[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. Techie007

    Techie007 Networkin' Nut Member

    Honestly, that's what makes it even more aggravating to me...here we are with real bugs that need fixed and very limited developer resources, and what does it get spent on? Removing existing and fully functional functionality that was working just fine as it was. Or splurging on things like MultiWAN that has a very limited userbase while introducing a ton of new bugs that remain unfixed years later. If it ain't broke...


    I am 100% positive that the WiFi power level setting works. I've used it for as long as I've used Tomato and it has worked on every model router I've used it on. How do I know? Because I do signal strength field testing with my phone and can see exactly how a router's signal strength measures up. Maybe it doesn't work on every supported model, but I have yet to see it not work. There have been locations where I've tweaked power levels to make devices between two meshed routers choose the better one more reliably by dropping the strength of the lower quality signal so the device will choose the other one consistently.
    Honestly, if we were going to change anything, I would've been pushing to move the Transmit Power setting to the Basic Network page, right beside the Enable Wireless checkbox--more like the Ubiquiti products, where Transmit Power is featured as one of the most important settings.

    As far as the antenna setting, I have no opinion. It's kinda awkward when there's only options for antenna A or B and I'm looking at a router with three antennas. I haven't noticed any changes when tinkering with those settings. But that's just me; maybe someone else gets use out of those settings on their router.
     
    usergay and Yim Sonny like this.
  2. jerry0000

    jerry0000 Connected Client Member

    I tried US/Singapore/EU, etc, reboot/reset, etc. All the same problem.
     
  3. jerry0000

    jerry0000 Connected Client Member

    Maybe I need to go back to Shibby 1.32
     
  4. usergay

    usergay Reformed Router Member

    You may need to go back to factory firmware to restore all of your mac addresses and other things then flash back to tomato.
     
  5. usergay

    usergay Reformed Router Member

    The wifi txpower and other settings do work, not sure why they needed to be removed. Multiwan has been a nightmare for me, which is why I still prefer shibby v132.
     
    Techie007 and phuklok1 like this.
  6. joew333

    joew333 LI Guru Member

    MAC addresses are in CFE. Nothing to do with the firmware. You won't lose your MAC addresses with firmware.
     
  7. joew333

    joew333 LI Guru Member

    I did a test for the group.

    The test setup:

    1) Measurements taken with Wifi Analyser App at a stationary 10 inch tablet.
    2) Asus RT-AC68U router with Grinch Tomato build 02/08/2019 used for tests (based on Fresh Tomato).
    3) 5GHz band, channel 149 with 80 MHz channel width tested.

    The results:

    Wireless temp 50°C (did not change during test)

    Router set at 0, device -63 dBm
    Router set at 401 mW received error message for setting out of range (expected result)
    Router set at 400 mW, device -63 dBm
    Router set at 300 mW, device -64 dBm
    Router set at 250 mW, device -65 dBm
    Router set at 200 mW, device -66 dBm
    Router set at 120 mW, device -68 dBm
    Router set at 100 mW, device -69 dBm
    Router set at 50 mW, device -71 dBm

    So to my surprise there are a couple learnings. They are:

    - the transmit power setting does work, as I increase the transmit power there is less signal loss
    - a setting of 0 appears to use the max power of 400 mW
    - the setting of 0 does NOT appear to use the transmit power set in CFE (which is 120 mW on my router)

    So after doing this, my 2 cents is that the setting should be restored on the Advanced Wireless page. @kille72 what do you say?
     
    Techie007, Boktai1000 and kille72 like this.
  8. digixmax

    digixmax LI Guru Member

    I wish there was a fork off 132 without MultiWAN.
     
    Techie007 and usergay like this.
  9. joew333

    joew333 LI Guru Member

    Ditto. Agree with you. I could be wrong but I don't think many persons use multi-WAN. At this stage, it is probably tied into the code to a degree where it wouldn't be practical to take it out.
     
    Techie007 and usergay like this.
  10. MrBeer

    MrBeer Networkin' Nut Member

    It was toast man build but he don't update anyone.like someone to update it it would be nice .I was thinking about trying it but it seems like a lot of work when i have to start learning how to do it.
     
  11. KaYoJ3

    KaYoJ3 Network Newbie Member

    I wrote a script to help ease some of the pain of upgrading FT which means erasing all settings and starting from scratch.
    The script :
    • Shows which settings are different between the 2 versions
    • Shows which settings were added or dropped from one version to the next.
    • Can also filter out settings that don't need to be checked like ssh host keys or MAC addresses.
    The diff can then be filtered with grep, etc.

    When I upgrade my router, I make a few initial settings by hand and then use this script to figure out which ones I still need to change.

    Many thanks to @kille72 and @pedro311 for all the work!

    Usage:
    1 -before upgrading
    Code:
    nvram show > nvram.oldsettings
    2 -upgrade to new build
    3 -then run :
    Code:
    nvram show > nvram.newsettings
    4 -followed by:
    Code:
     ./compare-nvram.py nvram.oldsettings nvram.newsettings
    OR
    Code:
    nvram show > nvram.newsettings && ./compare-nvram.py nvram.oldsettings  nvram.newsettings 

    Code:
    #!/opt/bin/python3
    """
    compare-nvram.py
    compare 2 nvram hash dumps for FreshTomato-ARM
    
    
    before upgrading
            nvram show > nvram.oldsettings
    upgrade to new build
            nvram show > nvram.newsettings
    then
            ./compare-nvram.py nvram.oldsettings nvram.newsettings
    
    OR
    
    nvram show > nvram.newsettings && ./compare-nvram.py nvram.oldsettings  nvram.newsettings
    
    """
    
    import sys
    import re
    import subprocess
    
    file1_NAME = sys.argv[1]
    file2_NAME = sys.argv[2]
    
    d1 = {}
    d2 = {}
    
    
    def process_file(filename, dict):
        linenum = 0
        lastkey = None
        with open(filename) as f:
            for line in f:
                line = line.strip()
                linenum = linenum + 1
                match = re.search('^([a-zA-Z0-9./_]+)=(.+)', line)
                if match:
                    (key, val) = match.group(1), match.group(2)
                    dict[str(key)] = val
                    lastkey = str(key)
                    # print( str(linenum) + ": " + str(key) + " " + val + "--" + lastkey)
    
                # some SSH keys might have = in them
                elif line.endswith("=") and len(line) < 40:
                    line = line.rstrip("=")
                    dict[line] = None
                    lastkey = str(line)
                    # print(str(linenum) + ": " + line  +": EMPTY")
                elif len(line) < 1:
                    # print(str(linenum) + ": BLANKLINE")
                    dict[lastkey] = str(dict.get(lastkey)) + "\n" + line
                else:
                    dict[lastkey] = str(dict.get(lastkey)) + "\n" + line
                    # print(str(linenum) + line + ": PREVIOUS " + str(lastkey))
        return
    
    process_file(file1_NAME, d1)
    process_file(file2_NAME, d2)
    
    f1keysSet = set(d1.keys())
    f2keysSet = set(d2.keys())
    
    extraKeys1 = f1keysSet - f2keysSet
    print("Keys only in f1: {}".format(extraKeys1))
    
    extraKeys2 = f2keysSet - f1keysSet
    print("\n Keys only in f2: {}\n".format(extraKeys2))
    
    ignoredKeys = {"sshd_dsskey", "sshd_ecdsakey", "sshd_hostkey", "adblock_blacklist",
                   "tinc_hosts", "tinc_private_rsa", "tinc_private_ed25519",
                   "wan_ipaddr", "os_date", "ht_id", "ddnsx0_cache", "ddnsx1_cache", "sch_c1_last", "wl0.1_hwaddr",
                   "wan_ppp_redialpid", "wan_pppd_pid"}
    
    commonKeys = f1keysSet & f2keysSet
    
    for k in sorted(commonKeys):
        if k in ignoredKeys:
            print("IGNORING {} ".format(k))
            next
        elif d1[k] == d2[k]:
            # print (" same {}".format(k) )
            next
        elif k in f2keysSet:
            print("DIFF var-> f1::f2 {} -> {} :: {}".format(k, d1[k], d2[k]))
        else:
            print("missing key {}".format(k))
    
     
    LastSilmaril, KeithL, rgnldo and 5 others like this.
  12. kille72

    kille72 LI Guru Member

    Yes, commits already reverted in repo.
     
  13. ddimitrov

    ddimitrov Network Newbie Member

    Thank you for the new release!

    Are there any changes related to Linksys logo light behavior in 2019.1 release? I am asking, because in 2019.1 the logo light of my Linksys EA6700 goes off when the WAN port is connected to Internet. The Internet connection is OK and the router works fine, just the logo light goes off. (In 2018.5 and 2019.1.015-beta the logo light stays on).

    If I unplug the WAN port and reboot the router, the logo light turns on and stays on. Then if a plug the WAN port, the logo light goes off.

    I have done NVRAM reset and reconfigured the router after the upgrade from 2019.1.015-beta to 2019.1. I even reverted back to 2019.1.015-beta in order to double check the logo light behavior, then flashed 2019.1 again and reset NVRAM again, but this didn't help.

    What is the expected behavior of the Linksys logo light?
     
  14. pedro311

    pedro311 Networkin' Nut Member

  15. jerry0000

    jerry0000 Connected Client Member

    Binary re-complied?
     
  16. jerry0000

    jerry0000 Connected Client Member

    I did not mean go back to Shibby 1.32 to fix the MAC issue, or setting issues. I was thinking if going back to Shibby 1.32 just to get a simpler version without MultiWAN.

    Now, I did mention in an earlier post, that after flashing 2018.5, as well as Shibby 1.40, the 5G Wifi MAC is correct in the setting, however, I click the default button, it will change to a MAC that is INCORRECT. Not sure why is that?

