[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. Guso.

    Guso. Networkin' Nut Member

    That's partially true, since it could be seen as the number of countries with nice bandwidth are... well, the developed ones... The rest of the world, like most of the American or African countries are not that lucky, here in Colombia for example most of the people have like 5 to 10mbps, obviously there are some with like 50mbps, but those are very few, in my job we are around 600 in a public company struggling with a 80mbps channel and a meager back up of 20mbps, so please don't think of putting QoS aside
     
    herculeesjr likes this.
  2. Thaipirate

    Thaipirate New Member Member

    I just did that upgrade and didn't have it ticked. you can also download the config file from your current version, tick the box and upgrade then feed it back the backed up config.
     
  3. eibgrad

    eibgrad Network Guru Member

    Yes, although given that everyone should erase nvram thoroughly *after* the upgrade anyway, I'm not sure it's actually all that critical.

    What I always recommend ppl do is reset the router to factory defaults *before* the upgrade, perform the upgrade, and once again reset the router to factory defaults. As long as you stick to that regimen, you'll be fine.

    What you shouldn't ever do is restore a backup from a prior firmware to newer firmware. That's asking for trouble. As inconvenient as it may be, always manually reconfigure your router after the upgrade.
     
    Last edited: Apr 22, 2019
    idlebonez and M_ars like this.
  4. Wizardknight

    Wizardknight Serious Server Member

    It's optional. I upgraded without wiping, and didn't have any problems.
    However if you have issues, you will have to do a clean install before troubleshooting.
     
  5. M_ars

    M_ars Network Guru Member

    Hi
    did the LED work with 2019.1 ? Is the led turned on if you do not connect to the internet (for example unplug wan cable)
    Right now we have no extra led case for that router model. Does router model show ea6500v2 or ea6700 ?
    BR
     
  6. isaac boateng

    isaac boateng Serious Server Member

    Yes, it was working on 2019.1. Yes the led is always on even with no.internet.but with 2019.2 the led is off after booting and with internet it still off. Model is EA6500v2
     
  7. M_ars

    M_ars Network Guru Member

    thx for info. will write you a pm.
    i think we need a new case for EA6500v2
    BR
     
    pedro311 and kille72 like this.
  8. mandepsi

    mandepsi Networkin' Nut Member

    same for my EA6900
    But i could get it back with command "gpio enable 8" in the tools-->Commands.
     
  9. snowman58

    snowman58 Network Newbie Member

    Is this patch available anywhere else since that link is dead now?
     
    Last edited: Apr 22, 2019
  10. M_ars

    M_ars Network Guru Member

    Do you use 2019.2 ? Wan Up --> Logo led on
     
  11. mandepsi

    mandepsi Networkin' Nut Member

    Yes im on 2019.2. I use my EA 6900 as Wireless Ethernet Bridge. Logo led was till upgrade always on.

    ------------------------------------------

    FreshTomato Firmware 2019.2 K26ARM USB AIO-64K

    Linux kernel 2.6.36.4brcmarm and Broadcom
    Wireless Driver 6.37.14.86 (r456083)

    Name TomatoUSB
    Model Linksys EA6900
    Chipset ARMv7 Processor rev 0 (v7l)
    CPU Frequency 1200 MHz (dual-core)
    Flash Size 128MB

    Time Mon, 22 Apr 2019 18:34:17 +0200
    Uptime 1 day, 22:11:23
    CPU Usage 2.27%
    CPU Load (1 / 5 / 15 mins) 0.12 / 0.06 / 0.06
    Total / Free Memory 249.63 MB / 218.86 MB (87.67%)
    Total / Free NVRAM 64.00 KB / 28.71 KB (44.86%)

    CPU Temperature 67°C / 153°F
    Wireless Temperature eth1: 2.4G - 52°C / 126°F eth2: 5G - 56°C / 133°F
     
    Last edited: Apr 22, 2019
  12. M_ars

    M_ars Network Guru Member

    All versions < 2019.2 using a wrong value/level (inverted) --> Logo led was always on (in most cases) ...

    You are using bridge mode --> That is the reason why
    (but you can use your workaround, like you already did
    with command "gpio enable 8" in the tools --> Commands)

    With 2019.2 the Logo LED is connected to WAN up --> Logo LED on, WAN down --> Logo LED off
    Same for EA6400, EA6700 and EA6900

    nice router, overclocked to 1200 MHz for wireless ethernet bridge ;-)
     
  13. Mr9v9

    Mr9v9 Serious Server Member

    Anyone else have slower wireless speeds on an R7000 after this 2019.2 upgrade?
     
  14. victorprofessor

    victorprofessor Serious Server Member

    Report for problem with WS880 (earlier dima_av wrote about it):

    2018.5 — reboot works fine from web-page or console
    2019.1 and 2019.2 — reboot fails in any way, need to power off/on cable.

    Tried clearing nvram many times, reboot from web-page or console with "reboot 0s" don't work.
    Something went wrong in 2019 firmware.

    So rolled back to 2018.5.
     
  15. Brad44

    Brad44 New Member Member

    So far a pretty good experience with 2019.2 however the Internet LED is off for my R8000. Anyone have a command to enable it?
     
  16. snowman58

    snowman58 Network Newbie Member

    This is a known issue that is being worked on.
     
    M_ars likes this.
  17. WildFireSG

    WildFireSG Addicted to LI Member

    @pedro311 @kille72 @M_ars

    Thank you also for going back in time and fixing this in 2018.5 which I am still running on my RT-AC68U ;) I've never had this Ethernet Ports State disappearing problem on my ARM router with 5 VLANs (IDs 1-5 on br0 - br3 + WAN) & separate IP subnets configured from the GUI. FWIW, I also have 4 SSIDs: Primary and Guest on 2.4Ghz as well as Primary and Guest on 5Ghz.

    Will be upgrading to 2019.2 when time permits. Thanks guys so much!

    Also, there seems to be a limit of 4 LAN bridges (br0-br3). Is that able to be increased in any way?
     
    Last edited: Apr 23, 2019
    pedro311 and M_ars like this.
  18. Brad44

    Brad44 New Member Member

    Interesting. I had the same issue with Absolute Tomato. Everything else worked fine except the internet LED never went on. Must be a thing with the R8000 or something. I do like this fork, had to make the switch since it appears just about every other version of Tomato is no longer being updated.
     
  19. M_ars

    M_ars Network Guru Member

    You can also use stealth mode now. Somtimes the leds can be disturbing
    BR
     
    snowman58 likes this.
  20. tievolu

    tievolu Network Guru Member

    Uncheck "Bound to" for each entry in the "Static DHCP/ARP/IPT" page. This way the devices with static IPs will be given temporary leases just like the devices on dynamic IPs.

    If "Bound to" is enabled the static IPs are given permanent static ARP entries. This is useful in some scenarios. For instance, I use this for a cheap IP camera that seems to be incapable of requesting an IP properly.
     
    Aardvark likes this.
  21. nlenle

    nlenle Networkin' Nut Member

    Quick question:

    I have the Asus AC-3200, and I see there is two builds. One 64k and 128k.
    I currently have the latest Advanced Tomato, and on the status page it says "Flash Size: 128MB".

    Am I correct to use the 128K image?

    (and also, is it okay to flash directly over Advanced Tomato)
     
  22. Brad44

    Brad44 New Member Member

    Yes, you can flash directly from Advanced Tomato. Did it myself a few days ago without any problems. Just be sure to clear the NVRAM when you do it.
     
  23. joew333

    joew333 LI Guru Member

    Agree. And thanks for the comments. If you have under 30 - 50 MB/S, then QOS probably helps you manage your users. Above that, it really does nothing (unless someone is hanging out on BitTorrent for the whole day).
     
  24. Jose C

    Jose C Serious Server Member

    What exactly does this mean in the lates release?

    does it mean that the initial files can be used to flash R7000 with the latest netgear stock firmware?
     
  25. snowman58

    snowman58 Network Newbie Member

    Yes they should work on the latest NETGEAR firmware. Then flash the latest version. Make sure to erase NVRAM before and after each flash.
     
    Last edited: Apr 23, 2019
  26. feedzapper

    feedzapper Serious Server Member

    Someting about DNSMASQ +DNSSEC enabling this in FreshTomato.
    I saw enabling this adds the following entrys to the dnsmasq.conf :

    Code:
    dnssec
    dnssec-no-timecheck
    conf-file=/etc/trust-anchors.conf
    
    Does Tomato sent automaticly a SIGINT ("killall -INT dnsmasq") to the dnsmasq process after we received a Timesync by NTP ?
    I think not ?!
    Only this will enabling timecheck for dnssec if we got a realtime Timesync after boot in
    conjunction with using the "dnssec-no-timecheck" command.
    Also i think "dnssec-no-timecheck" is the wrong way for doing this on a router without a RTC.
    I unchecked the DNSSEC entry here in the Tomato Webif and did my own (alternate) way in the dnsmasq custom entry looks like this :

    Code:
    dnssec
    conf-file=/etc/trust-anchors.conf
    dnssec-timestamp=/opt/dnsmasq/mtime
    user=root
    Ok, we can also use jffs or any usb for store this timestamp file, but the file must be resident after boot to got the right timestamp for verify.
    furthermore we need "write permissions" (user=root)
    no more problems in the future for dnssec timecheck :)
     
    Last edited: Apr 23, 2019
  27. Bird333

    Bird333 Network Guru Member

    Is anyone else having problems with 'reboot' on 2019.2? I tried both the gui and cli and the router didn't reboot. I had to power cycle it. This is on a AC68U btw.
     
  28. ras07

    ras07 Network Guru Member

    Does FreshTomato's OpenVPN implementation support ECDSA keys? (I'm still on 2018.5)
     
  29. M_ars

    M_ars Network Guru Member

    Hi

    Tried it with my RT-N18U
    GUI —> Reboot Button —> working
    Command line —> reboot —> working
    GUI —> Tools —> System Commands (web shell) —> reboot —> working (shell feedback is „Error: unknown“ but it is working and the router reboots ok. Maybe this is because of the router already started reboot ... )
    Can you check / verify ?
    BR
     
    Last edited: Apr 24, 2019
    kille72 likes this.
  30. blackmack

    blackmack Network Guru Member

    Can on AC68U WiFi button be implemented to turn on/off wireless?
     
  31. xmrforprivacy

    xmrforprivacy Network Newbie Member

  32. pedro311

    pedro311 Networkin' Nut Member

    Yes, it does.
    Code:
    Apr 24 01:30:29 router daemon.info dnsmasq[32716]: exiting on receipt of SIGTERM
    Apr 24 01:30:29 router daemon.info dnsmasq[31337]: started, version 2.80-343b7b4 cachesize 8192
    Apr 24 01:30:29 router daemon.info dnsmasq[31337]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC no-ID loop-detect inotify no-dumpfile
    Apr 24 01:30:29 router daemon.info dnsmasq[31337]: DNSSEC validation enabled
    Apr 24 01:30:29 router daemon.info dnsmasq[31337]: DNSSEC signature timestamps not checked until receipt of SIGINT
    Apr 24 01:30:29 router daemon.info dnsmasq[31337]: configured with trust anchor for <root> keytag 20326
    Apr 24 01:30:29 router daemon.info dnsmasq[31337]: configured with trust anchor for <root> keytag 19036
    Apr 24 01:30:29 router daemon.warn dnsmasq[31337]: warning: ignoring resolv-file flag because no-resolv is set
    
    /.../
    
    Apr 24 01:30:38 router user.info preinit[1]: Starting stubby 0.2.6 , DNS-o-TLS Proxy
    Apr 24 01:30:39 router daemon.info dnsmasq[32139]: now checking DNSSEC signature timestamps     <----------------
    
     
    lancethepants and kille72 like this.
  33. feedzapper

    feedzapper Serious Server Member

    Ok , here it does not.
    Maybe there is something different in the config ?
    I checked ONLY "Enable DNSSEC" in the BASIC->NETWORK WebIF.
    Use "dnscrypt-proxy" and "Use Stubby" are both unchecked...
     
  34. pedro311

    pedro311 Networkin' Nut Member

    Are you sure, that your DNS servers support DNSSEC?
    Use Stubby, then you'll be sure.
     
  35. M_ars

    M_ars Network Guru Member

    did you check admin-buttons.asp ? One button (WPS) should work for AC68U. The other one (Wifi Button) is not connected/used right now (can be changed...) Push it for 0-2 sec to toggle wifi on/off
     
  36. feedzapper

    feedzapper Serious Server Member

    Yep, the servers support dnssec
    if i enter "killall -INT dnsmasq" from the SSH shell, i got the right messages from dnsmasq :
    Code:
    Apr 24 12:25:39 Utopia-Planitia daemon.info dnsmasq[1158]: now checking DNSSEC signature timestamps
     
  37. pedro311

    pedro311 Networkin' Nut Member

    lancethepants likes this.
  38. feedzapper

    feedzapper Serious Server Member

  39. snowman58

    snowman58 Network Newbie Member

    Both methods work R8000
     
  40. BusyBoxer

    BusyBoxer Networkin' Nut Member

    Just a heads up, because I don't know the specifics of your model, but the the number being referenced in the build names are the NVRAM not the flash size necessarily... you want to pick the build that matches the amount of NVRAM the device has unless there is some special build being done to save space for another use.
     
  41. Elfew

    Elfew Network Guru Member

    New version flashed.

    I just need to confirm/reject - I cannot set static IP for my devices... it is saved but the saved values disappear after the page refresh. I flashed directly (ASUS RT-N18U), full NVRAM and reset performed (and my browser cache deleted). Is there any wrong on my side?
     
  42. feedzapper

    feedzapper Serious Server Member

    Update :
    Does now had make a "nvram erase" on my Netgear R7000 with 2019.2 AIO64k
    and tested with minimal config for this issue -> same result
    timecheck would not be activated with dnssec (also with stubby)
    furthermore second test / second router : MIPSR2 -> RT-66NU 2019.2 AIO64K -> same result
    Maybe depends this result on the WAN type ?
    I use PPPOE with my ISP ...
    Also tested with 1.1.1.1 and 1.0.0.1 for MANUAL dns.
     
    cyber062 likes this.
  43. blackmack

    blackmack Network Guru Member

    Yes i know about that. Just interested if wifi on/off can be implemented on that button just to turn wireless.I would use other commands on WPS.
     
  44. Bird333

    Bird333 Network Guru Member

    Tried it a couple of times today and it worked. Don't knpw what the problem was yesterday.
     
  45. Twincam

    Twincam Networkin' Nut Member

    2019.2 AIO Feedback [128K NVRAM]

    I have just upgraded from 2018.4 to 2019.2 [both AIO] on my RT-AC3200. I noticed that there was a 128K file available so [feeling nervous], I thought "Why not?". @bd0426 helped enormously [so thanks!]

    I have to say I'm staggered; this firmware just gets better and better [thanks, primarily, to @pedro311 & @kille72]. Everything seems great [with 2x OpenVPN servers, 2x VLAN, external logging etc.] and now I have slightly more NVRAM "headroom". I currently have the VPN certificates stored on an attached USB drive but I am seriously considering putting them back in the NVRAM. That way, should the USB drive get corrupted [never happened to me yet; but there's always the "first time"], at least my VPNs should still function.

    As I skipped the builds "in between" I'm not quite sure when the very nicely-enhanced "System Commands" menu appeared nor when "iPerf" was first incorporated. That looks particularly useful and I look forward to using it.

    Thanks very much.
     
    kille72 and M_ars like this.
  46. tievolu

    tievolu Network Guru Member

    Works ok for me on my R7000.

    This probably isn't the explanation, but when you refresh the page the values are sorted by IP address - so it can seem at first glance that a new entry (added to the bottom of the list) has disappeared, when it has in fact just been moved to a different row.
     
  47. sszpila

    sszpila Networkin' Nut Member

    Yes, on my ac56u i had 100Mbps on band 2.4GHz on previous freshtomato versions. Now i cant get more than 25Mbps.

    Wysłane z mojego Redmi 4X przy użyciu Tapatalka
     
  48. WildFireSG

    WildFireSG Addicted to LI Member

    @kille72 @pedro311 @M_ars

    I mistakenly included my question below in an unrelated response the other day so it may have been missed...

    There seems to be a limit of 4 LAN bridges (br0-br3). Is that able to be increased in any way?

    Edit: Reason I ask is because I'd like to have more than 4 IP Subnets on different VLANs/Wireless interfaces. Right now I have Main, Guest, Media Devices, and Work subnets on br0 - br3. I'd like to add at least one more for IoT devices that have no business communicating with or seeing anything else on my network :D
     
    Last edited: Apr 25, 2019
  49. joew333

    joew333 LI Guru Member

    I wanted to see if @kille72 and @pedro311 could add a Purple Poodle splash screen for Fresh Tomato. Why do it? It would make Tomato snazzier and snappier and give it a little extra. From your friends at sarcasm Thursday!
     
  50. pedro311

    pedro311 Networkin' Nut Member

  51. M_ars

    M_ars Network Guru Member

    nothing is impossible ;-)
    but its too much i think... would be a lot of work
    BR
     
  52. M_ars

    M_ars Network Guru Member

    did a few tests for wireless speeds (2.4 GHz & 5 GHz) with RT-AC56U
    DSL speed test with ipad / Moto G --> without any problems ~60 Mbit/s (maximum of the internet connection; distance approximately 5-6 meter)
    CPU load was very low during the download / upload, almost idle
     
  53. AndreDVJ

    AndreDVJ LI Guru Member

    I'll talk a bit on what pedro gave a link, from systems programming perspective (and being the last one who looked into DNSSEC:

    At function start_dnsmasq() in ~/release/src-rt-6.x.4708/router/rc/wan.c
    Code:
    #ifdef TCONFIG_DNSSEC
        if ((time(0) > Y2K) && nvram_match("dnssec_enable", "1")) {
            sleep(1);
            killall("dnsmasq", SIGINT);
        }
    #endif
    There are two conditions which both must be true before SIGINT is issued for the active dnsmasq process:
    • System time is greater than the epoch.
    • Value in nvram variable dnssec_enable is 1.
    Dnsmasq has a grace period of 1 second to initialize before SIGINT is issued. The criteria of Dnsmasq being ready to accept SIGINT are from the following messages:
    Code:
    Apr 26 00:32:29 dnsmasq[30524]: DNSSEC validation enabled
    Apr 26 00:32:29 dnsmasq[30524]: DNSSEC signature timestamps not checked until receipt of SIGINT
    After 1 second, SIGINT is issued and DNSSEC will perform its functions:
    Code:
    Apr 26 00:32:30 dnsmasq[30524]: now checking DNSSEC signature timestamps
    With expected behavior documentated as if Dnsmasq is started with --dnssec-no-timecheck
    So according to that documentation, System Time must be correct in order for Dnsmasq to properly function.

    I do not believe WAN type will affect this behavior, as that piece of code is included as long as the image was compiled with DNSSEC flag enabled (as far as I know, TomatoARM images have DNSSEC enabled).

    Further details about SIGINT behavior. If SIGINT is issued in the following conditions:
    • Before Dnsmasq issued message DNSSEC validation enabled - Which means Dnsmasq wasn't completely initialized.
    • After Dnsmasq issued message now checking DNSSEC signature timestamps - Which means dnsmasq process an extraneous SIGINT signal.
    In both cases, the following message will be issued at syslog:
    Code:
    Apr 26 01:03:54 R7000 user.debug preinit[1]: dnsmasq terminated unexpectedly, restarting.
    Which means Dnsmasq terminated, and TomatoUSB will automatically restart dnsmasq service.

    That automatic restart will occur as long as NVRAM variable debug_norestart does not have value dnsmasq in there.

    After a reboot, often Dnsmasq is not ready for SIGINIT even after 1 second, because of other daemons being initialized in parallel. Even on more powerful hardware, this can occur.

    That 1 second was chosen to greatly limit the unwanted restarts, because SIGINT was being issued too soon, with syslog being flooded as a result. In the past, often Dnsmasq could never initialize, so 1 second was a compromise between giving a reasonable time without reinventing the wheel on doing so.
     
    kille72, pedro311 and feedzapper like this.
  54. nlenle

    nlenle Networkin' Nut Member

    How do you know your RT-AC3200 supports 128kb nvram? In my status page it says I have 64kb, and on this wikipage it also says 64kb.

    Are there two different models of the RT-AC3200? I've tried google, but not found any conclusive.
     
  55. Twincam

    Twincam Networkin' Nut Member

    I should have made it clearer, so my apologies. The hyperlink "helped" [thanks to @bd0426] from my post is all I needed. I scoured google with similar results as you - it really isn't that obvious. In simple terms, all RT-AC3200 support 128K but the key is having to install OFW [ASUS - the file I used was "Version 3.0.0.4.382.51374"] first. That must change the partitions. I then flashed via the CFE [AKA "recovery mode"] the FreshTomato file in my signature. HTH!
     
    rs232, nlenle, visceralpsyche and 2 others like this.
  56. pedro311

    pedro311 Networkin' Nut Member

    Exactly.
     
  57. ras07

    ras07 Network Guru Member

    Didn't seem like anybody knew, so I tried it, and it does! This is great for Tomato, because elliptical curve certs/keys are about 60% of the size of RSA certs/keys for similar (or better) strength, plus you don't need DH params. So if you're short on NVRAM headroom, using an ECDSA cert and key can save you almost half of the space needed for OpenVPN. As a bonus it uses less of your router's precious CPU.

    I am not a cryptographer but as far as I can Google, ECDSA is chocolate without calories: it's more secure, it executes faster, and the certs/keys are smaller.

    I mostly followed the guide at https://forums.openvpn.net/viewtopic.php?t=23227 with a little help from https://www.maths.tcd.ie/~fionn/misc/ec_vpn.php . Neither speak to Tomato specifically, but the only special thing I needed to do for Tomato was to leave the DH Parameters field blank, and put dh none in the Custom Configuration box.

    One mystery is how to best choose the curve. AFAICT as long as OpenSSL on both client and server support it, you can choose any curve you want. openvpn --show-curves will list the available curves for that system. Based on the arguments put forth at https://security.stackexchange.com/questions/78621/which-elliptic-curve-should-i-use I chose prime256v1, but it seems like secp384r1 would be a fine choice as well (and possibly many others, since interoperability is less of a concern for OpenVPN than it is for web sites).

    I'm admittedly operating at the edge of my knowledge here, so if anyone has more info or sees anything wrong with this, please chime in.
     
  58. JPJazz

    JPJazz Reformed Router Member

    Security geek here. You are 100% correct that elliptical curve cryptosystems provide the standard suite of functionality as other types (encryption, signatures, key distribution, etc.) but are more efficient and can provide comparable protection with fewer resources, and shorter keys in many cases. 256-bit keyss are more than adequate today, and are utilized by prime256v1 as the name suggests. You get 384-bit keys with secp384r1 but so far prime256v1 seems to be more widely supported, and secp384r1 typically takes 2-3 times more computation time, so I'd go for prime256v1 for now - at least until quantum computing makes this all obsolete. :)
     
  59. ras07

    ras07 Network Guru Member

    Good to hear from a security geek! Seems like the way to go in any case, and if you're counting bytes in your NVRAM, EC is a real windfall.

    I'm switching all my Let's Encrypt certs to EC also. I think I'm in love with y2 = x3 + ax + b
     
  60. burrem

    burrem New Member Member

    I have a router Netgear R7000. I used Tomato Shibby and the follow commands worked ok:

    Code:
    ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
    ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
    Now when I enter same commands at FreshTomato Firmware 2019.2 i have a crash. As I can see version of ebtables is changed. Before was v2.0.10-2 and now v2.0.10-4. Whats the problem may be?
    Same behavior with Netgear WNR3500L/U/v2.
     
    Last edited: Apr 28, 2019
  61. feedzapper

    feedzapper Serious Server Member

    It is possible there is often a timing issue for finding the right time to sending SIGINT to dnsmasq depends on the hardware and other processes running at the same time in the background.
    Maybe set "dnssec-timestamp" is the better way in tomato and make this as DEFAULT in the Future ?
    Also "dnssec-no-timecheck" is not necessary in the dnsmasq.conf anymore.

    Can anybody confirm the right work of "dnssec-timestamp" on a READ ONLY filesystem ??

    In this example /bin/hostname would be used as "reference time" (Apr 18 2019 16:29) on 2019.2 / R7000

    e.g. entry in dnsmasq.conf :

    Code:
    dnssec-timestamp=/bin/hostname
    user=root
    
    Here it seems to do so anyway (tricky dirty way) ;) :

    Code:
    Jan  1 01:01:04 Utopia-Planitia daemon.info dnsmasq[1171]: DNSSEC validation enabled
    Jan  1 01:01:04 Utopia-Planitia daemon.info dnsmasq[1171]: DNSSEC signature timestamps not checked until system time valid
    Jan  1 01:01:04 Utopia-Planitia daemon.info dnsmasq[1171]: configured with trust anchor for <root> keytag 20326
    Jan  1 01:01:04 Utopia-Planitia daemon.info dnsmasq[1171]: configured with trust anchor for <root> keytag 19036
    Jan  1 01:01:04 Utopia-Planitia daemon.warn dnsmasq[1171]: warning: ignoring resolv-file flag because no-resolv is set
    Jan  1 01:01:04 Utopia-Planitia daemon.info dnsmasq[1171]: asynchronous logging enabled, queue limit is 20 messages
    
    ....
    
    Jan  1 01:01:06 Utopia-Planitia daemon.err nmbd[996]:
    Jan  1 01:01:06 Utopia-Planitia daemon.err nmbd[996]: *****
    Jan  1 01:01:07 Utopia-Planitia user.info ip-up[1083]: igmpproxy is stopped
    Jan  1 01:01:07 Utopia-Planitia user.notice root: TTB: Another process is already working. Exiting...
    Apr 27 15:26:39 Utopia-Planitia kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
    Apr 27 15:26:39 Utopia-Planitia kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Apr 27 15:26:39 Utopia-Planitia daemon.err dnsmasq[1171]: failed to update mtime on /bin/hostname: Read-only file system
    Apr 27 15:26:39 Utopia-Planitia daemon.info dnsmasq[1171]: system time considered valid, now checking DNSSEC signature timestamps.
    Apr 27 15:26:39 Utopia-Planitia daemon.info dnsmasq[1171]: read /etc/hosts - 4 addresses
    Apr 27 15:26:39 Utopia-Planitia daemon.info dnsmasq[1171]: read /etc/dnsmasq/hosts - 25 addresses
    Apr 27 15:26:39 Utopia-Planitia daemon.info dnsmasq[1171]: read /etc/dnsmasq/dhcp-hosts - 0 addresses
     
    Last edited: Apr 27, 2019
  62. M. Bison

    M. Bison New Member Member

    I have noticed something odd in the way Freshtomato 2019.2 handles incoming ICMP traffic. I flashed it twice and cleared NVRAM for safe measure before setting everything up from fresh on my RT-AC68U. I have a broadband quality ping monitor setup at thinkbroadband which pings my connection every second and maps the response times on a graph. Have been doing this for years which helps isolate ISP congestion related issues/blackouts. Here's a ping monitor running Merlins firmware prior to upgrading to Freshtomato.

    [​IMG]

    And another on Freshtomato 2019.2
    [​IMG]

    WAN traffic between same time period for above graph:
    [​IMG]
    I've flicked between all the interface tabs and there is no significantly different traffic compared with the WAN graph which would cause ICMP response times to spike. Prior to Merlins firmware, I had been running Shibby's last Tomato build from 2017 and the ping monitor was similar to the first image. QoS is disabled pretty much everything else is set to default.
     
  63. AndreDVJ

    AndreDVJ LI Guru Member

    Unfortunately, TomatoUSB doesn't have a persistent filesystem, which limit usefulness for dnssec-timestamp option.

    What I would suggest, is that you tick off DNSSEC option in the GUI, then - assuming you have a USB drive connected or /jffs partition configured - add required options in Dnsmasq Custom Configuration and maintain your own timestamp file.

    That way, assuming your system clock is correct, whenever dnsmasq process receives a SIGTERM, the timestamp file will be updated by Dnsmasq.
     
    feedzapper likes this.
  64. digixmax

    digixmax LI Guru Member

    On my RT-AC68P Wireless Ethernet Bridge running RT-AC68U-ARM-2019.2-AIO-64K build, the MultiWAN & WAN menu at the top of the Basic->Network page gets removed in Wireless Ethernet Bridge mode only when I use 2.4G and not when I use 5G.
     

    Attached Files:

  65. Twincam

    Twincam Networkin' Nut Member

    Error - now correctly-posted on MIPS thread! :eek:
     
  66. smuis1

    smuis1 New Member Member

    Hi, I have a question about "led aoss on" and "led aoss off" on a netgear R7000. As many of us, I used to have that led (second from right) on and off to indicate stuff, in my case, the presence of guest wifi (FT 2019.1Beta). Now, on 2019.2 the led is always on and "led aoss off" no longer work.
    Is there a way of making this work again, o use some other led, or whatever similar solution?

    Thanks a lot.
     
  67. M_ars

    M_ars Network Guru Member

    This is the WLAN summary LED, intruduced with 2019.1. same behaviour Like Netgear and/or andredvj advanced tomato
    See also
    https://bitbucket.org/pedro311/freshtomato-arm/commits/e97bfcd9811b8e4f517b30ce67288352dfffe160

    Netgear turns that LED ON if Wifi is enabled, regardless of which of the radios are enabled, so trying to match behavior of Netgear OFW
     
    smuis1 likes this.
  68. smuis1

    smuis1 New Member Member

    Thanks for the quick answer. First time I used a custom firmware, I noticed that, Wifi Led was not on when wifi was. But anyway, I found useful to have a "custom indicator" for any user need. This coming back "for what is right" seem a little step backwards, but, well.... this is the proper use on this led so it is better that way. And less confusing for new FT users!!!

    Thanks again!
     
    Last edited: Apr 29, 2019
  69. bl4derunnerr

    bl4derunnerr New Member Member

    Hello, I have just upgraded my rt-n18u firmware from latest form Advanced Tomato. Everything works perfect, only thing that is troubling me is there is only no-smp build. External storage performances are 3x lower without tuxera driver. Can we please get smp builds in next releases?
    Anyways thanks for the great work and keeping this project alive!
     
  70. rs232

    rs232 Network Guru Member

    No because the rt-n18u has a single core.
     
  71. John Ray

    John Ray Reformed Router Member

    Hello all,

    I apologize ahead of time if these questions have been asked. I have tried searching multiple times, but having come up with anything.

    I recently upgraded my internet connection to a 500Mbps download speed. This is faster than my current router (R6300v2) running FreshTomato can handle. It tops out at ~250Mbps (wired... I don't use it as an AP).

    I enabled CTF and everything is peachy keen.... but UPnP and NAT-PMP have ceased to function. Manually mapping ports works fine. I've read that CTF "might" affect port mapping, but that's a rather nebulous statement. I've checked the logs and see nothing weird. Turned things on and off - nada. So that takes me to question 1:

    1. Should I expect UPnP and PMP to work w/ CTF active? I did upgrade to FreshTomato from AdvancedTomato/shibby without clearing NVRAM, so it's certainly possible that something got botched that I'm not seeing in the logs. (I've got 200+ static DHCP mappings and I'd prefer not to re-enter them by hand.)

    2. Is there a router that is supported by FreshTomato that WOULD be able to handle 500Mbps w/o resorting to CTF? I'm considering buying an R8000, but if it can't handle those speeds, there's no point. ​

    Thank you so much for taking the time to read this!

    Best wishes,
    John
     
  72. Wizardknight

    Wizardknight Serious Server Member

    I had my R6300v2 running UPnP and CTF at the same time on the last build, so I would expect it to work. I had to disable CTF because it caused issues with my wifi calling on T-mobile. You might want to try a clean load/nvram erase.

    If you decide to disable CTF, you can squeeze a little more out of them with an overclock.
    I would start by running nvram set clkfreq=1000,533 via ssh and check for stability.

    Once you find something you like, you can add
    nvram set clkfreq=1000,533​
    to your init script.

    Some routers are stable over this, but be very careful if you want to go higher. I run one of my routers at 1200,666. The other will not go over 1000.
     
  73. MrSpeedy

    MrSpeedy New Member Member

    Router: D-LINK DIR-868L-Rev A
    Firmware: FreshTomato 2019.2

    Country Origin: Malaysia
    ISP: TM Unifi
    Special Requirement:
    a) PPoE
    b) VLAN 500 for internet
    c) VLAN 600 for IPTV in Port 4


    Greetings everyone, recently I bought this router for a dirt cheap price considering this revival of Tomato firmware. However I could not get the router to connect to the internet.

    I followed this VLAN settings from this page which claimed working on the older Shibby Tomato firmware.
    Link: klseet c o m /travel-a-entertainment/15-tomato-general/356-tomato-by-shibby-unifi-vlan500-vlan600
    Last working firmware: Tomato by Shibby build 136

    Another this I noticed that the ports displayed in the "Overview" page is incorrect.

    (Physical Ports) ------ (Shown in "Overview" page)
    Port 4 ------------------------- WAN
    Port 3 ------------------------- Port 1
    Port 2 ------------------------- Port 2
    Port 1 ------------------------- Port 3
    WAN -------------------------- Port 4

    I tried many adjustments. Clearing NVRAM. Changing WAN cable into every ports. But I still unable to connect to the internet.

    As the recap,
    1. (Suspected) VLAN error.
    2. Ports mismatch.

    Hopefully you can look up into this matter and fix it in the next build. Thank you for your great work on reviving the Tomato firmware.

    Edit: Local forumers confirmed that the last version of AdvancedTomato (2017) still working. So there's something missing in this firmware.
     
    Last edited: Apr 30, 2019
  74. Bunsen

    Bunsen Reformed Router Member

    There's an option under Basic --> Network --> Ethernet Ports State - Configuration --> "Invert Ports Order"
    Sounds like you need to toggle that setting?
     
  75. bl4derunnerr

    bl4derunnerr New Member Member

    I'm aware of it. It was working just fine for years with smp build, only drawback is wrong display of cpu load.
     
  76. MrSpeedy

    MrSpeedy New Member Member

    Already done that. But I does not do anything but cosmetic.
    It only change the arrangement of ports in the Overview page.
    From: WAN 4 3 2 1
    To: WAN 1 2 3 4

    Anything still the same. I'm very confident the VLAN got problem for FreshTomato because my local forumer still using AdvancedTomato (2007) and still able get to connect to the internet.
    Only downside is he had to disable the WiFi due to the unpatched WiFi security issue.
     
  77. rs232

    rs232 Network Guru Member

    Apologies but I might have misunderstood your post.

    SMP (Symmetric multiprocessing) is a kernel scheduling algorithm to distribute load amongst multi core/cpu. If you have a single core: SMP is pretty much an unwanted overload as the locking and synchronization code within the kernel is doing nothing, e.g. there's nothing to load share.

    Instead; what does it make you think that SMP on a single core device affects your storage performance? I personally would look at other causes, but that's me.
     
    kille72 and M_ars like this.
  78. bl4derunnerr

    bl4derunnerr New Member Member

    Form old changelog:

    K26ARM:
    – Make an image for RT-N18U without SMP (NOSMP) – fixed CPU load but older wl/et/cft modules and Paragon NTFS driver instead of Tuxera.

    Tuxera driver requires SMP, and it gives alot better performances. Shibby was always making both smp and no-smp builds to let people to choose whats more important for them. Form my experience there is absolutely no issues with running SMP on single core, except wrong display of cpu loads, router was working perfectly overclocked@1200MHz for years with no issues, no performance / locking / synchronization issues, completely responsive, temps around 60c.
     
    txnative likes this.
  79. txnative

    txnative Addicted to LI Member

    It's in the Makefile, the exotic doesn't have it produced for you, I figured the guys would've seen that.
     
  80. rs232

    rs232 Network Guru Member

    Ok I see what you mean now. I'm wondering if looking into Tuxera at code level (e.g. upgrading/downgrading current version) would be a way to fix this... I still think that having SMP enabled, or any other kernel parameter really, just because a software is poorly written sounds absurd to me. I'm personally also not a big fan of the multiple version... already when upgrading it takes me minutes to find the right file and the chances to pick up the consequences of picking up the wrong one can easily end up into bricking the device.

    Nonethenless I take your point, with SMP works faster with no further modification.

    Devs?
     
  81. RMerlin

    RMerlin Network Guru Member

    Beware of licensing issues with Tuxera's driver. If an Asus model doesn't come with a Tuxera driver, then it cannot legally be used with it.

    Sent from my ELE-L04 using Tapatalk
     
    pedro311 and pharma like this.
  82. M_ars

    M_ars Network Guru Member

    In my opinion it is not a good idea to use smp builds for rt-n18u. Look at the code, lots of defines/changes for single core ...

    When shibby first added support he thought that the cpu was an dual core cpu (same like AC56U / AC68U), see https://www.linksysinfo.org/index.php?threads/asus-rt-n18u-really-nice-router.70178/

    but it was/is only single core (still a very nice router)

    so shibby changed it:
    https://bitbucket.org/pedro311/freshtomato-arm/commits/c74e2e67ece9b401f04022d56c68188e22c126ac

    fixed CPU support for RT-N18U

    RT-N18U has a single-core CPU and isn`t support SMP. This router has to be compiled with new option ARMCPUSMP=up

    This commit will fix CPU support for this router (fix CPU load) and also force to use separate wl and ctf module for router without SMP support.


    But shibby also added the smp option back a little bit later:
    https://bitbucket.org/pedro311/freshtomato-arm/commits/ce8182d4eae5d6a3050b40f9ca95c893c3bd2e75

    There will be two images for N18:
    1) regular, same as for AC56/AC68: build in SMP functionality in kernel and the same wl/et/ctf modules, Tuxera NTFS driver

    2) NOSMP: no SMP in kernel, dedicated wl/et/ctf modules, Paragon NTFS driver

    Regular wireless driver is newer and wireless performance may be a better but on this image RT-N18u has incorrect CPU Load in GUI

    NOSMP has older wl driver, Paragon NTFS driver but CPU Load in GUI is correct.

    You have choice: use which one you want :)



    I think this was (mainly) because of the missing tuxera driver and poeple asking for it

    Looking over to snbforum RMerlin also wrote

    https://www.snbforums.com/threads/asuswrt-merlin-on-rt-n18u.19305/

    BR
     
    pedro311 likes this.
  83. Boktai1000

    Boktai1000 Network Guru Member

  84. RMerlin

    RMerlin Network Guru Member

  85. Herb Radford

    Herb Radford Serious Server Member

    I have installed 2012.2 AIO on my Netgear R8000 (X6) and cannot figure out how to use the new Wireless Client Filter. Could anyone explain why some of my computers cannot connect? I have added the wireless MAC addresses Into the Wireless Client Filter and set all 3 of the wireless links in Virtual Wireless to "Permit" and still I get no wireless connections. I can get wired connections but I juat cannot run ethernet cables all over the house(or else I'll get killed!)

    Herb
     
  86. txnative

    txnative Addicted to LI Member

    I don't use this function, but I can confirm that it works as intended. I image you did refresh your connection, disconnect and reconnect? What I did is no different than what you posted as you enabled the wireless filter you have three devices as I have three also, the model I'm using is a Netgear R6300v2, have you used Freshtomato before or coming from OFW, ddwrt?
     
  87. Bad_Dog

    Bad_Dog Connected Client Member

    I want to try this, to upgrade my AC3200 from 64 to 128. If I install the latest ASUS firmware, to get it to 128, and then install FT 2019.2 for 128, can I then do a restore of the configuration backup I take of FT, prior to the ASUS upgrade, and get all my settings back? Or is the FT backup.cfg not compatible between NVRAM "versions"?

    Just trying to save myself from having to re-configure everything from scratch.
     
  88. Mercjoe

    Mercjoe Network Guru Member

    It is one thing to restore from one point release to another point release (and I do not advise does THAT either).

    But something this major? No, I would not recommend it.

    Anytime you are doing this major of a change ALWAYS manually reconfig things. Do do otherwise can make things behave funky.
     
  89. Elfew

    Elfew Network Guru Member

    Exactly, I used SMP regular firmware, but now no available :( @pedro311 - please can you create next time both options? Thank you very much (I dont care about CPU load info)
     
  90. abir1909

    abir1909 Network Newbie Member

    after starting Openvpn Client I show that line in the log:
    unknown user.info preinit[1]: igmpproxy is stopped
    what does it mean? thanks
     
  91. M_ars

    M_ars Network Guru Member

    this is normal now starting with 2019.2 --> everything is ok, nothing to worry about
    you now get some logging/feedback when starting/stopping services (was missing in the past)

    BR
     
  92. xmrforprivacy

    xmrforprivacy Network Newbie Member

    Looking for good router (or at least with decent CPU /RAM) to use with Fresh Tomato while travelling.
    Found "The Slate" which seems perfect for performance but it runs OpenWRT on Qualcomm Atheros QCA9563.
    https://www.gl-inet.com/products/gl-ar750s/

    Anyone have any other suggestion?
     
  93. Elfew

    Elfew Network Guru Member

    Asus rt-n18u
     
  94. enzob

    enzob Networkin' Nut Member

    Hi
    flashed Fresh-Tomato on a Linksys E3000
    freshtomato-E3000USB-NVRAM60K_RT-MIPSR2-2019.2-Nocat-MiniVPN
    Decide for this one because i was unable to flash
    freshtomato-E3000USB-NVRAM60K_RT-MIPSR2-2019.2-Nocat-VPN (image too big, weird)
    So everything ok, but i'm unable to activate openvpn server, if i change settings or copy certificates the save button don't do anything.
    Is anyone haveing this problem?
     
  95. Boktai1000

    Boktai1000 Network Guru Member

    @AndreDVJ I noticed that your Bitbucket page has removed all the Downloads for your fork, is that intentional? Saw there was a bunch of commits pushed recently, just wasn't sure if you were planning on pushing new downloads or if they're being scraped for good.

    Part of me was hoping it meant that AT GUI was going to be merged into FreshTomato... but I won't hold my breath!
     
    MeanEx2 likes this.
  96. abir1909

    abir1909 Network Newbie Member

    Thank you
     
  97. sstacks

    sstacks Reformed Router Member

    So it ends up that I haven't completely solved this problem with one of my clients causing 'smbd' to blow up memory-wise. I haven't yet been able to tell what triggers this to happen.

    Does anybody know of any way that I could set up Tomato so that it kills/restarts Samba once a 'smbd' process memory usage gets over a certain threshold?
     
  98. Wizardknight

    Wizardknight Serious Server Member

    Well you could use a cron job to check for memory utilization every X min, and then depending on what number you get back restart it.
     
  99. mrgreaper

    mrgreaper Serious Server Member

    Had an issue where asus xrt would not see my 4tb hard drive in the usb 3.o slot (only the 2.0) yes it is a usb 4.0 external harddrive.
    Got told to try freshtomato I was able to flash to firmware eventually (man it was a pain) just before work.

    Just home from work and I can not for the life of me find how to setup the usb drive at all. tomato videos show a usb nas section but that seems to be missing

    I have an R7000
    using firmware 2019.2 (the all in one version) -- FreshTomato Firmware 2019.2 K26ARM USB AIO-64K

    side note FOR THE LOVE OF GOD DO NOT DEFAULT WIFI TO UNSECURE my neighbours/passers etc must of loved me today. Had not occurred to me the firmware would be unsecure by default


    EDIT:
    videos on how to set up nas and usb all show it being on the menu at the left but its just not there. even tried reflashing.
    tried ticking "USB and NAS" in web admin (inside administration, admin access)
    been going through this thread page by page (apparently usb or nas are to short a term to use the inbuilt search /me yells an expletitive)
    need sleep will approach with fresh eyes,hopefully some kind soul will tell me how to get the usb option to show


    How did you get the USB/NAS options to show? are you on FreshTomato Firmware 2019.2 K26ARM USB AIO-64K or a different build?
    been bashing my head against a wall all night trying to figure this out


    last edit of the night (its 4am :confused:):
    I was on xrt--asus I went from that to the revert to original firmware (R7000-V1.0.9.26_10.2.31)
    I reset the router
    I updated to the latest netgear firmware (via the manager)
    reset the router
    I then installed freshtomato-R7000-2019.2-initial-64K.chk
    reset the router
    next I installed freshtomato-R7000-ARM-2019.2-AIO-64K.trx witht he wipe nvram option ticked
    and you guessed it...reset the router
    I see a lot of messages in this massive thread mention using usb nas options so I must of gone wrong somewhere but really at a loss where
     
    Last edited: May 7, 2019
  100. usergay

    usergay Reformed Router Member

    Mine shows & works perfectly on my r7000 using the latest tomato 2019.2 AIO firmware. I've attached a screenshot.[/QUOTE]
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice