[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. xmrforprivacy

    xmrforprivacy Network Newbie Member

    A couple of weeks ago, Cyber ITL released two very interesting paper after analyzing the firmware of 28 different ARM and MIPS home routers. Can not posts link yet, so google on "a-look-at-home-routers-and-linux-mips.html"

    TL;DR - Basic code hygiene and software safety measures was "reckless, negligent and disappointing".

    I am curious if someone better than me in coding could give their opinion on how (Fresh) Tomato builds stands in comparison and their take on the conclusions made in the two papers?
    @kille72 @pedro311 perhaps?

    /Happy Fresh Tomato user

    UPDATE: Direkt link: https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
     
    Last edited: Jan 14, 2019
    Boktai1000 likes this.
  2. rgnldo

    rgnldo Networkin' Nut Member

    @kille72 getdns: updated to 1.5.1 (stubby 0.2.5)
    You guys do magic. Great work. :cool:
     
    The Master, M_ars and kille72 like this.
  3. BLEH-ASUS

    BLEH-ASUS Network Newbie Member

    Just upgraded from AdvancedTomato to FreshTomato on AC-3200.

    The WEB GUI jumps around from the original Tomato red GUI to the FreshTomato dark gui depending which menus I'm in. Is this expected?

    Also for the AC3200, when the second 5GHZ band is on Auto for the channel, it doesn't broadcast. This was an issue from the original Tomato firmware I believe. I have to set a specific channel (36 and 153) for it to work correctly.
     
  4. kille72

    kille72 LI Guru Member

    As the first step in troubleshooting any issue, try to reset the router to default settings using "Erase all data in NVRAM memory (thorough)" option on the "Administration -> Configuration" page of the FreshTomato GUI. Do not restore your settings from the backup configuration file - always reconfigure the router manually when troubleshooting the problem!

    Before you report a problem with the GUI, you need to clear the browser cache and/or use Ctrl + F5 to refresh the page.
     
  5. M_ars

    M_ars Network Guru Member

    Please read page one. Cleared nvram? (Dont use your old backup).
    https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/
     
    kille72 likes this.
  6. rgnldo

    rgnldo Networkin' Nut Member

    @kille72 In the migration from to 2018.5 i used the configuration recovery of the 2018.4 build. I think most of the problems are with browser caching. When the configuration file does not work, whether the router works.
     
  7. rs232

    rs232 Network Guru Member

    Is it worthy change modify the "Upgrading page" (the one with the countdown) to tell the users about this browser cache issue?
    A big red letters sentence should reduce this type of posts on the forum.

    Also................ could tomato identify the age of elements in the cache and clear up after itself after an upgrade?
     
  8. rgnldo

    rgnldo Networkin' Nut Member

    In fact, it's not a problem with the FreshTomato project. In any web system this procedure is necessary.
     
    kille72 likes this.
  9. rs232

    rs232 Network Guru Member

    Not a Javascript expert but I have just googled the question and found this:

    https://www.impressivewebs.com/force-browser-newest-stylesheet/

    If I read well all we need is to transform this

    Code:
    <link rel="stylesheet" type="text/css" href="tomato.css">
    into
    Code:
    <link rel="stylesheet" type="text/css" href="tomato.css?=v1.1">
    and the same for the theme reference. in my case:

    Code:
    <link rel="stylesheet" type="text/css" href="ext/basic_white.css">
    into
    Code:
    <link rel="stylesheet" type="text/css" href="ext/basic_white.css?=v1.1">
    It should be enough to modify this on the page you get after the firmware upgrade (where you get the countdown and you can click to log back into your upgraded tomato), but perhaps it can be added on other pages too but not everywhere as caching is an advantage to take benefits from.

    Can anybody with better javascript knowledge comment on this please?

    Thanks
     
    kille72 and rgnldo like this.
  10. rgnldo

    rgnldo Networkin' Nut Member

    Excellent observation. On another router I've recovered to build 2019.1 with a build file of 2018.3. Using clean Firefox browser
     
  11. dizM0nkey

    dizM0nkey Network Newbie Member

  12. 1weirdFish

    1weirdFish New Member Member

    @abir1909, do you mind sharing how you are planning to do it? I am in the exact same situation: using vpn just for geo-bolcking and found the vpn connection is very slow. Thanks in advance.

    Fish
     
  13. Boktai1000

    Boktai1000 Network Guru Member

    I also saw this mentioned on the Tomato Reddit ( /r/TomatoFTW ) - and I've been waiting for someone to bring this up. With FreshTomato being somewhat of a security refresh for Tomato in terms of new features, there's a lot going on at a low level here that still may be vulnerable. I will admit a lot of it's over my head, but I know that Tomato is keeping the old Kernel version and with that probably comes a lot of security related issues. My bet is that it would not fair too well against one of these tests, but I'd like to hear a bit more about it. Hoping not to hear a response along the lines of if you're running code on the router itself then of course it will have full access/etc.
     
    xmrforprivacy likes this.
  14. bjlockie

    bjlockie Network Guru Member

    Has anyone been able to use existing Daily Bandwidth logs for Advanced Tomato with Fresh Tomato?
     
  15. bjlockie

    bjlockie Network Guru Member

    I tried it and it kept everything. :)
     
    pedro311 likes this.
  16. Magister

    Magister LI Guru Member

    I must be dumb, but I don't see the stubby option on my router... R7000 with 2018.5, in the basic network config I only have:

    Enable DNSSEC must be supported by the upstream nameservers
    WINS (for DHCP)

    That's it. Yes I cleared the cache, and I have this build since it was released.

    EDIT: ah damn it must be because I have the VPN build and not the AIO...
    For the next beta can Stubby be included in the VPN build too?
     
  17. digixmax

    digixmax LI Guru Member

    I think it's still a case of YMMV depending on one's specific UPnP client.

    My emule client still fails to grab a pair of TCP/UDP ports with 2019.1 beta, the emule xmorp client fares much better but still fails occasionally. My utorrent client on the other hand seems to work fine.

    FWIW both of my emule and utorrent clients never had UPnP problems with old Shibby builds (132 and earlier) -- they can always grab their ports instanstaneously and reliably.
     
  18. Larry SSSS

    Larry SSSS Network Newbie Member

    Discord definitely and I have discord already for other things and if someone does start it can someone let me know of the log in details to join
     
  19. jwhickman

    jwhickman Network Newbie Member

    Fwiw, I updated to 2019.1.15beta on my EA6900 with XVortex CFE, running fine as an AP, overclocked to 1 GHz. The OEM SoC was running over 80C at 800 MHz, so I reset it with much a much better thermal pad (Chomerics 976 Therm-A-Gap 0.060"; ~0.020 heatsink/SoC gap, but 976 is pretty compressible), and now after some load testing and the upgrade/reboot, I haven't seen it above 67C @1 GHz. ;-)
     
    kille72 likes this.
  20. gs44

    gs44 LI Guru Member

    Latest AIO Beta on my R7000, everything seems great, no issues so far.

    As always, a BIG Thankyou to the Fresh Tomato Team!!!
     
    kille72 likes this.
  21. jsnepo

    jsnepo Networkin' Nut Member

    Yup. It was too early to celebrate. It's not working again. Same router, same UPnP device, but latest beta firmware.

    Also, I'm unable to access the web interface using devices connected through wired ethernet. I can access the web interface using wireless.
     
    Last edited: Jan 16, 2019
  22. sirius2008

    sirius2008 New Member Member

    Sorry for offtopic..
    Is there a chance that Asus AC66U_B1 (hard ver. B2) to be supported by this firmware ?
    Thanks.

    PS: I'm asking because Merlin firmware share exact the same firmware for Asus AC66U_B1 and Asus AC68U (this router is supported by FreshTomato-Arm).. i don't like too much Merlin firmware because is very close to Asus official firmware..
     
  23. Sinopsys

    Sinopsys Reformed Router Member

    Hello,

    Sorry for my naive question but why would you be interested in freshtomato fw while Asuswrt-Merlin provides most of the features and keeps support of hw acceleration from proprietary parts?

    Asking because I’m desperate to get this hw accélération on my Netgear r8000 that is only available either on stock fw or irregular ones
     
  24. sirius2008

    sirius2008 New Member Member

    I think hardware acceleration is working fine on FreshTomato.. I owned an Asus RT-N18U and there was no problem with my internet connection (1 Gbps Down/ 500 Mbps Up from Digi Romania - isp). In speedtests I saw 925 Mbps Down and 480 Mbps Up.. as for torrents I reached average speed as much as 103 MB/sec (MegaBytes).
     
  25. jsnepo

    jsnepo Networkin' Nut Member

    Is it safe to downgrade to an original shibby build? I'm still having trouble with UPnP.
     
  26. rgnldo

    rgnldo Networkin' Nut Member

    Sincerely, Unbound is very powerful. It would be great if you boarded FreshTomato.
    Code:
    server:
    
        # port to answer queries from
    
        port: 40
    
        verbosity: 1
    
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
    
        # don't be picky about interfaces but consider your firewall
        interface: 127.0.0.1
        interface: 0::1
        access-control: 0.0.0.0/0 refuse
        access-control: 127.0.0.0/8 allow
        access-control: 10.0.30.0/24 allow
        access-control: ::0/0 refuse
        access-control: ::1 allow
    
        private-address: 10.0.30.0/24
        private-domain: "rgnldo.lan"
        local-zone: "0.10.in-addr.arpa." nodefault
    
        # no threads and no memory slabs for threads
        num-threads: 1
        msg-cache-slabs: 4
        rrset-cache-slabs: 4
        key-cache-slabs: 4
    
        # this limits TCP service but uses less buffers
        outgoing-num-tcp: 10
        incoming-num-tcp: 10
    
        # use somewhat higher port numbers versus possible NAT issue
        outgoing-port-permit: "10240-65335"
    
        # uses less memory but less performance
        outgoing-range: 200
        num-queries-per-thread: 900
    
        # tiny memory cache
        key-cache-size: 16m
        msg-cache-size: 4m
        rrset-cache-size: 8m
        val-clean-additional: yes
        jostle-timeout: 200
        cache-min-ttl: 3600
        cache-max-ttl: 9000
    
        infra-host-ttl: 60
        infra-lame-ttl: 120
        infra-cache-numhosts: 10000
        infra-cache-lame-size: 10k
    
        # prefetch
        prefetch: yes
        prefetch-key: yes
        minimal-responses: yes
    
        # gentle on recursion
        hide-identity: yes
        hide-version: yes
        qname-minimisation: yes
        use-caps-for-id: yes
        do-not-query-localhost: no
        harden-below-nxdomain: yes
        harden-algo-downgrade: no
        harden-glue: yes
    
        # Self jail Unbound with user "unbound" to /var/lib/unbound
        username: "nobody"
        directory: "/opt/var/lib/unbound"
        chroot: "/opt/var/lib/unbound"
        root-hints: "/opt/var/lib/unbound/root.hints"
    
        # DNSSEC and DNS-over-TLS
        tls-cert-bundle: /opt/etc/ssl/certs/ca-certificates.crt
        aggressive-nsec: yes
        harden-dnssec-stripped: yes
    
        # The pid file
        pidfile: "/opt/var/run/unbound.pid"
    
        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost."
        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A 127.0.0.1"
        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost."
        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
    
        # Adblock blacklist
        include: /opt/etc/unbound/adservers
    
    remote-control:
        control-enable: yes
        control-interface: 0.0.0.0
        control-port: 953
        server-key-file: "/opt/var/lib/unbound/unbound_server.key"
        server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
        control-key-file: "/opt/var/lib/unbound/unbound_control.key"
        control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"
    
    stub-zone:
        name: "rgnldo.lan"
        stub-addr: 10.0.30.1
        stub-addr: 10.0.30.2
    
    forward-zone:
        #      Cloudflare & Google DNS-over-TLS
        name: "."
        forward-addr: 1.1.1.1@853
        forward-addr: 1.0.0.1@853
        forward-addr: 2606:4700:4700::1111@853
        forward-addr: 2606:4700:4700::1001@853
    
        forward-addr: 8.8.8.8@853
        forward-addr: 8.8.4.4@853
        forward-addr: 2001:4860:4860::8888@853
        forward-addr: 2001:4860:4860::8844@853
        forward-tls-upstream: yes
    
    Unbound + DNSSEC + DNS-over-TLS without Stubby

    [​IMG]

    [​IMG]

    [​IMG]
     
    Sysop Grace and pajarillo like this.
  27. digixmax

    digixmax LI Guru Member

    Yes, I have done downgrading from 2018.5 back to Shibby 132 (with nvram reset to default, to be prudent).
     
  28. jwhickman

    jwhickman Network Newbie Member

    Ya Asus misnames it; there is no 'hardware' acceleration (meaning dedicated chips) in these consumer devices...it is software 'NAT' acceleration, and it is in FreshTomato. There are a couple settings for it, at least for my EA6900, defaulted on.
     
  29. abir1909

    abir1909 Network Newbie Member

    Hey Fish, I wish I knew. That’s why I posted it to find out if it’s even possible.
     
  30. pedro311

    pedro311 Networkin' Nut Member

    Techie007 likes this.
  31. abir1909

    abir1909 Network Newbie Member

    Pedro, if you can pull it off it will be Awesome. i am searching the web for couple months for solution. the link for bitbucket you put, am i supposed to use it some how?
    also, my Cipher Negotiation sets to Disabled and fallback to none. i have compression disabled and i still get maybe 12mb. when using the same server as proxy i get almost 100mb. Am i missing something? anyway to add lines in custom configuration to make it work as proxy?
     
  32. Boktai1000

    Boktai1000 Network Guru Member

    Did these UPnP issues only start happening with recent FreshTomato builds or has the issue been present the entire time? I see mention of no problems with Shibby 132, but if I'm aware FreshTomato is built off a newer release so the problems would have been present the entire time, correct? Maybe it is possible to find changes that were made after 132 in regards to UPNP on Shibby to help track down the issue?

    Edit: Initial non-technical investigation shows that Shibby moved to Miniupnpd version 1.9 (20160113) on release 133 http://tomato.groov.pl/?page_id=78 - Of course later he also moved to 2.0 and then FreshTomato updated on top of that. I found these commits in his Bitbucker that may or may not be related

    - https://bitbucket.org/pl_shibby/tomato-arm/commits/57fcfa2a2f08d3bf806944d86fe45173111c0847

    - https://bitbucket.org/pl_shibby/tomato-arm/commits/160df50d906d02fcff4d5df3020e0b9dcaef544b

    - https://bitbucket.org/pl_shibby/tomato-arm/commits/f3bc9f732553756ecd9421ee10dba457f02d6b7b
     
    digixmax likes this.
  33. Magister

    Magister LI Guru Member

    I'm using aMule 2.3.2 (compiled it myself, LinuxMint) and have no problem with my R7000 running 2018.5 and uPnP, ed2k and kad. I have a High ID and kad does not complain either.
    I tested on my cellphone and saw "FrostWire/2.0.9 libtorrent/1.2.0.0" in my uPnP list, so it seems to work.
     
    pedro311 likes this.
  34. 1weirdFish

    1weirdFish New Member Member

    Hi abir1909, thanks for the reply. Maybe I was not very clear in my previous post. I understand the solution you want may not be possible with FreshTomato. I was more interested in how you seup the http proxy to relay the contents. I did some diggings online after I read your post, but couldn't find anything useful.

    Fish
     
  35. abir1909

    abir1909 Network Newbie Member

  36. Sagsag

    Sagsag New Member Member

    I also got local='link-mtu 1549', remote='link-mtu 1557' with CBC.
    Forced server and clients to AES-256-GCM and no warnings here. Working like a charm
     
    Last edited: Jan 18, 2019
  37. pedro311

    pedro311 Networkin' Nut Member

    This means: wait for the next release because it will allow OpenVPN to use both cores on your R7000 ;)

    BTW: are you sure (see openvpn start logs), that vpn client on the router is using no compression and no cipher?
    (Cipher Negotiation: Disabled, Legacy/fallback cipher: None, Compression: Disabled)
     
    Techie007 likes this.
  38. copyfile

    copyfile New Member Member

    I have for a few expressvpn servers that the url they use to connect is longer then my Tomato OpenVPN client could handle. The last part of the url is cut of because it is to long. Is there a way to include the url size accepted in Tomato?
     
  39. pedro311

    pedro311 Networkin' Nut Member

    How long do you need this entry field?
     
  40. copyfile

    copyfile New Member Member

    It need to fit the below url. It's cutting the url to 'netherlands-amsterdam-ca-version-2.expres' so I need an additional 9 letters.

    netherlands-amsterdam-ca-version-2.expressnetw.com
     
  41. pedro311

    pedro311 Networkin' Nut Member

    OK, will change it in next release.
    You can also change it via Tools -> System Command:
    Code:
    nvram set vpn_clientX_addrr="netherlands-amsterdam-ca-version-2.expressnetw.com"
    nvram commit
    
    where X is your client number.
     
    kille72 likes this.
  42. copyfile

    copyfile New Member Member

    Not sure what I am doing wrong but after doing this command nothing happens, the field 'Server address' of the second Openvpn client is not changed.

    [​IMG]
     
  43. pena1348

    pena1348 Networkin' Nut Member

    @copyfile

    vpn_client2_addrr= -----> vpn_client2_addr= ;)
     
  44. digixmax

    digixmax LI Guru Member

    FWIW -- uPnP worked for all my p2p clients on all Shibby builds up to and including build 132, and stopped working for some of them in FreshTomato.

    Another problem I have on builds later than 132 is that the Default Gateway and Static DNS entries for my Wireless Ethernet Bridge (WEB) don't seem to take effect, with the consequences being the WEB cannot reach the Internet (without a Default Route manually added in Advanced->Routing), nor be able to resolve DNS name for Internet hosts (such as NTP servers) for which I have not figured out a workaround.
     
    Last edited: Jan 18, 2019
  45. copyfile

    copyfile New Member Member

    Perfect, that worked, thanks!!
     
  46. pedro311

    pedro311 Networkin' Nut Member

    Yeap, sorry for the mistake: "vpn_client2_addr"
     
  47. pedro311

    pedro311 Networkin' Nut Member

    There is no correlation between the client that works with UPnP, and if it's up to date?
     
  48. pedro311

    pedro311 Networkin' Nut Member

    Just fixed it: https://bitbucket.org/pedro311/freshtomato-arm/commits/5ef99eb39c47c029d7b632ab507ee2f18c45f84d ;)
     
    Wizardknight and kille72 like this.
  49. abir1909

    abir1909 Network Newbie Member

    I can’t wait My Apple TV constant get stuck all the time with that poor speed.

    Attached my settings and Speedtest once with the vpn once the proxy on the same server.
     
  50. abir1909

    abir1909 Network Newbie Member

  51. pedro311

    pedro311 Networkin' Nut Member

    Set Compression to "Disabled", check only "route-noexec" and remember, that OpenVPN server can push configuration to client, so I need also logs when client is starting.
     
  52. abir1909

    abir1909 Network Newbie Member

    Sorry I sent you screenshots of a week ago. compression was disabled for the past week. No change. See attached. Thank you
     
  53. gyngy1

    gyngy1 Network Newbie Member

    I just want to thank you for effort and making FreshTomato usable!

    I do have new 2019.1 (beta) installed on:
    Asus RT-N18U - Gateway, VPN - no problems
    Asus RT-AC56U - AP - no problems
    Linksys EA6700 - AP - just for tests - no problem detected

    2018.5:
    Asus RT-N12B1 - AP - no problems
     
    kille72 likes this.
  54. digixmax

    digixmax LI Guru Member

    The p2p client that failed with post 132 build is eMule the official version 0.50a dated 2010. Its eMule-xMorph descendant dated 2012 (so far) fares much better with FreshTomato, hence I've switched to using it now in lieu of eMule official.
     
  55. xmrforprivacy

    xmrforprivacy Network Newbie Member

    Bug report

    Router:
    Netgear R7000, ARMv7 Processor rev 0 (v7l)

    Fresh Tomato version:
    Tried on two different routers - one with 2019.1.015-beta and one with 2018.5 (tried Erased NVRAM on the latter)

    Problem:
    Changing the subnet in "VPN Tunneling/Open VPN Server/Server 1/Basic/VPN subnet..." from the default 10.6.0.0 to (for example) 10.20.0.0 does not make the "VPN Tunneling/Open VPN Server/Server 1/Keys/Generate client config"-function produce an updated connection.ovpn file (inside the new clientConfig-8.tgz archive). The file still specify "ifconfig 10.6.0.2 10.6.0.1". The file /etc/openvpn/server1/config.ovpn in the router as well as the routing table gets correctly updated though.

    Rebooting router and/or clearing browser cache after changing the setting does not make any difference.
     
  56. digixmax

    digixmax LI Guru Member

  57. Wizardknight

    Wizardknight Serious Server Member

    There were some VPN changes just made, but not released yet in post https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/page-18#post-302246
     
  58. rs232

    rs232 Network Guru Member

    I have just noticed this in my logs when running OpenVPN Server:

    Jan 20 16:58:39 router daemon.warn openvpn[10157]: Could not determine IPv4/IPv6 protocol. Using AF_INET6

    It seems like in the latest OpenVPN the ipv6 is imposed. Reading up this can be forced using "proto udp4" however the gui allows only tcp or udp values and using the custom config to add a second "proto" directive will prevent OpenVPN from starting.

    Can the GUI be modified to allow tcp4/tcp6/udp4/udp6 where currently we only have tcp/udp

    Ref: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
    CTRL+F=upd4

    Thanks
     
  59. M_ars

    M_ars Network Guru Member

    With OpenVPN 2.4.0 dual-stack functionality was added
    Right now you/i can connect with IPv4 and/or IPv6 --> both is working
    --> I like that function :)

    With udp4/udp6/tcp4/tcp6 you force IPv4 or IPv6.
    But of course this could also be a feature :)


    BR
    M_ars
     
    Last edited: Jan 20, 2019
    kille72 likes this.
  60. PetervdM

    PetervdM Network Guru Member

    as a workaround when you set "proto udp4" in the custom config this will override the gui setting.
     
    kille72 likes this.
  61. jsnepo

    jsnepo Networkin' Nut Member

    Great. I'll be downgrading soon.

    Also why can't the web interface be accessed using Firefox and Edge? It only works with Chrome.
     
  62. Wizardknight

    Wizardknight Serious Server Member

    I use firefox to access the web interface on my R6300v2.
    Are you getting an error?
     
  63. cloneman

    cloneman LI Guru Member

    Has anyone used Tomato to throttle Windows Update servers? Perhaps this is a function that should eventually be built-in to routers as a push back to Microsoft.

    Using something like iptables connlimit for specific IP addresses that are known to be for windows update, limit them so they don't open 30 connections. Then again, knowing them it probably will try to open 30 connections to 30 different Microsoft servers on the CDN.
     
  64. rgnldo

    rgnldo Networkin' Nut Member

    @kille72 which router works best with FreshTomato?
     
  65. rs232

    rs232 Network Guru Member

    for tcp it doesn't work. tried:
    tcp4 and tcp-server

    The log complains about an ambiguous "proto tcp" which I believe is set by the GUI.
     
  66. rs232

    rs232 Network Guru Member

    Feature, hum not quite... if your OpenVPN server crashes and you try restarting you'll get this:

    Code:
    Jan 21 16:01:30 tomato36k daemon.err openvpn[2128]: TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:443: Address already in use (errno=98)
     
  67. Sinopsys

    Sinopsys Reformed Router Member

    Hello,

    well I guess the behavior isn't exactly the same on Asus boxes (ARM) and Netgear R8000 (ARM7). As mentioned in a previous post, I was having limited performances:
    Just for the record: I gave a shot to chinese Asus-Merlin Fork (vortex + koolshare) and it is providing better perfs (both using iperf3):
    - LAN/LAN: 740Mbps/740Mbps (dl/ul)
    - WLAN: 508Mbps/508Mbps (dl/ul) with a pretty impressive smartconnect management (see with google translate: http://koolshare.cn/thread-73365-1-1.html)

    With a record from with speedtest over wifi : 610Mbps/504Mbps (dl/ul)

    Interesting thing is that it seems to be relying on same linux version and using same drivers versions as Freshtomato so I guess there would be some takeways to get discussing with the dev guys of that team.

    Unfortunately I couldn't find their source repo that used to be on github.

    [edit] smartconnect is coming from asus firmware (so not a koolshare cool feature) but at least it seems to work on R8000
     
    Last edited: Jan 22, 2019
  68. PetervdM

    PetervdM Network Guru Member

    you could try "proto-tcp4-server". i have no possibility to realy test a tcp tunnel, but if i do a setup and start the server the log shows:
    Code:
    Jan 21 18:06:52 nl5212bw23 daemon.notice openvpn[18558]:   proto = tcp4-server
    Jan 21 18:06:52 nl5212bw23 daemon.notice openvpn[18564]: Listening for incoming TCP connection on [AF_INET][undef]:1194
    
    there is no line specifying an AF_INET6 listening.

    edit: typo: "proto-tcp4-server"has to be "proto tcp4-server". thx rs232
     
    Last edited: Jan 21, 2019
    M_ars likes this.
  69. rs232

    rs232 Network Guru Member

    That did the trick. only thing is: it's proto tcp4-server
     
    M_ars likes this.
  70. M_ars

    M_ars Network Guru Member

    udp4/udp6/tcp4/tcp6 can be used for the command/option
    „remote host port proto“ —> client side

    For server side it should be „proto tcp6-server“ (IPv6 only)
    Or the IPv4 option like already mentioned.
    BR
     
  71. kille72

    kille72 LI Guru Member

    It's a very difficult question, I haven't tested all models. Asus routers usually work really well, the R7000 is also a really good router according to me.
     
    maurer likes this.
  72. abir1909

    abir1909 Network Newbie Member

    Hey Pedro, did the log help?
     
  73. Magister

    Magister LI Guru Member

    R7000 is very popular and proven, latest one may have a kind of protection from flashing 3rd party firmware, but you can find one used. Also ASUS can run Merlin which can be great too.
     
    kille72 likes this.
  74. usergay

    usergay Reformed Router Member

    I Believe the new r7000 can still be flashed by either downgrading the netgear firmware to an older version or using NMRPflash (similar to tftp) during a very small window upon boot.
     
  75. pedro311

    pedro311 Networkin' Nut Member

    Well, theoretically all is good, but still hard to tell why you have such poor speeds down and up with openvpn...
    I think you should wait for next release.
     
    cyber062 likes this.
  76. abir1909

    abir1909 Network Newbie Member

    Well, thanks for checking. That brings me to my last question, anyway to manipulate the settings so it will go the through the proxy port?
     
  77. Boktai1000

    Boktai1000 Network Guru Member

    I don't know where else to ask about this, so figured I ask here-

    I'm currently running the latest Grinch22 build that's available, which is AdvancedTomato user interface on-top of FreshTomato ( https://bitbucket.org/Grinch22/advancedtomato-arm/overview )

    It's working great, but these builds don't appear to have any sort of version or marking in the user interface on what snapshot or build it is. For me right now it doesn't matter because I know exactly what build it's running, but if I was to give this router to someone else or 6mo-1yr down the line I wanted to check what build exactly I flashed, how can I determine something akin to a builds hash, or how would I be able to correlate say running firmware to a downloaded file?

    If there's a way to identify via the CLI that would be excellent if anyone knows how, but if that isn't an option I'd even be fine with a way to manually identify files to correlate them to a build. Maybe I am overthinking this, but if anyone has some insight on this that would be appreciated!
     
  78. Mr9v9

    Mr9v9 Serious Server Member

    Is the 'About' page not sufficient? Seems pretty obvious to me.[​IMG] [​IMG]
     
    pedro311 and kille72 like this.
  79. Boktai1000

    Boktai1000 Network Guru Member

    First place I checked, but it seems to list a bunch of information about contributors as well as states a build that is difficult to correlate against Forks / other builds (for example Grinch22 builds, but I imagine AndreDVJ builds have the same problem as well)

    ----------------------------------------------------------
    Tomato Firmware 1.28.0000 -3.5-140 K26ARM USB AIO-64K
    USB support integration and GUI, IPv6 support, Linux kernel 2.6.36.4brcmarm and Broadcom Wireless Driver 6.37.14.86 (r456083)
    Copyright (C) 2013-2014 Tomato-ARM Team

    Tomato-ARM Team:
    - Michał Rupental (Shibby)
    - Ofer Chen (roadkill)
    - Vicente Soriano (Victek)
    ----------------------------------------------------------

    Tomato Firmware 1.28 doesn't really mean anything at this point.
    3.5-140 is the latest version of AdvancedTomato which both Grinch22 and AndreDVJ are built off of, but doesn't necessarily correlate to these forks/other builds based off of that source code.

    Unless I'm missing something that's what I've got! Appreciate your reply


    Edit: I think I may have solved my own problem here, but I do have further questions. At the bottom of the About Page it lists this:

    -------------------------------------------------------------------
    Special Thanks
    We want to express our gratitude to all people not mentioned here but contributed with patches, new models additions, bug solving and updates to Tomato firmware.

    Based on Tomato Firmware v1.28
    Copyright (C) 2006-2010 Jonathan Zarate
    http://www.polarcloud.com/tomato/

    Built on Sat, 27 Oct 2018 16:02:40 -0700 . Advanced Tomato GUI developed by Jacky, https://advancedtomato.com/
    Thanks to everyone who risked their routers, tested, reported bugs, made suggestions and contributed to this project. ^ _ ^
    -------------------------------------------------------------------

    The build time is actually listed here, and I could use that to correlate to a version release if necessary.

    I'm wondering though, is this build time present/can be called from the CLI somehow? Is there a more convenient or alternative way to check for a build hash or something? If not, this is probably sufficient, but I figured it would be worth an ask anywho. Thank you!
     
  80. ruggerof

    ruggerof Network Guru Member

    Perhaps "uname -v" ?
     
  81. rgnldo

    rgnldo Networkin' Nut Member

    Grinch22 is with the project paused. @AndreDVJ is trying to reconcile work with the AdavancedTomato project. @AndreDVJ is very active and your IP at linksysinfor.org is still blocked.
     
    Last edited: Jan 23, 2019
  82. Magister

    Magister LI Guru Member

    This looks like Shibby 140, not FreshTomato
     
    Techie007, kille72 and maurer like this.
  83. txnative

    txnative Addicted to LI Member

    I'd thought that it was understood that tomato has been forked from past developers to now changing identified numbers.
     
  84. Boktai1000

    Boktai1000 Network Guru Member

    Apologies if this wasn't clear from my post, this is actually from "Grinch22" builds, which is a combination of the AdvancedTomato GUI on-top of FreshTomato. It seems this is a relic from AdvancedTomato and not from FreshTomato - and was wondering if this "About" page is the only indicator in the firmware of the current running version, essentially depending on someone editing this page for every release - or if there is a build hash / file on the filesystem or command that could be run to get build details.

    Link to Grinch22- https://bitbucket.org/Grinch22/advancedtomato-arm/overview

    For example in Ubuntu, CentOS, etc - there are commands you can run from CLI to get an output back of the current running version, or sometimes a release.txt file on the filesystem with some information on when the build was generated. In addition OpenWrt usually stamps or marks builds with an associated build number or snapshot version, and I wasn't sure if something like this was present behind-the-scenes with Tomato, or if it's completely manually and dependent on the likes of the Tomato development team to go and manually edit the About page every release.
     
  85. ruggerof

    ruggerof Network Guru Member

    The command "uname -v" will return the compilation date / time as the version. I think the "About" page is set manually so I do have a small difference in my AC68U running Toastman.

    Code:
    root@RT-AC68U:/tmp/home/root# uname -v
    
    #3 SMP PREEMPT Sat Jan 21 02:04:12 ICT 2017
     

    Attached Files:

  86. Boktai1000

    Boktai1000 Network Guru Member

    I think compile time is probably good enough / best I'll get and can make do with it! Unless two separate builds got compiled at exactly the same second which would be highly unlikely, it should work just fine. Appreciate it!
     
  87. rgnldo

    rgnldo Networkin' Nut Member

    @kille72 @pedro311 @M_ars the 2018.5 build is excellent. The only problem for me is Dnsmasq, which is slow packet forwarding. I'm using Unbound. Much better.
    I'm liking the edns-buffer-size option in Unbound. edns-buffer-size = EDNS reassembly buffer to advertise to UDP peers (the current buffer is set with msg-buffer-size). 1480 can solve fragmentation (timeouts).
    Is there an option in Dnsmasq with this support?
     
    M_ars likes this.
  88. Boktai1000

    Boktai1000 Network Guru Member

    Currently running the latest Grinch22 build ( https://bitbucket.org/Grinch22/advancedtomato-arm/overview ) that is available, and in the User Interface this is what it shows under Basic Settings>IPv6

    [​IMG]

    Maybe this is something that could be configured or changed in the CLI, but this doesn't look right to me. My ISP supports IPv6 as well, and running an older version of AdvancedTomato (the old "official" one) I don't believe this part of the UI looked like this.

    Known issue/bug, user problem, or something else? Any assistance would be appreciated. Thanks!
     
  89. kille72

    kille72 LI Guru Member

    Guys, this is a thread about FreshTomato ARM, if you want to discuss other Tomato firmware's, please start a new thread...
     
    Jonas I, Justio, Magister and 7 others like this.
  90. joew333

    joew333 LI Guru Member

    There is a bug in the 10/27/2018 version of Grinch with IPv6 settings not being displayed. The 10/03/2018 Grinch version is fine. Fresh Tomato builds all display correct IPv6 settings.
     
    Boktai1000 likes this.
  91. joew333

    joew333 LI Guru Member

    I am thinking about getting an Asus RT-AC3200 router. For the Fresh Tomato build for the Asus RT-AC3200, does it use the same wireless driver as the other supported routers or a newer version? What support is provided for the 3 bands?
     
  92. Boktai1000

    Boktai1000 Network Guru Member

    Thank you! I'll look at another build then, appreciate your response.
     
  93. joew333

    joew333 LI Guru Member

    Enjoy your IPv6....which is implemented quite well IMHO in Fresh Tomato. Jättebra @kille72!
     
    pedro311 and kille72 like this.
  94. alecsandes

    alecsandes Serious Server Member

    Hi Guys,

    Just updated to the latest firmware (2019.1.015 -beta K26ARM USB AIO-64K) and I have the following issue:
    I have a 4TB HDD with 2 partitions, 1 is for media, the other is for back-up.
    Both have plenty of free space and torrent client now is downloading without issues (also the space info is updated).

    Now I want to copy some of my files to back-up folder and windows is showing me that there is lack of space and I need extra 205MB. I have tried this on both partitions :D with the same result.

    Previously, I had issues setting up the shares:
    I have created the share for 1 partition: /tmp/mnt/Media/ works without issues in windows
    the second one /tmp/mnt/Backup/, is seen by windows but I cannot access it, location could not be found.
    as a workaround, I shared the entire /mnt/ and I can access the back-up partition.

    Also, on the previous version of freshtomato, forgot which, I had terrible times with UnPnP, my TV could not see the DLNA server and it was working only after manual restart of service or even a reboot.


    I did not had these issues in Shibby before.
     
  95. dizM0nkey

    dizM0nkey Network Newbie Member

    I'm on an RT-AC68P/U... Is it right that my CPU frequency should be reading 100 Mhz for Tomato / FreshTomato? If not, are there instructions on how to set it? I've heard people have overclocked this router with a lot of success, but can't find a reliable guide.

    upload_2019-1-25_15-39-56.png

    EDIT I did find instructions and they appear to have worked:
    nvram set asuscfeclkfreq=1000,800 && nvram set asuscfecommit=1
    nvram set clkfreq=1000,800
    nvram commit && reboot


    However it still shows 100 Mhz on the Tomato Status page. In the shell, when I run: nvram get clkfreq
    and it returns 1000,800
     
    Last edited: Jan 26, 2019
  96. hawkmat

    hawkmat LI Guru Member

    Hi dizM0onkey!

    Use putty to SSH or Telnet in to the router.

    Use these commands to overclock:

    nvram set clkfreq=1000,800
    nvram commit
    reboot

    I find the ASUS RT-AC68P will overclock to 1200,800 reliably.
     
    dizM0nkey likes this.
  97. snowman58

    snowman58 Network Newbie Member

    Getting ready to start porting to R7000P. Any advice or pitfalls to be aware of (before I find them on my own)?
    Should I do this on arm6 or arm7? Currently thinking arm6 and arm7 concurrently with updates in arm7. since arm6 compiles and arm7 errors out.
     
  98. txnative

    txnative Addicted to LI Member

    Currently freshtomato doesn't support the bcm4708C0 due to sdk needs to be updated for this particular hardware. Not unless you can handle the task?
     
  99. CBR900

    CBR900 Network Guru Member

    Hi...

    I have installed the latest FreshTomato Firmware 2019.1.015 -beta K26ARM USB AIO-64K in my Asus RT-AC68R/U

    However, checking the log I found the following repeated error message:
    Jan 26 19:45:54 unknown daemon.err miniupnpd[2433]: No allowed eport for NAT-PMP 9168 tcp->192.168.1.16:80


    Also, there is anther repeated error message:
    Jan 26 19:52:25 unknown daemon.err miniupnpd[3357]: Failed to convert hostname 'fe80::290:a9ff:fed3:2277' to ip address

    please help

     
  100. snowman58

    snowman58 Network Newbie Member

    R6400 uses BRCM4708A0 the R6400 v2 uses the BRCM4708C0 the only difference is clock speed. The ORIGINAL netgear software has links to compile the R7000P software to make it run on a R7000 that uses the BRCM4709A0 that is supported. The processor instruction sets are the same.
     
    Last edited: Jan 27, 2019
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice