[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. boulder

    boulder Network Newbie Member

    My case: in 2018.4-Max version NAT-PMP doesn't work at all, at least while both UPnP and NAT-PMP are enabled. NAT-PMP works just fine in 2018.3.011-beta-Max. Checked on Linksys E2000 with uTorrent and Tranmission 2.94 on Windows.
    Last edited: Nov 5, 2018
  2. thewaywardgeek00

    thewaywardgeek00 Connected Client Member

  3. Tony Ramirez

    Tony Ramirez Serious Server Member

    Thanks for keeping Tomato up to date. Since I was running AdvancedTomato which also seems to be abounded and I first decided to try DD-WRT again. Well DD-WRT still sucks and now I know why I switched 2 years ago.

    Wifi speeds still drop and don't top out. Wifi still randomly drops. Wifi range is the same as Tomato so where are the benefits. Still no support if you have any issues all know it all's on there forms who tell you to just "Search" which does not work or "Google it" which I did which is why I am asking or do there stupid 30/30/30 which also does not work.

    Well running the latest FreshTomato on my R7000 and running the "olio_v1" theme which makes it look decent it runs great. I still would like a fork of Advanced FreshTomato.
  4. kille72

    kille72 LI Guru Member

    Look here:
  5. kille72

    kille72 LI Guru Member

    Soon I hope :)
    Goggy, gaselar, Techie007 and 5 others like this.
  6. oTradeMark

    oTradeMark New Member Member

    Hello, I have a Tenda AC15 that I would like to install Tomato on. Are the instructions listed below valid for FreshTomato? They were originally posted by Techie007 in another thread.
    1. Connect an Ethernet cable between your PC and port 1 on the router.
    2. Set your PC to use a static IP address of (instructions are here if you need them).
    3. If the router is on, turn it off. Find the reset hole at the top of the router and insert a paperclip to hold the reset button down. While holding reset down, power the router on.
    4. After about 25 seconds, the right-most LED (with the gear/settings symbol) should turn on. If it doesn't after a minute, you probably didn't hold the reset button down the whole time. Go back to step 3.
    5. Release the reset button and open in your web browser.
    6. Use the CFE screen to upload the new firmware.
    7. Give the router about five minutes to upload, flash and reboot. When the router reboots, all the lights will flash briefly. Once Tomato is up and running, the two WiFi LEDs will light up.
    8. Click the Continue link (or reopen in your web browser) to configure your new firmware. Default username and password are both admin.
    9. As the Tenda settings are incompatible with Tomato, go to Administration -> Configuration -> Restore Default Configuration, select Erase all data in NVRAM memory and click [OK].
    10. Don't forget to re-set your PC to get its IP automatically when you're done!
    I apologize for my lack of knowledge regarding the topic. I haven't had Tomato since my WRT54G and I have had this Tenda sitting around so I wanted to test it out.
  7. rgnldo

    rgnldo Networkin' Nut Member

  8. Tony Ramirez

    Tony Ramirez Serious Server Member

  9. sac7000

    sac7000 Networkin' Nut Member

  10. Admiral2145

    Admiral2145 New Member Member

    Anyway to fix the poor 5ghz signal problem? Either a different firmware or something....
    Last edited: Nov 7, 2018
  11. rgnldo

    rgnldo Networkin' Nut Member

    In Wireless mode: auto
    Channel 40
  12. Tony Ramirez

    Tony Ramirez Serious Server Member

    That made it much worse for me. Went down to 3 bars only 1 meter from the router.
    Admiral2145 likes this.
  13. Techie007

    Techie007 Networkin' Nut Member

    Should've been posted in the Tenda AC15 thread, but yes; you bet those instructions are still good. They are unlikely to need updated and would apply to any Tenda AC15 firmware installation as the instructions are for the router's built-in CFE and a PC. The Tenda AC15 with Fresh Tomato is my "go to" router for most residential networks, although the 5 GHz WiFi remains weak as no one has figured out how to turn on its power amplifiers from Tomato yet.
    Last edited: Nov 7, 2018
  14. rgnldo

    rgnldo Networkin' Nut Member

    It will depend on the router. With me, on the router RT-AC68U, use channel153, 80ghz ..
    Increase TX Power to 200mw
  15. usergay

    usergay Reformed Router Member

    I have the best 5ghz result with the following settings on my R7000:

    80 Mhz - Channel 149 or 153 - 5ghz country setting = SINGAPORE, TX power = 0, Wmm = Enable, Frame Burst = enable.
  16. tbrautaset

    tbrautaset Connected Client Member

    Any hope to get back CaptivePortal, as mentioned by @pedro ?
  17. AndreDVJ

    AndreDVJ LI Guru Member

    You can always clone the repo then compile a target yourself. If you find a component which is unstable, you can always try to fix it and hopefully do a PR.

    If we can live with NoCatSplash's limitations and flaws, a git revert is all it takes.
    I don't do releases, so I don't mind if FreshTomato features it.
    tbrautaset likes this.
  18. Bad_Dog

    Bad_Dog Connected Client Member

    I haven't found this written elsewhere, so I think I may have stumbled on a bug...

    Running ASUS AC3200. I repeated this in Freshtomato 2018.3 and 2018.4.

    The issue I ran into is changing the Router's IP address. In Basic | Network, I changed the router's IP from, to, and the DHCP range to be ~ 254. Upon reboot, the NVRAM appears to get screwed up because when I go back into the Basic | Network screen, I can't click on any of the buttons (Scan for Wireless Networks, SAVE, etc.). I also have three large-font headers on the page for WAN 2, WAN 3 and WAN 4, with a single empty (small) box beneath them.

    Rebooting it seems to get it stuck. It doesn't appear to be in a reboot loop, as all the lights come on and stay on, but I can't reach the router (by either IP) and DHCP doesn't respond.

    This was after flashing from Shibby 140 to 2018.4, clearing NVRAM. I re-installed the Freshtomato firmware many times, each time clearing NVRAM. The very first change I would make would be to adjust the router's IP and DHCP range to get this end result. I initially made other changes, but narrowed it down to changing the router's IP and DHCP range causing this. I didn't try just the router IP, but by that point, I just wanted it to work.

    I later tried making other edits to the configuration, and then go back to the Network configuration page to change the IP & Range, and got the same result.

    So as it stands, the router is working with 2018.4, but I'm stuck with the default IP. I did change the DHCP range, without changing the router's IP, and it remains stable.

    So, is there any way to change the router's IP?
  19. pedro311

    pedro311 Addicted to LI Member

    Clean browser cache, and/or use ctrl+F5
    kille72 likes this.
  20. Carmine

    Carmine New Member Member

    Feature Request - add SoftEther VPN Server and Client functionality

    Thank you all for continuously updating Tomato. I would suggest the addition of SoftEther VPN Server and Client functionality. My tests adding the Lancethepants builds to my R7000 Freshtomato setup show increased throughput performance over OpenVPN.

    I think adding SoftEther VPN support would increase the flexibility and functionality to what is already a great project.
    maurer and Wizardknight like this.
  21. wetpaint

    wetpaint Reformed Router Member

    You are doing the right thing, i believe, but i suspect that your computers ip address isn't changing when you change the router ip address. I have changed the ip address of both my routers to 192.168.10.x quite happily but my laptop (Win 10) doesn't change with it until I have disabled and re-enabled the network card......maybe something to try.......

    Can also try a 30/30/30 reset as a good clearout

    Good luck
  22. Bad_Dog

    Bad_Dog Connected Client Member

    That did it! Actually, I used Firefox's Privacy mode while doing the changes. :)

  23. danell

    danell New Member Member

    Have anyone figured out how to get a good and strong wifi connection (2.4 and 5) for the R6250 yet?
    I have search long and far and tried most of the things I found but nothing that makes the wifi go above ~50mbit while stock gives 250mbit for me. I have tried Tomato, FreshTomato, AdvancedTomato, DD-Wrt and OpenWRT but all gives same result. :/
  24. rgnldo

    rgnldo Networkin' Nut Member

    Increase STUBBY native FreshTomato

    After some testing with FreshTomato's native Stubby, with DNSSEC and DoT support. I came to this configuration. Excellent latency

    Stubby 0.23 interacts with the Stritc-Order option.

    In Wan Up

    cp -R /jffs/scripts/stubby.yml / etc

    tls_ca_file: "/rom/cacert.pem"
    resolution_type: GETDNS_RESOLUTION_STUB
    tls_query_padding_blocksize: 256
    edns_client_subnet_private : 1
    idle_timeout: 60000
    round_robin_upstreams: 1
    appdata_dir: "/opt/var/cache/stubby"
      - 0::1@5453
    # IPv4 addresses
    # Cloudflare
      - address_data:
        tls_auth_name: "cloudflare-dns.com"
      - address_data:
        tls_auth_name: "cloudflare-dns.com"
    # Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS
    #  - address_data:
    #    tls_auth_name: "dns.quad9.net"
    # The Surfnet/Sinodun servers
    #  - address_data:
    #    tls_auth_name: "dnsovertls.sinodun.com"
    #    tls_pubkey_pinset:
    #      - digest: "sha256"
    #        value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
    #  - address_data:
    #    tls_auth_name: "dnsovertls1.sinodun.com"
    #    tls_pubkey_pinset:
    #      - digest: "sha256"
    #        value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
    # The getdnsapi.net server
    #  - address_data:
    #    tls_auth_name: "getdnsapi.net"
    #    tls_pubkey_pinset:
    #      - digest: "sha256"
    #        value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
    # IPv6 addresses
    # Cloudflare
      - address_data: 2606:4700:4700::1111
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 2606:4700:4700::1001
        tls_auth_name: "cloudflare-dns.com"
    # Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS
    #  - address_data: 2620:fe::fe
    #    tls_auth_name: "dns.quad9.net"
    # The Surfnet/Sinodun servers
    #  - address_data: 2001:610:1:40ba:145:100:185:15
    #    tls_auth_name: "dnsovertls.sinodun.com"
    #    tls_pubkey_pinset:
    #      - digest: "sha256"
    #        value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
    #  - address_data: 2001:610:1:40ba:145:100:185:16
    #    tls_auth_name: "dnsovertls1.sinodun.com"
    #    tls_pubkey_pinset:
    #      - digest: "sha256"
    #        value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
    # The getdnsapi.net server
    #  - address_data: 2a04:b900:0:100::38
    #    tls_auth_name: "getdnsapi.net"
    #    tls_pubkey_pinset:
    #      - digest: "sha256"
    #        value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
    Tests DNSSEC:



    Last edited: Nov 22, 2018
    linkiTom likes this.
  25. txnative

    txnative Addicted to LI Member

    Do you have apple devices that are not opening ports while NAT-PMP is selected? If so could show some logs.
  26. roberthuang

    roberthuang Networkin' Nut Member

    Currently I'm worried about the stability of running Tomato on R6250. 2.4G is almost unusable with Tomato by Shibby v138 due to the driver issue. Constant packets loss is noticed. If 2.4GHz is stable on FreshTomato latest version, I will love to migrate. I don't care about the throughput that much.
  27. sac7000

    sac7000 Networkin' Nut Member

    Last edited: Nov 11, 2018
  28. pedro311

    pedro311 Addicted to LI Member

  29. sac7000

    sac7000 Networkin' Nut Member

    pedro311 I
    I do not see your link, this fix - 5713e12
    - https://bitbucket.org/tsynik/tomato-arm/commits/5713e12745bc6d1f422111648ec3bc9113cf193c
    This will allow using GeOIP without installing Entware.
    (Tomato must be compiled with GeoIP data in firmware (geoip files in / usr / share / tor)

    Add to Administration / Scheduler / User 2
    Here is a custom script -
    # TOR GeoIP DB
    logger -s $(basename $0) "### TOR GeoIP DB ###"
    if [ -d /opt/share/tor ]; then
    [ -f /opt/share/tor/geoip ] && \
    ( ! mount | grep -q "/tmp/tor/geoip" ) && {
    logger -s $(basename $0) "### GeoIP found in /opt, mount..."
    touch /tmp/tor/geoip
    mount -o bind /opt/share/tor/geoip /tmp/tor/geoip
    [ -f /opt/share/tor/geoip6 ] && \
    ( ! mount | grep -q "/tmp/tor/geoip6" ) && {
    logger -s $(basename $0) "### GeoIPv6 found in /opt, mount..."
    touch /tmp/tor/geoip6
    mount -o bind /opt/share/tor/geoip6 /tmp/tor/geoip6
    mkdir -p /tmp/tor && cd /tmp/tor
    wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz
    gunzip GeoLite2-Country.mmdb.gz
    wget https://gitweb.torproject.org/tor.git/plain/src/config/mmdb-convert.py
    python mmdb-convert.py GeoLite2-Country.mmdb
    chmod 644 geoip*
    rm -f GeoLite2-Country.mmdb*
    # Reload TOR config to use GeoIP data
    kill -HUP `pidof tor`

    Sorry pedro311 I saw this path on your links - /tmp/tor usr/share/tor. But when I installed
    firmware geoip not working, in the firmware from tsynik it worked.
    Last edited: Nov 11, 2018
  30. pedro311

    pedro311 Addicted to LI Member

    That @tsynik commit, which you point me out, only adds a symlink, nothing more.
    And it's already implemented in FreshTomato.
    So you can copy geoip db to /tmp/tor/geoip[6] by custom script or by hand, and just reload tor.

    And/Or add this to the tor custom config:
    ExitNodes {XX}
    StrictNodes 1
    where XX is country code. And it's fully working.

    If db has to be in other location ie. /opt/etc/geoip, add:
    GeoIPFile /opt/etc/geoip
  31. sac7000

    sac7000 Networkin' Nut Member

    Thank you pedro311 I now use the firmware from @tsynik . As soon as you release a new firmware I will install it again and check the operation of the geoip.
  32. davexx

    davexx New Member Member


    i @kille72 installed the 2018.4 and i have a serious problem, with shibby 140 i had adblock enabled and everythings working fine, but now if i activate adblock i have no internet access....
    please fix this serious bug
  33. pedro311

    pedro311 Addicted to LI Member

    Please read a few posts back in this thread about adblock problems (to be more accurate, with one of the blacklist).
    M_ars and rgnldo like this.
  34. rgnldo

    rgnldo Networkin' Nut Member

    This is a blacklist formatting problem created by some server. This is already being planned and fixed in FreshTomato build 2018.5. Uncheck all server options and add only this blacklist: http://sbc.io/hosts/hosts
  35. mauriga

    mauriga Serious Server Member

    Sorry Rgndlo but you prolly didn’t see my post #1187, so I ask you one more time.
    I’ve understand step 1 and step 2 but I dont understant what I have to do with
    ecc ecc
    Tnx in advance for your help

  36. rgnldo

    rgnldo Networkin' Nut Member

    this is the path to the FreshTomato firmware TLS security certificate.
  37. davexx

    davexx New Member Member

    using stubby it stop the adblock feature?
  38. icecold2018

    icecold2018 New Member Member

    I'm currently on dd-wrt but would like to move to freshtomato arm.
    Device - Netgear R7000. Questions

    1. Are there Wifi issues on 2.4 and 5ghz? on dd-wrt this currently isn't great.
    2. Is there any plans to include support for wireguard VPN in FreshTomato?

    TrueDis likes this.
  39. Pasha_ZZZ

    Pasha_ZZZ Serious Server Member

    FreshTomato 2018.3 and TUNNELBROKER: on the router all works fine (ping6 and curl -6) but on any connected device works only ping6/ping -6 and curl -6 returns (after long timeout) connection reset.
  40. xixix

    xixix Networkin' Nut Member

    Appreciate everybody's effort and commitment.
    I searched but couldn't find anything on this and other communities.
    AC68U B2 is apparently the router HW version we currently get from Amazon on the US market.

    Is there any chance to have a AC68U B2 compatible build in the near future?
    I'm about to return the router in case response is negative, while I'm still in the return window.
  41. Black6spdZ

    Black6spdZ LI Guru Member

    infekto likes this.
  42. linkuser

    linkuser Network Newbie Member

    Can someone with the tmobile ac1900 hardware version 170 tell me which version works best for you of this firmware or does this firmware not work with this model? I tried searching for mobile but don't see any reference on compatibility.
  43. Crisby

    Crisby Network Newbie Member


    First off thanks for the hard work. It's really appreciated.

    I was wondering if it's possible to flash this within advanced tonato as I love the gui of AT.
    Would this be possible?

  44. Wizardknight

    Wizardknight Serious Server Member

    I have a question/observation about the FTP server in FreshTomato.
    If I set the router IP address to something that does not end in a 1 E.G. I am unable to connect to the FTP server from the WAN side. If I set it to I have no issues connecting. Is this expected behavior?
    I would have expected that any IP in the subnet should work.
  45. thyestes

    thyestes Network Newbie Member

    Then you could use this version: hxxps://bitbucket.org/AndreDVJ/advancedtomato-arm/overview
  46. rgnldo

    rgnldo Networkin' Nut Member

    For better configuration of Stubby in FreshTomato:
    In Basic Network, configure DNS as manual. In DNS1, add; DNS2.
    linkiTom likes this.
  47. rgnldo

    rgnldo Networkin' Nut Member

  48. davexx

    davexx New Member Member

    anyone know online dot checker?
  49. Patrick B

    Patrick B New Member Member

    I bought a brand new Netgear Nighthawk R7000P on July 19th, 2018. It is running the current version of Netgear firmware.
    Firmware Version V1.3.1.44_10.1.23

    I'm trying to install Fresh Tomato.

    I did a "Reset to Factory Settings." I went through the startup wizard to change the password, etc, etc.

    I downloaded the Initial File Loader:
    -rw-r--r--@ 1 me staff 6193210 Nov 14 2016 tomato-R7000-initial.chk
    -rw-r--r--@ 1 me staff 6188786 Nov 18 08:32 tomato-R7000-initial.zip
    MD5 (tomato-R7000-initial.chk) = 03891e69819c00f0a4de9aa3b369cfea
    MD5 (tomato-R7000-initial.zip) = a8141dcc24a4199e8c12616011ba438b

    When I try to upload the tomato-R7000-initial.chk file as a new firmware, my router gives me the error:
    "This firmware file is incorrect! Please get the firmware file again and make sure it is the correct firmware for this product."

    What am I doing wrong?

  50. tripper22

    tripper22 Serious Server Member

    Patrick B likes this.
  51. Wizardknight

    Wizardknight Serious Server Member

    I am having VPN issues that I would like some feedback on.
    I have freshtomato-R6300v2-ARM-2018.4-AIO-64K loaded on my router.
    I have the VPN client setup with Windscibe, and it is able to make a connection without any issues.
    I also have the routing policy tab with the following:
    Redirect through VPN - checked.
    From source IP (checked enable)

    I set my server to
    I set my laptop to

    It is my understanding that with a .155 address and a /25 mask it should not be routed over the VPN.
    Only .128 and under IP's data should be sent over the VPN.
    However when I check the IP from the outside I am getting the VPN WAN IP.
    I also get near identical trace route results.
    As far as I can tell the whole subnet is going over the VPN.

    I also tried setting From source IP in an test to only send the laptop traffic over the VPN.
    I thought that maybe the mask was not working correctly.
    The results were the same.

    Am I misunderstanding the VPN routing tab's purpose and function?
    I don't want my server traffic to go over the VPN. Just the laptop's traffic.

    Thanks in advance for your feedback.
    Last edited: Nov 19, 2018
  52. cobrax2

    cobrax2 Serious Server Member

    any chance to have netgear r6400v2 supported?
    thanks guys!
  53. rgnldo

    rgnldo Networkin' Nut Member

    Pixelserv-tls 2.2.1-rc.3 (2018-11-15)
    • NEW enhance blocking of pop-up ads during playback of YouTube video
    • CHANGE more accurate avg/max processing time, avg and tmx
    • NEW save all cached certs to "CERT_PATH/prefetch" on signal SIGUSR1
    • e.g. killall -SIGUSR1 pixelserv-tls
    • CHANGE save all cached certs on program shutdown (previously top 3/4)
    • CHANGE default "cert cache size" (-c) to 500 (previously 50)
    • CHANGE default "select timeout" (-o) to 1s (previously 10s)
    • CHANGE more accurate max. processing time, tmx
    Pixelserv-tls is recommended for use with Adblock solutions. I organized a post here in the forum directing to install in Tomato's build. Follow.
  54. srouquette

    srouquette Network Guru Member

    Pixelserv-tls isn't integrated with the adblock's solution in FreshTomato?
    cyber062 and The Master like this.
  55. infekto

    infekto Reformed Router Member

    Same here, was surprised to see the r8000 supported but not the AC3200. Hopefully AndreDVJ eventually adds support. Shouldn't be too hard with the same chipset, etc
  56. cobrax2

    cobrax2 Serious Server Member

    how can one add a new router? is it difficult? or it is just a matter of router detection by board id?
    my r6400v2 is a r7000 or just as close as possible, was wondering how hard is it?
    if it is just a matter of detection, i was contemplating the idea of building an image myself. but i'm a noob and i'd probably brick the router, if i could compile it anyway lol
  57. srouquette

    srouquette Network Guru Member

    edit: nvm, AC3200 is also the name of a netgear, not the asus one.
  58. txnative

    txnative Addicted to LI Member

    The sources https://bitbucket.org/kille72/freshtomato-arm, you can read how too's README.md. Before doing anything of the sort know how to unbrick any mistakes don't write over codes unless you know what you are doing, you could add dd-wrt source for the r6400v2 and add it so that your workable image is detected and go from there to correct any other misc issues that will be present. Yes it can be difficult and time consuming to add a new device especially if a dev doesn't have have one in hand, but since dd-wrt has a working one kinda use some data. You can look at commits to try to fill in the blanks as to what you need to add to what files and folders to get a working build. Good luck
    kille72 likes this.
  59. txnative

    txnative Addicted to LI Member

    Freshtomato-arm does have a the ac3200-vpn and aio builds on kille72 page https://exotic.se/freshtomato-arm/ unless you need the Advancedtomato-arm?
    kille72 likes this.
  60. tvlz

    tvlz LI Guru Member

  61. moffa

    moffa Addicted to LI Member

    It's working fine as a RT-AC68
  62. golf247

    golf247 Network Newbie Member

  63. TrueDis

    TrueDis LI Guru Member

    Wireguard support would be awesome. OpenWRT includes it now but supports far less hardware.
  64. davexx

    davexx New Member Member

    on this line of the pixelsrv config
    ifconfig br0:pixelserv up

    the ip, is the ip of the router or a new interface ip?
  65. RMerlin

    RMerlin Network Guru Member

    Not possible, requires a more recent Linux kernel.
    Elfew, rgnldo, pedro311 and 1 other person like this.
  66. golf247

    golf247 Network Newbie Member

    Wow...so funny maybe only to me...but I just realized that the TM-AC1900 info should be in this thread for ARM routers, not in the MIPS one... Cross posting for those following this thread...
    Link to original post in MIPS. https://www.linksysinfo.org/index.php?threads/fork-freshtomato-mips.74145/page-6#post-300505

    ...but the AC68's seem to be working great.
    Some notes for others in case it's helpful:

    • All are ASUS, WPS button for ~30sec during power up clears NVRAM for all of them.
    • ALSO, this is firmware work...be wired...especially for the CFE stuff on AC1900RT
    • This is only important if you have a lot of complicated settings (access restrictions, QOS rules, VPN?, static DHCP, port fowarding). Prior to getting rid of old setting: I used Tools/SysCommands and Nvram Show to copy all my variables to txt file and also did this to the barefoot config (clear NVRAM). Then I was able to paste into excel both columns, do a compare to find modified variables, and then concatenate to make it like this: NVRAM SET Name=".." Then when I was done it was fairly easy to run groups of these and nvram commit on the new firmware builds. (I came from tomato to a new tomato, this may not always work as sometimes syntax and variable names can change between versions...do at your own risk).
    1. TM-AC1900RT to RT-AC68U (2 of them, 1 as AP, 1 main router)
      Old was Shibby RT-AC68U-ARM--140-AIO-64
      NEW RT-AC68U-ARM-2018.4-AIO-64K
      I had already converted to Shibby a couple years ago but wanted to inject the latest AImesh CFE. NOTE: I'm not an expert here, and some of these 'backward' steps, may not be needed, but they worked well and didn't take long (30 min total). Generally followed the Bay Tech Pros guide. Backed up config and using nvram show, cleared NVRAM using WPS 30sec power on, backed up barefoot config and nvram show, loaded the TM firmware x1703 using web interface, rebooted, cleared NVRAM, did CFE injections, updated to firmware x3626 using the mtd-write2 method, SSH'd MTD5 away, cleared NVRAM, loaded freshtomato image using web interface, rebooted, cleared NVRAM, saved barefoot config and nvram show variables. A this point I was good and started reconfiguring routers (I used the NVRAM set method for a lot of larger variables as mentioned at the start).
  67. boulder

    boulder Network Newbie Member

    Sorry, we have no Apple devices at all. Could the logs for uTorrent and Transmission be of any help?
  68. Steven Carmichael

    Steven Carmichael New Member Member

    First, apologies if this is the wrong thread for asking about
    Wireless Ethernet Bridge mode with FreshTomato-ARM 2018.4

    Feeling lucky after installing it on an EA6500v2,
    this experiment was to replace a WUMC710,
    being used with only intermittent success for
    connecting a TiVo Mini to Roamio via Sagemcom F@ST 5260.

    On the EA6500v2, eth1 was disabled and
    eth2 set to Wireless Ethernet Bridge (from Access Point).
    SSID and width were set to match Sagemcom values from Wi-Fi survey:
    MySpectrumWiFib4-5G B8:EE:0E:BD:F2:BB -70 dBm 50% ch 155 5 GHz 80 MHz WPA2-Personal AES 11ac

    After setting the key and saving,
    attached PC communicates well with the Internet and 5260 router,
    which reports the EA6500v2 now @
    FreshTomato also works for linking the TiVo mini to Roamio...

    The EA6500v2 now responds to ping but neither web browser nor SSH from putty.
    How to access FreshTomato while in Wireless Ethernet Bridge mode?
    Something else should have been configured before saving into Wireless Ethernet Bridge mode?
    Worst case, can some reset restore default gateway mode..?
  69. rgnldo

    rgnldo Networkin' Nut Member

    Last edited: Nov 26, 2018
    kille72 likes this.
  70. barry80

    barry80 Network Guru Member

    manage to get my "new" router D-link DIR-868L A1 flashed to 2018.4.

  71. kille72

    kille72 LI Guru Member

    2018.5.083-beta ARM is ready for download - enjoy!

    And as always, donations are very welcome ;)

    More information in the first post.
    Last edited: Nov 26, 2018
  72. sac7000

    sac7000 Networkin' Nut Member

    Thank! 2018.5.083-beta ARM
  73. txnative

    txnative Addicted to LI Member

    Nat-pmp is an apple upnp type for airport device, but it doesn't hurt to enable it or disable it.
    Are you using another sourced torrent? or the tomato bittorrent? Do you know what port is supposed to open and if so you can do a port forward for the time being, and by chance do you know if the torrent you are using is suppose to work with upnp?
  74. txnative

    txnative Addicted to LI Member

    Have you tried clearing the browser cache to gain access to the gui? If you did create a new password, user:admin, passwd:admin and if all else fails you can push the reset button and hold it while the router is off then plugging it in, but check the moniton install guide as I'm sure that info maybe in there, to reset to defaults. Hopefully there isn't a problem with using this feature of gaining access after a flashing and setting up the WEB?
  75. davexx

    davexx New Member Member

    i installed this version, and it remove the stubby option....
  76. davexx

    davexx New Member Member

    i installed this version, and it remove the stubby option....
  77. rgnldo

    rgnldo Networkin' Nut Member

    Beta version
  78. Steven Carmichael

    Steven Carmichael New Member Member

    Thanks for suggestions, txnative.

    I did not clear the browser cache;
    - before configuring WEB, its address was
    - after configuring WEB, its address is,
    and browsing gets our main router for
    - putty has no cache, and I had logged in several times
    with previously set id and password
    that were not changed (by me) and are no longer prompted
    from multiple PCs.

    In fact, from the Wi-Fi side, it does not respond even to ping..

    Meanwhile, the box is deployed for testing
    how much more stable is its WEB than the WUMC710 being replaced.

    I suppose that appropriate reset would involve
    * holding the reset button during power-on,
    to provoke the CFE bootloader webserver.
    * selecting "Restore default NVRAM values"

    I am unaware of moniton install guide; where is that?

    I found no clear evidence that others use FreshTomato for WEB,
    much less on an EA6500v2.
  79. davexx

    davexx New Member Member

    ok got it,
    can you help me about pixelsrv on the other post?
  80. davexx

    davexx New Member Member

    i detect a bug, if i change the dns in basic network, after the save i lost the web access
    entering using ssh and reboot fix this issue.
  81. kille72

    kille72 LI Guru Member

    How to report a bug or problem:

    As the first step in troubleshooting any issue, try to reset the router to default settings using "Erase all data in NVRAM memory (thorough)" option on the "Administration -> Configuration" page of the FreshTomato GUI. Do not restore your settings from the backup configuration file - always reconfigure the router manually when troubleshooting the problem!

    Check the NVRAM usage on the Administration->Configuration page in the GUI. If the free NVRAM space is very low (or worse - 0%), you're running out of nvram space, and this is the most probable reason for the problem(s). In this case you will have to erase the nvram and reconfigure everything manually - there's no way around it. Keep an eye on the NVRAM usage while you're adding your settings.

    Further troubleshooting steps may vary depending on what kind of problem you're trying to solve. Be creative, and try to do as much troubleshooting as you can think of, and collect as many details about the problem itself and your configuration as possible.

    If you could not find the solution, and your own troubleshooting did not help, please follow the guidelines below to report the issue:

    • Always include your router make and model, and the exact version and edition of the firmware you're using - you can get it from the "About" page in the FreshTomato GUI.
    • Verify that there is a newer version of the firmware, and if so try to install it, reset the router to default settings, and test whether the problem is still there.
    • If this is a new issue, include the last version/build of the firmware that was still working properly.
    • Include any relevant configuration details - your wan/lan/wireless/usb/etc settings, WAN connection type, configuration of the clients etc - anything that you believe might be useful. If there are working and non-working configurations, please provide the details about both. If you're in doubt what's relevant - submit at least the output of "sysinfo" and "nvram show" commands (remember to mask out any personal information - passwords, MAC addresses etc). The output could be too big for the forum post - use pastebin.com (preferred) or any free file sharing sites to submit this info.
    • Describe your problem in details - what exactly you're trying to do, the expected results, the observed behavior, and steps to reproduce.
    • Describe what exactly you did to try troubleshooting the problem, and your results.
    • If at all possible, test whether the same problem exists in other firmwares available for your router.
    If after the bug report you're asked additional questions, or asked to do more troubleshooting steps, please answer each and every one of them! Even if you don't know the answer, or didn't do some of the steps suggested - mention this in your reply.

    Be courteous to developers and other people who are trying to help you, and don't make them to do any guesswork - volunteer the information!

    Thank you all for understanding and your cooperation in making this firmware better!
    user17600, txnative and rgnldo like this.
  82. kille72

    kille72 LI Guru Member

    How to report a bug or problem... (Read the information above).
    rgnldo likes this.
  83. pedro311

    pedro311 Addicted to LI Member

    Clean browser's cache, use Ctrl+F5 or change browser.
    Stubby is there, I'm sure about it, because using it right now...
    rgnldo and kille72 like this.
  84. rgnldo

    rgnldo Networkin' Nut Member

    Before reporting a bug in the FreshTomato build, do the following:

    - Make the installation clean;
    - Use another browser, without caching, to access web gui settings;
    - Consider that it is beta.
  85. rgnldo

    rgnldo Networkin' Nut Member

  86. rgnldo

    rgnldo Networkin' Nut Member

    This is IP reserved for Pixelserv-tls. You should first configure the IP range in DHCP. Pixelsev-tls IP should not be in the IP range reserved for DHCP.
  87. boulder

    boulder Network Newbie Member

    I don't like to set the fixed port by hand. And I like the idea of using the random port everytime because I have a bunch of routers and desktops :). Across the years I've found that NAT-PMP is the easiest way to cope with. That's it. I can easily try a dozen versions of firmware until I find a working one. Of course I'm aware about what can work and what cannot. Can solve it by myself in tens of ways.
    Just pointed out the problem with the particular firmware of particular router. At the top of this 13th page.
  88. cobrax2

    cobrax2 Serious Server Member

    but since dd-wrt supports it, is it difficult to port using kong's changelog? i looked into it, seems pretty straightforward, but there are lots of config params that i have no idea what they do. i imagine that for our beloved developers it is much more clear :)
  89. txnative

    txnative Addicted to LI Member

    I got it before, but hopefully your not still using the older build and have since updated, and remember this is the arm forum you had reported this it should be in freshtomato-mips.
  90. boulder

    boulder Network Newbie Member

    I think that bug NAT-PMP was not device-specific. On 2018.5.083 MIPSR2-beta K26 everything seems to work fine. Many thanks go to the developers!
  91. rgnldo

    rgnldo Networkin' Nut Member

    M_ars and kille72 like this.
  92. davexx

    davexx New Member Member

    all the procedure you post i follow without any issue, the problem is it didnt block anything... i need to setup a proxy server pointing to the bridge interface? or it will work with the dnsmasq inside tomato?
  93. tripper22

    tripper22 Serious Server Member

    M_ars and kille72 like this.
  94. Wizardknight

    Wizardknight Serious Server Member

    @kille72 @pedro311
    Thank you for your continued work. :)

    I downloaded the new 2018.5.083-beta, and the vpn client routing policy does not seem to be working.
    I selected 'from source' entered '' and checked enabled.
    Then I checked the path from a host with an address of, which is outside the mask the range. the data was going over the VPN.
    It appears that if the vpn is enabled, all internet traffic from clients is routed over the VPN.

    I am happy to double check, or get something. Just let me know what commands you need to have ran.
  95. pomidor1

    pomidor1 Networkin' Nut Member

    M_ars, pedro311 and kille72 like this.
  96. pedro311

    pedro311 Addicted to LI Member

    I presume you also checked "Redirect through VPN", "Ignore Redirect Gateway (route-noexec)" and "Create NAT on tunnel"?
  97. rgnldo

    rgnldo Networkin' Nut Member

    @kille72 i live in Brazil. Unfortunately the Euro currency is almost four times more expensive than my currency. Difficult to contribute the height with Paypal in Euro. I'll check another solution.
  98. rgnldo

    rgnldo Networkin' Nut Member

    For me, the only way to configure everything right in build 2018.5 is with physical reset and clean configuration, in the Firefox browser.

  99. Wizardknight

    Wizardknight Serious Server Member

    "Redirect through VPN" is checked.
    Create NAT on tunnel is checked.

    Could you tell me which tab has Ignore Redirect Gateway. I am not seeing it.

    Here are screen shots of the three client tabs. Maybe that will make things easier.
    Last edited: Nov 28, 2018
  100. txnative

    txnative Addicted to LI Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice