[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. Doug Fore

    Doug Fore Serious Server Member

    Hey guys, i have a netgear r7000 and i have tried these two versions of FreshTomato (R7000-ARM-2019.1.015-beta and R7000-ARM-2018.5-AIO) neither of these for me has anything under wifi filter (the block,allow etc. check boxes are not there) but loading Shibby 1.28 its fine, any suggestions.
     
  2. usergay

    usergay Connected Client Member

    Did you clear your browser's cookies / history / cache?
     
  3. Doug Fore

    Doug Fore Serious Server Member

    No i didn't,but i did do a clear nvram after upload,that worked fine with shibby.
     
  4. digixmax

    digixmax LI Guru Member

    See the footnote on the Basic->Wireless Filter page: "Notes - To specify how and on which interface this list should work, use the Virtual Wireless Interfaces page."

    On my R7000 running 2019.1, the Virtual Wireless Interfaces page displays the various menu options to apply the wireless filter.
     
    Doug Fore likes this.
  5. Doug Fore

    Doug Fore Serious Server Member

    Thanks for the info i will try this and see what happens.
     
  6. digixmax

    digixmax LI Guru Member

    On my R6300v2 and R7000 running 2019.1 ARM builds, the QoS->View Details page does not show any currently active TCP or UDP connection - see the attached screencap.

    I also noticed that none of my other routers that are running the MIPS builds of 2019.1 (RT-N16, WNR3500L) has this issue -- i.e., the active TCP/UDP connections get displayed just fine.

    r7000-qos-details.jpg
     
    Last edited: Jan 27, 2019
  7. maurer

    maurer Network Guru Member

    do any of you have issues running custom scripts in latest 2019.1 beta?
    on my ea6300v1 only the first line in "Init" script is executed.
    I've tried moving the scripts to "wan up" area but got the same result - no execution.
    I've worked around it by creating an Sxy script in entware zone /opt/etc/init.d
     
  8. digixmax

    digixmax LI Guru Member

    FWIW, I have used 3- to 6-line long scripts in Admin->Init Scripts (to populate DNS and NTP server entries), they all seem to execute fine.

    What sort of commands do you have in your script?
     
  9. David Colburn

    David Colburn New Member Member

    I'm unclear as to the difference between FreshTomato and AdvancedTomato
    Is there an explanation somewhere that I have not yet located?
    I only just became aware of FreshTomato although I've been a long time Tomato user.
    We loaded AdvancedTomato on a Netgear R7000 and it doesn't show the USB sub-menu anywhere.
    I'm not sure where to ask about this ...
    Thanks
     
  10. digixmax

    digixmax LI Guru Member

    David Colburn likes this.
  11. David Colburn

    David Colburn New Member Member

  12. digixmax

    digixmax LI Guru Member

    Which build type are you using: AIO or VPN?

    If you're using the VPN build type then I'd suggest you try the AIO build type which should have the USB features.
    AFAIK, enhancements in Advanced Tomato are solely WebGUI related.
     
    Last edited: Jan 28, 2019
  13. Mercjoe

    Mercjoe Network Guru Member

    Unless something has changed, AdvanceTomato is a GUI overlay to the TomatoUSB firmware. It is based on more up to date web standards, is more responsive. and utilizes the screen space available more efficiently.

    See: https://advancedtomato.com/ for more details

    It is not as simple as a theme overlay. It required a lot of work to hook into the actual firmware properly.

    If the router was something that I looked at everyday then it would be a better format IMHO. But as most routers are a set it up and use it device, I find the simpler default UI to be sufficient.
     
  14. David Colburn

    David Colburn New Member Member

    Our son said he went with the basic defaults, so I guess that means AIO.
     
  15. abir1909

    abir1909 Network Newbie Member

  16. digixmax

    digixmax LI Guru Member

    AIO is "All-in-One" i.e. every features included, so the build type you currently have is most likely not AIO.

    I have not used Advanced Tomato but it should have a "About" menu tab that identifies the build release version and type you are using -- see attached image.
     

    Attached Files:

    Boktai1000 likes this.
  17. Boktai1000

    Boktai1000 Network Guru Member

    What build are you running digixmax? I see you have Advanced Tomato UI but curious what build in particular you have. Looking to settle on a stable one, currently running Grinch22 latest.
     
  18. CBR900

    CBR900 Network Guru Member

    Hi

    Is there a way to connect a wifi printer ( epson L355) to my asus router?

    There is no wps button.

    Pls help


    Sent from my iPhone using Tapatalk
     
    Last edited: Jan 28, 2019
  19. digixmax

    digixmax LI Guru Member

    I am currently running FreshTomato 2019.1 on my active routers -- VPN build on the home Gateway, and AIO and MiniIPv6 build on the two Wireless Ethernet Bridges.

    The image of Advanced Tomato UI in my previous post was taken from AT portal and was included to help explain where to look for the build info.
     
  20. Tony Ramirez

    Tony Ramirez Reformed Router Member

    I was using AdvancdTomato for a long time but it has not been updated in over a year so I switched to FreshTomato which is not as pretty until I used this theme http://tomatothemebase.eu/?p=1448 which is not bad looking. Still loved the AdvancedTomato interface but the user basically abandoned it I bet soon the homepage will turn into a parked domain site.

    I know about the AdvancedTomato fork but there are too many serious bugs going on with it so I went back to FreshTomato.
     
    Boktai1000 likes this.
  21. abir1909

    abir1909 Network Newbie Member

    why am i getting so many DHCP requests from my Apple TV every few sec. is that normal?

    Jan 28 19:25:35 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:25:35 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:26:44 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:26:44 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:27:53 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:27:53 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:29:02 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:29:02 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:30:11 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:30:11 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:31:20 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:31:20 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:32:28 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:32:28 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
    Jan 28 19:33:38 unknown daemon.info dnsmasq-dhcp[2575]: DHCPREQUEST(br0) 192.168.1.200
    Jan 28 19:33:38 unknown daemon.info dnsmasq-dhcp[2575]: DHCPACK(br0) 192.168.1.200 Apple
     
  22. rs232

    rs232 Network Guru Member

    How about opening a new thread? While you do this post the DHCP lease time value you set in your config.
     
    pedro311 and kille72 like this.
  23. abir1909

    abir1909 Network Newbie Member

    lease 1440. will open a new thread. thanks
     
  24. Boktai1000

    Boktai1000 Network Guru Member

    I'm in a similar situation being at a crossroads though with the AT fork and FreshTomato - but what bugs does it have that you are aware of, and which fork in particular are you referring to (AndreDVJ or Grinch22)?
     
  25. rs232

    rs232 Network Guru Member

    I have just noticed these 2 lines in my crontable (2018.4 AIO on RT-N18)

    55 9 22 2 * ddns-update 1 force #ddnsf1#
    55 9 22 2 * ddns-update 0 force #ddnsf0#

    I'm not using DDNS on this device, can anybody check why these are installed in the crontable by default?

    Thanks
     
  26. Twincam

    Twincam Networkin' Nut Member

    My RT-AC3200 [ARM] is the same but the RT-N66U [MIPS] works well. I don't think I've ever seen values [other than IGMP ones] displayed on ARM builds, including older versions. In all cases, I have never enabled QoS but the MIPS builds have always displayed correctly and I have used the display for analytical purposes [very useful].
     
    digixmax likes this.
  27. digixmax

    digixmax LI Guru Member

    I wish some developer could take a look into the codes for this feature and figure out why the difference in behavior.
    Same here with me.
     
  28. Twincam

    Twincam Networkin' Nut Member

    Try setting "Auto refresh every" to "0" [meaning "Disabled"] on the basic-ddns.asp page. My guess is that would remove the ddns-update entries. I presume you checked using "cru l". I had to look it up as I'm not good with linux. I can't confirm as my ddns updates are enabled [every 21 days] but the first appears to corrupt the page display after an update [using a "Custom URL" to a "dhs.org"-provided ddns name]. I'm reluctant to reboot the router [which fixes the page display issue] as it has now been running for a record 126 days :)

    For anyone interested, my page corruption issue is described here. It still exists [in ARM & MIPS builds] and only a reboot fixes it!
     
  29. Boktai1000

    Boktai1000 Network Guru Member

    February 1st 2019 is DNS Flag Day ( https://dnsflagday.net/ )

    I don't know the particulars with Stubby, but I figured I'd mention this here as I'm not sure if there's an expected impact from current or previous builds that anyone is running.

    Would be curious if someone could comment on the impact regarding FreshTomato / Stubby implementation. I know some of you are running Unbound as well which also gets a mention, it sounds like Unbound 1.9.0 will probably release at or around Feb 1st.
     
  30. rgnldo

    rgnldo Networkin' Nut Member

    A little help. An acquaintance offers me for sale a NETGEAR R8000. I have two routers: Netgear R6300v2 and an Asus RT-AC68U. Is it worth buying the NETGEAR R8000 for use with FreshTomato?
     
  31. tdotnico

    tdotnico New Member Member

    Hi there everyone,

    I'm relatively new to Tomato and after configuring my routers (R7000 both at home and at work), I have noticed that the wifi, more specifically the 5ghz AP constantly drops and it does not restart itself.

    Is there a custom script that I can set to scan every 5 minutes, and if either AP has dropped have it restart automatically?

    By the way, I am using Freshtomato firmware 2019.1.015 -beta K26ARM USB AIO-64K based on Based on Tomato Firmware v1.28.
    I know it is BETA but I have used previous ones and I still had the same issue with AP's dropping and unless I restart them myself nothing happens.

    Any help would be much appreciated, whether I have to add them to the scheduler custom fields or in the main console.

    Thanks!
     
  32. rs232

    rs232 Network Guru Member

    https://www.linksysinfo.org/index.p...o-restart-wireless-services-if-dropped.74445/

    Do not double post!!!!!...ever
     
    smuis1, maurer, kille72 and 1 other person like this.
  33. Nathan Ellsworth

    Nathan Ellsworth Reformed Router Member

    I see you didn't open another thread on this yet, but I can confirm my Apple TV does this also. It must be an Apple TV thing as none of my other devices, including Macs and iOS devices, exhibit this behavior. I don't think it harms anything, just fills up the Tomato log excessively!
     
  34. rs232

    rs232 Network Guru Member

    I'm in the same position about the R8000. All I can read on this forum are issues. Is there any love story to tell about FreshTomato running on it? Anybody please?
     
  35. PetervdM

    PetervdM Network Guru Member

    i am using a R8000 for more than 2 years now. wifi strength could be better. i use the current 2019.1 fw, and have only ipv6 disabled, ddns, static dhcp, dnsmasq custom config, extended routing, disabled wireless 3, port forwarding, upnp disabled, usb storage, ftp, openvpn server with a heavy custom config, bandwith monitoring, ip traffic monitoring, snmp, various scripts and logging of everything that can be logged.
    except for the wifi strength i am very happy with this router.
     
    Last edited: Feb 2, 2019
    rs232 likes this.
  36. rs232

    rs232 Network Guru Member

    I don't use IPv6 and it's completely disabled on my device.
    I have found the following references in my FreshTomato log (2019.5 beta) running on Asus rt56u though:

    Code:
    Jan  1 00:02:36 tomato36k daemon.warn miniupnpd[5822]: no HTTP IPv6 address, disabling IPv6
    Jan  1 00:02:36 tomato36k daemon.notice miniupnpd[5822]: Listening for NAT-PMP/PCP traffic on port 5351
    Jan  1 00:02:36 tomato36k daemon.err miniupnpd[5822]: PCPSendUnsolicitedAnnounce() IPv6 sendto(): Bad file descriptor
    
    Code:
    Feb  2 16:28:40 tomato36k user.crit preinit[1]: Error while loading rules. See /etc/ip6tables.error file.
     
  37. oby-1k

    oby-1k Connected Client Member

    Hey guys I have a pretty heavy config on my R7000 and I'm now reaching the point of running out of NVRAM.

    I've offloaded my VPN certificates to JFFS instead of the WEBGUI but Adblock is really now taking over the memory.

    May I suggest an option to offload also the Whitelist and Blacklist domains to files in any Files System as well?

    I have pretty heavy custom lists, so I'm afraid that I'll be running out of memory pretty soon.

    I may think to offload the Blacklist to the Webserver, but anyway the whitelist will cosnume it in the future anyway.

    Just looking for a neat and clean solution.

    Thanks to the developers for this great work!!
     
  38. AndreDVJ

    AndreDVJ LI Guru Member

    oby-1k, Boktai1000 and rgnldo like this.
  39. oby-1k

    oby-1k Connected Client Member

    Thanks @AndreDVJ.

    Will try it.

    I moved from scripted adBlock to WebGUI years ago due to easier management but at a cost as I can see it now. But all good, will try your recommendation.

    Cheers

    Obi
     
  40. BHTeam

    BHTeam Network Guru Member

    Can you please add Bulgaria in the time zone settings?
     
  41. Kikusz

    Kikusz Reformed Router Member

    QoS is buggy...
    I tested the multiwan by adding a new vlan/pppoe connection and seemed to work fine..
    But after I removed it in QoS it still shows double wan's in there
    Apparently the router is not checking how many vlan/wan are there and reset it back to the apropriate number on boot.

    and can you add an option in QoS to use the same classes for all the wan connections?
    It's super annoying to setup QoS for each single connection instead of having 1 for all and just have it multiplied internally
     
    Solarfinder likes this.
  42. rs232

    rs232 Network Guru Member

    It's already there:

    Time Zone Currently Being Used in Bulgaria:
    Offset Time Zone Abbreviation & Name
    UTC +2 EET Eastern European Time
     
    The Master and kille72 like this.
  43. tdotnico

    tdotnico New Member Member

  44. txnative

    txnative Addicted to LI Member

    You can't delete the post, just be aware that one post is enough, everyone will read it and if someone knows and there will some response, on the other hand if no one knows the answer or the statement doesn't make sense then a post may not be answered, be detailed if needed all information will help without someone trying to guess, regards.
     
  45. xmrforprivacy

    xmrforprivacy Network Newbie Member

    Bug report

    Router:
    Netgear R7000, ARMv7 Processor rev 0 (v7l)

    Fresh Tomato version:
    2019.1.015-beta - Tried on two different routers. Erased NVRAM and manually configured both

    Problem:
    Changing the WAN MAC-address in the GUI under "Advanced/MAC Address/WAN Port" does no longer take effect. After changing the MAC-address and checking under "Overview/WAN/MAC Address" the routers default MAC Address is still shown. Have also checked in a bridge that is installed in the same LAN just to make sure. The same procedure works fine in 2018.4 and 2019.5.

    EDIT: If I do not configure any other settings in the router I'm able to change the WAN MAC address in 2019.1beta as well. But it seems only possible if it is the first thing I do after NVRAM erase. My guess is some other setting in playing a part in this but I've not been able to figure out which one. Any idea?
    (It seems to still be a difference though between 2019.1beta and previous versions regarding this problem because if I do a complete (manual) configuration of the router, I'm able to change the WAN MAC address in 2018.4 after that but not in 2019.1beta).

    EDIT2: After a lot of testing I now got it to work in 2019.1beta. Best guess, I was not consistent with the MAC addresses I used for testing and might have used a non valid MAC adress. If someone has any input on how Fresh Tomato handles the WAN MAC address specifically, please let me know
     
    Last edited: Feb 4, 2019
  46. Boktai1000

    Boktai1000 Network Guru Member

    Two questions:

    1. What's the best way to find out all of the clients on each of the wireless frequencies (for example, how can I tell which clients are on 2.4GHz and which are on 5GHz so I can track what devices I'll need to change for a WPA2 passphrase change)

    2. Looking at the Device List ( http://192.168.1.1/#status-devices.asp ) I see on the left-hand side some but not all devices have an Interface associated with them. On my device, only roughly have of them have an interface shown. What is the reason for this - as it is not clear at all why this is the case from the user interface, and maybe something worth changing in the future?

    Thanks!
     
  47. rs232

    rs232 Network Guru Member

    2.4/5GHz check your virtual wireless page for interface name on myour system.

    on mine I have:

    eth1 - main WLAN 2.4
    eth2 - main WLAN 5
    wl1.0 - guest wlan 2.4
    wl1.1 - guest wlan 5

    then run:

    wl -i $ifref assoclist

    for each interface to see what max is associated to what network.

    Or you could run this:

    Code:
    interfaces=`nvram get lan_ifnames | sed 's/vlan./ /g'`
    interfaces="$interfaces `nvram get lan1_ifnames | sed 's/vlan./ /g'`"
    interfaces="$interfaces `nvram get lan2_ifnames | sed 's/vlan./ /g'`"
    interfaces="$interfaces `nvram get lan3_ifnames | sed 's/vlan./ /g'`"
    
    # Get MAC addresses of the wifi devices
    echo $interfaces | tr " " "\n" |
    while read i
       do
       echo $i
       wl -i $i assoclist | awk '{print $2;}'
       done
    


    I would ignore the device list page to be fair it did a great job for many years but as far as I know it hasn't been updated for long time. Overall still working but don't bank on the info you see in there.
     
    Last edited: Feb 4, 2019
  48. Boktai1000

    Boktai1000 Network Guru Member

    I just tried this, and it wasn't as elegant of a solution as I had hoped, or maybe I did something wrong.

    First off I tried to run "wl -i $ifref assoclist" but the command bombed out, then I tried "wl -i $ifref assoclist eth1" for example in-case I had the syntax wrong, but that didn't seem to work either. Clearly I'm doing something wrong there.

    Second I just copy pasted that entire section you posted right into the command line, which did give me some output, but only the associated MAC Addresses. I think this was accurate, but I can't help but think there has to be a more elegant solution to poll this information in an easier manner, as well as output Hostnames along with it (OUI Lookup included would be a dream but requires external query).

    For now I think this will do but I still wonder about a better solution and in addition, wonder why the Device List page is broken under the Device List. I wish I knew programming so I could assist with fixing that issue, at least hopefully highlighting a possible problem with it will bring it to someones attention.

    Thank you for your response and assistance with figuring this out, and I'll keep my eyes out if there is a better solution in the future
     
    Last edited: Feb 4, 2019
  49. Twincam

    Twincam Networkin' Nut Member

    I can only assume that you are not seeing what I see [below]. Using FreshTomato Firmware 2018.4 K26ARM USB AIO-64K I can tell exactly which interface a WiFi client is associated with.

    upload_2019-2-4_21-24-8.png

    upload_2019-2-4_21-22-55.png
     
    smuis1 and kille72 like this.
  50. snowman58

    snowman58 New Member Member

    Thank you @kille72 and @pedro311 for the hard work getting this updated.

    I am in the process of getting the R7000P working on fresh tomato, and have a couple quick questions. What if any issues are there on the Netgear R6400, R6250, R6300V2 or R7000. Depending on the issues, if any I may be able to correct them at the same time. As I do not have access to any of these routers I can not check myself.
     
  51. digixmax

    digixmax LI Guru Member

    My top candidate issue at the moment: the QoS->View Details page on my R6300v2 and R7000 does not show currently active TCP/UDP connections (see https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/page-19#post-302440).
     
    Last edited: Feb 5, 2019
    snowman58 likes this.
  52. rgnldo

    rgnldo Networkin' Nut Member

    Stubby for me depends on the connection realization provided by my ISP. Make an evaluation of the connection and adapt the stubby.yml.
    My file stubby.yml:
    Code:
    tls_ca_file: "/opt/etc/ssl/certs/ca-certificates.crt"
    
    resolution_type: GETDNS_RESOLUTION_STUB
    dns_transport_list:
      - GETDNS_TRANSPORT_TLS
    tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
    tls_query_padding_blocksize: 256
    edns_client_subnet_private : 1
    idle_timeout: 60000
    round_robin_upstreams: 0
    listen_addresses:
      - 127.0.0.1@5453
      - 0::1@5453
    
    upstream_recursive_servers:
    # IPv4 addresses
    # Cloudflare
      - address_data: 1.1.1.1
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 1.0.0.1
        tls_auth_name: "cloudflare-dns.com"
    # IPv6 addresses
    # Cloudflare
      - address_data: 2606:4700:4700::1111
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 2606:4700:4700::1001
        tls_auth_name: "cloudflare-dns.com"
    

    Dnsmasq Gui:
    Code:
    no-negcache
    server=0::1#5453
    bogus-priv
    domain-needed
    local-ttl=600
    log-queries
    log-facility=/mnt/ENTWARE/dnsmasq/log/dnsmasq.log
    server=/pool.ntp.org/1.1.1.1
    server=/ntp.alsysdata.net/1.1.1.1
    FreshTomato 2019.1_beta
     
    Last edited: Feb 6, 2019
  53. Boktai1000

    Boktai1000 Network Guru Member

    Sorry maybe I should clarify that I'm actually on AndreDVJ FreshTomato. See on the left of my Device List where you have eth2, eth1, wl0.1, etc listed - I have that as well, but only on roughly half of the devices or so, and then some devices just don't show anything - even though it correctly identifies some devices such as my iPhone X in the device list and shows the wfilter option for it. It just seems inconsistent at best, and I suppose it's entirely possible it's an AndreDVJ/AdvancedTomato thing.

    In addition your second picture that lets you click "(show)" for each of your wireless interfaces, I did not have something like that listed in my Device List page at all. Where is that located?

    If I need to open up a new thread I can definitely do so as well. Appreciate you responding to me!
     
  54. rs232

    rs232 Network Guru Member

    So why are posting on this thread?
     
    kille72 likes this.
  55. Boktai1000

    Boktai1000 Network Guru Member

    Because it's based on FreshTomato? I know you just freaked out on a user for double posting too so... I can go post a thread but would that be double posting?
     
  56. Twincam

    Twincam Networkin' Nut Member

    @Boktai1000 that page is from the "Status->Overview" menu path [the default page displayed on accessing your router].
     
  57. rs232

    rs232 Network Guru Member

    I didn't meant to be provocative, but I think there's a littlebit of dyslexia happening here and I don't see any reference to Freshtomato in AndreDVJ builds.
     
  58. rgnldo

    rgnldo Networkin' Nut Member

    Reinforce security with root certificates with Stubby

    add option on stubby.yml: dnssec_return_status: GETDNS_EXTENSION_TRUE

    Create the folder for root certificates
    Code:
    mkdir /opt/var/cache/stubby

    Code:
    tls_ca_file: "/opt/etc/ssl/certs/ca-certificates.crt"
    
    resolution_type: GETDNS_RESOLUTION_STUB
    dns_transport_list:
      - GETDNS_TRANSPORT_TLS
    tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
    dnssec_return_status: GETDNS_EXTENSION_TRUE
    tls_query_padding_blocksize: 128
    edns_client_subnet_private : 1
    round_robin_upstreams: 0
    idle_timeout: 2000
    tls_connection_retries: 5
    tls_backoff_time: 900
    timeout: 2000
    appdata_dir: "/opt/var/cache/stubby"
    listen_addresses:
      - 127.0.0.1@5453
      - 0::1@5453
    
    upstream_recursive_servers:
    # IPv4 addresses
    # Cloudflare
      - address_data: 1.1.1.1
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 1.0.0.1
        tls_auth_name: "cloudflare-dns.com"
    # IPv6 addresses
    # Cloudflare
      - address_data: 2606:4700:4700::1111
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 2606:4700:4700::1001
        tls_auth_name: "cloudflare-dns.com"
    
    Dnsmasq GUI:
    Add option "proxy-dnssec"
    Code:
    no-negcache
    server=0::1#5453
    bogus-priv
    domain-needed
    local-ttl=600
    proxy-dnssec
    Install Haveged
    Code:
    opkg install haveged
    /opt/etc/init.d/S02haveged start
     
    RogueScholar and eTaurus like this.
  59. BHTeam

    BHTeam Network Guru Member


    Yes, UTC+2 is there. Bulgaria is not. [​IMG]
     
  60. rs232

    rs232 Network Guru Member

    I can see Moldova missing too in that timezone. And in general pleny of errors as far as I can tell e.g. Jordan is UTC+2 and it has been wrongly added to UTC+3

    Ref: https://upload.wikimedia.org/wikipedia/commons/e/e8/Standard_World_Time_Zones.png

    Regardless, these are only aliases to help people picking up the right UTC have no value what so ever in the function. Does Bulgaria needs to be in there?.... not sure... if I was Bulgarian I would probably think so. I'll let the other people comment but if this list is to be revised there are many corrections needed for sure.

    Thanks for pointing this out
     
    Techie007 and kille72 like this.
  61. BHTeam

    BHTeam Network Guru Member

    Yes, you are correct.
    I propose to do one of two:
    1. Update the list of countries
    or
    2. Remove the names and make the menu be UTC+2 only.
     
    Boktai1000 likes this.
  62. rs232

    rs232 Network Guru Member

    I think different areas within the same timezone might have different light-saving time hence a division was made.
    Every year there are a bunch of official modifications to timezone

    https://www.timeanddate.com/news/time/

    it becomes tedious to keep everything updated.
     
    Last edited: Feb 7, 2019
  63. Mercjoe

    Mercjoe Network Guru Member


    1) The places listed in the various time zones are provided to give you a local frame of reference. They were never intended to list every geographical location that may be within a listed time zone. You know what it around you in a geographic sense. You choose the time zone based on what is around you. To have to list every country or city in every time zone is beyond silly.

    2) To delete any frames of reference is even more silly. I have no idea what UTC zone I am in, but I know I am in the eastern time zone. Thus it is easy to locate and select it.

    The devs have much better things to use the limited resources we have on these routers than to list everyones country in a UTC to limit the risk of offending someone.
     
  64. Boktai1000

    Boktai1000 Network Guru Member

    I mean, if it's outdated and has simply wrong or missing information, isn't that enough to warrant a fix? Especially after pointing out an inaccuracy and possibly identifying a better way to handle things moving forward. Compared to a larger issue, this doesn't seem like a hard one to tackle in the grand scheme of things either. Since you're in a time zone that doesn't have any problems and aren't necessarily affected by the issue (Eastern Time Zone) it's reasonable that you wouldn't care, but if EST ever shifted or offset by an hour then perhaps you would want to get it corrected as it would be misleading in the UI. But that's just my $0.02.
     
  65. ruggerof

    ruggerof Network Guru Member

    No matter how hard I try, I cannot see any good value in spending time in either of your alternatives.
     
  66. Mercjoe

    Mercjoe Network Guru Member

    Did What inaccuracies are you discussing here? Did a country suddenly move?

    Anyway...
    Yes, I agree, inaccuracies SHOULD be addressed. Adding locations to appease someone should not.
     
    Magister likes this.
  67. Boktai1000

    Boktai1000 Network Guru Member

    You need not look much further than three posts above your initial post regarding this

    I mean unless you consider Jordan being listed as GMT/UTC+3 when it's actually GMT/UTC+2 as not being an inaccuracy. According to his post as well, there are several others although without further cross referencing I couldn't tell you. If you read this post, you'll see that each year there are time-zone changes that happen and countries getting moved around to different time zones, DST changes, etc. What's being tossed around is no one wants to spend time maintaining and updating that over time and instead just remove suggested country text from the timezones altogether and let the user pick what is right to them, instead of offering potentially misleading options in the UI.

     
  68. digixmax

    digixmax LI Guru Member

    and perhaps optional fields for dates of DST changes.
     
  69. Sinopsys

    Sinopsys Reformed Router Member

    I am using a R8000 for more than 4 years now. I recognize it is a very stable rooter with no random hang or freeze or reboots.
    There's been very strong efforts made to support it in various projects and lately Kille72 and the guys contributing also in this forum.
    Nevertheless the hardware may not be the best supported one.

    I'm not using all of its features, only IPv6, SNMP, OpenVPN, NGINX Reverse proxy, AP, DDNS, Port forwarding, DHCP static/dynamic, entware, syslog forwarding.
    CPU are never overloaded.
    Now when it comes to network performance, it is a bit disappointing:
    - not suitable to enjoy Gigabit ISP as WAN-LAN has limitations and also LAN-LAN
    - not fully supporting Mu-mimo thus not enjoying marketed wifi speed

    But signal is strong and reliable.

    I wish Chinese team had shared their enhancements on the firmware to make it faster while open.
     
  70. Pasha_ZZZ

    Pasha_ZZZ Serious Server Member

    Is there a option to set custom run parameters for dnsmasq? Or maybe add extra field for conditional DNS servers list?
    Its needed for OpenNIC/EmerCoin DNS. F.e. --server=/lib/<opendns_server> --server=/coin/<opendns_server>
     
  71. cloneman

    cloneman LI Guru Member

    you mean like... that large box on the advanced-dhcpdns.asp page?
     
    Mr9v9 likes this.
  72. eTaurus

    eTaurus Connected Client Member

    Does this have any influence on pixelserv-tls? I tried it several times but pixelserv-tls stops working when applying your suggestions. I have a suspicion that it may be a problem with timing at boot.
    Do I have to create a cronjob for haveged? What is haveged used for in this context?
     
  73. rgnldo

    rgnldo Networkin' Nut Member

    Try changing the stubby.yml file
    Code:
    tls_ca_file: "/opt/etc/ssl/certs/ca-certificates.crt"
    
    resolution_type: GETDNS_RESOLUTION_STUB
    dns_transport_list:
      - GETDNS_TRANSPORT_TLS
    tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
    dnssec_return_status: GETDNS_EXTENSION_TRUE
    tls_query_padding_blocksize: 256
    edns_client_subnet_private : 1
    round_robin_upstreams: 0
    idle_timeout: 60000
    ppdata_dir: "/opt/var/cache/stubby"
    listen_addresses:
      - 127.0.0.1@5453
      - 0::1@5453
    
    upstream_recursive_servers:
    # IPv4 addresses
    # Cloudflare
      - address_data: 1.1.1.1
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 1.0.0.1
        tls_auth_name: "cloudflare-dns.com"
    # IPv6 addresses
    # Cloudflare
      - address_data: 2606:4700:4700::1111
        tls_auth_name: "cloudflare-dns.com"
      - address_data: 2606:4700:4700::1001
        tls_auth_name: "cloudflare-dns.com"
    On Wan Up:

    Code:
    sleep 7
    cp /jffs/configs/stubby /etc
    sleep 5
    service dnsmasq restart
     
  74. rgnldo

    rgnldo Networkin' Nut Member

    @eTaurus it's working here
    Code:
    root@rgnldo-lan:/tmp/home/root# rm /opt/var/cache/stubby/*
    root@rgnldo-lan:/tmp/home/root# service dnsmasq restart
    ............
    Done.
    
    root@rgnldo-lan:/tmp/home/root# ls /opt/var/cache/stubby/
    root-anchors.p7s  root-anchors.xml  root.key
    
    root@rgnldo-lan:/tmp/home/root# /opt/etc/init.d/S80pixelserv-tls check
     Checking pixelserv-tls...              alive. 
     
  75. eTaurus

    eTaurus Connected Client Member

    Got it working again.
     
  76. digixmax

    digixmax LI Guru Member

    [post deleted]
     
  77. Sysop Grace

    Sysop Grace Reformed Router Member

    Hey @rgnldo - Would you be able to link us to those test pages you have screenshots for?

     
  78. rgnldo

    rgnldo Networkin' Nut Member

    Sysop Grace likes this.
  79. rgnldo

    rgnldo Networkin' Nut Member

    @pedro311 @kille72 the work of Grinch22, with AdvancedTomato fork, is now only with FreshTomato.

     
    Elfew, Boktai1000 and cyber062 like this.
  80. Boktai1000

    Boktai1000 Network Guru Member

    I did see that Grinch22 fixed that IPv6 bug with one last build but also I did see that note as well.
     
  81. geekjock

    geekjock Network Guru Member

    rs232 likes this.
  82. oby-1k

    oby-1k Connected Client Member

    Hi @AndreDVJ, any particular reason LZ4-V2 is not available in the VPN advanced configuration (2nd Feb build)

    I have a 2nd router with FreshTomato 2019.1 Beta and it's available there, thought the forks were in almost sync.

    Cheers,

    Oby
     
    Boktai1000 likes this.
  83. Boktai1000

    Boktai1000 Network Guru Member

    It looks like this commit is missing from @AndreDVJ repository:

    * https://bitbucket.org/kille72/freshtomato-arm/commits/7a6161d8f312dd11aa7ca6f16e8369dd7a7130a9
    * https://bitbucket.org/pedro311/freshtomato-arm/commits/f807d373b43ac66b31cb77059948547d20a58f77

    I just searched "LZ4-V2" on FreshTomato and AndreDVJ repo and did not see this one on AndreDVJ.

    Personally don't use VPN though, and I also don't know if it was withheld for a certain reason/etc.
     
    kille72 and oby-1k like this.
  84. AndreDVJ

    AndreDVJ LI Guru Member

    Well discussing about my fork is kinda off-topic, but I probably forgot of that.

    What I really have zero interest is Stubby, which pissed me off when I had it setup and I want to stay the hell away of it.
     
    txnative, oby-1k and Boktai1000 like this.
  85. Boktai1000

    Boktai1000 Network Guru Member

    Maybe so as not to derail the topic of FreshTomato, we should create a separate thread for discussing your fork. I think it has enough community interest to have it's own thread, that way users can discuss among themselves without crowding or interrupting FreshTomato discussion - especially if problems are specific only to one build.

    Thoughts?
     
    geekjock, Techie007 and oby-1k like this.
  86. AndreDVJ

    AndreDVJ LI Guru Member

    Trying to be brief, I can't say my fork is a project, because it's strictly what I use on my Netgears. Whatever I do may be cherry-picked by FreshTomato for the benefit of its users.

    So I prefer not having a thread open for that, as it's not that different from FreshTomato. Fundamentally from Shibby and onwards it's the same thing.

    I don't have a say on kille72/pedro's project. I'm merely a contributor. It's very difficult to keep TomatoUSB relevant these days, because we're locked down to many things.
     
    snowman58, The Master, rgnldo and 3 others like this.
  87. rs232

    rs232 Network Guru Member

    Running on the latest beat (2019.1.015b) Can anybody comment on this issue? It seems like Stubby is not performing as expected:

    Code:
    Router# kill -USR1 `ps -w | grep dnsmasq | grep nobody | awk '{print $1}'`
    Code:
    Router# tail /var/log/messages | grep retried
    Feb 13 13:08:53 tomato36k daemon.info dnsmasq[28351]: server 127.0.0.1#5453: queries sent 287097, retried or failed 83822
    See number of failed above.

    P.S. Is there a way to extract similar stats from stubby?
     
  88. rgnldo

    rgnldo Networkin' Nut Member

    I am with the 2019.1 beta build. It's okay for me. No error.
    Code:
    root@rgnldo-lan:/tmp/home/root# kill -USR1 `ps -w | grep dnsmasq | grep nobody | awk '{print $1}'`
    root@rgnldo-lan:/tmp/home/root# tail /var/log/messages | grep retried
    root@rgnldo-lan:/tmp/home/root# 
     
  89. rgnldo

    rgnldo Networkin' Nut Member

    Keep collaborating you can not. I think you can add it with FreshTomato.
     
  90. rs232

    rs232 Network Guru Member


    There is something wrong in what you're doing as you should get an output.
    Perhaps "retried or failed 0" but you should see that line.
     
  91. xmrforprivacy

    xmrforprivacy Network Newbie Member


    I can only agree. Being a long time user of R7000 I was initially blown away with what Tomato firmware was offerering compared to original firmware and especially the Fresh Tomato build. You guys rock!
    Currently have six of these routers in different locations with more or less same functionality activated.

    On your question, one or two of my routers also have a more heavy config. My experience is that none of different configs I've tried affects the CPU/memory as much as Adblock do, so I should work with that (if you can) for optimization. On that note though - Are there any router with better performance to use with Fresh Tomato than the R7000 (1 Ghz Dual Core, 256 MB RAM) ? Going through the Downloads and looking them up on wikidevi.com I could not find one but maybe I missed it?
     
  92. Mr9v9

    Mr9v9 Serious Server Member

    Have you thought about using PiHole? It would take the resources off DNSMasq for the adblocking side.
    Aside from an R8000 or an Asus arm based router there really isn't much else out there. You are better off offloading resources/services to another server.
     
  93. Mercjoe

    Mercjoe Network Guru Member

    Just looking at some of the latest commits in the GIT. I see Pedro made a commit ae36593 that removed some variables from the advance wireless tab. I can agree with the need to remove the receiving/transmitting antenna fields as that has long been outdated and handled via hardware anyway, but I see that transmission power field has been removed as well.

    Has this variable been 'dead' for a while? I.E. has the wireless driver locked us out of changing it?

    Is the firmware just going use the 'hardware default' wireless power level based on region?

    In the past I have used in the past to lower interference as I do not need a signal that is seen 5 houses away.

    The point of this post: Why is it being removed?
     
    Last edited: Feb 17, 2019 at 7:10 PM
    Techie007, Aardvark and phuklok1 like this.
  94. TeHashX

    TeHashX Networkin' Nut Member

    Hi, I have an RT-AC66U loaded with v2019.1.015-beta pppoe connection.
    I created a virtual wireless device connected to a wifi network, it is possible to passthrough internet from virtual wireless to lan ports in case pppoe connection is down?
    Thanks!
     
  95. digixmax

    digixmax LI Guru Member

    FWIW, attached is Asus-Merlin's menu for DST setting.
     

    Attached Files:

    Elfew and Boktai1000 like this.
  96. Edrikk

    Edrikk Network Guru Member

    @M_ars

    re: your blink_5g -> blink refactor... I know you mention in the commit that R7000 is working, but just wanted to note that I just compiled Pedro's rep as of build "4d987cf" and my 2.4GHz and 5GHz lights are off.

    This is without a full reset, but having set blink_wl as that's what your commit looks at.

    Not important, just noting...
     
    M_ars and rgnldo like this.
  97. Barisart

    Barisart Reformed Router Member

    Hi all, I used to run the Shibby version, but moved to Merlin after the project looked dead.
    And as there are not that many options for the Asus RT-AC3200 I'm glad to see you brought this project back to life.

    I've just installed the latest beta release on my AC3200 and all is running OK atm.
    Over the next few days I'll try to change back to the config I had when running the Shibby release.
    And I'll try to post updates of the progress and report any findings through this post.

    Keep up the good work.
     
    rgnldo likes this.
  98. @0E800

    @0E800 New Member Member

    WIP Blue Night Theme for Fresh Tomato.

    A custom theme I am working on. Its a learning process.


    [​IMG]

    [​IMG]
     
    Shahnewaz, Twincam, pedro311 and 3 others like this.
  99. Boktai1000

    Boktai1000 Network Guru Member

    Looks like a really nice night theme. Most night themes are usually a blue hue anyways since black on black can be a little extreme, but I think it looks great! I'm personally conflicted between the AdvancedTomato UI and the OG Tomato interface, I really wish that the AT GUI would be incorporated into mainline but I know the maintainers stance on it. As far as OG Tomato themes go, I think this one rocks - well done!
     
  100. rs232

    rs232 Network Guru Member

    The Master and kille72 like this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice