Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.
Yes, sorry, I forgot to mention that and added it to my original post.
The password "@newdig" works like a charm on the first boot following the R7000 initial firmware flash.
Thanks for sharing.
Try the password "@newdig" (credit to Shahnewaz for recovering this password).
Can I upgrade from 2018.4 to 2018.5 (R7000,AIO) without clearing the nvram? I'd like to avoid a full manual reconfig as it seems to introduce pilot errors every time.
What are the risks of not clearing the nvram for 1 level upgrades?
I did a dirty flash on a few r7000 from .4 to .5 without negative effects.
Is there a freshtomato-supported ARM platform (AC with GigE WAN and LAN) which currently doesn't have unsupported revisions?
I'll like to get on the ARM bandwagon and don't want the risk of buying something that isn't supported.
Well, the trx_asus in Merlin is different than the one in FreshTomato and somewhat different between the two versions of Merlin but if you get the parameters right the two Merlin versions produce the same CRC. Different from FreshTomato's though. It doesn't solve the boot loop problem, but it does make Merlin accept the FreshTomato firmware as a valid firmware for the 3200 and lets you flash it using the Merlin web gui. It takes two extra arguments, the version and subversion basically. So it's -r RT-AC3200,220.127.116.11,Version(say 384.4),Sub Version (alpha1, beta1, blank?),outputfile.trx
Ultimately not that helpful since it doesn't fix the boot looping.
You are the best!!! This worked like a charm!
Instant death, the collapse of the space time continuum, and itchy scalp.
Just noticed I installed the ‘tomatousb’ version (2018-5). Is there a difference with the advancedtomato? And if so can/should I just change to advancedtomato? (Netgear r7000)
The advancedtomato is only different with GUI, the fresthomato-arm also has the ability to change the to a different skin that you can choose from the admin > TTB ID themes gallery. They also are of both from the same sources.
AdvancedTomato is essentially Shibby TomatoUSB build 140 with better WebGUI, whereas FreshTomato continues to incorporate new updates and bug-fixes to Tomato's open-source components (see its changelog at https://exotic.se/freshtomato-arm/changelog.txt for list of updates/fixes).
This was just discussed above your post.
Most likely you can login with admin / @newdig
If not, check the earlier post on how to use the backdoor that is programmed in the initial file.
Asus TRX now contain a signature, which Asus can use to prevent downgrading below a certain version (for instance, to prevent downgrading a 128K firmware to an incompatible 64K firmware). Asus_trx was modified to support that extra parameter, among other potential changes.
the new asus builds also prohit flashing the 'back-to-ofw.trx' so beware; serial or modified bootloader will be necessary to move off the new asus (and netgear) factory firmwares.
OK, so is there a chance to build tomato for AC3200 with 128k nvram?
Ok, the problem has nothing to do with the new TRX signature. You can use that to allow people to flash directly from the Asus or Merlin firmwares though. But even without the signature you can still flash in any of the various non-gui ways.
The problem is the NVRAM_64K and NVRAM_128K flags do nothing (other than enable Multiwan in the makefile and set the output file name) for the 7.x branch. This probably affects the R8000 as well if it's built form the 7.x branch.
In release/src-rt-7.x.main/src/include/bcmnvram.h it does the following check.
#if defined(CONFIG_NVSIZE_128) || defined(RTCONFIG_NV128)
If either is defined then it builds for 128K NVRAM, otherwise it builds for 64K NVRAM (no option for 32K, probably no devices had that in the 7.x series.)
I hard coded #define CONFIG_NVSIZE_128 1 above that line and removed the NVRAM_64K=y from the ac3200e makefile line and built the VPN version and it flashed and booted fine. I didn't realize at the time that the NVRAM_64K=y determines if Multiwan is enabled so I probably should have left it on.
Either the compiler flag/flags set by NVRAM_128K need to be updated to also set one of the two flags checked in the 7.x branch or a new NVSIZE variable needs be defined in the config (which is what Asus and Merlin do).
Beyond checking that it booted, the GUI was available, and disabling the wireless interfaces and watching the LEDs turn off I didn't check other functionality.
This change was actually around in the 380 series of code which is more or less what FreshTomato has for the 7.x source. It generally worked because the NVRAM size defaulted to 64K. The new 382/384 series didn't change this part but has many other changes including a new structure for NVRAM variables. I suspect there are probably kernel and wireless driver bug fixes as well. Someday FreshTomato should consider pulling in the updated 7.x code from the 382/384 series. Pulling in the new 7.14? branch would probably allow FreshTomato to be built for the newer Asus routers as well.
Provided Tomato can leverage the SDK components without being blocked by their ties to the AiProtection modules.
Hi, which is the right command to get ipv6 address from terminal?
On rmerlin firmware is
nvram get ipv6_wan_addr
but on tomato I get blank output, thanks.
nvram get ipv6_wan_addr
I'm wondering if this is going to be implemented? Here is a little more background on it.
nvram get ipv6_rtr_addr
nvram get ipv6_rtr_addr
I just built an AIO version for the RT-AC3200 with 128K NVRAM and it booted fine. No time to actually test much functionality though. The webpage came up ok and it successfully reflashed Merlin for me.
I've sent the config changes to @pedro311.
I tried all that, ping reply all good but router will never take firmware. It shows transfer of firmware was OK but it will timeout with TFTP error. I tried for about 6 hours. Returned router to Amazon.
NOTE: the forum wouldn't let me post the 'p' on the end of 'htt' since it kept thinking it was a link
I have a reverse proxy using nginx on my router (R7000) running the latest fresh tomato release 2018.5
I'm having a problem enabling htt2 module in nginx. I have put in the htt section:
listen 443 ssl htt2;
but then I can't start the nginx server. If I remove 'htt2' the server starts fine
nginx in FT is built without "--with-http_v2_module", that's why.
@pedro311 is there a reason for this? Would it be possible to include this in future builds?
I don't know the reason, probably because when nginx support was added to Tomato (2014-04-21 https://bitbucket.org/pedro311/freshtomato-arm/commits/d75436bc5a0d95c98a013fa238bf1efbf1e03fcf), there was no such a module in nginx.
I'll see how bigger is nginx compiled with that module and will decide then.
That would be great thanks! Ideally want to keep the reverse proxy server on the router rather than move it onto a different device.
Buy me a beer
2019.1.015-beta ARM - sneak peek
If everything goes well, it is ready on January 10th. Cheers!
Asus RT-AC56U here.
Just moved to FreshTomato Firmware 2018.5 K26ARM USB AIO-64K
Semms OpenVPN server Cipher negotiation doesn't work. Cipher AES-256-CBC set on clients side and Cipher Negotiation Enabled on router. I get connection always falling to AES 128 CBC.
No problem with Cipher Negotiation Disabled and Legacy/fallback set to cipher AES-256-CBC on Tomato Router server. AES-256-CBC connection then.
Pedro, these are great news!!! thanks for listening.
Quick question, is it currently possible or technically possible to add HTTP Proxy routing in FreshTomato? i personally use the Openvpn client only for geo-blocking. I dont need the traffic to be Encrypted. it slows down the speed 80% while proxy gives almost 90% of the isp speed provided. Thanks
Confirm, I tested with my phone connecting to my router, in my case it connect with AES-128-GCM, I have to disable cipher negociation and force AES-256-CBC (even then in my cell log it says GCM instead of CBC).
I also have compain in the server log about local='link-mtu 1549', remote='link-mtu 1557'
But it was happening before, for a long time now.
A new version of FreshTomato 2019.1.015-beta has been released. More information in the first post.
Is someone here with an R8000 router with the latest OFW that prevents you from updating to FreshTomato?
Thank you very much . Excellent compilation. I am very satisfied with the 2018.5 release. I'm using Unbound. Very good.
root@rgnldo-lan:/tmp/home/root# unbound-control status
modules: 2 [ validator iterator ]
uptime: 1113 seconds
unbound (pid 3583) is running...
root@rgnldo-lan:/tmp/home/root# unbound-control status
modules: 2 [ validator iterator ]
uptime: 1113 seconds
unbound (pid 3583) is running...
Finally the linksysinfo forum is available for Brazil. I hope @AndreDVJ will motivate your return.
Anyone else having problems with 2018.5 and UPnP? It doesn't seem to work.
It is working here on my R7000, have you checked the "Enabled on LAN" box?
That's why you should use latest 2019.1.015-beta...
Haven't been around here for quite a while.
Is it now possible to use this firmware on my rt-n18u in AP mode?
Or are there still the "no internet" and DNS bugs?
Just tried flashing to the latest beta on my X6 R8000 and now it bootloops, any ideas on how to fix?
What FW did you have before?
Did you read: https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/page-17#post-302019 ?
I used the inital firmware file in the bitbucket folder for my router then updated from there since the netgear firmware didnt let me update from a trx file
I think ive effectively bricked my router and its now unfixable... I'm trying tftp and thats not working. It wont even go into the mode required for tftp... Damn guess i have to buy a new router now
You didn't answer my 1-st question: What FW did you have before?
You mentioned bitbucket folder, whose bitbucket? Could you explain the method you are doing so no one tells you the same when setting a tftp, OS you are using, do you have a usb ttl adapter?
Edited also what pedro is asking also.
did you clean the nvram, reset button and 30-30-30 method.
set the network card permanently 192.168.1.10, gate 192.168.1.1 mask 255.255.255.0 and ping, ping -t 192.168.1.1 and see if at least one ping occurs
turn on and turn off the router and watch the pings
Should be possible with 2018.05 and newer. I suggest to try 2019-1 beta
I had whatever the latest netgear version was for the r8000, i think either 48 or 49 was the ending of the version. All I did was update to the initial version which used shibby and then used the updater there to update to fresh tomato. I didnt do a 30-30-30 or clear the nvram when updating which could have caused this. I tried doing tftp through cmd on windows 10, the way that netgear has listed on their website for technical help. I get a could not establish connection error when i try running the command. Also i do not have a usb ttl adapter, but ive heard thats the last solution people usually try when they brick their router...maybe i can try that but ill have to get a hold of one of those cables first
as you had initial and uploaded fresh tomato, now do the cleaning, most of the time 2 times, nvram via the restet button or wps - the descriptions are on the net
what about pings?
The stock version is questionable at least, I would've thought it giving some error message before it flashed if netgear decided to try keep users from flashing open source on current firmware of theirs as I don't recall it being that way? The shibby version maybe should still work but are the lights actively blinking in anyway when unplugging and reapplying the the power? Don't do the 30-30-30. Do you know how to set up a static ip and run a continuous ping in windows? You should still be able to recover the x6, don't give up.
Ill be home in 30 minutes to test if it pings or not. Is there any reason why I shouldn't do the 30-30-30? I haven't dont it at all yet. The strange part is that the shibby updater said it flashed properly too. It was immediately after that when it started bootlooping.
So I am only getting successful pings within the first 5 seconds after the amber light appears upon turning the router on
Just tried 30-30-30 and it didn't fix anything Still bootlooping
I bricked my E1000 dozens of time years ago, I put a USB-TTL to recover it. Anyway if you can ping it, you can certainly start a tftp transfer to it, this is how I recovered everytime. I needed the serial connection to type a "flash -ctheader : flash1.trx" or something command in the terminal, before starting the tftp on my PC.
Maybe there is a default name the router is waiting for.
Have you check some other way like https://kb.netgear.com/19841/Reinstall-the-firmware-on-a-router-without-the-setup-CD-recovery-tool ?
Trying it right now and it isnt working. I dont know how the tftp method would even be possible since its only pinging for 5 seconds after powering on, then it stops pinging... I'm just getting an unable to get responses from the server error
Good news is the usb to ttl wires are available at my local microcenter. How difficult is that method to fix my situation?
Have you actually looked up how to TFTP? Because that is how you do it, within the first couple seconds from power-on with a constant ping and responses of TTL=100, using a static address in the default IP address' subnet. Some say using a hub/switch helps, but I've never needed one. If you see "TTL=100" messages from ping at power-up, that is good, it is from the CFE TFTP server, though bricked routers may still show that but require serial recovery. TTL=64 means the bootloader has transitioned to application code. For some background on TFTP, search for "tftp_flash dd-wrt wiki" (I can't post links yet).
Thanks alot. Will try it out in the next few days.
BTW: Maybe the OP(s) should list all the broken features in the first post?
I have the ttl cable so I can try that now. I am still attempting the tftp and while I am getting ttl 100 pings for about 4-5 seconds, the tftp2 program and cmd both arent working. Tftp2 is stuck on erasing flash and just keeps retrying...
If he goes that route he'll have to open up the case in order to use the that method with the cfe. Create a static ip in windows, you do know how? While the router is unplugged, hold the reset button in, if windows has a static ip, start pinging 192.168.1.1 -t when you reconnect the power and continue to hold the reset button in till the light turns to orange, then release the reset button. The router should be in reset to defaults and able to login, hopefully.
I said i did that already, ive tried that about 100 times and holding down the reset button and powering it on doesn't make any difference. The light stays orange and it attempts to boot up, only to restart again.
If you can't get tftp to work, you might want to try using nmrpflash (https://github.com/jclehner/nmrpflash) as described in this post: https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/page-16#post-301866.
The only part I mentioned for that was a caveat in the case where TFTP won't work.
@Stevester118 Please list your exact steps that you are trying, and the ping output you're seeing. Have you tried starting the TFTP (using OEM f/w) -as soon as- you get a response? If you don't get TTL=100, TFTP won't work.
The application code hangs earlier at boot due to the bad flash/whatever, then reboots, and the bootloader (CFE) boots up in a couple seconds, unless TFTP triggers it to wait. To be fair, all my TFTP'ing has been on MIPS routers, that don't need the reset button.
There is a Netgear guide with more specific instructions:
Simply: press and hold down reset at powerup, and wait for the orange LED to start blinking, and let go after 10 blinks, then start the TFTP transfer. Does your LED start blinking? As I said, in some failures, TFTP just won't initiate. Also, at least for older devices, you usually have to use OEM f/w to recover from a bricked state using TFTP. You probably shouldn't use -recent- OEM f/w though in case it has locked down third-party GUI flashing.
No, my issue is it doesnt enter that tftp state with the blinking light. I tried a dozen different things that I've found to try and do it but its not working
I think I can 100% say this has bricked my router. There went 200$ in the trash. Beware anyone else who tries this, do it entirely at your own risk and understand that you can turn your router into a 200$ paperweight + a lot of irksome meddling to fix with no avail.
One of the last things to do is open up the case, connect the usb serial to the header pins, and recover. If all techniques failed, but I'm surprised even if the router was on some lock down firmware as it should've just rebooted back in to stock. If you go that route be sure to read and become familiar and read how to do all steps.
I have the serial wire connected right now and im watching it run stuff through the putty console as it continues to bootloop. For some reason I am unable to enter my own commands into said console though. .
Nevermind I now have the tomato console open in front of me via serial connection ... Does anyone know what commands I should enter now to put the original netgear firmware back on?
Could you post an image? Tomato console your last message doesn't make sense?
This is the current state I have it at. It is stuck at an amber/orange power light, i think i have it paused in the middle of it turning on
i can ping it steadily now but instead of TTL=100 its showing TTL=64
see if you can bring up microsoft edge or google chrome and see if you bring the GUI up, there are details you are leaving out. I'll be back but someone that is here should be able to answer some questions as to getting the netgear firmware back on.
Also I can now access 192.168.1.1 via a browser, although when I enter admin for username and password for password it denies it...
EDIT: disregard what I said above, that was because I was connected via wifi to a different router. I still cannot connect to the GUI
Also disregard what I said about the TTL=64 ping before. That was also the wifi I was connected to.
The current state I am at is I am staring at the serial console in putty. My r8000 has a solid amber light because I stopped the autoboot function by pressing ctrl+c. I now think I am at a point where I can tftp a firmware file or do some other sort of flashing method, but I have no idea what the commands are to do so. I am almost certain the commands I need to enter are some sort of linux commands though...
Is there a list of commands a dev could point me to? I dont even know what to search up because I dont know what this command line is even controlling... I did try nvram erase and it seems like that ran. When I type in nvram it gives me a list of commands to use with the nvram function but I cannot find a "help" type command that lists the available commands...
After you did the "Nvram erase" command, have you tried rebooting to see if it goes passed the bootloops at this point? I'm sure you can get back to the console in case nothing new occurs.
Okay this is definitely linux. Why does it show tftpboot as an available command but it doesnt let me run it?
Lol I think its working now
What's the default gateway username and password for tomato?
If it's working, then the nvram erase & reboot on the console was the solution.
It's usually admin/admin or admin/password. You can also try admin/@newdig as well.
Once you successfully get in, I would prob do another nvram thorough erase again for safe measure.
Nevermind, found it. Now that I got this thing FINALLY working, I remember when I first updated to the initial shibby firmware that my internet wasnt working, only the wifi was. I dont know if this is supposed to happen and I dont have my modem plugged in yet but if that happens again I will be back with more questions
Yes the nvram erase was indeed the solution. I guess I should have checked that off before installing lmao I really shot myself in the foot with that one
$200 loss has been averted!
Big facts lmao, okay so as I predicted, only my wifi connection is working. My router is connected to my modem via the internet port, just as it was prior to this whole firmware update debacle, yet I do not have any internet connection via LAN and the internet light on my router is not lighting up
Nevermind, everything is working properly now. I configured some WAN settings and upon restart the LAN internet started working too. Thanks for the help guys. Mrs. Obama, it's been an honor.
...and the whole page is off topic now... nice...
HOW TO Start a New Thread & Why Should I
Honestly a better solution would be to make a discord server. It's just easier for technical solutions and communication rather than waiting for people to submit a forum post.
I can confirm that with latest beta 2019.1.015 running a router in ap mode is fully working, including vpn, fileserver etc. !
Thank you very much for making this possible! @kille72 @pedro311
So one day into usage and I can confirm that the firmware is working properly. I am just having a slight hard time setting up my DDNS server for my DVR, although I am not sure if thats an issue on the firmware end. One thing I did notice though and recommend you add is a button to update the DDNS like Netgears stock firmware has, instead of having to press save and wait 10 seconds for the settings to refresh in order to update it.
Compared to Netgears stock firmware though, this blows it out of the water. I haven't experienced any issues yet, whereas Netgears firmware was sluggish and overall trash. I would like to apologize for my distress and slight rage yesterday as I now recommend Fresh Tomato.
Yes, it's enabled.
Okay. I will install. Hopefully this fixes it.
UPDATE: UPnP now works! Excellent!
Just out of interest.
Is it possible to implement something like this to tomato?
nope - it needs opensource wifi drivers and Broadcom's (in tomato) are NOT
I have asked elsewhere before, can mtr be included in the standard FreshTomato builds?
It shouldn't take much room and it's an incredibly helpful tool to have GUI or not GUI.
Glad I was able to help everyone!