1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. Toastman

    Toastman Super Moderator Staff Member Member

    April 15 2011 - 1.28.7498

    - 3G Modem: Add ttyUSB1/3 to modem device list
    - Some additions/changes to wireless interference mitigation / override
    - Remove QOS/BWLimiter from all builds
    - OpenVPN update to 2.2.2
    - OpenSSL 1.0.1 update

    thanks to Shibby for the last 2 updates!


    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
  2. Toastman

    Toastman Super Moderator Staff Member Member

    Jim, in this release I added a new checkbox in "Advanced-wireless" for interference mitigation override. By default the "override" is disabled, hopefully. It would be interesting if you can see if any settings help or even if they have any effect at all, at this stage.

    There is no documentation on what this is supposed to do. However, the wireless driver is normally able to override the manual interference mitigation settings. This seems to be responsible for a lot of wireless problems, as I have reported before. But this override setting appears to be able to either disable driver override, or maybe set one of the other options to be used when interference is detected. It's something I intend to play with over the next month or two.
     
  3. jsmiddleton4

    jsmiddleton4 Network Guru Member

    I'll play with it and see what effect it has. Help me understand the logic however. If its disabled the override does nothing? What is it over riding then?

    What about the client's in device mode?

    Enabled over ride for wlan with noise reduction dropped connection speed from 300 to 216. Will see if its more stable however.
     
  4. Toastman

    Toastman Super Moderator Staff Member Member

    You have to figure it out, because I am not sure myself. My guess is that these 2 settings are closely related:

    1) is interference mitigation. When set to zero we actually want all interference mitigation to be turned off. However, the wireless driver is apparently able to override that manual setting and change it. Experiments and reports from the forums over the last 6 months or so show that this is often responsible for poor throughput and dropped connections, failure of WDS connections etc. But nothing seems to be 100% repeatable and the reports from different people often conflict.

    2) the override - we don't actually know how (or IF) this works - but one would guess that selecting -1 (override disabled) should stop the wireless driver from overriding the manual setting. What the other settings do, we don't know, but it would be reasonable to assume that this is the setting that would be applied by the wireless driver if it decides to change the manual setting for any reason. But that's only my guess and I may be wrong. This override setting may itself be ignored by the wireless driver depending on other input such as country, again, we don't know.

    I added this so that it would be easy for people to experiment, and see if it did anything. First thing to establish - does this override setting do anything at all ????

    BTW - the screwed up device page is just a typo - it doesn't affect anything other than that page doesn't work. It'll be reposted soon.
     
  5. kthaddock

    kthaddock Network Guru Member

    @Toastman
    Thanks for new builds !

    Is "- Remove QOS/BWLimiter from all builds" is't only BW-limiter ?

    kthaddock
     
  6. Toastman

    Toastman Super Moderator Staff Member Member

    The Bandwidth Limiter (which is in itself a full QOS system) is removed. Over the years all invocations of this have been very troublesome, and now we have better QOS I think it's outlived its usefulness. Frankly, I just got fed up with the complaints. If anyone wants it, they can easily compile it back themselves. Just revert the one commit that removed it.

    Bandwidth limit can instead be applied with normal QOS.
     
  7. shadowken

    shadowken Networkin' Nut Member

    @Toastman

    Isn't there any changes made to Captive portal ?
    I want to make the captive portal to operate just on certain interface (Guest SSID) not on the main interface .
     
  8. Toastman

    Toastman Super Moderator Staff Member Member

    No change.
     
  9. kthaddock

    kthaddock Network Guru Member

    Okey I got it !
    I was usure if both was removed. Can Qos be assigned to br0/br1/br2 and br3 ?

    kthaddock
     
  10. FameWolf

    FameWolf Serious Server Member

    Toastman,

    Can you include the modules mention here or tell me how to add them myself? I've cloned your git repo and I'm running under opensuse linux: http://tomatousb.org/forum/t-259025/usb-android-tethering-modules specifically mii, usbnet, cdc_ether, rndis_host

    These modules would allow ANY android phone to connect to the router using PAND Networking and create the usb0 device. They do not use the same method as the "3G Modem Support".
     
  11. xtacydima

    xtacydima LI Guru Member

    I actually find it useful to limit a particular PC from torrent leeching in one setup I have. My bandwidth far surpasses my need for Qos to be enabled otherwise, and I think it's a useful feature (quicker and faster than enabling all of Qos and setting it up).

    Does it really take up that much to need to be removed?
     
  12. shibby20

    shibby20 Network Guru Member

    IMO is not, because this is only a code and saving space from removed bw limiter is only few KB.
     
  13. Toastman

    Toastman Super Moderator Staff Member Member

    It's not to do with space, as Shibby says, it's very small.

    To limit only one or two PC's takes but a few seconds to do in normal QOS. I do it all the time.

    famewolf, these modules are in the tomatoUSB extras pack...
     
  14. xtacydima

    xtacydima LI Guru Member

    Perhaps I am missing something because I am on an older fw, but does Qos have something new & revised that you can limit by IP or MAC ID?

    I dunno, I think many people really like this feature, I really hate to see it go.
     
  15. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "You have to figure it out"

    Ok. No time to play until Wednesday evening.

    I'll watch for new files for the device manager fix.
     
  16. shibby20

    shibby20 Network Guru Member

    i use BW limiter (without QoS) from years and IMO many people also like BW Limiter more than QoS. I think it is 50:50 :)
     
    Armand1234 likes this.
  17. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Quick check this morning and after initially dropping speeds to 216 looks like speed climbed back up to 300mbs. No drops during the night for anyone but at the same time only 2 users during the night.

    Device listing now working.

    Thanks again.
     
  18. Toastman

    Toastman Super Moderator Staff Member Member

    I don't believe it's 50-50. Very few normal owners ever use the BWLimiter, as can be seen when it has been broken in the past and yet nobody even noticed for several days.

    You always could limit by MAC or IP, on all versions of QOS. That's essentially why I never used the BW Limiter myself, except for testing it :D .

    You need a rule, and a class to limit them in.

    e.g. Set a new rule with source IP's or MAC and give it a class. Then set both outgoing and incoming rate and ceiling for that class. Now you have much better control of the client, and full monitoring facilities, and everyone else is unaffected. I've been doing this for 4 years when necessary. I never used the BW limiter and I never had a moments trouble with it.

    However, IMHO the whole point of having QOS on a router is to allow people to utilize the full bandwidth if it is not being used by others. So many people have been limiting their users bandwidth *unnecessarily* because of this "feature", and in my opinion it's really rather stupid to do that. Now that the QOS ingress has a true limit and proper priorities, the need for it is even further reduced. So my decision is, that it's out.

    On the rare occasion when for some reason a client is able to bypass rules and take unfair bandwidth, just make a normal QOS rule to limit that client as above.
     
  19. braindedd

    braindedd Networkin' Nut Member

    Any chance of posting changes to GIT so I can build a "Tiny" version for my silly little WNR3500V2? :)
     
  20. Dutch87

    Dutch87 Networkin' Nut Member

    Hello Toastman,

    Thanks for releasing 1.28.7498! I will play with it tomorrow and apply all your QoS lessons from around here.

    I still have two questions:
    1. Will the critical samba patch be applied? https://www.samba.org/samba/security/CVE-2012-1182
    2. Will there ever be a Whitelist option introduced in the acces restriction GUI? I would love to use Tomato in a setting where only a few websites/Ip's are allowed and all other traffic blocked. Now you can only blacklist in the GUI...

    Thanks in advance!
     
  21. lissny

    lissny Networkin' Nut Member

    1.could some one plz inclued B/w Quota system for IP/MAC system.
    2. IP/Mac Binding with (PC name)-Username-Password) Binding.
    Because Mac can be changed.
    every Client will Enter user name and Password for internet acess(only).. but no bussiness with Router Login
    Thats the way quota works fine. but best

    thanx..
     
  22. xtacydima

    xtacydima LI Guru Member

    I partially disagree, I can think of a few scenarios, and have my own where you need to statically restrict someone, and NOT give them extra resources when available or if they are not in use by other users. This does not have to include users, it can include devices as well.

    I dunno, for me personally, my initial switch from dd-wrt (charging extra for this feature) was the ability to have BW Limiter... I just believe if it's just a few KB, include it, or at least a way to add it back in (compile instructions or otherwise).
     
  23. Nitro

    Nitro Networkin' Nut Member

    toastman I dont know if you saw the previous posts, but there is a few of us that would like to see OpenDNS Crypt included and shibby has already manage to get a working GUI option integrated.

    thanks.
     
  24. FameWolf

    FameWolf Serious Server Member

    Toastman, have I offended you in some way? If so I apologize. It just appears you've responded to posts both before and after mine without commenting on my questions regarding tethering an android phone to the router. Your software is running wonderfully on my Belkin Share Max N300 (F7D3301/F7D7301) v1 however it appears your RT firmware is the only version of tomatousb that will run successfully. I cloned your git repo but could not find where I would make changes to add kernel modules. Thank you for your time.
     
  25. erikoss

    erikoss Addicted to LI Member

    Here's script I use.
    If this helps anyone to understand what toastman means.

    administration, FIREWALL.
    ----------------------------------
    TCA="tc class add dev eth1"
    TFA="tc filter add dev eth1"
    TQA="tc qdisc add dev eth1"
    SFQ="sfq perturb 10"
    tc qdisc del dev eth1 root
    tc qdisc add dev eth1 root handle 1: htb
    tc class add dev eth1 parent 1: classid 1:1 htb rate 3600kbit
    $TCA parent 1:1 classid 1:10 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:11 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:12 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:13 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:14 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:15 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:16 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:17 htb rate 400kbit ceil 400kbit prio 2
    $TCA parent 1:1 classid 1:18 htb rate 3600kbit ceil 3600kbit prio 2
    $TCA parent 1:1 classid 1:19 htb rate 3600kbit ceil 3600kbit prio 2
    $TCA parent 1:1 classid 1:20 htb rate 3600kbit ceil 3600kbit prio 2
    $TQA parent 1:10 handle 10: $SFQ
    $TQA parent 1:11 handle 11: $SFQ
    $TQA parent 1:12 handle 12: $SFQ
    $TQA parent 1:13 handle 13: $SFQ
    $TQA parent 1:14 handle 14: $SFQ
    $TQA parent 1:15 handle 15: $SFQ
    $TQA parent 1:16 handle 16: $SFQ
    $TQA parent 1:17 handle 17: $SFQ
    $TQA parent 1:18 handle 18: $SFQ
    $TQA parent 1:19 handle 19: $SFQ
    $TQA parent 1:20 handle 20: $SFQ
    $TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
    $TFA parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
    $TFA parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12
    $TFA parent 1:0 prio 2 protocol ip handle 13 fw flowid 1:13
    $TFA parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14
    $TFA parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
    $TFA parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16
    $TFA parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17
    $TFA parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18
    $TFA parent 1:0 prio 2 protocol ip handle 19 fw flowid 1:19
    $TFA parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20
    iptables -t mangle -A POSTROUTING -d 192.168.1.20 -j MARK --set-mark 10
    iptables -t mangle -A POSTROUTING -d 192.168.1.21 -j MARK --set-mark 11
    iptables -t mangle -A POSTROUTING -d 192.168.1.22 -j MARK --set-mark 12
    iptables -t mangle -A POSTROUTING -d 192.168.1.23 -j MARK --set-mark 13
    iptables -t mangle -A POSTROUTING -d 192.168.1.24 -j MARK --set-mark 14
    iptables -t mangle -A POSTROUTING -d 192.168.1.25 -j MARK --set-mark 15
    iptables -t mangle -A POSTROUTING -d 192.168.1.26 -j MARK --set-mark 16
    iptables -t mangle -A POSTROUTING -d 192.168.1.27 -j MARK --set-mark 17
    iptables -t mangle -A POSTROUTING -d 192.168.1.28 -j MARK --set-mark 18
    iptables -t mangle -A POSTROUTING -d 192.168.1.29 -j MARK --set-mark 19
    iptables -t mangle -A POSTROUTING -d 192.168.1.30 -j MARK --set-mark 20

    WANUP
    ----------
    Script collects the bandwith usage and FTPs the report to my ISP's ftp account
    USER=""
    PASS=""
    PORT=21
    SERVER=""
    #!/bin/sh
    nvram get wan_ipaddr > /etc/wan_ip.txt
    cat <<END >/etc/stats-backup.sh
    #!/bin/sh
    ftpput -u "$USER" -p "$PASS" -P $PORT $SERVER "/r2-wan_ip.txt" "/etc/wan_ip.txt"
    ftpput -u "$USER" -p "$PASS" -P $PORT $SERVER "/r2-stats\`date +%Y.%m.%d-%H.%M.%S\`.txt" "/var/wwwext/stats.txt"
    END
    cat <<END >/etc/stats-init.sh
    #!/bin/sh
    track()
    {
    iptables -A stats_in -d \$1
    iptables -A stats_out -s \$1
    }
    init()
    {
    iptables -N stats_in || return
    iptables -N stats_out

    iptables -I FORWARD -i `nvram get wan_iface` -j stats_in
    iptables -I FORWARD -o `nvram get wan_iface` -j stats_out

    echo "Started" \`date\` > /var/wwwext/stats_date

    track "192.168.1.20"
    track "192.168.1.21"
    track "192.168.1.22"
    track "192.168.1.23"
    track "192.168.1.24"
    track "192.168.1.25"
    track "192.168.1.26"
    track "192.168.1.27"
    track "192.168.1.28"
    track "192.168.1.29"
    track "192.168.1.30"
    }
    mkdir -p /var/wwwext
    init
    END
    cat <<END >/etc/stats-refresh.sh
    #!/bin/sh
    cd /var/wwwext
    cp stats_date stats.tmp
    echo "Checked" \`date\` >> stats.tmp
    echo >> stats.tmp
    cat /proc/net/arp >> stats.tmp
    echo >> stats.tmp
    iptables -vL stats_in >> stats.tmp
    echo >> stats.tmp
    iptables -vL stats_out >> stats.tmp
    mv stats.tmp stats.txt
    END
    cat <<END >/etc/stats-reset.sh
    #!/bin/sh
    ftpput -u "$USER" -p "$PASS" -P $PORT $SERVER "/r2-stats\`date +%Y.%m.%d-%H.%M.%S\`.txt" "/var/wwwext/stats.txt"
    iptables -Z
    END
    chmod +x /etc/stats-backup.sh
    chmod +x /etc/stats-init.sh
    chmod +x /etc/stats-refresh.sh
    chmod +x /etc/stats-reset.sh
    /etc/stats-init.sh
    /etc/stats-refresh.sh
    cru a statsb "*/30 * * * * /etc/stats-backup.sh"
    cru a statx "29,59 * * * * /etc/stats-refresh.sh"
    cru a statr "1 0 */1 * * /etc/stats-reset.sh"
    /etc/stats-backup.sh


    SHUTDOWN
    ----------------
    /etc/stats-refresh.sh
    /etc/stats-backup.sh
     
  26. Toastman

    Toastman Super Moderator Staff Member Member

    Hi Guys

    Firstly, let me apologize if anyone feels left out by not receiving an answer to a question. It is not easy to reply to all questions due to time restraints, there are a considerable number of posts and PM's from several different websites every day.

    Tomato is being developed currently by a few people who basically do it as a hobby, and they naturally have more incentive to work on a particular feature if it is something they are interested in or have a need for. We don't generally go out of our way to add features that we don't personally need, that's human nature.

    To explain what my policy is for those who are new to the forum. I actually make these compiles to suit my own needs and for the core purpose of routing. When I compile them I let the process run through and generate a great range of versions to try to suit everybody's needs and and upload them for others to use if they find them useful. But I'm not trying to provide a custom compiling service, this is just my own personal version of the firmware.

    I personally subscribe to the school of thought that thinks a router is for routing. So much of the stuff that other people are busy adding don't fall into my definition of a router, such as P2P etc. Therefore, anything that could be considered to keep the firmware up to date, increase base connectivity, aid in diagnostics, client monitoring, assist in setup and function of QOS, etc. will probably be added. Some features which other people desire I don't add because I don't personally find them useful for a router. Some things I prefer to wait and see whether there is a need. So I won't immediately add new features of this sort. I will usually wait and test the water. DNSCrypt - well, maybe this will be added but at the moment I'm not sure about it.

    As for those who do want these things, the git repository is your saviour! To get the BWLimiter back, for example, the easiest way is to just revert the commit that removed it.

    xtacydima - OK, I understand that, but you can accomplish that in the normal QOS without introducing another whole QOS system in addition. It's really rather pointless, especially now that the normal QOS system has a priority-based QOS. Also, you are now allowed 80 QOS rules to make stuff like this easier if you have several clients to throttle.

    Famewolf - To explain how to compile Linux / Tomato in a post is somewhat difficult, you need to use the forum search facilities and also google and read up on the subject of setting up a development environment and making the changes you need. It's a steep learning curve. Open another thread if you have difficulties and I am sure people will help.

    Enjoy ...
     
    kthaddock likes this.
  27. FameWolf

    FameWolf Serious Server Member

    Toastman,

    I fully appreciate you compile these for your own use. My intial question was whether it was feasible to add the 4 kernel modules specified as needed for android tethering (pand networking) to the build. I also wanted to demonstrate I was willing to do due diligence on the parts I could...I've compiled a linux kernel...if it was there I could easily edit the .config file and add the modules or do a "make menuconfig" and tell it to compile the features as modules. I've also located documention on cloning and compiling the normal tomatousb git repo with the assumption that it would work with your repo. ( http://tomatousb.org/tut:how-to-build-and-rebuild-tomato-for-total-noobs ) What I have been unable to locate anywhere is anything that states HOW to add/configure the additional modules to compile. They are doing it in tomatousb and putting the extra modules in the extras.tar.gz file but your builds don't produce that. ( http://tomatousb.org/forum/t-259025/usb-android-tethering-modules ) I can't believe I'm the only one that ever wanted to connect their android phone to their router so they could take full advantage of the QOS you've built. As an alternative I may just have to use WDS and wifi tethering but it won't work nearly as well.

    Thanks for taking the time to reply.
     
  28. though

    though Network Guru Member

    toastman-

    your work is well appreciated by many, many people worldwide. thank you again for this release.

    my question is in regard to wireless/lan/wan speeds with tomato firmware vs. stock on the RT-N66U / RT-N16 / RT-N12, etc. there is talk that about the wireless driver that is used by stock firmware being different than what is used in tomato releases, therefore you will have slower performance if you run tomato on your router. is this true or bs? you don't need to type a 500 page reply, just what are your thoughts in a minimal reply to this topic?
     
  29. Toastman

    Toastman Super Moderator Staff Member Member

    Yep.

    Each router manufacturer has specific versions of the wireless driver supplied by Broadcom for their products. These are usually also tailored to specific models either by Broadcom or by the OEM themselves. Therefore, one driver is almost certainly not going to be optimum for the many routers that Tomato (and other firmwares too) is attempting to support. There are many configuration settings for the driver, and just one wrong parameter in the config could maybe cause havoc.

    Exactly where the existing drivers came from I'm not sure, and quite possibly the support files (there are hundreds) may be cobbled together from somewhere else. Teddy Bear is the only one that tried to get deeply into this, and he has decided not to work on tomatousb any more. When I was working with him on testing the RT-N16 etc. he might have mentioned the source of the driver, but I'm afraid, if he did, I've forgotten it.

    You might find the answer by trawling back through Teddy's threads, I'm attempting to do that myself to try to find out the answers to some of the instability questions which have always been there. So far it seems that the dual-band N drivers introduced some of the current problems, but TBH there have never been any 100% stable drivers.

    We don't have the source code for the drivers, so a lot of the evaluation was done on a trial and error basis. I know Teddy tried a good many versions of the drivers. His last choice to use 5.10.142.0 seemed to cause many problems, but he never posted a build himself using that driver.

    (Also remember that Fast NAT and CTF are responsible for the better WAN/LAN speeds of the OEM routers, but they broke many things in Tomato and were disabled).
     
  30. Toastman

    Toastman Super Moderator Staff Member Member

    Famewolf: I just quickly downloaded the extras tar from tomatousb (K2.6 version for MIPSR2) and extracted the for .ko files. Copied them to JFFS and ran insmod. Don't have time to go further than this. The modules may need to be updated. Perhaps others will offer more insight into getting this to work.
     
  31. FameWolf

    FameWolf Serious Server Member

    They all worked for you because I received an error which I thought indicated the modules had to be compiled against your kernel.

    insmod: can't insert 'rndis_host.ko': unknown symbol in module, or unknown parameter
     
  32. Toastman

    Toastman Super Moderator Staff Member Member

  33. lissny

    lissny Networkin' Nut Member

    gargoyle firmware has quota. but not in good for statistics.
     
  34. Toastman

    Toastman Super Moderator Staff Member Member

    There's a possibility, but at the moment it's just something that we've been talking about.
     
  35. kaabob

    kaabob Addicted to LI Member

    As I've feared, I've broken DNS queries...

    Seems like i'm not able to resolve hostname? I can ping the IP, but not the hostname.
    Maybe it's because the Src port is also UDP53, so it would be listening on UDP53 for a DNS reply?

    Thanks for any help!
     

    Attached Files:

  36. zavar

    zavar Networkin' Nut Member

    Hi Toastman. I was just about to upgrade to your latest build from Victek's current stable RAF build. I'm really interested in the additional IP traffic reporting that you've incorporated. Is this IP traffic information also saved within the normal bandwidth files (i.e. my bandwidth history is saved to a CIFS share)?
     
  37. Toastman

    Toastman Super Moderator Staff Member Member

    You can save it almost anywhere, yes.
     
  38. zavar

    zavar Networkin' Nut Member

    Perfect. Thanks for the fast reply!
     
  39. gutsman7

    gutsman7 Networkin' Nut Member

    Toastman the last of your build I am able to try is tomato-K26-1.28.7496.2MIPSR2-Toastman-RT-Mini.trx, because since this build you removed all minis and they r too big for my wrt310n v2.
     
  40. ufm

    ufm Serious Server Member

    Toastman, hello. I am new here. I have RT-N16 and tomato-K26USB-1.28.7497.1MIPSR2-Toastman-RT-Ext. The only problem is slow Wifi speed. I get 10 MB/s. I read a lot of advices and changed a lot of parameters. Then I found this forum.

    Am I right, that the problem is in drivers in your Firmware? So I have to wait for the solution or do you suggest anything else?

    All others features are just great!!!
     
  41. Elfew

    Elfew Network Guru Member

    Enable Frame burst and check your speed again... with stock firmware you can get better speed but it is not as stable as tomato...
     
  42. FameWolf

    FameWolf Serious Server Member

    Frame Burst however is not recommended if you have more than 3 devices connecting at same time correct?
     
  43. Elfew

    Elfew Network Guru Member

    yeah you are right.... but you should try
     
  44. ufm

    ufm Serious Server Member

    Enabling Frame burst didn't help. If I connect the PC via UTP to the RT-N16, I have more than 70 Mb/s.
     
  45. though

    though Network Guru Member

    try channel 1, 6, and or 11.

    try 20 and 40 mhz for each

    set wirless to 'auto', not N-only, etc.
     
  46. ufm

    ufm Serious Server Member

    Channel 1 and 6 are occupied (3 APs). I tried anyway. Channel 11 is free. If I change to 20Mhz, speed decreases to arround 6Mb/s.
     
  47. though

    though Network Guru Member

    for all your wireless devices or just 1?
     
  48. ufm

    ufm Serious Server Member

    I have two Laptops (one Asus, one HP). By both the same situation.
     
  49. Elfew

    Elfew Network Guru Member

    So try stock firmware and inform us...
     
  50. ufm

    ufm Serious Server Member

    This I will not do, because that means another setup. I will wait for some update in Tomato. I hope...
     
  51. Elfew

    Elfew Network Guru Member

    My problem with trasnfer speed over wifi was solved by option - enable frame burst... I have RT-16N...
     
  52. ufm

    ufm Serious Server Member

    Interesting... And hof fast is now? And before?
     
  53. Elfew

    Elfew Network Guru Member

    http://www.linksysinfo.org/index.php?threads/asus-stock-firmware.37324/

    difference between stock and tomato is about 4Mbps now...

    I recommend you to backup your settings from tomato, flash stock firmware, check your transfer speed and after that you can again flash to tomato and load your settings from backup... (you have to use same version of tomato)
     
  54. ufm

    ufm Serious Server Member

    You said: difference between stock and tomato is about 4Mbps now...

    If you copy a large file over the netwotk - how much Mb/s you have? You mantioned the difference.
     
  55. Elfew

    Elfew Network Guru Member

    Look at my link - there is more info... I tested speeds over wifi while I was copying files
     
  56. mito

    mito Network Guru Member

    Hi, just end testing frame burst and download speeds are exactly the same as if disabled. Unfortunatelly did'nt find differences at all. But as you said, stock firm is faster but not as stable.
    Rgds.
    mito
     
  57. Monk E. Boy

    Monk E. Boy Network Guru Member

    I typically use frame burst and short preamble, but I'm not sure if the preamble setting is even used by 802.11n, that was a trick back in 802.11b days to get better performance.
     
  58. jsmiddleton4

    jsmiddleton4 Network Guru Member

    If I enable Frame Burst some of my client attached devices to my slave router in bridge or in WDS modes will not connect to the master. I'm guessing it is because those clients built in network capability is limited.
     
  59. jameskelsey

    jameskelsey Serious Server Member

    I'm using a Toastman USB EXT firmware on a Belkin share max n300 (F7D7301 which is a restickered 3301) and have a Canon MP460 printer connected to it. I was easily able to get the print function working but unable to get the scanner working.I've been looking all over the web for a solution but have had no luck. Is their a easy way to get this scan function working?
     
  60. mito

    mito Network Guru Member

    I have an RT-16n with same Toast firm and printer connected to router USB , the same happens to me, Lexmark printer working nice but never could make scanner to work, googled everything and tested everything but no way. I think only HP printers do.
    Rgds.
    mito
     
  61. jameskelsey

    jameskelsey Serious Server Member

    Yea,the only thing I found was about creating a sane server to use the scanner. Sounded complicated and like a lot of work. The other option that I'm trying out is Google Cloud Print. With the printer connected to my desktop which is the only place I would use the scanner. With GCP I can print from any other PC in Chrome free or their is a paid stand alone app. I also found a free Android GCP app called Cloud Print that works on my HP Touchpad running ICS. I had Tomato on my previous router so I think I'll keep it on the new Belkin for now and see how it works with ext HDD's. I've read about the Belkin firmware being buggy.
     
  62. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Silex makes usb printer based network print servers that work with AIO's.
     
  63. BikeHelmet

    BikeHelmet Networkin' Nut Member

    I like having that feature available. It doesn't do any prioritization, does it? The 10 QOS classifications do, so rate limiting someone may also deprioritize their packets if you have to stick theirs at the bottom.

    Can someone clarify something for me - does QOS classify packets ontop of the BW Limiter? If I limit someone to 3000/256 out of my 6000/512 connection, because Game/VOIP packets are classified near the top and P2P is classified at the bottom, would that affect them in addition to the BW Limiter throttling? If it does, then there's a very good reason to keep the BW Limiter in!


    Wait a sec - there's a limit? (I know there's always a practical limit, but you're saying there's a hard limit on the QoS: Classifications page?


    Ahh, crud. I'm up to 70 already.
     
  64. lissny

    lissny Networkin' Nut Member

    When did E2500 will be supported../plz
     
  65. gutsman7

    gutsman7 Networkin' Nut Member

    Thank you Toastman for bringing back the mini.trx
     
  66. Toastman

    Toastman Super Moderator Staff Member Member

    Lissny, please don't post questions in multiple threads, thanks.

    FORUM ADMINISTRATOR
     
  67. Toastman

    Toastman Super Moderator Staff Member Member

    April 23 2012- 1.28.7498.1 and variants

    • Samba security fix - "root" credential remote code execution.
    • changes to makefile (inc. Support quick firmware rebuild using 'make all')
    • remove experimental wl setting
    • configuration options for WAN ICMP Rate limiting
    • configuration options for SNMP custom port and remote access
    Thanks to MOC !

    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.


    NOTE to experimenters:

    Issuing this command "wl interference_override -1" is supposed to disable all mitigation settings. There is no nvram variable, so this needs to be added into the firewall or other script box to survive a reboot.
     
  68. phuque99

    phuque99 LI Guru Member

    @Toastman

    I noticed that some of the default ip6tables rules added during startup maybe inappropriate for gateway mode. Specifically the icmpv6 types on the input chain on line 1395 in firewall.rc:

    http://repo.or.cz/w/tomato.git/blob...cfbccdec110:/release/src/router/rc/firewall.c

    Based on RFC, that specific range of icmpv6 type (130-153) are meant only for local interfaces and should not be allowed in from WAN. Line 1392 adds the appropriate icmpv6 types to the INPUT chain and those are the only ones required for the router's INPUT chain facing the Internet.

    I doubt a properly configured ISP would be leaking local link icmpv6 type but one would never know what type of security risk it may pose.
     
  69. Morac

    Morac Network Guru Member

    Is this exploitable from the WAN side of the router or just the LAN side? I'm trying to determine how urgent it is to upgrade.

    What page is this setting on and what exactly does it do?
     
  70. xtacydima

    xtacydima LI Guru Member

    From my understanding Qos prioritizes packets, and if there is nobody using a limit of bandwidth, the person/service being restricted is entitled to more bandwidth (provided it is available).

    With BW Limiter, it is a "hard set" and is constant, regardless of how much bandwidth is available. This is useful for certain scenario's and I just always found this easier to work with, as well quicker to deploy to limit a connection.

    I do see how everyone's needs are different, and it is Toast's choice to forego an option as it is his build. Maybe if enough people request it back he might occasional throw in a special build with it :)


     
  71. gutsman7

    gutsman7 Networkin' Nut Member

    Well you can always make your scripts to do the same job for you as the bandwith limiter such as this one
    #limit download
    tc qdisc del dev br0 root
    tc qdisc add dev br0 root handle 1: htb
    tc class add dev br0 parent 1: classid 1:1 htb rate 10000kbit
    tc class add dev br0 parent 1:1 classid 1:10 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:11 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:12 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:13 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:14 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:15 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:16 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:17 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:18 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:19 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:20 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:21 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:22 htb rate 714kbit ceil 10000kbit prio 2
    tc class add dev br0 parent 1:1 classid 1:23 htb rate 714kbit ceil 10000kbit prio 2
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 13 fw flowid 1:13
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 19 fw flowid 1:19
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 21 fw flowid 1:21
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 22 fw flowid 1:22
    tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 23 fw flowid 1:23
    iptables -t mangle -A POSTROUTING -d 192.168.1.50 -j MARK --set-mark 10
    iptables -t mangle -A POSTROUTING -d 192.168.1.51 -j MARK --set-mark 11
    iptables -t mangle -A POSTROUTING -d 192.168.1.52 -j MARK --set-mark 12
    iptables -t mangle -A POSTROUTING -d 192.168.1.53 -j MARK --set-mark 13
    iptables -t mangle -A POSTROUTING -d 192.168.1.54 -j MARK --set-mark 14
    iptables -t mangle -A POSTROUTING -d 192.168.1.55 -j MARK --set-mark 15
    iptables -t mangle -A POSTROUTING -d 192.168.1.56 -j MARK --set-mark 16
    iptables -t mangle -A POSTROUTING -d 192.168.1.57 -j MARK --set-mark 17
    iptables -t mangle -A POSTROUTING -d 192.168.1.58 -j MARK --set-mark 18
    iptables -t mangle -A POSTROUTING -d 192.168.1.59 -j MARK --set-mark 19
    iptables -t mangle -A POSTROUTING -d 192.168.1.60 -j MARK --set-mark 20
    iptables -t mangle -A POSTROUTING -d 192.168.1.61 -j MARK --set-mark 21
    iptables -t mangle -A POSTROUTING -d 192.168.1.62 -j MARK --set-mark 22
    iptables -t mangle -A POSTROUTING -d 192.168.1.201 -j MARK --set-mark 23
    #limit upload
    insmod imq
    insmod xt_IMQ
    ip link set imq0 up
    tc qdisc del dev imq0 root
    tc qdisc add dev imq0 root handle 1: htb
    tc class add dev imq0 parent 1: classid 1:1 htb rate 100kbit
    tc class add dev imq0 parent 1:1 classid 1:10 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:11 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:12 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:13 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:14 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:15 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:16 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:17 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:18 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:19 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:20 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:21 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:22 htb rate 7kbit ceil 100kbit prio 2
    tc class add dev imq0 parent 1:1 classid 1:23 htb rate 7kbit ceil 100kbit prio 2
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 13 fw flowid 1:13
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 19 fw flowid 1:19
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 21 fw flowid 1:21
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 22 fw flowid 1:22
    tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 23 fw flowid 1:23
    iptables -t mangle -A PREROUTING -s 192.168.1.50 -j MARK --set-mark 10
    iptables -t mangle -A PREROUTING -s 192.168.1.51 -j MARK --set-mark 11
    iptables -t mangle -A PREROUTING -s 192.168.1.52 -j MARK --set-mark 12
    iptables -t mangle -A PREROUTING -s 192.168.1.53 -j MARK --set-mark 13
    iptables -t mangle -A PREROUTING -s 192.168.1.54 -j MARK --set-mark 14
    iptables -t mangle -A PREROUTING -s 192.168.1.55 -j MARK --set-mark 15
    iptables -t mangle -A PREROUTING -s 192.168.1.56 -j MARK --set-mark 16
    iptables -t mangle -A PREROUTING -s 192.168.1.57 -j MARK --set-mark 17
    iptables -t mangle -A PREROUTING -s 192.168.1.58 -j MARK --set-mark 18
    iptables -t mangle -A PREROUTING -s 192.168.1.59 -j MARK --set-mark 19
    iptables -t mangle -A PREROUTING -s 192.168.1.60 -j MARK --set-mark 20
    iptables -t mangle -A PREROUTING -s 192.168.1.61 -j MARK --set-mark 21
    iptables -t mangle -A PREROUTING -s 192.168.1.62 -j MARK --set-mark 22
    iptables -t mangle -A PREROUTING -s 192.168.1.201 -j MARK --set-mark 23
    iptables -t mangle -A PREROUTING -j IMQ --todev 0
     
  72. Morac

    Morac Network Guru Member

    I'm still not able to restore the CSTATS (IP Traffic Monitoring) backups. I'm running tomato-E3000USB-NVRAM60K-1.28.7498MIPSR2-Toastman-RT-VPN.bin and I've cleared the NVRAM after upgrading. Backing up works, but if I restore I get an "Error reading file" error message.

    I've gotten that error since IP Traffic Monitoring was implemented and have reported the problem multiple times with no response. Does anyone know why restoring the CSTATS backups fails?
     
  73. ebogaard

    ebogaard Serious Server Member

    Because of an increade in WAN speed, I replaced my E2000 with an E3000 today, hoping to get full speed. The E3000 runs on "tomato-E3000USB-NVRAM60K-1.28.7498.1MIPSR2-Toastman-VLAN-RT-VPN"
    So far, it seems to cope with the 50Mbit up and down okay: sirq is at about 70% on full speed.

    There are two situations where I only get ~20Mbit sending/receiving:
    1. when sending or receiving files via sftp, sirq is at 99%, so everything grinds to a halt
    2. when transferring via zmodem, sirq is at ~40%

    Why is this? The router isn't the endpoint of this transfer, it only has to send/receive/route the bits and do nothing with the bits.
    The qos is set up correctly: the used port (22) is placed in the right classification and that's reflected in the graphs and details. All qos classifications are set with ports only.
    When I use http on the same server, I get full speed.
     
  74. xtacydima

    xtacydima LI Guru Member

    @gutsman

    Let's be realistic, there is no way the average person is going to learn or code scripts for something like that. I probably can learn in a few hours and heck, I don't plan to do it either. Also, it's an already tested out feature that works remarkably and as mentioned is just mere KB of space. I don't care too much at the moment because I am on an older Toastman firmware now that is bug free for everything I need and stable as heck. if I ever need new features (guest network is very appealing) there are alternatives that keep the feature still available.

    I am curious how many people would opt to keep it. I have been on many forums where hardware is modded or tweaked (Android phone mostly) and one thing I noticed from personal experience is that developers often take a survey poll first to see feedback by numbers. Then based on these results features or requests are adhered to or removed (out of the kindness of their hearts of course as no developer is ever obligated to make anything or owe anyone anything). It would be nice imo to see more of that here.

    Thanks for sharing the code/scripting how to do it manually though, I think it will help others whom might need it one day.
     
  75. Toastman

    Toastman Super Moderator Staff Member Member

    I might put a simplified version back in .... you never know ..... !

    The real reason revolves around the simple fact that I'm fed up of the complaints about it.

     
  76. Monk E. Boy

    Monk E. Boy Network Guru Member

    To be fair, the average person doesn't need a bandwidth limiter.

    Those who do need it can simply enable QoS, and implement a much more effective bandwidth limiter once they spend the necessary 15 minutes to learn how QoS works. It really isn't that hard.

    Personally I need a fully functional QoS so I can prioritize traffic that's legitimate and send traffic that's not (P2P, skype, "VPN," etc.) into the trashcan. I can't bandwidth limit individuals who are performing perfectly legitimate tasks today just because a few days ago they came in running a P2P app. With QoS I don't even need to monitor them like hawks, it just prioritizes traffic automatically so everyone can get valid tasks done.
     
  77. zavar

    zavar Networkin' Nut Member

    Have you found a solution to this?

    Anyone else seeing this problem?
     
  78. Morac

    Morac Network Guru Member

    I have not found a solution. As far as I can tell it's simply broken. I have no idea why no one will respond to my questions about it.



    On an unrelated note, I have set up PPTP server and it works great with my iPhone and iPad, but it doesn't appear that broadcast relay works. I'm trying to access a device on my LAN that uses Bonjour with an app that finds it without a problem when I'm on my LAN. It can't find it over VPN with broadcast relay set to any of the settings. Bonjour is supposed to use broadcast packets. Unfortunately there doesn't seem to be any way to see if the packets are being routed over the VPN link or not, but considering it doesn't work, I'd say it's not.

    http://en.wikipedia.org/wiki/Bonjour_(software)
     
  79. Morac

    Morac Network Guru Member

    I think I found another problem the the PPTP setup.

    I left the default remote ip range which is 172.19.0.1 to 172.19.0.6. When I connected I got an ip address of 172.19.0.1 as expected, but I was able to access all the devices on my internal LAN (which uses 192.168.1.*) by their ip address. 172.19.0.1 isn't on the same sub-net as 192.168.1.* as such I shouldn't have been able to access any of them by their LAN ip addresses. See http://tomatousb.org/tut:configuring-a-pptp-vpn

    That should have only been possible if I set the remote ip range to within the same sub-net (i.e. 192.168.1.x to 192.168.1.y). I tried the later to see if broadcast relaying worked (it didn't).
     
  80. J.One

    J.One Networkin' Nut Member

    Can somebody please tell me how I can erase the NVRAM of my E4200? I don't have a Jtag cable, so am I able to do it myself?
    I have the firmware, i'm ready to flash my router but I want to avoid problems (like a non working router).

    Thanks in advance
     
  81. azdps

    azdps LI Guru Member

    I'm having a problem restoring my configuration. There's no errors when I save my configuration but when I attempt to restore it says:

    Cannot restore on a different router.
    Please wait while the router reboots...

    Note: I did a thorough NVRAM erase using the webui before attempting to restore the config. Also, I did add 2 custom NVRAM entries to NVRAM.

    Firmware: Tomato Firmware v1.28.0498 MIPSR2-Toastman-RT-N K26 USB Std
    Router: Asus RT-N66U

    ** EDIT **:
    I started from scratch after a thorough NVRAM erase and input all my settings using the webui. I saved the configuration afterwards and I'm able to restore the settings without any problems. I guess I'll have to assume I messed up my config file before since I'm not able to reproduce the problem.
    --------------------------------------------------------------------------------------------------------
    Also, why it is necessary to have 2 separate NVRAM entries for the country code?

    wl0_country=US
    wl0_country_code=US

    wl1_country=US
    wl1_country_code=US
     
  82. J.One

    J.One Networkin' Nut Member

    I took the risk and upgraded to Tomato, I have to say, I like it :)
    I used the "tomato-E4200USB-NVRAM60K-1.28.0497.1MIPSR2-Toastman-VLAN-RT-N-VPN.bin" file on my E4200 V1, and so far its working fine.
    I like the UI as well, after playing with it for about 20 minutes I already prefer it over the original Cisco firmware.

    Thanks Toastman!
    As a tribute I named my Wireless access point to you! :)
    If this firmware turns out to be stable, and fulfills my needs I will certainly consider a donation.
     
    gs44 likes this.
  83. lancethepants

    lancethepants Network Guru Member

    Hey Toastman, Could you update the git repo with your latest? thanks for the awesome firmware.
     
  84. mvsgeek

    mvsgeek Addicted to LI Member

    Couple of my personal observations re Tomato-K26USB-1.28.7498MIPSR2-Toastman-RT-Ext.trx on Asus RT-N16...

    1. Overclocking CPU to anything > 500 causes random reboots, anywhere from 15-45 minute intervals.
    2. Enabling Afterburner bricks the router and requires 30/30/30 reset or equivalent.

    I still haven't figured out a repeatable method of 30/30/30 reset on the RT-N16, there are many conflicting opinions online. I finally got it to respond to a ping after trying various combinations of button-pushing and power cycling. Admittedly not very scientific, maybe others here can provide definitive procedure.

    The afterburner issue is repeatable, I've done it twice now. That's quite enough.
    After setting clkfreq to 500, router is completely stable (unless I mess with afterburner:))
     
  85. gs44

    gs44 Networkin' Nut Member

    Hey Toastman,

    After sitting happy and content with RT build 7496 on both of my routers for a couple months now, I decided to go ahead and upgrade my E2000 and E3000 to latest RT build 7498.1 and I am happy to report that I have had no issues at all so far.

    Ipv6 seems to function as intended and wireless speeds seem very good as well as wired speeds thus far... As always I will keep you posted if anything bad happens...lol

    Many Many thanks to Toastman and all who have contributed to these great new tomatousb builds and to all the testers here who help keep them alive and going!!! :)
     
  86. zorkmta

    zorkmta LI Guru Member

    Hi all, at the moment i have build 7497.1 and all going charming with RT-N66U. I´m thinking to update to build 7498.1 to check if get better perfomance throught wifi.

    Maybe is a noob question. which is the best way to update? ( only put administration--- upgrade? ) Have i to config all setting again?

    Thanks
     
  87. Toink

    Toink Network Guru Member

    Tomato Firmware Upgrade Rule of Thumb: ALWAYS CLEAR NVRAM

    Re-configuring is a breeze using the GREP commands or this
     
  88. Marc

    Marc Serious Server Member

    Hi all, I am using 'tomato-K26USB-1.28.7498.1MIPSR2-Toastman-VLAN-RT-VPN-NOCAT' on RT-N16, the pptp server will work after setting up (both wan and lan), however if I reboot the router, the pptp server can't be access from WAN but still working on LAN, port scanning shown that port 1723 is stealth. I guess it may a bug on firewall script on initialization? (additional info: I have also enabled 'avoid NVRAM commit' option, after I set up all options in the router, I commited the NVRAM once to reduce flash wear, I don't know if this option affect it, but I am sure that the PPTP server options remain those I configured after reboot). I did clear the nvram as I was switching from dd-wrt.
     
  89. Planiwa

    Planiwa Network Guru Member

    FWIW, I also use this option. I only commit when I want to.

    I have commands that show the differences between cached and flashed NVRAM, and also between cached NVRAM before and after changes.

    The nvram command never reports on the flashed NVRAM.

    (I suspect that few Tomato users are aware of this.)
     
  90. Marc

    Marc Serious Server Member

    so u mean I should not enable 'avoid NVRAM commit' at initial setup?

    btw, something I want to clarify, do I need to add any entries in firewall script, or port mapping for the PPTP server to work? because I didn't do so in dd-wrt, as well as in toastman - as pptp server worked on WAN before the reboot
     
  91. Planiwa

    Planiwa Network Guru Member


    I mean that in Admin>Debug I check: Avoid performing an NVRAM commit.



    I'll leave the other question to someone familiar with PPTP.
     
  92. phykris

    phykris LI Guru Member

    I don't think the bandwidth limiter was useless and I've tried switching to the QOS limiting on the traffic type.
    Some people didn't like it.

    The problem with limiting based on traffic type is that you'll limit certain types of traffic that are popular with some people, like bittorrent.
    So, you're telling the people on the network how they can use their internet connection (browsing the web is ok, but bittorrent is not).
    Some people don't like to experience such restrictions.

    If you're providing internet services in apartment building, you're basiscally a small ISP.
    Every ISP that limits the internet connection based on traffic type gets lots of critic. Some even say it's a violation of the net neutrality.

    For some it's much more fair that they get a fixed bandwidth, that is statistically garanteed 95% of the time. The bandwidth limiter allowed to do things like that.
    I limit everyone on 1 mbit/s and on a 10mbit/s connection with 35 users, I never reached the limit of my internet connection and the users get their 1 mbit/s all the time and they use it however they like (also for bittorrent).

    Using the bandwidth limiter is a waste of internet bandwidth compared to restricting certain traffic types. But if you set up your limiter based on usage statistics the waste is not that big as you might think.

    Maybe a good way to compare the 2 systems, is having two buildings with the same internet connection and the same number of users: one building with QOS limiting on traffic type and one building with limiting per user. So, we can compare how much data the average user can receive on one day with these limitations.

    I just want to say every system has positive and negative sides.
     
  93. xtacydima

    xtacydima LI Guru Member

    @phykris
    I agree, and my main reason is that in certain situations (ie: a lot complexes, or dorms, etc...) people often have a large bill and split it for a high speed account, whomever the carrier is. In some instances, it is not split evenly because you have person A telling you he only needs XX amount and barely uses it, whereas person B is a gamer and a torrent person and he wants more. I believe in the great creed of "you get what you pay for" and that's how it should be.

    @Monk E. Boy
    " I can't bandwidth limit individuals who are performing perfectly legitimate tasks today just because a few days ago they came in running a P2P app."

    Sorry but I disagree, it's a matter of personal opinion I suppose, but habit's, like history, from my experience are found to often repeat themselves, and yes people will do it again.
     
  94. CTXSi

    CTXSi Network Guru Member

    Running an RT-N16 with Toastman's 7498.1 VPN VLAN build with a 1tb EXT3 formatted USB drive.

    Lately I've noticed that my router's USB drive performance seems to be degrading the longer the router is up. I don't recall experiencing this before. After this happened today CPU usage bounced between 50-100% (normally it is <5%). There was nothing obvious in the log. Also, the further confound things at times the router stops responding to both the web GUI and telnet. Both of these also happened with build 7497.1.

    The first thing I noticed was USB drive performance slowing the longer the router was up. For example, open a video on the USB drive from my laptop using VLC. The video played maybe 10 seconds and then stuttered to the point that it was unwatchable. I tried to copy the file (2gb) over wifi (reporting 144mbps connection) and Win7 Pro x64 was telling me it would be 3hrs. Rebooted the router and the video played fine, and the same Win7 machine is reporting only 19 minutes to copy the file. The router had 20 days uptime prior to reboot. Same thing happened today, ran a backup job from my gigabit wired PC and it took 2hrs to copy 2gb, normally it would have been a few minutes. Router had been up about a week.

    Any idea what is going on or what I should be looking for? I've been running Toastman builds for about 6+ months (teddy bear's build 54 previously). The only significant config change I've made in the past 3+ months has been to setup a 2nd guest SSID using Teaman's GUI. The other thing I've noticed recently is the warning that maximal mount count has been reached and to run e2fsck: http://tomatousb.org/forum/t-458315...ning:maximal-mount-count-reached#post-1407677

    Any pointers on how to diagnose this would be appreciated.
     
  95. zavar

    zavar Networkin' Nut Member

    These are very handy. Are there other NVRAM variables that it's ok to do this for, such as SSID, CIFS or RSTAT settings?
     
  96. Monk E. Boy

    Monk E. Boy Network Guru Member

    Um, perhaps I wasn't clear. I legally cannot prevent a student from completing their schoolwork on time just because a couple days ago they brought in their laptop from home with P2P still running. I have to maintain a balancing act where the school is protected from their illegal activities (since we're liable) yet still allow them to obtain an education.

    If you want to limit their bandwidth you can create a rule that specifically includes their MAC address and have a QoS category apply to them. Better still, create a static lease for them based on their MAC address, then create 2 additional rules for traffic flowing to and from their IP address. Voila, bandwidth limiting. Better still, create rules for other like-minded individuals and put them in the same category, so they all get to fight for the same miniscule fraction of your bandwidth. QoS is far more powerful than many give it credit for.

    Ideally though you should just prioritize their traffic into legitimate (WWW, email, etc.) and illegitimate (P2P, etc.) and let everyone live under the same umbrella. No favoritism, no cronyism, just rules that everyone has to live with.
     
  97. xtacydima

    xtacydima LI Guru Member

    @Monk E Boy
    If you look at my response to phykris you will see I do not have a school with legality being an issue. It's like I said before, everyone has/can have a different reason for it. I really don't want to argue about that, it will go in endless circles. In some cases, people get what they pay for, in others, there might be other reasons. And in some cases, yes, left over bandwidth can just sit there being unused. I understand your adamant pro-Qos feelings and the need to use them to their full potential, but they aren't for everybody... just my opinion.
     
  98. BikeHelmet

    BikeHelmet Networkin' Nut Member

    I still think that both the BW Limiter and QOS have their uses. Sometimes you need to not mess with packet priority, but you do need to slow things down...

    As an example, BWLimiter would be a "fair" way to split a DSL connection for a duplex in two. No favouritism. Both sides get half, and the building owner pays $34.99/mo for 6mbit instead of 2x $29.99/mo for 2x 3mbit. (as an example)

    It's really easy to setup. I could guide someone through it over the phone. QOS, not so much...
     
  99. SergeyVl

    SergeyVl Serious Server Member

    Hi!
    I have a problem with ASUS RT-N16 with firmware tomato-K26USB-NVRAM60K-1.28.7498.1MIPSR2-Toastman-RT-VPN.trx
    After setup OpenVPN server on my router,some parameters have been lost or changed:
    These nvram parameters changes at each device reboot.
    Because of t_features parameter changes, I have lost some parameters in web interface.
    Checkbox "Avoid performing an NVRAM commit" do not solve this problem.
     
  100. Planiwa

    Planiwa Network Guru Member

    NVRAM60K

    The RT-N16 has only 32k of usable NVRAM:
    Code:
    Analysis of NVRAM flash partition
     
    131072 NVRAM partition size (mostly unusable!).
     98304 Unusable initial portion of partition.
     32748 Total usable NVRAM space (after 20-byte header).
     25809 Actually used NVRAM space.
      6939 Free NVRAM space (approx).
       984 Used NVRAM variables.
     
    From nvram command (not from flashed NVRAM), includes uncommitted settings:
    984 entries, 25830 bytes used, 6938 bytes free.
    
    Checkbox "Avoid performing an NVRAM commit" do not solve this problem.

    Why would it?

    The damage was already done when you flashed the wrong firmware.
     

Share This Page