[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. Boktai1000

    Boktai1000 Network Guru Member

    Gotcha, I'm actually not using MW but thought I'd throw my $0.02 into the mix (also it was for business clients, not core)
  2. Sean B.

    Sean B. Network Guru Member

    While it's certainly good to hear a report of it working. I can't help but point out that using SOHO grade equipment rather than enterprise for your use case is a choice that's a bit, unorthodox. Especially when you consider that to utilize the speeds of a business fiber connection, let alone in combination with a cable run, would require the use of CTF ( even with CTF enabled, I would highly doubt your bandwidth can be used to its potential ) which will circumvent or outright break the majority of your network administrating functionality. Trying to trace a user issue through packet flow while CTF is enabled is the stuff nightmares are made of.
    Last edited: Mar 9, 2019
    Darkbing likes this.
  3. joew333

    joew333 LI Guru Member

    Hi all, I am interested in the ETA on the next Fresh Tomato release and maybe if @kille72 and team agree, they could take in some ideas from the Tomato community on what things we'd like to see in the next release... What do you think?
    Mr9v9 likes this.
  4. jerry0000

    jerry0000 Connected Client Member

    I am using 2018.5. I cannot SSH into the router via LAN IP if I am on 5G wifi. Works just fine on 2.4G wifi. And it looks like file sharing has the same issue.

    Internet works for both on 5G and 2.4G, and I can ping the router LAN IP using both 5G and 2.4G wifi. Any idea?
    Last edited: Mar 10, 2019
  5. Sean B.

    Sean B. Network Guru Member

    Start a thread for your specific issue, and post screen shots of the Basic->Network/Advanced->VLAN/Administration->Admin access pages from your router please.
    snowman58, pedro311 and kille72 like this.
  6. brassman

    brassman Networkin' Nut Member

    I want to see some mac address blocking, both wireless and wired

    Edit: while you're at it. let's see some IP blocking, external and internal
  7. Mr9v9

    Mr9v9 Serious Server Member

    Huh? I thought this already exists. Please elaborate?
    +1 You got my vote. You should just make a poll and have everybody vote on that post? It might get messy with everyone wanting something the other half don't though. Both the FreshTomato devs will just tell us all to go compile our own fork if we aren't happy with anything coming next.
    Wizardknight likes this.
  8. Mercjoe

    Mercjoe Network Guru Member

    I disagree with the sentiment of "What the community wants".

    It sounds great when you say it but it is a bad idea. Soon everyone wants some new bell and whistle that frankly does NOT belong on a router. People clambered about how awesome MultiWan would be to have in the firmware and they strove to include it. Now we have this mess of broken features (QOS being the major one) due to them listening and trying to be inclusive.

    Now if you are a coder and want to contribute then by all means DO SO. Write it and submit the changes/features/ personal want. If some dev thinks it is a good idea then they can add it to their firmware.

    The development of this firmware is in the hands of the devs. They are the ones putting the time and effort to code things (for FREE for the most part I might add). They should strive for stability and security first and foremost. Above all else a router has to work and be secure. If they add NOTHING more and meet those achievements then it will be time well spent. Anything else that is added has to be balanced against those basic tenants. As soon as everyone wants 'the next neat thing' and you start catering to it you will wind up with a bloated, unsecure, and unstable mess.
    Jonas I, rgnldo, Techie007 and 9 others like this.
  9. rs232

    rs232 Network Guru Member

    Apologies but what does this post mean?

    Internal use Access Restriction, external (not sure what the scope of this is) have a look at p2partisan on this forum.
    user17600 likes this.
  10. Boktai1000

    Boktai1000 Network Guru Member

    My interpretation is that the user wants to blacklist by MAC Address and not allow any sort of communication / reply / response from the Router for certain MACs, taking it one step further from an IP Block/etc. if they wanted to really ensure a device cannot connect to their network. Maybe even granularity to decide which devices are blocked from certain networks but not others (2.4GHz but not 5GHz, Wired but not 5GHz, etc).

    Guess I'll leave them to respond though to clarify.
  11. rs232

    rs232 Network Guru Member

    I see... for "simple" IP/MAC filtering it seems like it's all already in Access Restriction. For advanced IP filtering P2Partisan adds something that otherwise needs to be manually scripted.

    About the granularity level it's something I posted on very long time ago (pre 2010), I can't even find the thread any more. I was asking about how to achieve Cisco's IOS "port-security" in tomato to beef up control on physical Ethernet and e.g. allows only certain MACs (so whitelist not blacklist) into the network. My point at the time was: OK about WiFi security/encryption but if a physical connection is possible you just enter the LAN with an Ethernet cable. I do not recall having received any technical answer just a comment (very fair if you ask me) on why would you want this on a SOHO. I personally rent out rooms in my property and that's why I was asking initially but I admit the greatest majority of the people wouldn't need this. I ended up putting all the unused ethernet ports into a dummy VLAN. Nowadays a function to either whitelist MAC or even better dynamically map a MAC into a VLAN regardless of the physical connectivity (similar to IP mobility) would be an interesting feature to have.

    That above is my dream but bottom line at this stage of the FreshTomato development I would rather prefer the energy to be put into resolving the known bugs rather than go and develop new features.
  12. The Master

    The Master Network Guru Member

    Mine @1200Mhz Stock is 1000Mhz.

    CPU Temperature 55°C / 131°F

    So the Temp is very very LOW. The Chip could get up to 85-90°C with no Problem.


    I use MultiWan and i love AND hate it. Cable 150 Mbit / LTE 30 Mbit

    Steam and some other DL Tools Use both Wan Connections
    If ONE Connection is Down the Internet is still up and Running.


    If Wan 1 (Cable) Fails it swaps to Wan 2 (LTE) but not back :(
    Sometimes if one connection Fail it does not switch to the other.
    rs232 and zephyrprime like this.
  13. rs232

    rs232 Network Guru Member

    Feedback on Stubby:

    It has been almost two months now that I'm running Stubby on few of my routers. Overall it's great and even feel faster than traditional DNS operations. There's one think I must mention though related to the implementation in FreshTomato:

    It appears like every time you save some sort of settings that trigger a firewall restart this also restarts the Stubby process and.... it's painful! In general if I just need to change something quickly I don't mind waiting the 30-40 secs needed for Stubby to restart (until then no Internet and especially no tomato webinterface for some reason), but it can be a crucifying process to go and "attempt" to make something working where you save config every few minutes. A 30 min job becomes a full morning job.

    I'm not quite sure what to suggest though... can a control be implemented on Studdy to enable/disable it from restarting with the firewall? Or perhaps there's something better/smarter? Any idea?
  14. rs232

    rs232 Network Guru Member

    I tend to agree with you on the love/hate view of MultiWAN, for me thought it's just a nice mission to make it working as it should ;-) and I'm already very happy to have "something" even if not perfect.

    You are not saying how your load balancing weight looks like, I suppose it's something different from 1:1 right? Move back to the primary is technically known as "pre-empt" and in well know router this can be manually enabled/disabled as needed, not sure about Tomato though good point.
  15. rs232

    rs232 Network Guru Member

    Multiwan implementation in Freshtomato:

    here another feedback. Consider the scenario where one or more WANs are actually wifi connection either directly via wireless client or "crossing" wifi links to get into Internet. A common example of this second scenario is a 3rd party CPE for remote connection. The current connection check implementation has "lots of assumptions" and is not flexible enough to cover different scenarios other than a dual ISP connection.

    So in a nutshell I think it the DualWAN connection check should be modifyed to include:

    - check frequency to be specified in seconds, input field (as opposite to drop down menu with predefined number of minutes)
    - target IP/FQDN to be WAN specific e.g. I would like to ping the device where the CPE connects, not google, but this device is visible only via WAN2 so currently not possible
    - Allow users to define "acceptance criteria" especially for ping e.g. switch if less than 3/5 ping work, don't restore until 5/5 is achieved for X consecutive tests, etc

    I know it sounds complicated but I think we are already doing most of this, it's just hardcoded. Let's bring this forward to the GUI and allow users to achieve what they need to do.

    Wizardknight likes this.
  16. PeteLim9

    PeteLim9 New Member Member

    Thank you for your great job!
    Presently, I can install firmware on my Tenda AC15.

    Note for Bitdefender user:
    If you cannot access CFE even though you can ping router's IP, you might need to go to "Safe mode with Networking" to access "CFE Miniweb Server". I guess Bitdefender might block accessing it.
    It's similar to Kaspersky blocking to get router web-page as been reported in some forum.

    In case safe mode doesn't help, you might need to uninstall Bitdefender.
  17. dima_av

    dima_av New Member Member

    I can not execute the "reboot" command from the command line and from the web interface.
    reboot is possible only power off - on
    Completely cleared NVRAM and it did not help.
    There are no errors in the logs.
    On previous versions, everything worked fine.
    Tell me where to look for the problem?

    Huawei WS880: FreshTomato 2019.1 K26ARM USB AIO-64K
  18. rs232

    rs232 Network Guru Member

    what version are you running on and what router?

    try /sbin/reboot but it should work really... if not out of curiosity post the output of: find / -name reboot

    About the webinterface try to reload the tomato page via CTRL+F5 first
  19. dima_av

    dima_av New Member Member

    Router - Huawei WS880: FreshTomato 2019.1 K26ARM USB AIO-64K
    Tomato page overloaded many times

    i run "reboot"
    router response - rebooting .....
    The router freezes. Network is not responding.

    part of the log:
    Mar 13 19:31:59 WS880 daemon.notice Tor[1318]: Catching signal TERM, exiting cleanly.
    Mar 13 19:31:59 WS880 user.notice root: Terminating transmission-daemon...
    Mar 13 19:31:59 WS880 daemon.err nmbd[1083]: started asyncdns process 3540
    Mar 13 19:31:59 WS880 user.notice root: Transmission daemon successfully stopped
    Mar 13 19:32:04 WS880 daemon.err nmbd[1083]: read from child failed: NT code 0xc0000011
    Mar 13 19:32:04 WS880 daemon.err nmbd[1083]: Got SIGTERM: going down...
    Mar 13 19:32:04 WS880 kern.warn kernel: gro disabled
    Mar 13 19:32:05 WS880 user.debug preinit[1]: rstats stopped.
    Mar 13 19:32:05 WS880 user.debug preinit[1]: cstats stopped.
    Mar 13 19:32:05 WS880 user.info preinit[1]: NGinX - killing daemon
    Mar 13 19:32:05 WS880 user.notice root: MySQL successfully stopped
    Mar 13 19:32:05 WS880 daemon.info dnsmasq[2807]: exiting on receipt of SIGTERM
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: started, version 2.80-28cfe36 cachesize 4096
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper no-auth DNSSEC no-ID loop-detect inotify no-dumpfile
    Mar 13 19:32:06 WS880 daemon.warn dnsmasq[3657]: warning: interface tun21 does not currently exist
    Mar 13 19:32:06 WS880 daemon.warn dnsmasq[3657]: warning: ignoring resolv-file flag because no-resolv is set
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: asynchronous logging enabled, queue limit is 5 messages
    Mar 13 19:32:06 WS880 daemon.info dnsmasq-dhcp[3657]: DHCP, IP range --, lease time 1d
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: using nameserver for domain onion
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: using nameserver
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: read /etc/hosts - 14 addresses
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: read /etc/dnsmasq/hosts - 23 addresses
    Mar 13 19:32:06 WS880 daemon.info dnsmasq[3657]: read /etc/dnsmasq/dhcp-hosts - 0 addresses
    Mar 13 19:32:06 WS880 daemon.info dnsmasq-dhcp[3657]: read /etc/dnsmasq/hosts
    Mar 13 19:32:06 WS880 daemon.info dnsmasq-dhcp[3657]: read /etc/dnsmasq/dhcp-hosts
    Mar 13 19:32:06 WS880 user.info preinit[1]: Starting stubby 0.2.5 , DNS-o-TLS Proxy
    Mar 13 19:32:07 WS880 user.info adblock[3704]: stopped
    Mar 13 19:32:07 WS880 user.info adblock[3704]: remove cron job
    Mar 13 19:32:14 WS880 kern.info kernel: br0: port 3(eth2) entering forwarding state
    Mar 13 19:32:14 WS880 kern.info kernel: br0: port 2(eth1) entering forwarding state
    Mar 13 19:32:14 WS880 kern.info kernel: br0: port 1(vlan1) entering forwarding state
    Mar 13 19:32:14 WS880 kern.info kernel: device eth0 left promiscuous mode
    Mar 13 19:32:14 WS880 kern.info kernel: device vlan1 left promiscuous mode
    Mar 13 19:32:14 WS880 kern.info kernel: br0: port 1(vlan1) entering disabled state
    Mar 13 19:32:14 WS880 kern.info kernel: device eth1 left promiscuous mode
    Mar 13 19:32:14 WS880 kern.info kernel: br0: port 2(eth1) entering disabled state
    Mar 13 19:32:14 WS880 kern.info kernel: device eth2 left promiscuous mode
    Mar 13 19:32:14 WS880 kern.info kernel: br0: port 3(eth2) entering disabled state
    Mar 13 19:32:14 WS880 kern.notice kernel: klogd: exiting
    Mar 13 19:32:14 WS880 syslog.info syslogd exiting

    further hands only poweroff

    I found a solution only for Servers on Ubuntu. For a router, this method is not suitable ...
    Last edited: Mar 15, 2019
  20. dima_av

    dima_av New Member Member

    > ls -la /sbin/ | grep reboot
    lrwxrwxrwx 1 root root 2 Feb 24 22:53 reboot -> rc
  21. The Master

    The Master Network Guru Member

    WAN1 150Mbit Weight "20" and WAN2 30Mbit Weight "1"
    Hope this helps.
  22. abir1909

    abir1909 Network Newbie Member

    I have Open VPN configured on my Fresh Tomato Router. once in a while it gets disconnected. how do i enable Auto re-connect once it's disconnected? Thanks
  23. oby-1k

    oby-1k Connected Client Member

    Hi Guys, it's me again with issues with QoS on 2019.1

    This time on the graphs page.

    Whenever I click on any category on the graph to see the details of that category the details page comes up with nothing, nada. Just the header and no list at all.

    Looking at the code:

    There seems to be a problem in qos-detailed.asp in line 393:

    E('_f_shortcuts').checked = (((c = cookie.get('qos_detailed_shortcuts')) != null) && (c == '1'));
    Looks to me there is a problem with a non existing element _f_shortcut when the detailed page is called with the argument class=x e.g. https://router/qos-detailed.asp?class=7

    The whole page build is aborted at this point.

    Again, I'm not a developer, happy to be corrected by the Gurus!
    Boktai1000 likes this.
  24. oby-1k

    oby-1k Connected Client Member

    Ok, after further investigation, the culprit is this line is qos-detailed.asp:

        if (viewClass != -1)
            E('stitle').innerHTML = 'View Details: ' + abc[viewClass] + ' <span id="numtotalconn"><\/span>';
    It's overwriting the whole 'stitle' element.

    I guess you want a replace of 'View Details: ' with 'View Details: ' + abc[viewClass] ??
    Last edited: Mar 16, 2019
    Boktai1000 likes this.
  25. jerry0000

    jerry0000 Connected Client Member

    For ASUS RT-AC3200, there are 64K and 128K NVRAM version in 2019.1. All are AC3200 capable of flash the 128K version? And if yes, can I flash over the current 2018.5 (64K) version directly? If not, how can I tell if my router is capable?
    Last edited: Mar 16, 2019
  26. bd0426

    bd0426 Networkin' Nut Member

    Yes, they all support 128k. Install the latest Asus official, that will upgrade to 128k (if it has 64k). Then use restore util or tftp etc. to flash FT.
  27. jerry0000

    jerry0000 Connected Client Member

    Thanks. However I was having a bit of trouble flash FT at the begining and I downgraded to the factory 2018 May version. So I am not sure if upgrading to latest official will give me trouble again.
  28. herculeesjr

    herculeesjr New Member Member

    Could you, or anyone else, give details on how to do this? NVRAM is one of the few things I haven't really dug into other than erasing it.
    Thought I was going crazy not finding the transmit power, I use it to cut my power by 2/3 because assuming I was informed correctly it helps with wifi speed since I'm in an apartment with ~50 wifi routers in range. I make sure cell phones (the devices with the smallest antennas) can get wifi in my whole apartment and that's it for TX power.
  29. pedro311

    pedro311 Networkin' Nut Member

    It was explained here already, use search.
    Here or in FT MIPS thread.
    kille72 likes this.
  30. herculeesjr

    herculeesjr New Member Member

    I know I'm brand spankin new here, but it's pretty universal that it only takes a second longer to link to what you're talking about.
    I just spent 30 minutes searching and I find that I can use "wl -i ethX txpwr #" (X for interface, # for power) to temporarily change transmit power, but it doesn't survive reboots and I haven't found anything else in search to set it in nvram so it stays that way.
    Can someone point me to where I need to go to learn this?
    Boktai1000 likes this.
  31. pedro311

    pedro311 Networkin' Nut Member

    nvram set wlX_txpwr=ZZZ
    nvram commit
    Where X is your WL interface number.
    Techie007, herculeesjr and kille72 like this.
  32. lantis

    lantis Network Newbie Member

    Just got a Charter version Netgear R6300v2

    I followed the instruction to convert Charter R6300v2 to native Netgear R6300v2 from internet

    use telnetenable

    run command

    telnetenable ROUTERSMACADDRESS admin password

    then use putty to connect to telnet port 23

    type command

    burnboardid U12H240T00_NETGEAR

    then type command

    nvram set board_id=U12H240T00_NETGEAR

    then you should be able to update your charter netgear R6300v2CH from to the standard V1.0.4.2 and then install DD-WRT for R6300v2

    So I enabled the telnet (used NTE 0.5 utility for Windows though) and ran above 2 commands in bold successfully.
    Also successfully flash newest Netgear R6300v2 firmware V1.0.4.34_10.0.92
    and now it's a pure Netgear R6300v2 router!


    Then I download the freshtomato tomato-R6300v2-initial.chk and update the router and it seems was bricked, I can't access the web interface and can't get an IP, anyway to unbrick it? :(
  33. txnative

    txnative Addicted to LI Member

    Could you post a new thread on this subject as it could be off topic from Freshtomato-arm.
    kille72 likes this.
  34. lantis

    lantis Network Newbie Member

    OK, the router is up and running and not bricked.

    I enabled both 2.4G & 5G Wi-Fi, but all of my 2.4G WiFi adapters/devices could not see the Netgear router's 2.4G channel, yet they could see all my neighbour's 2.4G channels! I tried 2.4G channel at auto, 1, 6, 11 and none worked. I used WifiinfoView tools from Nirsoft and still can't see 2.4G channel.

    My old Amazon Fire HDX 7 (thor) could see and connect at 5G channel though. Don't have any 802.11ac adapters.

    I used different SSIDs for 2.4G & 5G. I set Group Key Renewal at 600 seconds. Never set these values before, don't know if it matters.

    The fresh tomato firmware is 2019.1

    I was able to connect to 2.4G channel before flashing fresh tomato firmware.
    Last edited: Mar 18, 2019
  35. txnative

    txnative Addicted to LI Member

    Visually you can see if led are functioning? The GUI should indicate that 2.4Ghz is up and running have you noticed that? Which firmware did you install VPN, AIO? You could verify if 2.4 is running by going to "Tools" "Wireless Survey" click refresh, note your devices will temporarily be kicked off when doing this feature, you could also click the "System Commands" type the command, "wl0 -i eth1 status" and you should see a response. If all those seem to be functioning correctly, and you devices are still unable to connect you could either clear the nvram once again and set up once again. Another suggestion would be to use the alternate build if you have VPN, install the AIO be sure to clear nvram before and after. clear your browser cache only also. Your particular issue is new to me, freshtomato-arm 2.4 has always functioned for any device as I have a r6300v2CH as well, hopefully it's not a hardware failure.
    lantis likes this.
  36. lantis

    lantis Network Newbie Member

    Firmware is AIO.

    Somehow the interface is down as shown in attached picture.

    The blue LED is on.

    Wireless Survey can't find anything. No "refresh" button available.

    System command window

    FreshTomato Web Shell ready.

    size: 58727 bytes (6809 left)
    Welcome to the Netgear R6300v2 [TomatoUSB]
    Uptime: 09:00:35 up 9:13
    Load average: 0.00, 0.03, 0.04
    Mem usage: 12.0 (used 30.08 of 249.63 MB)
    WAN : @ A0:63:91:40:71:4F
    LAN : @ DHCP: -
    WL0 : 2,4GHz @ xxxxx @ channel: GBauto @ A0:63:91:xx:xx:4D
    WL1 : 5GHz @ xxxxx-5G @ channel: GB153 @ A0:63:91:xx:xx:4C

    wl0 -i eth1 status command gave me
    /tmp/.wxKcc69a: line 6: wl0: not found

    I'll try re-flash and clear nvram again and see what happens.

    Attached Files:

    Last edited: Mar 18, 2019
  37. ddimitrov

    ddimitrov Network Newbie Member

    There is something wrong. The attached picture shows "Channel 1 - 5.005GHz", which is the channel 1 in the 5GHz band but not the channel 1 in the 2.4GHz band (which must be 2.412GHz). I am not a specialist in this area, so I could not say anything more, just mentioned that.
    lantis likes this.
  38. lantis

    lantis Network Newbie Member

    Wow! Thanks for catching that.

    Really need to re-flash the firmware and clear nvram and see.



    I restore router default config and erased nvram
    but did not re-flash the firmware and both 2.4G & 5G channel works now!

    Thanks for all the helps from you guys. Cheers!

    By the way, Fresh Tomato looks fantastic, good jobs!
    Last edited: Mar 18, 2019
    Techie007, kille72 and txnative like this.
  39. txnative

    txnative Addicted to LI Member

    A few things to remember when flashing firmware as I'm sure you know a bit more as to remember to clear the nvram, undo a static ip when done with it. Nice to know you have the firmware installed.
  40. oTradeMark

    oTradeMark New Member Member

    I was able to get FreshTomato installed on my Tenda AC15. Thanks, this looks great.
    Last edited: Mar 20, 2019 at 2:56 AM
  41. florider

    florider New Member Member

    I'm currently running Freshtomato 2019.1 on my Asus RT-AC3200, but recently noticed some performance issues with this.
    I'm not able to get over ±480Mbit/s through the WAN interface. At around that speed, the load on the router hits 1.0

    My setup is currently that the RT-AC3200 connects to the ISP provided router directly. When testing off of the ISP router directly, I'm able to hit the full speed of ±1 Gbit/s.

    I don't have QoS enabled or IP traffic. The only VPNs enabled are tinc (for other local IPs - shouldn't affect performance) and OpenVPN for some specific domains (again, shouldn't affect these).

    Has anyone else been able to hit higher speeds with their RT-AC3200 running Freshtomato?


  42. ddimitrov

    ddimitrov Network Newbie Member

    It seems that CPU's performance is a limiting factor for the NAT performance of your router. Try to enable CTF in order to improve NAT performance:

    Advanced -> Miscellaneous -> CTF (Cut-Through Forwarding)

    CTF will skip some stages in the IP stack, thus improving NAT performance. However, you should know that CTF is not compatible with some features (e.g. Bandwidth Limiter, QoS, etc.). Try it with VPN on and VPN off, because I am not sure if CTF is compatible with VPN either.
    florider likes this.
  43. florider

    florider New Member Member

    Amazing!! This fixed it!
    My VPNs still work (tinc server and OpenVPN client), so it's all good! Thanks so much for the tip!
  44. oTradeMark

    oTradeMark New Member Member

    I have 2 routers, a Tenda AC15 and a TM-AC1900 (T-Mobile's Asus AC68U) that I want to bridge via ethernet with FreshTomato. The Tenda is running FreshTomato and I've converted the TM-AC1900 to an AC68U w/ AiMesh CFE & Asus firmware.

    I have a few questions about installing fresh tomato on the TM-AC1900 (Asus AC68U):
    1. Can I install Fresh Tomato on the TM-AC1900? Do I use the AC68U firmware? (freshtomato-RT-AC68U-ARM-2019.1-AIO-64K)
    2. Will I retain the AI Mesh capabilities? I don't need them right now but if I decide to get a second Asus router they would be nice.
    3. Which router should I use for handling all the DHCP requests? If the TM-AC1900 can't run FreshTomato and needs to stay on Asus or Merlin firmware, should it be the first or second router in the bridge?
  45. lantis

    lantis Network Newbie Member

    Found that my FreshTomato 2019.1 AIO (R6300v2) 's

    Status - Overview - Ethernet Ports State would not update
    if I unplug a cable from one port then re-plug the cable into another port, even though the web page was refreshing every 3 seconds. Clicking refreshing button or change to Auto refresh didn't help.

    I have to reload the web page (using Chrome) manually to get the new status. Anyone?

    Is this a bug or not?
    Last edited: Mar 20, 2019 at 2:09 PM
  46. Rasscal

    Rasscal New Member Member


    How can i access the web index page to add a couple of lines for better viewing on a ios device?

    found the files using WinSCP

    but i dont think my goal will be as easy (for me) as i thought
    Last edited: Mar 21, 2019 at 3:14 PM
  47. Daijoubu

    Daijoubu Addicted to LI Member

    I don't think the port status are live, so it's not a bug.

    Under theme, you can choose to have your own custom theme, just copy the files over and modify them.
    it may be easier with a browser/custom CSS however.
    kille72 likes this.
  48. Richard K

    Richard K Networkin' Nut Member

    Hi guys, noticed Shibby's Tomato got migrated to this project. First off, my thanks to the new maintainers for adopting its future ;-).

    I'm trying it for the first time on an Asus RT-AC3200. I noticed a few random reboot & factory-resets occurring partway through setup (the first was on a save after adding Virtual Wireless networks). After a few attempts I managed to get everything configured. Note I did the configuration from scratch.

    However I now noticed certain UI elements are no longer showing up on some of the pages. Here are a few examples:




    Before I reset everything YET AGAIN and start from scratch, I was hoping someone might have a theory on this or a more surgical method to troubleshoot.

    And yes, I did do all the setup by hand in the GUI. No cheating or restoring configs, here. I did also do a factory reset on the new router before I began.

    EDIT: The missing UI components appear to have been a Chrome issue. CTRL+F5 or loading in Firefox fixed that one.

    I also notice my firewall script doesn't seem to be doing what I want (it worked on the RT-AC66U I replaced):
    # Block router admin page access from guest VLAN1 and IoT VLAN2
    iptables -I INPUT 1 -p udp -m multiport --dports 53,67 -j ACCEPT  # accept DHCP and DNS queries
    iptables -I INPUT 2 -i !br0 -d -j DROP
    iptables -I INPUT 3 -i !br0 -d -j DROP
    iptables -I INPUT 4 -i !br0 -d -j DROP
    #Drop traffic from IP address that was trying to hack in
    #Note: Use iptables -nvL to list current rules
    iptables -I INPUT -s -j DROP
    It works if I expand out the lines to list each blocked VLAN individually (i.e. avoid using the "!" operator). Is that by design?

    Also, any reason the GUI is limiting me to 32 under the maximum wireless clients setting? (I saw there were some issues with number of clients last year, even with Asus stock firmware, but I thought those got resolved)

    Another one - my 5GHz signal is quite weak and slow (even sitting right near the router). The 2.4GHz one is fine. I managed to improve the 5GHz tremendously by switching the channel from 136 to 56 (even though there are no overlapping networks anywhere near either).

    Finally, an observation: The new interactive shell widget is nifty but a way to pipe system command output to a plain textbox would be nice. Want to copy/paste/search/scroll up & down/edit it.

    Grateful for any help anyone can lend on the 32-limit thing, and for everyone's continued support for this fantastic firmware.
    Last edited: Mar 22, 2019 at 6:57 AM
  49. PetervdM

    PetervdM Network Guru Member

    you might try:

    iptables -I INPUT x ! -i br0 -d -j DROP
    Last edited: Mar 22, 2019 at 8:10 AM
  50. rgnldo

    rgnldo Networkin' Nut Member

    Pleased with Unbound + FreshTomato :)

        # port to answer queries from
        port: 40
        verbosity: 1
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        # don't be picky about interfaces but consider your firewall
        interface: ::0
        access-control: refuse
        access-control: allow
        access-control: allow
        access-control: ::0/0 refuse
        access-control: ::1 allow
        # private networks:
        # no threads and no memory slabs for threads
        num-threads: 1
        msg-cache-slabs: 4
        rrset-cache-slabs: 4
        infra-cache-slabs: 4
        key-cache-slabs: 4
        num-queries-per-thread: 500
        # tiny memory cache
        key-cache-size: 16m
        msg-cache-size: 32m
        rrset-cache-size: 16m
        cache-max-ttl: 120
        cache-min-ttl: 0
        edns-buffer-size: 1472
        so-rcvbuf: 1m
        # prefetch
        prefetch: yes
        prefetch-key: yes
        minimal-responses: yes
        # gentle on recursion
        hide-identity: yes
        hide-version: yes
        do-not-query-localhost: no
        qname-minimisation: yes
        use-caps-for-id: no
        rrset-roundrobin: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        harden-algo-downgrade: yes
        # Self jail Unbound with user "unbound" to /var/lib/unbound
        username: "nobody"
        directory: "/opt/var/lib/unbound"
        chroot: "/opt/var/lib/unbound"
        root-hints: "/opt/var/lib/unbound/root.hints"
        # DNSSEC and DNS-over-TLS
        module-config: "validator iterator"
        auto-trust-anchor-file: "/opt/var/lib/unbound/root.key"
        domain-insecure: "pool.ntp.org"
        domain-insecure: "south-america.pool.ntp.org"
        domain-insecure: "vaka.me"
        domain-insecure: "linksysinfo.org"
        domain-insecure: "snbforums.com"
        domain-insecure: "ntp1.rnp.br"
        domain-insecure: "3.br.pool.ntp.org"
        domain-insecure: "a.st1.ntp.br"
        # The pid file
        pidfile: "/opt/var/run/unbound.pid"
        local-zone: "example.net" transparent
        local-zone: "0.10.in-addr.arpa." transparent
        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost."
        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A"
        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost."
        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
        local-data: " 10800 IN PTR localhost."
        local-zone: "10.0.30.in-addr.arpa." nodefault
        # Adblock blacklist
        include: /opt/etc/unbound/adservers
        control-enable: yes
        control-port: 953
        server-key-file: "/opt/var/lib/unbound/unbound_server.key"
        server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
        control-key-file: "/opt/var/lib/unbound/unbound_control.key"
        control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"
        name: "rgnldo.lan"
        name: "30.0.10.in-addr.arp"
  51. woody99

    woody99 Serious Server Member

    Tools > System Commands
    No hardware keyboard (term window missing?)

    EDIT: Fixed. Thx Pedro.
    Problem related to my odd browser/plugin config/combo (palemoon and such)
    Last edited: Mar 23, 2019 at 3:25 PM
  52. pedro311

    pedro311 Networkin' Nut Member

    Everything's working fine, clear the browser cache and/or use Ctrl+F5.
  53. Varso1

    Varso1 New Member Member

    I am planning on buying a used DIR-868L or a R7000. I see that the built for the 868L is labelled as "Special" and the file is small. I could get a much better price on the 868L than a R7000 but I must ensure that this build includes the following features. 1 OpenVPN client and IP traffic monitoring. On page 16 Abunene asked about the VPN (lack of) but did see a definite answer as if it was there or not.

    If not, I will need to throw more money and get a R7000.
    Last edited: Mar 23, 2019 at 8:54 PM
  54. ddimitrov

    ddimitrov Network Newbie Member

    AFAIK, DIR-868L has only 32KB NVRAM, which is limiting the number of Tomato features it can employ:

    However, my old Linksys E3200 has only 32KB NVRAM too, but its Mega build includes OpenVPN server and client, BitTorrent client, Adblock and most other Tomato features. Of course, if I try to use all of them together, 32KB NVRAM will be not enough to store all the custom configurations of all of them together.

    I have never built my own custom Tomato build, so I can't say if it is possible you to build a custom build of yours for DIR-868L with all the features you need. Hope someone else could tell that.
    Last edited: Mar 23, 2019 at 9:33 PM
  55. HorseCalledHorse

    HorseCalledHorse LI Guru Member

    Just wondering how everybody else is finding the stability of 2019.1. Running on my R7000, I'm getting random reboots every couple of days. Free Memory is always around 87% and Free NVRAM is always around 44% and I'm not doing anything other than running a home network. I do have IPv6 configured through a 6in4 Static Tunnel (Tunnel Broker) and I am running the built-in Adblock with the default blacklists selected. Logs tell me nothing.
    I suspect it has something to do with Adblock and I'd love to go back to using jerrm's "not-so-lean" Adblocking script but it hasn't been updated for a while and doesn't seem to work well with FreshTomato. Any ideas?
  56. pedro311

    pedro311 Networkin' Nut Member

    So disable Adblock, and see what's going on. Simple.
  57. HorseCalledHorse

    HorseCalledHorse LI Guru Member

    Will do. But I really hate ads:)

    EDIT: Played around with a manual instal of jerrm's script today and got it working from a USB thumb drive attached to the R7000. I had to make two changes to the scripts and add a line to the .ini file, but so far it seems to be working just fine.
    Details can be found here: https://www.linksysinfo.org/index.php?threads/script-adblock-not-so-lean.72290/page-3#post-303779
    Whether it helps with stability remains to be seen.
    Last edited: Mar 24, 2019 at 8:52 AM
  58. obarney

    obarney New Member Member

    I'm not sure if this is the right place for this question (I've learned lots in this thread but I'll start a new thread if advised/flamed back to the front page).

    Short version: Can someone point me to an up-to-date / authoritative FreshTomato installation doc?

    Longer version: I have an R7000 running latest stock NetGear FW. I want to try Tomato but since I work at home and have streaming/gaming teens, I picked up an inexpensive, used R7000 that I'll be using.

    I've downloaded "freshtomato-R7000-ARM-2019.1-AIO-64K" and I've read many "how to install" threads that seem to span the last ten years and several variants of Tomato (e.g. USB, Fresh, Shibby?). Some install guides make it sound straight-forward, some make it sound like an arcane art. I'm *very* comfortable in Linux (used to install Slackware I downloaded from CompuServe in the 90's) but I don't want to wade through a circa 2012 doc that assumes I'm using a different variant (if I can help it).

    Point me to the latest docs/guides?

    While I have your eyeballs, what I'm trying to accomplish is per-device bandwidth monitoring so I can track down bandwidth hogs and see who is consuming what percentage of our usage. Advice on that is welcome but I think I need to get Tomato in place before I start getting too fancy.

    Thanks in advance.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice