1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. though

    though Network Guru Member

  2. ForFun

    ForFun Reformed Router Member

    Hi everyone.Hi @Toastman
    Should I install tomato-K26USB-1.28.7500.2MIPSR2Toastman-VLAN-RT-VPN-NOCAT to Linksys E1500?
    Which is correct build?
    Thanks a lot
  3. shadowken

    shadowken Networkin' Nut Member

  4. ForFun

    ForFun Reformed Router Member

  5. DownSouth

    DownSouth Reformed Router Member

  6. QSxx

    QSxx LI Guru Member

    Hello folks,

    just a quick question: are there any RT-N12 users here and if yes what version of Toast are you running on it?

    I'm a RT-N16 user, got a hold of used RT-N12 with stock firmware so i'll try to make it switch to light side and become a jedi ... uhm I mean i'll try to see how it performs compared to N16 XD

    Thanks :)
  7. eahm

    eahm LI Guru Member

  8. mvsgeek

    mvsgeek Addicted to LI Member

    Tomato Firmware v1.28.0502 MIPSR2Toastman-RT-N K26 Std

    Note that the RT-N12 requires the ND version with the new wireless drivers. And earlier RT-N12's only had 4MB of flash, hope yours is a newer one with 8MB, otherwise you'll be SOL. I wish the RT-N12 had a USB port, but other than that it's a decent router for the money.
    QSxx likes this.
  9. QSxx

    QSxx LI Guru Member

    Successfully flashed 0502 MIPSR2Toastman-RT-N K26 Std as suggested, directly using rescue mode (asus tool) - no hickups yet, playing well with RT-N16. It actually has stronger signal than N16 on same settings :) (I think i'll try RT-N variant on N16 too)

    It's revision D1 aldo Tomato detects B1 (not sure why). Nothing out of the ordinary to report...

    P.S. @eahm - I was looking for Toastman, not shibby :) - I know shibby can do N12
  10. eahm

    eahm LI Guru Member

    Doesn't N12 have 5dBi antennas? Shibby or Toastman or RAF kinda all the same when it comes to router specs and selection. Shibby maintains the list better than the others, check that list then choose Shibby, Toastman or RAF as well.

    Toastman, thanks for cleaning the folders.
    Last edited: Jan 25, 2014
  11. Grimson

    Grimson Networkin' Nut Member

    I just took a quick look through the sources from Toastman and Kevin Darbyshire-Bryant, it seems Toastman missed this commit: http://repo.or.cz/w/tomato.git/commitdiff/33c95f46a93038e754a8748ed29bb502aff63a0a

    Currently I lack the environment to build tomato myself, but this might fix the problem.
  12. Grimson

    Grimson Networkin' Nut Member

    Well if I compare http://repo.or.cz/w/tomato.git/blob/refs/heads/Toastman-RT:/release/src/router/rc/services.c and http://repo.or.cz/w/tomato.git/blob/refs/heads/KDB-RT-N-sh:/release/src/router/rc/services.c I see the differences between lines 384 and 426.

    Your service.c writes the following to dnsmasq.conf:
    fprintf(f, "enable-ra\ndhcp-range=tag:br0,%s, slaac, ra-names, 64\n", prefix);
    which I also find on my local dnsmasq.conf.

    While it should write:
    fprintf(f,"enable-ra\ndhcp-range=::1, ::FFFF:FFFF, constructor:br*, ra-names, 64, 12h\n");
  13. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    Looks like you missed that commit. The bit that you ideally need is the update to services.c (but with a minor tweak -see below). I wouldn't touch anything in dnsmasq. Dnsmasq v2.68 included by default a lot of the tomato & 'oleg' tweaks - The 'quiet-*' options sort of came from us but they were re-worked in a much better way by Simon. The more sensibly permissive IPv6 'constructor' syntax came really from Vlad working on some 'oleg' branches (dd-wrt??)

    Some of the old code & much of the hassle in 'services.c' came from trying to workaround the previous behaviour of dnsmasq's 'constructor' option. It's perhaps worth explaining what the two lines in the dnsmasq.conf actually do:

    dhcp-range=::100, ::FFFF:FFFF, constructor:br*, ra-names, 64, 12h

    In essence this says: 'Look for any interface beginning 'br' (so br0) and if it has an IPv6 (non temporary) address on it build an IPv6 DHCP range using that addresses prefix starting 'prefix::100' and finishing 'prefix::FFFF:FFFF'. Make the DHCPv6 prefix 64 bits in length and make the DHCP lease time 12 hours. 'ra-names' is clever - for non-privacy obscured SLAAC addresses, try pinging it and if you get a response map the DNSv6 hostname to the corresponding DNSv4 hostname. It puts hostnames for DHCPv6 leases into DNSv6 as well as you would expect. It's the best chance you have of finding out a hostname for a local IPv6 address...SLAAC privacy not withstanding.


    DHCPv6 is 'stupid' - unlike DHCPv4 it doesn't and cannot tell the client the IPv6 prefix length, so sensible hosts will treat a DHCPv6 address as a /128 - in other words they don't know the address of the local network. By using 'enable-ra' Router Advertisements stating the local IPv6 prefix & prefix length are sent (but still with flags saying 'prefer DHCPv6 if you can do it'. This helps Windows 7 boxes configure their IPv6 firewall correctly - most notably they will respond to IPv6 pings to local devices because they now know what a local address looks like.

    You can of course add your own lines to dnsmasq.conf in the custom section of the GUI for whatever you desire - you would have to disable 'advertise IPv6' or whatever it was called in the GUI so 'services.c' didn't write the current line.

    I have recently moved on from Tomato, moving to something much closer to an OEM firmware, so I'm not really maintaining my branch any more other than perhaps including up-to-date dnsmasq and checking it compiles.
  14. RMerlin

    RMerlin Network Guru Member

    Vladimir (Themiron) is a contributor to the WL500G project : https://code.google.com/p/wl500g/source/list

    This is a good reference to keep track of as they use the same kernel as Tomato/Asuswrt/Asuswrt-Merlin, and the devs working on this project have a very good understanding of what they are doing (technically-speaking). I picked quite a few kernel patches from them over the years (so did Asus as well).
  15. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    Thanks for correcting me Eric - I wish I knew what I was doing technically :)
  16. Grimson

    Grimson Networkin' Nut Member

    Thanks a lot.
  17. Dennis Malley

    Dennis Malley Reformed Router Member

    Hey there, I am hoping for some guidance/confirmation on my build choice.

    I have been using tomato for a while now, have Tomato Firmware v1.28.7633 .3-Toastman-IPT-ND ND Std on a buffalo WHR-G54S. My main incentive for using custom router firmware has always been traffic shaping and toastman seems to really have a handle on the QOS stuff so I'd like to stick with his builds when possible.

    I'm u
    pgrading to a Rosewill RNX-N300RT which is a rebadged TP-Link WR841ND. I think I have the right build but just want to make sure. Should I be using tomato-K26-1.28.7503.5MIPSR2Toastman-RT-Std (2).trx ?

    Also I assume I have to do the factory to ddwrt thing first to overwrite the oem interface, then upgrade to the above.

    Thanks for the help and for making routers awesome!
  18. jerrm

    jerrm Network Guru Member

    That's Atheros chipset, no version of Tomato will run on it.
  19. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

  20. Toastman

    Toastman Super Moderator Staff Member Member

    January 31 2014 - 1.28.7503.6 and variants

    • Fix missed commit in services.c - see post #2414 by Grimson
    • Dnsmasq updated to v2.69pre-test4-140124 - This may help comcast dhcp6-pd & 'constructor' compatibility. Thanks to Kevin Darbyshire-Bryant & Simon Kelley
    • Fix for realtime average traffic rate being incorrect until you actually reach the max number of samples, i.e. wait 10 mins - thanks RMerlin
    Best wishes!
    though, Grimson and eahm like this.
  21. Dennis Malley

    Dennis Malley Reformed Router Member

    Marcel and jerrm, thanks for the replies. Guess my router ignorance is showing here. Was introduced to router upgrades through a lifehacker article that used ddwrt as the buzzword, and then found there were other options like tomato. I assumed that a router advertised as ddwrt capable would be upgradable to any of the alternatives as well. I was reading through the changelog for the K24 builds to see if I could bring my aging buffalo up to date, what build would you recommend for that purpose? Or should I give up the ghost and try to find a router more current (btw my rosewill is a v7 clone thus incapable of gargoyle as suggested)?

    One of the more notable bits of chatter I read in the changelog is the ipv6 limitations on the k24 builds. I guess that's why I'm wondering if its time to look for a worthy upgrade?

    I guess what I'm looking for overall is a router within a reasonable <$50 budget that I can use to sandwich my online streaming traffic (netflix, hulu, ect) between my p2p/usenet downloads and my browsing/email traffic.
    Last edited: Jan 31, 2014
  22. Jacques

    Jacques Addicted to LI Member

    Last edited: Jan 31, 2014
  23. dc361

    dc361 LI Guru Member

    As of Friday January 31st at 10:28 eastern, I only see two directories (ND - MipsR1 and RT - MipsR2) on 4shared. The entire RT-N tree seems to be missing.
  24. Grimson

    Grimson Networkin' Nut Member

    Well the ASUS RT-N16 is IMHO still a good choice and not to expensive.
  25. mensa

    mensa Network Guru Member

    Why ist the support for Asus RT-N66U and RT-N15U cancelled? :(:(:(
  26. Toastman

    Toastman Super Moderator Staff Member Member

    Unattended upload operation stalled and left some permissions screwed up. I think it's ok now.

    Sorry for the hiccup.
  27. dc361

    dc361 LI Guru Member

    Still not showing up here but thanks for the try :)
  28. Toastman

    Toastman Super Moderator Staff Member Member

    Looks ok here, maybe u have to wait a short while for the changes to propogate to the mirrors.
  29. kthaddock

    kthaddock Network Guru Member

    Toastman it's working now.
    dc361 likes this.
  30. Toastman

    Toastman Super Moderator Staff Member Member

    dc361 likes this.
  31. mensa

    mensa Network Guru Member

    Did you change anything at Scripts section?
    I added that 2 lines to Scripts - Firewall:

    ip neigh change lladdr ff:ff:ff:ff:ff:ff nud permanent dev br0
    ip neigh add lladdr ff:ff:ff:ff:ff:ff nud permanent dev br0
    But after I reboot the router and type "ip neigh show" I don't get listed that address. Why?
    It worked always before. And also if I type the two lines manually -> "ip neigh show" says: dev br0 lladdr ff:ff:ff:ff:ff:ff PERMANENT

    So the commands are correct, but why are Scripts not working anymore?
  32. LanceMoreland

    LanceMoreland Network Guru Member

    Wow. With this new update, all of my devices received Stateful IPv6 addresses from DHCPv6 for the first time ever. I am on Comcast.
    gs44 likes this.
  33. gs44

    gs44 Networkin' Nut Member

    as expected Ipv6 via he tunnel is working flawlessly... wished TWC would follow Comcast and get ipv6 up and going all around....

    side note: Toastman, donations are working correct? meaning you got mine correct? :) if not me and Paypal gonna have words cause they took my money...lmao
  34. koitsu

    koitsu Network Guru Member

    Bug report (I think, not sure):

    I just upgraded to tomato-K26USB-1.28.0503.6MIPSR2Toastman-RT-N-Ext.trx and found that under DDNS, "FreeDNS (afraid.org)" was an available choice. Maybe it's been there for a long time and I just now noticed it. Anyway, I've been using "Custom URL" reliably for a long time, and even though my IP doesn't change often, the status messages for "Custom URL" seem to work:

    Last IP AddressSaturday, February 01, 2014 15:40:41:
    Last ResultSaturday, February 01, 2014 15:40:41:
    ERROR: Address has not changed.
    So I thought "hey let's try the native FreeDNS (afraid.org) entry instead". Here's what happened:

    When "FreeDNS (afraid.org)" is selected, the GUI field asks for a "Token / URL". The full URL is something like this (some bytes changed to protect password hashing etc.): http://freedns.afraid.org/dynamic/update.php?RFJtABCDEFGABCDEFGABCDEFGABCDEFGDg=

    (Be sure to note the equals at the end)

    The GUI "automatically" picked the following Token / URL for me:


    (Be sure to note the missing equals)

    Upon clicking Save, all I ended up with was this:

    Last ResultSaturday, February 01, 2014 15:42:49:
    Update successful.
    I then tried adding the equals (=) to the end of the Token -- I got the same result. Also, the "Last IP Address" line is completely gone from the GUI output when using this mode. So all of this has me a little confused as to whether or not the actual native "FreeDNS (afraid.org)" entry in DDNS is working properly or not. I know "Custom URL" does.
  35. LanceMoreland

    LanceMoreland Network Guru Member

    I use FreeDNS (afraid.org) and have always entered only the token. It has always worked for me and appears to be working properly now.
  36. koitsu

    koitsu Network Guru Member

    @LanceMoreland Does your direct URL (check the afraid.org site) end with an equals symbol? If not, then that'd imply equals is part of my token string, which makes me wonder 1) why the GUI automatically stripped it off (probably erroneous design), and 2) why both with and without the equals in the token caused the GUI (or possibly the remote end (afraid.org), unsure) to say "Update successful" (rather than "Invalid token" or "Invalid user", or even possibly "Address XYZ has not changed").

    DDNS, such a nightmare. :)
  37. LanceMoreland

    LanceMoreland Network Guru Member

    There is no equals symbol in my token string. I have for years however used everything after the question mark in the url as the token. It has worked flawlessly.
    Last edited: Feb 2, 2014
  38. koitsu

    koitsu Network Guru Member

    I see. Well my token contains an equals at the end of the string, and like I said the GUI strips it off (unless I manually type it in), so that's probably a bug in related Tomato Javascript (it should permit such characters when auto-populating that field); more and more of these JS bugs keep getting found.

    I'm not sure about the other issues, like why "Last Result" just says "Update successful" with or without the equals at the end of the token (I'd expect one of those to return a failure!), and why the "Last IP Address" stuff is no where to be found.

    Maybe I'll try regenning my token (afraid.org lets you do this, thankfully) and see if I can get one without an equals symbol in it and try from there.
  39. Jorge Nerín

    Jorge Nerín Reformed Router Member

    I want to ask if anybody has been able to get openvpn server working with ipv6. I see that starting from openvpn 2.3.0 it is able to support ipv6 but I'm running into problems while testing it with my android phone.

    I have a ipv4 working setup of openvpn server in my tomato router that I have been using for a long time to access my network. Today I have upgraded to latest Toastman release and decided to upgrade my tunnel to also provide an ipv6 to my client.

    I have tried with the simplified option "server-ipv6", but I'm having a problem. The moment I enable an ipv6 option in the config openvpn stops working. The client connects but traffic does not flows neither ipv6 nor ipv4.

    Even with no clients connected openvpn logs errors like this when I try to ping an address of its pool from the lan:

    Feb  2 11:24:22 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Feb  2 11:24:23 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Feb  2 11:24:23 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Feb  2 11:24:24 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Feb  2 11:24:24 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Feb  2 11:24:28 192 openvpn[1905]: IP packet with unknown IP version=14 seen
    Feb  2 11:24:28 192 openvpn[1905]: IP packet with unknown IP version=14 seen
    Feb  2 11:24:29 192 openvpn[1905]: IP packet with unknown IP version=14 seen
    Feb  2 11:24:29 192 openvpn[1905]: IP packet with unknown IP version=14 seen
    Feb  2 11:24:31 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Feb  2 11:24:31 192 openvpn[1905]: IP packet with unknown IP version=0 seen
    Note than when there is no ipv6 options enabled in the custom configuration the ping also fails (as there is no device connected) but there is no errors in the log, and when a device connects the ping works. My machine and the router generate version=0 errors when trying to ping, and another linux machine generates version=14.

    If I take out the ipv6 custom options the tunnel works, I have tried with OpenVPN Connect and with OpenVPN for Android.
    Last edited: Feb 2, 2014
  40. koitsu

    koitsu Network Guru Member

    Googling for the term "IP packet with unknown IP version" turns up quite a lot of hubbub, ranging from incorrectly-configured setups (ex. client=tap server=tun), bugs in LZO comp/decomp with OpenWRT (which DD-WRT also saw; seems using comp-lzo no on both client/server guarantees compatibility), and even some stuff over on tomatousb.org that didn't get solved.

    Also, I can assure you that AoE is not the problem on TomatoUSB, as the Linux kernel used does not have that capability. Of course, if your client does, then you should fix that on the client (if Linux).

    IPv6 support in general on TomatoUSB is still in "extremely experimental mode", to put it lightly. There are bugs getting hammered out constantly, and the people who are in-the-know are very very few. I'd recommend you just stick with IPv4 if you truly don't encounter any issues using solely that.

    Can I also ask why you put this into the Toastman Releases thread and not a separate thread? Does this problem go away with RAF or shibby?
  41. Jorge Nerín

    Jorge Nerín Reformed Router Member

    Oh, no problem, I'm not afraid to debug problems :D. I have been using an IPv6 tunnel since 2010 and debugging ipv6 problems since then in tunneled connections and with native IPv6 connections at my previous workplace. I'm an IPv6 fan.

    I did put it in the Toastman release because it happened to me with tomato-K26USB-NVRAM64K-1.28.0503.6MIPSR2Toastman-RT-N-VPN.trx in my Asus RT-N66U, I didn't think enough :( I just hopped someone could have encountered the same problem.

    I will try to debug and reproduce this problem with openvpn server in my linux box to see what it could be about. I will report back in a few days. From the router it seems everything is ok, and the android clients seems to also support ipv6, at least the official one says so in the description. The tunnel works ok as I have it setup, but if I add in custom configuration some ipv6 options like "server-ipv6 ..." with the ipv6 range that I'm assigned, or just "tun-ipv6" and "push tun-ipv6" without anymore options and the tunnel stops working, the client connects ok with one program, but with the official client I get an error "Tun interface setup failed: option_error: only topology 'subnet' supported with IPv6".

    I also searched the net before, but I had a previous working tunnel, so the only change is adding the IPv6 support, I don't have problems with mismatched configurations as it works in IPv4 only mode. I think I have the same problem as the unresolved issue on tomatousb last summer, as I said knowing there is no known solution I will see if I can resolve it.
  42. koitsu

    koitsu Network Guru Member

    The problem on tomatousb.org, to me, looks to be related to the client and server having different comp-lzo settings (amongst other things).
  43. Toastman

    Toastman Super Moderator Staff Member Member

    RMerlin reports that it's possible that the fix for realtime average rate may have broken the 24 hour results, although everything seems to be working ok here. I will replace 7503.6 and 0503.6 soon, but this is really a minor hiccup, so no big announcement here :)

    Thanks Eric!
  44. Toastman

    Toastman Super Moderator Staff Member Member

    Jorge/Koitsu - always interested to improve the ipv6. If someone can turn these suggestions into reality by posting fixes to present code, it would be a big help, we will get some testers here, and I'm sure that everyone will be very glad to incorporate it.

    koitsu and neopegasus like this.
  45. w5pny

    w5pny Reformed Router Member

    I just tried tomatousb (non-usb) AND I tried "tomato-WRT54G_WRT54GL-1.28.7635Toastman-IPT-ND-Std (1).bin" on my WRT54GL Version 1. Both of them BLOCKED all my wifi connections with "permit" selected in the wireless filter. But when I checked "block", then they were permitted and things worked fine!!! The code in toastman (and some others) seems to have permit and blocked backwards in Basic->Wireless Filter. I'm sticking with Toastman (to get b/g/n support among other things) but, perhaps this can be fixed in a future release of the WRT54G-WRT54GL ND-Std release.
  46. koitsu

    koitsu Network Guru Member

    @w5pny -- When you changed/switched firmwares, every time you changed/upgraded/whatever, did you go to Administration / Configuration / Restore Default Configuration / Erase all data in NVRAM (thorough), let the router reboot, and re-apply all your config settings by hand?

    If not, this is what you should have done -- sometimes certain NVRAM variables change syntax/purpose between firmware versions. The authors try very hard to be backwards-compatible, but there are never any guarantees.

    If you do that and the problem still persists, then that would be a bug to report. You'd need to provide exact step-by-step instructions on how to reproduce the problem (from the point you erase NVRAM as I described above, to all the settings/adjustments you change, including what browser (and version) you use).
  47. Roger T

    Roger T Reformed Router Member

    Hello Toastman.

    any plans to enable 5ghz radio on e3200?... Toastman builds are the most stable firmware i used on E3200. Shibby occasionally freezes and drops signals on my E3200..

    BTW thanks a lot for your work.
  48. w5pny

    w5pny Reformed Router Member

    I did erased the NVRAM just as you describe above, re-entered all the data EXCEPT the wireless filter data
    and verified everything was working at that point.

    Next I entered all 40 MAC address I had in my permit list, check permit, and then did SAVE.
    No access for any of those devices resulted. But when I checked "BLOCK" I got access.
    This means I do in fact have a bug to report -- BUT -- I don't know how to file toastman bug reports.

    I also tried to do "git clone http://git@repo.or.cz/w/tomato.git" in order to be able to get a copy
    of the toastman source for the binary I have, but I keep getting:

    Cloning into 'tomato'...
    fatal: http://git@repo.or.cz/w/tomato.git/info/refs not valid: is this a git repository?

    "git clone git://git@repo.or.cz/w/tomato.git" results in:

    Cloning into 'tomato'...
    fatal: unable to connect to git@repo.or.cz:
    git@repo.or.cz: Name or service not known

    I tried this on both my ubuntu 12.04 box and a windows 7 box running cygwin and get the
    same results. So -- without more info, I can't get the source.
  49. koitsu

    koitsu Network Guru Member

    Try following my own instructions closely. Your git commands (syntax) are wrong.


    Be aware the repo is absolutely enormous at this point. A full repo checkout takes literally hours for me. You will not be able to build the firmware under Cygwin, I can assure you, but you could of course poke around and view it. (Warning: the rabbit hole runs very deep within Tomato, so expect to dedicate a good number of hours digging. See some of my other posts for examples of how deep the hole is. :) )

    As for filing a bug report: posting here is the right way to do that. Someone can/will help you, hopefully, but remember this is a volunteer project.
  50. w5pny

    w5pny Reformed Router Member

    Thanks for the link -- it is a nice description of what to do to build tomato.

    The git clone commands I tried actually did not have the "git@" in them. I inadvertently
    cut and pasted that attempt to get the errors I was getting included in my post. I always
    got the same errors, but for some odd reason, the same command (without the "git@")
    started working and hour or so ago, so now I'm downloading it. Its downloading at
    20-100 KB, so it's going to take a while to get it (it looks to be maybe 750MB).
    I'll be playing with the code in my ubuntu 12.04 box (it's the 64 bit flavor, but
    it has the necessary 32 bit libs).

    Thanks for your help. This problem is cosmetic and isn't hurting any functionality,
    but it was certainly unexpected. Must not be too many folks using wireless filters
    to permit a small set of MAC addresses. Since that's not foolproof security, maybe
    people don't bother, but it is another hoop for malicious types.
  51. koitsu

    koitsu Network Guru Member

    Well if it is a bug in the code, then that's a pretty serious one -- it means logic inversion somewhere, and when it comes to security-related features that sort of mistake isn't good.

    I will state up front though that I use tomato-K26USB-1.28.0503.6MIPSR2Toastman-RT-N-Ext.trx on my RT-N16 and I do not use any wireless MAC filters and do have a couple wireless clients (my work laptop and my Kindle Paperwhite). The GUI radio button is set to Disable filter.

    It sounds like possibly the GUI is toggling the wrong setting, or setting things to the wrong value. I'll try to make some time this weekend to try to reproduce the problem; should just be a matter of dedicating the time then correlating things to NVRAM variables.

    Long ago (stock Tomato, not TomatoUSB) I did use to use the wireless MAC filter feature, and I know it worked because I found it bloody annoying to have to keep adding devices to the list. I had to use the feature at the time because I had an old device that still did WEP and thus had to use WEP64, so the best I could do was MAC filtering (all while knowing my wireless packets could easily be broken). Nowadays I use WPA2 Personal/AES and don't bother with MAC filtering -- if someone can guess the amazingly cryptic password then by all means they can use my network. :p
  52. Elbart

    Elbart LI Guru Member

    I'm using wireless mac-filters on 0503.5 set up like this: http://i.imgur.com/fKWV263.png
    And unless there were changes for this in 0503.6, I'm wondering why you'd have to select "block" to allow these clients.
  53. w5pny

    w5pny Reformed Router Member

    Both disable and block work to permit the devices in my list to connect. With the stock tomato
    (which I was using before trying this release and tomatousb) disable and permit work to permit
    the device in my list to connect.

    Thanks for your help!
  54. bizzle

    bizzle Reformed Router Member

    I'm trying to understand the QoS settings and, in particular, what to do about the ATM Encapsulation Type.

    I have been reading various threads about the topic but most seem to be at least a year old with some of the more technical ones even older.

    My router is reporting this for its settings:
    Transport Mode:ATM
    Path Parameter:0/32
    Priority:UBR Without PCR
    Service Type:ATM - LLC Bridged

    I have it in bridged mode.

    My options for bridged mode are:
    Transparent 0/32
    Transparent 0/35
    Transparent 8/35

    I set the ATM Encapsulation Type on my E4200 router to:
    None32-PPPoE VC-Mux40-PPPoE LLC/Snap10-PPPoA VC-Mux14-PPPoA LLC/Snap8-RFC2684/RFC1483 Routed VC-Mux16-RFC2684/RFC1483 Routed LLC/Snap24-RFC2684/RFC1483 Bridged VC-Mux32-RFC2684/RFC1483 Bridged LLC/Snap

    but I'm totally confused whether that is correct or whether it matters if my modem (actiontek pk50001a) is in bridged mode or handling the encapsulation itself. This is for normal ADSL through centurylink.
  55. Porter

    Porter LI Guru Member

    As long as the technology doesn't change, documents may be as old as they want to, they won't become any less valuable. ;)

    Looking at this und der 'Bridged, LLC' rows http://ace-host.stuart.id.au/russell/files/tc/tc-atm/ , 32 does seem to be a reasonable value. It's always difficult to find out which protocols exactly are being used because there are so many and your provider usually doesn't talk about it. I'd recommend trying the 32.
  56. bizzle

    bizzle Reformed Router Member

    Thank you for the response. The age of the threads were more about why I was posting here rather than in those old, inactive threads.
  57. TrueBlueBlooded

    TrueBlueBlooded Networkin' Nut Member

    tomato-WRT54G_WRT54GL-1.28.7635Toastman-IPT-ND-Mini (1).bin

    What are the differences between these two builds? The forum's search function isn't cooperating.

  58. Toastman

    Toastman Super Moderator Staff Member Member

    @TBB - Nothing sinister, it was a duplicated file upload!

    *** After the weekend there will be a new release, nothing startling, just updates to dnsmasq and some bugfixes. As I am not at home, it will be compiled and uploaded remotely, do have patience and keep your eyes peeled, as it will be slow to upload. ***

    February 21 2014 - 1.28.7503.7 and variants

    - webui: h.count isn't set on Last24 page - use the updateMaxL
    value if h.count isn't set - thanks to RMerlin
    - dnsmasq latest - includes upstream changes up to 21/2/2014
    Thanks to Kevin and Simon!

    petau, beatnik and though like this.
  59. gr33nman

    gr33nman Reformed Router Member

    ASUS RTN16
    I've been using "Tomato Firmware v1.28.7498 MIPSR2-Toastman-RT K26 USB Ext" according to the "About" page.

    It's been a while... It just works, eh?
    Is there any reason to upgrade the firmware?
    If so, the naming conventions have changed slightly and are somewhat truncated on 4-shared.
    Which should I upgrade to?
    Will it remember my settings?
  60. LanceMoreland

    LanceMoreland Network Guru Member

    I see the RT version is up.....Come on RT-N.........It just keeps getting better.
  61. Toastman

    Toastman Super Moderator Staff Member Member

    Everything is there now. Have fun.

    @gr33... Change the display menu at 4shared to see full filenames. As for if it is worth upgrading, there is one school of thought that says, if it ain't broke, don't fix it. On the other hand, there have been some changes since that may be useful. Toss a coin?

    If you do upgrade, don't forget to reconfigure from scratch. This will make the job easier:

  62. LanceMoreland

    LanceMoreland Network Guru Member

    Everything seems to be working fine with this latest release. My IPv6 devices are receiving Stateful IPv6 addresses from DHCPv6 as they were with the previous version. I am logging "Neighbour table overflow" warnings upon booting the router. This also happened with the previous version. I am on Comcast and I am using Koitsu's script that had previously eliminated those errors. That script may not be applicable with IPv6 being handled by Dnsmasq. Perhaps Koitsu could comment.
    Last edited: Feb 24, 2014
  63. koitsu

    koitsu Network Guru Member

    I can look into the neighbour table overflow situation once I upgrade to the latest Toastman. I won't have time to do that for a couple days though.

    @Toastman - Thanks as always for the releases. Much <3.
  64. RMerlin

    RMerlin Network Guru Member

    I suspect this is a Comcast issue. There's been a lot of reports too about those neighbour table flood with Asuswrt.
  65. LanceMoreland

    LanceMoreland Network Guru Member

    I eliminated the Neighbour table overflow errors by increasing the values in the script as shown below. Is this too much? Does it matter?

    # Increase ARP cache sizes and GC thresholds; may alleviate \"Neighbour table
    # overflow\" warnings that some users are seeing. Do this for both IPv4 and
    # IPv6.
    # http://www.linksysinfo.org/index.php?threads/ipv6-and-comcast.38006/page-2#post-184563
    echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
    echo 3072 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
    echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
    echo 2048 > /proc/sys/net/ipv6/neigh/default/gc_thresh1
    echo 3072 > /proc/sys/net/ipv6/neigh/default/gc_thresh2
    echo 4096 > /proc/sys/net/ipv6/neigh/default/gc_thresh3
    Last edited: Feb 26, 2014
  66. though

    though Network Guru Member

  67. koitsu

    koitsu Network Guru Member


    I'd say the higher the values, the more internal memory (within kernel space) has to be used to retain relevant data. I can't give recommended values because it's probably going to change over time. With IPv6 and how ISPs are doing all of this (esp. cable-based ISPs), I won't be surprised if these values have to be increased dramatically over time. Shame that.
  68. gr33nman

    gr33nman Reformed Router Member

    Thanks Toastman!
  69. pinga

    pinga Reformed Router Member

    Hi guys,
    what version do u recommend for a WR54GL? :)
  70. lockheed

    lockheed Reformed Router Member

    Toastman, thanks for this outstanding firmware. I am using tomato-WRT54G_WRT54GL-1.28.7635Toastman-IPT-ND-VLAN-VPN.bin

    Is there any way to mount a remote system - accessible via SSH - to a local folder on the router?
  71. LanceMoreland

    LanceMoreland Network Guru Member

    I reduced the values to 1024, 2048 and 4096 and all is good. No errors logged.
  72. koitsu

    koitsu Network Guru Member

    I should note I'm on Comcast too; upgraded to tomato-K26USB-1.28.0503.7MIPSR2Toastman-RT-N-Ext.trx last night and stuck with my default values in Script / Init as follows (note both IPv4 and IPv6 here):

    echo  256 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
    echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
    echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
    echo  256 > /proc/sys/net/ipv6/neigh/default/gc_thresh1
    echo 1024 > /proc/sys/net/ipv6/neigh/default/gc_thresh2
    echo 2048 > /proc/sys/net/ipv6/neigh/default/gc_thresh3
    And I haven't seen any neighbour overflow messages. What this means is that the values needed almost certainly depend on the area you live in; some Comcast areas/markets are probably designed differently where there is an excessively large amount of ARP seen at all times, while other areas/markets are probably different. So Lance, you needing larger values makes sense given slight network layout differences between areas/markets; what you picked is perfectly reasonable. In general (for others) I'd recommend starting small (like what I list off) and then increasing (ex. doubling the values, or adding 1024 to each value) as needed.
  73. tvlz

    tvlz Addicted to LI Member

    Saw this on the Comcast Forum, I can't check to see if it works (No ipv6)
    Add to Scripts/Firewall
    ip6tables -A PREROUTING -t mangle -p icmpv6 --icmpv6-type neighbor-solicitation -i `nvram get wan_iface` -d ff02::1:ff00:0/104 -j DROP
    Hope it works :)
    beatnik likes this.
  74. LanceMoreland

    LanceMoreland Network Guru Member

    Okay, I removed the other script and and inserted this script as instructed and there are no neighbor table overflow errors being logged.

    Will my devices still receive Stateful IPv6 addresses from DHCPv6?

    Edit: Nevermind, I just answered my own question by testing a bit. The answer is yes, my devices still receive statefull IPv6 addresses.

    Edit Again: My current routing table is now very tiny compared to what it was before I made this change
    Last edited: Mar 5, 2014
    beatnik likes this.
  75. CTXSi

    CTXSi Network Guru Member

    Did you ever find a solution to your random reboot problem? My original RT-N16 was rock solid for months on end running Toastman versions for a year or more until finally it succumbed to what seems to be bad caps (Asus RMA'd it even through it was a few months out of warranty). My replacement RT-N16 has been nowhere near as stable, but I'm not sure if its hardware or software. I'm currently running Toastman's RT version 7503.7 VLAN. After initial install I got about 7 days uptime, but ever since I've been seeing reboots pretty much daily. Thinking about testing out Shibby or even DD-WRT. Any suggestions are appreciated.
  76. gg_99

    gg_99 Reformed Router Member

    @CTXSi - I decided on a whim to see if running an EasyTomato build would behave any better, and I've not had a single unexpected reboot since making the switch. I'm now sitting at 65 days uptime. The last Toastman build I tried was tomato-K26USB-1.28.7503.5MIPSR2Toastman-RT-VPN and still had random reboots. That said, in looking at the EasyTomato build, it shows the following:

    EasyTomato Firmware Version 0.8
    Proudly Based on Toastman's 1.28.0502.7 Tomato Release

    The thing that jumped out at me at the time was the use of an RT-N build as a basis for EasyTomato, and I'd been trying various RT builds (it's been a while, but I want to say that when researching I'd read that while the RT-N16 could run either RT or RT-N builds it was preferred to run RT - but I could be either mis-remembering or completely making that up). I also noticed somewhere recently in the thread that @koitsu mentioned that he was running a build that denoted the RT-N family.

    I keep considering wiping my existing configuration in favor of something like tomato-K26USB-1.28.0503.7MIPSR2Toastman-RT-VPN to see if I have better luck than before, but my current state has been so stable and trouble-free that I honestly haven't spent the time to try. Certainly could be worth a shot for you, and I'd love to hear how it goes if so.
  77. bizzle

    bizzle Reformed Router Member

    Can someone help me reproduce this command in Tomato?
    gpio enable 5

    I used that in dd-wrt to shut off the LED on my E4200 router. It doesn't seem to do anything in Tomato. I'm not sure if there is an equivalent or if I need to input it differently to shut off the LED light on the router.

    In fact, here is my complete Init. Any comment or advise is welcome.
  78. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Interference mitigation is in the GUI and often harms more than it helps. Suggest testing it if you haven't already.

    The next batch of settings may (maybe) increase throughput slightly on speed tests but may increase latency under load. Are they there to solve a specific problem?

    Shibby's flavor of Tomato has "stealth mode" to control LEDs in addition to Toastman's features.
  79. koitsu

    koitsu Network Guru Member

    1. The interference setting shouldn't really be adjusted; Marcel explained why already.

    2. The rmem/wmax adjustments are pointless unless your ISP is high-latency (ex. satellite/wireless link). Likewise, many of these adjustments are *lower* than the defaults.

    3. Why are you lowering netdev_max_backlog ? (Default should be 3072) Your E4200 should be fast enough (CPU-wise) to handle the default.

    4. The ip_conntrack_max adjustment can be (and should be, so there's no conflicts) made in the GUI. Advanced / Conntrack/Netfilter. It already defaults to 8192 for Toastman firmwares (and possibly others, unsure).

    #2 and #3 combined make me wonder what it is you're actually up to (meaning I'm questioning the driving force behind these adjustments). I get the impression they were done "just to fool around". Too many Linux people screw around with sysctl/proc tunables without truly understanding what they do; don't be one of those people. :)

    Sorry I can't help with the gpio adjustments; there are other threads on this forum discussing the LEDs, and it seems to vary (in behaviour) per model of router.
  80. bizzle

    bizzle Reformed Router Member

    I merely copied those commands from someone's blog on what he said he used to obtain max throughput after testing--although that was about dd-wrt. Thanks for the clarification.
  81. thunderforce

    thunderforce Networkin' Nut Member

  82. koitsu

    koitsu Network Guru Member

    The answer can be determined by actually reading what the hole is and how it's accomplished. There are 4 CGI scripts that the stock Linksys firmware provides which are accessible (exploitable via HTTP POST):


    The proof-of-concept exploit here uses tmUnblock.cgi:


    Tomato does not have any of the 4 CGIs mentioned. Thus, this problem does not affect Tomato. The model of router (in the case of Tomato) has no bearing.
  83. leshan

    leshan Network Guru Member

    F7D4301 Flashed tomato-K26USB-1.28.0503.7MIPSR2Toastman-RT-N-Ext.trx.
    Sometime can't see 5ghz but only 2.4ghz. Reboot resolved the problem.
  84. Linnaea Von Lavia

    Linnaea Von Lavia Network Newbie Member

    Looks like a bug in the TUN driver.

    I ported most commits up to this one back to the kernel tree, and VPN client with IPv6 works fine now. Not sure if VPN server will.

    Patch here: http://pastebin.com/u4Ppyy3Z
  85. Jorge Nerín

    Jorge Nerín Reformed Router Member

    Thank you Linnaea, I posted about my findings in a separate thread (OpenVPN with IPv6 traffic). I managed to get a working dual stack tunnel, but then I found about the bugs in Android that prevented it from using the ipv6, so I abandoned the changes. I will try to test the patch.
  86. though

    though Network Guru Member

    can anyone confirm that the new Asus RT-N12 C1/D1 (black) routers are fully supported with Toastman Tomato?

    the white unit that i had before says Broadcom BCM47162 chip rev 0 pkg 2. this new black unit says Hardware Version D1 on the bottom and comes with Broadcom BCM53572 chip rev 1 pkg 8.

    can i put on
    tomato-K26-1.28.0503.7MIPSR2Toastman-RT-N-Std ??
    Last edited: Mar 27, 2014
  87. mvsgeek

    mvsgeek Addicted to LI Member

    I've been running tomato-K26-1.28.0502.8MIPSR2Toastman-RT-N-Std on a couple of those black RT-N12 D1 routers for several months with no issues. They both have the Broadcom BCM53572 chip rev 1 pkg 8. Haven't had time to upgrade to a 0503 build, but don't see why it would be much different.
    though likes this.
  88. gs44

    gs44 Networkin' Nut Member

    Well... been waiting forever but it appears I now have Ipv6 from my isp (twc neo) so I would love to get my E3000 up and going with ipv6 from my isp instead of he tunnel. I did a nvram erase and started playing.. So far no luck at all. If I hook straight to my ubee modem Ipv6 works great.. Just need someone to help point me in the right directions in configuring tomato latest toastman build
  89. blah123

    blah123 Reformed Router Member

    What are your IPv6 settings? I think you want IPv6 Service Type: DHCPv6 with Prefix Delegation, Prefix Length: 64, Accept RA from: WAN.

    Those settings worked for me on Comcast. I had to do some customization with some config files to get multiple LANs working with a prefix length of 60.
  90. gs44

    gs44 Networkin' Nut Member

    I've tried native with no luck at all. I also tried DHCPv6 with prefix deligation, 64, accept RA WAN, which did give me a WAN and LAN IPV6 address in the E3000 but no IPV6 connection to computers. There is nothing in the Static DNS server fields and I have no clue what to put there.
  91. koitsu

    koitsu Network Guru Member

    You haven't disclosed the filename of the firmware you're using; not what's in About, but the actual filename. Yes it matters; there have been massive numbers of adjustments over the past 5-6 Toastman versions where the behaviour varies greatly. Please disclose this.

    DHCPv6 with Prefix Delegation is the proper setting for your ISP. The LAN advertisement side is a separate issue (see my above paragraph), but at least you now know what the proper setting for your ISP is.
  92. gs44

    gs44 Networkin' Nut Member

    Hello Koitsu

    I am still having no luck, here is the info you requested...

    My E3000 has been flashed with tomato-E3000usb-nvram60k-1.28.7503.7MIPSR2Toastman-RT-Ext.bin

    I always of course do a NVRAM erase and configure from scratch EVERY upgrade/flash
  93. blah123

    blah123 Reformed Router Member

    When you say you have a LAN IPv6 address, do you have both a link-local address and a global unicast address? Also what does the range statement in your /etc/dnsmasq.conf file look like?
  94. gs44

    gs44 Networkin' Nut Member

    under WAN- IPV6 Address, Under LAN - Router IPv6 Address and IPv6 Link-local Address

    No clue where to find or what you mean by: "range statement in your /etc/dnsmasq.conf file look like"
  95. blah123

    blah123 Reformed Router Member

    If you telnet or ssh into the router you can run "cat /etc/dnsmasq.conf". What OS is your computer running? Can you ping the link-local address of the router?
  96. gs44

    gs44 Networkin' Nut Member

    lol... sorry still no clue on "telnet or ssh into the router you can run "cat /etc/dnsmasq.conf"

    As far as OS my computers are running, I have multiple computers and laptops running Ubuntu 32bit, Ubuntu X64, Windows 7 X64, Windows 8.1 X64... choose your flavor...lol

    And last, Yes I can Ping my Router's IPV6 address from my main windows 8.1 computer successfully
  97. Spyros

    Spyros LI Guru Member

    I have dnsmasq respawning every few hours

    is this normal with 16MB free memory?

  98. Spyros

    Spyros LI Guru Member

    Looks like it's happening every 6 hours...odd

  99. gs44

    gs44 Networkin' Nut Member

    Still no luck here, questioning rather DHCPV6 Deligate is the proper settings. When I am hooked straight to Ubee modem/gateway and go to ipv6test.com when the test is done it shows my ISP's provided IPV6 address and also says this:

    Time Warner Cable Internet LLC
    Address type is
    Global Unicast / Native IPv6

    In the Ubee modem/gateway itself I also see IPV6 addresses with prefixes 56, 64, and 126 not sure if that's relevant or not
  100. Fredrik

    Fredrik Networkin' Nut Member

    Shibby's latest version supports AC68, any news on support for R7000? I'll get it in a few days, would love to run tomato on it :)

Share This Page