    See: https://www.linksysinfo.org/index.php?threads/tomato-shibbys-releases.33858/page-82#post-302859
     
  17. kille72

    kille72 LI Guru Member

    No. You have to wait for the next version which will have these changes. Please use nvram to set transmit power for now.
     
    smuis1 likes this.
  18. M_ars

    M_ars Network Guru Member

    Sorry, will have a look at it in the evening. Thx for info :)
    Wan up —> led on
     
    pedro311, ddimitrov and kille72 like this.
  19. rs232

    rs232 Network Guru Member

    Gents, just a feedback: I think when you release a beta you should pay attention to naming convention. e.g. looking at the 2019.1.015b.
    In my mind 2019.1 = 2019.1.000
    Hence I find it a bit confusing that beta 2019.1.015b is older than the newly released stable "2019.1.000".

    You could have called the beta 2019.1.pre1 or just 2019.1.beta1 which is self-explanatory.

    It's really just semantic but you might want to keep this in mind for future releases.

    Regardless really well done on the latest release :)
     
  20. idjut1

    idjut1 New Member Member

    I too would like to have a non-multiwan version using the shibby v132 as the base. I use VyprVpn which runs on Shibby Tomato and ultimately FreshTomato. The problem is, the feature of this VPN router software which allows you to select which devices use VPN or bypass the connection stopped working after 132... Multiwan feature broke this and I really don't have the need for a bloated, buggy Multiwan version. Please Please Please, go back to 132 and update security holes that have been uncovered since it's release and give us a simple working light version for us simple users. Yes I have donated and will do more if this wish were to come true. Keep up the Multiwan for those who actually use it (or not) but I hear many voices in this forum longing for the simple code that works.

    thanks for listening, and if you feel the same way, let the mods know....post!
     
    edusodanos, smuis1, Techie007 and 3 others like this.
  21. RMerlin

    RMerlin Network Guru Member

    MultiWAN was developed by a Chinese developer who shared his work with Shibby. It wasn't "splurged on" by any of the current (or even past) fork maintainers, it was developed by someone else.

    And at the time, I recall there were a lot of people asking for that feature, especially as Asus had started offering it in their own routers.
     
  22. Sean B.

    Sean B. Network Guru Member

    Yes, the txpwr setting does work. However, it is limited to the region of which is set in the CFE and cannot be circumvented by user accessible settings. The actual transmit power limit can be found by increasing the txpwr setting until txpwr_target_max stops increasing. Check the max target using:

    Code:
    wl -i eth1 txpwr_target_max
    For 2.4ghz, or replace with -i eth2 for 5ghz. The driver will accept any number you want to give it for txpwr, but it will stop the actual power level at regulation limit which can be seen when the above command stops reporting increased levels.
     
    Techie007 and kille72 like this.
  23. usergay

    usergay Reformed Router Member

    I think some folks use tx power to decrease distance / overlap so having the setting there is crucial for situations like that.
     
    Mercjoe and Techie007 like this.
  24. usergay

    usergay Reformed Router Member

    +1 on this!
     
    smuis1 and Boktai1000 like this.
  25. Wizardknight

    Wizardknight Serious Server Member

    I am having trouble with wifi calling (vowifi) with t-mobile on my R6300v2 running 2019.1. I have identified that it is an issue with the router for sure as I can connect to my neighbor's wifi (who is using the same internet provider) and I can make wifi calls without issue. I also have no issues making wifi calls when I am on any other public wifi.

    I have tried opening the firewall ports as described here: https://support.t-mobile.com/docs/DOC-37293
    However there is no change.

    I have found reports of some Asus routers having a similar issue, and the fix was to try enabling IPSEC passthrough under WAN -> NAT Passthrough. Unfortunately I can't seem to find a similar setting in fresh tomato.

    I looked at the log, and I didn't see any traffic from my phones' IP being dropped.

    Does anyone have any suggestions on what I might try?
    Thanks.
     
  26. digixmax

    digixmax LI Guru Member

    +1.
     
    smuis1 and Boktai1000 like this.
  27. pedro311

    pedro311 Networkin' Nut Member

    To dispel all fantasies: there will never be a version without multiwan.
    Period.

    And please finish these redundant disputes.
     
    LastSilmaril, pharma, rgnldo and 6 others like this.
  28. Sean B.

    Sean B. Network Guru Member

    If I remember corrrectly, IPSEC passthrough is under Advanced->Conntrack/netfilter . If not, check Advanced->Firewall.
     
  29. Wizardknight

    Wizardknight Serious Server Member

    I found IPv6 IPSec Passthrough under the firewall settings, however I am not using IPv6. It was also enabled. I disabled it, but there was no change.

    Any other ideas?
     
    Last edited: Mar 2, 2019
  30. Sean B.

    Sean B. Network Guru Member

    Would you please explain what steps you took to "open" these ports?
     
