Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. FattysGoneWild

    FattysGoneWild LI Guru Member

    Okay. I want to make sure I am flashing properly and don't want to brick it. In the past using Tomato. All builds have used DHCP enabled. But, I want to check out Toastman STD build for my router. Linksys E4200 v1 btw. I have Windows 8 and currently using stock Linksys firmware. I would set my main pc to the following yes? Before or after flashing from stock firmware? Once in. Clear NVRAM (thorough) then set to DHCP?

    Or set DHCP before then clear NVRAM? Also in the wireless settings. Would I be able to select my country code United States? I imagine STD has everything accept the fancy stuff like VPN etc?

    static ip
    subnet mast
  2. Lothsahn

    Lothsahn Addicted to LI Member

    You need to set your main PC to the above settings AFTER flashing with Tomato, and anytime after you do a clear NVRAM. Once the NVRAM is cleared (or on the first upgrade), you can access Tomato at . You can then enable DHCP and go back to your default settings.
  3. HunterZ

    HunterZ Network Guru Member

    It doesn't hurt to set a static IP before flashing. It would probably make things go slightly smoother, in fact.

    Your listed IP settings should work fine, both before and even after enabling DHCP.
  4. Toink

    Toink Network Guru Member

    Hi Toastman!

    Can we have the NOCAT version of your latest 1.28.0505.2 VLAN for the E3000 as well as for the E4200, please? I can't seem to find it in the folder. Many thanks!
  5. Toastman

    Toastman Super Moderator Staff Member Member

    May 20/27 2014 - 1.28.7505.2 and variants

    - some small doc typos
    - dnsmasq version 2.71
    - and the access restriction reverts the use of the "string" module which was accidentally
    added as discussed above.

    HitheLightz, Elfew, EOC_Jason and 2 others like this.
  6. neopegasus

    neopegasus Reformed Router Member

    Hi every one I just did a upgrade with the: tomato-E3000USB-NVRAM60K-1.28.7505.2MIPSR2Toastman-RT-Ext.bin on my e3000usb router after the firmware upgrade I only have e web page saying it works, it is not the first tie i am using toastman firmware.
    I have no ssh
    and no WUI.
    can some one pin point me to a way to reflash/downgrade the router?

    Best regards

  7. Dr Strangelove

    Dr Strangelove Addicted to LI Member

    Upgraded to 1.28.7505.2 on an E4200 and E900.

    Checked E4200 OpenVPN server, servicing my NAS on my own private xxx.lan domain using dnsmasq on E4200 and it resolves OK.

    So, all good thus far.

    Thank you Toastman and crew.
  8. neopegasus

    neopegasus Reformed Router Member

    After Fighting and searching on internet I did tftp and some testing and i could rescue my router E3000usb is working fine with 1.28.7505.2

    Thanks Toastman
  9. hamzat

    hamzat Network Newbie Member

    Thanks for the reply! Got myself a RT-N12 D1 and installed
    tomato-K26-1.28.0505.1MIPSR2Toastman-RT-N-Std.trx on it (hope it's the right one). Running pretty good so far, with only some configuration problems on my side. :oops:
  10. soooooil

    soooooil Reformed Router Member

    Hi Toastman!
    It has been a long time since there was a build that wasn't too big for my 4MB e1200v1 :(
    The last build (1.28.0505.2 vlan) is 119808 bytes too big.

    I don't know if its possible to reduce the size of the firmware but could you please try? Maybe delete some non essential functions
  11. Grimson

    Grimson Networkin' Nut Member

  12. EOC_Jason

    EOC_Jason Networkin' Nut Member

    If you compile your own, the easiest thing to do to get more space but not loose any functionality is to remove some of the un-used web interface themes and associated images. Some images are quite large and obviously don't compress when the image is made.

    Also if you edit the makefile you can turn off a feature or two that you might not use.
  13. pharma

    pharma Network Guru Member

    Upgraded to 1.28.7505.2 without any issues. For Comcast customers they recently increased our speeds to the next higher tier at no additional cost, so my previous DOWNLOAD speed has increased from 50 mbps to 100 mbps as my SpeedTest results indicate. I currently only use IPv4 and have IPv6 disabled.

    Thanks to Toastman, Victek, Shibby, and all other developers actively making this the best router firmware! :)
    Last edited: Jun 2, 2014
    MrBeer likes this.
  14. gs44

    gs44 Addicted to LI Member

    grrrr so jealous TWC has been unofficially bought out by Comcast but still stuck at 50 as max and I currently only pay for the 30 plan... maybe someday soon... :)
  15. bagu

    bagu Network Guru Member

    With 1.28.0505.2, when i set a web filter i get :

    ip6tables-restore v1.3.8: Couldn't load match `web':File not found

    Error occurred at line: 44
    Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
  16. EOC_Jason

    EOC_Jason Networkin' Nut Member

    I don't think that build has IPv6 support...
  17. maple.chick

    maple.chick Networkin' Nut Member

    Get ready to update again...

    Seven new vulnerabilities found in OpenSSL
  18. Michael M

    Michael M Network Newbie Member

    I was looking through the changelog and the last time I saw an update to miniupnpd it was version 1.8 (20130207) over a year ago. Is there any way this could be updated in one of your next releases?
  19. Toastman

    Toastman Super Moderator Staff Member Member

    Is there any particular reason you wish it to be updated?
  20. koitsu

    koitsu Network Guru Member

    There's nothing to update to; that is the latest version. See bottom of official miniupnp web page:
  21. RMerlin

    RMerlin Network Guru Member

    That page isn't up-to-date. There's been 3 or 4 releases since then.

    The latest is the 2014-05-23 release.

    The biggest change in the past 6 months is probably the addition of PCP support. I don't recall any critical security fix or critical bugfix. I've been updating it in my firmware mostly because I wanted to add PCP support.

    A good amount of IPv6-related fixes too, but that's something neither Tomato or Asuswrt-Merlin uses at this point.
    Dr Strangelove likes this.
  22. koitsu

    koitsu Network Guru Member

    Thanks @RMerlin, that's a real bummer, re: the page not being updated. Maybe I'll reach out to the author and tell him that he should just point people to said changelog.php entries instead. My point is that this disconnect is likely why nobody here has known about an update. :\
  23. Lothsahn

    Lothsahn Addicted to LI Member

  24. Iridescens

    Iridescens Reformed Router Member

    Oh, mighty devs, particularly, Toastman, would you be so kind to include in upcoming firmware a ssl-enabled vsftpd? Pretty-please-with-a-sugar-on-top?
    This post shows my struggle with vsftpd_ssl. Still doesn't work as of "Tomato Firmware v1.28.7505 MIPSR2Toastman-RT K26 USB VPN". I'm not that smart to compile vsftpd myself.
  25. Andrew_32

    Andrew_32 Networkin' Nut Member

    A slight problem with FW E4200USB-NVRAM60K-1.28.0505.2MIPSR2Toastman-RT-N-VLAN-VPN on my E4200 V1: after ~10 minutes the router completely freezes (no longer http accessible, no longer working as dhcp server, etc.). This behaviour is independent of any configuration entered, and yes, I've cleared the NVRAM after flashing and also flashed the image several times from different downloads.

    BTW, same HW works perfectly under FW 503.7.

    Appreciate any ideas.


    Edit: Problem solved - Hardware was dying und by now is entirely dead.
    Last edited: Jun 8, 2014
  26. Michael M

    Michael M Network Newbie Member

    I used one of your builds a while back (Can't remember the build) and whenever I would enable UPNP it never seemed to work for the Xbox 360 my family uses. It would forward port 28989 instead of 3074 and the NAT type wouldn't be open. I'm not sure if this is a UPNP problem or problem with the Xbox but I haven't had this issue on any builds released by Shibby. I know I could just forward the ports myself but I am about to setup a wireless router for a friend and they require UPNP for multiple devices and I want to make sure it all goes smooth.
  27. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Do you have multiple consoles or devices trying to use 3074?
    If no, use manual port forwarding
    If yes, assign static ip addresses / static DHCP leases to each of those devices and then use UPnP
  28. gfunkdave

    gfunkdave LI Guru Member

    Having some trouble with the VLAN build of this on my RT-N66u. When I set a LAN port to be on a different VLAN from the default, after rebooting the router always puts the port on both VLANs without port tagging - this should clearly not be, and devices plugged into that port act as if they're still on the main VLAN. Any ideas?

    Here's a screen cap:


    Edit to add: it seems to be a problem with having a VLAN ID of 0. When I deleted that VLAN and recreated it as VLAN 3, things started working.
    Last edited: Jun 8, 2014
  29. Mercjoe

    Mercjoe Network Guru Member

    I believe a I found a bug that was introduced on version 1.28.7505.2

    When viewing details in QOS (QOS>View Details) attempting to resolve hostname displays the IP address on the network the correct info is not displayed.

    In the past (as in version 1.28.7505.1) it would show:

    TCP (Homeserver) <S port> <destination> <d port> ...etc

    it now shows :

    TCP ( <S port> <destination> <d port> ...etc

    It no longer resolved the IP hostname as defined in Basic>DHCP/ARP/BW
  30. Beast

    Beast Network Guru Member


    Did you check {Auto resolve addresses} under Filter settings?
  31. Mercjoe

    Mercjoe Network Guru Member

    yes, I did.

    I also used the <resolve> button next to each IP.

    neither worked
  32. Morac

    Morac Network Guru Member

    The View details screen needs some work as it is. Sorting doesn't work at all if any ipv6 addresses show up. It tries to sort, but addresses just show up anywhere in the list. That's in addition to sorting trying to sort by character position instead of number (I.e. 20.x.x.x comes after 192.x.x.x)
  33. gfunkdave

    gfunkdave LI Guru Member

    Another bug (not sure if it's new). The port mappings are reversed in the VLAN version of Toastman on my RT-N66u. If I click the button to map port 2 to a different VLAN, it actually puts port 3 on the other VLAN. If I click the button to put port 3 on a different VLAN, it puts port 2 on that VLAN.

    This is on 1.28.0505 MIPSR2Toastman-RT-N K26 USB VLAN-VPN

  34. Magister

    Magister LI Guru Member

    Thanks, I have a WRT160N-v3 with 4MB of flash, I needed a VPN build but they were too big, I followed the procedure by checking out the Toastman-RT branch (not N) and did a

    make r2fs V1=7505.2 V2=Fred-RT-Tiny-VPN NO_SAMBA=y KERN_SIZE_OPT=y OPENVPN=y

    I have a 3.5M trx file, now I need to find time to test it!
  35. walshlink

    walshlink Networkin' Nut Member

    Running Toastman's latest VPN build on a E4200v1. Everything works WELL (hat off to Toastman), except I cannot get the OpenVPN client running. I have it configured, have all the certs/keys in the right fields. Every time I click "Start", I get "Client is not running or status could not be read." Any ideas?
  36. lancethepants

    lancethepants Network Guru Member

    Looks at the logs page and see what OpenVPN says, should say some reason.
  37. EOC_Jason

    EOC_Jason Networkin' Nut Member

    ... and if it doesn't give anything useful you can add "verb 5" to get additional output (I think that's the command, double check the openvpn site).
  38. Bill_S

    Bill_S Network Guru Member

    Help, I flashed my new RT-N16 with K26USB-128.7498.1MIPR2-Toastman-RT-Ext.trx and now I can't access it. I can see the wi-fi ssid (wireless) and I have tried with an Ethernet cable attached but it does not respond to I have set my PC's address to and the default gateway to but I cannot get the RT-N16 to respond. Does anyone have an idea how I can access the router to enable DHCP?
  39. kthaddock

    kthaddock Network Guru Member

    Yes, set your client to this, dhcp is turned off by default.
    Last edited: Jun 16, 2014
  40. HunterZ

    HunterZ Network Guru Member

    Any IP in the range should work, so I don't see why using 100 instead of 10 would make a difference.
  41. kthaddock

    kthaddock Network Guru Member

    No to be precisely can confuse.
  42. Matt Wilson

    Matt Wilson Serious Server Member

    I've got two questions

    1) I've been running a WRT54G-TM with Tomato Firmware v1.28.7821 MIPSR1-Toastman-ND K26 USB Ext firmware for about 3 years now. I originally picked the hardware when I was playing with DD-WRT since it had the largest RAM available for anything in the WRT54 family. The firmware I chose at the time because the Kernel 2.4 was specifically saying that IPv6 was not supported and I needed to do some work with IPv6. Since then there have been a lot of additions and improvements to the firmware offerings available and I'd like to get a newer version.

    If I understand things properly, I won't be able to get any of the RT or RT-N firmware working on this hardware, which leaves the Kernel 2.4 ND firmware for me. If I flash one of the latest versions to this router will it still support IPv6? Also, can I choose the generic firmware, or do I need to choose something from the WRT54G-WRT54GL grouping?

    2) In addition to whatever I do with that router, I'm looking to get a 5 GHz router that supports Toastman RT-N firmware. It looks like the latest/most powerful Linksys hardware that supports this is an E4200, but that's not made any more. I'd prefer to get hardware that is still being made, but I'm not sure what that might be.

    Assuming I can't find something new what are the best options? E4200? RT-N66U? RT-N16? If the price is reasonable I'd prefer more powerful hardware, but I'm willing to look at something older/less powerful if the price point is right and I won't be sacrificing too much hardware to get it.
  43. HunterZ

    HunterZ Network Guru Member

    I'm pretty sure that IPv6 is a no go on K24 in general.

    I use an RT-N66U with Toastman RT-N 64K NVRAM builds, and it has 5GHz and IPv6.
  44. Dr Strangelove

    Dr Strangelove Addicted to LI Member

    I've had a Linksys E4200v1 running Toastman fw for many years (OpenVPN server, DHCP/DNS server and etc) and it's been a sweet ride.
    I would humbly suggest the RT-N66U or RT-AC66U going forward.

    There is a Best Router for Tomato thread, but I think it's 'jumped the shark' and lost it's way.
  45. Lothsahn

    Lothsahn Addicted to LI Member

    I use Toastman tomato on 6 RT-N66U's and it's been rock solid, stable, good wireless coverage, and fast. I notice that:
    1) The router maxes out, on wireless, around 30-60Mbit, depending on conditions
    2) The router maxes out, on wired, around 160 Mbit. It appears to be CPU bound.
    3) The router gets VERY good wireless coverage, but significantly less than stock. I don't know the cause, but I'm thinking beamforming might be disabled in Toastman but enabled in stock.

    I have IPv6 disabled. I've noticed some problems with IPv6 on, but I have not yet tracked them down.

    Overall, I've had zero crashes, problems, or outages on all 6 RT-N66U's deployed (6 months-2 years). I have one additional configured in bridge mode, and I did have a wireless disconnect and it didn't reconnect (requiring a reboot). However, the OS was still operating and I rebooted it through the GUI. It's been operational for 3 months.
  46. HunterZ

    HunterZ Network Guru Member

    You must be talking about coming from the WAN using extensive QoS rules?

    On the LAN side I just did a test and got 160mbps (20MB/sec) Samba transfers on a 300mbps 5GHz wireless N connection from a source machine that is connected to the LAN via ethernet, and the RT-N66U's CPU usage was under 2%. The source HDD itself tops out at ~200mbps, so it's also possible that it may be the primary limitation in that test.

    For ethernet<->ethernet LAN transfers I maxed out at around 700mbps on my RT-N16. I haven't repeated the test on the RT-N66U but I think I'm bound by the quality of my Cat 5E cable run under the house.
  47. Matt Wilson

    Matt Wilson Serious Server Member

    Thanks for the responses.

    It sounds like the RT-N66U might be the way to go, especially since it seems like ASUS is still making them. Someone said the RT-AC66U, but I thought Toastman doesn't work with that model.

    I read the Best Router for Tomato thread, but it's gone down a rabbithole of debating the price of routers and ISP service plans rather than discussing anything useful regarding hardware to use with the various Tomato flavors.

    I've been thinking about my needs for firmware on the WRT54G-TM, and although I'd really prefer it to support IPv6 I can live without it in exchange for the newer firmware and software with the latest K2.4 release. I guess I'll install it and find out. I've seen hints in various things that it was reenabled in that branch of Toastman, but I'm not certain.
  48. Dr Strangelove

    Dr Strangelove Addicted to LI Member

    Think it's Shibby and Merlin for ASUS RT-AC66U.
    If you have a NAS in a home environment 802.11ac can give HDD access and bandwidth a bit of a lift.
  49. Matt Wilson

    Matt Wilson Serious Server Member

    Yeah, since I want to stay with Toastman it sounds like the RT-N66U is the way to go. And it's new manufacture, not something that was used that I bought on EBay, or is discontinued but there are still stocks of "product" in 3rd party hands. Of course I bought all of my WRT54G-TM's via EBay so that isn't necessarily a bad way to go. I just wouldn't do it for clients.

    WiFi speed isn't as important to me as the raw horsepower and memory on the hardware, as well as the speed of the Ethernet connections. Most of what I do here and for my clients is on devices used wired Ethernet, and I actually used true gigabit switches for that rather than routers that have had switch ports added to them.

    WiFi use is most often for internet connections, and frankly, very few ISP's offer speeds that would even saturate an 802.11g connection, let alone n or ac. Even with multiple users they are still limited by the internet connection speed rather than the WiFi speed.
  50. Garneac

    Garneac Reformed Router Member


    We've been unable to connect to the internet wirelessly starting maybe one or two days ago. Connecting to the router (ASUS RT-N16, btw) directly with an ethernet cable works fine; it's just the wireless that's a no-go.

    I thought maybe it might have something to do with the firmware being out of date? I don't know. I checked and saw that there was a newer firmware out, and so upgraded to tomato-K26USB-1.28.7505.2MIPSR2Toastman-RT-Std.trx. Still, no wireless access.

    When I check the list of networks it says "unidentified network," underneath of which it says "No internet access." And yet when I hover over our wireless network, the signal strength shows as excellent and the network shows as connected.

    Has anyone encountered an issue like this? If so, suggestions on how to correct the problem?
  51. HunterZ

    HunterZ Network Guru Member

    Do you have the wireless mode set to "Access Point" on the router?

    Have you checked to see that the wifi password hasn't changed, and that you're using that password on the client machine(s)?
  52. Garneac

    Garneac Reformed Router Member

    Yup. Can you tell me if anything seems wrong in the following attachments?

    ASUS RT N16  Basic  Network.png ASUS RT N16  Status  Overview.png
  53. HunterZ

    HunterZ Network Guru Member

    Looks reasonable to me. I'm set to TKIP/AES but I should probably switch to just AES.
  54. Garneac

    Garneac Reformed Router Member

    And in this image? Does everything seem alright to you?

    ASUS RT N16  Advanced  Wireless.png

    I'm at a loss as to what could have changed recently...
  55. HunterZ

    HunterZ Network Guru Member

    Only difference on my end is I'm in the U.S. and I set my xmit power to 60mW.
  56. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Did your SSID or router MAC address change? That error message in Windows sometimes happens when the access point changes those parameters.
  57. Monk E. Boy

    Monk E. Boy Network Guru Member

    Try disabling 40Mhz channels, if you have any neighbors anywhere close by then you can't use 40Mhz. There are only 3 "real" 2.4Ghz channels and 40Mhz uses two of them, if your neighbor has 40Mhz enabled then there's no way to avoid interference.
  58. Garneac

    Garneac Reformed Router Member

    The SSID is the same. I wouldn't know if the router's MAC address had changed, though.

    I went into Advanced>MAC Address and saw that the Router's LAN MAC Address and the Wireless Interface MAC Address were different. Does that have any bearing? The WAN Port MAC Address is different, too. That is to say, for all three of them, it's the last two characters that are changed. I've no idea if they're all supposed to be the same or not.

    I don't see an option to disable the 40Mhz channel. I can only change the Control Sideband to either Lower or Upper, or I can switch it to 20Mhz. Is that what you mean? For me to change to 20Mhz?
  59. HunterZ

    HunterZ Network Guru Member

    Different MACs is good. Yes, try 20mhz or a different sideband setting.
    Marcel Tunks likes this.
  60. Monk E. Boy

    Monk E. Boy Network Guru Member

    Sorry, by disabling I meant switching to 20Mhz.

    2.4Ghz 40Mhz is obnoxious in anything except isolated environments (if you have to drive a mile to visit a neighbor you'd be okay at 40, assuming you don't have any other 2.4Ghz devices).
    Marcel Tunks likes this.
  61. Matt Wilson

    Matt Wilson Serious Server Member

    Ok, for those of you who might be interested, I played with a couple of the Kernel 2.4 firmware on my WRT54G-TM, including variations of the STD and MiniIPv6 builds. The MiniIPv6 loaded with no problem and had all the IPv6 options I had with the older Kernel 2.6 build I'd been using. The only problem is, as soon as I configured IPv6 on it, I'd get errors on both IPv4 and IPv6 port forwarding, such as "iptables-restre: line 41 failed".

    Although I'd really like to use IPv6 on this router, in large part so that I can do some testing with my /48 from Hurricane Electric, it's more important to me to have the newer features I get in the new firmware, so I fell back to the STD firmware without IPv6 support. It works great and does what I need so I'll stick with it for now. If Toastman releases a new version of the MiniIPv6 for Kernel 2.4 I'll experiment with that again.

    I also got my RT-N66U and really like it so far. The production firmware is good, but as I thought doesn't offer enough of the other features I want so I'll be flashing it with Toastman today. The only problem is, I'm not sure which one I should be choosing. I want to use the EXT variation, but am not sure if I should choose the "normal" one (tomato-K26USB-1.28.0505.2MIPSR2Toastman-RT-N-Ext) or one of the 60K or 64K flavors.

    What is the difference between "normal", 60K and 64K? Is there some advantage in using the "bigger" ones?

    For those of you using an RT-N66U which version are you using?
  62. HunterZ

    HunterZ Network Guru Member

    I'm using the 64K version. The difference is that it unlocks access to more NVRAM storage I think, which probably doesn't matter unless you're needing to use large configuration sets without the aid of jffs/cifs/USB storage.
  63. Matt Wilson

    Matt Wilson Serious Server Member

    Had a lot of problems getting the firmware uploaded, but I finally got it. I can use the additional NVRAM access since I use it for saving things like logs, and I log more data than the default in case I need to refer to it.

    I haven't decided yet, but I may very well be using this router moving forward with my clients if they won't get a full blown UTM firewall. It's a little on the expensive side to use only as an access point, but maybe something a little lower end in the RT-N family will work for that.
  64. Beast

    Beast Network Guru Member


    Flashed to the latest Toastman (Tomato Firmware v1.28.7505.3 MIPSR2Toastman-RT K26 USB VLAN-VPN), and wanted to try IPV6 again. I am with Charter Cable, who provide this information to use with their IPV6.

    6rd Prefix = 2602:100::/32
    Border Relay Address =
    6rd prefix length = 32
    IPv4 mask length = 0
    Primary DNS Address = 2607:f428:1::5353:1
    Secondary DNS Address = 2607:f428:2::5353:1

    I set this up under the IPV6 configuration. Rebooted router, waited a few minutes to let it build its routing tables and settle down. Tested IPV6 at ( ) and got a 10/10. All working great.

    But as I serfed the web, my web browser would hang from time to time (take a long time to connect to a site).

    I looked into my log file and would find this when ever the hang happens.

    Jun 30 19:08:25 BeastNet dnsmasq-dhcp[1686]: RTR-ADVERT(br0) 2602:100:615d:db02::
    Jun 30 19:17:31 BeastNet dnsmasq-dhcp[1686]: RTR-ADVERT(br0) 2602:100:615d:db02::
    Jun 30 19:25:01 BeastNet dnsmasq-dhcp[1686]: RTR-ADVERT(br0) 2602:100:615d:db02::
    Jun 30 19:32:33 BeastNet dnsmasq-dhcp[1686]: RTR-ADVERT(br0) 2602:100:615d:db02::
    Jun 30 19:35:37 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:37 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:37 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:37 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:38 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:38 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:39 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:40 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:40 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:41 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:42 BeastNet user.crit kernel: Dead loop on virtual device six0, fix it urgently!
    Jun 30 19:35:49 BeastNet user.warn kernel: printk: 5 messages suppressed.

    The Dead loop warnings. So I disabled IPv6 for the moment. Looked at the log file again after a reboot and
    noticed that router is still picking up the IPV6 DNS servers.

    Dec 31 18:00:54 BeastNet dnsmasq[518]: using nameserver 2607:f428:1::5353:1#53
    Dec 31 18:00:54 BeastNet dnsmasq[518]: using nameserver 2607:f428:2::5353:1#53
    Dec 31 18:00:54 BeastNet dnsmasq[518]: using nameserver
    Dec 31 18:00:54 BeastNet dnsmasq[518]: using nameserver

    So does anyone know why the Dead Loop, or why it still picks up the IPV6 DNS, which are part of the IPV6 setup.
    But is disabled ??????
  65. Monk E. Boy

    Monk E. Boy Network Guru Member

    Before using the 64K firmware shouldn't you verify that the router's CFE supports 64K NVRAM? I haven't personally come across an RT-N66U yet that shipped with the newer CFE, I've upgraded them all by hand.
  66. HunterZ

    HunterZ Network Guru Member

    That's odd, I didn't have to do anything special.
  67. koitsu

    koitsu Network Guru Member

    Monk E. Boy likes this.
  68. Monk E. Boy

    Monk E. Boy Network Guru Member

    Consider me appropriately mollified. There is no need to upgrade the CFE with Tomato builds after all.

    Edit: Though, to be fair, I upgraded my N66U routers months before that thread was created. Thanks for creating it koitsu, before that I was using information from others that could have been meant for non-64K routers, but also referenced the N66U.
    Last edited: Jul 3, 2014
  69. Charles Luzzato

    Charles Luzzato Network Newbie Member

    Hi, Thanks toastman for your build; I just moved to germany and they don't give us routable ipv4s here, so I manage to circumvent part of that by VPN through my other server :)

    In any case, I have a site to site vpn connection running on a computer on the network where tomato is running (but not on the tomato router because of load).
    I have setup the dnsmasq config both on the remote site and the local site to query the correct dns servers depending on the domain name (ie using the server=/ on my local tomato router, and a similar entry on the remote router)

    The routing of queries to the correct dns server is working fine, the only problem is that the tomato router systematically appends the name of its local subdomain to all queries it forwards through the vpn tunnel.

    So say my subdomain name for the network where the tomato server is is and the remote network across the vpn tunnel has, when I query from a machine on the local network (same network as tomato), it sends the request to the dns server on the remote network as

    It seems to me that the expand-host option in dnsmasq is not working properly, and is expanding everything instead of just known hosts.

    This is on tomato-K26USB-NVRAM64K-1.28.0505.2MIPSR2Toastman-RT-N-VLAN-VPN-NOCAT running on RT-N66U

    Any ideas ?
    Thanks in advance
    Last edited: Jul 12, 2014
  70. LastSilmaril

    LastSilmaril Addicted to LI Member

    I'm not sure if this is a bug, or what, but after upgrading to the latest build the VLAN on my second RT-N66U stopped working properly. (I have two RT-N66Us, one of which is the 'router' and the other acting as an AP.) It turns out that this is because the ports do not conform properly to what is labeled on the outside (took all night to figure out). So port 1= 4, 2, = 3, 3 = 2, 4 = 1. I don't know when this changed, but it should be helpful if you're running a VLAN guest WiFi on both your main router and on an access point with the latest software!
  71. tvlz

    tvlz LI Guru Member

  72. LastSilmaril

    LastSilmaril Addicted to LI Member

  73. rwatt

    rwatt Serious Server Member

    I'm running an Asus RT-N66U that I flashed with Tomato Firmware v1.28.0502 MIPSR2Toastman-RT-N K26 USB Ext. It's been running perfectly for a year. Thank you! I just discovered I want VPN functionality.
    1. How simple is it to ever upgrade from an older Toastman release to newer releases of Toastman's firmware? Do I just download the new version and upgrade in-place and I'm good to go? Or do I have to start fresh if I want to upgrade?
    2. Am I able to upgrade from a Toastman firmware with less features (i.e., no VPN and no VLAN) to a Toastman release with more features (i.e., VPN and VLAN)?
    I want to go from what I have (Tomato Firmware v1.28.0502 MIPSR2Toastman-RT-N K26 USB Ext) to tomato-K26USB-NVRAM64K-1.28.0505.2MIPSR2Toastman-RT-N-VPN.trx. Can I do that or will I have to wipe and install new?

    Thank you!
  74. LastSilmaril

    LastSilmaril Addicted to LI Member

    I have two of these routers with Toastman's FW. You can in fact upgrade to a version with more (or fewer) features.
    I'm not sure what start fresh means. "Best practice" as stated here was, I thought, to erase NVRAM and redo your settings on an upgrade, which is otherwise very straightforward. You could try upgrading without doing that - I'm not sure what issues, if any, you'll run into if you do. You won't brick it, if that's what you're asking.
  75. rwatt

    rwatt Serious Server Member

    Thanks for the very quick reply. By "fresh", I guess I meant by redoing all of my settings and configurations with QoS and static IPs for various Mac addresses, etc. It would take a long time to get it back to where I have it. I was wanting to avoid such a time consuming endeavor. But you're saying that "best practice" is to redo my settings, though.
  76. LastSilmaril

    LastSilmaril Addicted to LI Member

    So I have constantly been told. It may be enough to simply back them up, erase NVRAM, and then re-upload them? I think I did this earlier this month without issue, since I still have my own painstakingly set up QoS settings there, and don't recall redoing them this year. I don't seem to have suffered from doing this. But then, I also didn't upgrade to a version with more features than I previously had. You may want to get a copy of the current FW you're using, backup your current settings, upgrade to the newest build, put your settings back, and if you have any problems, reflash back to your older one and manually record your QoS settings for later re-entry once you re-reflash to the newer FW (this time deleting NVRAM).
  77. HunterZ

    HunterZ Network Guru Member

    You're supposed to save off a subset of your NVRAM settings, flash, reset NVRAM and then reload the subset. There's no point to exporting and re-importing everything, as that would have the same effect as just flashing without erasing NVRAM.

    Personally I hate that idea because the NVRAM settings are undocumented, so I never know exactly what to pick. Instead, I usually just open every settings page as a browser tab, then flash and reset, then manually re-enter the settings.
    koitsu likes this.
  78. koitsu

    koitsu Network Guru Member

    @rwatt -- If you want a solution that works 100% of the time, follow what I advocate here (start at the bottom and work up) The short version is: keep a text file laying around that documents every setting you have manually changed from stock defaults. (I provide an actual example text file to show you the formatting that works (for me)). Any time you change a setting, update that file. I've used this methodology for several years without a single incident -- and it also allows me to see if the default settings in a newer firmware version reflect my own changes (i.e. I can remove some lines from the text file since now they're defaults).

    I understand effectively you want something that is much more manageable and so on, but solving this with existing technology while being backwards-compatible is painful and time-consuming. OpenWRT has gone about this in a very different manner (they use as little NVRAM as possible, leaving the stock factory defaults alone, instead using config files for settings and storing them on the router itself -- it's much more like a standard Linux distro), so if it's a deal-breaker, you may want to consider OpenWRT.
    Siff and antena.kaleng like this.
  79. Siff

    Siff Serious Server Member

    @koitsu: I do exactly the same! :) Unfortuantely, since I do most of the changes late at night (i.e. no one else uses the router), I tend to forget to make a note of what exactly I have done, so I always check my notes against the actual settings before upgrading the firmware.

    This takes me some time (and it is tedious), so I was thinking using text-compare to compare a text file version of the default NVRAM (saved right after I install a new firmware) with a text file version of the NVARM from the router before upgrading to a new firmware to identify the differences, but I'm yet to give it a try...
  80. rwatt

    rwatt Serious Server Member

    Thank you to all who replied! I'm up and running with tomato-K26USB-NVRAM64K-1.28.0505.2MIPSR2Toastman-RT-N-VLAN-VPN-NOCAT. Cleared NVRAM too. Made notes for future reference and full-page screenshots of each section prior to upgrade. Everything went fine.
  81. d00mzday

    d00mzday Network Guru Member

    This has been my go to firmware for ages. Thank you for the hard work.

    I have noticed for the past little while the Zoneedit Service (under DDNS tab) has not been functioning.
    The Error: Unknown error (-1).
  82. EOC_Jason

    EOC_Jason Networkin' Nut Member

    Does the logfile give any additional info?
  83. mvsgeek

    mvsgeek Addicted to LI Member

    Zoneedit's name servers were down for several days (if not weeks) a couple of months ago. Looks like is still down, which may be the cause of your error. I had to switch a couple of domains away from zoneedit, since it's impossible to contact them.
  84. Edrikk

    Edrikk Network Guru Member

    I've said it once, I've said it a hundred times... Use iMacros (Firefox plugin) to 'record' your entries. When you make changes you can update things in the iMacros script. When new items are added just record that and paste it into your 'master' iMacros script.

    This has benefits of:
    - Perfect reproducability of data setup
    - Using the UI to enter data and all/any side-effects that a given value may result in (just as an example, changing the Wireless sideband from Lower to Upper will result in different channels being available etc. Such 'error checks' come 'for free' when you use the UI vs other methods where one dependent item might be forgotten).
    - It's very fast...

    Only caveat is that you have to 'disable' the UI's Peekaboo functionality (for passwords) or else iMacros doesn't work well with the password fields... To do this:

    nvram set web_pb=0
  85. d00mzday

    d00mzday Network Guru Member

    Thanks for the responses Jason, and mvsgeek. I do appreciate it.

    Yes it looks like ns2 is down. I have been using ns13, and ns8 which seems to be functioning. The router kicks off the error as stated above when using its ddns Zoneedit ip updater, and does not update the ip's at Zoneedit's control pannel.

    I did manage to do some digging around with google. It seems that Zoneedit changed there protocol from http to https. This seems to have caused problems with 3rd party ip updaters.

    I have access to a Synology DiskStation, which was one of the effected devices if you used there built in DDNS IP updater. I have flashed it to there latest firmware, and it seems that Synology has updated there software to reflect the Zoneedits changes, and is communicating without issue.

    I hope I can post a link without getting in trouble here. Feel free to edit the post if it breaks any of the rules.
    This is a thread going on about the issue.

    *** NOTE: Incase anyone else has this issue. Try using Zoneedit(HTTPS) in drop down box. It should correct the problem.
    Last edited: Aug 3, 2014
  86. Toastman

    Toastman Super Moderator Staff Member Member

  87. kthaddock

    kthaddock Network Guru Member

    There is a great tool "nvramdiff" made by a user, mahi2003 on this forum.
    Compare virgin nvram in .txt-file with configured .txt-file and make a diff file.
    But need to be cautious whith this !! LINK

    antena.kaleng likes this.
  88. tvcat

    tvcat Networkin' Nut Member

  89. Grimson

    Grimson Networkin' Nut Member

    That link works fine here.
  90. tvcat

    tvcat Networkin' Nut Member

    Oh damn tapatalk problem....
    Link work in browser.
  91. dupondje

    dupondje Serious Server Member


    Today I received native IPv6 connectivity from my ISP.
    So we enabled 'DHCPv6 with Prefix Delegation' and prefix length 56.

    Everything works smooth, except some things that are not clear to me.

    First of all all my devices started to receive 2 IPv6 addresses.
    1 SLAAC address, and 1 DHCPv6 address.
    Is there a reason this is configured as such?

    The real reason seems to be that dnsmasq doesn't really need a a range defined.
    So I disabled "Announce IPv6 on LAN" and added the following manually:
    dhcp-range=::, constructor:br*, ra-names, 64, 12h

    Now my clients only receive 1 SLAAC IP. Which is better.

    Another thing is that the IPv6 range I receive from my ISP is dynamic.
    This shouldn't be a real problem, but what about Portforwarding?

    Portforwarding expects a full IPv6 address to allow connectivity to 1 client, but this is an issue as the IP changes alot.
    Except the last past (the eui64/mac address) never changes.

    ip6tables has a module libip6t_eui64.c, which can match the EUI64 part of an address.
    But this module isn't compiled into Tomato.
    Possible to add this (quite small) module? Would make life easier :)

    Thanks for all the work already :)
    Last edited: Aug 7, 2014
  92. dupondje

    dupondje Serious Server Member

    Ok after some testing, debugging, building Tomato. I found out that the eui64 module is not really helpful.
    In fact its just made to check if the traffic from your LAN is using the correct IPv6 addresses (aka addresses where there source MAC address matches the EUI64 of the IPv6 source IP).

    So we tried to find out how to match the EUI64 for incoming traffic.
    Now this seems to be possible by default in ip6tables, but somewhat hidden :)
    You can specify the following as source / dest:
    ip6tables ... -s ::<EUI64>/::ffff:ffff:ffff:ffff ...

    The next problem ofc is that the IPv6 Forwarding page in Tomato is quite restrictive.
    It only accepts a full IPv6 address as destination, and not even a range/mask.

    So I did some changes to it to allow inserting those values.
    And guess what, it just works :)

    I dont know who I can send the patch? Would be nice for everybody to get it included. The change is rather small.
  93. lancethepants

    lancethepants Network Guru Member

    You should post the changes somewhere, maybe github.
  94. jbarbieri

    jbarbieri Network Newbie Member

    I signed up just to say, I co cur with this.

    I tried all revisions (new to tomato bit not dd-wrt) and I had to go all the way down to 0502.

    Maybe if I get some time I will try and build my own...little nervous about that though.
  95. Toastman

    Toastman Super Moderator Staff Member Member

    August 9 2014 - 1.28.7506 and variants

    - OpenSSL 1.0.1h
    - Dnsmasq version 2.72 latest at July 13 2014
    - OpenVPN 2.3.4


    Also, I will try to make some smaller versions later and upload them over the top of these existing builds, if it is possible to reduce the size.
    Last edited: Aug 10, 2014
    The Master likes this.
  96. Toastman

    Toastman Super Moderator Staff Member Member

    I had almost no success in making those builds smaller. Basically, recent increases in size of many modules make it impractical. Anyone who wishes to make a special build be really slashing some of the more standard "core" functions is welcome to give it a shot.

    I will upload a version 7506.1 soon, with the suggested changes to the ipv6 section from dupondje (see above posts). I did not include libip6t_eui64.c

    Feedback is welcome!
  97. Toastman

    Toastman Super Moderator Staff Member Member

    August 10 2014 - 1.28.7506.1 and variants

    Uploading now - please be patient, it takes awhile to upload 2GB of files!

    Thanks to dupondje:

    - Allowed the IPv6 Forwarding page to allow more fancy subnets & rules.
    For example I need the following destination address

    - Changed the DNSMASQ config a bit for SLAAC & DHCPv6 and added an
    option to select them in the GUI. (more info about the differences you
    can find on his blog (

    antena.kaleng and Grimson like this.
  98. Grimson

    Grimson Networkin' Nut Member

    Will you update the sources on too, or have you switched to another git service?
  99. Morac

    Morac Network Guru Member

    I'm somewhat confused as to what the changes in 7506.1 are supposed to do. Do they only affect LAN clients?

    I'm currently using ipv6 with Comcast. Comcast uses DHCPv6, but as far as I can tell, I'm only getting one ipv6 assigned address on both my E3000 and clients. The address contains the MAC address so, I'm assuming it's using SLAAC to assign addresses. I'm guessing DHCPv6 is just being used for DNS.

    This is with 7506 S I updated before 7506.1 was released.


    Actually it appears my router uses a SLAAC assigned IP address, but the clients use DHCPv6 since the MAC address of the clients isn't in their IP address. I confirmed this by enabling DHCPv6 logging and saw the IPv6 address being assigned by DHCPv6. I don't see any SLAAC assigned IPv6 addresses, at least on my iOS devices.
    Last edited: Aug 10, 2014
  100. Morac

    Morac Network Guru Member

    Also would it be possible to fix sorting by source on the View details page. It doesn't work at all if there are ipv6 addressed in the list. Sorting appears to do nothing.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice