1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. Lothsahn

    Lothsahn Addicted to LI Member

    "Funny" you mention that--I was just working on the patches and notes and noticed that problem.

    The problem is this:

    "One of the changes Broadcom did is add support for the -setstartsecs option, which is used in httpd/gencert.sh. This will have to be re-added, or else certificate generation for the httpd will break."

    I want to apologize for any problems this caused. I have PM'ed Toastman with the fix, and I tested it on my router.

    I had no problems with https on mine, but I didn't try to regenerate the https certificate. I just tested that and it definitely is not working. DO NOT regenerate the HTTPS certificate in the admin menu, or the router admin pages will stop working. I've found a reboot fixes it if it's saved to NVRAM, but if not, I'm not sure what will happen.

    If you do that and you cannot access the admin pages, do the following steps to fix your router's http pages via ssh or telnet:
    The initial install was broken because it did not include the changes to support -setstartsecs. If you installed such a build, do the following:
    cd /etc
    cp /usr/sbin/gencert.sh .
    vi gencert.sh

    Change the line:
    openssl x509 -in /tmp/cert.csr -out cert.pem -req -signkey key.pem -setstartsecs $SECS -days 3653 -set_serial $1
    openssl x509 -in /tmp/cert.csr -out cert.pem -req -signkey key.pem -days 3653
    Then do :wq! to save, quit, and exit.

    sh gencert.sh
    cd /www
    httpd -d

    This should fix the problem, at least until you reboot. Keep in mind this is a temporary fix until the next release is out. When you upgrade to that release, you should regenerate your https certificates.

    If anyone needs the actual changes to x509.c before Toastman can commit them to git, send me a PM. I'll follow up.
    Last edited: Apr 19, 2014
  2. Pepperman

    Pepperman Network Newbie Member

    Thanks Lothsahn!
  3. Toastman

    Toastman Super Moderator Staff Member Member

    Thanks for the explanation and the fix. I'll update it later this evening.
  4. Twincam

    Twincam Reformed Router Member

    Hi Lothsahn,

    Thanks for the explanation above. That allowed me back into my "Administration" pages which were unavailable via both http & https after I flashed "tomato-K26USB-1.28.7504.1MIPSR2Toastman-RT-VPN.trx" onto my WNR3500Lv1. For the record, I didn't consciously regenerate any certificates. Perhaps that is done as part of the "flashing" process (or maybe not at all). I thought I'd better post this in case you needed further feedback and others trying to stay "current and safe" experience the same! I always flash new versions of Tomato directly on top of whichever version I'm updating with no "NVRAM erase". I await the next release with heightened interest.

    However, with this version my simple test ("openssl version" via the "System" menu) now gives a good report. Thanks.

    I hope Toastman gets better too!
  5. Elbart

    Elbart LI Guru Member

    Has there something gone awry regarding the 76xx-branch of Toastman-tomato?

    On the 4shared mirror, the latest version is 7635 from March '13 with this changelog since 7634 from February '13:
    On repo.or.cz, there's now a 7634.1 from two days ago with these changes since 7634:
    But I cannot find the older 7635 on repo.

    Are the updates for the two programs not needed?
  6. Jacques

    Jacques Addicted to LI Member

    Last edited: Apr 19, 2014
  7. EOC_Jason

    EOC_Jason Networkin' Nut Member

    You can probably just download miniupnpd & busybox and replace the existing directories. OpenSSL will probably require patching to compile just like the RT-N builds. OpenVPN requires some changes to the main Makefile.

    You can probably save around 350-400KB if you remove out extra CSS themes and associated images, don't forget to edit the admin menu to remove the choices from the dropdown box. That is a lot of bloat that could be put to better use making additional features fit on the 4MB images IMO...

    I might take a stab next week at building an image for my WRT54GS, I'm kind of tired having it run an old old version of DD-WRT anyhow...
  8. HunterZ

    HunterZ LI Guru Member

    Sorry to hear that :( Hope you feel better soon.

    Sent from my Nexus 7 using Tapatalk
  9. Spyros

    Spyros LI Guru Member

    I think they mean HTTPS access to the router

    edit: too slow, you figured it out already :p
  10. comet.berkeley

    comet.berkeley Addicted to LI Member

    Thanks Lothsahn!

    I modified Administration->Scripts->Init to use your code and generate an /etc/cert.pem file everytime the router boots up.

    #! /bin/sh
    # Fix for Toastman Tomato version v1.28.7504.1 of April 18, 2014
    # create an OpenSSL x509 certificate: /etc/cert.pem
    cd /etc
    cat /usr/sbin/gencert.sh | sed -e 's/ -setstartsecs $SECS//' -e 's/ -set_serial $1//'  >gencert.sh
    sh gencert.sh
    Last edited: Apr 19, 2014
  11. Toastman

    Toastman Super Moderator Staff Member Member

    @Elbart - the source code for 7635 seems to have been deleted from git.
  12. Mate Rigo

    Mate Rigo Serious Server Member

    Hi there!

    I have a Asus RT-N53A1 router. Correct me if I am mistaken, but I think the right package for me would be the following one:

    Thanks for any feedback!
  13. Lothsahn

    Lothsahn Addicted to LI Member

    I believe that's the right package (I think it's an R2 RT-N router). However, if you want VPN and other goodies, you may wish to use the VPN build or the NOCAT build.


    You should also wait for Toastman to upload the latest release today. The current release has a critical bug with https administration, and the previous builds are vulnerable to heartbleed.
  14. Mate Rigo

    Mate Rigo Serious Server Member

    Thanks a bunch, will do.
  15. Elbart

    Elbart LI Guru Member

  16. Toastman

    Toastman Super Moderator Staff Member Member

    Please ignore all uploads after 7504 - following lothsahn's advice I will update with shibby's recently posted changes to openssl later. It will be 7505 and variants.
    Spyros likes this.
  17. Morac

    Morac Network Guru Member

    Last edited: Apr 21, 2014
  18. Morac

    Morac Network Guru Member

    I see you pulled 7504. Is 7504 broken or something? I flashed 7504.2 today and it seems to be working. Is there any reason to downgrade while waiting for 7505?
  19. Toastman

    Toastman Super Moderator Staff Member Member

    No, just update when u wish.

    "No one bothered" ??
  20. Spyros

    Spyros LI Guru Member

    Is 7505 released? I don't see anything on 4shared
  21. Morac

    Morac Network Guru Member

    ok thanks.
  22. EOC_Jason

    EOC_Jason Networkin' Nut Member

    I see it's on GIT, but not on 4shared. I don't know if there are any additional changes he's going to make before publishing it. I would just be patient. Toastman said he was really sick right now.
    Spyros likes this.
  23. Spyros

    Spyros LI Guru Member

    It's coming :p
  24. Twincam

    Twincam Reformed Router Member

    7505 is great. Thanks. (Just about to update my signature!) OpenVPN works fine and "openssl version" now reports correctly. Also the (OpenVPN) test script (as identified by maleadt; #2565) reports correctly. I tried this with my LAN IP and (from offsite) with my WAN DDNS names & IP address. Trying the script LAN-side with the WAN address still causes it to hang. (I thought it would work - all other WAN URLs work when executed LAN-side - because of this [a guess!] so I think that's an issue with the script.)

    Hope this helps someone.
  25. Lothsahn

    Lothsahn Addicted to LI Member

    FYI - depending on how Toastman builds the release, openssl "version" command may not work in a future release. His release is based on Shibby's changes, and Shibby removed support for that command in the name of space.

    I'm working on a release that adds it back in without bloating the buildsize by approximately 260KB. However, that is a few weeks out.
  26. gs44

    gs44 Networkin' Nut Member

    Toastman!! Hope your getting better...

    So far so Good 7505 RT on my E3000 and E2000 working good, IPV6 and all!!!

  27. david3

    david3 Addicted to LI Member

    Is the OpenVPN vulnerability fixed with 7505? And is there any plan to update it to 2.3.3? Thanks. Didn't see any mention of it in the change log.
  28. Noxolos

    Noxolos Addicted to LI Member

  29. shibby20

    shibby20 Network Guru Member

    is this possible to user reverse proxy on https connection? IMO it will be detected ad man-in-the-middle attack.
  30. Noxolos

    Noxolos Addicted to LI Member

    My college uses a constellation like this. He has a synology nas running an apache server with reverse proxy functionality. His ASUS RT-AC66U forwards every remote access over port 443 to the reverse proxy running on the nas. He uses both configurations HTTPS => HTTPS and HTTPS => HTTP:
    https://Router.Domain.dyndns.org => reverse proxy =>
    https://NAS.Domain.dyndns.org => reverse proxy =>

    His HTTPS connection is secured with TLS and Perfect Forward Secrecy and it works flawlessly.
  31. lancethepants

    lancethepants Network Guru Member

    I use nginx as a reverse https proxy. You just have nginx handle the ssl certificates, so the web services run behind nginx without ssl.
    You can grab the latest nginx binaries off my site.

    They are compiled statically, and have nearly all options enabled.
  32. Lothsahn

    Lothsahn Addicted to LI Member

    2.3.3 working great in a dev build that I'm running on my router currently. Will definitely appear in a future release.

    With 7505, login to the router via ssh and run "openssl version". If it says 1.0.1g, it's fixed.

  33. chunter2

    chunter2 Addicted to LI Member

    I'm trying to update my WRT160N's but have run into the file size problem again. The standard version is now too big again. I noticed you have a mini and a tiny version. I can't seem to find any info as to what the differences are. The Versions.txt file doesn't seem to be updated to include the tiny version. I'd love to have the standard version with only JFFS support removed.

  34. Spyros

    Spyros LI Guru Member

  35. Lothsahn

    Lothsahn Addicted to LI Member

    chunter2: Toastman's next release will fix the size problem, when he releases it.
  36. chunter2

    chunter2 Addicted to LI Member

    Cool. I can wait.

    I'm still interested in the differences between mini and tiny if any one knows.

  37. lancethepants

    lancethepants Network Guru Member

    ## Make the "Mini: no USB, no CIFS, no Zebra" build - targeted for Netgear routers
            @$(MAKE) bin JFFSv1=y NO_CIFS=y NO_SSH=y NO_ZEBRA=y SLIM=y B=F BUILD_DESC="Mini" USB="" VLAN="$(VLAN)"
    ## Make the "Tiny: no JFFS, no USB, no CIFS, no Zebra" build - targeted for cheapskate routers
            @$(MAKE) bin NO_CIFS=y NO_SSH=y NO_JFFS=y NO_ZEBRA=y SLIM=y B=FS BUILD_DESC="Tiny" USB="" VLAN="$(VLAN)"
  38. EOC_Jason

    EOC_Jason Networkin' Nut Member


    I currently have a WNR3500L V1 at my office. At home I have an old WRT54G... I was planning on buying a WNR3500L to upgrade it since they seem pretty cheap on eBay...

    Will the 7505 build support the V2 or do you have to run the RT-N builds on that version? The V2's seem to have ton more flash memory which would be nice compared to trying to get things to fit on the V1...
  39. Mate Rigo

    Mate Rigo Serious Server Member

    So I tried the following build for my Asus RT-N53 A1 router:

    I do not recommend it to anyone to use it on this router.
    Seems I got a very nasty brick.
    Basicly, it does boot up, but I can't reach it over ethernet.

    I have a serial connected to it, so I can see what's going on inside it.
    If I press the reset button, while it boots, it comes up in CFE TFTP server mode. This is where I should be able to use the Asus FW restore utility. Only problem is, that no matter which port I use, nothing happens. It does not respond to pings, nor to anything.
    I take the assumption that it starts up as, as seen in the startup log.

    Just as I am typing these, I remember the time when the A1 hardware revision popped up, and there was a problem with the lan.

    So I tried to connect to it using wifi, which succeeded, I was at the tomato web interface after all. I then flashed back to a known working version.
    I was pretty scared for a long time, that I bricked it.

    Long story short:
    I do not recommend the mentioned Toastman build with the RT-N53 A1 router.

    Attached Files:

  40. Spyros

    Spyros LI Guru Member

  41. HunterZ

    HunterZ LI Guru Member

    Translation: Make sure you set a static IP (e.g. on the machine you're trying to connect (HTTP, TFTP, etc.) to the router from.

    If you leave your machine in DHCP mode, the OS will likely self-assign a random IP that will likely be in a subnet that the router doesn't allow LAN connections from.
  42. Lothsahn

    Lothsahn Addicted to LI Member

    This is almost certainly the problem. Anyone know why Toastman disables DHCP by default? It would be nice if it was on, but I'm sure he has a reason...
  43. Lothsahn

    Lothsahn Addicted to LI Member

    Btw, with the CFE, it's really hard to "brick" an ASUS router (why I buy them). From the CFE recovery, you can upload a file. After you do that, be VERY patient--it takes up to an hour sometimes for it to fully load. I've had a number of "Bricked" routers that I simply didn't wait long enough for.

    Also, unless you're updating the CFE, the Toastman firmware really should not be able to have any impact on the behavior of the CFE. The CFE loads before Toastman's code even takes over.
    Last edited: Apr 26, 2014
  44. HunterZ

    HunterZ LI Guru Member

    Not sure, but it used to be common practice to set a static IP of when mucking with firmware (especially via TFTP) which makes it a non-issue.

    For me it's not a big deal to do this because I only use my laptop's ethernet connection for things like router flashing (and wifi for normal operations).
  45. Grimson

    Grimson Networkin' Nut Member

  46. Lothsahn

    Lothsahn Addicted to LI Member

  47. tji

    tji Network Guru Member

    Looking for Heartbleed info.. I searched through the forum, but could not find a statement on which Toastman versions are effected.

    I used some of the available python scripts to check HTTPS and OpenVPN, and neither show it as vulnerable (The script does work, I've checked it on other servers).

    I've seen other reports that tomato used a pre-heartbeet OpenSSL, but others say that it is vulnerable.

    If I'm on Toastman v1.28.0501, running OpenVPN, is it vulnerable?
  48. Lothsahn

    Lothsahn Addicted to LI Member


    Login via ssh or telnet and run "openssl version". If it reports 1.0.1, but not 1.0.1g, I believe you're affected. If it reports 0.9.8 or 1.0.0, you're not.

    I don't know why your scripts would show it as not vulnerable.
  49. Quad5Ny

    Quad5Ny Connected Client Member

    On 1.28.0505 builds domains blocked in the "Http Request" box don't work if you have the "$" symbol at the end of the domain anymore. -- Example: "intellitxt.com$"

    Is this a bug or has the syntax changed? (I deleted the default rule, so I can't check.)

    Running tomato-K26USB-NVRAM64K-1.28.0505MIPSR2Toastman-RT-N-Ext on a RT-N66U
    Last edited: May 1, 2014
  50. Pumpino

    Pumpino Reformed Router Member

    I'm not sure if this is the most appropriate thread for this quick question, so sorry if it's not.

    I'm running tomato-K26-1.28.0505MIPSR2Toastman-RT-N-VPN.trx on my Asus RT-N66U and need USB support for a USB stick. After searching for the USB section in the web config, I realised I need a USB build. Should I be looking at K26USB VPN or one of the NVRAM60K or NVRAM64K builds? I'm not exactly sure what the difference is and what's appropriate for the RT-N66U. Thanks.

    EDIT: I guess the NVRAM60 and 64K aren't appropriate if there's only 32MB in the router, so I've answered the question myself.
    Last edited: May 1, 2014
  51. Lothsahn

    Lothsahn Addicted to LI Member

    Pumpino, the 60 and 64k are for the NVRAM, not the total storage. The NVRAM is a very small portion of the total storage. You can find the size of your NVRAM in Administration->Config. At the bottom, it should show "Total/Free NVRAM".

    For instance, on my RT-N66U, I have the following:
    Total / Free NVRAM:64.00 KB / 18.58 KB (29.03%)

    I suspect you too will have 64KB NVRAM. If you do, you should install the following build:

    That build contains everything except NOCAT, which is a captive portal that you likely do not need (like the kind you see at airports and hotels and such). It's K26 (2.6 kernel), USB (usb support, you said you wanted), RT-N (driver needed for the RT-N66U), and VPN, which includes all of the extras including VPN support. Because the RT-N66U has 32MB flash, it's easiest to just install this build with everything, rather than try to worry about excluding things you don't need. You'll still have 24MB free flash after installation.

    It can be found under the 4shared link, under the RT-N branch here:
    Pumpino likes this.
  52. HunterZ

    HunterZ LI Guru Member

    If it helps, I have an RT-N66U running the USB+NVRAM64K+VPN builds as well.
    Pumpino likes this.
  53. Pumpino

    Pumpino Reformed Router Member

    Total / Free NVRAM:32.00 KB / 8092 (24.69%)

    Bummer. Oh well, the standard USB build flashed fine.
  54. EOC_Jason

    EOC_Jason Networkin' Nut Member

    Just reflash with the tomato-K26USB-NVRAM64K-1.28.0505MIPSR2Toastman-RT-N-VPN.trx as someone else posted. Be sure to check the box to clear the NVRAM....
  55. chunter2

    chunter2 Addicted to LI Member

    I was looking into compiling from source but can't seem to find the source for the 1.28.7635 K24 build. Am I missing something in the git tree or is it just not committed? I see the tag for 1.28.7634.

  56. Lothsahn

    Lothsahn Addicted to LI Member

    <WRONG>Be careful. Some early RT-N66U's have an early version of the CFE which only supports 32KB NVRAM, and I don't believe they will work with the NVRAM64K builds. If you have CFE or, use the 64K build. If you have, you'll have to update the CFE with the instructions below.</WRONG>

    You can get the CFE version you're using by running the following command via ssh or telnet:
    nvram get bl_version

    For mine, it returns:


    Last edited: May 1, 2014
  57. jerrm

    jerrm Network Guru Member


    Ignore all the dd-wrt nonsense. It is just mis-information with regard to Tomato.

    Any recent 64K RTN66U Build should enable 64K NVRAM for Tomato and be safe to use on any RTN66U regardless of CFE. I have ten CFE units all with 64K available to Tomato and most with over 32K in use.

    If you're not getting 64K NVRAM, then something else is going on. Been a while since I flashed Toastman on a 66U, but Shibby and Victek builds I know for sure.

    There is a recent discussion here: http://www.linksysinfo.org/index.php?threads/determining-nvram-size-on-rt-n66u.69966/
    Last edited: May 1, 2014
    HunterZ likes this.
  58. Jorge Nerín

    Jorge Nerín Reformed Router Member

    That's correct, I have:

    root@Asus-RT-N66U:/tmp/home/root# nvram show |tail -n 1
    1294 entries, 41639 bytes used, 23897 bytes free.
    root@Asus-RT-N66U:/tmp/home/root# nvram get bl_version
  59. Lothsahn

    Lothsahn Addicted to LI Member

    Sorry about that! I've only ever used and, so I wasn't sure, but I assumed the dd-wrt folk were correct. I've edited my above post to reflect that.
  60. jerrm

    jerrm Network Guru Member

    I usually assume most dd-wrt originated info is wrong.

    Admittedly, it's not fair to apply that to everyone posting on dd-wrt, but there are too many folks assuming too much and cross pollenating issues and practices between unrelated hardware.
  61. RMerlin

    RMerlin Network Guru Member

    After the issue was discovered a few years ago, Asus worked around it at the kernel level by forcing the use of the whole 64K. Tomato eventually integrated that same fix, so all recent Tomato builds meant for the RT-N line will fully access the 64 KB.
  62. Pumpino

    Pumpino Reformed Router Member

    I flashed the standard version and it's running well. What exactly is the advantage of me switching to the 64k version, given there MIGHT be a risk associated with it?
  63. jerrm

    jerrm Network Guru Member

    More NVRAM space if you need it. If you don't need the space then don't worry about it.

    But I wouldn't consider it to be any risk. I would bet the vast majority of RTN66U users are using the 64K version.

    EDIT: Of 3605 RTN66U entries in Shibby's TomatoAnon database, 3457 are using a build labeled as 64K.
    Last edited: May 2, 2014
    Pumpino likes this.
  64. Lothsahn

    Lothsahn Addicted to LI Member

    The advantage of more NVRAM space is you can store additional configuration items--so if you end up with a lot of rules (port forwarding, VPN, etc), it might not fit in the 32KB space you have. If you have plenty of space with your config, I wouldn't worry about it. Next time you upgrade the router, just pick the 64KB version instead.

    Agreed with Jerrm that it's not risky. The upgrade is unlikely to fail, and if it does, you can always fix it with the recovery mode. Just don't touch the CFE.

    You will want to reset to factory defaults and reconfigure the router when you change, though.
    HunterZ and Pumpino like this.
  65. Pumpino

    Pumpino Reformed Router Member

    OK, thanks.

    Slightly off-topic, perhaps, but what's the syntax for accessing the USB stick via SSH? I read it's <IP>\<devicename>, but I'm not sure what the device name is. I've tried\UNKNOWN in Windows Explorer, but it fails to connect. I can access it via Network in Windows Explorer without any issue. The next step is to work out how to access it in linux if I can't use SSH. I've never used Samba before.
  66. koitsu

    koitsu Network Guru Member

    SSH is a protocol used to log in to a system and execute commands/"do things". It is not a protocol used to access a filesystem (disk) on System A (ex. TomatoUSB router) via System B (ex. Windows or Mac machine) over a network. TomatoUSB does offer a built-in SSH server if you wish to enable it, then you can use SSH from another computer to log in to your TomatoUSB system and execute commands.

    The syntax you're giving of things like {ipaddr}\{word} indicates you're talking about CIFS/SMB shares, which have absolutely zero relation to SSH. TomatoUSB can act as a CIFS/SMB server** (meaning System A can access a CIFS/SMB share on your TomatoUSB router (where that share would be, say, a USB stick or USB hard disk)), and can also act as a CIFS/SMB client** (meaning TomatoUSB can mount a CIFS/SMB share that's made available on System A and will appear as a local drive (usually /cifs1) within TomatoUSB). The common term for a CIFS/SMB share in the end-user world is "Windows share".

    CIFS/SMB has no relation to SSH, nor vice versa.

    ** - Assuming the firmware you're running has support for it.
    Pumpino likes this.
  67. Pumpino

    Pumpino Reformed Router Member

    Thanks koitsu. Yeah, I know what SSH is. I have no idea why I was thinking it could use SSH in that way. I must have been thinking along the lines of when I've used SFTP in linux file managers. CIFS/SMB is certainly what I'm wanting.
  68. dharr

    dharr Serious Server Member

    The version option isn't working for me. Any clues from the following?

    Tomato v1.28.0500 MIPSR2Toastman-RT-N K26 Std
    # openssl version
    openssl:Error: 'version' is an invalid command.
    # openssl list-standard-commands
  69. koitsu

    koitsu Network Guru Member

    Some builds of the firmware do not include the openssl "version" subcommand due to limited flash (really, this is not a joke). Regardless, from the firmware version you're running, yes you would be considered "vulnerable". However, please remember: in the case of TomatoUSB, this vulnerability only matters if:

    a) You have Administration / Admin Access / Remote Access set to HTTPS -- if so, either disable that and use SSH with an SSH port tunnel/forward, or upgrade your firmware to 1.28.0505,

    b) You have Administration / Admin Access / Local Access set to either "HTTP & HTTPS" or "HTTPS" and do not trust people on your own local network -- if so, upgrading your firmware to 1.28.0505 is the recommended solution.

    If you upgrade your firmware and use either of the above HTTPS features, please be sure to regenerate your SSL certificate/key after the upgrade is complete.
    dharr likes this.
  70. gijs73

    gijs73 LI Guru Member

    Hello, wanted to install the latest Toastman on my Asus RT-AC66U. Couldn't find out which file is the right one, is my router supported?
  71. jerrm

    jerrm Network Guru Member

    Toastman doesn't have an AC66U release. Use Shibby or Victek.
  72. ryzhov_al

    ryzhov_al Networkin' Nut Member

    It's possible on HAProxy. As an example, you may use this feature to create your own Tunlr-like service.
  73. ntest7

    ntest7 Network Guru Member

    I suspect your version of tomato is too old to be vulnerable, but you should check the OpenSSL version yourself to be sure.

    This command should work on any tomato version. Run from a ssh or telnet session, or from the Tools->System web page if there is one.
    strings /usr/lib/libcrypto.so | grep OpenSSL
    Several lines will be returned, including some with the OpenSSL version number. Versions 1.0.1 through 1.0.1f are vulnerable. Versions beginning with 0.9 or 1.0.0 are safe, as is 1.0.1g.
  74. dharr

    dharr Serious Server Member

  75. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    The latter. Always safer to erase NVRAM and configure from scratch.
  76. gfunkdave

    gfunkdave LI Guru Member

    Toastman, at least, won't let you restore firmware settings from a backup file created using a different version of Toastman or on a different router (even the same model).

    That said, when I'm upgrading from one Toastman build to another, I don't bother with an NVRAM erase. In several years of using Tomato I've never had a problem.

    Check Toastman's tutorial of the best way to backup/restore settings:

  77. MrBeer

    MrBeer Reformed Router Member

    is there a easy way to update OpenSSL on tomato-E3000USB-NVRAM60K-1.28.7499.1MIPSR2Toastman-RT-Ext
    This one seems to works the best for me but wanted to get the new SSL.
  78. Lothsahn

    Lothsahn Addicted to LI Member

    The latest toastman builds should have 1.0.1g. Just install the latest E3000USB NVRAM60K MIPSR2 RT EXT build.
  79. Globespy

    Globespy Network Newbie Member

    Tried the recommended firmware version (RT-N66U) and it is very unstable. Awesome!
    Every time I try to connect it to the internet from my modem, it will tell me that the IP address has changed! No longer
    Also, when I plug back into my laptop all settings that I made are gone.
    Very unstable
    Last edited: May 10, 2014
  80. HunterZ

    HunterZ LI Guru Member

    @Globespy: how long did you wait after flashing before declaring it bricked? The N66U apparently likes to take a long time to come up all the way after a flash sometimes.
  81. RMerlin

    RMerlin Network Guru Member

    I'm nearly 100% sure the brick wasn't caused by the firmware. If your router can get into recovery mode and it fails to flash, then it's not the fault of the firmware you previously flashed.

    Unplug any other device from your router except for that one computer you are using to recover it.

    First, don't use that 30/30/30 DDRwtism - it does not work on Asus routers. Just turn the router off, press the reset button, turn it back on while reset is pressed. Wait 5 seconds, then release. You should be in recovery mode then, with a slowly flashing power LED.
    Monk E. Boy, koitsu and HunterZ like this.
  82. RMerlin

    RMerlin Network Guru Member

    Indeed - it can take up to 20-30 mins for the recovery to complete. The N66U has a fairly slow flash, and Asus's firmware is 25 MB.
    Monk E. Boy, shibby20 and koitsu like this.
  83. Globespy

    Globespy Network Newbie Member

    Thanks for the reply. I edited my post but looks like the reply was sent before my edit went through.
    I got it up and running again.
    Main reason I had been trying alternate firmware was I was having issues with streaming video from my Drobo5N to my 3rd Gen WDTV Live Streaming media player - all wired connection Cat6 which was the conundrum. Stock firmware was causing stuttering and freezing, my old WNDR3700 was without issue. Shibby's Tomato fixed the video but wireless range and speed was truly awful, despite playing with every advanced setting for hours (9Mbps down and 0.6Mbps up - I have a 70Mbps connection that I get almost all of with Asus/Merlin).
    I had this issue with the Netgear Nighthawk and returned because of this. As it turns out, the latest WDTV firmware that I've been avoiding because most people hate it, actually has a new setting for NFS, which ironically fixed my issue!!!
    So now I just need to figure out if there's really that much more performance/features I'll actually use between stock and Merlin?
    Last edited: May 11, 2014
  84. hamzat

    hamzat Network Newbie Member

    Greetıngs to everyone! I was wondering how ASUS RT-N12 will perform distributing connection to 30-35 people using Toastman's firmware. I've seen some complaints about this device on the forum and I wonder if it's still the case.
    I would be more than happy to buy N16 but unfortunately it is not sold in this country (Turkey). :(
    Or maybe there is a an up-to-date list of supported devices? I've looked through this one, but found out that I can only get N12.
  85. Toastman

    Toastman Super Moderator Staff Member Member

    @hamzat - I don't have an RT-N12 but unless there are hardware problems with that model (I've also heard rumours) it ought to be a piece of cake.

    There will be a new release 7505.1 soon, updating dnsmasq and reverting the "string module" for Access restrictions, which was done some time ago in error.

    Shibby has been making great progress with the R7000 and I'm conducting a few tests with it - hopefully soon we will get higher speed DOCSIS here!
  86. EOC_Jason

    EOC_Jason Networkin' Nut Member

    Toastman, if you get a chance can you update OpenVPN from 2.3.0 to 2.3.4 ? It's just a simple replacement of the /openvpn directory, no other files need changes.
  87. alfred

    alfred Networkin' Nut Member

    According to changelog:

    May 18 2014 - 1.28.0505.1 and variants
    - access restrictions - revert "string module"
    - dnsmasq version 2.70
    BUT, after upgrading to tomato-K26USB-1.28.0505.1MIPSR2Toastman-RT-N-VPN.trx, it is still 2.69?

    root@N16:/tmp/home/root# dnsmasq --ver
    Dnsmasq version 2.69  Copyright (c) 2000-2014 Simon Kelley
    Compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth no-DNSSEC
    This software comes with ABSOLUTELY NO WARRANTY.
    Dnsmasq is free software, and you are welcome to redistribute it
    under the terms of the GNU General Public License, version 2 or 3.
  88. TrueBlueBlooded

    TrueBlueBlooded Networkin' Nut Member

    Looks like some of the 1.28.7505.1 STD files (E2000 and E3000) may have failed to build and/or upload.

  89. Mitro

    Mitro Reformed Router Member

    i'm trying to get 4G ZTE K5008-Z usb dongle to work but i think the modeswitch is not present for this device:

    Bus 001 Device 003: ID 19d2:1032

    The data for this device can be found here: http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=3&t=1730

    Can someone help me with implementation and/or compiling a new version with this data?

    I'm currently using victek's latest build: Tomato RAF Firmware v1.28.9014 MIPSR2-RAF-v1.3e K26 USB

    Router is E4200 v1

    Thanks in advance!
  90. Toastman

    Toastman Super Moderator Staff Member Member

    @EOC-Jason --- I should have some free time next week, I'll take a look at it.
  91. FattysGoneWild

    FattysGoneWild LI Guru Member

    Sorry if this has been asked before. Would you consider making builds with DHCP enabled by default? Just for quicker and easier flashing. Some people think their router is bricked after flashing. Since they don't know DHCP is disabled by default.
  92. Lothsahn

    Lothsahn Addicted to LI Member

    I agree with you FattysGoneWild, but it's an intentional decision for enterprise deployments:
  93. jerrm

    jerrm Network Guru Member

    The warning is listed over 80 times in the "read this changelog first.txt" file. Toastman always includes the warning when he announces a new release on the forum. Anyone flashing their router with something downloaded from the net should be practicing at least a minimal amount of due diligence.
    Mercjoe, mvsgeek and koitsu like this.
  94. Toastman

    Toastman Super Moderator Staff Member Member

    I wanted to correct a small error in the last build so I took the time to also update dnsmasq again as Simon has been busy again. Nothing to get excited about, though. Look for 1.28.7505.2 soon if you must update it for any reason.

    Regarding DHCP defaulting to OFF - I won't change it for three reasons.

    The first as stated in my info files many times, is to prevent unintentional issue of the wrong IP addresses by a crashed Access Point after a loss of nvram data in the event of brownouts and power glitches. For the same reason, I never use as gateway, that way the crashed machine can't suddenly reappear on the network with the same IP as the main internet gateway!

    And secondly, my own personal opinion is that you should never rely on DHCP to issue you with an IP when flashing firmware. Setting one manually makes certain that your PC is not running with a defaulted 169.x.x.x IP which is the cause of even more problems that people email me with. Ever since I got involved with internet maybe 20 years ago, it was never customary to use DHCP by default in enterprise setups.

    Thirdly, I make this firmware mainly for my own use, and I merely shared it for others. It is what it is.
  95. ntest7

    ntest7 Network Guru Member

    Thanks for sticking with DHCP off by default. This has saved my butt more than once when a unit decided to spontaneously revert to defaults.
  96. Monk E. Boy

    Monk E. Boy Network Guru Member

    Indeed, I prefer DHCP disabled by default.

    Now if only I could convince my brother & sister to not hold down the &*I(@#&$(* reset button on their router every time their internet goes south because, you know, that "fixes it." It couldn't just be a momentary issue on their ISP side, no, it has to be the reset button that fixes it. Until that behavior stops they don't get to enjoy Tomato and suffer with OEM firmware on the Belkin router they bought years ago.

    Sorry, had to vent.
    Last edited: May 21, 2014
  97. Dent

    Dent LI Guru Member

  98. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Thought I would share an example of how stable your firmware is. Since January 2013 the only interruption in uptime for this router has been a power failure that outlasted the UPS:

    Model Linksys E4200 v1
    Chipset Broadcom BCM4716 chip rev 1 pkg 10
    CPU Freq 480 MHz
    Flash Size 16 MB

    Time Thu, 22 May 2014 23:38:09 -0400
    Uptime 306 days, 16:18:06

    Thanks Toastman!
    beatnik likes this.
  99. EOC_Jason

    EOC_Jason Networkin' Nut Member

    Nice, I had Uptime: 342 days, 07:57:30 before I updated my firmware... Toastman's is definitely stable!
  100. Dr Strangelove

    Dr Strangelove Networkin' Nut Member

    Just pop'd Toastman 1.28.0505.1 (VLAN-VPN) onto my E4200v1.

    All running without any problems I'm aware off at this time.

    Been running Toastman TomatoUSB on my Linksys E4200 for years and never had any real issues and it's been VERY stable.

    Thank you Toastman and those who contribute.

    I see the E900 and etc fw is on the distribution server now too, so'll upgrade that too. :)

Share This Page