  31. Wizardknight

    Wizardknight Serious Server Member

    Here are the settings being used. 152 is a static IP for my phone.
    ports.jpg
     
  32. Sean B.

    Sean B. Network Guru Member

    Under Advanced->Conntrack/netfilter , do you have the SIP helper enabled ( box checked )? If not, enable and test.
     
  33. Wizardknight

    Wizardknight Serious Server Member

    I also tried sticking my phone IP into the DMZ with no change.
     
  34. Wizardknight

    Wizardknight Serious Server Member

    Yes. It was on by default.
    I have tried it enabled and disabled. No change.
     
  35. Sean B.

    Sean B. Network Guru Member

    Did you enable IPV6 ipsec passthrough? It may implement it for IPv4 as well. When I apply the iptables rule:

    Code:
    iptables -t filter -I FORWARD -p esp -j ACCEPT
    Look at how the rule shows in iptables:

    Code:
    root@Storage:/sys/module# iptables -t filter --list-rules
    -A FORWARD -p ipv6-crypt -j ACCEPT
    That's not using ip6tables, so even tho it's calling it "ipv6-crypt", it's leveraged against IPv4. After enabling IPv6 IPSEC in the GUI, verify if it set in IPv4 using iptables CLI.

    To continue discussing this issue, please open a new thread so not to hijack this one.
     
  36. rs232

    rs232 Network Guru Member

    I have noticed that MultiWAN on 2019.1 (but perhaps also earlier versions) does automatically NAT traffic on all the WAN interfaces set. I would like to stress that this might not be wanted.

    Consider the scenario where an outdoot CPE is used to connect elsewhere there's no need to NAT the connection from tomato to the CPE as this latter does NAT already. Also this complicates the communication initiated from the CPE to the LAN (e.g. having the CPE pointing to tomato's Stubby for DNS resolution).

    So in short, can the MultiWAN GUI be modified to add "Nat communication" on a WAN interface basis e.g. as the OpenVPN client does with the "Create NAT on tunnel" option?
    Happy to have this set as default too but the user should be able to disable NAT if needed.

    Thanks
     
  37. joew333

    joew333 LI Guru Member

  38. joew333

    joew333 LI Guru Member

    Wondering if @Jacky444 will update Advanced Tomato as some of us dig the cool, modern interface of Advanced Tomato.
     
    Boktai1000 likes this.
  39. joew333

    joew333 LI Guru Member


    Thanks for the really detailed and thorough analysis!!! I remember the WRT54x routers and had a WRT54L which was a great router in the day. It is amazing that a bit more than a decade later routers now have very fast dual and quad core CPUs and gobs more memory. It is a shame that Linksys / Belkin / Foxconn moved off Broadcom hardware for the WRT lineup and went to Marvell. I have one of the Marvell based WRT1200AC routers and the wireless drivers have never stabilized in 2 years. I mostly run on an Asus RT-AC68U which is a good hardware platform (even though the CPU runs hotish....it does have good vertical passive venting).
     
  40. joew333

    joew333 LI Guru Member

    I am thinking about getting an RT-AC3200 and running Tomato on it; I have an RT-AC68U now. For anyone on the forum who has one, I'd be interested in your feedback.... Do all the radio bands work on Tomato? How is the coverage and reach of the wireless signal? How hot does the CPU get (my RT-AC68U runs at about 75 degrees C) and what is the normal CPU load?
     
    djmetropolis likes this.
  41. Boktai1000

    Boktai1000 Network Guru Member

    He's been busy with life, if you want to use Advanced Tomato GUI though you should check out AndreDVJ Advanced Tomato fork- https://bitbucket.org/AndreDVJ/advancedtomato-arm/overview

    Last update was Feb 9th 2019 for the R7000 + R8000, most of the others last updated Sep 26th 2018. Recent enough security and feature wise to what we have today.

    I do still think that the AT GUI is one of the biggest features holding this project back, just as some want MultiWAN removed. Everyone has their own preference, but at least you have an option here.
     
  42. Thomas Orr

    Thomas Orr Network Newbie Member

    What is the command to set the transmit power for 2.4ghz and 5gz, I would like to do some tests - since upgrading to 2019.1 my wifi strength of my furthest away device seems to have dropped quite a lot.
     
  43. Sean B.

    Sean B. Network Guru Member

    Code:
    wl -i ethX txpwr #
    Where X is 1 for 2.4ghz and 2 for 5ghz , # is the transmit power in mW.
     
  44. Thomas Orr

    Thomas Orr Network Newbie Member

    Thanks for the info, I've tried lowering the values to check it works but the signal strength stays the same. Do I need to put nvram commit? Also the power seems to be in dBm for me which is fine but just wondering if that's the same for others and the max txpwr_target_max seems to be 12dBm (I'm using R7000 router)
     
  45. jerry0000

    jerry0000 Connected Client Member

    I believe if you are change settings from command line, you have to commit.
     
  46. Thomas Orr

    Thomas Orr Network Newbie Member

    hmmm, tried committing but still doesn't change the signal strength (even lowering it). Do any services need to be restarted?

    Either way the max value for txpwr_target_max seems to be 12dBm (16mW) for 5GHz which seems quite low?
     
  47. Sean B.

    Sean B. Network Guru Member

    You do not have to commit, as the wl command is not an nvram variable. Wl commands are live, however if you want the setting to persist through reboots then you must find the related nvram variable and change it to match. The txpwr command takes settings in mW, but it will report in both dBm and mW:

    Code:
    root@Storage:/tmp/home/root# wl -i eth2 txpwr
    21.0 dBm = 126 mw.
    root@Storage:/tmp/home/root#
    When you change the txpwr setting, check what the driver actually does via:

    Code:
    wl -i ethX txpwr_target_max
    and make sure the value changes. How much are you changing the txpwr value by for your tests? And what are you using to determine signal strength?
     
    rs232 likes this.
  48. Sean B.

    Sean B. Network Guru Member

    Here is a quick demonstration I did from my laptop:

    [​IMG]

    Don't pay attention to the values used as my router is not in stock form, just note the fact that the commands do change the transmit power. The allowed transmit power is surprisingly low, so if you're in doubt your level is correct I suggest looking up the reg specs for the band/channel/region you're using/in. Also keep in mind that the relationship between transmit power in mW and received signal in dBm is not linear, so the amount of mW increase/decrease you make may not result in the received dBm change you think you should see.
     
    Last edited: Mar 2, 2019
    rs232, Techie007 and Thomas Orr like this.
  49. joew333

    joew333 LI Guru Member

    When you update txpwr from the GUI it does a process level restart. Setting nvram won't. So yes, I think you need to reboot the router.
     
  50. Sean B.

    Sean B. Network Guru Member

    Again, no, you do not need to reboot the router or commit nvram when using the wl commands.
     
  51. Thomas Orr

    Thomas Orr Network Newbie Member

    My router was bought in the UK but i have US set as the region, there may be a low level lock on the max output power due to where i bought it?

    However that doesn't explain why the power doesn't seem to change at all, below are the commands run and you can see in the wifi analyser nothing changes (I'm away of the log scale of dB). I also confirmed on my phones app and the strength display in the router devices menu.

    [​IMG]

    [​IMG]
     
  52. Thomas Orr

    Thomas Orr Network Newbie Member

    It's worth noting I did a dirty upgrade from 2018.5 to 2019.1 (didn't want to manually input all my static ip/macs again!) so didn't clear nvram. Router seems to be working fine (I have nginx reverse proxy, vpn server and all working normal) but maybe that's why the txpower commands aren't working?
     
  53. Sean B.

    Sean B. Network Guru Member

    The txpwr_target_max value is changing, so it is working as that value is the active power ceiling for the driver. Perhaps the interface designations are different for your router. Have you checked 2.4ghz? Run these:

    Code:
    wl -i eth1 chanspecs
    wl -i eth2 chanspecs
    And post output.
     
    Last edited: Mar 3, 2019
    Thomas Orr and Techie007 like this.
  54. Thomas Orr

    Thomas Orr Network Newbie Member

    Thanks for your help! I haven't tested with 2.4 since i mostly use 5 and that's what I'm looking to improve. The output of those commands is below:

    root@router:/tmp/home/root# wl -i eth1 chanspecs
    1 (0x1001)
    2 (0x1002)
    3 (0x1003)
    4 (0x1004)
    5 (0x1005)
    6 (0x1006)
    7 (0x1007)
    8 (0x1008)
    9 (0x1009)
    10 (0x100a)
    11 (0x100b)
    5u (0x1903)
    6u (0x1904)
    7u (0x1905)
    8u (0x1906)
    9u (0x1907)
    10u (0x1908)
    11u (0x1909)
    1l (0x1803)
    2l (0x1804)
    3l (0x1805)
    4l (0x1806)
    5l (0x1807)
    6l (0x1808)
    7l (0x1809)
    root@router:/tmp/home/root# wl -i eth2 chanspecs
    36 (0xd024)
    40 (0xd028)
    44 (0xd02c)
    48 (0xd030)
    149 (0xd095)
    153 (0xd099)
    157 (0xd09d)
    161 (0xd0a1)
    165 (0xd0a5)
    40u (0xd926)
    48u (0xd92e)
    153u (0xd997)
    161u (0xd99f)
    36l (0xd826)
    44l (0xd82e)
    149l (0xd897)
    157l (0xd89f)
    36/80 (0xe02a)
    149/80 (0xe09b)
    40/80 (0xe12a)
    153/80 (0xe19b)
    44/80 (0xe22a)
    157/80 (0xe29b)
    48/80 (0xe32a)
    161/80 (0xe39b)
     
  55. snowman58

    snowman58 Network Newbie Member

    @M_ars @pedro311
    This is the correct LED for the R8000, WAN is either 8 or 9 DD-WRT uses 9 Netgear files has both. Currently USB2 and USB3 are swapped. WAN LED currently not turning on, and just adding it to the misc.c file does not correct the problem.
    static int r8000[] = { 13, 255, 9, 255, 14, 15, 255, 17, 18, 12, 16 };
     
  56. Sean B.

    Sean B. Network Guru Member

    The interfaces are correct, eth1 = 2.4ghz and eth2 = 5ghz, and the channels look correct for US region. How far away from the router are you when testing? It looks as if you're rather close, given the roughly -45dBm RSSI on your graph. I'd suggest moving farther away to where your RSSI is in the -65/-70 range and try changing the power level there, as it will show more change in signal for a given power adjustment. Also try using a different device to measure RSSI, such as a cellphone with the Wifi Analyzer app.
     
  57. M_ars

    M_ars Network Guru Member

    Hi
    wrote you a PM
    BR
    M_ars
     
    snowman58 likes this.
  58. feedzapper

    feedzapper Serious Server Member

    Just a hint for the next release to also update OpenSSL to the latest version, if you update
    OpenVPN to 2.4.7. (Netgear R7000 2019.1-AIO64k)
    I got an issue with OpenVPN 2.4.7 using TLS1.3 ->
    Syslog :
    Code:
    Not compiled with OpenSSL 1.1.1 or higher. Ignoring TLS 1.3 only tls-ciphersuites 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256' setting.
    also the tls-version-min 1.3 command does not work.
    I think also because using the wrong OpenSSL version ...?!
     
    Last edited: Mar 3, 2019
    Bunsen likes this.
  59. null3200

    null3200 New Member Member

    Can I suggest changing the NAT loopback from "All" to "Forwarded Only"? For users who may fall into a novice area with their router directly behind a modem, this poses a pretty big security risk. Of course it's not a huge deal if they fall into a double nat scenario with a ISP modem/router combo device.
     
    djmetropolis and Bunsen like this.
  60. AndreDVJ

    AndreDVJ LI Guru Member

    WAN LED on R8000 is a known issue unless someone knows how to fix it, which I don't have the slightest idea. I wasted days trying to fix it.

    These USB LED's I can only look into them next month, but if I recall correctly, gpio assignment for USB 2.0 LED should be 18 (and 17 for 3.0) unless Netgear really stuffed up in their documentation and they were supposed to be identical to R7000.

    We don't have OpenSSL 1.1.1 series yet.
     
  61. Boktai1000

    Boktai1000 Network Guru Member

    This might sound like a stupid question, but with all of this LED talk it's gotten me curious about my R7000 and the state of it's LEDs.

    What exactly can I do and how can I interface with the LEDs on my R7000 - I should be able to disable and turn them off if I wanted to, correct? How can I validate if the LEDs are working on my firmware exactly? I've seen mention of the blink command or something in the past.

    Anyways, just curious what's doable for an R7000. Thanks!
     
  62. Bunsen

    Bunsen Reformed Router Member

    you mean like this: https://www.reddit.com/r/TomatoFTW/comments/5ab3cj/netgear_r7000_advanced_tomato_turning_off_led/
    ?

    it's not a full tutorial, but if start with this reference - and play - i bet you can figure out the rest.
     
    Boktai1000 likes this.
  63. halabibk

    halabibk New Member Member

    Can you lease support the router Dlink Dir-890L Rev. A

    Thanks for your support.
     
  64. halabibk

    halabibk New Member Member

    Can you lease support the router Dlink Dir-890L Rev. A

    Thanks for your support.
     
  65. Wizardknight

    Wizardknight Serious Server Member

    I tried it both enable and disabled without any change.
    I started a new thread as requested here, and added a little more troubleshooting discovery info:
    https://www.linksysinfo.org/index.p...obile-stops-working-on-freshtomato-arm.74486/
     
    user17600 likes this.
  66. snowman58

    snowman58 Network Newbie Member

    I may be wrong but I think this explains the WAN LED problem.

    https://patchwork.kernel.org/patch/9543303/

    Now to find a work around.
     
    Boktai1000 likes this.
  67. Magister

    Magister LI Guru Member

    LED behaviour have changed in 2019.1 on my R7000, I was using "led aoss on" or "led aoss off" in a script to display some status, it was toggling second LED from the right if I recall correctly, but now it does not. Also one LED on the left is now amber/white instead of "off/white" while blinking.
     
    Last edited: Mar 5, 2019
    Tony Ramirez and smuis1 like this.
  68. Tony Ramirez

    Tony Ramirez Serious Server Member

    My internet LED on my R7000 blinks red. Is that normal. I tried to do a search but it said that the words were too common.
     
  69. Tony Ramirez

    Tony Ramirez Serious Server Member

    Thanks it is not me. I meant Amber red.
     
  70. M_ars

    M_ars Network Guru Member

    For WAN-LED: with 2019.1 it should be WHITE for ethernet-connetion only (no wan-connection) and additional AMBER with WAN up
    --> so its white/amber right now
    --> everything is ok

    BR
    M_ars
     
    Last edited: Mar 5, 2019
    RogueScholar and Tony Ramirez like this.
  71. M_ars

    M_ars Network Guru Member

    sorry for the inconvenience with the AOSS Led (Button with LED for the R7000). I thought it looks better the other way around. LED_AOSS is used for the wlan/wps button and wlan summary, so two functions right now. I will add one more LED so it can be split up.

    BR
     
    Last edited: Mar 5, 2019
    Magister likes this.
  72. usergay

    usergay Reformed Router Member

    The LEDs bothered me so I covered them up with a strip of black electrical tape.
     
    kille72 likes this.
  73. abir1909

    abir1909 Network Newbie Member

    My VPN Client keeps getting disconnected every few hours. I checked the log I saw that line:
    "TLS: tls_process: killed expiring key" what does it means?
     
  74. rs232

    rs232 Network Guru Member

  75. oby-1k

    oby-1k Connected Client Member

    Has anyone noticed/reported an issue with the latest build 2019.1 (Feb).

    Whenever I try to click on any element in the QoS -> View details, let's say to sort the table or resolve an IP, the page takes me back to the View Graphs page.

    Unable to do any type of sort of any kind.

    Thanks in advance guys!!
     
    djmetropolis likes this.
  76. oby-1k

    oby-1k Connected Client Member

    Ok, I'm not a developer but like to play a little bit.

    I reckon the problem is with qos-detailed.asp:

    HTML:
    <div class="section-title" id="stitleoff" style="display:none">View Details</div>
    <div class="section-title" id="stitle" onclick='document.location="qos-graphs.asp"' style="cursor:pointer">View Details: <span id="numtotalconn"></span>
    
    I reckon the document location has been wrongly set to qos-graphs.asp

    Happy to be corrected
     
    Boktai1000 likes this.
  77. PetervdM

    PetervdM Network Guru Member

  78. pedro311

    pedro311 Networkin' Nut Member

  79. Sagsag

    Sagsag New Member Member

    I restored a config file from an Asus RT-AC56U on a Linksys EA6700. It seems to be working fine. To my surprise "Model Asus RT-AC56U" is showed in Linksys GUI. Should model field be ported in the cfg file?
     
  80. null3200

    null3200 New Member Member

    edit: nevermind
     
    Last edited: Mar 7, 2019
  81. dima_av

    dima_av New Member Member

    Hello.
    Faced problems on firmware 2019.1
    WS880 router
    Firmware updated from 2018.5 to 2019.1 with full cleaning of NVRAM
    The router does not detect one of the external USB3 1Tb drives (using an external powered USB HUB) until you reset the power.
    Completely disconnected USB HUB. When you try to reboot the router from the command line, it turns into a brick until you reload on power. There are no errors in the logs.
    I had to roll back to version 2018.5 and there are no such problems.
     
  82. oby-1k

    oby-1k Connected Client Member

    Have you connected the drive directly to the router instead of using the USB HUB?
     
  83. dima_av

    dima_av New Member Member

    The router, even without disks, was not overloaded from the command line. only to reset the power. NVRAM was completely clean.
     
  84. oby-1k

    oby-1k Connected Client Member

    Sorry, I'm not following you. Are you talking about CPU load and Power load in the same sentence?
     
  85. oby-1k

    oby-1k Connected Client Member

    I've got a 3.5" USB enclosure connected to the USB3 port with no external power running without any issues.

    Here are my settings:
    https://pasteboard.co/I4iE1tF.png

    Edit: Router is EA6900
    [​IMG]
     
  86. dima_av

    dima_av New Member Member

    Sorry for bad English.:oops:
    I could not reboot the router from the ssh command line, the router becomes a brick. Reboot only off and on power.
     
  87. ddimitrov

    ddimitrov Network Newbie Member

    So, is this change in 2019.1 causing my Linksys EA6700 to switch logo light off?

    EA6700's logo light has no "amber" light and it goes off completely. May it be reverted back to pre-2019.1 behavior (where it was on)?

    For the time being, I implemented a workaround by adding a WAN-Up script to turn it on:

    gpio enable 8

    I am not sure if this is the right way and if it is enough.
     
  88. Tony Ramirez

    Tony Ramirez Serious Server Member

    Anyway to turn of F on the temps.
    Example right now it shows:
    CPU Temperature 45°C / 113°F
    Wireless Temperature eth1: 2.4G - 37°C / 99°F eth2: 5G - 43°C / 109°

    I want it to show:
    CPU Temperature 45°C
    Wireless Temperature eth1: 2.4G - 37°C eth2: 5G - 43°C
     
  89. kille72

    kille72 LI Guru Member

    Clone the source code, modify according to your needs, compile new binary file...or modify GUI files and change Directory with modified GUI files to /opt in admin-access.
     
  90. BLEH-ASUS

    BLEH-ASUS Network Newbie Member

    I have the Asus AC3200. How do I know if I should be using the AIO 64K or 128K?
     
    djmetropolis likes this.
  91. rs232

    rs232 Network Guru Member

    Just a feedback on MultiWan Rouging policy.

    Regardless of what it's set on the load balancing weight under network/basic (load share or failover) it seems that currently if a routing policy is set to prefer e.g. WAN1 this will prevent the defined traffic from using WAN2 in case of failover scenario.

    Me be it's me but you would expect the MultiWan Routing policy to set a 1/0 load weight on the links where instead it seems it does always prefer the specified link even if this is down.

    Perhaps something that needs a re-think at code level.
     
    djmetropolis likes this.
  92. M_ars

    M_ars Network Guru Member

    Hi
    this is only for R7000 WAN LED

    Does gpio enable 8 turn on the logo light? because right now we only have gpio 6 in place for "wan led" status.
    This would be the second LED and could then be added if you confirm that :)

    There should be two LEDs we can use, so can you check gpio 6 and 8, thx.


    BR
    P.S. WAN LED status for EA6700 is already fixed for next FT release
    https://bitbucket.org/pedro311/freshtomato-arm/commits/c8e3bc2487c01fffe7ca5054011175a22db0553d
     
    Last edited: Mar 8, 2019
  93. Boktai1000

    Boktai1000 Network Guru Member

    When I worked for a local ISP that did dual ISPs for redundancy with Cisco gear, the way they had it configured was to essentially have a rule on each interface to ping some crucial Internet backbone services such as 4.2.2.2 and switch to the other link if a certain threshold of pings are dropped. Lots of problems with this such as what site you measure against probably doesn't have an SLA for your use case, may not allow you to hardcore it into a firmware, and the fact that if they go offline it doesn't necessarily indicate an internet outage.

    It worked well enough to determine if one link couldn't talk out and caught most use-cases well enough for business grade internet though. Of course the code would probably look disgusting and it's a bit of a hack, but I guess I'd just throw that out there into the bucket of ideas. Maybe you could even set a configurable IP or Hostname to check against so that way it's up to the end user to determine what a WAN cutover should look like. ¯\_(ツ)_/¯
     
  94. Tony Ramirez

    Tony Ramirez Serious Server Member

    Okay then how are my temps? 45C seems high.
     
  95. Tony Ramirez

    Tony Ramirez Serious Server Member

    Does Amber usually mean 10/100 and White or Blue means 1000M Full?
     
  96. ddimitrov

    ddimitrov Network Newbie Member

    Linksys EA6700, FreshTomato 2019.1

    I can confirm that "gpio enable 8" turns the logo LED on, and "gpio disable 8" turns the logo LED off.
    "gpio enable 6" does nothing.

    EA6700 does not have other LEDs. Its only LED is the logo LED.

    Here is the list of my NVRAM variables that contain "gpio":

    nvram show | grep gpio

    reset_gpio=11
    gpio7=wps_button
    gpio8=wps_led
    gpio9=usbport1
    gpio10=usbport2

    Looking at the variables above, I suspect that gpio 6 is not mapped to anything.

    Update: The logo LED is white. It does not have second color.
     
    Last edited: Mar 9, 2019
  97. rs232

    rs232 Network Guru Member

    I admit I haven't fully tested DualWAN yes (work in progress) but all this you mention seems to be already included in the standard build and available under network/basic and actually working well, including the Internet test. My point specifically referred to the Policy routing implication in DualWAN as a defined policy seems to be an "exclusion" from the non preferred links more than a higher preference for the link to be used if that makes sense.

    To replicate this behaviour try this:
    - Set WAN1 with weight 1
    - Set WAN2 with weight 0
    - Set MultiWAN Policy routing directing e.g. "speedtest.net" towards WAN2
    - try to visit the site. It will fail

    So in a nutshell if the preferred link for a specific type of traffic defined by the policy is down OR has a load weight of 0 (so used for fail-over only) you would expect the other link to be used but it doesn't work like that currently. I guess what the user would want here is an option to select the output WANx exclusively (current behaviour) or prefer-redly (missing behaviour) if the word exists, if not it should :rolleyes:

    I do see a value in correcting this.


    P.S. (off topic) I'm really surprised an ISP uses interface tracking for core connectivity, that is a method used by ISP clients only. For intra-ISP communication BGP is the tool for the job and requires peering. But anyways...
     
  98. Sean B.

    Sean B. Network Guru Member

    Someone actually uses the multiwan "feature"? I honestly thought it was just a way to keep us all sharp on tracking down bugs ;).
     
  99. M_ars

    M_ars Network Guru Member

    I think it is independent of the speed 10/100/1000 because there are only two leds (for WAN)
     
  100. Darkbing

    Darkbing Connected Client Member

    I do use the multiwan feature since I have one fiber connection and a cable connection and to utilize both efficiently I had to separate ports such as 80, 8080, 443 on certain ip ranges and redirect them to either the two of those connections :) It is indeed a helpful tool. Btw, we have around 19 computer-units for our business so properly distributing connections is a must.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice