 13 15:13:00 Router user.debug init[1]: 255: pptp peerdns disabled
    Dec 13 16:00:00 Router syslog.info root: -- MARK --
    
     
  34. free2share

    free2share Addicted to LI Member

    Shibby, Thanks for all your great work!

    Hi All,

    I finally switching to v138 after running v132 on Asus RT-AC66U. I wanted to see if anyone can clarify some MultiWAN setup.

    1. Is it possible to use a WAN connection and WiFi Client at the same time? I can get one or the other to work, but not both at the same time.

    2. Can the MultiWAN be used for bonding ISPs to get more throughput? 10/2+15/3=25/5?

    One problem I see, according to the tutorials, you have to add second WAN2 under VLAN. When I do Port4 binds to both WAN2 and LAN.

    Thanks in advance.
     

    Attached Files:

    Last edited: Dec 18, 2016
  35. Desolator

    Desolator Serious Server Member

    Due to the lack of updates of Tomato RAF I decided to switch to Tomato Shibby and installed the latest version (tomato-E2000-NVRAM60K-1.28.RT-MIPSR2-138-Max) on my Linksys E2000. So far so good, but there is one thing bothering me now. I cannot ping/ find/ Remote Desktop Connect my wireless devices in my home LAN. But I can ping, find and connect the wired devices. First I thougt it must be the AP Isolation and enabled it but no luck, changed it back to disabled and could ping for a few moments my wireless devices and then it stopped again... I'm out of options or did I miss something?
     
    Last edited: Dec 18, 2016
  36. uniextra

    uniextra Reformed Router Member

    Hi there, i hava a Xiaomi R1D, i know this router is supported by TOMATO by Shibby but i cant seam to find any tutorial on how flash it.

    Could anyone share this info with me?

    thanks!
     
  37. ambiance

    ambiance Serious Server Member

    All I want for Christmas is a working bandwidth monitor for PPPoE on MultiWAN.
     
    Rangaistus, Malakai and sigmaris like this.
  38. ilium007

    ilium007 Serious Server Member

    Any chance of seeing pkttype compiled into kernel for iptables in the near future ? Cheers

    Code:
    root@asus-rtac68u:/tmp/home/root# iptables -I INPUT -i br1 -m pkttype --pkt-type multicast --protocol igmp -j ACCEPT
    iptables: No chain/target/match by that name.
    root@asus-rtac68u:/tmp/home/root#
     
  39. koitsu

    koitsu Network Guru Member

    I see nothing immediately obvious about this rule that shows me that you actually need the pkttype module.

    You're matching against the INPUT chain, inbound interface br1, so can you tell me what's stopping you from using -d 224.0.0.0/4 instead of -m pkttype --pkt-type multicast ?

    The pkttype module's --pkt-type argument supports either unicast, broadcast, or multicast. The equivalents for the rule you've posted above should be something like this:

    unicast: -d {ipaddress}
    multicast: -d 224.0.0.0/4

    For broadcast, the situation is a bit more tricky. This could refer to 255.255.255.255 traffic, or (for sake of example) 192.168.1.255 traffic. Each of those would need to be a separate rule. The second form is tricky because there's no "short" or "easy way" to get or calculate the broadcast address from the shell. So, we end up with this:

    broadcast: -d 255.255.255.255
    broadcast: -d $(ip addr show dev br1 to {ipaddress-of-br1-interface} | awk '/ brd / { print $4 }')
     
  40. ilium007

    ilium007 Serious Server Member

    Ok, but instead of using equivalents why not just have the kernel module ?

    I was getting blocks on the broadcast traffic so I will give your suggestion a try. Thanks for that.
     
  41. ilium007

    ilium007 Serious Server Member

    These are the blocked packets:

    Code:
    Dec 21 18:02:26 asus-rtac68u kern.warn kernel: IPTables-Dropped: IN=br1 OUT= MAC=ff:ff:ff:ff:ff:ff:d0:33:11:e1:5b:74:08:00 SRC=192.168.99.16 DST=255.255.255.255 LEN=260 TOS=0x00 PREC=0x00 TTL=64 ID=20118 PROTO=UDP SPT=1901 DPT=1900 LEN=240
    I'll re-post in a new thread to save hijacking this one
     
    Last edited: Dec 21, 2016
  42. koitsu

    koitsu Network Guru Member

    Because all it does is add more potential bloat to the firmware for little-to-no gain. I have looked at the source of the iptables/netfilter module in question and while it's minor, it just becomes "another thing" that Tomato has to deal with.

    I will answer in the other thread.
     
  43. joksi

    joksi Serious Server Member

    1. It works here. Have you tried erasing NVRAM/factory restore after switch to v.138?

    2. No, MultiWAN is round-robin.

    This seem to be a bug in v.138 specifically (resetting VLAN port assignments). You have to run following command, reboot, and then you should be able to make your VLAN modifications.

    nvram set manual_boot_nv=1
    nvram commit
     
  44. gawd0wns

    gawd0wns LI Guru Member

    I just wanted to wish Shibby, all of those who have contributed to Tomato, and the Tomato community, happy holidays, and a happy new year.
     
  45. ambiance

    ambiance Serious Server Member

    Happy holidays indeed. You guys are the best!
     
    RichtigFalsch and William Clark like this.
  46. minos

    minos Serious Server Member

    Hey!
    I've found 1 little bug in my logs... about adblock feature :
    user.info adblock: [2] downloading blacklist - http://adaway.org/hosts.txt
    user.info adblock: ... [2] download error! Please check URL
    user.info adblock: [6] downloading blacklist - https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts
    user.info adblock: ... [6] download error! Please check URL

    I think this ablock has a problem with trying to download a file hosted on a HTTP"S" website... (first in this example is redirecting on a https...)
    No problem when trying with a browser like FFox
    Good luck!
     
  47. microchip

    microchip Serious Server Member

    You better report a bug. Shibby won't see it here. https://bitbucket.org/pl_shibby/tomato-arm/issues?status=new&status=open
     
  48. koitsu

    koitsu Network Guru Member

    You're running a TomatoUSB firmware that lacks TLS SNI support in Busybox wget for HTTPS. For Shibby, odds are you're using a version other than 138, which is when he introduced updated Busybox hence updated wget (proof of that), and yes I'm aware that most people run 132 because anything newer is buggy/weird -- this is a conundrum I cannot fix/solve for you. One workaround is to install wget from Entware-ng on a USB flash drive and then modify the adblock script to use /opt/bin/wget instead of wget (or change PATH in the script). Furthermore, http://adaway.org/hosts.txt redirects to https://adaway.org/hosts.txt. Full details of all this is here:

    http://www.linksysinfo.org/index.php?threads/script-adblock-not-so-lean.72290/page-2#post-277510 (and several follow-up posts)
    http://www.linksysinfo.org/index.php?threads/tomatousb-wget-command-broken-for-https-sites.72652/ (more authoritative)

    Proof of my statements (also demonstrating my fix in Busybox wget is functional; it's part of Busybox now):

    Code:
    root@gw:/tmp/home/root# wget 'http://adaway.org/hosts.txt'
    --2016-12-26 11:27:30--  http://adaway.org/hosts.txt
    Resolving adaway.org... 2400:cb00:2048:1::6818:6959, 2400:cb00:2048:1::6818:6859, 104.24.104.89, ...
    Connecting to adaway.org|2400:cb00:2048:1::6818:6959|:80... failed: Network is unreachable.
    Connecting to adaway.org|2400:cb00:2048:1::6818:6859|:80... failed: Network is unreachable.
    Connecting to adaway.org|104.24.104.89|:80... connected.
    HTTP request sent, awaiting response... 301 Moved Permanently
    Location: https://adaway.org/hosts.txt [following]
    --2016-12-26 11:27:30--  https://adaway.org/hosts.txt
    Connecting to adaway.org|104.24.104.89|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/plain]
    Saving to: 'hosts.txt'
    
    hosts.txt                            [ <=>                                                       ]  13.46K  --.-KB/s    in 0.01s
    
    2016-12-26 11:27:30 (1.36 MB/s) - 'hosts.txt' saved [13783]
    
    root@gw:/tmp/home/root# wget 'https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts'
    --2016-12-26 11:28:33--  https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts
    Resolving raw.githubusercontent.com... 151.101.40.133
    Connecting to raw.githubusercontent.com|151.101.40.133|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 3339 (3.3K) [text/plain]
    Saving to: 'hosts'
    
    hosts                            100%[==========================================================>]   3.26K  --.-KB/s    in 0.001s
    
    2016-12-26 11:28:34 (6.15 MB/s) - 'hosts' saved [3339/3339]
    
     
  49. minos

    minos Serious Server Member

    Thx all for answers.
    It's v138 inside
    MIPSR2-138 K26 Mini - on a Linksys e1000 v2.1
     
  50. koitsu

    koitsu Network Guru Member

    Then telnet into the router + issue the commands I did + provide output like I did (in a code block).

    Edit: ah, I forgot that I also have Entware-ng wget installed, and $PATH defaults to having /opt/bin first, so my examples were using GNU wget not Busybox wget. Here is what happens with Busybox wget (successful, just that the output is different):

    Code:
    root@gw:/tmp/home/root# /usr/bin/wget 'http://adaway.org/hosts.txt'
    Connecting to adaway.org (104.24.104.89:80)
    Connecting to adaway.org (104.24.105.89:443)
    hosts.txt            100% |***********************************************************************************| 13783   0:00:00 ETA
    
    root@gw:/tmp/home/root# /usr/bin/wget 'https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts'
    Connecting to raw.githubusercontent.com (151.101.40.133:443)
    hosts                100% |***********************************************************************************|  3339   0:00:00 ETA
    
    root@gw:/tmp/home/root# ls -l hosts*
    -rw-r--r--    1 root     root          3339 Dec 26 17:49 hosts
    -rw-r--r--    1 root     root         13783 Dec 26 17:49 hosts.txt
    
     
  51. se7six

    se7six Networkin' Nut Member

    Hello, everyone. I searched the forum to see if there was any mentioning of this but I didn't find anything. Does anyone know if shibby plans on creating a build for the new R7000P that was released recently? I just thought I would ask because I may be interested in grabbing one due to it having upgraded wireless components for longer range compared to the original R7000.

    Thanks!
     
  52. Stefano Regaglia Regaglia

    Stefano Regaglia Regaglia New Member Member

    Hello everyone,
    Just a question …
    I've connected to primary router (The R8000 with Tomato rel 137) a FRITZ extender (mod. 450E). From wireless connection no problem, both systems are connected but …
    - from any client on the LAN (wired or wireless) i'm able to ping/reach the exender, or client connected to the extender
    - router (R8000) is not able to ping the extender
    - client under the extender are not able to ping the router (R8000) but correctly ping all other client in LAN( wired/wireless)
    - client under the extender are not able to go to internet … because they are not able to reach the main router (R8000)

    Any suggestion …

    Thanks in advance to all
    Stefano
     
  53. eangulus

    eangulus Network Guru Member

  54. jazzme

    jazzme New Member Member

    Shibby, thank you very much for all your work.
     
  55. JTD121

    JTD121 Networkin' Nut Member

    Probably a dumb question, but I can't find a simple answer. is the Asus RT-AC66U B1 supported? Looks like it's a dual core CPU 'upgrade'. If there isn't a Tomato build the supports it correctly, I can just buy another RT-N66U :)
     
  56. RMerlin

    RMerlin Network Guru Member

    Currently not supported by Tomato, no.
     
  57. NineEyes

    NineEyes New Member Member

    I just upgraded my three RT-AC66U routers to Shibby v138 (from v132?) and erased the NVRAM while flashing. Like with v132, two of the routers start with only two available 5GHz channels (at 40MHz Channel Width) until I change the "Country /Region" from EU to the UNITED STATES - then there are 10 channels. The remaining router has two 5GHz channels no matter what I try.

    I suspect this third router has a hardware difference that the wireless driver (which appears to be unchanged from v132) isn't aware of. I would like to buy a 4th RT-AC66U but don't want one with this channel limitation. Is there a definitive thread discussing this issue and perhaps one that identifies the versions worth buying?
     
  58. compsman

    compsman Serious Server Member

    ever get PPPoE fixed for WAN Bandwidth?

    happy holidays
     
  59. RichtigFalsch

    RichtigFalsch Networkin' Nut Member


    Probably the router with just two channels is an revision A2 model (aka Revision 1.30).

    Did you try changing "wlX_country_rev" in NVRAM?
    I had to change mine manually for having more than two 5GHz channels. (It's an Netgear R7000, but it might help, though...)

    My current settings are:
    Code:
    wl0_country_code=DE
    wl0_country_rev=0
    wl_country_code=DE
    wl1_country_rev=13
    wl0_country=DE
    wl_country_rev=0
    wl1_country=DE
    wl1_country_code=DE
    
    (Where wl0 is 2,4GHz and wl1 is 5GHz).

    Too bad I got no idea what this number actually means, but I found it in DD-WRT forums and it's working :)

    Maybe this will do it for your an AC66U 1.30, too.
    Still you must be aware to not buy the aforementioned revision B1 (Revision 1.60), with not at all supported hardware (dual core cpu version).
     
    Last edited: Jan 1, 2017
    NanoG6, NineEyes and visceralpsyche like this.
  60. NineEyes

    NineEyes New Member Member

    RitchtigFalsch,

    This helped me. After setting each RT-AC66U to UNITED STATES on all 3 routers, the more agreeable two looked like this:

    Code:
    wl0_country_code=US
    wl0_country_rev=0
    wl_country_code=EU
    wl1_country_rev=0
    wl0_country=US
    wl_country_rev=0
    wl1_country=US
    wl1_country_code=US
    While the remainder whose 5GHz channel number did not increase with the EU->US change looked like this:

    Code:
    wl0_country_code=US
    wl0_country_rev=33
    wl_country_code=EU
    wl1_country_rev=33
    wl0_country=US
    wl_country_rev=33
    wl1_country=US
    wl1_country_code=US
    All I did was set the wl_country_rev, wl0_country_rev and wl1_country_rev to 0 and reboot and now this "rogue router" has as many 5GHz channels as the other two.

    Thank you!
     
    RichtigFalsch and NanoG6 like this.
  61. ambiance

    ambiance Serious Server Member

    Still crossing fingers.
     
  62. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    So we have broguht some light into this country_rev mystery. It really should be added into Tomato's locale settings, for having at least one working subset for each available region.
     
    NineEyes likes this.
  63. comego

    comego Network Newbie Member

    Hi, I'm looking to compile a recent "SD-VPN" version to use in 4MB MIPS2 routers (actually the WRT160N router from linksys).

    Currently all VPN versions of shibby are over 4MB and won't fit in the WRT160N and there's no SD-VPN for MIPS2.

    There are Toastman releases which "might" fit, but they use obsolete vpn packages (specially openvpn) and they are using ciphers that have been long deprecated and removed from recent openvpn versions, making them useless.

    My question is what is the difference between MiniVPN and SD-VPN and is there a way to fit a VPN version in a 4MB router ?
     
  64. Rangaistus

    Rangaistus Network Newbie Member

    has this bug been identified in the code? or are we waiting for shibby/someone to look into it?
     
  65. koitsu

    koitsu Network Guru Member

    Where are details of the problem? Looking through the reply references, I see nothing useful. If this is about Bandwidth Monitor graphs (i.e. rstats) or IP Traffic data (i.e. cstats) showing unexpected spikes on a WAN reconnection (reference), then there has been work done in Toastman firmwares for that (ref1, ref2) if you wish to help test it (the more eyes/users testing it, the better). If not, then it's a separate issue. Please clarify.

    Shibby maintains Shibby firmware. If he's unavailable or busy, then patience on the user's part is necessary.
     
  66. ambiance

    ambiance Serious Server Member

    Unknown.

    @koitsu I couldn't say what is technically wrong, but the problem started during the switch to MultiWAN. The IP traffic works fine, but the WAN traffic is blank.

    bw.png
     
  67. koitsu

    koitsu Network Guru Member

    @ambiance Yeah, different problem, 100% unrelated to what I linked/mentioned. Thanks for clarification!
     
  68. Rangaistus

    Rangaistus Network Newbie Member

    FYI-

    the problem was initially mentioned by @sigmaris:
    and then confirmed by @ambiance.

    i have not used v132, so i don't know the previous behavior. current behavior is:
    BW > Realtime - shows WAN1(ppp0), as well other interface WL (eth#), WL (wl0.1), br#, eth0, tun##, vlan#
    the graphs seem to work properly as far as i can tell

    BW > Last 24H - shows all previous interfaces except WAN1
    the graphs seem to work properly here as well

    BW > Daily, Weekly, Monthly provide no data.
    when backing up the data, i DL a 40 byte gz file. opening the compressed file shows a 2112 byte-sized file with the content:
    Code:
    RS01^@^@^@
    i assume ^@ is the null character. that is repeated for the remainder of the file.

    when saving to a custom path (USB device), i've noticed the same 40 byte-sized file. the timestamp of the file is updated every x hours per the configuration. however its content remains the same as the code section above.
     
  69. somms

    somms Network Guru Member

    [​IMG]

    Just wanted to stop by and post the above screenshot showing how stable OpenVPN connected locally from 192.168.1.125 has been under Shibby's last build on my R7000 gateway router hint: no interruption since late October!:)

    Now to patiently wait for an updated build incorporating latest OpenVPN 2.4.0!;)
     
    William Clark likes this.
  70. Tim Sudall

    Tim Sudall Connected Client Member

    I have 5ghz country set to USA or Singapore and WiFi to 80hz and only two channels are available to select. 36 and 149 (lower) or 48 and 156(higher)

    With country to UK or EU no 80mhz channels can be selected at all.

    More channels are available with 20 as 40mhz bands.

    I'm using the netgear R7000 with v138 and have tried erasing nvram twice.

    Any ideas?
     
  71. ruggerof

    ruggerof LI Guru Member

    Wifi channels availability depends on the country you set. Take a look at https://en.m.wikipedia.org/wiki/List_of_WLAN_channels for details.
     
  72. Tim Sudall

    Tim Sudall Connected Client Member

    Thanks. Yes I understand the limitations but that's not my issue. The problem is:

    EU=No 80mhz channels
    UK=No 80mhz channels
    USA/Singapore= Only 2 80mhz channels.

    By comparison these are the channels that should be available without license:
    UK= 36-64 Band A, 100-140 Band B (DFS)
    EU= Same as the UK except every other channel eg 36,40,44 etc

    Even for the USA and Singapore where I see only 2 channels available there should be:
    USA=36-165
    Singapore=36-48 & 52-165

    Having these selections when having Singapore/USA isn't correct.
    [​IMG]
    [​IMG]

    Nor is having these selections with UK/EU.
    [​IMG]
    [​IMG]

    I've had problems with tomato with my R7000 before but have always managed to get around them by selecting Singapore (which seems to be a common fix) but getting the channel selections right for each country really would be a help. There is a difference in EU from UK for example and right now only being able to select two channels with USA and Singapore seems like it could be a bug to me.
     
  73. Tim Sudall

    Tim Sudall Connected Client Member

    Strange findings, looks like Australia is the new Singapore:
    [​IMG]
     
  74. ruggerof

    ruggerof LI Guru Member

    AndreDVJ likes this.
  75. Tim Sudall

    Tim Sudall Connected Client Member

    It says 2 channels without DFS, 4-5 with. This means for the US only non DFS channels are offered which shouldn't be the case at all. It should include DFS channels also.

    Also doesn't change the problem of other countries where no channel options are available.

    It seems to me like there's just missing info when it comes to which channels should be included, whilst many countries are missing channels completly.
     
  76. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    You are seing what we just had talked about before:
    http://linksysinfo.org/index.php?threads/tomato-shibbys-releases.33858/page-74#post-283371

    It's like Tomato doesn't take care of country_rev, yet.
    There are more recent models of routers (from a certain srom version on), which seem to have different subregion tables then they had before, thus leading to a changed configuration of pci/x/1/regrev and by this a changed regrev/country_rev, which are said to be copied from pci/1/1/regrev and pci/2/1/regrev when doing a NVRAM reset.

    You have to change those NVRAM variables for the router giving you the legally available choice again.

    IMHO This urgently needs to be fixed, as it's cutting basic features if a wifi router.
     
    Last edited: Jan 4, 2017
    Tim Sudall likes this.
  77. PetervdM

    PetervdM Network Guru Member

    Tim Sudall likes this.
  78. Fab Five Freddy

    Fab Five Freddy Serious Server Member

    yeah, I read that post....

    I think you'd be an idiot to try that.

    Ever wonder why there's no "receive power" on your device? Because it's impossible. Your receive sensitivity is based on your antennae. You can blast your transmit power 3 blocks away, but can a device 2 houses away get BACK to your router? No...it is only broadcasting within its spec...so, all you're doing is creating more shitty noise for your neighbors when you start cranking up the transmit power....

    Try to be nice to your neighbors...if you think your area is infested with wifi interference now, wait until it triples with everyone blasting their crappy wifi signals from 4 houses/apartment buildings away....
     
    AndreDVJ, Tim Sudall and koitsu like this.
  79. Tim Sudall

    Tim Sudall Connected Client Member

    I agree, it really is a blow for me running 3 access points and being limited on channel choice. Right now i'm using Australia but the channel choices don't match up with UK regs.

    I've reported it as a bug, but I don't think anyone is going through the bug reports etc so I'm not sure how its gonna be fixed :( I wish I could do something. I love tomato and I've tried asuswrt+ddwrt before and this is the main setback to me :(
     
    RichtigFalsch likes this.
  80. AndreDVJ

    AndreDVJ Addicted to LI Member

    It's not a bug. The channel choices are imposed by the wireless driver, a binary blob supplied by Broadcom.

    Brazil is even worse, offering absolutely no option of channels when at 80Mhz, and the link speed gets significantly worse (540mbps with a TP-Link T9E adapter)

    upload_2017-1-5_13-28-21.png

    My "country of choice" is United States, where my adapter's link speed stays at 1Gbps. (30MB/s in practice).
     
  81. Tim Sudall

    Tim Sudall Connected Client Member


    So how is it going to be fixed? The same for Brazil as for UK, EU and Switzerland and I'm sure even more countries. Missing 80mhz completely. If it can't be fixed why does it work fine on AsusWRT for the R7000? I understand at least with private ddwrt builds one of their Devs has a license to the new driver but if so why is tomato different from official ddwrt builds or AsusWRT builds?
     
  82. koitsu

    koitsu Network Guru Member

    @RMerlin may be able to comment on this. I am willing to bet that this has to do with NVRAM variables changing/being different. Possibly some of the PCI or "weird" NVRAM variables (well, they look weird to me anyway) play a role here.

    P.S. -- Sitting around continually saying "So how it is going to be fixed?" in a public open-source project will get you the same answer: you fix it. Do the heavy-lifting, talk to relevant folks in the know (you just mentioned two other firmwares both of whom have authors, one managed by a commercial company), then submit patches along with a detailed write-up of the actual fix/why it works. That's just how the process works. Otherwise, if you aren't sure how to do that, lack the skill, familiarity, time, etc. then you must decide what you are going to do about it. Will you tolerate it? Will you switch to another firmware? Will you not use 80MHz? Only you can decide how you will deal with the situation.
     
    Mercjoe likes this.
  83. Tim Sudall

    Tim Sudall Connected Client Member

    Thanks, I don't mean to come across the wrong way. I simply asked because I want to help fix it. Not because I expect it to be fixed. I understand it seems to be down to a mismatch between the WiFi driver and calls made to each country in the firmware but what I don't understand is why this doesn't happen in both AsusWRT or DDWRT. Perhaps understanding why would help get to the bottom of the problem. If we can understand why this only happens on tomato then surely we're closer to finding a fix. I may not be a knowledgeable programmer but I have a little experience testing software and I will help the best I can if pointed in the right direction.

    I imagine the process of fixing this is a case of matching each country selected in the UI with a predefined list of available channels and power limits per channel? If there's a way I can research and provide the info to make this happen I can. Even having the list of countries in alphabetic order would be something useful.

    Alternatively is there just a way to unlock all channels and enter a manual power limit? The latter I know is possible already for transmit power.
     
  84. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    I think setting the other country related varibales to "Q2" (instead of e.g. "EU" or "US") is supposed to be something like a wildcard for channel selection. It should make all channels available, but at the cost of lower than usual transmit power. I don't know, for which firmwares this is actually working (didn't work good for me with Shibby's on R7000) and how this combines with the #a setting for revision (which didn't work our for my router either). Also it would make your router work at least partially outside legally allowed parameters for your country.
    I would like to contribute of course, but I'm pretty sure that I won't even manage understanding how at least github is working this life anymore. (And I also neither know if this repository here is any current, nor if it's of any use or working at all, or if it would need many other sources for building a working tomato firmware).
    Also their is a lack of information about what would be the right sub location revision for which region to work in FCC (or whatever) conforme parameters.

    The WiFi function depending on regional settings of course is no bug. But Tomato not being able to set all necessary regional variables for making every region offered through the UI functional on many supposedly supported router models, is a bug.
    From what I have seen, country_rev never is changed accordingly to the set region. So I think we would need two things:

    -The added functionality of not only setting wl0_country and the others, but also country_rev, when changing region in Advanced Wireless.
    -A table with correctly working parameters for country_rev for all available regions.
    I have been browsing through some of the sources and found that there actually is a database being created which is called "subregion table" IIRC, and many functions and exceptions which related to that subregion. But my very limited coding knowledge didn't enable me to finding which data is actually being written into that table for content, yet.
     
    Last edited: Jan 6, 2017
    Tim Sudall likes this.
  85. Tim Sudall

    Tim Sudall Connected Client Member

    If there is a way we could understand how to fill in the table and match country_rev and wl0_country it would be awesome. But how can we learn? How would you go about this? Does anyone have any idea?
     
  86. koitsu

    koitsu Network Guru Member

    The only person I know of who might know I asked for in post #7382. Please be patient (as in weeks).
     
    Tim Sudall and RichtigFalsch like this.
  87. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    Is it really confirmed at all, that RMerlin has WiFi channels and levels working correctly according to specifications on recently bought routers?
    I don't know, because I tried the R7000 port of RMerlin for just 5 minutes, but I didn't like the ASUS UI.
    The reason I'm asking is because I got the impression that by far the majority of users don't even know of the problem, as it only affects routers that shipped with more recent stock firmware (sromrev>=3). And most of those who actually faced the problem, seem to simply have gone and disabled region specific limitations, by using those #a or Q2 settings.
     
    Last edited: Jan 6, 2017
  88. koitsu

    koitsu Network Guru Member

    He's the one most familiar with the AsusWRT code, which in post #7381 the user said (as a firmware) "worked just fine". That is why asking him could be helpful.
     
  89. Tim Sudall

    Tim Sudall Connected Client Member

    I didn't have the same problem on AsusWRT. But there's no country selection in that firmware so as far as I'm aware it uses a different method to determine available channels. Maybe related to different hardware revisions?
     
  90. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    There is no country selection in ASUS UI, but at least for the R7000 there are scripts by XVortex for doing so. But they didn't have the desired effect on my R7000 for EU/DE region (only two 5GHz channels available after running the script on Tomato).

    Just a little info, about why I believe it's like I said before and to let you participate in some reated things I had found so far:

    I think it's all about that SROM thing.

    So, it seems logical, that regrev (which only eems to exist as country_rev in Tomato) is only of effect on more recent models.
    I wonder what the SROM actually is like. Is it a real physical ROM, added into the WiFi hardware? That's what this decription looks alike, but if there really was a slightly changed WiFi hardware in current models of our routers, wouldn't there have to be another type of WiFi IC in there? But from datasheets they are all same as the previous devices (e.g. BCM4709 for the R7000).

    Or is it more like a special reserved area on whatever kind of memory the router else got, alike CFE? This would at least explain, how it could be different without a change in hardware. (There even is a CFE modification tool for R7000, but again it wouldn't work for Tomato's territorial trouble ;) , when I used this).
     
    Last edited: Jan 6, 2017
  91. Rangaistus

    Rangaistus Network Newbie Member

    what's the procedure to contribute (submitting patches) to shibby?
     
  92. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    From what I have read earlier, I assume it's about like:
    First create your own account on github and create a fork of Shibby's(?) Tomato.
    Modify, build and test your own repo.
    Ask shibby for adding your changes to the original repo (whatever this means, in regards to github standard procedures)
     
  93. koitsu

    koitsu Network Guru Member

    I don't know, but classic patch files are universally applicable regardless of whose firmware you're using (i.e. Shibby, Toastman, Victek, etc. can all read them -- as can I). diff -ruN is tried and true for over 30 years. :)
     
  94. koitsu

    koitsu Network Guru Member

    Yes, that's my point -- AsusWRT almost certainly relies on these as well, thus, if AsusWRT works well for said user but Tomato doesn't, due to said NVRAM variables, then why not ask the person who knows the AsusWRT code better than any of us here?

    I could speculate on several levels what "SROM" does/represents, despite wireless not being my thing. Broadcom wireless chips are notorious for having a high amount of complexity and weird interfaces (as in how you interact with the chip) as well. Take a look at this for some details (you'll find SROM mentioned there too). It's complicated atop complicated.
     
    RichtigFalsch likes this.
  95. Edrikk

    Edrikk Network Guru Member

    RichtigFalsch likes this.
  96. marcus13

    marcus13 Networkin' Nut Member

    I have had an Asus RT-AC68U blown up by lightning and need to get another. I see we still can't run Tomato Shibby on the new revision C1... which makes me very sad. I have looked at the Netgear R7000/R8000 but they both look more painful to set up. People seem to think that the Asus router build quality is better, and there were many 'early failure' reports for the R7000 just after its warranty expired. I think my only option is the Asus RT-AC3200 if I'm in a hurry. I really only need the AC68 so it makes me sad to waste money on the AC3200 which will also waste more power (extra radios). AC3200 has dedicated hardware radio CPUs (ARM7) so may be faster, slightly.

    Can anyone confirm that there are no new hardware revisions of the Asus RT-AC3200 and that it's still safe to buy it to run Tomato Shibby?
     
  97. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    Yes, that's what had to come at that point, where I felt sufficiently confident about my assumptions and gathered information to make at least partially sense. I just feel to uninformed, disoriented and noobish, yet, for really bothering a dev with the specific details about things that possibly only exist in my imagination, so I am more like thinking out loud here, trying to find at least a little confirmation for my assumptions before I take that step (if at all).

    Interesting find. There are some things I will have to think about for some hours :)

    @Edrikk Thank you, I will read through this.
     
  98. koitsu

    koitsu Network Guru Member

    @Edrikk That code doesn't look very helpful. All it does is set NVRAM wl_country_code and wl_country_rev variables, based on contents of NVRAM variables country_code and country_rev, while populating a wlcountry_t struct that isn't really used anywhere else.

    On the OpenWRT side, all you get is a table of 4-digit country names that get used.

    The "deep knowledge" of what to do with all of these is within the driver itself, not wlconf.

    P.S. -- I love the DD-WRT project. It's 2017 and BrainSlayer gets a US$2000 donation, yet cannot even properly a) create an SSL certificate that has all the subjectAltNames for the sites using it, and b) afford a CA-signed cert (hint: for what he)... yet that's the SVN HTTPS endpoint? I could have a field day with the problems demonstrated here. Remarkable.
     
  99. RichtigFalsch

    RichtigFalsch Networkin' Nut Member

    You see why we would love to see Tomato great again? :)
    Tomato is our friend.
    Seing you around here, makes me think your plans on abandoning Tomato aren't accomplished, yet - for some good reasons for sure.

    I wonder how much we needed to donate, for getting Tomato a Broadcom relationship, like brainslayer has..
     
    Techie007 likes this.
  100. koitsu

    koitsu Network Guru Member

    This subject has been discussed before: 3rd-to-last paragraph (and also semi-related here post 101 to 106). There's another thread (I can't find it right now) where I also talk about the important reality that nobody ever seems to think of/mention: you can't just buy access to an SDK and "have magic happen". The person using the SDK has to understand the entire framework being used, the device being interacted with, and the code they're given access to. It helps to have very good documentation + support from the company directly. Effectively this becomes a full-time job.

    Tomato is a kind of "best-effort" hodge-podge open-source effort, done entirely by people who try to fit it in to spare cycles they have in life, or relating to where/how it involves them (ex. Toastman I think uses RT-N16s to help manage Internet access in an MDU (apartment building)). I'm sure I'm not the first person to say that if you turn an open-source project that's filled with contributions into a job -- i.e. something you HAVE to do, day in day out, to put food on the table -- the entire feeling changes (thus enjoyment/happiness often decreases). BrainSlayer is a very rare individual in this manner. I would, respectfully with my head bowed of course, recommend that people look at how many developers Tomato has had which have disappeared. It has a very strong track record of people working on it for several months, then disappearing. That's one of the downsides of open-source: it's only as good as the people who have the time/dedication to contribute, have the skill, and know (or can learn) the code. People in open-source burn out quick.

    I feel like I've had this conversation at least 5 different times. Hrm...
     

Share This Page