[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. Wizardknight

    Wizardknight Serious Server Member

    Could you please point it out to me? I don't see Ignore Redirect Gateway.
    https://imgur.com/oeBbKVJ
     
  2. spykos

    spykos LI Guru Member

    I have a couple of listening ports from eapd & nas that I don't know where they are coming from. Any clues ?

    udp 0 0 0.0.0.0:42000 0.0.0.0:* 1202/eapd
    udp 0 0 0.0.0.0:38000 0.0.0.0:* 1202/eapd
    udp 0 0 127.0.0.1:38032 0.0.0.0:* 1204/nas
    udp 0 0 0.0.0.0:43000 0.0.0.0:* 1202/eapd
     
  3. maurer

    maurer Network Guru Member

    that's broadcom's wifi authenticator (equivalent to FOSS hostapd)
     
  4. pedro311

    pedro311 Networkin' Nut Member

  5. cobrax2

    cobrax2 Serious Server Member

    i cloned both freshtomato and dd-wrt's source, and, as i suspected, there are not many places (mostly 5 or 6 files) where the router name r6400v2 or the board id/cpu name appear. also, all those params that appear in ddwrt next to r6400v2 are present in tomato too, just in another file, init.c vs sysinit-northstar.c . so it is just a matter of copying them where they belong. but doing so without breaking something is beyond my abilities. also, i can't compile the source, i really, really, really hate linux. it just can't "just work". one can't do anything in linux without a warning, an error, download a ton of other packages that are not compatible, ofc, etc, or some other panic announcement. did i mention that i hate it? right :)

    please, can you make a version for r6400v2? pretty please?
     
  6. spykos

    spykos LI Guru Member

    so this is for wpa2 authentication ?
     
  7. txnative

    txnative Addicted to LI Member

    Remember, the better the chances for a new device to be supported is when a dev has the device in his or her own hands, doing it the way you are describing makes it difficult to fix any discrepancy with cosmetics, performance stability, etc and it is time consuming this would take them away from current projects that take priority, I image dd-wrt devs would tell you the same. Tomato is made pretty simple follow what is laid out in the README.md in kille72 bitbuctet account, linux isn't that daunting if you can follow directions, but for the most part it is time consuming to add a new device but not impossible, make sure you know how to unbrick a router and have a serial ttl usb adapter handy as well just in case.
     
  8. Wizardknight

    Wizardknight Serious Server Member

    Thank you. That fixed it.
    I would have never found that hidden box without your help.
     
  9. abir1909

    abir1909 New Member Member

    Hello Kille72,
    I have R7000 and i am using the FreshTomato 2018.4.
    I noticed a bug on the Routing Policy on the VPN Client section. I am trying to setup 2 clients for the same IP Address. i put my apple tv with a Static IP. i would like Client 1 to give it one ip and client 2 different ip. (Not at the same time, turning one on when the other one is off and vice versa)
    on both clients i have these two checked:
    Ignore Redirect Gateway (route-nopull)
    Ignore Redirect Gateway (route-noexec)

    and i am using the routing policy on both for the apple TV. the problem is that once you start switching between client 1 and client 2 the vpn client wont work at all and all traffic goes through the ISP. i ran some tests and that only happens when you put the same IP in the routing policy. for example if client 1 is X.X.X.101 and Client 2 is X.X.X.102 that works fine, you can switch back and forth as much as you want. but when using same IP it messes it up.

    any way for me to work around it? Thanks
     
  10. Wizardknight

    Wizardknight Serious Server Member

    I will chime in here. Two clients on the same network can not have the same IP address at the same time.
    If you have an apple TV with x.x.x.101 (assuming a subnet of 255.255.255.0) then any other device has to be x.x.x.2 to x.x.x.100 and/or x.x.x.102 to x.x.x.254.

    Maybe we can help you find a better solution.
    Is there a reason you are trying to have two devices have the same address?
    What are you trying to accomplish with the routing policy?

    For example, I use a routing policy because I need my PC based traffic to go over the VPN, but I do not want my server traffic to go over the VPN. I used a x.x.x.64/26 routing policy. That gives me a .65 to .127 range for my VPN.
    I set my DHPC server to be .66-.126 and all my PC traffic goes over the VPN. I then use static IP address over .127 for anything I don't want to use the VPN.
     
    Last edited: Nov 29, 2018
  11. abir1909

    abir1909 New Member Member

    First thanks for the help. I am trying to accomplish the following for example:
    On my Apple TV that has a static IP. For Netflix for example each country gives you different content. So let’s say I want to watch some South America content so I turn on client 1 with the S. America vpn. Than I want to watch European content so I turn off client one and turn on client 2. Does that make sense?

    The only settings that works for me now is that client one is using the policy routing with no pull checked and client 2 isnt using the policy routing and route all traffic through the VPN. (Which isn’t desirable) I only want the Apple TV through the VPN.
    Thanks
     
  12. Wizardknight

    Wizardknight Serious Server Member

    Ah. I see what you are trying to do.

    Ok lets look at a few things.
    1. Make sure the static IP you are assigning your TV is outside of your DHPC range. This helps prevent issues later.
    2. Since you are only going to be using 1 device on the VPN put that IP (no mask /number) into the routing policy tab as from source IP and make sure enabled is checked next to it.
    3. On the Advanced tab uncheck Ignore Redirect Gateway (route-nopull). Leave Ignore Redirect Gateway (route-noexec) checked.
    4. Make sure that "Redirect through VPN", and "Create NAT on tunnel" are also checked.

    It is important to know that you can't have more than one client running at a time or it breaks everything. If you have multiple VPN client settings stored you have to press stop, wait a moment for the router to process the request, and then select the other VPN client and press start.

    Give that a try, and see if anything there helps.
     
  13. abir1909

    abir1909 New Member Member

    1. My DHCP is up to .199 my Apple TV is at .200
    2. Done! For both clients right?
    3 & 4 I unchecked route-nopull but when checking route noexec so redirect all traffic disappears. I can’t find how to check both Redirect Internet traffic and route noexec, one cancels the other.
    Create NAT on tunnel- checked!
    Thx
     
  14. cobrax2

    cobrax2 Serious Server Member

    i can help with the debugging and testing, of course.
    for the developer to get a router would mean that at least a few of us would donate to the cause. but it seems there aren't that many of us around these days, unfortunately :(
     
  15. Wizardknight

    Wizardknight Serious Server Member

    Look at this:
    [​IMG]
     
  16. abir1909

    abir1909 New Member Member

    7B535621-06BA-4481-BE0B-ADC56B41B85B.jpeg
    This are the settings I got exactly. I put the same exact settings for client 2 also only difference is the VPN address. It doesn’t work. It connects to client one let’s say, once I switch to client 2 it will show connected but traffic won’t go through the vpn. Did you test yourself?
     
    Last edited: Nov 29, 2018
  17. abir1909

    abir1909 New Member Member

    AE05CA2B-1579-4794-B3F9-428ADD23CE55.jpeg 2117A20C-53DB-4BBC-A093-A57F220BD9DC.jpeg CC2D057B-DC0C-41E7-95C3-4EE7E07F2EDF.jpeg 578D40FE-CF0D-4B9E-8D54-1EBDD5AA785D.jpeg 4859FE05-6DC5-49F5-8708-6438A3F2FC8F.jpeg AE05CA2B-1579-4794-B3F9-428ADD23CE55.jpeg 2117A20C-53DB-4BBC-A093-A57F220BD9DC.jpeg CC2D057B-DC0C-41E7-95C3-4EE7E07F2EDF.jpeg 578D40FE-CF0D-4B9E-8D54-1EBDD5AA785D.jpeg 4859FE05-6DC5-49F5-8708-6438A3F2FC8F.jpeg
     
    Last edited: Nov 29, 2018
  18. Wizardknight

    Wizardknight Serious Server Member

    I have three VPN clients configured on my router, and I can switch to whichever I want. They all work fine.
    I am assuming that you are pressing stop on client 1 and waiting a minute or so before pressing start on client 2.
    Using an IP address for the VPN server on client 2 is not a great idea. Best to use a resolvable name if the provider will give you one.

    I do see that the basic settings on your client 1 and 2 do not match.
    If it is the same provider, and just different servers, you might want to double check your settings in client 2.

    You might want to disable 'start with WAN' just to make your trouble shooting a little easier. Totally optional.

    Something you could try is to make a backup of your router (Optional. Just to make reloading easier), delete client 1 and put client 2's settings in to the client 1 spot. Then see if it works with just client 2's settings while leaving the other ones empty.
     
    Last edited: Nov 29, 2018
  19. abir1909

    abir1909 New Member Member

    OK Thanks i really appreciate all the help :). few things because i am not sure i am explaining myself clearly. (I apologize)
    yes, i am stooping one service wait a little and start the other one. the IP address in Client 2 was just changed last night before that i used a resolvable name.

    Client 1 and 2 basic setting doesn't match on purpose, one is without encryption and the one one with encryption and it let me connect with these current settings.

    now to the point itself. can you run a test for me on yours? you said you have 3 clients that are working. but do you have the same IP address in the routing policy like i do? 192.168.1.200 (i have on both clients) i feel like that whats breaking it. if on client 1 i put .199 and client 2 .200 there is no problem i can also switch as much i want. Thanks
     
  20. Wizardknight

    Wizardknight Serious Server Member

    Well I can say they were working. I rebooted my router this morning and none of my traffic is going across the VPN now.
     
  21. Wizardknight

    Wizardknight Serious Server Member

    @pedro311
    Pedro. Sorry to bother you again, but my traffic has stopped going across my VPN after I rebooted.
    Could you take a look again please?
    Here are my current settings.
    [​IMG]

    With these settings all routes from any device are not sent over the VPN.
    I have to check the Redirect Internet traffic box on the advance tab to access the VPN. That however ignores the routing policy, and all trafic from all devices is sent over the VPN.

    Do you have any other thoughts, or is there anything else I can get to help trouble shoot this?
     
    Last edited: Nov 29, 2018
  22. abir1909

    abir1909 New Member Member

    Exactly my point! and i hope it didn't stop working because of me :(
     
  23. pedro311

    pedro311 Networkin' Nut Member

    What's in log (vpnrouting, openvpn)?
     
  24. Wizardknight

    Wizardknight Serious Server Member

    @pedro311

    I am not great at reading logs, but I think this is what is happening.
    I am mostly clueless about the why however.

    Log File

    Reboot the system.
    Client 1 (tun11) is set to auto start.
    It does.
    Data from .111 goes over the vpn as expected.
    Data from .150 is sent over Vlan2
    Looking good so far.

    Stop the VPN client 1.
    Start the VPN client 2 (tun12).
    Seems to start.

    Data from .111 should now go over tun12.
    Data fails to go out tun12 and goes out vlan2

    Do you see any reason in the log file?
    Is there anything else I can try to get for you?
     
    Last edited: Nov 30, 2018
  25. Basta2k

    Basta2k New Member Member

    There is a problem with wifi throughput on Linksys EA6900

    If i change Country / Region under Adavance / Wireless to my country (Germany) my throughput will drop to 20mbit/s
    if i let stay it to andora (like default) it will be maxed possible connection.
    This start from original 140 firmware from shibby to freshtomato 018.5.083-beta

    I dont know why change region in something else will cut the throughput
     
  26. cobrax2

    cobrax2 Serious Server Member

    guys, i'm trying to build it for r6400v2 and i'm left with these params from sysinit-northstar.c (copied from dd-wrt) that i don't know where to insert. from what i can see, tomato doesn't have these parameters changed for every router?
    i can see something similar in init.c, and they are commented as some fix for the chipset. should i change them there? why does ddwrt have them different for each model and tomato doesn't? they seem pretty important, right? also, they are not the same for r6400/r6400v2/r7000.
    what should i do?
    thanks!
    Code:
    static struct nvram_param r6400v2_pci_1_1_params[] = {
        {"pa2gw1a0", "0x1cea"},
        {"pa2gw1a1", "0x1cea"},
        {"pa2gw1a2", "0x1ca9"},
        {"rxgainerr2ga0", "0x4811"},
        {"rxgainerr2ga1", "0x4811"},
        {"rxgainerr2ga2", "0x4811"},
        {"legofdmbw202gpo", "0x64200000"},
        {"ag0", "0"},
        {"ag1", "0"},
        {"ag2", "0"},
        {"legofdmbw20ul2gpo", "0x64200000"},
        {"rxchain", "7"},
        {"cckbw202gpo", "0"},
        {"mcsbw20ul2gpo", "0x86520000"},
        {"pa2gw0a0", "0xfe5c"},
        {"pa2gw0a1", "0xfe5c"},
        {"pa2gw0a2", "0xfe57"},
        {"boardflags", "0x80001a00"},
        {"tempoffset", "255"},
        {"boardvendor", "0x14e4"},
        {"triso2g", "3"},
        {"sromrev", "9"},
        {"extpagain2g", "0"},
        {"venid", "0x14e4"},
        {"rpcal2g", "0x0"},
        {"watchdog", "3000"},
        {"maxp2ga0", "0x60"},
        {"maxp2ga1", "0x60"},
        {"maxp2ga2", "0x60"},
        {"boardflags2", "0x00108000"},
        {"tssipos2g", "1"},
        {"ledbh0", "11"},
        {"ledbh1", "11"},
        {"ledbh2", "11"},
        {"ledbh3", "11"},
        {"mcs32po", "0x8"},
        {"legofdm40duppo", "0x0"},
        {"antswctl2g", "0"},
        {"txchain", "7"},
        {"elna2g", "2"},
        {"antswitch", "0"},
        {"aa2g", "7"},
        {"temps_hysteresis", "5"},
        {"temps_period", "10"},
        {"cckbw20ul2gpo", "0"},
        {"leddc", "0xFFFF"},
        {"pa2gw2a0", "0xf8e5"},
        {"pa2gw2a1", "0xf8e6"},
        {"pa2gw2a2", "0xf8dc"},
        {"phycal_tempdelta", "40"},
        {"xtalfreq", "20000"},
        {"ccode", "E0"},
        {"pdetrange2g", "13"},
        {"regrev", "827"},
        {"eu_edthresh1g", "-62"},
        {"devid", "0x4332"},
        {"tempthresh", "110"},
        {"mcsbw402gpo", "0xEEEEEEEE"},
        {"mcsbw202gpo", "0x86520000"},
        {0, 0}
    };
    
    static struct nvram_param r6400v2_pci_2_1_params[] = {
        {"rxgains5ghtrisoa0", "5"},
        {"rxgains5ghtrisoa1", "5"},
        {"rxgains5ghtrisoa2", "5"},
        {"mcslr5gmpo", "0"},
        {"txchain", "7"},
        {"phycal_tempdelta", "40"},
        {"pdgain5g", "4"},
        {"subband5gver", "0x4"},
        {"ccode", "E0"},
        {"boardflags", "0x30000000"},
        {"tworangetssi5g", "0"},
        {"rxgains5gtrisoa0", "5"},
        {"rxgains5gtrisoa1", "5"},
        {"rxgains5gtrisoa2", "5"},
        {"tempoffset", "255"},
        {"mcsbw205gmpo", "0x0"},
        {"xtalfreq", "65535"},
        {"devid", "0x43a2"},
        {"femctrl", "6"},
        {"aa5g", "7"},
        {"pdoffset80ma0", "0"},
        {"pdoffset80ma1", "0"},
        {"pdoffset80ma2", "0"},
        {"papdcap5g", "0"},
        {"tssiposslope5g", "1"},
        {"mcslr5glpo", "0"},
        {"sar5g", "15"},
        {"pa5ga0", "0xff46,0x19de,0xfcdc,0xff48,0x1be9,0xfcb1,0xff4a,0x1c3e,0xfcac,0xff44,0x1b91,0xfcb8"},
        {"rxgains5gmelnagaina0", "3"},
        {"pa5ga1", "0xff44,0x1945,0xfcee,0xff44,0x1b91,0xfcba,0xff42,0x1b62,0xfcbb,0xff42,0x1bf2,0xfca9"},
        {"rxgains5gmelnagaina1", "4"},
        {"pa5ga2", "0xff48,0x19ca,0xfce8,0xff48,0x1b25,0xfcc8,0xff44,0x1b6a,0xfcbb,0xff46,0x1bdb,0xfcb4"},
        {"rxgains5gmelnagaina2", "3"},
        {"mcslr5ghpo", "0"},
        {"rxgainerr5ga0", "4,0,0,5"},
        {"rxgainerr5ga1", "-5,0,0,-4"},
        {"rxgainerr5ga2", "1,0,0,-2"},
        {"pcieingress_war", "15"},
        {"pdoffset40ma0", "4369"},
        {"pdoffset40ma1", "4369"},
        {"pdoffset40ma2", "4369"},
        {"rxgains5gelnagaina0", "3"},
        {"rxgains5gelnagaina1", "4"},
        {"rxgains5gelnagaina2", "3"},
        {"mcsbw205glpo", "0x0"},
        {"measpower1", "0x7f"},
        {"measpower2", "0x7f"},
        {"temps_period", "10"},
        {"mcsbw805gmpo", "0x0"},
        {"dot11agduplrpo", "0"},
        {"mcsbw205ghpo", "0x66558600"},
        {"measpower", "0x7f"},
        {"rxgains5ghelnagaina0", "3"},
        {"rxgains5ghelnagaina1", "4"},
        {"rxgains5ghelnagaina2", "3"},
        {"gainctrlsph", "0"},
        {"mcsbw1605gmpo", "0"},
        {"epagain5g", "0"},
        {"mcsbw405gmpo", "0x0"},
        {"rxchain", "7"},
        {"maxp5ga0", "106,106,106,106"},
        {"maxp5ga1", "106,106,106,106"},
        {"maxp5ga2", "106,106,106,106"},
        {"venid", "0x14e4"},
        {"mcsbw805glpo", "0x0"},
        {"boardvendor", "0x14e4"},
        {"mcsbw805ghpo", "0x87659000"},
        {"antswitch", "0"},
        {"aga0", "71"},
        {"aga1", "133"},
        {"aga2", "133"},
        {"tempthresh", "110"},
        {"dot11agduphrpo", "0"},
        {"sromrev", "11"},
        {"mcsbw1605glpo", "0"},
        {"mcsbw405glpo", "0x0"},
        {"rxgains5gmtrisoa0", "5"},
        {"mcsbw1605ghpo", "0"},
        {"rxgains5gmtrisoa1", "5"},
        {"rxgains5gmtrisoa2", "5"},
        {"rxgains5gmtrelnabypa0", "1"},
        {"rxgains5gmtrelnabypa1", "1"},
        {"rxgains5gmtrelnabypa2", "1"},
        {"mcsbw405ghpo", "0x76558600"},
        {"watchdog", "3000"},
        {"boardflags2", "0x300002"},
        {"eu_edthresh5g", "-70"},
        {"boardflags3", "0x0"},
        {"rxgains5ghtrelnabypa0", "1"},
        {"rxgains5ghtrelnabypa1", "1"},
        {"rxgains5ghtrelnabypa2", "1"},
        {"regrev", "827"},
        {"rpcal5gb0", "0x4e17"},
        {"rpcal5gb1", "0x5113"},
        {"rpcal5gb2", "0x3c0b"},
        {"rpcal5gb3", "0x4811"},
        {"temps_hysteresis", "5"},
        {"rxgains5gtrelnabypa0", "1"},
        {"rxgains5gtrelnabypa1", "1"},
        {"rxgains5gtrelnabypa2", "1"},
        {"pwr_scale_1db", "1"},
        {0, 0}
    };
     
  27. abir1909

    abir1909 New Member Member

    Hey Pedro, would you please read my previous posts. I believe there is something broken with the policy routing. I explained everything above. Guide me if I need to send anything else that will help figuring out the problem. Thanks a lot
     
  28. MongooseProXC

    MongooseProXC Connected Client Member

    Does anybody know why Stubby communicates with the Surfnet/Sinodun and getdnsapi.net servers?
     
  29. Cliffield

    Cliffield Network Newbie Member

    These Server are set in /etc/stubby.yml as well as the cloudflare server.
    If you want stubby to use your own config, you need to restart stubby or the dnsmasq service after you altered or replaced the config file.
    For example:
    In Wan Up:
    cp -R /jffs/scripts/stubby.yml / etc
    service restart dnsmasq​
     
  30. pedro311

    pedro311 Networkin' Nut Member

    First, uncheck "Start with WAN" in the Client 1, save, check "Start with WAN" in the 2nd Client, save. Reboot.

    1. Is the 2nd client starting after reboot and it's functional?
    2. What about stopping it, and start 1st one? Is it working then?
     
  31. abir1909

    abir1909 New Member Member

    Hey Pedro, thanks getting back to me and for the help.
    i ran that little test of yours. i Client 2 started after reboot and was functional only until i stopped Client 2 and started client 1. then client 1 didnt work (not going through VPN) i stopped client 1 and started client 2 again and also not functional.
    i ran a lot of tests! i think i know the problem. once you have the same IP address in the Base routing policy once you switch from client 1 to 2 or vice versa you break it. you have to reboot to get it back to work.
     
  32. abir1909

    abir1909 New Member Member

    You see Pedro, the only setting that working for me right now in order to get the same IP in both clients is that Client 1 will use the policy routing (route-nopull) and client 2 with "Redirect all internet traffic" that way i can switch back and forth with no issues. the problem is that i don't want my entire network to go through the VPN it messes up other things for me.

    this is what i am trying to achieve maybe will make it more clear:
    I am trying to accomplish the following for example:
    On my Apple TV that has a static IP. For Netflix for example each country gives you different content. So let’s say I want to watch some South America content so I turn on client 1 with the S. America vpn. Than I want to watch European content so I turn off client one and turn on client 2. Does that make sense?
     
  33. dowden

    dowden Serious Server Member

    Using Asus RT-AC68R/U, flashed freshtomato-RT-AC68U-ARM-2018.5.083-beta-AIO-64K.trx

    On Upgrade Firmware, select 'After flashing, erase all data in NVRAM memory' option
    I was able to do the set up.
    Then select 'Reboot...' from main menu,
    the screen comes back blank (white)
    It does not prompt for user & password

    The workaround is to un-plug & plug the power.
    It was working fine using 2018.4

    I have tried these, get same result:
    1. Holding reset button for 30 seconds
    2. Power off, hold WPS button until led flashes
    3. Ctrl-F5 on Browser to refresh

    I was wondering if this is a known issue.
     
    Last edited: Dec 1, 2018
  34. Wizardknight

    Wizardknight Serious Server Member

    @pedro311 @abir1909
    I setup client 1 to use 192.168.15.4/30 and client 2 to use 192.168.15.65/26.
    This made both clients use different IPs in their ranges.

    After rebooting I started client 1 manually by pressing the start button.
    Traffic from 192.168.15.5 was sent over the VPN (tun11) as expected.
    Traffic outside the /30 range was not sent over the VPN as expected.

    Without rebooting I stopped client 1, and started VPN client 2 by pressing the start button.
    Traffic from 192.168.15.111 was sent over the VPN (tun12) as expected.
    Traffic outside the /26 range was not sent over the VPN as expected.

    I have to agree with abir.
    If the same IP or IP range is used in the router policy of two or more VPN Client setting's tab it breaks the routing when you change the active VPN client manually using the start/stop buttons.
    It seems to break if the two clients have overlapping ranges too.
    For example I put 192.168.15.5 (no / mask) in as the IP range for client 1, and I put 192.168.15.4/30 in for the range on client 2. This resulted in no traffic going over the VPN.


    I believe we have a verifiable reproducible bug here.

    Pedro, Windscribe offers free VPNs with 10GB limits if you wanted to corroborate our findings locally.
     
    Last edited: Dec 1, 2018
    abir1909 likes this.
  35. pedro311

    pedro311 Networkin' Nut Member

    It's known issue. Sometimes it happens on every router, on every FW upgrade. I don't know why.
     
  36. M_ars

    M_ars Network Guru Member

    short feedback:
    - IPv6 working (PPPoE with DHCPv6 PD)
    - dnsmasq working
    - openvpn server working
    - Port forwarding working
    - samba working
    - VLAN working
    - and and and ...

    ==> 2018-5 (beta) looks very good on my side so far. thx @pedro311 @kille72

    BR
    M_ars
     
    srouquette, pedro311 and kille72 like this.
  37. chchia

    chchia Network Guru Member

    i dont know if this is Tomato or Transmission related, but the last few version, my transmission windows only forwarding TCP in upnp. UDP is not forwarded.

    if i change to merlin the UDP is forwarded correctly.
     
  38. Wizardknight

    Wizardknight Serious Server Member

    @pedro311
    Just wondering if you had any other suggestions, or things you would like us to check.
     
  39. pedro311

    pedro311 Networkin' Nut Member

    Right now I don't have time to investigate it further, something is wrong with routing.
     
  40. migtoe

    migtoe New Member Member

    Hi, I own a Linksys EA6900 flashed with AsusWRT-Merlin firmware atm, Is the wifi and wired lan performance the same as AsusWRT?

    Asking because I was using Shibby Tomato on my E3000 previously and there was always talk about Tomato not having access to the driver code base which is why Linksys original firmware had better performance even though everything else sucked about the Linksys original firmware.
     
  41. pedro311

    pedro311 Networkin' Nut Member

    Well what can I say.. Doh!
     
  42. Canopus

    Canopus New Member Member

    It took a while...
    Yes, I can confirm that there is a problem with 5HGz clients in FreshTomato and AdvancedTomato.
    I have 3 Android clients (1. Samsung S3 with custom ROM, Samsung S5 with custom ROM, LG V20 that is not modofied yet)
    All these three clients work well (no disconnection found) on EA6400 and EA6500 with DD-WRT (33006).
    S3 and LG20 experience frequent dissconnection under FreshTomato and/or AdvancedTomato, no mater APSD is ON or OFF.

    NB: I had a hard time trying to migrate to Tomato. After I flashed initial DD-WRT build, I was not able to reach and use "recovery web interface". At the final end I used "mtd" command to write "linux" patitiot (I use erase nvram and reboot after).
     
  43. rgnldo

    rgnldo Networkin' Nut Member

    They are different ways of dealing with FW. I can say that I also had difficulties with DD-WRT. Something wrong did in the Tomato installation.
    I suggest you research and study well in this forum. No group member will be able to help you just by answering your questions.
     
  44. rgnldo

    rgnldo Networkin' Nut Member

    Yes. Understand the limitations we have in having access to the source codes of the proprietary drivers. My personal experience: I installed several FW. Tomato builds magic to become powerful.
     
  45. abir1909

    abir1909 New Member Member

    I also think that the "To Domain" in the routing policy not really working. Wizardknight can you test on your end also?
     
  46. jxf011

    jxf011 Networkin' Nut Member

    I'm using a new Tenda AC15 running 2018.5.083-beta (it is so good to be back on Tomato, thanks!)

    My STG SNMP Traffic Graphs though are strange below 3.0seconds update period.

    The upload blue line and download green bars become spikes instead of continuous blue lines or a solid green color.

    I had an Asus RT-AC66U_B1 with DD-WRT and I could set the update period to 1.0sec or 1.5sec and the graphs looked normal.

    But the Tenda AC15 with 2018.5.083-beta only produces normal graphs at 3.0sec or greater update period.

    I do not see any SNMP settings in Tomato about SNMP refresh or period - just enable and port and basic seeings.

    This is not a huge deal, overall FreshTomato is much nicer than the latest DD-WRT I tried out on my 66U. I just want to mention it since there have been some other SNMP comments.

    Note, here are my Tenda AC15 STG SNMP bandwidth monitoring settings in case anyone else wants to try them:
    1.3.6.1.2.1.2.2.1.10.13 - green OID for vlan2 wan download
    1.3.6.1.2.1.2.2.1.16.13 - blue OID for vlan2 wan upload

    Here is a picture of 3x STG SNMP Traffic Graphs with 1.0sec, 2.0sec, and 3.0sec polling. The top 2x graphs should have a smooth blue line for upload and a solid green area at the bottom for download.

    [​IMG]
     
  47. macster2075

    macster2075 Reformed Router Member

    Are the initial files or back to OFW files available for Asus RT-68P/U router?
    I have been looking in freshtomato.org, but I can't find it.

    Thanks.
     
  48. BusyBoxer

    BusyBoxer Networkin' Nut Member

    I haven't done it lately, but last time I went back to asuswrt I just loaded the asus firmware via the recovery mode. You will find the asuswrt firmware is also a .trx file, it very well might work directly from the firmware upgrade dialog in freshtomato-arm (make sure you clear nvram).

    Recovery mode if you need it: hold the Reset button at the rear panel and simultaneously re-plug the wireless router into the power source. Release the Reset button when the Power LED at the front panel flashes slowly, which indicates that the wireless router is in the rescue mode. Browse to 192.168.1.1 and point to the asuswrt and upload.

    If you mean the actual firmware, just grab it from the asus website.

    https://www.asus.com/us/Networking/RTAC68U/HelpDesk_BIOS/
     
  49. Orwell's George

    Orwell's George Network Newbie Member

    thank you @pedro311 @kille72 for all your hard work!

    I just installed 'freshtomato-EA6700-ARM-2018.5.083-beta-AIO-64K' twice and notice you've shortened the password length, it used to max out @ 63 characters. I 1st tried 50 characters and couldn't log in, then 28 characters and that was OK, so what's the max length now? and could you increase it back to 63 for the stable release? Much thanks!!
     
  50. Espionage724

    Espionage724 New Member Member

    I want to share my thanks for this project! I used to use AdvancedTomato, but it looks like development for it stopped. Was on DD-WRT for a while, but a new build decided to softbrick my router. Found FreshTomato, and it works great!

    Using the latest beta for the EA6700 currently; it's been less than 12 hours so far, but I haven't seen any issues.
     
  51. Techie007

    Techie007 Serious Server Member

    Thank you for the update. I've upgraded a couple Tenda AC15s and have noticed the following:
    + The router can now resolve internal DNS queries (e.g. for getting clock time and reporting Tomato Anon) when being used as an access point without requiring a workaround for resolv.conf.
    + The router's temperatures are now displayed in both Celsius and Fahrenheit.
    {No regressions found so far!}

    Of course, the weak 5 GHz issue (specific to the Tenda AC15) remains. Judging by Tomato Anon, this router has become a lot more popular in the last several months (from 28 to about 40 units reported). I would love to assist in any way possible to figure out what's wrong. The Tenda OEM firmware is running a similar Linux based platform, and we have access to it via Telnet. So we can probe values and registers on wl and compare. The NVRAM settings look fine, however. I just don't know where else to look or what else to try.
     
    Last edited: Dec 7, 2018
    M_ars likes this.
  52. laobo

    laobo LI Guru Member

    Does USB support Exynos Modem for Samsung phones?
     
  53. Berty1

    Berty1 New Member Member

    I want to join to the thanks for the great job done here.

    I tested for a few days now 2018.5.083-beta for Tenda AC15, it works well and is stable.

    So far I noticed some little things to notify :

    • as you know the router has only 3 lan ports, but Ethernet ports state and VLAN are showing 4 ports, this makes the configuration of Multiwan a bit tricky (my second provider is plugged in LAN1 but shows as LAN2 and not WAN2).
    • the scales showing the Bandwiths are not correctly rendered with Multiwan activated, some activity is not detected at all in IPTraffic.
    • the stealth mode for LEDs just doesn't work, it only turns of 5G LED, all others LEDs are still on.
    • 5G is still weak as no solution for turning on the amps has been found so far.
    • 5G LED never blinks even if activated


    Again thank you for the great work.
     
    Last edited: Dec 8, 2018
  54. eTaurus

    eTaurus Connected Client Member

    Hi folks!
    At the moment I'm trying to get the most out of Freshtomato in terms of security, privacy and ad blocking on my AC68U. I managed to get Stubby to work, I activated Adblock and I installed pixelserv-tls following this thread:

    https://www.linksysinfo.org/index.p...-2-1-rc-3-on-tomato-bulld-with-adblock.74369/

    Adblock and pixelserv are runnig and listening, but how do I check if they actually do their work? I didn't find a log file, there is no GUI, pixelservs servstats isn't very conclusive either.
    There are several scripts for Adblock in this forum but I'm afraid they might interfere with the built-in Adblock. Is there some kind of tutorial for ad blocking? I'm not a Linux guy but I'm able and willing to learn the inner workings of Adblock and pixelserv.

    Seeing forward to your answers!
     
  55. user17600

    user17600 Reformed Router Member

    I have in the past used standalone adblock (separate scripting) and have compared it to the now-built-in version and find that the the built-in version is just as effective and a bit faster. I test it by visiting know ad-filled sites such as cnn, yahoo and other portals. I would not use multiple adblocking not only for the potential conflicts but the processor load (these are residential routers after all).

    (Anecdotally, my kids friends are always confused the first time they use internet at our house. While using the web they don't understand why there are few/no advertisements on the sites/apps they usually use. Some of them ask to come to our house just for this reason!)

    In the interest of security I also use p2partisan, which allow for geographic blocking (via IP primarily). It's not perfect, but it's another layer.

    FWIW I didn't use pixserv because most browsers fail somewhat gracefully when missing webpage parts. Of course if you have no script and ublock these also contribute (to both security and missing webpage components).
     
    eTaurus likes this.
  56. TRIUMF

    TRIUMF Reformed Router Member

    Hi,

    I have Netgear R7000 and FreshTomato Firmware 2018.5.083 -beta K26ARM USB AIO-64K

    Doing my Netgear R7000 migration from Tomato Shibby (cleared NVRAM and manually configuring same settings). The first thing I've noticed - Basic -> Network settings are not saved when using Google Chrome (71.0.3578.80 (Official Build) (64-bit)) and LAN Bridge table is not shown. Save button does nothing. It works with Firefox.

    Sorry, doh.. Clear browser cache..
     
    Last edited: Dec 9, 2018
  57. pedro311

    pedro311 Networkin' Nut Member

    Repeat 1001 times: clear browser cache and/or use Ctrl+F5...
     
    TRIUMF likes this.
  58. TRIUMF

    TRIUMF Reformed Router Member

    Thanks pedro311! Would be good to have such information included in the first post as it's done for example on XDA forum. Clear config -> flash -> clear config -> clear browser cache -> configure -> have fun :)


    Stealth mode is working only for some leds on R7000. I'm using this script in Init and in Scheduler for fully working stealth mode:

    Code:
    killall blink
    sleep 1
    eval "wl" "-i" "eth1" "leddc" "1"
    eval "wl" "-i" "eth2" "leddc" "1"
    eval "et" "robowr" "0x00" "0x18" "0x1e0"
    eval "et" "robowr" "0x00" "0x1a" "0x1e0"
    sleep 5
    for i in 2 3 8 9 12 13 17 18 ; do gpio enable $i; done
    for i in 14 15 ; do gpio disable $i ; done
    Everything else seems to be working as expected.
     
    Last edited: Dec 9, 2018
  59. Boktai1000

    Boktai1000 Network Guru Member

    Excellent! I've got a quick question for anyone who might be using AndreDVJ AdvancedTomato Fork.

    One of the annoying bugs I've ran into while using current official AdvancedTomato is an issue with the Real Time IP Traffic Monitor. It's been corrected in the source it seems, but none of the official builds have it corrected since no build has officially been published since the fix was pushed. Is this issue corrected in the AndreDVJ fork?

    GitHub Issue Links:
    * https://github.com/Jackysi/advancedtomato/issues/390
    * https://github.com/Jackysi/advancedtomato/issues/405
    * https://github.com/Jackysi/advancedtomato/issues/414

    Fixed Commit:
    * https://github.com/Jackysi/advancedtomato-gui/commit/d31c7bd8abab870071bcc8ae5d18fb84217ed371

    Update: Looks like it is fixed, commit here- https://bitbucket.org/AndreDVJ/advancedtomato-arm/commits/8de2ed38c3945ee0c8baa336ee91a89148546e5f
     
    Last edited: Dec 11, 2018 at 9:48 PM
  60. usergay

    usergay Network Newbie Member

    One thing i've noticed on the r7000 with any tomato build is that wireless client is broken. Is there any fix for this?
     
  61. macster2075

    macster2075 Reformed Router Member

    Im encountering issues with connectivity.. IP keeps fluctuating every few minutes.
    I've flashed the latest BETA as well as v. 2018.4 and both do the same thing.. I've tried erasing vram a few times and does not fix it.

    I went back to the Shibby Tomato version v132 and no more connectivity issues.
    I'm on Netgear R6300v2.

    Anyone else having this issue?
     
  62. usergay

    usergay Network Newbie Member

    Shibby Tomato version v132 is my favorite version to fall back on because it's so stable for me. I think alot of issues were introduced with Multi-wan that just breaks alot of things for me.
     
    Sean B. likes this.
  63. macster2075

    macster2075 Reformed Router Member

    The only issue I have with v132 is that I am unable to save any backups.
    When I try to restore using the conf file, it reverts to default settings even when using the exact same firmware version. This only happens with Asus RT-AC68P.

    If anyone can show me how to fix this without flashing another firmware version, I would really appreciate it.
     
  64. Sean B.

    Sean B. LI Guru Member

    Login to the router via ssh/telnet and try via command line:

    Code:
    nvram save backup
    Change some settings then:

    Code:
    nvram restore backup
    And see if it changes back to your config.
     
  65. macster2075

    macster2075 Reformed Router Member

    I don't think I have ever logged in to the router via ssh. Do I need a special setup to do this?
    I've been looking online and I see that I need an SSH client?
     
  66. Sean B.

    Sean B. LI Guru Member

    SSH is just secure shell access, SSH is to telnet what https is to http ( figuratively speaking ). Only setup you need on the computer side is an SSH or telnet client. Whichever you use needs to be either one time started or set to enable at boot under Administration->Admin access in the routers GUI

    ***IMPORTANT NOTE***

    I forgot to mention in my previous post: as long as you don't run "nvram commit", if anything doesn't work or loads incorrectly via the nvram restore command a reboot of the router will clear the changes.
     
  67. macster2075

    macster2075 Reformed Router Member

    I don't see a command line section in order for me to enter "nvram save backup"
    under SSH or Telnet. I only see a section called Authorized Keys.
     
  68. macster2075

    macster2075 Reformed Router Member

    Ok, I think I found it...
    Is it under Executive System Commands?
    If so, once I enter the command in there... where does it keep it? (the backup config)
     
  69. Sean B.

    Sean B. LI Guru Member

    The "command line" is not in the web interface, you just enable the ssh or telnet service via the web interface. You then use an ssh or telnet client to connect to the routers IP address. The system commands section should work as well, you need to specify the path for the backup file though:

    Code:
    nvram save /tmp/backup
    And

    Code:
    nvram restore /tmp/backup
    Keep in mind that for a real use case save/restore, the backup file would need to be saved to a flash drive or network storage location. The /tmp filesystem does not survive a reboot.
     
  70. macster2075

    macster2075 Reformed Router Member

    Oh I see... I don't have an ssh/telnet client and don't know how to use/set it up.
    Not sure why this issue is only on this Asus router using this particular version of Tomato.

    config file works fine with any other firmware version.
     
  71. Sean B.

    Sean B. LI Guru Member

    Using the nvram commands directly bypasses the firmwares integration for config backup. So if it works, it's the firmware code. If not, it's something with the router or nvram contents.
     
  72. macster2075

    macster2075 Reformed Router Member

    yeah..
    Im thinking it has to be the firmware because I have a Netgear R6300 v2 with the same v132 and it works fine, but the Asus does not...only works with a different firmware.
     
  73. Sean B.

    Sean B. LI Guru Member

    How often are you needing to restore the config on a router? Is there a use case where this happens repeatedly or consistently?
     
  74. macster2075

    macster2075 Reformed Router Member

    In the past few days I needed it a lot because I was flashing the updated versions of Tomato..I wanted to try Freshtomato since I was using am older Shibby version....but when I tried freshtomato, I started encountering connectivity instability and wifi issues with speed... I was trying different freshtomato versions, but all the ones I tried were doing the same thing.

    So, I decided to go back to the old v132, but I had to manually configure everything because with this version, It does not save any configuration at all... I have lots of settings, so it's a hassle to do this manually every time.
     
  75. Sean B.

    Sean B. LI Guru Member

    If you'd be willing to upload the config file to cloud storage and PM me a link to download, I'll decode/parse it back to plain text key=value pairs. As I'm curious to see if there's some form of corruption or formatting error with the backup.

    Note that the config file contains information relating to the security of your router. Do not post the file or links to it publicly if you do decide to have me check it out.
     
  76. pena1348

    pena1348 Networkin' Nut Member

    I have an RT-AC3200 running the last version of Merlin. I would like to change it to FreshTomato, but it refuses to take the upgrade both through the gui and the MiniWeb server. Can anyone give me a clue or point me to a procedure to get this done. (or is it just not possible)

    Thanks
    P
     
  77. maurer

    maurer Network Guru Member

    transfer the image via scp to the router /tmp folder then flash it via:
    Code:
    mtd-write2 /tmp/filename.trx linux
    As always - it's your responsibility if anything goes wrong ! :)
     
  78. macster2075

    macster2075 Reformed Router Member

    What I've done in the past when the router does not accept the firmware.. I go to DDWRT site and download their init file.. flash that, then try flashing the tomato firmware... it always works for me.
     
  79. pomidor1

    pomidor1 Networkin' Nut Member

    https://tedstechshack.com/2015/10/2...edtomato-firmware-on-an-asus-rt-ac68u-router/

    4. Use the Broadcom CFE Web Server to Upload AdvancedTomato Firmware

    and !
    March 22nd, 2016 update:
     
  80. pena1348

    pena1348 Networkin' Nut Member

    Thanks guys.
    I managed to get FreshTomato on the RT-AC3200, but now my log is filled with the following:

    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21
    Dec 31 20:53:34 RT-AC3200 kern.warn kernel: dhd_prot_ioctl: status ret value is -21

    I'm running the unit in AP mode. I also am not able to get the unit to pick up the correct time.
    (I have an EA6500v2 in AP mode that is fine)

    P
     
  81. pomidor1

    pomidor1 Networkin' Nut Member

    you must put in script firewall :

    dhd -i eth1 msglevel 0x0000
    dhd -i eth2 msglevel 0x0000
    dhd -i eth3 msglevel 0x0000
     
  82. pedro311

    pedro311 Networkin' Nut Member

    Use last beta.
     
    kille72 likes this.
  83. pena1348

    pena1348 Networkin' Nut Member

    All is good running latest beta.
    Thanks.
    P
     
  84. srouquette

    srouquette Network Guru Member

    it seems "i.redd.it" fails to resolve, and it could be related to the router (testing 2018.5.083-beta)
    I tried to ping and nslookup "i.redd.it" on the router, and it fails.

    I also tried after disabling adblock.

    After searching a bit, I found this post: https://unix.stackexchange.com/ques...-but-hostname-nslookup-fails-with-bad-address

    does anyone else have the problem?

    edit: disabling DNSSEC and dnscrypt seems to help.
     
  85. Magister

    Magister LI Guru Member

    Same problem with Sync but if you open in web browser, it works, so it is not a tomato problem...
     
  86. srouquette

    srouquette Network Guru Member

    I pinged from the router as well, it is a problem with the router, but could be related to dnscrypt (I'm using soltysiak)
     
  87. Sean B.

    Sean B. LI Guru Member

    Run:

    Code:
    cat /etc/resolv.conf
    Via Tools->System commands. What does it say?
     
  88. srouquette

    srouquette Network Guru Member

    Code:
    cat /etc/resolv.conf
    nameserver 127.0.0.1
     
  89. Sean B.

    Sean B. LI Guru Member

    Under Advanced->DHCP/dns put:

    Code:
    log-queries
    in the custom config box. Click save and then attempt an nslookup from the router again. After it fails, go to Status->Logs and click "View last 25 lines". What does it show from dnsmasq?
     
  90. Sinopsys

    Sinopsys Reformed Router Member

    Hi,

    I just upgrade my R8000 to FreshTomato 5.083 beta.
    Everything seems to be working properly so far:
    - ipv6 (pd only) ok
    - OpenVPN ok
    - Nginx server ok
    - cifs ok
    - iperf ok
    - snmp ok

    There no more options to set wlan on AC only (only Auto|A only|N only) ?

    Now regarding perf I have pretty disappointing results:
    - 537.46 Mbps on lan with end to end Giga bit ethernet cards.
    - 125Mbps/156Mbps (dl/ul) on 5ghz WiFi with full default setup
    - 60Mbps/65Mpps (dl/ul) on 5ghz WiFi with any combinations of cts and jumbo frame set.

    I managed to get 270/270 with previous Shibby fw (don’t remember which version).

    Any idea of which tweaks could be set to increase these perfs ?
     
  91. srouquette

    srouquette Network Guru Member

    Code:
    Dec 16 08:45:33 unknown daemon.info dnsmasq[5975]: query[A] activity.windows.com from 192.168.1.24
    Dec 16 08:45:33 unknown daemon.info dnsmasq[5975]: config activity.windows.com is 0.0.0.0
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: query[A] i.redd.it from 192.168.1.24
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: forwarded i.redd.it to 127.0.0.1
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: query[A] i.redd.it from 192.168.1.24
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: forwarded i.redd.it to 127.0.0.1
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: reply error is REFUSED
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: query[A] i.redd.it from 192.168.1.24
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: forwarded i.redd.it to 127.0.0.1
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: query[A] i.redd.it from 192.168.1.24
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: forwarded i.redd.it to 127.0.0.1
    Dec 16 08:45:38 unknown daemon.info dnsmasq[5975]: reply error is REFUSED
    activity.windows.com seems like adblock is working.
    don't know why i.redd.it redirect to localhost when I enable DNSSEC + dnscrypt.

    edit: ok... that was the priority "No Resolv" under dnscrypt, I reverted to "Strict Order".
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice