[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. Wizardknight

    Wizardknight Serious Server Member

    I would install any working DD-WRT, and then just upgrade to Fresh Tomato.
    You could also consider intalling DD-WRT, then a older stock rom, and lastly moving to Fresh Tomato.
     
    WildFireSG, smuis1 and pedro311 like this.
  2. snowman58

    snowman58 Network Newbie Member

    That is a good workaround. A lasting solution would be to edit /wnrtools/ambitCfg_WW_R8000.h .
    in source to :

    /*formal version control*/
    #define AMBIT_HARDWARE_VERSION "U12H315T00"
    #define AMBIT_SOFTWARE_VERSION "V9.0.2.99"
    #define AMBIT_UI_VERSION "9.1.99"
    #define STRING_TBL_VERSION "9.0.2.99_2.1.40.1"

    or something similar, then the update will be a newer version than stock.

    EDIT: this is the only line that has to change to bump the version above stock:
    #define AMBIT_SOFTWARE_VERSION "V9.0.2.99"

    I have tested and can provide working chk file.
     
    Last edited: Apr 9, 2019
  3. joew333

    joew333 Network Guru Member

    The only caveat with DD-WRT to Tomato flashing, if I remember correctly, is the password is encrypted unless you reset back to factory default before upgrading to Tomato. It has been a while, but I remember messing around for a long time to recover the DD-WRT password as I was locked out of the router and could not reset by HW. Here is a web site with the info on how to pull the encrypted password before you upgrade to Tomato from DD-WRT in the event you do get locked out: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=757209 If upgrading using the DD-WRT web interface, Just rename the Tomato file .bin instead of .trx and then flash it.
     
    visceralpsyche likes this.
  4. sstacks

    sstacks Serious Server Member

    Hi. I am using FreshTomato with Samba USB HDD file sharing enabled. I have just started having significant instability. When monitoring 'top', I notice the VSZ of 'smbd -D' sometimes grows and grows and grows (e.g. to '130m') until the router appears to run out of memory and hangs.

    I can't figure out what is causing this to occur. Anyone with any ideas?
     
  5. WildFireSG

    WildFireSG Addicted to LI Member

    @Cafe Hunk @Wizardknight @joew333 @snowman58

    Have you tried the "Netgear R-series initial files" folder?

    https://exotic.se/freshtomato-arm/Netgear R-series initial files/
     
  6. sstacks

    sstacks Serious Server Member

    Is there a way to get details of what is using or being accessed by smbd?
     
  7. Plasmator

    Plasmator New Member Member

    There is no longer any setting for "Transmit Power" under "Advanced - Wireless" after upgrading my "Asus RT-AC3200" from "FreshTomato Firmware 2018.5 K26ARM USB VPN-64K" to "FreshTomato Firmware 2019.1 K26ARM USB VPN-64K"

    Is this by design or has the "Transmit Power" setting moved to another menu ?
     
  8. rs232

    rs232 Network Guru Member

  9. Plasmator

    Plasmator New Member Member

    @rs232

    Thanks - I suppose we wait for the next release to get the option back. If it ain't broke ... :)
     
    Techie007 likes this.
  10. snowman58

    snowman58 Network Newbie Member

    Cafe Hunk likes this.
  11. usergay

    usergay Reformed Router Member

    Which version of fresh tomato are you using?

    Which file system are you using on your usb hard drive (Ext2 / Ext3 / Ext4, NTFS, FAT, exFAT)?

    It's possible that corrupt files on the hard drive is causing the smbd process to go into an endless loop.

    As for the driver, I use Paragon as it's the most stable for me.
     
  12. sstacks

    sstacks Serious Server Member

    The problem was occurring on FreshTomato 2018.4 and persists on 2019.1. The drive is ext3. Paragon driver - but I believe that is only relevant for NTFS.

    I'm interested in learning more as to how corrupt files could cause smbd to loop. Any idea how I can drill down to determine what particular file(s) could be causing the issues?
     
  13. Nitin Vaid

    Nitin Vaid Reformed Router Member

    Hi everyone
    its been a long since i followed this tread but i am still running this firmware on my R7000
    I want to buy a VPN and was thinking to go for ExpressVPN i have never used before any.
    what i was to ask is do i have to do any additional settings in my router? for VPN
    as i remember i flashed AIO zip and there is another VPN zip when i downloaded files so do i have to flash VPN? one now?
    and will this only work for VPN?
     
  14. rs232

    rs232 Network Guru Member

  15. Wizardknight

    Wizardknight Serious Server Member

    I have a question about the clock speed being shown by the GUI.
    I have a R7000.
    If I nvram set clkfreq=1400,1066 / nvram commit, the GUI shows a clock speed of 800 on reboot but the cli shows 1400,1066.
    If I set nvram set clkfreq=1400,800/ nvram commit, the GUI shows a clock speed of 1400 on reboot.

    Is there an issue where the GUI only shows the correct clock speed if the memory speed is set to 800, or is the system not really using the correct clock speed if a value other than 800 is used for the ram?

    Is there any way to verify the actual cpu and ram speeds other than a nvram get clkfreq?
     
  16. sstacks

    sstacks Serious Server Member

    Well, I unplugged the HDD, turned Samba file sharing back on, and after a while, smbd is going nuts again in Top, with VSZ increasing.

    I would really appreciate any help that others can give here.
     
  17. Cafe Hunk

    Cafe Hunk Network Newbie Member

    Those files don't have the reserved field filled in with a high version number, as is needed with current stock software.
     
    WildFireSG likes this.
  18. Cafe Hunk

    Cafe Hunk Network Newbie Member

    Yes, a working chk file would be greatly appreciated. I'd be thrilled to give it the acid test.
     
  19. WildFireSG

    WildFireSG Addicted to LI Member

    @snowman58 @Wizardknight

    Understood. In that case, I just liked Wizardknight's post and agree with...

    "I would install any working DD-WRT, and then just upgrade to Fresh Tomato.
    You could also consider installing DD-WRT, then a older stock rom, and lastly moving to Fresh Tomato."
     
  20. Boktai1000

    Boktai1000 Network Guru Member

    The process to get up and running is quick and easy for existing users, but it's confusing and painful for anyone with a new router and if you're a new user- it's a bit of a convoluted process that's just a list of suggestions from comments that include trying a different third party firmware. It would be nice if that could be extended and part of the same FreshTomato process, but the age old question of where does that fall in priority, etc.
     
    snowman58 likes this.
  21. snowman58

    snowman58 Network Newbie Member

    I will make the required changes but it will be up to the developers to use them if they want to.
     
    xmrforprivacy and M_ars like this.
  22. sstacks

    sstacks Serious Server Member


    I *think* I may have found the culprit for the increasing Samba memory usage. I had a Qbittorrent client that was trying to recheck data (on the HDD attached to the router) for a few hundred torrents simultaneously. That's... not good. This issue should be fixed in the next Qbittorrent version.
     
  23. usergay

    usergay Reformed Router Member

    I had a feeling something else was going on because I haven't had any samba issues with my various setups. I was just short of suggesting an nvram erase. I don't torrent so I wouldn't have assumed you were doing that.
     
  24. sstacks

    sstacks Serious Server Member

    Thanks. In fact, I did just go through the pain of an NVRAM erase, just to try to identify the culprit. Added functionality and clients back one-by-one to figure it out.
     
    Last edited: Apr 12, 2019
  25. ras07

    ras07 Network Guru Member

    Does FreshTomato (I'm running 2018.5 currently) do any IPv6 filtering when IPv6 is enabled?

    I've been playing with IPv6. I'm unable to get it working natively through my provider (their problem I think), but I recently discovered https://tunnelbroker.net , and I have gotten that to work. I can both access IPv6-only machines from behind my router, and also ping machines behind my router from the outside world via IPv6.

    That last bit caused me a moment of panic because it appeared that my entire internal infrastructure was exposed to the internet via IPv6. However I found that although I could ping any of my IPv6-enabled machines from the outside, I couldn't actually access any TCP or UDP services. So while that's actually a relief, I can't figure out who's doing the blocking. Is it FreshTomato, or the tunnel broker, or something else? And if there are services I'd like to expose beyond the router via IPv6, how do I do that? (None of the machines I tested are running a personal firewall.)

    (I haven't done much experimentation because I don't really understand the ramifications ... so I'm hesitant to leave the tunnel up for very long; I've got too many un-hardened devices that are probably running IPv6 behind my back.)
     
  26. Sean B.

    Sean B. Network Guru Member

    The only additional access gained from the outside via IPv6 through the router are the few specific protocols/ports that are required for its functionality ( ICMP6 for instance, hence your pings working ), otherwise non related or established incoming connections ( IE: ones that were not initiated by a LAN client ) are still dropped. Most LAN clients also have a firewall ( to varying degrees ) running as well. IPv4 NAT provided security by coincidence, not design. Correctly configured IPv6 functionality does not make you naked to the outside world.
     
  27. ras07

    ras07 Network Guru Member

    I have a lot to learn about IPv6. How can I expose a service that I want to be accessible to the outside world? I don't have a firewall running on the internal machine.
     
  28. snowman58

    snowman58 Network Newbie Member

    Hurricane Electric, the tunnel broker you are using has a certification course.
    https://ipv6.he.net/certification/
    Doing the certification and using there forums will show you what you need to know.
     
  29. Sean B.

    Sean B. Network Guru Member

    You create an allow rule for the host/port you want open, almost like port forwarding was with IPv4. IE:

    Code:
    ip6tables -t filter -I FORWARD 1 -p tcp -d 2601:1c0:XXX:XXX::XX --dport 7777 -j ACCEPT
    Or just use the Port Forwarding->Basic IPv6 page in the GUI. The main difference is that you're no longer limited to forwarding a port to only one host as you were with IPv4. You can forward the same port to every IPv6 host on your LAN, because each host address is globally routeable.
     
    snowman58 likes this.
  30. victorprofessor

    victorprofessor Serious Server Member

    Got the same problem with two different WS880 routers.
    Earlier worked fine with Tomato Shibby 140.

    With FreshTomato 2019.1 and even 2018.5 - they freeze on reboot command.
    NVRAM cleared - didn't help.

    And also with this FreshTomato firmware it's not possible to flash any firmware from web interface — stuck at start.
     
  31. Wizardknight

    Wizardknight Serious Server Member

    Are you using telnet/ssh or are you executing the commands via the web GUI?
    Did you clear the browser's cache, and/or try another browser?
     
  32. victorprofessor

    victorprofessor Serious Server Member

    /sbin/reboot
    Rebooting...
    ---

    Even "reboot" command via telnet don't work — router stop pinging and don't reboot, only physical power off/on by cable or button on the front can help. The main problem is that i cannot reboot it remotely or from script.
     
    Last edited: Apr 14, 2019
  33. tievolu

    tievolu Network Guru Member

    I've noticed some minor oddness in the QOS Details page in 2019.1:

    upload_2019-4-14_11-48-27.png

    The unblurred rows are DNS queries from the router to OpenDNS (208.67.220.220). Note that these columns appear to be swapped:

    Source <---> Destination
    S Port <---> D Port

    However, the connections are still classified correctly - the "Service" class catches connections with a destination port of 53. So it looks like this is a display issue only, and that everything is working ok under the covers.

    I don't know if this is a regression, because 2019.1 is the first Fresh Tomato version I've ever used, and I hadn't used QOS in Shibby's builds for several years.
     
  34. Sean B.

    Sean B. Network Guru Member

    I don't know how you have the QoS configured, if it's functioning on both up and down, if multiwan is involved etc etc. However, I'd ask if you're certain that isn't simply the return traffic ( response from OpenDNS )?
     
  35. tievolu

    tievolu Network Guru Member

    QOS is operating on both upstream and downstream. No multiwan.

    Doesn't the return traffic come back on the same initial connection that was used to send the DNS query? I wouldn't expect a new connection to be opened up with the ports reversed to receive the response (or did I misunderstand you?). And if the source port on my router really was 53 it wouldn't be classified as "Service", because my rule for that requires a destination port of 53.

    This only affects DNS connections from the router itself (i.e. from dnsmasq). If a device on my LAN queries OpenDNS directly the connection shows up in the table with the correct source/destination ports.

    Edit: I also see the same reversal of source/destination IPs and ports for connections to the router GUI from the WAN (i.e. remote admin access). So it seems to affect anything to/from the router on the WAN interface.
     
    Last edited: Apr 14, 2019
  36. Wizardknight

    Wizardknight Serious Server Member

    have you tried:
    reboot 0s
    It works fine for me.
     
    snowman58 likes this.
  37. txnative

    txnative Addicted to LI Member

    Do you have src/dst set for services? Looking at the image posted just shows the src. The defaults for Services is set to dst no src, had you modified it since then?
     
  38. tievolu

    tievolu Network Guru Member

    I have my own set of rules. The one for "Service" looks like this:

    upload_2019-4-14_17-13-12.png

    i.e. it will only catch connections with a destination port of "53", not a source port of "53".
     
  39. txnative

    txnative Addicted to LI Member

    I see, I know that my Services is done in a similar config, as it shows in dst usage on whenever those posts are called as yours is supposed to also. A src port would only indicate some server on the outside connecting to the said port of your router and it maybe in higher range as then it'll go through the router xx.x.x.x. to dst port "53" or port in questioned. If your server calls the dns port "53" you'll see that src as 53 or whatever server it connects to at a higher ranged port then you'll see that as well.
     
  40. Sean B.

    Sean B. Network Guru Member

    Yes, that's exactly what happens. You need to think of it from the point of view of the network stack. Example:

    Say the firewall rules are completely empty, and you want to allow traffic from a specific LAN host to be forwarded by the router out to googles DNS server 8.8.8.8:

    Code:
    iptables -t filter -A FORWARD -p tcp -d 8.8.8.8 --dport 53 -s 192.168.1.100 -j ACCEPT
    There's the rule to do so. Now said host tries a DNS lookup, but it does not work. Why? There are 2 sides to every "connection". If you do not add the return path to be allowed, it does not get through:

    Code:
    iptables -t filter -A FORWARD -d 192.168.1.100 -s 8.8.8.8 --sport 53 -j ACCEPT
    *Note the port syntax has reversed, from destination port.. to source port.

    This is most commonly done by wrapping the return traffic into a single rule using matching:

    Code:
    iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    Which means if the traffic coming in is related to traffic that has already gone out, or is a response to an already established connection, allow it. A connection is viewed as 2 separate lanes, not one lane with bidirectional flow. This is also true for connections to the router itself, the only thing that changes is the chains that the packets traverse. It uses the INPUT and OUTPUT chains:

    Code:
    iptables -t filter -A INPUT -p tcp -s 192.168.1.100 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -d 192.168.1.100 -j ACCEPT
    Now why would QoS report on the returning side rather than the outgoing side in regards to the router sending out over the WAN? This is because of the different chains. QoS does not monitor the INPUT chain of the router, this is because QoS only affects traffic that goes over the WAN, and if it monitored incoming connections to the router, that could include traffic only going between the router and a LAN client. Therefore QoS only monitors the OUTPUT and FORWARD chains of which match on the "-o vlan2" or "going out the WAN". If the connection was started by a LAN client and has the destination of an address that goes out to the WAN, then the source side is seen ( and seen first ) because it matched on the FORWARD -o vlan2 from the start. However if it goes to the router first ( dnsmasq ), the source side hits the INPUT chain, and is not seen.
     
    Last edited: Apr 14, 2019
    JPJazz likes this.
  41. tievolu

    tievolu Network Guru Member

    If this what's happening, I'm curious why QOS doesn't present all connections in the same way. Why does the source/destination reversal in the table happen only for connections to/from the router itself?
     
  42. Sean B.

    Sean B. Network Guru Member

    Note the edit to my last paragraph, I was curious enough to look at the QoS iptables rules.
     
  43. tievolu

    tievolu Network Guru Member

    Ok, that's very helpful! Thanks for explaining.

    Interesting how QOS still manages to classify the connection correctly according to my "Service" rule (i.e. for dst=53), even though it sees the ports as reversed.
     
  44. Sean B.

    Sean B. Network Guru Member

    Remember my example. If the return side of the connection has the src port of 53, then the outgoing side of the connection must have had destination port 53. Otherwise the return connection would have been dropped, because it did not match as related or established to the outgoing connection.

    *NOTE* I should note, return side and outgoing side are determined by what iptables rule the connection matched against ( outgoing or incoming ), this is what allows QoS to orient itself to the src and dst markings of the connection, and gives it the ability to correctly determine source and destination in regards to packet flow.
     
    Last edited: Apr 14, 2019
  45. tievolu

    tievolu Network Guru Member

    So if QOS is clever enough to work that out, would it not make sense to correct the source/destination in the table so that they are consistent with all the other connections and QOS's view of things?
     
  46. Sean B.

    Sean B. Network Guru Member

    The GUI is not QoS. The GUI is a coded webpage that displays connection information, that connection information is the same that QoS is handed, IE: not the INPUT table. To write the html/java code to parse the connections listed and then determine which ones need to be changed based on QoS hit of src or dst etc etc. Quite frankly, if you want to spend that kind of time coding/testing/bug hunting just to swap out src and dst ports for visual continuity, we'd be happy to apply your patch.

    And even if it was done, it's not technically correct to begin with. QoS does not monitor nor take into account LAN traffic, nor WAN traffic for that matter.. it only has an effect on WAN <--> LAN traffic. The fact the GUI shows only the part of the connection that goes WAN <--> LAN is honestly more true to a QoS monitor than making it look like it all lines up. Remember, when the LAN client sends a DNS request to the router ( dnsmasq ) and dnsmasq sends the reply back, that in itself is the connection and it does not apply to QoS bandwidth control as it never left the LAN. When dnsmasq sends out a DNS query onto the WAN ( literally the WAN itself, this is the router and the WAN interface is local to it ) and receives a reply is yet another connection. The only reason the reply hits QoS is because it is FORWARDED to the client, that is the only part of the entire process that actually counts as WAN <--> LAN traffic. And that traffic will have SRC port 53 not DST.

    For instance, if dnsmasq receives a query for a DNS entry that it has a hit for in its cache, you will never see any of the connection in the GUI even tho port 53 is still used, as the LAN only traffic is not of concern to QoS.
     
    Last edited: Apr 14, 2019
  47. txnative

    txnative Addicted to LI Member

    I suggest a new topic on this on How Qos Works, as it this has been discussed before and is quit lengthy.
     
  48. tievolu

    tievolu Network Guru Member

    Last question, I promise. So what about the tomato GUI remote access connections that are shown in a similar way? They have no association with any LAN clients, unlike the DNS requests. Or are they being forwarded to the router's internal LAN IP?

    (I'm not trying to be a dick btw - just genuinely interested in understanding what is happening here :))
     
  49. Sean B.

    Sean B. Network Guru Member

    Hold on a sec. In your blurred out screen shot showing the src port as 53, what is the destination IP? Is it your WAN IP or local client IP?
     
  50. tievolu

    tievolu Network Guru Member

    The destination IP is the WAN IP of the router.

    On closer inspection the remote GUI connections are shown correctly - i.e. router's WAN IP/port as the source. SSH connections to the router from the WAN are also shown correctly.

    (I was misled previously by the fact that I was accessing the interface via loopback, which have the LAN client as the source and the WAN IP as the destination (and in terms of QOS the connections are unclassified), which all makes sense.)

    So it's only the outgoing DNS queries from dnsmasq which have their source/destination reversed. As a sanity check I just tried doing an nslookup to a different DNS server from an ssh session on the router and that connection also appears in the QOS Details table with source/destination IPs/Ports reversed (but again correctly classified as "Service"):

    upload_2019-4-15_11-16-15.png

    I also tried a simple "wget www.google.co.uk" from the SSH session on the router, and that too shows the source/destination reversed:

    upload_2019-4-15_11-22-23.png

    Outgoing SSH connections from the router have the source/destination reversed as well (WAN IP as the destination), whereas incoming SSH connections to the router have the source/destination the correct way round from the point of view of the router (WAN IP as the source).
     
    Last edited: Apr 15, 2019
  51. jerry0000

    jerry0000 Connected Client Member

    I flashed 2019.1 (128K/VPN) on ASUS AC3200, and the wifi signal is very poor. It is actually much worse than the Netgear R7000 with 2018.5 (64K/VPN) firmware. The testing was done with the router in the same location, and advanced->wireless setting all at default, except change the 2019.1 firmware country from Singapore to US. (Singapore does not work with some of my wifi devices.)

    My understanding is the ASUS AC3200 should have better wifi. So what did I miss?
     
  52. txnative

    txnative Addicted to LI Member

    Your leaving a bit of information out if someone with this model or pedro311 maybe able to assist. Have you read the "How to report a bug or problem" in the first thread of freshtomato-arm, either way the information isn't helpful at all you supplied, it would have me guessing or anyone else.
     
  53. adamgwaps

    adamgwaps New Member Member

    will Asus AC86U be supported its a beast router but its missing alot of tomato features, stock sucks :(
     
  54. snowman58

    snowman58 Network Newbie Member

    I sent you a message.
     
  55. txnative

    txnative Addicted to LI Member

    Just curious, what version netgear does cafe have installed?
     
  56. snowman58

    snowman58 Network Newbie Member

    I don't know, I tested against latest download V1.0.4.28_10.1.54.
     
  57. txnative

    txnative Addicted to LI Member

    Thank you for that.

    I had read on the netgear forum before that going back or flashing to earlier version is not supposed to be a problem or there isn't a block of some sort to stop you from reverting to an earlier version, or did i miss something?
     
  58. snowman58

    snowman58 Network Newbie Member

    There is a test, and it at least warns you it is a older version. HOWEVER people claim the newer versions totally prevent older versions from being flashed, some claim they cannot even flash older versions using tftp and the serial port.
     
  59. txnative

    txnative Addicted to LI Member

    I read some of those here and ddwrt forum, It would helpful to know what particular version they have in order to know if there is a good workaround.

    Edited: After a little research in the netgear forum, it appears that some users were getting stuck after with versions starting with 1.0.9 and another stated he had used the nmrpflash as a workaround, this was posted at the end of 2018.
    https://community.netgear.com/t5/Ni...Why-cnnaot-downgrade-the-firmware/m-p/1676392
     
    Last edited: Apr 16, 2019
  60. M_ars

    M_ars Network Guru Member

    maybe it has something to do with that ?
    https://svn.dd-wrt.com/changeset/39293

     
  61. txnative

    txnative Addicted to LI Member

    I feel these are two different entities being said here, my statement is base on netgear user unable to downgrade within netgear firmware if they have those versions starting with said 1.0.9.
    as, dd-wrt users may have issues if those version numbers are in place if they are to installed dd's firmware the work around is to use nmrpflash to downgrade to an earlier netgear version in order to flash dd-wrt. dd ideal should work it seems.
     
  62. snowman58

    snowman58 Network Newbie Member

  63. snowman58

    snowman58 Network Newbie Member

    xmrforprivacy and user17600 like this.
  64. Sean B.

    Sean B. Network Guru Member

    I apologize for being absent from this discussion, I had to leave town for work for several days and did not have the opportunity to continue while away. I believe these updates clear the confusion on what's going on. Those services when run on the router initiate their connection not to the external destination, but to the localhost address. Example: when dnsmasq is enabled, the localhost IP is placed in the /etc/resolv.conf file, which makes all services run on the router send their DNS queries to localhost..

    Code:
    root@Storage:/tmp/home/root# cat /etc/resolv.conf
    nameserver 127.0.0.1
    root@Storage:/tmp/home/root#
    An easy test would be to:

    Code:
    echo "nameserver 8.8.8.8" > /etc/resolv.conf
    Then run nslookup on the router and check your QoS details, see if the results have changed.
     
    Last edited: Apr 17, 2019
  65. tievolu

    tievolu Network Guru Member

    I can't change resolv.conf because it's read only.

    However, I can run nslookup while specifying 8.8.8.8 as the nameserver, i.e.:

    Code:
    nslookup www.google.co.uk 8.8.8.8
    In fact, that's exactly what I did when I ran the test before - the source/destination are still reversed on the QOS details page, as shown in the screenshot.

    Also note that the source/destination are reversed when connecting from the router to a remote server via SSH as well - I don't see how that would involve a connection to localhost. However, incoming SSH connections to the router are listed correctly (i.e. "source" = router's WAN IP, which is correct from the router's point of view).

    Here's an SSH connection from the router (demo SSH server URL taken from here (password = "password")):

    Code:
    ssh demo@test.rebex.net
    upload_2019-4-17_11-57-0.png

    I also tested on an AC66U running Shibby 140 (MIPS) and the behaviour is the same there, so isn't a new thing.
     
    Last edited: Apr 17, 2019
  66. GhaladReam

    GhaladReam Network Guru Member

    So I am running 2019.1 AIO on my Netgear R7000. I have a USB APC UPS connected to it, and after a few days of uptime, I am having an issue where the syslog starts spitting out an error message every 10 seconds until the router eventually stops responding and crashes completely. I've been having this issue for as long as I can remember, on many previous versions. I've cleared NVRAM and re-inputted settings many times.

    Code:
    Wed Apr 17 08:52:00 2019;10.0.0.101; <4>Apr 17 08:52:01 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:52:10 2019;10.0.0.101; <4>Apr 17 08:52:11 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:52:20 2019;10.0.0.101; <4>Apr 17 08:52:21 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:52:30 2019;10.0.0.101; <4>Apr 17 08:52:31 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:52:40 2019;10.0.0.101; <4>Apr 17 08:52:41 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:52:50 2019;10.0.0.101; <4>Apr 17 08:52:51 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:53:00 2019;10.0.0.101; <4>Apr 17 08:53:01 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:53:10 2019;10.0.0.101; <4>Apr 17 08:53:11 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:53:20 2019;10.0.0.101; <4>Apr 17 08:53:21 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:53:30 2019;10.0.0.101; <4>Apr 17 08:53:31 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:53:40 2019;10.0.0.101; <4>Apr 17 08:53:41 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:53:50 2019;10.0.0.101; <4>Apr 17 08:53:51 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:54:00 2019;10.0.0.101; <4>Apr 17 08:54:01 kernel: generic-usb 0003:051D:0002.0001: control queue full
    Wed Apr 17 08:54:10 2019;10.0.0.101; <4>Apr 17 08:54:11 kernel: generic-usb 0003:051D:0002.0001: control queue full
    
    Another member posted a similar issue in another thread a couple of years ago, but no one ever replied to him:

    If you google search this issue, it seems to be an issue related to the apcupsd module, or perhaps the the linux kernel itself. Is there a newer version of apcupsd than what is currently running in 2019.1 that could resolve this?
     
  67. Sean B.

    Sean B. Network Guru Member

    Ah yes, I forgot resolv.conf is a symlink to /rom/etc/resolv.conf and must be rm'd first before changes can be made. The cause is in packet flow, though being router only I would have thought localhost to be the specific flow doing it, as that would be the INPUT chain again.
     
  68. rgnldo

    rgnldo Networkin' Nut Member

    Coming out of the oven, new release ... :) 2019.2 - 2019.04.20 :)
     
  69. joew333

    joew333 Network Guru Member

    Very exciting!
     
    kille72 likes this.
  70. kille72

    kille72 LI Guru Member

    A new version of FreshTomato 2019.2 ARM and MIPS is ready for download.

    More information in the first post.

    Best regards,
    FreshTomato team, @kille72 & @pedro311

    Thanks to @M_ars and all others who helped us with this project!
     
    Techie007, AndreDVJ, Elfew and 3 others like this.
  71. blackmack

    blackmack Network Guru Member

  72. M_ars

    M_ars Network Guru Member

    You have to replace lanaddress and port. —> there is no automatic and only to show what to do :)
    BR
     
  73. The Master

    The Master Network Guru Member

    Thank you for the Birthday Gift :)
     
    kille72 likes this.
  74. blackmack

    blackmack Network Guru Member

    Yes I have replaced with my ip and port, just copied this as an example.
    I erased nvram and it doesnt work either. udpxy is working just stanus page cannot be opened. It must be a bug.
     
  75. rgnldo

    rgnldo Networkin' Nut Member

    I made the physical reset. I upgraded to 2019.2. I used the same restore settings as in 2018.5. All right and working.
     
    pedro311 and kille72 like this.
  76. blackmack

    blackmack Network Guru Member

    I dont like the backgroud page when applying settings in fresh tomato. Maybe this page and reboot page can be set back to white. It would be better if the background was light gray and the box white.

    [​IMG]

    Its awful if you have custom theme applied. Reboot page is even uglier with black bacground
     
  77. rgnldo

    rgnldo Networkin' Nut Member

    Honestly, I do not recommend custom themes.
     
    pedro311 and kille72 like this.
  78. M_ars

    M_ars Network Guru Member

    i just checked, working on my side - i do see the status page. typo ? browser ?
    for example with my test setup
    http://192.168.1.1:4022/status/
     
    kille72 likes this.
  79. blackmack

    blackmack Network Guru Member


    Works now in IE too. Something was messed up. Had to clear history and settings...
     
    Last edited: Apr 20, 2019
  80. M_ars

    M_ars Network Guru Member

    ahh ok --> i use firefox --> working
    BR
     
    kille72 likes this.
  81. rgnldo

    rgnldo Networkin' Nut Member

    Feedback on NETGEAR R6300v2
    Commits:
    openssl: update to 1.0.2r -> is helping me a lot with unbound 1.9.0
    SQLite: update to 3.27.2 -> Very good
    php: update to 7.2.17 -> Very good
    dnsmasq: update to 2.80-343b7b4 snapshot -> best routing response
    miniupnpd: update to 2.1.20190408 & patches: miniupnpd: fix naming, cosmetics -> best response
    patches: libcurl: cosmetics -> best response
    GUI: advanced-routing.asp - add option to force IGMPv2 - cosmetic -> Still testing.

    I will test the USB 3.0 LED on the ASUS RT-AC68U.
    Commit:
    RT-AC68U: change LED table + LED table cleanup

    So far, the best FreshTomato compilation. Stable and solid. Congratulations to the whole team.:):cool:
     
    pedro311 and kille72 like this.
  82. rgnldo

    rgnldo Networkin' Nut Member

    [​IMG]
    working on my side, on Google Chrome
     
    kille72, pedro311 and M_ars like this.
  83. rgnldo

    rgnldo Networkin' Nut Member

    @kille72 @pedro311 @M_ars
    One suggestion: add unbound as cache, recursive, and authoritative. Unbound thin. DD-WRT uses unbound as a DNSMASQ resource.
     
  84. abir1909

    abir1909 Network Newbie Member

    Did you manually restored settings or restored from backup?
     
  85. rgnldo

    rgnldo Networkin' Nut Member

    Best answer in DNS query. Best answer for DNSSEC

    [​IMG]

    [​IMG]
     
  86. rs232

    rs232 Network Guru Member

    First feedback on 2019.2: It works great!

    I just have a point of improvement for the next release. Can the LAN to LAN communication be excluded from the QoS reporting (Graph/Details). Same LAN communication is switched, not routed. And even if it was intra-LAN (e.g. LAN1 to LAN2) it would still not cross the WAN which is the only interface affected by QoS.

    Thanks!
     
  87. joew333

    joew333 Network Guru Member

    Agree, so far the 2019.2 is working great. The changelog is massive. Well done.
     
    pedro311 and kille72 like this.
  88. joew333

    joew333 Network Guru Member

    I am going to take one for the team here. Thank you@pedro311 and @kille72 for 1) taking away the ridiculous and antiquated antenna settings in Advanced Wireless and 2) restoring Transmit Power in Advanced Wireless. This change is a crowd favorite and beloved by all Tomatoers worldwide. Thank you both for your awesomeness!
     
    Techie007, M_ars, Combat619 and 2 others like this.
  89. GhaladReam

    GhaladReam Network Guru Member

    Want to report that the above issue I posted about almost a year ago appears to finally be fixed in 2019.2. Thanks @pedro311 and @kille72 !
     
    M_ars and kille72 like this.
  90. M_ars

    M_ars Network Guru Member

    2019.2 is working perfect. Massive and important changes/fixes in my opinion.
    I hope that people will donate to pedro and kille

    Amazing WORK :)
     
    Edrikk, kille72 and pedro311 like this.
  91. herculeesjr

    herculeesjr Network Newbie Member

    Is there any reason why no matter what fork of Tomato I seem to use the Device List page is horribly screwed up? I set up static IPs for 30 devices, some that have never even been connected to the router yet after flash and NVRAM wipe, and then the device list is worthless. It mixes up hostnames with different MAC addresses on devices, shows devices connected with no MAC address that don't exist, devices that have disconnected still show on the list a day later even if I use a 15 minute lease. It's a mess. And I do not like DD-WRT, so I'm pretty much stuck going back to stock at this point unless someone knows a fix. Yes this is all with fully wiped NVRAM, multiple times, currently FreshTomato 2019.1. Would really love to hear a solution.
    EDIT: I even tried moving the DHCP pool start and end to 192.168.1.40 to 192.168.1.60 and leaving all the static IPs the same (from 192.168.1.2 to 28) yet it's still the same after reboot. Device list is missing static devices that are connected, shows static devices that aren't connected, and mixes up MACs with hostnames.
     
    Last edited: Apr 21, 2019
  92. PetervdM

    PetervdM Network Guru Member

    ^^ are you sure ypu're not running out of free NVRAM? what router, which FW version?
     
  93. adamgwaps

    adamgwaps New Member Member

    @kille72 & @pedro311 will Asus AC86U be supported its a beast router but its missing alot of tomato features, stock sucks :(
     
  94. joew333

    joew333 Network Guru Member

    I would argue that QOS is not relevant today in many parts of the world as higher Internet speeds are becoming the norm. It was relevant when connection speeds were very slow and admins had to allocate a small amount of bandwidth across their users. QOS works by setting the size of your broadband pipe in the QOS settings and then prioritizing users and usages of bandwidth. I have a 200 MB/S connection which delivers 230 MB/S as the ISP over dimensions a little to avoid user complaints. Gigabit speeds are available. Our ISP in a competitive move recently upgraded all connections from 100 MB/S to 200 MB/S without raising rates (if I used QOS, I would have missed out on the upgrade as QOS would have still been allocating the 100 MB/S pipe). Streaming a movie typically uses 3 - 10 MB/S. Gaming and browsing the Internet use very small amounts of bandwidth. So parsing up 200 MB/S using QOS is a colossal waste of time IMHO. Watching paint dry may be more relevant.
     
  95. Mercjoe

    Mercjoe Network Guru Member

    Can you please post more details. I have used statis IP's since the WRT tomato days and have NEVER had any issue like you describe.
     
  96. Mercjoe

    Mercjoe Network Guru Member

    Flashed the 2019.2 onto a R7000 and all is well.

    One abnormaility I have it high CPU usage on the status screen.. It seems to be running a steady 70 to 75% CPU load.

    When I telnet into the router and run TOP and I get a CPU usage of 19%. Temps are stable so I see it as an error in the GUI.
     
  97. herculeesjr

    herculeesjr Network Newbie Member

    @PetervdM and @Mercjoe
    READ MY "ANOTHER EDIT" AT THE BOTTOM, IT LOOKS LIKE HALF A YEAR OF USER ERROR CAUSED THIS ISSUE.


    It's an R7000. Currently has 2019.1 installed.
    (Do I need to start my own thread on this?)
    Here is a list of my static addresses, highlighted in yellow is the devices that are currently actually connected to the router.
    Currently connected devices.JPG
    Now on the device list...
    *PC-MSI Laptop is supposed to be on 192.168.1.3 but it is connected to 192.168.1.41
    *Phone-Pixel 3 XL is supposed to be 192.168.1.26 but is connected to 192.168.1.52, yet it shows up on the device list on 192.168.1.26 as not connected (no signal quality indicator) but if you scroll down you can see it connected with a blank host name on 192.168.1.52
    *FAKE MACs that are used to reserve addresses 192.168.1.8-9 and 192.168.1.15 show up on the device list.
    *Devices that aren't even in the house/haven't been turned on in weeks show up in the device list. Yes they are either truly turned off or are over ten miles away from my house. No way at all they're connected. They are .6, .7, .19, .23, .24, .27, and .28.
    Device List mess.JPG

    EDIT: My overall goal is basically to keep MY devices static and at the beginning of the IP pool, and anything not static (guests stuff) get's put after the static IP pool. I have the bandwidth limiter set to give any device after the static IP pool greatly reduced bandwidth. Thus not having the static pool functioning properly screws this all up giving some guests full bandwidth and me sometimes bottom tier speeds. I only have 30Mb down/3Mb up with a 1TB soft limit so my bandwidth limit restricts guests that decide to stream stuff to 720p most of the time. It's amazing how fast our house goes through 1TB.

    ANOTHER EDIT: I think I just found a couple of reasons by simply slowing down and reading the "Notes" section on the static IPs page. 1. I was putting spaces in device host names and I'm not supposed to. 2. It says it can't enforce static IPs if you put two MAC addresses, which seems silly but whatever I'll work around it.
    I removed any/all spaces from host names and removed 2nd MACs on the few devices that had them then restarted the router. Now every static IP (connected or not) shows in the device list to the correct IP and device. I'd prefer that they disappear if not connected, but I can just look at the interface and if it's br0 that means not connected (unless it's on ethernet). FINALLY everything is running smoothly.
    I wish FreshTomato was prettier to look at and explained buttons/features more but taking your time and actually reading/Googling pays off. Lol
     
    Last edited: Apr 21, 2019
  98. PetervdM

    PetervdM Network Guru Member

    you can have two mac addresses on one iP address, but obviously not at the same time. i have two devices configured this way: a laptop which has a wired connection in a docking station and wireless when undocked. and a phone which has a wifi connection on my own wifi and an openvpn TAP connection when not. the latter has sometimes difficulties when switching from openvpn to wifi, still struggling with it.
    it is very hard to tell if a device is still connected. if it is idle you have to rely on some process which uses a kind of keepalive. if you set a short dhcp lease time you can use that info. when the lease disappears from device list, lease column you know the device is not connected ( anymore ). i set my lease time for these to 10 minutes, so that's the maximum time i know they have gone.
     
  99. isaac boateng

    isaac boateng Serious Server Member

    I flashed 2019.2 on Linksys EA6500v2 and realised the indicator led is off. how do i turn it on, thanks
     
  100. Johnson McMahon

    Johnson McMahon New Member Member

    should "After flashing, erase all data in NVRAM memory" be checked when upgrading?

    I'm upgrading from 2019.1.015 -beta K26ARM USB AIO-64K
     
    Last edited: Apr 21, 2019
    Guso. likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice