1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. ryzhov_al

    ryzhov_al Networkin' Nut Member

    Yes. The same flash layout, the same CFE bootloader. I used RT-N16 about two years.

    Other guys (I'm sure) will help. I'm not from Tomato dev camp, sorry.
     
  2. Bulmer

    Bulmer Reformed Router Member

    Sorry for reposting this, but I need to know if this behaviour is a bug with this release. Any ideas?

     
  3. Toastman

    Toastman Super Moderator Staff Member Member

    bulmer - 8754? I don't remember that one. Try the latest version.
     
  4. Toastman

    Toastman Super Moderator Staff Member Member

    March 27 2013 - 1.28.7502 and variants


    - fixed protocol sort on details page
    - removed "No Limit" from QOS rate/limit selection
    - reinstated advanced features to QOS/BWLimiter
    - added netfilter xt_string support
    see discussion at: http://www.linksysinfo.org/index.ph...ction-block-https-websites.45988/#post-197539
    - fix for dhcpv6 with prefix delegation
    see discussion at http://www.linksysinfo.org/index.php?threads/ipv6-and-comcast.38006/

    updates from shibby's branch

    - ntfs-3g release 2013.1.13
    - miniupnpd ver 1.8 (20130207)
    - busybox 1.20.2 update
    - LZO 2.0.6 and speed optimizations
    - OpenSSL assembler acceleration
    - OpenSSL update to 1.0.1c
    - Dnsmasq: update to 2.66TEST16 (thanks Kevin)

    And just FYI - I wanted to include updated OpenVPN but I cannot get it to compile in any stable manner, I will not trust it until the evil spirits are exorcised :eek:

    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
    noyp and beatnik like this.
  5. leshan

    leshan Network Guru Member

    Would you provide a link for this? I can't find the RT-N version for RT-N16. Shibby's RT-N are all for specific routers, no general verison.
    Toastman has all kinds of options to chose.
    I did very sample test by copy file large from a wired computer to a wirelessed computer. Routers are router F7D4301 and E3000 at. RT-N(5ghz) gave me best wireless speed.
     
  6. rhester72

    rhester72 Network Guru Member

    Any chance of seeing updated OpenVPN support? The latest release (claims to) offers full IPv6 support, though I've yet to get it working properly. One gotcha is that it appears some config options are deprecated (or don't work the way they used to), but it's pretty overdue for being freshened.

    Rodney
     
  7. eahm

    eahm LI Guru Member

    Please anyone double check the https block. It doesn't work for me. Thanks.
     
  8. koitsu

    koitsu Network Guru Member

    There isn't enough information in this line to diagnose what's "broken". You've provided no details, thus made a blanket statement. It's just as important that you understand it's only going to work if you're using a browser (or HTTP/HTTPS stack) that supports SNI. Older browsers like IE 6, 7, and 8 do not, and custom HTTP/HTTPS stacks might not either.

    I'll update my RT-N16 sometime over the next few weeks and poke at this to see if there's anything anomalous going on.
     
    eahm likes this.
  9. eahm

    eahm LI Guru Member

    koitsu, what's to understand here? Block facebook.com and https://facebook.com is not blocked. Do you really think I use IE6/7/8? I use Chrome 26, IE10.
     
  10. Mercjoe

    Mercjoe Network Guru Member

    Thank you for providing more information that can be used in diagnosing the issue.

    In fact, I have a computer that uses IE8 (kids XP machine) and it is nice to learn something new. Now I know why my restrictions placed on my kids computer did not work and why I ended up just blocking that machine from the internet totally. Thank you for the heads up Koitsu.
     
    eahm likes this.
  11. eahm

    eahm LI Guru Member

    Also, still not blocking websites if they have a case sensitive letter inside the domain name. Can anyone please double check this as well? Thanks.
     
  12. koitsu

    koitsu Network Guru Member

    I just upgraded; xt_string works perfectly fine.

    Code:
     
    root@gw:/tmp/home/root# nvram get os_version
    1.28.0502 MIPSR2Toastman-RT-N K26 USB Ext
     
    root@gw:/tmp/home/root# iptables -L FORWARD -n -v --line-numbers
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1        0    0 ACCEPT    all  --  br0    br0    0.0.0.0/0            0.0.0.0/0
    2        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
    3      241 12644 TCPMSS    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    4    5121 1395K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    5        0    0 wanin      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
    6      327 21406 wanout    all  --  *      vlan2  0.0.0.0/0            0.0.0.0/0
    7      327 21406 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0
    8        0    0 upnp      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
     
    root@gw:/tmp/home/root# iptables -I FORWARD 1 -m string --string "twitter.com" --algo bm -j REJECT
     
    root@gw:/tmp/home/root# iptables -L FORWARD -n -v --line-numbers
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1        0    0 REJECT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          STRING match "twitter.com" ALGO name bm TO 65535 reject-with icmp-port-unreachable
    2        0    0 ACCEPT    all  --  br0    br0    0.0.0.0/0            0.0.0.0/0
    3        0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
    4      249 13124 TCPMSS    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    5    5635 1441K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    6        0    0 wanin      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
    7      339 22158 wanout    all  --  *      vlan2  0.0.0.0/0            0.0.0.0/0
    8      339 22158 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0
    9        0    0 upnp      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
    
    At this point from a client machine (Windows XP SP3 running Firefox (which includes SNI)), I visited https://twitter.com/. I also did packet captures during this time, which confirmed the behaviour (outbound TCP packets containing the initial TLS request with the SNI header containing twitter.com were dropped before they had a chance to go out the WAN interface). During this time, the web browser (Firefox) sits there doing nothing, and is extremely confused as to what's going on (there's no visual indication of what's transpiring), which is because (indicated in my packet capture) I never received the ICMP port unreachable response from the router, which is a problem/bug. However, the packets are still blocked, which is the important part.

    After the above, note the iptables rules showing incrementing pkts/byte counters for the rule I added:

    Code:
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1        5  7500 REJECT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          STRING match "twitter.com" ALGO name bm TO 65535 reject-with icmp-port-unreachable
    2        0    0 ACCEPT    all  --  br0    br0    0.0.0.0/0            0.0.0.0/0
    3      10  400 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
    4      297 15876 TCPMSS    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    5    11972 1962K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    6        0    0 wanin      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
    7      615 41720 wanout    all  --  *      vlan2  0.0.0.0/0            0.0.0.0/0
    8      615 41720 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0
    9        0    0 upnp      all  --  vlan2  *      0.0.0.0/0            0.0.0.0/0
    
    There's not much else for me to say.

    Be aware, however, that blocking domains like this without working ICMP port unreachable responses, can often confuse browsers. Do not forget all the websites that may "tie in" to some resources like p.twitter.com and others, thus the browser will block (wait) indefinitely for a response it'll never get -- you'll see this as "strange delays/oddities" when visiting websites which you think have nothing to do with twitter but actually do. I'm just using twitter as an example; the same could be said for any site.
     
    eahm likes this.
  13. koitsu

    koitsu Network Guru Member

    This has already been discussed in another thread. You are welcome to talk to the EasyTomato folks about fixing it. Case-sensitivity is required at this time, as the official xt_string module that comes with netfilter is case-sensitive. I'm going to be brash/blunt: deal with it.
     
    eahm likes this.
  14. Elfew

    Elfew Network Guru Member

    Case-sensitivity bug fix, blocking of https websites fix are in the new beta of Victek build - it is working fine, please provide more info
     
  15. koitsu

    koitsu Network Guru Member

    Okay, things browser-side behave a bit better when using:

    Code:
    iptables -I FORWARD 1 -p tcp --string "twitter.com" --algo bm -j REJECT --reject-with tcp-reset
    
    And I did confirm that TCP RST is seen by the client via a packet capture; the browser sits there saying "Connected to twitter.com" but does nothing else (which is completely correct behaviour given how the SSL/TLS works and how TCP works). --dport 443 doesn't work correctly (possibly/probably because it's a FORWARD rule), meaning the packet never matches the rule if --dport 443 is used, but so be it -- others can figure out the nature of where such a rule should go for SSL.
     
  16. koitsu

    koitsu Network Guru Member

    Could someone point me to the commit log for that? I'd like to review it. Victek's builds don't appear to use http://repo.or.cz/w/tomato.git so I can't look for myself.
     
  17. jerrm

    jerrm Network Guru Member

    What rule is created if using the gui? Does it still use the old matching, or attempt to use xt_string?
     
  18. koitsu

    koitsu Network Guru Member

    The GUI still uses the existing Jonathan Zarate-written module (ipt_web). There is a ***LOT*** of work that has to go into things before xt_string could be made to work with the Access Restrictions GUI for website blocking reliably/correctly.
     
    eahm likes this.
  19. Toastman

    Toastman Super Moderator Staff Member Member

    Rodney, shibby has updated openvpn to 2.3.0 in his builds, and I just tried to add it to mine, but a lot of strange things happening when we try to compile it. Shibby's presumably works though, if u want to try it.
     
  20. eahm

    eahm LI Guru Member

    "My question".

    Already replied above.

    My bad I didn't know the GUI doesn't enable these new features.

    Thanks koitsu.
     
  21. jerrm

    jerrm Network Guru Member

    OK. Thought that was likely the case. A new FAQ "how to block https" entry might be warranted after things settle down.
     
  22. leshan

    leshan Network Guru Member

    Is there any hash code to verify the downloaded files? Thanks.
     
  23. Bulmer

    Bulmer Reformed Router Member

    Thanks Toastman. Actually it may have been a Teddy-Bear build :D.
    I think i've found the right Toastman version for my router (Asus WL-520GU) in "tomato-NDUSB-1.28.7633.3-Toastman-IPT-ND-Ext" . So even though the trailing version number is lower than the other one i'm replacing its actually a later, improved build? Just checking to make sure before I load it. Cheers.

     
  24. eahm

    eahm LI Guru Member

    Bulmer, the latest K24 is 7634.
     
  25. callous

    callous Network Guru Member

    hey hi, is there 5ghz support for the E3200 for this newest version?
     
  26. Bulmer

    Bulmer Reformed Router Member

    Thanks callous, but I can only find links to the 7633 builds on mediafire. Would you have a link for the latest 7634 ? Cheers.
     
  27. Mercjoe

    Mercjoe Network Guru Member

  28. Bulmer

    Bulmer Reformed Router Member

  29. Bulmer

    Bulmer Reformed Router Member

    Alas, I can't use the Ext or Std versions as they are too large for my Router (needs to be < 3.8mb). I also tried the Lite version, but I have grown to love the Samba Network Sharing features. I was really looking forward to sorting the OpenDNS updating problem out too..:(
     
  30. Toastman

    Toastman Super Moderator Staff Member Member

    7633.3 ?

    TIP - please don't use mediafire. I used it once or twice in emergencies, it's slwo and inconvenient for me to use to upload, so I still use 4shared.
     
  31. Bulmer

    Bulmer Reformed Router Member

    I would have to go 'Lite' with that build as well, as even the std version (with USB) is 3.9mb?
     
  32. Toastman

    Toastman Super Moderator Staff Member Member

    Time for better hardware, maybe...
     
  33. tmpid

    tmpid Networkin' Nut Member

    USB 3g modem won't connect after the update. Tried on two different routers. Downgrade to 7501 and 3g modem worked again. Thanks for the great work.
     
  34. kyrios

    kyrios Networkin' Nut Member

  35. Toastman

    Toastman Super Moderator Staff Member Member

    Until I'm sure of this I will probably revert recent changes. Anyone else? I can't test here.
     
  36. kthaddock

    kthaddock Network Guru Member

    There was a typo in shibbys build, have you same error in yours?
    openvpn missing file: ltmain.sh

    kthaddock
     
  37. gs44

    gs44 Networkin' Nut Member

    Hey Toastman,

    Running latest build here on E3000 and so far so good, From what I can test IPV6 is working good. My current ISP doesn't support native IPV6 yet, but does support IPV6 in the same style HE does with a 6to4 tunnel style. I have my E3000 set to 6to4 anycast relay and I pass IPV6 tests
     
  38. shibby20

    shibby20 Network Guru Member

  39. M_ars

    M_ars Network Guru Member

  40. koitsu

    koitsu Network Guru Member

  41. Toastman

    Toastman Super Moderator Staff Member Member

    Thanks Michal, I missed that one...
     
    Elfew likes this.
  42. Elfew

    Elfew Network Guru Member

    What about new updated version of openvpn? Still errors and no progress? Thank you...

    Toastman thank you for your work for community and for your new builds ;)
     
  43. kthaddock

    kthaddock Network Guru Member

    What are you talking about ? OpenVpn working just fine here server/client. 90% is config issuse.
    The most exciting now is 2.3.1 with Implemented PolarSSL.
     
  44. Elfew

    Elfew Network Guru Member

    I was talking about 2.3.1 - Toastman wrote, that he had some problems

     
  45. kthaddock

    kthaddock Network Guru Member

    Toastman talk about 2.3.0 compiling problem.
     
    Elfew likes this.
  46. RMerlin

    RMerlin Network Guru Member

    I didn't see anything really important in the 2.3.1 changelog myself.
     
  47. wittereus

    wittereus Network Guru Member

    I installed this version on my E4200. I use https for logging into the router. Seems https is broken. When i try to log in the website returns. "the website actively refused the connection".
     
  48. shibby20

    shibby20 Network Guru Member

    @Toastman and @RMerlin - are you able to compile sources using muticore CPU? I`m trying "-j4" and it`s working (100% load on all 4 CPU) but it`s stop on busybox :/
     
  49. Beast

    Beast Network Guru Member

    Hi
    Installed rmware v1.28.7502 MIPSR2Toastman-RT K26 USB VLAN-VPN and now getting this

    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1066]: [Beast] OK LOGIN: Client "192.168.1.1"
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP response: Client "192.168.1.1", "230 Login successful."
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP command: Client "192.168.1.1", "TYPE I"
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP response: Client "192.168.1.1", "200 Switching to Binary mode."
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP command: Client "192.168.1.1", "PASV"
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP response: Client "192.168.1.1", "227 Entering Passive Mode (192,168,1,1,110,134)."
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP command: Client "192.168.1.1", "STOR /gen"
    Apr 2 02:31:08 BeastNet ftp.info vsftpd[1068]: [Beast] FTP response: Client "192.168.1.1", "550 Permission denied."
    Apr 2 02:31:09 BeastNet daemon.info dnsmasq[588]: exiting on receipt of SIGTERM
    Apr 2 02:31:09 BeastNet daemon.info dnsmasq[1082]: started, version UNKNOWN cachesize 8192

    Note the "550 Permission denied" and "UNKNOWN" <--- should show the pixel server version number.

    should I revert back to v1.28.7501 ???
     
  50. alfred

    alfred Addicted to LI Member

    @ Beast:

    I can confirm that with N16 - 7502-RT-VPN-NOCAT, I also got the msg: "550 Permission denied".
    The issue is gone after I reverted it back to 0501.3.

    edit: I think I made the conclusion too early while only was tested within LAN. I'll confirm it again.
     
  51. Toastman

    Toastman Super Moderator Staff Member Member

    shibby, yes. I use a Sandybridge 4.2 GHz 4 core 8 thread chip with Mint,. it's OK here, I think. I'll recheck later with busybox.

    EDIT - no, it barfs at busybox too. With no -j option it uses all threads approx. 25% to 60%

    Normally I can use -j12 but this time it gets a bit further:


     
  52. shibby20

    shibby20 Network Guru Member

    ehm :/ Not good. This will speed-up compilation 4 times :/ Thanks for testing.
     
  53. koitsu

    koitsu Network Guru Member

    No. dnsmasq has said this for a very, very long time. There is nothing to worry about. Please do not become OCD about it. :)
     
  54. alfred

    alfred Addicted to LI Member

    About FTP "550 Permission denied" issue:

    I have tested:
    tomato-K26USB-1.28.0502MIPSR2Toastman-RT-N-VPN
    tomato-K26USB-1.28.7502MIPSR2Toastman-RT-VPN-NOCAT
    both got "550 Permission denied" issue.

    After reverting back to
    tomato-K26USB-1.28.0501.3MIPSR2Toastman-RT-N-VPN.trx
    then it works fine.
     
  55. lancethepants

    lancethepants Network Guru Member

    I know some applications just won't work in parallel build. OpenSSL is one that will barf every time, even with just -j2. I've always thought it be cool to do parallel builds with Tomato, I hope you're able to iron out the bugs.
     
  56. Beast

    Beast Network Guru Member

    Hi
    RT-N16 Router
    No panic just shareing..
    Here is the same stuff just before the update from 501.3

    Mar 11 21:28:17 BeastNet ftp.info vsftpd[1421]: [Beast] FTP command: Client "192.168.1.1", "STOR /gen"
    Mar 11 21:28:17 BeastNet ftp.info vsftpd[1421]: [Beast] FTP response: Client "192.168.1.1", "150 Ok to send data."
    Mar 11 21:28:17 BeastNet ftp.info vsftpd[1421]: [Beast] OK UPLOAD: Client "192.168.1.1", "/gen", 426938 bytes, 10320.86Kbyte/sec
    Mar 11 21:28:17 BeastNet ftp.info vsftpd[1421]: [Beast] FTP response: Client "192.168.1.1", "226 Transfer complete."
    Mar 11 21:28:17 BeastNet ftp.info vsftpd[1421]: [Beast] FTP command: Client "192.168.1.1", "QUIT"
    Mar 11 21:28:17 BeastNet ftp.info vsftpd[1421]: [Beast] FTP response: Client "192.168.1.1", "221 Goodbye."
    Mar 11 21:28:18 BeastNet daemon.info dnsmasq[921]: exiting on receipt of SIGTERM
    Mar 11 21:28:19 BeastNet daemon.info dnsmasq[1435]: started, version 2.61 cachesize 8192

    All was well, upload fine and version # fine.
     
  57. RMerlin

    RMerlin Network Guru Member

    No. Quite a few parts aren't really able to handle multithreaded building, and I'm not really an expert into build systems so I'm not sure where I would begin if I wanted to fix it. One thing I might try however is to just make the Samba code compile with -j4, since it`s the longest one. Maybe that would work, and shave a few mins from build time.

    I do build multiple firmwares at the same time however. I have an Hyperthreaded quad-core CPU (so, 8 threads total - 6 are allocated to the VM). I have three separate source trees, for all three routers I support. I do all my work in one, and simply pull them from git in the two other directories when I'm ready to build all three firmwares. I just issue a "make" in all three through three SSH sessions, so within half an hour, I have three firmwares ready.

    I did experiment with cccache a few months ago. While it worked great when building Android, I didn't get much luck getting it to build the whole router firmware.
     
  58. shibby20

    shibby20 Network Guru Member

    @lancethepants you have right. Busybox is compiling correct. Next package to compile is httpd with openssl as depend! Openssl wont compile with -jX. We have to figure out how to compile openssl without -jX and all others with this option and we are home :)
     
  59. shibby20

    shibby20 Network Guru Member

    The biggest part to compile is kernel. We should be able to compile bzimage and modules with multicore on. This should be easy.
     
  60. RMerlin

    RMerlin Network Guru Member

    Ya, multithreaded kernel build should be doable, unless our build enviro tinkered with the kernel build system. I'll have a look on my end.

    EDIT: Seems too easy. I modified release/src-rt/Makefile. There's a kernel: rule in there - changed it to use -j6. So far a test kernel build is working fine, with 6 threads running. Will try a full FW build later on to ensure it does not interfere with anything else.
     
  61. RMerlin

    RMerlin Network Guru Member

    A few numbers:

    Code:
     > time make kernel
     
    Default:
    real    5m41.871s
    user    5m12.264s
    sys     0m25.462s
    
    
    -j6:
    real    1m30.575s
    user    7m29.244s
    sys     0m34.170s
    
    (this is veering a bit off-topic tho, maybe shibby20 wants to start a new thread dedicated to optimizing the build process in general?)
     
  62. oscarjia

    oscarjia Reformed Router Member

    this is a great fw! Just want to say thank you to Toastman!
     
  63. bagu

    bagu Network Guru Member

    Hello,

    Cool, but where can we find 1.28.7502 variant ?
    On 4shared, i get "access denied" when i try to go in the folder.

    My RT-N16 wait your answer ;)

    Thanks

    Note : maybe it's 1.28.7502 STD - BETA STATUS ? but i'm not sure
     
  64. Toastman

    Toastman Super Moderator Staff Member Member

    April 2 2013 - 1.28.7502.1 and variants

    updates from shibby's branch
    - OpenVPN update to 2.3.0
    - Fix lzo/openvpn compilation (impacts openVPN and openSSL)
    - add missed commit for 3g modem

    - Update to dnsmasq v2.66rc3 (thanks Kevin)


    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
    Samuelheng and eahm like this.
  65. bagu

    bagu Network Guru Member

    1.28.7502.1 : As soon as https is enable, web access stop working.

    Https disable on remote access, router is asus RT-N16
     
  66. Toastman

    Toastman Super Moderator Staff Member Member

    thanks bagu

    ssl broken?
     
  67. Beast

    Beast Network Guru Member

    I know minor stuff, but....

    Apr 3 00:30:12 BeastNet ftp.info vsftpd[1070]: [Beast] FTP response: Client "192.168.1.1", "550 Permission denied."
    Apr 3 00:30:13 BeastNet daemon.info dnsmasq[573]: exiting on receipt of SIGTERM
    Apr 3 00:30:14 BeastNet daemon.info dnsmasq[1084]: started, version 2.66rc3 cachesize 8192

    Still 550 permission denied, but dnsmasq version now ok. RT-N16 FW 502.1
     
  68. shibby20

    shibby20 Network Guru Member

  69. Goggy

    Goggy Network Guru Member

    As a workaround put
    Code:
    download_enable=yes
    write_enable=yes
    in the Custom Configuration of vsftpd ...
     
  70. Beast

    Beast Network Guru Member

    Thanks very much, that fixed it for now.
    Is the failure do to some compile options of the FTP sever?
     
  71. vincentb

    vincentb Reformed Router Member

    Should the OpenVPN client & server be able to run at the same time?

    When I run the client, my server becomes unreachable from "outside". However, I can still connect from inside my LAN.
    As soon as I stop the client, the server becomes available from the internet again.
     
  72. anthonws

    anthonws Reformed Router Member

    Any performance improvements using this new release? Just looked at the revision history and it only seemed to contain bug fixes (http://www.tuxera.com/community/release-history/).

    Thanks,
    anthonws.
     
  73. koitsu

    koitsu Network Guru Member

    You should ask the NTFS-3G folks that question -- it's their software.
     
  74. gfunkdave

    gfunkdave LI Guru Member

    Yes, they're independent. I run a couple routers with client and server going at once.
     
  75. eahm

    eahm LI Guru Member

    I went back to 0501.3 for now (tomato-K26-NVRAM64K-1.28.0501.3MIPSR2Toastman-RT-N-VLAN-Std).

    I've tested the BW Limiter with 0502.1, set a limit on br1 and the router became unstable, I was no longer able to access the web admin page and the network was keeping going off and on. I had to reset it, flash 0501.3 with asus firmware restoration and clear the nvram to get it back polished like it was.

    I'm sure it's nothing to worry about, I will do more testing tomorrow.
     
  76. Toastman

    Toastman Super Moderator Staff Member Member

  77. Frank007

    Frank007 Reformed Router Member

    Hello,

    I installed "tomato-WRT54GS-1.28.7634Toastman-IPT-ND-VPN.bin" over Shibby (selecting clear NVRAM option) on my WRT54GS.

    I would like to setup a PPTP server but my options in the "VPN Tuneling" menu are "OpenVPN Server", "OpenVPN Client" and "PPTP Client" there is not "PPTP Server" or "PPTP Online". Is it normal behavior for this release or I should I check in another menu to activate the "PPTP Server" ?

    Thank You.
     
  78. gfunkdave

    gfunkdave LI Guru Member

    There is no PPTP server in Toastman's MIPSR1 builds. You'll need to get a newer router that uses the MIPSR2 instruction set. For your current router, try a Shibbby build - he may have PPTP server.
     
  79. Frank007

    Frank007 Reformed Router Member

    Thank You for the prompt answer. Yes, Shibby has PPTP support for this router. I wanted to give a try to Toastman since I had some problem with Shibby QOS.

    I will give a try to OpenVPN instead of PPTP.
     
  80. eahm

    eahm LI Guru Member

    I have to say it, the bw limiter os 0502.1 is broken. I tested again and it gave me the same problem. Everything is good with 0501.3, same test was done to both firmware (simple limit one IP).
     
    MGP likes this.
  81. bagu

    bagu Network Guru Member

    I revert back to tomato-K26USB-1.28.7501.3MIPSR2Toastman-RT-Ext.
    https don't work. After a random time (12-24h) the router become unstable with poor quality line.
    After flash 7501.3 everything work fine (since 72h)

    I use an asus RT-N16
     
  82. Monk E. Boy

    Monk E. Boy Network Guru Member

    What does "poor quality line" mean? Was your wireless interference level listed as poor? You had high packet loss?
     
    mito likes this.
  83. bagu

    bagu Network Guru Member

    Sorry, i search the english words to describe that ^^

    Hum there are many problemes :
    high packet loss on wifi
    slow rate between lan and wan/lan/wifi

    for example 512ko/s bewtween two lan port gigabyte wired.
    And if i reboot the router, i get 80-90Mo/s

    Since i revert back to tomato-K26USB-1.28.7501.3MIPSR2Toastman-RT-Ext i have no packet loss and constant speed between lan/wan/wifi
     
  84. kyrios

    kyrios Networkin' Nut Member

    I use 1.28.502.1 RT-N VLAN-Lite (4.25MB) on my RT-N16.
    I do not need VPN, Tor, Nocat, IPV6, etc.

    No problem so far, rock solid. I do not activate https for Admin Access, btw.
     
  85. SNR

    SNR Networkin' Nut Member

    This is my experience as well. As soon as I enabled stuff on that page the router started crashing. Didn't try the previous build like you did. Eventually had to switch to Shibby's mod to use the B/W limiter. No problems with crashing there, but that mod sets the default class for br0 to prio 3 "Low", with no ability in the GUI to choose another priority. So I ended up switching to Merlin's mod of AsusWRT, which (apparently) allows me to select whatever priority I want. Though I'm not that crazy about the Asus theme. :rolleyes:
     
    eahm likes this.
  86. Dr Strangelove

    Dr Strangelove Addicted to LI Member

    Using 1.28.0502.1 RT-N-VLAN-VPN on my Linksys(Belkin) E4200v1

    I mainly use NAS access over Gbit Eth and Wi-Fi with a bit of mobile phone inbound PPTP and OpenVPN in a home environment. ADSL2+ Internet access over attached modem.

    I also note a VERY low Gbit Eth throughput to my NAS via Linksys E4200v1 on 1.28.0502.1 RT-N-VLAN-VPN.
    Have benchmark the access to my NAS via E4200v1 to my Desktop Gbit Eth over the years and in the past Win8 FTP would download at ~600Mbits on an old PCI Gbit card. Now it's only doing ~350Mbits.

    No problems noted thus far...(now brain is engaged)
     
  87. koitsu

    koitsu Network Guru Member

    What you're claiming is that the switching fabric is somehow impacted in some manner by a firmware upgrade. This seems very unlikely, but it's easy to test: remove the E4200v1 from the picture and redo the test multiple times (3 or 4 in a row).

    You can see my throughput rates on my network, testing FTP as well as CIFS/SMB, while shoving packets through a RT-N16 here: http://www.broadbandreports.com/forum/r27618714-Disk-Transfer-Speeds
     
  88. raixer

    raixer Reformed Router Member

    Greetings,
    I recently bought a RT-N66R. I am looking to install a tomato firmware because the Asus firmware is a bit limited in terms of QoS. I am wondering which tomato variant is better for QoS and stability. So far the Asus firmware has been really stable and I wouldn't like to hurt its reliability.

    I found that Shibby and Toastman were the most popular so which do you recommend?
    Since Toastman has a really nice QoS tutorial I thought his firmware would be better for QoS but I don't know how reliable it is.

    Finally I would like to know which is the right procedure to installing the firmware. From what I have read I know there was an issue in the past about the NVRAM size. I dunno what is the status about it to this day.

    Thanks

    PD: I only use 2.4Ghz radio and 1 guest SSID in the same band. I also use QoS, DHCP and NAT. I would like to assign VLANs per port if possible and better Traffic statistics. I don't use anything else, nor even USB ports.

    I would like to also add that my Internet connection is 10Mbps download and 1Mbps upload. I have a home server for VPN, NAS, iTunes Home Sharing (for streaming videos to other pcs) and other stuff. So I wouldn't like to hurt the intra-network performance either.
     
  89. Dr Strangelove

    Dr Strangelove Addicted to LI Member

    Oh crap. Yes you did read right and you're very kind in wording your response. I'd like to think I had an excuse for whatever it was I was thinking.. but I can't even think of one. As punishment, I did directly connect to my NAS and the same PC desktop box. All partitions, WinXP, Win7(dev and Prod) and Win8 all report slow FTP get rates...
    So nothing to do with Tomato firmware... my bad. :oops:
    Thank you Koitsu for I/O info.
     
  90. Monk E. Boy

    Monk E. Boy Network Guru Member

    You probably know this already, but there is no difference beside exterior packaging between an RT-N66U and an RT-N66R. Just in case you're ever pausing because nobody mentions N66Rs anywhere, don't worry about it, just treat it as an N66U - in other words N66R hardware reports itself as an N66U.

    I'm running Toastman builds on my N66Us, and they've been running for months without a hiccup or problem. I've read about a lot of people who are running Shibby. Each have their fans, but underneath the hood they're very similar, I run Toastman mainly because I need stability under the worst of conditions and highest loads. Shibby tends to implement features faster and more often, while Toastman usually hangs back and implements a bunch of features at once after everyone else has sorted through the worst of the problems. On the other hand Shibby's changes can fix bugs, so it's really a matter of getting comfortable with how each does things and deciding for yourself which you like.

    N66Us are capable of 64K of NVRAM however the firmware that ships with the router isn't capable of addressing all the NVRAM space. Even flashing from ASUS to Tomato won't overcome this limitation, it's in the "bootloader" which is a special part of the firmware that loads before Asus or Tomato. That being said, you can use the special 60K firmwares with the N66U as they're designed to work within the limitations of the existing bootloader. There is an updated bootloader that removes the 32K/60K limitation, but it's rather tricky to flash onto the device and you run a risk of making the router non-functional if the update doesn't go smoothly. So you can go with either 32K or 60K firmware, but not a 64K firmware. Note that if you did re-flash your bootloader with the update, the router will NOT work with a 32K/60K firmware, you have to use a 64K firmware.

    I do recommend reading through the QoS tutorial and everything else you can read on QoS because you're going to want to understand how it works and how to customize it for your particular priorities.

    If you want better statistics you'll probably want to get a USB flash drive and hang it off one of the USB ports. I buy tiny little 8GB laptop thumb drives, the ones that are tiny little nubs, for under $10 and it provides gobs of space for the router. You just want to save off your logs and statistics and related data to someplace where they won't get lost between reboots and can grow and grow and grow and grow without any fear of overflowing available space.

    And remember, if you end up liking Tomato, be sure to donate to the authors and contributors and maintainers! There's a link at the top of the forum. My name isn't up there, I'm just recommending this as a satisfied user.
     
    raixer, mito and mvsgeek like this.
  91. mito

    mito Network Guru Member

    Monk, you got my like @ 1784 :)
     
  92. raixer

    raixer Reformed Router Member

    Awesome! Thanks so much for your reply. One question: What is the advantage of running with 64k NVRAM?
     
  93. koitsu

    koitsu Network Guru Member

    You have more NVRAM available for variables/configuration settings/etc.. That's all.
     
  94. raixer

    raixer Reformed Router Member

    I executed this command in my router strings /dev/mtd0ro | grep bl_version
    and it says I got 1.0.1.3 even tho I only have Asus firmware.

    Does this means I should use Toastmans NVRAM 64k firmware?
     
  95. koitsu

    koitsu Network Guru Member

    Where did you come up with that command?

    How about dmesg | grep -A 6 MTD instead?

    If you don't care to fight/deal with this/risk it, use a non-60KB/non-64KB firmware and be done with it. I think you're getting a bit OCD about this. :)
     
  96. ryzhov_al

    ryzhov_al Networkin' Nut Member

    Mine:)
    That's the only True™ way to find which CFE version is.
     
  97. raixer

    raixer Reformed Router Member

    I already flashed it with Toastman VLAN NVRAM 64K firmware without problems. I am glad that new models come with 64K CFE already :)
     
  98. koitsu

    koitsu Network Guru Member

    Thank you.
     
  99. koitsu

    koitsu Network Guru Member

    I trust ryzhov_al's instructions/recommendations, but what you need to be aware of is the fact that if there is a problem (CFE not supporting 64KB, for example), you won't know it until you exceed 32768 bytes of NVRAM actively used/committed; think "ticking time bomb".
     
  100. raixer

    raixer Reformed Router Member

    Who is being OCD now? ;)

    Ops.. well my NVRAM has 42K left.

    Btw, before actually installing Tomato I installed RMerlin's firmware for a brief moment to be sure I had 64K and it did show 64K in the info.
     

Share This Page