1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. RMerlin

    RMerlin Network Guru Member

    That doesn't mean anything. Asuswrt and Asuswrt-Merlin both modify the nvram marker to use the whole 64 KB - that does not mean that the bootloader properly initializes the 64 KB. This is a firmware-level workaround to the issue.
     
  2. raixer

    raixer Reformed Router Member

    so what you are both trying to say is that even though my router came with CFE v1.0.1.3 I should use a 32K firmware? I am just concerned because DD-WRT says that if I have this version I risk bricking my router if I install a 32K firmware.
     
  3. raixer

    raixer Reformed Router Member

  4. koitsu

    koitsu Network Guru Member

    You will not brick your router by using a firmware that's "limited" to 32KB. All that will happen is that you won't be able to use the upper 32KB. This is not a DD-WRT forum; what they may have done is different.
     
  5. 4char

    4char Network Guru Member

    From what I understand from here, if you have bootloader version 1.0.1.3, you should be able to use 64K nvram.
     
  6. noyp

    noyp Network Guru Member

    hi toastman,

    any chance of xt_string support for E900 ?

    thanks,
    noyp


    my bad, didnt read the changelog it is supported in 1.28.0502.1 version
     
  7. noyp

    noyp Network Guru Member

    hi koitsu,
    any idea how to exclude certain mac's or ip's in xt_string https blocking ? can it be done in iptables.

    thanks,
    noyp
     
  8. koitsu

    koitsu Network Guru Member

    For IP addresses -- sure, you add a relevant iptables rule that precedes the xt_string block rule, and instead uses -j ALLOW to permit traffic.

    For MAC addresses -- not do-able because iptables != ebtables. xt_string is an iptables feature.
     
  9. noyp

    noyp Network Guru Member

    hi koitsu,
    i tried this line "iptables -I FORWARD 1 -s x.x.x.x -j ALLOW" and i got an error "iptables v1.3.8: Couldn't load target `ALLOW':File not found
    " as you know im not familiar with iptables thing.
     
  10. kthaddock

    kthaddock Network Guru Member

    Try with "ACCEPT"

     
  11. noyp

    noyp Network Guru Member

    hi kthaddock,

    i tried with accept and it went through but the ip address is still being blocked by xt-string https restriction. i put the accept line ahead of the xt_string line
     
  12. kthaddock

    kthaddock Network Guru Member

    What rule block your adress ? maby you have to split rule in two to get it working.
    I dont know how your block rule are configured.

    kthaddock
     
  13. noyp

    noyp Network Guru Member

    all are in FORWARD chain,

    my ip address exclusion - line 1
    iptables -I FORWARD 1 -s 192.168.1.55 -j ACCEpT

    my https xt_string blockings - line 2
    iptables -I FORWARD 1 -m string --string "facebook.com" --algo bm -j REJECT
     
  14. koitsu

    koitsu Network Guru Member

    Please provide full output from iptables -L -n -v --line-numbers, with the exclusion added, and be sure to enclose it inside of a code block so the formatting gets retained. Please do not hide/edit/change any of the information in the output.

    My guess for the reason is that the source address is not going to match due to its placement in the FORWARD chain. Possibly destination (-d) is what to use.

    I find iptables' "mystery chains" and "mystery tables" to be confusing to the point where I have no idea what the state of the packet is in each chain.
     
  15. noyp

    noyp Network Guru Member

    seems that code tag doesnt work for me,
    anyhow the order in the FORWARD chains is exclusion line then the xt_string https blocking line. tried with -d, still the exluded ip is blocked.

    also tried
    iptables -I FORWARD 1 -s 192.168.1.155 -m string --string "facebook.com" --algo bm -j ACCEPT before
    iptables -I FORWARD 2 -m string --string "facebook.com" --algo bm -j REJECT, same result as the first one.
     
  16. koitsu

    koitsu Network Guru Member

    The code tag should work just fine for you -- it's in block brackets, not HTML brackets. I can't show you which ones to use for obvious reasons. There's an icon above the text input area here on the forum for it too, it looks like a little "{}#" series of characters.

    I was able to confirm that using -s for the source address does work. So there may be other rules/things you've added/messed around with which we cannot see because you haven't provided the iptables output I asked for. Below is hard evidence/proof, and cannot be argued with, I'm sorry to say.

    First, how I verified that source address matching works:

    Code:
    root@gw:/tmp/home/root# iptables -I FORWARD 1 -p tcp --dport 443 -m string --string "facebook.com" --algo bm --to 2048 -j LOG
    root@gw:/tmp/home/root# iptables -L FORWARD -n -v --line-numbers
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1        0    0 LOG        tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:443 STRING match "facebook.com" ALGO name bm TO 2048 LOG flags 0 level 4
    ...
    
    What this does is cause packets which match said criteria to get logged (not dropped or anything else, just logged to the kernel log). I then visited https://facebook.com/ from my workstation (192.168.1.50) and then checked the kernel log (dmesg):

    Code:
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=173.252.73.52 LEN=693 TOS=0x00 PREC=0x00 TTL=63 ID=33946 DF PROTO=TCP SPT=1063 DPT=80 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=173.252.73.52 LEN=633 TOS=0x00 PREC=0x00 TTL=63 ID=34020 DF PROTO=TCP SPT=1070 DPT=80 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=96.17.148.121 LEN=553 TOS=0x00 PREC=0x00 TTL=63 ID=34197 DF PROTO=TCP SPT=1079 DPT=80 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=96.17.148.121 LEN=554 TOS=0x00 PREC=0x00 TTL=63 ID=34206 DF PROTO=TCP SPT=1081 DPT=80 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=96.17.148.121 LEN=546 TOS=0x00 PREC=0x00 TTL=63 ID=34215 DF PROTO=TCP SPT=1082 DPT=80 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=96.17.148.121 LEN=558 TOS=0x00 PREC=0x00 TTL=63 ID=34227 DF PROTO=TCP SPT=1085 DPT=80 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=173.252.73.52 LEN=445 TOS=0x00 PREC=0x00 TTL=63 ID=34455 DF PROTO=TCP SPT=1096 DPT=443 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    IN=br0 OUT=vlan2 SRC=192.168.1.50 DST=173.252.73.52 LEN=449 TOS=0x00 PREC=0x00 TTL=63 ID=34468 DF PROTO=TCP SPT=1097 DPT=443 WINDOW=40150 RES=0x00 ACK PSH URGP=0
    
    You can clearly see here the source address being 192.168.1.50.

    I then deleted that rule, and started over:

    1. One that permits traffic for 192.168.1.186 (a different workstation on my LAN), i.e. this will cause the next rule never to be hit for that workstation,
    2. One that blocks HTTPS stuff for everyone.

    Code:
    root@gw:/tmp/home/root# iptables -D FORWARD 1
    root@gw:/tmp/home/root# iptables -I FORWARD 1 -s 192.168.1.186 -p tcp --dport 443 -j ACCEPT
    root@gw:/tmp/home/root# iptables -I FORWARD 2 -p tcp --dport 443 -m string --string "facebook.com" --algo bm --to 2048 -j REJECT --reject-with tcp-reset
    
    And this is what we see:

    Code:
    root@gw:/tmp/home/root# iptables -L FORWARD -n -v --line-numbers
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1        0    0 ACCEPT    tcp  --  *      *      192.168.1.186        0.0.0.0/0          tcp dpt:443
    2        0    0 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:443 STRING match "facebook.com" ALGO name bm TO 2048 reject-with tcp-reset
    ...
    
    Then I attempted to visit https://facebook.com/ on my 192.168.1.50 workstation and found that it was being blocked (browser immediately said connection was reset). Verification is in the pkts/bytes counters increasing for rule 2:

    Code:
    root@gw:/tmp/home/root# iptables -L FORWARD -n -v --line-numbers
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1        0    0 ACCEPT    tcp  --  *      *      192.168.1.186        0.0.0.0/0          tcp dpt:443
    2      12  5156 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:443 STRING match "facebook.com" ALGO name bm TO 2048 reject-with tcp-reset
    ...
    
    And then attempted to visit https://facebook.com/ on 192.168.1.186, which worked, and is also verified by the pkts/bytes counters increasing for rule 1:

    Code:
    root@gw:/tmp/home/root# iptables -L FORWARD -n -v --line-numbers
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num  pkts bytes target    prot opt in    out    source              destination
    1      266 24346 ACCEPT    tcp  --  *      *      192.168.1.186        0.0.0.0/0          tcp dpt:443
    2      12  5156 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:443 STRING match "facebook.com" ALGO name bm TO 2048 reject-with tcp-reset
    ...
    
    So it works just fine.
     
    Monk E. Boy and noyp like this.
  17. noyp

    noyp Network Guru Member

    hi koitsu,
    thanks for detailed samples and explanation, i did tried it and got mixed results, maybe i just missed something. for now at least i have something to start with :D
     
  18. koitsu

    koitsu Network Guru Member

    You should probably consider using the exact rules I recommended, and not the ones you used. Specifically note my use of -p tcp --dport 443, --to 2048 and --reject-with.

    1) The default response for -j REJECT is icmp-port-unreachable. However, the ICMP port-unreach packet never gets sent to the client (I've done packet captures to verify this), so the client (browser) will sit there in a "wedged" state -- you'll think your browser is locked up/crashed or behaving oddly. The --reject-with tcp-reset method causes TCP RST to be sent back to the client, which the client *does* get, and handles it gracefully (you'll get an error message in your browser almost immediately).

    2) To make use of --reject-with tcp-reset, you must use -p tcp as well, since TCP RST applies to only the TCP protocol.

    3) --dport 443 makes the rule only apply to destinations/sites using HTTPS (e.g. TCP port 443), rather than any TCP packet to any port. This is up to you to decide, but I really don't want xt_string matching against any outbound client request -- for example, if I was sending a Email to someone that had "facebook.com" in it, and the SMTP server I was sending it to did not use encryption (i.e. content was in plain text), that Email would trigger this rule. Consider this your warning with regards to use of xt_string -- it is dangerous to use unless you have great familiarity with the network stack as well as protocol analysis.

    4) --to 2048 limits the number of bytes to scan for matching content to only look at bytes 0 to 2048. The default is to look at bytes 0 to 65535, which is way more than what's needed (for HTTPS SNI, the string is within the first few hundred bytes). Furthermore, the ipt_web module written by Jonathan Zarate -- you know this as the "Access Restrictions" GUI piece, where you can block websites/domain names -- also limits its byte scan range to 0-2048. Smaller scope of bytes to scan means less chance of a unexpected behaviour (see my Email example), and also means less CPU wasted.

    One final point: these rules really need to go into the wanout chain (or a newly-made chain solely for string blocking), not the FORWARD chain. The wanout chain is referenced in the FORWARD chain, but at a point further down in the iptables rules that allows for even more CPU cycles saved. Right now it's fairly dangerous sticking xt_string rules at the very top of the FORWARD chain; they should really go after the "state RELATED,ESTABLISHED" rule. As a comparison: the classic "Access Restrictions" website blocking rules, those actually create their own chains called rresXX (where XX is a number) and stick a reference to them ito the FORWARD chain as well.

    The bottom line is that you need to know exactly the implications of what xt_string can affect, what it can cause, and "how to tune it" (so to speak). It has great possibilities for us, such as in the future being able to replace the custom ipt_web code for Access Restrictions website blocking, but a lot of work needs to go into that before it can become usable. I know the EasyTomato folks have integrated xt_string into their Access Restriction stuff directly, and that's wrong to do at this point in time -- there are a LOT of differences between ipt_web and xt_string. ipt_web is more "sane" about what it goes about matching (and is very careful in doing so! Like looking at only the HTTP Host: header of a packet, things like that), while xt_string is literally "match bytes, DO IT!!!!". There are so many caveats that they need to be analysed first.

    I would be happy to do that work -- yes, all of it, including the GUI bits and so on, to make this all accomplish-able via the GUI -- but it's a lot of work. If you want me to expand on that (what it would take me to do it, etc.), I would like it to be discussed in a new (public) thread, specifically directed at me, where I can explain to people about who I am, "how" I am (my beliefs, etc.), and what my situation is. This might sound weird ("uh, what is this crazy dude talking about?!?") but it'll make more sense if someone makes the thread and I explain.
     
    noyp likes this.
  19. Monk E. Boy

    Monk E. Boy Network Guru Member

    Sorry that was me putting that out there on the last page. I read in an old thread that someone had bricked their router, but after looking into it - now - it appears that brick was unrelated to 32K/60K/64K as others have demonstrated the new firmware doesn't care about 32K/64K. 60K... not sure...

    But, if you have a router with a 64K capable bootloader, there's really no point in using a 32K firmware if a 64K version of it is available.
     
  20. Solace

    Solace Networkin' Nut Member

    coudl someone link me the virutal router page that i recall using once a long time ago that allows people to preview the firmware? possibly with the latest revision for toastman/shibby. I forgot what the url was for it or if it even still exists.
     
  21. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    That's on Victek's website. http://victek.is-a-geek.com/ See the Tomato Links post at the top of the forum for commonly used links.
     
  22. Toastman

    Toastman Super Moderator Staff Member Member

    c4flash likes this.
  23. Doug Counsil

    Doug Counsil Reformed Router Member

    I have three Linksys E4200 routers that I want to use strictly as wireless access points. I have a Cisco small business router (SA540) that I use as my main router.

    Now to my issues/questions...

    I cannot get the multi-SSID functionality to work. The guest network cannot obtain an IP address and thus cannot access the Internet when: 1) the device is in Access Point mode, 2) DHCP is turned off on the main network (my Cisco provides DHCP), and 3) DHCP is turned on for the guest network.

    I can get the multi-SSID functionality to work perfectly if I turn on DHCP on the main network, but I don't want to do that. I want my main router to hand out IPs, etc.

    Any thoughts? I believe I have read all of the wiki and threads associated to the multi-SSID functionality.
     
  24. Toastman

    Toastman Super Moderator Staff Member Member

    April 22 2013 - 1.28.7502.2 and variants

    BETA STATUS

    • some small bugfixes
    • Update to dnsmasq v2.66 Final release
    • experimental ipv6 - use dnsmasq instead of radvd (thanks Kevin)
    • revert some bandwidth limiter features
    This completes the latest bunch of upgrades.

    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
    Gitsum, Elfew, koitsu and 1 other person like this.
  25. eahm

    eahm LI Guru Member

    tomato-K26-NVRAM64K-1.28.0502.2MIPSR2Toastman-RT-N-Std flashed and testing, thanks for the update Toastman.
     
  26. minimario

    minimario Addicted to LI Member

    For reasons that are beyond me I'm simply unable to download anything from 4shared; it's just sitting there with "Waiting time 20 seconds".

    tomato-ND-1.28.7634Toastman-IPT-ND-Std.trx is what I had hoped to try on my Buffalo WHR-HP-G54.

    tomato-ND-1.28.7633.3-Toastman-IPT-ND-Std released a year ago was still available via mediafire (and downloading actually worked). I've seen the release notes for the recent .7634 version and it doesn't appear that there were any critical security or performance fixes so can I assume that the older version 7633.3 is still perfectly acceptable for basic service?
     
  27. noyp

    noyp Network Guru Member

    hi koitsu,
    i got a strange result on my https blocking and exlcusion, it work when i used the latest internet explorer and firefox, but when i use the old internet explorer 8 on windows xp i can still access the https site, almost in all wireless laptops and pc's. i used the exact iptables line you posted. im thinking this is a browser issues or that xt_string will not work on wireless client
     
  28. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    You need to log in to 4shared in order to download, otherwise it just stops at "20 seconds to download"
     
  29. gfunkdave

    gfunkdave LI Guru Member

    You need to log in and click the gray Download button. It doesn't look like a button, really. Bad UI.
     
  30. minimario

    minimario Addicted to LI Member

    Oh, I didn't realize that the 4Shared download site required signing up. I have tried to keep registering to websites to a minimum as a general guideline.

    Thanks, Marcel and gfunkdave.


    FWIW, I managed to upgrade, but then went and botched the config restore and now I can't get back in... Oops.
     
  31. LanceMoreland

    LanceMoreland Network Guru Member


    I lost IPv6 with prefix delegation with this version and had to revert to 1.28.0501.3 and use the wan up script. Version 1.28.0502.1 worked fine but has disappeared. I am on a 4200 v.1 and my isp is Comcast.
     
  32. Toastman

    Toastman Super Moderator Staff Member Member

    I can't test the ipv6 - what exactly happened - is it missing from the GUI (I'm not at home at the moment).
     
  33. LanceMoreland

    LanceMoreland Network Guru Member

    The interface was there, I just had no IPv6 connectivity outside of my local network.
     
  34. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    Try adding the following line to the dnsmasq custom configuration:

    dhcp-range=tag:br0,::1,constructor:br0,ra-only

    This should restore IPv6 RAs to your network. I use:

    dhcp-range=tag:br0,::1,::FFFF,constructor:br0, ra-names, 12h

    This provides both stateful DHCPv6 *and* stateless (SLAAC) RA service to my local LAN, satisfying Windows, Android, IOS & most everything that I've thrown at it. A bonus feature is that with 'ra-names' enabled, dnsmasq will do it's best to create DNS entries.

    The removal of RADVD and using dnsmasq's RA & DHCPv6 service *is* experimental to say the least.

    The dnsmasq man page shows just how powerful dnsmasq has become: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
     
    Elfew likes this.
  35. LanceMoreland

    LanceMoreland Network Guru Member

    This only works with the latest version that uses dnsmasq for IPv6, is that correct?
     
  36. WrePLe

    WrePLe Addicted to LI Member

    Tomato Firmware v1.28.0502 MIPSR2Toastman
    Hi all set up vlans with Multiple SSID one for visitors
    and would like to use Dual Wan.
    wouild like bro to use the default wan port and br1 to use port 4 as a wan port
    , port4/wan and default wan provide different ip address and dns
    I would like the br1 vlan guess/visitors to use port4 wan to access internet
    and bro to use the default wan port to access the internet.

    How would i go about accomplishing this.

    this is my set up I have setup vlans with
    br0 Disabled 192.168.3.3 255.255.255.128 Disabled -
    br1 Disabled 192.168.9.9 255.255.255.240 Disabled

    VLAN ? VID Port 1 Port 2 Port 3 Port 4 WAN Port Default Bridge
    1 1 Yes Yes * LAN (br0)
    2 2 Yes Yes WAN
    3 3 Yes LAN1 (br1)

    Thanks
     
  37. noyp

    noyp Network Guru Member

    update, removing --dport 443 did the trick and now new problem crops up, some website refuses to load
     
  38. koitsu

    koitsu Network Guru Member

    There is nothing you can do about this other than use a browser that supports SNI or upgrade your OSes. You need to read about the technology you're trying to block. I go into long, highly technical details here (the latter half of my post is relevant to you): http://lists.freebsd.org/pipermail/freebsd-questions/2013-March/249513.html

    Further details:

    http://en.wikipedia.org/wiki/Server_Name_Indication#Support
    http://en.wikipedia.org/wiki/Server_Name_Indication#No_support

    Regarding xt_string in general: I tried to tell people in the "xt_string thread" that there would be fallout/complications with this module, because of what it does and how its behaviour manifests itself within the networking stack. I guess no one listened? :-(

    I am done helping with this issue. Folks using xt_string are on their own for support: period. (EasyTomato folks and others: this is what I tried to warn you about switching your firmwares to use xt_string instead of ipt_web. You really, really need to take the time to read what the modules do, as they are not the same. The amount of work to switch from one to the other is very very large, as I said before.)
     
  39. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    The ability to do IPv6 RA & DHCPv6 is not new, certainly it was in v2.61 which was the last 'big' updated version in Tomato although there were some bugs. What is new is the 'constructor' option, which allows dnsmasq to automatically build IPv6 RA & dhcp ranges. And the known bugs are gone....just left with features.
     
    Elfew and koitsu like this.
  40. LanceMoreland

    LanceMoreland Network Guru Member

    Thanks. I will update to the latest version and insert "dhcp-range=tag:br0,::1,constructor:br0,ra-only" into dnsmasq custom configuration this weekend. Is there anything else I need to do to get this going?
     
  41. Beast

    Beast Network Guru Member

    It would be nice if someone can explain how to get IPv6 to work with charter cable on the latest versions of tomato. I have tried some of the things ive read here, but no luck. Charter provides this info.
    6rd Prefix = 2602:100::/32
    Border Relay Address = 68.114.165.1
    6rd prefix length = 32
    IPv4 mask length = 0

    Primary DNS Address = 2607:f428:1::5353:1

    Secondary DNS Address = 2607:f428:2::5353:1
     
  42. Toastman

    Toastman Super Moderator Staff Member Member

    April 25 2013 - 1.28.7502.3 and variants

    BETA STATUS
    • some dnsmasq updates
    • Add a default 'dhcp-range....ra-only' to dnsmasq.conf if RA enabled
    (This will provide equivalent RA functionality of RADVD...with a bit of luck! )​
    (Thanks Kevin)​

    Thanks to everyone for the feedback!

    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
    gs44, adlerfra, pharma and 4 others like this.
  43. adlerfra

    adlerfra LI Guru Member

    Running with .3 version for the past 13 hours. Very stable and good performance with a mix of wired and wireless N devices. Thanks, Toast.
     
  44. xcysm

    xcysm Reformed Router Member

    I'm more than hesitant to try the newest build since 7502.2 completely broke the ability to administer the ASUS RT N-12 via the web browser after you make an initial config save (i.e. router is completely unreachable through web interface and you can only login to it via telnet)
     
  45. Toastman

    Toastman Super Moderator Staff Member Member

    xcysm - interesting, you are the only person to report this. Did you erase nvram and reconfigure after flash?

    Anyone else?
     
  46. xcysm

    xcysm Reformed Router Member


    Last I remember, the web interface only worked the first time after I flashed (erasing nvram after flash or keeping old settings didn't matter). The minute I saved my config, which includes local access: HTTP & HTTPS, default local http port, but non-default local HTTPS port, and non-default remote HTTPS port, the web interface is inaccessible. The router is, however, accessible via telnet and http_enable = 1, http_lanport, http_wanport, https_wanport all show the correct values. I will try the new beta in a few minutes after performing an nvram erase and I will see if the problem is still there and report back
     
  47. xcysm

    xcysm Reformed Router Member

    Ok, I just did extensive testing and a number of re-flashes, nvram erases, etc. The problem is that any time HTTPS is enabled for either local web admin access and/or remote web admin access, the web admin interface is completely inaccessible (either locally or remotely). If you simply leave the setting on 'HTTP' then everything works perfectly, though insecurely of course. So with HTTPS enabled, the only way to access the router is via telnet. So this seems to be a problem with HTTPS support. This never used to happen in any old builds before 7502.2 and 7502.3.

    How to reproduce (ASUS RT N-12)
    Go to Administration --> Admin Access
    Change Local Access to 'HTTPS' or 'HTTP & HTTPS'
    Change Remote Access to 'HTTPS'
    Will not be able to access router via web browser
     
  48. RMerlin

    RMerlin Network Guru Member

    Once you lost access to httpd, does any "httpd" process is running? Check with "ps w".
     
  49. xcysm

    xcysm Reformed Router Member


    No, now I see that httpd is not running. Also /var/log/messages shows:

    Code:
    Apr 28 01:04:50 unknown daemon.info httpd[1483]: Generating SSL certificate...
    Apr 28 01:04:51 unknown daemon.err httpd[1483]: Unable to start SSL
    
    running 'openssl' returns this error:
    Code:
    root@unknown:/tmp/home/root# openssl
    openssl: can't load library 'libssl.so.1.0.0'
    
    Finally:
    Code:
    root@unknown:/tmp/home/root# ldd openssl
            libssl.so.1.0.0 => not found
            libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x2aabf000)
            libdl.so.0 => /lib/libdl.so.0 (0x2abac000)
            libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2abbf000)
            libc.so.0 => /lib/libc.so.0 (0x2abde000)
            ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2aaa8000)
    
    I don't know a lot about linux, but it appears that the openssl library is missing. I just did a test flash using the latest shibby build (tomato-K26-1.28.RT-MIPSR2-108-Mini.trx) and it worked perfectly. However, I'd prefer to use Toastman instead of shibby because from experience, I've noticed that shibby becomes unstable after a few days of use on my router. Anyway, using shibby:

    Code:
    root@unknown:/tmp/home/root# openssl
    OpenSSL> exit
    
    Code:
    root@unknown:/tmp/home/root# ldd openssl
            libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x2aabf000)
            libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x2ab1a000)
            libdl.so.0 => /lib/libdl.so.0 (0x2ac22000)
            libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2ac35000)
            libc.so.0 => /lib/libc.so.0 (0x2ac54000)
            ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2aaa8000)
    
    So far, this problem has occurred with both:

    tomato-K26-1.28.7502.3MIPSR2Toastman-RT-Mini
    and
    tomato-K26-1.28.7502.3MIPSR2Toastman-RT-Tiny

    as well as the 7502.2 builds
     
  50. andy

    andy Addicted to LI Member

    Which Toastman version I can use ?
    I have a new router : China-Union HG320

    CPU : BCM5358 500MHz
    RAM :64MB (hardware mod to 256MB)
    Flash : 16MB
    USB : 2.0 port x 1

    Which Toastman version I can use ? R2 ?
     
  51. Toastman

    Toastman Super Moderator Staff Member Member

    xcysm - I think it's been there for a while now, probably since the ssl update before 7502, commit 8d194e4cb3b7f14ba395f47b1c2bd88752c61da4 was, I think, supposed to fix it, but it appears not.

    VPN builds will have the library included though.

    I'm not at home now, but I'll take a look when I can.
     
  52. M0g13r

    M0g13r LI Guru Member

    on RT-N66U with 502.3

    Tomato v1.28.0502 MIPSR2Toastman-RT-N K26 USB VLAN-VPN-NOCAT
    root@fli4l:/tmp/home/root# ldd openssl
    libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x2aabf000)
    libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x2ab16000)
    libdl.so.0 => /lib/libdl.so.0 (0x2ac20000)
    libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2ac33000)
    libc.so.0 => /lib/libc.so.0 (0x2ac52000)
    ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2aaa8000)
    root@fli4l:/tmp/home/root# openssl
    OpenSSL> exit
    root@fli4l:/tmp/home/root#
     
  53. LanceMoreland

    LanceMoreland Network Guru Member

    Toastman, Could you please put 1.28.0502.1 back up on 4shared? I would like to have a version with the latest OpenVPN and a the fix for IPv6 with prefix delegation. It looks like they were pulled down. Thanks.
     
  54. bortle

    bortle Reformed Router Member

    I'm seeing a logging issue, which is described here. The logs get an entry every minute saying
    May 1 16:46:01 router user.info init[1]: VPN_LOG_NOTE: 533: VPN Server 1 already running...

    The workaround in that post doesn't work, since putting "verb 0" in the Advanced configuration for VPN server produces:
    May 1 16:42:24 router daemon.warn openvpn[11104]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
     
  55. shibby20

    shibby20 Network Guru Member

    Can you explain? I have a lot of routers with uptime even 200 days and all are stable.
     
  56. eahm

    eahm LI Guru Member

    One older Shibby version ran for more than 420 days without problems on a customer's router then I upgraded it.
     
  57. Holy_Hunter

    Holy_Hunter Serious Server Member

    Whats the right/best version for my RT-N16 ?
    I just need a usefull QoS and VLAN Support.

    tomato-K26USB-1.28.7501.3MIPSR2Toastman
    or
    tomato-K26USB-1.28.0501.3MIPSR2Toastman ??

    What would you guys recommend me ?
     
  58. eahm

    eahm LI Guru Member

    http://www.4shared.com/dir/v1BuINP3/#dir=nC5RkXai

    If you need USB I would suggest this one: http://www.4shared.com/file/adS_B78d/tomato-K26USB-12805013MIPSR2To.html?

    If you don't need USB I would suggest you this one: http://www.4shared.com/file/kwhuXcs5/tomato-K26-12805013MIPSR2Toast.html?
     
  59. Monk E. Boy

    Monk E. Boy Network Guru Member

    The difference between 7xxx and 0xxx builds is the wireless network driver. Unfortunately nobody is going to be able to tell you with any reasonable degree of certainty which driver (new/old) will work better in your location. You'll just have to test it and see.

    Be sure to perform a long NVRAM erase when switching between firmwares, and don't restore the configuration via a file unless that file is for the exact same version firmware you're running. For example, if you save the configuration after setting up the router with the 7501.3 firmware, don't attempt to restore that configuration file to the router after installing 0501.3.

    As a general rule the safest option is always to wipe it out and re-set it up from scratch. There are ways of selectively exporting the configuration and selectively restoring specific nvram variables if you want to save yourself some headaches - for example, setting up elaborate QoS rules from scratch.
     
  60. zavar

    zavar Networkin' Nut Member

    eahm: Any reason *501.3 is being recommended vs. *502.* ?
     
  61. LanceMoreland

    LanceMoreland Network Guru Member

    They are back up. Thank you.
     
  62. LanceMoreland

    LanceMoreland Network Guru Member

    IPv6 in 502.2 and 502.3 doesn't work correctly and until today 502.1 had not been available. 502.1 would be the way to go now that it is back up.
     
    zavar likes this.
  63. eahm

    eahm LI Guru Member

    I use 502.3 and I haven't had any problems with it. 501.3 is just the stable version to use for now.

    502.x has a lot of improvements and it's still being heavily tested. I'm sure it'll be ready in few weeks.
     
    zavar likes this.
  64. zavar

    zavar Networkin' Nut Member

    Thanks for the clarification folks, greatly appreciated!
     
  65. bortle

    bortle Reformed Router Member

    eahm: I think Lance and I are both on Comcast and we're having the same problem. Comcast had trouble before with a spurious default route, but I'm not getting the same behavior now. Autoconfig isn't working for us when we use the newer builds.
     
  66. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    What do you mean by autoconfig?
     
  67. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    Please take a look at my latest posts in the 'Using dnsmasq instead of radvd' thread.
     
  68. zorkmta

    zorkmta LI Guru Member

    I had installed 501.3 std version, very stable, but now I need vlan, if i upgraded to 501.3 vlan version... Do I need erase nvram and configuration again?

    Thanks

    Enviado desde mi C6603
     
  69. Toastman

    Toastman Super Moderator Staff Member Member

    You should be OK - but if anything strange happens, do an erase. Use nvram export --set function to transfer settings if u need to. Be warned, if it's new to you, the VLAN GUI does have unexpected consequences sometimes, read the forum for help if you get problems. There's a lot of help here.
     
  70. callous

    callous Network Guru Member

    Toastman, since you are an engineer, I was wondering if I telneted into the router and did a nvram erase command and a reboot command after it, is there any need at all to do a 30-30-30 on the router before and after flashing a new firmware?

    In your experiences, is there at all a need to do 30-30-30, or will nvram erase command from the router page be sufficient?
     
  71. RMerlin

    RMerlin Network Guru Member

    30-30-30 is what I call a DDWRTism. It's a one-size-fit-all procedure devised to allow virtually any DD-WRT compatible router to do a factory default reset. Some need you to press Reset for 5 secs. Others require you to press it for 15 secs. Others require you to have it pressed while you boot it. The30-30-30 procedure does all of this in one (tediously long) procedure.

    Doing an nvram erase through telnet will get you the desired result - a wiped clean nvram.
     
  72. callous

    callous Network Guru Member

    Thanks Merlin. I think I'll forgo the 30-30-30 as it is a major pain in the butt! After flashing, should I still wait 10mins after the router appears to be finished flashing before I try to access the router, in case it is still working on restoring factory defaults, or something else?
     
  73. RMerlin

    RMerlin Network Guru Member

    What router do you have? Anything modern (RT-N16 or newer) should be up and ready after 2-3 mins at most. In fact, by the time the webui becomes accessible, the new settings are ready and written to the router.
     
  74. callous

    callous Network Guru Member


    I have the Linksys E3200
     
  75. Victek

    Victek Network Guru Member

    The E3200 boot time is faster than RT-N16 .. in less than one minute it must be ready and connected to the network.
     
  76. callous

    callous Network Guru Member


    That means i shouldnt need to wait 10 mins. I'll give it 3mins then. Thanks! Are you coming out with support for the e3200 by any chance?
     
  77. Victek

    Victek Network Guru Member

    E3200 versions are in my site, sure.
     
  78. gs44

    gs44 Networkin' Nut Member

    Toastman,

    I am running your latest beta build in my E3000 and E2000 and all seems very stable with great speeds. Unfortunately my ISP seems to have pulled all IPV6 support away again so I have no way to test the changes to IPV6 in these builds. I can get my HE tunnel up and running again but I don't think any of the recent changes would benefit from 6in4 tunnel testing. If I am wrong and testing via HE 6in4 tunnel would help let me know as I would be happy to do it.

    As always GREAT work and THANKYOU for your continued support of Tomato!!! :)
     
  79. Toastman

    Toastman Super Moderator Staff Member Member

    @gs44 - Hi!

    The recent BETA test versions are to explore the possiblity of dnsmasq taking over the function of RADVD. Any feedback at all is welcome, just as long as people do understand this is work in progress and more work needs to be done for full integration with Tomato (vlan support etc). ipv6 is a mystery to me, I can't test it.

    DNSMasq is very actively developed by Simon Kelley, so we think this is likely to be a significant step forward. So many thanks to Kevin for his work on this. If anyone out there knows a lot about ipv6 and can contribute his ideas too, we'd all be grateful for the help!

    It would be nice to know if the changes broke anything in the HETunnel but don't worry too much.

    @callous - the 30-30-30 reset always reeked of voodoo to me. I never could understand the point of pressing a button on a router which isn't powered up. As for "discharging the backup power" - I never saw any reset button that was capable of doing that. rMerlin's thoughts are probably quite right.
     
  80. callous

    callous Network Guru Member

    Thanks Toastman!
     
  81. Monk E. Boy

    Monk E. Boy Network Guru Member

    On some models it discharges a capacitor that maintains certain settings that are stored in RAM. On all other models it does nothing. I don't even remember what model it was to be honest. It probably wasn't even Broadcom-based.
     
  82. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    I use a Hurricane Electric tunnel to get on the IPv6 internet - it works :)

    Wish my ISP did some sort of native IPv6 though.
     
  83. gs44

    gs44 Networkin' Nut Member

    Hi Toastman!!

    I loaded my HE Tunnel up and tested on 3 different IPV6 tests sites and all passed with flying colors!! So The HE Tunnel is not broke in anyway on the latest Beta build with my E3000 and E2000.

    @Kevin I know what you mean about native IPV6 support with our ISP's... Mine made an attempt but it was basically there own version of a 6in4 tunnel comparable to HE Tunnel but slower and now they have even took that away and I decided to ask there teck dept about future "real" native IPV6 support and they basically said
    "uhm...ya..someday" Not impressed with that answer to say the least...lol
     
  84. Noodle

    Noodle Addicted to LI Member

    I'm running Tomato Firmware v1.28.7501 MIPSR2Toastman-RT K26 USB VLAN-VPN on an E3000. And trying to get IPv6 work on U-Verse.

    I read somewhere said AT&T U-Verse use 6rd IPv6, and need to load /lib/modules/2.6.22.19/kernel/net/ipv6/sit.ko, but I keep getting error: "insmod: can't insert '/lib/modules/2.6.22.19/kernel/net/ipv6/sit.ko': unknown symbol in module, or unknown parameter"

    I googled "sit.ko" and looks like shibby fixed this issue. I'm wondering is this my problem? or Toastman's Tomato do not support this "sit.ko"

    Thanks

    Noodle
     
  85. Morac

    Morac Network Guru Member

    Apparently Kevin's given up and requested that his dnsmasq commits be removed.
     
  86. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    I've been persuaded to continue and perhaps not take things so seriously :)

    There are some fundamental changes to the way host addresses are (not) handed out in IPv6 that will cause pain & confusion for end users...or at least users who wish to know what addresses are in use & by whom. dnsmasq is a big step in helping with this problem, but ultimately nobody can control what address/es any particular host will decide to use. For those interested/alarmed by that statement I suggest you look up 'SLAAC' and then 'Privacy Extensions'.

    I saw a comment yesterday: IPv6, we're not in Kansas anymore Toto!
     
    barkmann, Monk E. Boy and Elfew like this.
  87. Victek

    Victek Network Guru Member

  88. gs44

    gs44 Networkin' Nut Member

    Kevin,

    Glad to here someone persuaded you to continue :)
     
  89. Toastman

    Toastman Super Moderator Staff Member Member

    May 16 2013 - 1.28.7502.4 and variants - BETA TEST RELEASE

    • Proof of concept 6RD supports
    • More updates to dnsmasq and ipv6
    • Allow ipv6IP entry in Tools/Ping
    • Port of RMerlin fixes to large traffic value overflows in IPTraffic.
    • Reduce RSA key length from 2048 to 1024 bits (= new microsoft min key length)
    • Quick fix for missing sslib
    Thanks to Kevin Darbyshire-Bryant

    And thanks to everyone for the feedback!

    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
  90. RMerlin

    RMerlin Network Guru Member

    Did you also port the cstats fixes where having two update requests happen too quickly would cause cstats to count the same traffic twice? It was the one-line fix that just needed a "continue" inserted.
     
  91. tvcat

    tvcat Serious Server Member

    Hi im facing frequent disconnect using pppoe (ADSL).
    I got another one running fiber optic with no problem.
    Device: Asus RT-N12C1
    Firmware: tomato-K26-1.28.0501.3MIPSR2Toastman-RT-N-VLAN-Std
    Below is the log thanks.
    Code:
    May 17 20:00:22 unknown daemon.info dnsmasq-dhcp[7392]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    May 17 20:00:22 unknown daemon.info dnsmasq[7392]: reading /etc/resolv.dnsmasq
    May 17 20:00:22 unknown daemon.info dnsmasq[7392]: using nameserver 202.188.0.133#53
    May 17 20:00:22 unknown daemon.info dnsmasq[7392]: using nameserver 1.9.1.9#53
    May 17 20:00:22 unknown daemon.info dnsmasq[7392]: read /etc/hosts - 2 addresses
    May 17 20:00:22 unknown daemon.info dnsmasq[7392]: read /etc/dnsmasq/hosts/hosts - 3 addresses
    May 17 20:00:22 unknown daemon.info dnsmasq-dhcp[7392]: read /etc/dnsmasq/dhcp/dhcp-hosts
    May 17 20:38:55 unknown daemon.info pppd[7378]: No response to 5 echo-requests
    May 17 20:38:55 unknown daemon.notice pppd[7378]: Serial link appears to be disconnected.
    May 17 20:38:55 unknown daemon.info pppd[7378]: Connect time 38.6 minutes.
    May 17 20:38:55 unknown daemon.info pppd[7378]: Sent 1151 bytes, received 1776 bytes.
    May 17 20:38:58 unknown user.info redial[7379]: WAN down. Reconnecting...
    May 17 20:38:58 unknown daemon.info pppd[7378]: Terminating on signal 15
    May 17 20:39:01 unknown daemon.notice pppd[7378]: Connection terminated.
    May 17 20:39:01 unknown daemon.notice pppd[7378]: Modem hangup
    May 17 20:39:01 unknown daemon.info pppd[7378]: Exit.
    May 17 20:39:02 unknown user.debug kernel: vlan1: del 01:00:5e:00:00:01 mcast address from vlan interface
    May 17 20:39:02 unknown user.debug kernel: vlan1: del 01:00:5e:00:00:01 mcast address from master interface
    May 17 20:39:02 unknown daemon.warn dnsmasq[7392]: no servers found in /etc/resolv.dnsmasq, will retry
    May 17 20:39:02 unknown user.warn kernel: vlan1: Setting MAC address to  10 bf 48 39 fd ad.
    May 17 20:39:02 unknown user.debug kernel: vlan1: add 01:00:5e:00:00:01 mcast address to master interface
    May 17 20:39:02 unknown daemon.info pppd[7804]: Plugin rp-pppoe.so loaded.
    May 17 20:39:02 unknown daemon.info pppd[7804]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
    May 17 20:39:02 unknown user.info redial[7806]: Started. Time: 30
    May 17 20:39:02 unknown daemon.notice pppd[7805]: pppd 2.4.5 started by root, uid 0
    May 17 20:39:37 unknown daemon.err pppd[7805]: Timeout waiting for PADO packets
    May 17 20:39:37 unknown daemon.info pppd[7805]: PPP session is 3574 (0xdf6)
    May 17 20:39:37 unknown daemon.warn pppd[7805]: Connected to 00:90:1a:40:90:70 via interface vlan1
    May 17 20:39:37 unknown daemon.info pppd[7805]: Using interface ppp0
    May 17 20:39:37 unknown daemon.notice pppd[7805]: Connect: ppp0 <--> vlan1
    May 17 20:39:38 unknown daemon.notice pppd[7805]: PAP authentication succeeded
    May 17 20:39:38 unknown daemon.notice pppd[7805]: peer from calling number 00:90:1A:40:90:70 authorized
    May 17 20:39:38 unknown daemon.notice pppd[7805]: local  IP address 124.82.76.149
    May 17 20:39:38 unknown daemon.notice pppd[7805]: remote IP address 219.93.218.177
    May 17 20:39:38 unknown daemon.notice pppd[7805]: primary  DNS address 1.9.1.9
    May 17 20:39:38 unknown daemon.notice pppd[7805]: secondary DNS address 202.188.0.133
    May 17 20:39:38 unknown daemon.info dnsmasq[7392]: reading /etc/resolv.dnsmasq
    May 17 20:39:38 unknown daemon.info dnsmasq[7392]: using nameserver 202.188.0.133#53
    May 17 20:39:38 unknown daemon.info dnsmasq[7392]: using nameserver 1.9.1.9#53
    May 17 20:39:38 unknown daemon.info dnsmasq[7392]: exiting on receipt of SIGTERM
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: started, version 2.61 cachesize 1500
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: compile time options: no-IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: asynchronous logging enabled, queue limit is 5 messages
    May 17 20:39:38 unknown daemon.info dnsmasq-dhcp[7817]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: reading /etc/resolv.dnsmasq
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: using nameserver 202.188.0.133#53
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: using nameserver 1.9.1.9#53
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: read /etc/hosts - 2 addresses
    May 17 20:39:38 unknown daemon.info dnsmasq[7817]: read /etc/dnsmasq/hosts/hosts - 3 addresses
    May 17 20:39:38 unknown daemon.info dnsmasq-dhcp[7817]: read /etc/dnsmasq/dhcp/dhcp-hosts
     
  92. M0g13r

    M0g13r LI Guru Member

    rofl ... i was talking about this several months ago .....
    Toastman Releases

    put this in options ... lcp-echo-interval 30 or 0 to disable it .... u don't realy need it

    i think only victek fixed it ....
     
  93. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    Isn't this a check to ensure the LCP on the WAN between Router & ADSL modem hasn't gone South? To my mind that's a useful thing to know. Is the real question 'why has the modem decided to stop responding to echo requests?' That's sort of followed up by the fact we also don't get a response to our PADO request when we attempt to re-establish the link.

    Maybe the modem thinks it's still in the link, but in that case why stop responding to echos ?
     
  94. gs44

    gs44 Networkin' Nut Member

    Quick test results for latest Beta 502.4 on E3000 seems good thus far, IPV6 6in4 HE Tunnel works still.. Will do more testing and report back after running this longer if any issues pop up.
     
  95. Cybergy

    Cybergy Reformed Router Member

    Not sure how to post this as a new question (is there only one thread for Toastman builds?) but;

    Is there a way for hostnames to appear in the Access Restrictions page, or just MAC/IP addresses?
     
  96. tvcat

    tvcat Serious Server Member

    do you mean i need to set this lc-echo-interval via telnet? I cant find this key via telnet...
    ok after reading this post http://www.linksysinfo.org/index.php?threads/toastman-releases.36106/page-17#post-223814
    what i need to do is the command below, correct?
    Code:
    nvram set pppoe_lei=0
    nvram commit
    service wan restart
    So you mean the adsl modem is having problem?
    im having problem with 2 different adsl modem, Aztech 705E & TP Link TD-8817, both new.
     
  97. Toastman

    Toastman Super Moderator Staff Member Member

    I don't think so, where was it?
     
  98. RMerlin

    RMerlin Network Guru Member

    This commit:
    https://github.com/RMerl/asuswrt-merlin/commit/7255304b8d4ac2d26e515bf0479db4a075dac7e2

    Also, my first cstats commit was missing the updated header file:

    https://github.com/RMerl/asuswrt-merlin/commit/a643da5459fe90a609c6aea8ee35924a9aa80d95

    Also, unsure if you had that first cstats commit, or only the httpd one - this was also related to the 32-bit overflow:

    https://github.com/RMerl/asuswrt-merlin/commit/966634614bdee0ddfec0caa284f52bf04b617111
     
  99. Toastman

    Toastman Super Moderator Staff Member Member

    Apart from the change of "Check Interval" to "Redial Interval, (which I am doing now) I didn't see anything needed changing. What are you suggesting?
     
  100. Toastman

    Toastman Super Moderator Staff Member Member


    Thanks, much appreciated! fixed locally... ( I have them all now).
     

Share This Page